ICT Security-Sécurité PC et Internet

The FBI has reportedly found evidence that foreign hackers breached two state election databases in recent weeks.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Elections

Praktisch, wenn man unterwegs ein USB-Kabel zum Aufladen des Smartphones findet. Allerdings sollte man sein Telefon nicht an jedes beliebige Kabel hängen. Über präparierte Ladestationen können Unbefugte in den Besitz persönlicher Daten gelangen.
Smartphones an öffentlich zugänglichen USB-Steckern aufzuladen, kann ein Sicherheitsrisiko sein. Zum Schutz vor Spionage sollte man lieber auf eigene Kabel und Ladegeräte zurückgreifen, rät der Sicherheitsexperte Brian Krebs in seinem Blog „ krebsonsecurity.com“.
Er warnt vor dem sogenannten Video Jacking. Dabei wird über vermeintliche Ladestationen der Displayinhalt des Smartphones übertragen. Angreifer können so Sicherheitscodes, Passwörter und Texteingaben auslesen und verfolgen, was auf dem Smartphonebildschirm angezeigt wird.
Nehmen Sie ihr eigenes Kabel mit!!!

Betroffen sind Geräte, an deren Micro-USB-Port auch der formgleiche Mobile High Definition Link (MHL) oder ein Slimport-HDMI-Adapter angeschlossen werden kann. Diese Stecker ermöglichen auch die Übertragung des Bildschirminhalts vieler Android- und Blackberry-Smartphones. Für das ungeübte Auge sind sie von normalen Micro-USB-Steckern nicht zu unterscheiden - den Akku des Smartphones laden sie alle. Mit einem speziellen Adapter funktioniert der Angriff den Angaben nach auch mit Apples iPhone 6.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Video+Jacking

Der Nachrichtendienst NSA ist offenbar Opfer eines Hackerangriffs geworden. Bereits 2013 erbeutete Überwachungsprogramme wurden jetzt im Internet veröffentlicht. Edward Snowden vermutet russische Hintermänner. Für die NSA könnte der Hack unangenehme Folgen haben.

This is surely no frivolous hacker feud, but an incredibly sophisticated attack on the US cyber-security infrastructure — even though it was meant to look like it was carried out by Guy-Fawkes-mask-wearing ideological warriors, at least a bit. It even features a quasi-illiterate intro/rant railing against “the elites.” It’s a familiar refrain in an American political season dominated by anti-establishment politicians, and it fits well with the stereotype of the libertarian hacker — but it also seems to want to convince these elites not to support the sort of offensive hacking on display in their leak. Emphasis added:

We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle?

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Shadow+Brokers

http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

US-Sicherheitsexperten und frühere NSA-Mitarbeiter befinden die Software, die Unbekannte am Wochenende veröffentlichten, als echt.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

A little-known feature of many modern smartphones is their ability to duplicate video on the device’s screen so that it also shows up on a much larger display — like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping.

Dubbed “video jacking” by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine splits the phone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in — including PINs, passwords, account numbers, emails, texts, pictures and videos.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=USB

Sicherheitsexperten haben eine Malware entdeckt, die sich offenbar schon seit mindestens fünf Jahren auf bestimmten Computersystemen befindet. Die perfekte Tarnung der Schadsoftware spricht für eine staatlich sanktionierte Entwicklung auf höchstem Niveau. Auch nach der Entdeckung bleiben Virenscanner dabei praktisch machtlos.

Sowohl Kaspersky Lab als auch Symantec haben Berichte zu der Malware veröffentlicht, schreibt t3n. Bei Kaspersky läuft die Software unter der Bezeichnung Project-Sauron und bei der Konkurrenz von Symantec hat man ihr den Namen Remsec gegeben, anderswo wird auch Strider verwendet. Der Supertrojaner verbreitet sich über USB-Sticks und umgeht dabei sogar Schutzmechanismen — und bleibt dank eines raffinierten modularen Aufbaus auf dem Zielsystem unerkannt.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Remsec

In response to the disclosure of vulnerabilities in Tor's design, researchers at MIT have created Riffle, a system that allegedly provides better security and uses bandwidth more efficiently.

"We've switched from cyber-espionage to offensive cyber action," Hyppönen told El Reg. "The cyber arms race is just beginning and it's going to get much worse."

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2012/05/21/visual-it-securitypart2-your-computer-as-a-possible-cyber-weapon/

Media Markt macht es in Ingolstadt, Ikea probiert sie in Graz aus, MyMuesli auf dem Münchner Viktualienmarkt und bei McDonald's stecken sie in knapp drei Dutzend deutschen Filialen: die Beacons. Das sind keine Speckstreifen, sondern Minisender, die Kunden, die über ein Smartphone verfügen, individuelle Nachrichten aufs Handy zaubern.

Und die lauten so: "Zeit für eine Pause! Zum Beispiel mit einem gratis Kaffee für Ikea Family-Mitglieder und einem saftigen Himbeerkuchen", lockt Ikea beispielsweise. MyMuesli macht Marktbesucher auf Sonderangebote aufmerksam und der Ingolstädter Media Markt lotst Kunden per Indoor-Navi zum richtigen Regal.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

http://www.scoop.it/t/21st-century-innovative-technologies-and-developments/?tag=Beacon

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Beacons

An update to Rule 41 of the Federal Rules of Criminal Procedure will grant new powers for law enforcement to target users of privacy tools like Tor and VPN.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=TOR

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=VPN

http://www.scoop.it/t/securite-pc-et-internet/?tag=VPN

Asked whether the Justice Dept. would demand source code in the future, the spokesperson declined to comment.

It's not uncommon for tech companies to refer to their source code as the "crown jewel" of their business. The highly sensitive code can reveal future products and services. Source code can also be used to find security vulnerabilities and weaknesses that government agencies could use to conduct surveillance or collect evidence as part of ongoing investigations.

Given to a rival or an unauthorized source, the damage can be incalculable.

The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We're not naming the person as they relayed information that is likely classified.

We contacted more than a dozen tech companies in the Fortune 500. Unsurprisingly, none would say on the record if they had ever received such a request or demand from the government.

Learn more:

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cyberespionage...

Dans deux états américains, des pirates se sont introduits dans les bases de données où sont stockées des informations relatives aux électeurs. Voilà ce qu'a annoncé Yahoo News hier lundi sur base d'une mise en garde confidentielle du FBI.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?

More evidence surfaced this week that computer surveillance tools belonging to the mysterious Equation hacking group are linked to the US National Security Agency.

Cyber-security experts were divided on the origin of the hacking code, which was leaked on Monday by another hacking group called calling itself the "Shadow Brokers." But The Intercept reported on Friday that a specific 16-character string found in a leaked NSA instruction manual also appears in the Shadow Brokers code.

The manual, a 31-page document entitled "FOXACID SOP for Operational Management," describes administrative tools for tracking surveillance targets, including a set of tags used to catalogue servers, according to The Intercept. The tags are used to trick Internet users into thinking they're browsing a safe website when in fact they've been sent a malicious payload from an NSA server.

Although it appears to show a link between the Shadow Brokers hack and the NSA, The Intercept acknowledges its findings don't necessarily mean that the NSA itself was hacked. The code could have been stolen from third-party hackers, a possibility Edward Snowden alluded to on Monday.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Shadow+Brokers

http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

Notorious NSA contractor-turned-privacy advocate Edward Snowden warns the recent NSA hacks could have some really "messy" consequences.

Notorious NSA contractor-turned-privacy advocate Edward Snowden today took toTwitter to discuss the details of yesterday’s ‘Equation Group’ hack. The Equation Group — allegedly an offshoot of the NSA — saw its defenses penetrated by a group calling itself ‘The Shadow Brokers.’ Eventually this data began to make its way online.

The collected data is reported to be a cache of hack tools, known as binaries. According to Snowden, these tools are uploaded onto an NSA staging server as part of on-going operations to target and trace rival malware servers. The practice is known as Counter Computer Network Exploitation, or CCNE — a process that allows NSA hackers to steal tools used by foreign (or domestic rival) hackers in order to fingerprint them.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Shadow+Brokers

Last Friday, a mysterious group by the name of “The Shadow Brokers” dumped what appeared to be some of the National Security Agency’s hacking tools online. There was some speculation as to whether the tools were legitimate. According to The Intercept, these tools are mentioned in documents leaked by NSA whistleblower Edward Snowden.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Shadow+Brokers

An anonymous group claims to have stolen hacking tools that might belong to the NSA and is auctioning them off to the highest bidder.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/

Cybersecurity researchers at Symantec have discovered a previously-unknown hacker group they have dubbed 'Strider', which has been infecting organisations and individuals that would be of potential interest to a nation state's intelligence services.

The group's Remsec malware appears to mainly target organisations and individuals in Russia, but has also infiltrated the systems of an airline in China, an embassy in Belgium, and an unspecified organisation in Sweden. The malware is very much designed to spy on its targets: once it has infected a system, it opens a backdoor through which it can log keystrokes and steal files.

It's thought the highly-targeted malware -- only 36 infections in five years -- has been in operation since October 2011, avoiding detection by the vast majority of antivirus systems for almost five years through a number of features designed to ensure stealth.

Several of the components which make up Remsec are built in the form of a Binary Large Object (BLOB), collections of binary data which are difficult for security software to detect. In addition, the malware's functionality is deployed across a network which means it isn't stored on disk, another factor which makes it difficult to detect.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Remsec

Millionen kabellose Tastaturen senden Daten im Klartext.

Kabellose Tastaturen sollten eigentlich so gebaut sein, dass die darauf getippten Informationen nur verschlüsselt übertragen werden. Millionen Geräte von mindestens acht großen Herstellern patzen dabei aber heftig, wie Forscher entdeckt haben.

Imaginez qu'on vous remette les clés d'internet. Un instant vous pourriez examiner le panneau de commande de la climatisation d'un bâtiment, l'inventaire d'une pharmacie ou la console d'un programmeur Windows. L'instant d'après, ce serait la boîte de réception de messagerie d'un directeur d'établissement scolaire ou un écran tactile permettant de noter la satisfaction des clients de toilettes publiques (malheureusement, ceci n'est pas une blague).

Learn more / En savoir plus / mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

The cyber attack vectors available to hackers will continue to grow as the Internet of Things (IoTs) become more commonplace, making valuable data accessible through an ever-widening selection of entry points.
Although it's not the hackers alone, the NSA is also behind the Internet of Things.
We already know the United States National Security Agency's (NSA) power to spy on American as well as foreign people – thanks to the revelations made by whistleblower Edward Snowden in 2013.

But, now the agency is looking for new ways to collect even more data on foreign intelligence, and for this, the NSA is researching the possibilities of exploiting internet-connected biomedical devices ranging from thermostats to pacemakers.
During a military technology conference in Washington D.C. on Friday, NSA deputy director Richard Ledgett said his agency officials are "looking at it sort of theoretically from a research point of view right now."

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cyberespionage

Anybody who walks or drives past new tracking billboards with a mobile phone in their pocket can be spied on without their knowledge or consent: a potential invasion of privacy that US Senator Charles E. Schumer wants the US Federal Trace Commission (FTC) to investigate.

Schumer, a Democrat from New York, delivered a briefing in Times Square on Sunday, electronic billboards blinking and scrolling behind him.

From his remarks:

A person’s cell phone should not become a James Bond-like personal tracking device for a corporation to gather information about consumers without their consent.

No one wants to be followed or tracked throughout their day, electronically or otherwise.
These new “spying” billboards raise serious questions about privacy, Schumer said. They should be investigated by the feds, and the companies behind them should be required to offer an opt-out option for consumers who feel that they violate their privacy.

Learn more / En savoir plus / Mehr erfahren:

https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

https://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

The Director of National Intelligence says the U.S. government is planning to use the Internet of Things to spy on you through your appliances. You’ll never be lonely again. Cartoon by Stephanie McMillan.

Learn more / En savoir plus / Mehr erfahren: 

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars