FBI Seizes Control of Russian Botnet

The Daily Beast reports that the FBI has seized control of a key server in the Kremlin’s global botnet of 500,000 hacked routers. “The move positions the bureau to build a comprehensive list of victims of the attack, and short-circuits Moscow’s ability to reinfect its targets,” writes Kevin Poulsen. From the report: The FBI counter-operation goes after “VPN Filter,” a piece of sophisticated malware linked to the same Russian hacking group, known as Fancy Bear, that breached the Democratic National Committee and the Hillary Clinton campaign during the 2016 election. On Wednesday security researchers at Cisco and Symantec separately provided new details on the malware, which has turned up in 54 countries including the United States.

VPN Filter uses known vulnerabilities to infect home office routers made by Linksys, MikroTik, NETGEAR, and TP-Link. Once in place, the malware reports back to a command-and-control infrastructure that can install purpose-built plug-ins, according to the researchers. One plug-in lets the hackers eavesdrop on the victim’s Internet traffic to steal website credentials; another targets a protocol used in industrial control networks, such as those in the electric grid. A third lets the attacker cripple any or all of the infected devices at will.

The devil wears Pravda

Classic Bond villain, Elon Musk, has a new plan to create a website dedicated to measuring the credibility and adherence to “core truth” of journalists. He is, without any sense of irony, going to call this “Pravda”. This is not simply wrong but evil.

Tinder pilots Places, a feature that tracks your location for better matches

Tinder will now help you find matches with those people you may cross paths with in your day-to-day life. As promised earlier, the company today is announcing the launch of a new location-based feature that will narrow your list of potential dating prospects to those who hit up your same bar for after-work drinks, or who stop by your favorite coffee shop for their daily caffeine fix, or who work out at your same gym.

Tinder Places tracks your location to help you find matches

Tinder will now help you find matches with those people you may cross paths with in your day-to-day life. As promised earlier, the company today is announcing the launch of a new location-based feature that will narrow your list of potential dating prospects to those who hit up your same bar for after-work drinks, or who stop by your favorite coffee shop for their daily caffeine fix, or who work out at your same gym.

GDPR: What it is, and what businesses should do

Ongoing digital transformation has carried us right into the data-centric age: personal data is everywhere. Data subjects do not always realize how their data is handled, or who has access to it. What is even worse, organizations are sometimes careless about how they handle this data — and how they bring it online. That creates a surge of opportunities for data hunters of all kinds. The EU General Data Protection Regulation is an attempt to address those problems.

Joint EU-U.S. statement following the EU-U.S. Justice and Home Affairs Ministerial Meeting

On 22 and 23 May 2018, the EU-U.S. Ministerial Meeting on Justice and Home Affairs was hosted by the Bulgarian Presidency of the EU Council in Sofia, Bulgaria. The meeting reaffirmed the long-standing, fruitful cooperation between the United States of America and the European Union in the areas of justice and home affairs, as well as the importance of jointly addressing common security threats.

Craig Wright Isn’t Mad, He’s Actually Laughing After Public Beef at Blockchain Conference

Screengrab: YouTube. Composition: Author

Most tech conferences bore me out of my mind. But in cryptocurrency, where big personalities tend to clash, things can get intense quickly. This is especially the case whenever Craig Wright—the Australian businessman who is currently chief scientist of nChain, and who once (unsuccessfully) claimed to be pseudonymous Bitcoin inventor Satoshi Nakamoto—is in the mix.

Fitting Forward Secrecy into Today’s Security Architecture

Forward Secrecy’s day has come – for most. The cryptographic technique (sometimes called Perfect Forward Secrecy or PFS), adds an additional layer of confidentiality to an encrypted session, ensuring that only the two endpoints can decrypt the traffic.  With forward secrecy, even if a third party were to record an encrypted session, and later gain access to the server private key, they could not use that key to decrypt a session protected by forward secrecy. Neat, huh?

3 Obstacles to Moving Social Media Platforms to a Blockchain

Advertisement

Editor’s Picks

On average, there about 10 million active sessions a day on Taiwan’s version of reddit, a 25-or-so-year-old bulletin board system called PTT. That’s a respectable number considering Taiwan’s total population is 24 million. But lately the platform has been hit with many of the same problems that have muddied other social media sites—and now, its leaders are taking extreme measures to wipe it clean.

Why bad coding habits die hard—and 7 ways to kill them

Developers are usually the focus of blame when software vulnerabilities cause organizational breaches. (Sometimes, quality assurance engineers are included in the flame.) Interestingly, though, hardly anyone looks at why bad coding habits form in the first place.

Okta Eliminates Passwords, Backed by New Okta ThreatInsight

Okta, Inc., the leading independent provider of identity for the enterprise, today announced that organisations can replace passwords with stronger authentication for employees, partners, and customers with the launch of Okta’s new contextual access management features. By combining signals such as device, location, and network context, with threat intel from across Okta’s ecosystem through Okta’s new ThreatInsight functionality, organisations will be able to use Okta’s contextual access management to eliminate the login password as a primary factor of authentication. ThreatInsight will be available in both Okta’s new Adaptive Single Sign-On (SSO) and enhanced Adaptive Multi-Factor Authentication (MFA) products.

The Final GDPR Checks You Mustn’t Forget

We are now less than 48 hours away from the Europe’s General Data Protection Regulation (GDPR) becoming enforceable on 25 May. And unless you’ve been living under a rock for the last two years, you don’t need me to tell you that this new regulation promises to put power back into the hands of consumers, giving them more control over how their data is used.