Articles

404 ERROR: REQUEST COULD NOT BE FOUND

The page that you have requested could not be found at this time. We have provided you a list of related content below or you can use our site search to find the information that you are looking for.

Millions of Files Leaked from Oklahoma Department of Securities Database

The UpGuard Data Breach Research team, who previously uncovered data breaches in U.S. voting systems and an Experian partner, recently exposed a massive leak from Oklahoma's Department of Securities. The contents of the files "ran the gamut from personal information to system credentials to internal documentation and communications intended for the Oklahoma Securities Commission," but the sheer bulk of the 3TB of data is made up of Outlook backup archives dating back to at least 1999, while some data goes back to 1986. Among other things, the leak contained the social security numbers of "approximately ten thousand brokers." identifying information on over a hundred thousand brokers, sensitive medical data, credentials for various IT services, and files related to investigations and FBI interviews. While UpGuard's post wasn't particularly critical, Chris Vickery, head of research at UpGuard, told Forbes that the department's response was "irresponsible," as they "didn't check to see what was done with the mass of data downloaded by the researchers." UpGuard also found some glaring security oversights in the leaked data, such as decrypted versions of documents being stored in the same folder as encrypted versions.

Businesses and organizations naturally accumulate stores of data, both because of the value of that data and to comply with retention policies. Creating backups is a good practice to increase resilience in the face of attacks like ransomware. Backups are also necessary for migrations to ensure data can be recovered as businesses adopt newer and more secure technologies. But as this case highlights, the final crucial step is to maintain control over every copy of those data stores. The good news is that, while the contents of the server extended over years, the known period of exposure was quite short. Thanks to the Data Breach Research team's techniques for quickly identifying risks, the exposure was identified only one week after it showed up in Shodan's catalogue of global IP addresses. Shortening the window of exposure reduces the likelihood of other parties accessing the data and enables its owners to take responsive measures before the data is used maliciously.

Discussion
Posted by alphaatlas January 17, 2019 9:42 AM (CST)

773 Million Records from Massive Data Breach Uploaded to Have I Been Pwned

Troy Hunt is a Microsoft Regional Director and is the owner and creator of Have I Been Owned (HIBP). Today he alerted the security community to a massive 87GB data breach that the hacker community calls "Collection #1." It contains 773 million unique email addresses, 1.1 billion unique combinations of email addresses and passwords, and over 21 million unique passwords. The data dump is from a MEGA collection that a hacker community forum used to upload stolen credentials to as they shared their latest escapades. Since "Collection #1" has so many individual hackers associated with it, verifying all of the data breaches at individual companies is extremely time consuming. Curious consumers can use HIBP to check to see if their email address is part of the collection and they can use Pwned Passwords to see if their password has been compromised.

What's the Risk If My Data Is in There? I referred to the word "combos" earlier on and simply put, this is just a combination of usernames (usually email addresses) and passwords. In this case, it's almost 2.7 billion of them compiled into lists which can be used for credential stuffing: Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts. In other words, people take lists like these that contain our email addresses and passwords then they attempt to see where else they work. The success of this approach is predicated on the fact that people reuse the same credentials on multiple services. Perhaps your personal data is on this list because you signed up to a forum many years ago you've long since forgotten about, but because its subsequently been breached and you've been using that same password all over the place, you've got a serious problem.

Discussion
Posted by cageymaru January 17, 2019 9:31 AM (CST)

Microsoft Puts $500 Million Towards Affordable Seattle Area Housing

Microsoft says they're committing $500 million towards an affordable housing program in the Pudget Sound region around Seattle. More specifically, $225 million will be invested "at below market rate returns, focused on preserving and developing new middle-income housing on King County’s Eastside," $250 million will be invested "at market rate returns," while $25 million will be donated as a philanthropic grant to address homelessness. Microsoft points out that the Seattle region has seen a 21% increase in jobs and a 13% increase in housing since 2011, and feels at least partially responsible for the growing housing problem. The Seattle Times notes that the announcement comes days after Microsoft revealed plans to modernize their Redmond campus, and that the company is sitting on $135 billion in cash reserves and short-term investments, to put things in perspective. Microsoft made a video for the project, which you can check out below:

For Microsoft, the fund is also a call to action. The company wants philanthropies and businesses to step up with aid, Smith said. Smith said he's open to others contributing to Microsoft's fund and has had talks with executives at other companies. But few have the same amount of cash on hand, he said. He noted Boeing has much of its money tied up in aircraft construction. Smith said he's talked with leaders from Amazon, but declined to disclose details. Convincing the private sector to jump on board might be hard. In Silicon Valley, companies such as Cisco and Microsoft’s LinkedIn have donated $52 million toward a similar housing-loan program, but companies like Google and Facebook have instead chosen to build or advocate for housing near their Silicon Valley headquarters.

Discussion
Posted by alphaatlas January 17, 2019 8:18 AM (CST)

Palmer Luckey Details His Vision of Reshaping National Security During Interview

During an interview with CNN, former Oculus VR founder Palmer Luckey detailed his vision for national security. After selling his Oculus VR technology to Facebook and leaving the company he founded behind, Palmer Luckey co-founded Anduril Industries in Orange County, California. There his team of visionaries have developed a futuristic military technology system called Lattice. Lattice allows the military, law enforcement, and first responders to detect, see, and share information with real time tracking maps using head up display (HUD) technology similar to what is available to fighter jet pilots. For example, autonomous drones could scan areas to detect forest fires. When a fire is detected, a human monitoring multiple drone sensor feeds would request that fire fighting robots be deployed at the edge of the fire. These autonomous robots could continue fighting the fire even when overwhelmed by the flames. These situations would surely harm a human, but by being able to see every aspect of the emergency using the Lattice system, first responders could be kept out of harm's way. Palmer Luckey says that it has been the dream of the American military to have HUD technology available to foot soldiers on the ground. This increased situational awareness will save lives as drones and sensors will show soldiers the type of threat that is present. Not only will it detect that an intruder is in an area, it will allow the military to make decisions based on how many and how well armed the enemy is so that soldiers can be better prepared for encounters. He even gave an example during the interview where soldiers could see enemy troop movement on the opposite side of a mountain and thus make an informed decision to prepare for battle, call in backup, or withdraw to a safe place. Previously the soldiers would have been ambushed and possibly suffer casualties.

His decision to launch Anduril was prescient. As US military leaders worry other countries are developing more advanced technologies, Pentagon officials now want to work closer with emerging companies and Silicon Valley to adopt new tools, such as artificial intelligence. "I'm much more concerned about other countries like Russia and China building technology that they use to oppress their own people and also expanding their sphere of influence over other countries," said Luckey, adding he doesn't intend to sell Anduril's technology to China or Russia. "We can't afford to say, 'Just let Russia have the best military technology. Let's let China have the best military technology,'" Luckey told Segall. "I'd rather have us moving quickly trying to build the best technology for the United States."

Discussion
Posted by cageymaru January 16, 2019 3:08 PM (CST)

Nvidia Confirms Adaptive Sync Only Works on Pascal and Turing GPUs

Nvidia has already stated that support for adaptive sync monitors is limited to Turing and Pascal GPUs, aka the GeForce 10 series and up. But the wording was a little ambiguous, and some hoped that Nvidia would eventually add support for the 900 series. But an Nvidia representative on the GeForce forums confirmed that the company has no plans to support adaptive sync on Maxwell. However, it's not clear if this is due to a hardware limitation or some other factor.

coth: Any word on when VRR will be available on GTX 900 series? ManuelGuzmanNV: Sorry but we do not have plans to add support for Maxwell and below.

Discussion
Posted by alphaatlas January 16, 2019 12:20 PM (CST)

Facebook and Other Corporations Spend Millions on Executive Security

Wired just ran a story claiming that the Silicon Valley giants spend huge amounts of money to protect their CEOs and other executives. Apple, for example, reportedly dropped $310,000 protecting Tim Cook, while Amazon and Oracle spent $1.6 Million protecting Jeff Bezos and Larry Ellison. But Facebook's expenditures seem to dwarf everyone else. The social media company reportedly spent $7.3 Million protecting Mark Zuckerberg in 2017, while the company told investors it anticipated spending "$10 million annually" last summer. And that was before Facebook's bad news train really picked up steam. I can only imagine how much they're paying to protect Zuckerberg now.

"I'd put that $10 million among the top five highest in the country. And from what I've read in the media about Facebook, that seems to be an appropriate level of expense," says Heintze... We don't believe in our clients using regular phones," says Moyer. "We set up anonymous phones; mine are in Faraday bags." His firm also recommends using VPNs to obscure a device's location and using search engines that don't track users.

Discussion
Posted by alphaatlas January 16, 2019 9:32 AM (CST)

Foreign Nationals Charged with Hacking the SEC to Steal Financial Statements

Two Ukrainians; Artem Radchenko and Oleksandr Ieremenko have been charged with hacking into the Securities and Exchange Commission's (SEC) Electronic Data Gathering, Analysis and Retrieval (EDGAR) system. The cyber-criminals accessed the network and stole thousands of files containing confidential financial statements such as annual and quarterly earning reports. These filings contain non-public information that is required to be reported to the SEC. The defendants sold this information to others before it was distributed to the general public. This allowed them to affect the stock prices of companies and benefit from orchestrating stock trades based on information not known to the general public. This created an uneven playing field and thus harmed the general public for their own gain. In the 16-count indictment unsealed today, the pair is charged with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud. "The SEC also filed a civil complaint today charging Ieremenko along with several other individuals and entities."

"The defendants charged in the indictment announced today engaged in a sophisticated hacking and insider trading scheme to cheat the securities markets and the investing public," U.S. Attorney Craig Carpenito said. "They targeted the Securities and Exchange Commission with a series of sophisticated and relentless cyber-attacks, stealing thousands of confidential EDGAR filings from the Commission's servers and then trading on the inside information in those filings before it was known to the market, all at the expense of the average investor."

Discussion
Posted by cageymaru January 15, 2019 3:58 PM (CST)

Apple Allegedly Replaced 11 Million Batteries Following CPU Throttling Scandal

Apple's missed revenue targets have sent investors scrambling for explanations, and a few pointed fingers at Apple's 2017/2018 CPU throttling scandal. Apple started a relatively affordable program to replace batteries in older iPhones for $29, and some analysts thought the program could put a dent in Apple's profits. That claim hinges on just how many batteries Apple replaced, and the Daring Fireball blog claims to have a concrete number. Citing an Apple executive meeting on January 3rd, the report claims that Apple replaced about 11 million iPhone batteries, which is far above previous estimates. Thanks to VentureBeat for spotting the post.

I'm pretty sure Gassee's back-of-the-envelope estimate of the number of batteries replaced was way too low. During Apple's all-hands meeting January 3, Tim Cook said Apple replaced 11 million batteries under the $29 replacement program, and they'd have only anticipated about 1-2 million battery replacements normally. (The fact that Cook held this all-hands meeting was reported by Mark Gurman at Bloomberg, but the contents of the meeting haven't leaked. Well, except for this nugget I'm sharing here.) But Gassee's second point still stands: the battery replacement program ran all year long, so even if it was more popular than Apple originally expected, why wasn't it accounted for in guidance issued on November 1 - 10 months after the program started? My guess: the effect of the battery replacement program on new iPhone sales wasn't apparent until after the iPhone XR and XS models were available. A few million extra iPhone users happy with the performance of their old iPhones with new batteries - who would have otherwise upgraded to a new iPhone this year - put a ding in the bottom line.

Discussion
Posted by alphaatlas January 15, 2019 11:24 AM (CST)

Tesla Encourages Auto Hacking with a Model 3 Giveaway

As cars get smarter, they also become more vulnerable to digital saboteurs. We've reported on several incidents where hackers managed to unlock a drive a Tesla away, but the company has repeatedly reaffirmed its commitment to security, as it did again this week. A post on the Zero Day Initiative's blog announced that, in "partnership with Tesla," prizes ranging from $35,000 to $300,000 will be awarded to hackers who can worm their way into a Tesla Model 3 at this year's Pwn2Own competition. In addition, the first researcher to break in will get a brand new Model 3. The specific hack categories are outlined in the post, and Tesla is awarding a particularly large amount of money for a "Gateway, Autopilot, or VCSEC" hack. Additionally, VMware and Microsoft are also giving out rewards for finding vulnerabilities in and Office, web browsers, and other software.

Starting in 2007, Pwn2Own has evolved from a small demonstration with prizes averaging around $10,000 per exploit, to one of the most well-known security contests in the industry, with millions of dollars of cash and prizes made available to contestants over the years. The contest serves as more than just an annual check-in on the state of browser and OS security. It also guides researchers as we add new categories and increase cash awards. Over the years, new veins of security research were mined after being a target of Pwn2Own. We saw that with exploit techniques like sandbox escapes, mitigation bypasses, and guest-to-host OS escalations. This year, on March 20-22 at the CanSecWest conference, we hope to see that research expand into our newest category, Automotive with the addition of the Tesla Model 3, which has quickly become the best-selling car in its class in the United States.

Discussion
Posted by alphaatlas January 15, 2019 8:52 AM (CST)

NVIDIA GeForce Game Ready Driver 417.71 WHQL Has Been Released

NVIDIA GeForce Game Ready driver 417.71 WHQL has been released and it provides G-SYNC Compatible support for some AMD FreeSync monitors on the market. NVIDIA G-SYNC can now be used to activate the VRR features of G-SYNC Compatible displays. G-SYNC Compatible displays have been validated by NVIDIA to not show pulsing, flickering, or other artifacts during VRR gaming. Look here for a list of GSYNC Compatible displays. G-SYNC on G-SYNC Compatible displays is supported only with NVIDIA Pascal and later GPU architectures. Only single displays are currently supported; multiple monitors can be connected but no more than one display should have G-SYNC enabled. Support for the GeForce RTX 2060 has been added along with 3D Vision profiles for Shadow of the Tomb Raider - Not Recommended and Darksider 3 - Fair. New versions of the HD audio driver, GeForce Experience, CUDA, PhysX, and nView are included also. The NVIDIA driver download page is located here. Fixed issues in Nvidia GeForce Game Ready driver 417.71 WHQL include: [GeForce GTX 1080]: GPU clock speed does not drop to idle when three monitors are enabled. [2474107]. Black screen when resuming from monitor sleep on some DisplayPort monitors. [2457142]. [Notebook]: Fixed lockup that occurred when resuming from sleep on MSI GT83 notebook [2456849]. [GeForce GTX 1060 Notebook][Gu Jian Qi Tan 3]: The application hangs during launch. [200477252]. Fixed black screen on BenQ XL2730 monitor at 144Hz refresh rate [2456730]. [Windows 7][G-SYNC]: Game FPS drops when G-SYNC is used with V-Sync [200473408]. [SLI][3D Gaming][TU104][PG 180][Multiple apps][Win10RS5x64]Blocky Corruption when application is switched to certain resolutions [200465152]. [Shadow of the Tomb Raider]: Fixed occasional application crash in DirectX 12 mode. [200464716].

Windows 10 Issues [SLI][Shadow of the Tomb Raider][G-SYNC]: Flickering occurs in the game when launched with SLI, HDR, and G-SYNC enabled [200467122]. [HDR][Ni no Kuni 2]: Enabling HDR causes the application to crash when launched. [2483952]. [ARK Survival]: Multiple errors and then blue-screen crash may occur when playing the game. [2453173]. [Firefox]: Cursor shows brief corruption when hovering on certain links in Firefox. [2107201]. [G-SYNC]: Random flickering occurs when connecting G-SYNC monitor + non-GSYNC HDMI monitor with G-SYNC enabled. [2399845].

Discussion
Posted by cageymaru January 15, 2019 7:55 AM (CST)

Judge Rules Against Law Enforcement in Biometrics Unlocking Case

A judge has ruled against law enforcement in a case where police officers were seeking to unlock a phone by using the fingerprint, iris or face of the owner. These biometrics unlocks have been the center of legal debates for years as previous judges had ruled that law enforcement could unlock devices using biometrics. Passcodes can't be used to unlock devices as that is against the law to make a person divulge their password. Thus they are considered a "testimonial." Judge Westmore ruled that biometrics should be protected in the same way. "'If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one's finger, thumb, iris, face, or other biometric feature to unlock that same device,' the judge wrote." This ensures a person's 5th Amendment protections against self-incrimination are respected. "As Judge Weisman astutely observed, using a fingerprint to place someone at a particular location is a starkly different scenario than using a finger scan "to access a database of someone's most private information." In re Application for a Search Warrant, 236 F. Supp. 3d at 1073. Thus, the undersigned finds that a hiometric feature is analogous to the nonverbal, physiological responses elicited during a polygraph test, which are used to determine guilt or innocence, and are considered testimonial. See Schmerher, 384 U.S. at 764." The ruling by Judge Westmore can be found here.

It follows that any argument that compelling a suspect to provide a biometric feature to access documents and data is synonymous with producing documents pursuant to a subpoena would fail. As the Riley court recognized, smartphones contain large amounts of data, including GPS location data and sensitive records, the full contents of which cannot be anticipated by law enforcement. See Riley, 134 S. Ct. at 2492.^ Consequently, the Government inherently lacks the requisite prior knowledge of the information and documents that could he obtained via a search of these unknown digital devices, such that it would not be a question of mere surrender. See Hubbell, 530 U.S. at 44-45. Additionally, the Government would be unable to articulate facts to compel the unlocking of devices using biometric features by unknown persons the Government could not possibly anticipate being present during the execution of the search warrant. Indeed, the affidavit makes no attempt to do so.

Discussion
Posted by cageymaru January 14, 2019 7:56 PM (CST)

Valve Releases Steam Statistics for 2018

Today, Valve released a Steam statistics overview for 2018. The most interesting stat is the 47 million active daily visitors that Steam averages per day. On a monthly basis, Steam averages 90 million active users with 1.6 million new purchasers per month. The peak concurrent users at one time in 2018 was 18.5 million! Valve goes over how its player base has changed over the years with the large influx of users from Asia in 2018. The statistics show the number of controller owners on the Steam platform and how much data has been delivered by Steam over the years. The article discusses the various currencies that Steam supports, new SteamWorks features, and more features coming to Steam in 2019!

Store Discoverability: We're working on a new recommendation engine powered by machine-learning, that can match players to games based on their individual tastes. Algorithms are only a part of our discoverability solution, however, so we're building more broadcasting and curating features and are constantly assessing the overall design of the store. Steam China: We've partnered with Perfect World to bring Steam onshore into China. We'll reveal more details about this in the coming months. Steam Library Update: Some long awaited changes to the Steam Client will ship, including a reworked Steam Library, built on top of the technology we shipped in Steam Chat.

Discussion
Posted by cageymaru January 14, 2019 6:03 PM (CST)