Russia is Expert at Online Disinformation

At her Thursday keynote, Stanford Internet Observatory's research manager Renee DiResta explained how Russian military intelligence – the GRU – and the private Internet Research Agency (IRA) were putting the likes of China to shame. Security companies and government agencies have good reason to move their focus from Beijing to Moscow, she warned.

The basic methods of hacking public opinion are fairly simple, DiResta explained. Fake accounts generate content and spam it out on social media to amplify the message. If enough real people pick up and the posts go viral the mainstream media kicks in and amplifies the desired message still further.

In Russia's case, it spreads divisive material, stolen information, and fake news in an attempt to turn Americans against each other, sour civil society, sow doubt, and create distractions, leaving people unsure of what's really going on. This worked. In China's case, it tried to make people like China. This didn't work.

https://www.blackhat.com/us-20/briefings/schedule/#hacking-public-opinion-21289

Abuse of Online Privacy Rules Means Personal Info Can Be Compromised - So Require Credentials

With the introduction of Europe's General Data Protection Regulation, firms in Europe and around the globe should be aware that social engineering tactics can be used to acquire an individual’s sensitive data.

“…For social engineering purposes, GDPR has a number of real benefits, Pavur said. Firstly, companies only have a month to reply to requests and face fines of up to 4 percent of revenues if they don't comply, so [the] fear of failure and time are strong motivating factors.

In addition, the type of people who handle GDPR requests [is] usually admin or legal staff, not security people used to social engineering tactics. This makes information gathering much easier….” See this article.

Direct email marketing, for example, is already regulated under the EU's e-Privacy Directive. Such rules require consent before someone can be sent direct marketing. A so-called "soft opt-in" makes this slightly easier. If a firm has an existing relationship, for instance, if a customer has bought a product from them before, they may still contact that recipient.

The European Union is updating the rules on electronic communications just as the UK is hustling to engage its own Data Protection Act in place, considering how Brexit will affect tech firms. The continued flow of data between the UK and the rest of Europe (and the world) depends on governments’ ability to interact.

Known Apple Vulnerability Remains Unpatched

Apple Wireless Direct Link (AWDL) is at the core of Apple services like AirPlay and AirDrop, and Apple has been including AWDL by default on all devices the company has been selling, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods.

It seems that the AWDL protocol, installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks.

These are the findings of a research project that started last year at the Technical University of Darmstadt, in Germany, and has recently concluded, and whose findings researchers will be presenting later this month at a security conference in the US. The project sought to analyze the Apple Wireless Direct Link (AWDL), a protocol that Apple rolled out in 2014 and which also plays a key role in enabling device-to-device communications in the Apple ecosystem. While most Apple end users might not be aware of the protocol's existence, AWDL is at the core of Apple services like AirPlay and AirDrop, and Apple has been including AWDL by default on all devices the company has been selling, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods. But in the past five years, Apple has never published any in-depth technical details about how AWDL works. This, in turn, has resulted in very few security researchers looking at AWDL for bugs or implementation errors.

Read more here...

Have You Been a Victim of Cybercrime?

After my ex stole my identity to get credit cards, I went into full-on personal data protection mode. It seems having someone you know rip off your critical credit-related information isn't uncommon. And, on the Internet, there are many opportunities to have your good name besmirched.
This graphic from Tech News tells the story.




Cybersecurity is a rising concern globally -- for individuals, businesses and even governments. Unfortunately, many either don't take the threat seriously or aren't doing enough to protect themselves from cybercrime.
- Posted by Tom/Bluedog

What Can You Learn from Pirates?

When it comes to ensuring uptime, reliability and service, we can learn alot from pirates. Not the Somalia kind, but the clever founders of The Pirate Bay. The site, notorious as the premier search engine for torrents on the internet, nevertheless serves a large and discerning clientele. Reasons cited for the move to the cloud centered on making the site less vulnerable to outside threats (and DDoS is not the only threat to your infrastructure), but also hosting in the cloud also makes the site easier to scale, reduces downtime, and is less costly. The Pirate Bay is hosted at cloud hosting companies in multiple countries where they run several Virtual Machine instances. The setup also makes the BitTorrent site portable -- it can move elsewhere without too much work. “Moving to the cloud lets TPB move from country to country, crossing borders seamlessly without downtime. All the servers don’t even have to be hosted with the same provider, or even on the same continent,” The Pirate Bay told these reporters. "If one cloud-provider cuts us off, goes offline or goes bankrupt, we can just buy new virtual servers from the next provider. Then we only have to upload the VM-images and reconfigure the load-balancer to get the site up and running again.” While this model de-centralized most of their infrastructure, not everything was moved to the cloud: load balancers and transit-routers are still maintained by The Pirate Bay, enabling the site to hide the location of the cloud provider and secure the privacy of users. All-in-all, a very reasonable strategy for a high-volume site.

Why WebObjects rocks...

A massive hacker attack on web sites, but, interestingly enough...

Also hit were some web links connected with Apple's iTunes service. However, wrote Websense security researcher Patrick Runald on the firm's blog, this did not mean people were being redirected to the bogus software sites.

"The good thing is that iTunes encodes the script tags, which means that the script doesn't execute on the user's computer," he wrote.

Read more... http://www.bbc.co.uk/news/technology-12933053