April 29, 2019

NIST tool boosts chances of finding dangerous software flaws

By John E Dunn

After more than 20 years of steady improvement, the US National Institute of Standards and Technology (NIST) thinks it has reached an important milestone with something called Combinatorial Coverage Measurement (CCM).

Part of a research toolkit called Automated Combinatorial Testing for Software (ACTS), CCM is an algorithmic approach used to test software for interactions between input variables that might cause unexpected failures.

It sounds like a technical mouthful, but this is good news for software, especially when it’s inside complex systems such as aircraft, cars and power plants where these sorts of problems could be life-threatening.

Typically, this will be software taking inputs from arrays of sensors that generate unexpected conflicts the software can’t resolve, for instance between temperature, pressure or altitude.

Designers try to counteract these problems by modelling as many interactions as they can before the software is used in the real world, which is where ACTS and CCM come in.

But there’s always been a problem – modelling enough interactions from enough variables to spot all the possible combinations that might lead to an issue.

This has been improving since the late 1990s when the idea got off the ground, most recently during a revision to the ACTS toolkit in 2015.

Now, in collaboration with University of Texas, Austria’s SBA Research, and Adobe (one of several big companies using the toolkit), NIST thinks that the 2019 revision of CCM has made some kind of leap forward.

Read more at https://nakedsecurity.sophos.com/2019/04/29/nist-tool-boosts-chances-of-finding-dangerous-software-flaws/

Cryptocurrency giants in $850m fraud allegations

By Danny Bradbury

The New York Attorney General has accused cryptocurrency exchange Bitfinex and cryptocurrency Tether of an $850m fraud.

The State’s Attorney General Letitia James obtained a court order last week directing iFinex, which operates Bitfinex and Tether, to turn over financial documents within 30 days. In a separate legal filing, she accused Bitfinex’s operators of controlling the cryptocurrency, and said that the exchange has covered up the loss of $850m to a company in Panama.

Tether has called itself a stablecoin, which is a cryptocurrency pegged to a stable asset to minimize price volatility. Stablecoins are supposed to be stable enough to use as currencies, as opposed to wildly volatile cryptocurrencies like Bitcoin, which have become speculative assets. In Tether’s case, one Tether is supposed to be worth one US dollar, and it originally claimed to hold enough US dollars to cover all the Tether cryptocurrency that it has issued.

According to James, Bitfinex handed over $850m in funds to Panamanian company Crypto Capital Corp. There was no written contract between the two companies, and Bitfinex lost access to those funds, which commingled corporate and client funds. She said:

In order to fill the gap, executives of Bitfinex and Tether engaged in a series of conflicted corporate transactions whereby Bitfinex gave itself access to up to $900 million of Tether’s cash reserves.

James said that Bitfinex has taken at least $700m from Tether’s reserves already.

Bitfinex had facilitated nearly $6.8bn in cryptocurrency trades in the last 30 days, according to CoinMarketCap.

Read more at https://nakedsecurity.sophos.com/2019/04/29/new-york-attorney-targets-cryptocurrency-giants-in-court-filings/

Cops need warrant for both location history and phone pinging, says judge

By Lisa Vaas

As we all should know full well by now, location data from our phones can reveal our every move – where and when and with whom we live, socialize, visit, vacation, worship; our trips to an emergency room or family planning clinic; and much more.

Whether law enforcement gets that intimate portrait of our lives from real-time cell phone location data handed over by a phone company or from a cell-site simulator like a stingray is moot. Either way, police need a warrant, Massachusetts Supreme Judicial Court ruled on Tuesday.

The Electronic Frontier Foundation (EFF) is calling this an important win in the ongoing debate about location privacy and the wealth of records stored by third parties – one that could play a role beyond Massachusetts.

This is one of the first decisions to grapple with the scope of the Carpenter ruling – which held that law enforcement needs a warrant for location data – but it won’t be the last.

As it is, the EFF said, momentum is growing at the state level, with legislation pending in both Maryland and Wisconsin that would require police to get a warrant for location data. From the EFF:

[The Massachusetts decision will] hopefully turn the tide on pending court cases looking at the issue.

Commonwealth of Massachusetts v. Almonor

The case in question is Commonwealth of Massachusetts v. Almonor, and it concerns police having ordered cellphone service provider Sprint to ping the phone of a murder suspect without a warrant. In fact, police got two weeks’ worth of the suspect’s historical cell records.

Read more at https://nakedsecurity.sophos.com/2019/04/29/cops-need-warrant-for-both-location-history-and-phone-pinging-says-judge/

Piracy streaming apps are stuffed with malware

By Lisa Vaas

Does the offer to “Never pay for cable again” sound tantalizing?

It shouldn’t. It should sound abhorrent, not only because of piracy being illegal and unfair to content creators, but also because researchers have found that pirated streaming devices are stuffed with malware and/or open the door for it to come streaming in.

According to a report published on Thursday, researchers have found that many of the devices are rigged with malware, be it on preinstalled apps or apps added later.

In order to assess the streaming piracy ecosystem, researchers from cybersecurity firm Dark Wolfe Consulting and the Digital Citizens Alliance (DCA) – a consumer-focused group devoted to making the internet safer –  picked up six streaming devices that use the Kodi platform.

Kodi’s a free, open-source media player… one that comes in handy to tweak and add to piracy streaming devices. Of the Kodi devices the researchers checked out, they found that 70% were repurposed or loaded with apps that access unlicensed content.

Read more at https://nakedsecurity.sophos.com/2019/04/29/piracy-streaming-apps-are-stuffed-with-malware/

NSA asks to end mass phone surveillance

By Danny Bradbury

The National Security Agency (NSA) has asked to end its mass phone surveillance program because the work involved outweighs its intelligence value, according to reports this week.

Sources told the Wall Street Journal that the NSA has recommended the White House terminates its call data records (CDR) program. The logistics of operating it aren’t worth the intelligence that it provides, they said.

The NSA’s clandestine phone records gathering program dates back to the introduction of the Patriot Act in 2001, shortly after the 9/11 attacks on the US. Section 215 of the Act enabled the US intelligence community to collect extensive information.

Shortly afterwards, President George Bush authorized the warrantless collection of data about international telephone calls and emails, and the NSA began collecting data under a program called Stellar Wind.

In 2006, a class action suit targeted Verizon, BellSouth and AT&T, alleging that they handed over call records to the NSA. In 2013, Edward Snowden publicly revealed documents detailing the Stellar Wind program. The American Civil Liberties Union (CLU) sued then-director of national intelligence James Clapper to stop the bulk metadata collection program for violations under the first and fourth amendments.

Read more at https://nakedsecurity.sophos.com/2019/04/26/nsa-asks-to-end-mass-phone-surveillance/

Fingerprint glitch in passports swapped left and right hands

By Lisa Vaas

True, we accidentally swapped fingerprints for Danish citizens’ left and right hands on their passports, but it probably won’t cause much grief for these 228,000 people, said the head of Kube Data, which encoded the biometric data on the passports’ microprocessors.

The Copenhagen Post quoted Jonathan Jørgensen:

It’s difficult to imagine that this will give citizens much of a headache. It’s only the state police [Rigspolitiet] that has access to the encryption key to where the error is found, and many affected citizens have probably travelled with their passports without any problems.

According to the local news outlet, the fingerprint errors were discovered, by chance, in 2017 by a citizen. The mistake occurs in passports issued between 2014 and 2017.

Denmark introduced biometric passports in 2011, containing digital photos, fingerprints and signatures. The purpose is to fend off identity theft and passport forgery, as well as to fight a roster of other crimes:

The decision to introduce fingerprints in passports has been made at central level in the EU as part of the combat against terrorism, human trade, human trafficking, illegal immigration and other transnational crime. With the new biometric passport Danish citizens are secured the possibility to travel to countries which in the future will demand this type of passport for entry.

Police are looking into whether or not the quarter-million affected passports will need to be replaced. If they do, who’s going to pay for it? They’re discussing that with Kube Data, reportedly trying to make sure that the cost of passport replacement doesn’t come out of Danish citizens’ pockets.

Read more at https://nakedsecurity.sophos.com/2019/04/26/fingerprint-glitch-in-passports-swapped-left-and-right-hands/


Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation