It’s been a rough spell for hackers, one was just extradited from Mexico to face charges in California for a DDoS attack on the city of Santa Cruz.
Now six members of a group responsible for the Clop ransomware were picked up in a raid in the Ukraine. It is not clear if these were all the members behind it or just one cell. The search of the home resulted in the seizure of hundreds of thousands of dollars and expensive vehicles such as an AMG 63 and a Tesla.
A Ukrainian report states that “[in] 2021, the defendants attacked and encrypted the personal data of employees and financial reports of Stanford University Medical School, the University of Maryland and the University of California.”
As S Korea and the US were also in on this roundup and have charges pending for hacks in both countries, it’s unclear where things go from here.
As many as 29,000 users of Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server, Click Studios told customers. Ars Technica reported that this was a supply-chain attack.
Click Studios began developing Passwordstate in March of 2004, and released it in August that same year. According to Click Studios, Passwordstate is used by more than 29,000 customers and 370,000 security and IT professionals globally, many being from Fortune 500 listed companies. Industries using Passwordstate include defense, banking and finance, media and entertainment, space and aviation, education, utilities, retail, mining, automotive, service providers and IT security integrators.
It is easy to see why companies who were relying on Passwordstate might be upset by this supply-chain attack. TechCrunch reported that an email sent by Click Studios to customers said the company had confirmed that attackers had “compromised” the password manager’s software update feature in order to steal customers passwords.
Click Studios has created an Incident Management Advisory on its website. It is where to find regular updates detailing the best information about available at that point in time. Click Studios recommends that people periodically check it for the latest updates.
Personally, I think the safest way for individuals to protect their passwords is to write them down on paper and store that information at home. Paper is entirely immune from supply-chain attacks, and it lacks the code that nasty hackers seem to feel entitled to mess around with. This solution might be insufficient for large businesses, though. Unfortunately, that means these kinds of shenanigans will continue to happen.
Kano‘s mission is to encourage people, particularly children, to see computers not as unchangeable appliances but as tools to be made, shaped, coded and shared. Their kits plug together bits, boards, buttons and cables to make individual and personalised computers. Bruno gives Todd a hand to develop a selfie camera from their new Camera Kit.
Kano’s approach is to challenge each young developer into programming simple apps that achieve technical goals. Using Kano’s development tools it’s really easy to build programs as the tools come with code building blocks for things like taking a picture or responding to noise via a microphone. Consequently, even Todd can code an app to take a picture when someone claps.
The Camera Kit’s not expected until next year but you can sign up to hear the latest news. Expect the price to be around US$99.
Todd Cochrane is the host of the twice-weekly Geek News Central Podcast at GeekNewsCentral.com.
Support my CES 2020 Sponsor:
30% off on New GoDaddy Product & Services cjcgeek30
$4.99 for a New or Transferred .com cjcgeek99
$1.00 / mo Economy Hosting with a free domain. Promo Code: cjcgeek1h
$1.00 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider
Drones are unmanned flying vehicles which are controlled by operators from thousands of miles away. They are used extensively in Afghanistan to track the Taliban’s activities. There has been increase talk among law enforcement in the United States that using drones might be useful in fighting crime. There is a Federal mandate that would permit drones to be used in US airspace. There are many questions involving the use of drones including privacy rights, lack of search warrants …. There are also technical questions. Right now the biggest problem that the DHS and the FAA are facing involving drones are jammers which don’t control the drones but simply jam the signal. This is the way the Iranians insist they were able to bring down a drone in 2011. Although that is still disputed by the US who insist it was operator error and not Iranian jamming that caused the drone to land off course.
However solving the jamming problem maybe easy compared to the problem of spoofing. Spoofing is where the drone is actually controlled by a third-party. In order for spoofing to be successful the drones GPS system must be hacked. That is what the University of Texas, Cockrell School of Engineering did under Assistant Professor Todd Humphreys when it hijacked a drone using $1,000 worth of equipment and custom software. These drones were using unencrypted software that the University of Texas team was able to hack. Their signal was more powerful than the GPS signal that the drone was receiving from the satellite that was originally controlling it. They were able to over ride that GPS signal sending the drone where they wanted to. As you can image this is a huge potential problem. Imagine what would happen if a terrorist group was able to hack a drone and send it where ever they wanted it to. They could control it from anywhere and sending it crashing into buildings with no risk to themselves.
Right now the DHS is still working on the jamming problem through the Patriot Watch and the Patriot Shield programs but the programs are underfunded and haven’t even started looking into the spoofing problem. Before we allow drones to fly above US cities we might want to find a solution to both jamming and spoofing first.
With the perpetually refreshed glut of information available on the Web, it’s rare to find a thoroughly researched, thoughtful and meaningful piece on – of all things – the State of The Internet. In the May issue of Vanity Fair, contributing editor Michael Joseph Gross writes a captivating article, “World War 3.0,” that is both rich with history and chilling in his description of the challenges facing a tough-to-tame digital behemoth.
In this lengthy (by Web standards, anyway) piece leading up to a December conference in Dubai where the world will meet to discuss and renegotiate a UN treaty – International Telecommunications Regulations – as it relates to the Internet, Gross pens a somber outlook on where things are headed with the Web. Crisis, Gross asserts, is in store for the Internet and its users because of four main issues:
Sovereignty – the Internet was created and has developed specifically to exist outside or above the worldly territories we’ve mapped out
Piracy and Intellectual Property – the battle between freedom of information and folks wanting to protect their work and, more importantly, get paid
Privacy – the incomprehensible mass of information on the Internet and our ability to contribute and participate with relative anonymity is great for creativity and freedom, but it’s also awesome for criminals and folks who want to use your information for nefarious purposes.
Security – Code written is code hacked. It’s all just a matter of time and effort. With so much at stake and with so much money being made from the Web, how on Earth do we protect it all?
Four main issues – each extremely difficult to solve. In most cases, it’s damn near impossible to get consensus on the terms of each of these issues. You’ll have to read the article to see how Gross places this all in a context that makes the battle over the Internet one of the most important showdowns we might ever see.
The chill-factor for me comes from the last paragraph of his article – discussing the options for achieving security in such a connected world:
Aside from wealth or arcane knowledge, the only other guarantor of security will be isolation. Some people will pioneer new ways of life that minimize their involvement online. Still others will opt out altogether—to find or create a little corner of the planet where the Internet does not reach. Depending on how things go, that little corner could become a very crowded place. And you’d be surprised at how many of the best-informed people about the Internet have already started preparing for the trip.
Going to be implementing some Studio upgrades in the next couple of weeks should be fun. I go after a couple of my state legislatures pretty hard tonight on two idiotic bills that they introduced. Also hope I was not to punchy on the last show notes. I am feeling much better by the way and although the voice is not a 100% I feel a 100% better.