Digital gold: why hackers love Bitcoin | Technology | The Guardian

The WannaCry ransomware attackers demanded payment in the cryptocurrency. But its use in the ‘clean’ economy is growing, too, and could revolutionise how we use money

Fuente: Digital gold: why hackers love Bitcoin | Technology | The Guardian


Fact-checkers are weapons in the post-truth wars, but they’re not all on one side | Media | The Guardian

The practice of spreading facts to counter falsehoods has been hailed as way to counter ‘fake news’, but on the front line the picture is becoming confused

Fuente: Fact-checkers are weapons in the post-truth wars, but they’re not all on one side | Media | The Guardian


Is technology smart enough to fix the fake news frenzy? | John Naughton | Opinion | The Guardian

The debate about “fake news” and the “post-truth” society we now supposedly inhabit has become the epistemological version of a feeding frenzy: so much heat, so little light. Two things about it are particularly infuriating. The first is the implicit assumption that “truth” is somehow a straightforward thing and our problem is that we just can’t be bothered any more to find it. The second is the failure to appreciate that the profitability, if not the entire business model, of both Google and Facebook depends critically on them not taking responsibility for what passes through their servers. So hoping that these companies will somehow fix the problem is like persuading turkeys to look forward to Christmas.

Fuente: Is technology smart enough to fix the fake news frenzy? | John Naughton | Opinion | The Guardian


The U.S. Government Thinks Thousands of Russian Hackers May Be Reading My Blog. They Aren’t.

It’s plausible, and in my opinion likely, that hackers under orders from the Russian government were responsible for the DNC and Podesta hacks in order to influence the U.S. election in favor of Donald Trump. But the Grizzly Steppe report fails to adequately back up this claim. My research, for example, shows that much of the evidence presented is evidence of nothing at all.

Fuente: The U.S. Government Thinks Thousands of Russian Hackers May Be Reading My Blog. They Aren’t.


We cannot trust our government, so we must trust the technology | US news | The Guardian

Apple’s battle with the FBI is not about privacy v security, but a conflict created by the US failure to legitimately oversee its security service post Snowden

Fuente: We cannot trust our government, so we must trust the technology | US news | The Guardian


Andrés Navarro reconoce haber hecho aportes irregulares: “Es un cacho darles plata a los políticos, a no ser que quieras un favor” – El Mostrador

Andrés Navarro reconoce haber hecho aportes irregulares: “Es un cacho darles plata a los políticos, a no ser que quieras un favor” – El Mostrador.

El empresario admitió haber entregado recursos a campañas por “afinidad ideológica” y “confianza” en algunas personas desde el plebiscito de 1988 hasta 1997, casi siempre pagando servicios de publicidad o imprenta, los cuales cargaba como gastos a sociedades personales para descontar impuestos. “Por suerte están prescritas”, reconoció.

andres-navarro1

El empresario Andrés Navarro, dueño de la compañía de servicios tecnológicos Sonda y actualmente candidato a presidir la Sociedad de Fomento Fabril (Sofofa), ha estado vinculado como simpatizante histórico a la DC, es de los amigos más cercanos de Sebastián Piñera y nunca ha escondido sus preferencias políticas, como respecto a Ricardo Lagos y, últimamente, la buena opinión que tiene sobre Andrés Velasco.

Esta vez Navarro reconoció su papel activo como donante desde el plebiscito que sacó a Pinochet en 1988 hasta 1997, cuando –según dice– “se hizo evidente” que apoyaba al ex Presidente Ricado Lagos.

En entrevista con Radio Duna, Navarro aclaró que “de todos los políticos que conozco, diputados, senadores, etcétera, no sé de ninguno que no haya ido a ver a un empresario amigo para pedirle apoyo económico para su campaña”. Y como empresario opinó que “es un cacho esto de darles plata a los políticos, a no ser que tengas una intencionalidad específica o quieras conseguir un favor”. En este sentido, aclaró que “en mi caso yo lo hice y nunca pedí algún favor, lo hice más por afinidad ideológica, por personas a las que les tenía confianza”, aseguró.

El dueño y fundador de Sonda recordó que su vínculo como aportante a campañas comenzó en el plebiscito de 1988, en su condición de miembro del comando de empresarios por el NO. “Luego, desde 1990 hasta 1997, hice aportes a campañas políticas (…) normalmente lo hice pagando la confección de propaganda a través de empresas de publicidad o de imprentas”, afirmó.

En este sentido, Navarro admitió que estos aportes los hizo desde sus sociedades personales, donde no estaba asociado con otras personas y, además, reconoció que a través de ellos descontaba impuestos. “[Estas facturas] las tiraba a gastos… es una irregularidad, pero afortunadamente están todas prescritas”, confidenció.


New smoking gun further ties NSA to omnipotent “Equation Group” hackers | Ars Technica

New smoking gun further ties NSA to omnipotent “Equation Group” hackers | Ars Technica.

What are the chances unrelated state-sponsored projects were both named “BACKSNARF”?

 

 

 

Researchers from Moscow-based Kaspersky Lab have uncovered more evidence tying the US National Security Agency to a nearly omnipotent group of hackers who operated undetected for at least 14 years.

 

The Kaspersky researchers once again stopped short of saying the hacking collective they dubbed Equation Group was the handiwork of the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project. Still, they heaped new findings on top of a mountain of existing evidence that already strongly implicated the spy agency. The strongest new tie to the NSA was the string “BACKSNARF_AB25” discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed “EquationDrug.” “BACKSNARF,” according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA’s Tailored Access Operations.


How you could become a victim of cybercrime in 2015 | Technology | The Guardian

How you could become a victim of cybercrime in 2015 | Technology | The Guardian.

Cybersecurity experts’ predictions for the year ahead: from ransomware and healthcare hacks to social media scams and state-sponsored cyberwar

Will 2015 be a happy new year for cybercriminals?
 Will 2015 be a happy new year for cybercriminals? Photograph: Alamy

Will 2015 be a happy new year for internet users? Not if cybercriminals have their way.

Online security companies have been making their predictions for 2015, from the malware that will be trying to weasel its way onto our computers and smartphones to the prospect of cyberwar involving state-sponsored hackers.

Here’s a summary of what you should be watching out for online in 2015, based on the predictions of companies including BitDefender, KPMGAdaptiveMobile,Trend MicroBAE SystemsWebSenseInfoSec InstituteSymantecKaspersky,Proofpoint and Sophos. The links lead to their full predictions.


Cops Are Handing Out Spyware to Parents—With Zero Oversight | WIRED

Cops Are Handing Out Spyware to Parents—With Zero Oversight | WIRED.

Mere days after a government crackdown on a spyware manufacturer comes the startling revelation that law enforcement agencies have been purchasing commercial spyware themselves and handing it out to the public for free.

Police departments around the country have been distributing thousands of free copies of spyware to parents to monitor their children’s activity, a fact that’s come to light in the wake of a federal indictment this week against the maker of one commercial spyware tool on wiretapping charges.

The tool being distributed by agencies, known as ComputerCOP, has been purchased in bulk by more than two hundred police departments in thirty-five states as well as by sheriff’s offices and district attorneys. It’s designed to search computers for files and videos based on a keyword dictionary that comes with the software and also can log every keystroke on a computer, sending some of that data—in an unsecured manner—to a server belonging to the company that makes the software.

But according to the Electronic Frontier Foundation, which examined the spyware and uncovered the arrangement with law enforcement agencies, the spyware works badly and there is nothing to prevent parents who receive it from using it against other adults.

Computer Cop Promotional Poster

Computer Cop Promotional Poster EFF

“It’s certainly ironic that law enforcement agencies are going after spyware makers while also distributing software that could be used for the same purposes,” says Dave Maas, an investigator with the EFF. “Obviously there’s a difference in how these were marketed by the maker. But certainly law enforcement needs to train their magnifying glasses on their own operations.”


Sophisticated iPhone and Android malware is spying on Hong Kong protesters | The Verge

Sophisticated iPhone and Android malware is spying on Hong Kong protesters | The Verge.

Researchers say all signs point to the Chinese government

 

 

A fake smartphone app is being used to remotely monitor pro-democracy protesters in Hong Kong, according to a report from the New York Times. Researchers from Lacoon Mobile Security say the phishing scam is spreading across the messaging application WhatsApp, through texts that read: “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!”, along with a link to download software. Lacoon says the software, once downloaded, can access a user’s personal data, including phone calls, text messages, and the physical location of their smartphone. Code4HK — a developer community that has helped to spread information about the protests — tells the Times it had nothing to do with the texts.

 

The origin of the scam remains unknown, but Lacoon CEO Michael Shaulov says the Chinese government is likely behind it, given the location of the servers and the sophistication of the operation. The company traced it to a computer that they say is similar to those that the Chinese government allegedly used to launch cyberattacks against US targets last year. The spread of the app remains equally unclear, though Shaulov says it was downloaded by one out of every ten phones that received the fake message. It has affected both Android and iOS users alike, although many in the security world have noted that only jailbroken iOS phones are vulnerable.


You Can Get Hacked Just By Watching This Cat Video on YouTube – The Intercept

You Can Get Hacked Just By Watching This Cat Video on YouTube – The Intercept.

By 190

Many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites. People also think that the NSA and its international partners are the only ones who have turned the internet into a militarized zone. But according to research I am releasing today at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, many of these commonly held beliefs are not necessarily true. The only thing you need to do to render your computer’s secrets—your private conversations, banking information, photographs—transparent to prying eyes is watch a cute cat video on YouTube, and catch the interest of a nation-state or law enforcement agency that has $1 million or so to spare.

To understand why, you have to realize that even in today’s increasingly security-conscious internet, much of the traffic is still unencrypted. You might be surprised to learn that even popular sites that advertise their use of encryption frequently still serve some unencrypted content or advertisements. While people now recognize that unencrypted traffic can be monitored, they may not recognize that it also serves as a direct path into compromising their computers.

Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.

Fortunately for their users, both Google and Microsoft were responsive when alerted that commercial tools were being used to exploit their services, and have taken steps to close the vulnerability by encrypting all targeted traffic. There are, however, many other vectors for companies like Hacking Team and FinFisher to exploit.

In today’s internet, there are few excuses for any company to serve content unencrypted. Anyunencrypted traffic can be maliciously tampered with in a manner that is invisible to the average user. The only way to solve this problem is for web providers to offer fully encrypted services.


Diputado Farcas reconoce que no informó a parlamentarios sobre sus reuniones con Microsoft – BioBioChile

Diputado Farcas reconoce que no informó a parlamentarios sobre sus reuniones con Microsoft – BioBioChile.


Pablo Ovalle | Agencia Uno

Pablo Ovalle | Agencia Uno

Publicado por Christian Leal
Luego de la anulación del proyecto de ley que fomentaba el uso de software libre en el Estado -con el consiguiente ahorro de más de 36 mil millones de pesos- debido a un “proyecto express” presentado por el diputado Daniel Farcas, el cuestionado parlamentario PPD entregó mayores detalles respecto de su polémica iniciativa.

Recordemos que esta semana, el diputado Vlado Mirosevic denunció que el supuesto lobby realizado por la empresa Microsoft a través de Farcas había conseguido dejar sin efecto su idea, aprobado en junio de este año, a través de la cual los computadores de las reparticiones públicas debían preferir las soluciones de software libre gratuitas antes de la compra de programas patentados.

Sin embargo Farcas logró la aprobación de un proyecto de acuerdo el día siguiente que dejaba sin efecto lo solicitado por Mirosevic. Aún más sorprendentemente, consiguió que 5 diputados de la Nueva Mayoría que habían respaldado la moción del ex dirigente estudiantil, votarán ahora en contra de ella.

Tras hacerse pública la situación, el parlamentario PPD reaccionó molesto. “Aquí se han hecho acusaciones absolutamente falsas, aseveraciones que no corresponden a la verdad así que espero disculpas públicas del diputado Mirosevic, a quien por lo demás en diversas oportunidades le he dicho que trabajemos juntos un proyecto que compatibilice el software libre con la neutralidad tecnológica”, indicó en entrevista con el diario La Segunda.

Pese a ello y luego de que la Comisión de Etica y Transparencia de la Cámara de Diputados decidiera investigar qué influencia real tuvo la gigante informática, Daniel Farcas reconoció que no le mencionó a sus pares las reuniones que había sostenido con Microsoft.

“No me pareció tan relevante explicar en profundidad que estaba Microsoft, que estaba la ACTI, que estaba la Gechs. Quizá debí haber avanzado más en eso. Básicamente lo que yo digo son los elementos, no las empresas. Las políticas públicas que no tiene que ver con empresas sino con las ideas que uno defiende”, explicó en una entrevista con Radio ADN recogida por Emol.


Asociación de Emprendedores niega vínculo con la ACTI y con lobby por Microsoft – El Mostrador

Asociación de Emprendedores niega vínculo con la ACTI y con lobby por Microsoft – El Mostrador.

“Juan Pablo Swett jamás ha mantenido ningún tipo de relación con el Presidente de ACTI, Carlos Busso. Tampoco ha mantenido ningún tipo de relación con Microsoft”, sostuvo la entidad.

camara-tematica

La Asociación de Emprendedores de Chile (ASECH) negó este viernes que a través de su presidente, Juan Pablo Swett, tenga un vínculo con la Asociación Chilena de Empresas de Tecnología de Información (ACTI) o que haya mantenido alguna relación con la empresa tecnológica Microsoft.


El largo brazo del lobby de Microsoft y sus redes en la clase política – El Mostrador

El largo brazo del lobby de Microsoft y sus redes en la clase política – El Mostrador.

Los lobbistas del gigante norteamericano se reunieron con varios diputados en los últimos meses, buscando bloquear el proyecto que instaba al fisco a utilizar software libre. El PPD Daniel Farcas, quien reconoce una “larga relación” con los desarrolladores de softwares pagados, fue el único que accedió a respaldarlos. En el Senado, la empresa operó a través del presidente de la Asech, Juan Pablo Swett, y en el gobierno de Piñera logró un jugoso beneficio tributario. La historia de Microsoft en Chile incluye cooptación de ex funcionarios públicos y millonarios tratos con el Estado.

 

 

 


Mirosevic, Microsoft y el lobby contra el software libre – El Mostrador

Mirosevic, Microsoft y el lobby contra el software libre – El Mostrador.

avatar

Abogado Universidad de Chile. Becario Fulbright 2013. Investigador del Centro de Análisis e Investigación Política CAIP.

Suficiente se ha reflexionado en este medio sobre el debate teórico que implica la Ley de Lobby y su inserción en un asunto más amplio, esto es, la relación entre el dinero y la política en Chile. El caso del diputado Mirosevic y la empresa Microsoft Chile es uno patente que sirve para ilustrar la dinámica del lobby en el proceso legislativo. El conflicto está narrado en el reportaje en la revista Sábado de El Mercurio, del periodista Rodrigo Fluxá, quien es un reconocido profesional, premiado por su pares, y autor de un excelente libro sobre los asesinos de Daniel Zamudio. La seriedad del reportaje de Fluxá no puede ponerse en duda y los hechos allí descritos constituyen un nítido lobby para frenar una idea de un diputado, una idea referente al software libre y su uso en dispositivos del Estado.

Compartir

Para comprender el debate es necesario observar la secuencia de hechos. El diputado Mirosevic, del Partido Liberal de Chile, pensaba presentar un proyecto de ley referente al software libre y promover su utilización por parte del Estado. El proyecto de acuerdo presentado por el diputado Mirosevic fue suscrito también por otros nueve legisladores que buscan que el Estado tome en cuenta la alternativa del software libre frente al software de licencia, por el cual se pagan más de 36 mil millones al año, según el detalle construido por el equipo del diputado. Conscientes de la amenaza sobre sus intereses, los representantes de Microsoft acudieron a entrevistarse con Mirosevic a fin de persuadirlo de bajar esta moción. En estas gestiones, Microsoft se acompañó de una empresa de comunicaciones estratégicas denominada Factor C, en cuyo sitio web no se menciona el servicio de lobby y cuya directora ejecutiva es Javiera de la Cerda, señora del alcalde UDI de Las Condes, Francisco de la Maza.


The Insidiousness of Facebook Messenger's Mobile App Terms of Service | Sam Fiorella

The Insidiousness of Facebook Messenger’s Mobile App Terms of Service | Sam Fiorella.

Sam Fiorella

 

How much access to your (and your friends’) personal data are you prepared to share for access to free mobile apps? I suspect the amount is significantly less than that which you actually agreed to share when blindly accepting the Terms of Service.

Case in point: Facebook’s Messenger App, which boasts over 1,000,000,000 downloads, requires the acceptance of an alarming amount of personal data and, even more startling, direct control over your mobile device. I’m willing to bet that few, if any, of those who downloaded this app read the full Terms of Service before accepting them and downloading the app.

2013-11-30-Messenger.jpg

The Facebook Messenger app is a standalone version of the instant chat feature within the social network. You can easily access this within the Facebook app on your mobile device, but opening the full application also requires more memory, bandwidth, and battery life. As a result, Facebook offers this one feature as a standalone app in which you can instantly chat with your Facebook friends without having to launch the full Facebook app.

If you’re one of those 1,000,000,000 people who have downloaded this app, take a moment to read the following. I’ve posted, word for word, a few of the most aggressive app permission you’ve accepted.

    • Allows the app to change the state of network connectivity


  • Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Malicious apps may cost you money by making calls without your confirmation.


  • Allows the app to send SMS messages. This may result in unexpected charges. Malicious apps may cost you money by sending messages without your confirmation.


  • Allows the app to record audio with microphone. This permission allows the app to record audio at any time without your confirmation.


  • Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation.


  • Allows the app to read you phone’s call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.


  • Allows the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals.


  • Allows the app to read personal profile information stored on your device, such as your name and contact information. This means the app can identify you and may send your profile information to others.


  • Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.


  • Allows the app to get a list of accounts known by the phone. This may include any accounts created by applications you have installed.


Los humanos no reconocen a la mayoría de robots tuiteros

Los humanos no reconocen a la mayoría de robots tuiteros.


E-mail
Escrito por The Physics arXiv Blog / www.technologyreview.es
Lunes, 09 de Junio de 2014 11:33

Si tienes una cuenta de Twitter, lo más probable es que tengas menos de 50 seguidores, y que sigas a menos de 50. Probablemente conozcas bien a muchas de estas personas, pero también puede que nunca hayas conocido a algunas de ellas.

He aquí una pregunta interesante: ¿cómo sabes que estos usuarios de Twitter son personas reales y no cuentas automatizadas, conocidas como bots (robots), creadas para publicar enlaces y mensajes con los que influir en tus opiniones?

Puede que pienses que los bots no son demasiado sofisticados, y que son fáciles de detectar. Y además sabes que Twitter vigila la Tuitosfera para buscar y eliminar las cuentas automatizadas que encuentre. En consecuencia, es poco probable que, sin saberlo, estés siguiendo a cuentas automatizadas, malintencionadas o no.

Si eres de los que mantienen esta opinión, quizá te apetezca echar un vistazo al trabajo de Carlos Freitas en la Universidad Federal de Minas Gerais (Brasil), que ha estudiado la facilidad con la que los bots sociales se infiltran en Twitter.

Sus resultados te van a sorprender. Aseguran que una proporción significativa de los bots sociales que han creado no sólo se infiltraron en grupos sociales en Twitter, sino que lograron ser influyentes entre ellos. Es más, Freitas y su equipo han identificado las características que hacen que los bots sociales tengan más probabilidades de éxito.


Global police operation disrupts aggressive Cryptolocker virus | Technology | theguardian.com

Global police operation disrupts aggressive Cryptolocker virus | Technology | theguardian.com.

UK botnet victims have two weeks to escape clutches of invasive ransomware after global cybercrime operation

 

 

Cryptolocker will encrypt files with a public key that is widely seen as unbreakable.
Cryptolocker will encrypt files with a public key that is widely seen as unbreakable.

 

The FBI and crime agencies from across the globe have temporarily disrupted one of the most aggressive computer viruses ever seen, but are warning victims they have two weeks to protect their computers before the hackers seize it back.

Digital police from across the globe have claimed success in disrupting the criminal operation behind the ransomware, known as Cryptolocker.

The UK’s National Crime Agency (NCA) has told British victims that they have a two-week window to protect themselves, after working with the FBI, Europol and other law enforcement bodies to temporarily seize control of the global network of infected computers.

Cryptolocker is now disabled, but the NCA said it was a race against time before the hackers circumvent their block on it.

It follows one of the biggest ever international collaborations between the major crime agencies to prevent a virus of this magnitude.

The Cryptolocker software locked PC users out of their machines, encrypting all their files and demanding payment of one Bitcoin (currently worth around £300) for decryption.

The FBI estimates that the virus has already acquired $27m (£17m) in ransom payments in just the first two months of its life, and that it has infected more than 234,000 machines.