Obama Proposes $4 Billion Investment In Self-Driving Cars

BMW M3

The Obama Administration has unveiled a proposal for a 10-year, $4 billion investment in the adoption of autonomous car technology. The money would fund pilot projects to, among other things, “test connected vehicle systems in designated corridors throughout the country, and work with industry leaders to ensure a common multistate framework for connected and autonomous vehicles.” The administration says it has an interest in cutting the death toll — over 30,000 people each year in the U.S. — associated with traffic accidents. The proposal also calls for the National Highway Traffic Safety Administration to work with industry to resolve regulatory issues before they inhibit development of self-driving cars. “This is the right way to drive innovation,” said Transportation Secretary Anthony Foxx.

Netflix Decides To Crack Down On VPN Users

Cyber-Security-Toolkit

Netflix have announced they’ll be taking further steps to ensure users are not circumventing geo-restrictions. David Fullagar, Vice President of Content Delivery and Architecture at Netflix says “Some members use proxies or “unblockers” to access titles available outside their territory. To address this, we employ the same or similar measures other firms do. This technology continues to evolve and we are evolving with it. That means in coming weeks, those using proxies and unblockers will only be able to access the service in the country where they currently are. This announcement comes just days after Netflix Chief Product Officer Neil Hunt said that a VPN blocking policy might be impossible to enforce.”

“DDoS-For-Bitcoin” Blackmailers Arrested

hacking-300x300-300x300

The DDoSing outfit that spawned the trend of “DDoS-for-Bitcoin” has been arrested by Europol in Bosnia Herzegovina last month. DD4BC first appeared in September 2015, when Akamai blew the lid on their activities. Since then almost any script kiddie that can launch DDoS attacks has followed their business model by blackmailing companies for Bitcoin.

Exploit Vendor Zerodium Puts $100,000 Bounty On Flash’s New Security Feature

Cyber-Security-Toolkit

Zerodium, the company that buys zero-day bugs from security researchers and then sells them forward to government intelligence agencies, has put out a new bounty, this one on Adobe’s Flash Player. The exploit vendor is offering $100,000 to the first researcher that finds a similar zero-day bug, capable of avoiding Flash’s newly-released isolated heap memory protection feature. Previously, Zerodium offered $1 million to a security researcher for a zero-day bug in Apple’s iOS 9 operating system.

Linode Resets Passwords After Credentials Leak

Cyber-Security-Toolkit

Linode, a major provider of virtual private servers, has been compromised again. In a blog post, they said, “A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds.” The Linode team said it found evidence of unauthorized access to three customer accounts. They don’t yet know who is behind the attacks.

An employee for PagerDuty said they were compromised through Linode Manager all the way back in July. “In our situation the attacker knew one of our user’s passwords and MFA secret. This allowed them to provide valid authentication credentials for an account in the Linode Manager. It’s worth noting that all of our active user accounts had two-factor authentication enabled. … We also have evidence from access logs provided by Linode that the attackers tried to authenticate as an ex-employee, whose username ONLY existed in the Linode database.”

Germany Fires Up Bizarre New Fusion Reactor

01-ARC_2

On 10 December, Germany’s new Wendelstein 7-X stellarator was fired up for the first time, rounding off a construction effort that took nearly 2 decades and cost €1 billion. Initially and for the first couple of months, the reactor will be filled with helium—an unreactive gas—so that operators can make sure that they can control and heat the gas effectively. At the end of January, experiments will begin with hydrogen in an effort to show that fusing hydrogen isotopes can be a viable source of clean and virtually limitless energy.

Quantum Computer Security? NASA Doesn’t Want To Talk About It

Cyber-Security-Toolkit

At a press event at NASA’s Advanced Supercomputer Facility in Silicon Valley on Tuesday, the agency was keen to talk about the capabilities of its D-Wave 2X quantum computer. ‘Engineers from NASA and Google are using it to research a whole new area of computing — one that’s years from commercialization but could revolutionize the way computers solve complex problems,’ writes Martyn Williams. But when questions turned to the system’s security, a NASA moderator quickly shut things down [VIDEO], saying the topic was ‘for later discussion at another time.’

AVG, McAfee, Kaspersky Antiviruses All Had a Common Bug

Cyber-Security-Toolkit

Basic ASLR was not implemented in 3 major antivirus makers, allowing attackers to use the antivirus itself towards attacking Windows PCs. The bug, in layman terms, is: the antivirus would select the same memory address space every time it would run. If attackers found out the memory space’s address, they could tell their malicious code to execute in the same space, at the same time, and have it execute with root privileges, which most antivirus have on Windows PCs. It’s a basic requirement these days for software programmers to use ASLR (Address Space Layout Randomization) to prevent their code from executing in predictable locations. Affected products: AVG, McAfee, Kaspersky. All “quietly” issued fixes.

Chubb To Offer UK ‘Troll Insurance’ Policy

hacking-300x300-300x300

Insurance group Chubb will start offering the UK’s first cyber-bullying policy – ‘troll insurance’ – through which it will accept claims of up to £50,000 to cover counselling and relocation costs, as well as time spent out of work. Chubb will provide its personal insurance policy customers the option to claim expenses ensued from online abuse. Cyberbullying is defined by the insurer as ‘three or more acts by the same person or group to harass, threaten or intimidate a customer.’ While the new insurance option is targeted towards parents concerned about their children’s online activities, adults who are targeted by cyber abuse will also be able to make a claim.

Revisiting the Infamous Sony BMG Rootkit Scandal 10 Years Later

hacking-300x300-300x300

Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview. Some say all this is karmic payback for what’s become known as a seminal moment in malware history: Sony BMG sneaking rootkits into music CDs 10 years ago in the name of digital rights management. ‘In a sense, it was the first thing Sony did that made hackers love to hate them,’ says Bruce Schneier, CTO for Resilient Systems. Sony’s scheme was revealed on Halloween of 2005, and was followed by a botched response, issuing and reissuing of rootkit removal tools, and lawsuits. There are object lessons from the incident which are relevant today.