KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked. @Krebs on Security
PortSmash, as the new attack is being called, exploits a largely overlooked side-channel in Intel’s hyperthreading technology. A proprietary implementation of simultaneous multithreading, hyperthreading reduces the amount of time needed to carry out parallel computing tasks, in which large numbers of calculations or executions are carried out simultaneously. The performance boost is the result of two logical processor cores sharing the hardware of a single physical processor. The added logical cores make it easier to divide large tasks into smaller ones that can be completed more quickly. —Dan Goodin @ARS Technica
Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including medical devices such as insulin pumps and pacemakers, as well as point-of-sales and IoT devices. —Swati Khandelwal @The Hacker News
Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own domain. @Krebs on Security
Over the last several years, Facebook has gone from facilitating the free flow of information to inhibiting it through incremental censorship and account purges. What began with the ban of Alex Jones last summer has since escalated to include the expulsion of hundreds of additional pages, each political in nature. And as more people become wary of the social media platform’s motives, one thing is absolutely certain: we need more market competition in the realm of social media. —Brittany Hunter @Interllectual Takeout
Tim Berners-Lee, a London-born computer scientist who invented the Web in 1989, said he was disappointed with the current state of the internet, following scandals over the abuse of personal data and the use of social media to spread hate. “What naturally happens is you end up with one company dominating the field so through history there is no alternative to really coming in and breaking things up,” Berners-Lee, 63, said in an interview. “There is a danger of concentration.” —Guy Faulconbridge, Paul Sandle @Reuters
It’s been three years since Australia adopted a national copyright blocking system, despite widespread public outcry over the abusive, far-reaching potential of the system, and the warnings that it would not achieve its stated goal of preventing copyright infringement. Three years later, the experts who warned that censorship wouldn’t drive people to licensed services have been vindicated. According to the giant media companies who drove the copyright debate in 2015, the national censorship system has not convinced Australians to pay up. —Cory Doctorow @EFF
Thiel said Silicon Valley has fallen victim to groupthink, citing its politically insular atmosphere for his moving away to Los Angeles. “There’s a sense that the network effects that made Silicon Valley good have gone haywire,” he said, according to CNBC. “It’s not the wisdom of crowds, it’s the madness of crowds.” @Market Watch
Google Chrome is the most popular browser in the world. Chrome routinely leads the pack in features for security and usability, most recently helping to drive the adoption of HTTPS. But when it comes to privacy, specifically protecting users from tracking, most of its rivals leave it in the dust. —Bennett Cyphers and Mitch Stoltz @EFF
Related
