Archive for the ‘travel’ Category

Sweden Accidentally Leaks Personal Details of Nearly All Citizens

Wednesday, July 26th, 2017

sweden-data-leak

A Massive data breach in the Swedish Transport Agency Accidentally Leaks Personal Details of Nearly All Citizens
Another day, Another data breach!

This time sensitive and personal data of millions of transporters in Sweden, along with the nation’s military secrets, have been exposed, putting every individual’s as well as national security at risk.

Who exposed the sensitive data? The Swedish government itself.

Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military.

The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military’s most secretive units, police suspects, people under the witness relocation programme, the weight capacity of all roads and bridges, and much more.

The incident is believed to be one of the worst government information security disasters ever.

Here’s what and How it Happened:

In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks.

However, the Swedish Transport Agency uploaded IBM’s entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs.

The transport agency then emailed the entire database in messages to marketers that subscribe to it.

And what’s terrible is that the messages were sent in clear text.

When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.

If you think the scandal ends there, you are wrong. The outsourcing deal gave IBM staff outside Sweden access to the Swedish transport agency’s systems without undergoing proper security clearance checks.

IBM administrators in the Czech Republic were also given full access to all data and logs, according to Swedish newspaper Dagens Nyheter (DN), which analysed the Säpo investigation documents.

According to Pirate Party founder and now head of privacy at VPN provider Private Internet Access Rick Falkvinge, who brought details of this scandal, the incident “exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.”

Tons of Sensitive Info Exposed about Both Individuals and Nation’s Critical Infrastructures

According to Falkvinge, the leak exposed:

  • The weight capacity of all roads as well as bridges (which is crucial for warfare, and gives a lot idea about what roads are intended to be used as wartime airfields).
  • Names, photos, and home addresses of fighter pilots in the Air Force.
  • Names, photos, and home addresses of everybody in a police register, which are believed to be classified.
  • Names, photos, and residential addresses of all operators in the military’s most secret units that are equivalent to the SAS or SEAL teams.
  • Names, photos, and addresses of everybody in a witness relocation program, who has been given protected identity for some reasons.
  • Type, model, weight, and any defects in all government and military vehicles, including their operator, which reveals a much about the structure of military support units.

Although the data breach happened in 2015, Swedish Secret Service discovered it in 2016 and started investigating the incident, which led to the fire of STA director-general Maria Ågren in January 2017.

Ågren was also fined half a month’s pay (70,000 Swedish krona which equals to $8,500) after finding her guilty of being “careless with secret information,” according to the publication.

What’s the worrying part? The leaked database may not be secured until the fall, said the agency’s new director-general Jonas Bjelfvenstam. The investigation into the scope of the leak is still ongoing.

Swati - Hacking News

Microsoft (SFB/O365) Dropping Support for PBX Connections leaving Legacy Platforms behind

Wednesday, July 26th, 2017

Microsoft recently announced that it will no longer provide session border controller (SBC) support for PBX systems accessing Office 365.

Essentially, the news means that starting July 2018, users of Exchange Online Unified Messaging (UM) will have to use an alternative method of connecting voicemail with Outlook. Microsoft won’t support PBX connections using SBCs for that purpose.

In its announcement, Microsoft suggested that only “a small number of customers are affected by this change” and that it was making it to “provide a higher quality of service for voicemail.” Microsoft also offered four alternative options, though they likely won’t be cheap or simple for affected organizations, said Paul Cunningham, a Microsoft Most Valuable Professional, commenting in a Practical 365 blog post. The move could simplify things for Microsoft, though, he suggested.

“I see this simply as part of Microsoft’s grand strategy to jettison legacy platforms and solutions that are complex and not highly profitable, and focus on services like Cloud PBX that they can deliver more efficiently,” Cunningham added.

Microsoft is discontinuing its SBC support on the Office 365 side so that it won’t have to rely on “a third-party system” that’s difficult to manage, suggested Jeff Guillet, a Microsoft certified solutions master and Microsoft MVP. He explained the technical aspects of Microsoft’s move in this blog post, adding that giving companies just one year to move is “asking a lot,” since the switchover likely will affect large companies.

Some Help for Orgs
Meanwhile, AVST, a Microsoft Gold partner on Skype for Business and Exchange, and a voicemail pioneer, is indicating that it has the means to support organizations faced with Microsoft’s one-year deadline.

The company’s CX-E Unified Communications platform offers a quick solution that can integrate with leading PBX systems, such as systems from Avaya, Cisco, Microsoft and others. The platform permits organizations to continue to use Outlook forms to link voicemail with e-mail. Because of the potential pain involved in such moves, it’s currently offering discounts via its Value-Added Reseller partners.

How AVST can address the issue was explained by Tom Minifie, AVST’s chief technology officer, as well as Denny Michael, senior vice president of sales and marketing at AVST, in a phone interview last week.

AVST has been addressing the unified communications space for decades.

“The company goes back over 30 years and we were one of the folks that brought voicemail to the marketplace,” Michael said. “We’ve been around for a long time, and we primarily service the enterprise space. We’re very strong in healthcare, state and local government, regulated industries, higher education and other horizontal industries as well.”

Minifie explained that organizations with third-party (or non-Microsoft) PBX systems using Office 365, or thinking about moving to Office 365, will be affected by Microsoft’s change. Most options, of the four listed by Microsoft, will require moving to Skype for Business and scrapping PBX systems. It’ll be “disruptive,” he said.

“Clearly, from Microsoft’s position, they want that alternative to be ‘Get rid of your PBX and use Skype for Business,'” Minifie said. “So, for customers that have already been planning for that, that’s a good option for them. They move to Skype for Business and continue to use the Exchange [Online] UM component. But for customers that aren’t interested in doing that or aren’t ready to do that, then this is pretty disruptive because it’s not something that they’ve planned for already.”

AVST, with its CX-E Unified Communications platform, specializes in the fourth option presented by Microsoft.

“And what that is, it’s really saying is that instead of directly connecting the Exchange [Online] UM environment to the PBX, I’m going to have a different unified messaging solution that performs that same functionality, and that’s how we approach it,” Minifie said. “Because of our history, we evolved the integrations into the various phone systems, so whatever phone system or PBX the customer is using, we’ll be able to integrate into that, but then we also integrate into the Exchange environment so that we can provide unified messaging through Exchange.”

End users also get the same familiar Outlook look and feel with AVST’s platform.

“In our eyes, we’re providing the best of both worlds,” Minifie said. “We’re solving the problem, which is you can no longer connect Exchange [Online] UM into your PBX. So we take care of that PBX connection. But you get to continue to use the familiar Outlook interface that the end users are used to.”

Minifie affirmed that Microsoft was essentially eliminating the SBC on its end. The change was aimed at improving the quality of service of voicemail, according to Microsoft.

The Time Factor
AVST and its partners validate phone systems and architectures. They perform application discovery to address any functionalities that organization may want. The time it takes to deploy will depend on the solution chosen.

“As far as the amount of time, that kind of depends on the solution,” Minifie said. “Ours is quick because you really aren’t changing anything. Your phone system doesn’t change. Your Exchange doesn’t change. We just get put in the middle of it. And so that can be deployed very quickly.”

Other approaches can get delayed.

“With the other solutions, you’re getting into having to order telecom things,” Minifie said. “You need SIP trunking and have to order from the carrier, and there are whatever delays for that to get delivered.”

AVST’s solution can be installed on premises or it’s provided as a hosted software-as-a-service solution via subscription. More information about AVST’s replacement offerings for Exchange Online UM can be found at this page.

By Kurt Mackie

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.

Source: Microsoft Dropping Support for PBX Connections Using SBCs — Redmond Channel Partner

SatPhone Encrypted Calls Can be Cracked in Fractions of a Second

Thursday, July 13th, 2017

Decrypting-Satellite-Phone-Calls

Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in “real time” — that too in mere fractions of a second in some cases.

The new attack method has been discovered by two Chinese security researchers and is based on previous research by German academicians in 2012, showing that the phone’s encryption can be cracked so quickly that attackers can listen in on calls in real time.

The research, disclosed in a paper published last week by the security researchers in the International Association for Cryptologic Research, focused on the GMR-2 encryption algorithm that is commonly being used in most modern satellite phones, including British satellite telecom Inmarsat, to encrypt voice calls in order to prevent eavesdropping.

Unlike previous 2012 research by German researchers who tried to recover the encryption key with the help of ‘plaintext’ attacks, the Chinese researchers attempted to “reverse the encryption procedure to deduce the encryption-key from the output keystream directly.”

The attack method requires hitting a 3.3GHz satellite stream thousands of times with an inversion attack, which eventually produces the 64-bit encryption key and makes it easier to hunt for the decryption key, allowing attackers to decrypt communications and listen in to a conversation.

“This indicates that the inversion attack is very efficient and practical which could lead to a real time crack on the GMR-2 cipher,” the research paper reads. “The experimental results on a 3.3GHz platform demonstrate that the 64-bit encryption-key can be completely retrieved in around 0.02s.”

According to the duo, the attack can eventually crack the satellite phone call encryption in a fraction of a second when carried out successfully, allowing the attacker to break into the communications in real time for live eavesdropping.

The new findings spark concerns surrounding the security of satellite phones, which are mostly used by field officers in war zones that protect our land, air, and water, as well as people in remote area precisely because of no other alternatives.

Such attacks could pose a significant threat to satellite phone users’ privacy.

“Given that the confidentiality is a very crucial aspect in satellite communications, the encryption algorithms in the satellite phones should be strong enough to withstand various eavesdropping risks,” researchers said.

“This again demonstrates that there exists serious security flaws in the GMR-2 cipher, and it is crucial for service providers to upgrade the cryptographic modules of the system in order to provide confidential communication,” researchers concluded.

The research was carried out by Jiao Hu, Ruilin Li and Chaojing Tang of National University of Defense Technology, Changsha, China. For more details, you can head on to their research paper [PDF], titled “A Real-time Inversion Attack on the GMR-2 Cipher Used in the Satellite Phones.”

Story Credit ::
Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst.
She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Ting sets Sandpoint, Idaho as its next 1 Gbps broadband target

Tuesday, March 8th, 2016

If Ting sees enough interest in service after completing its “demand assessment” phase, Ting says that network construction will begin later this year.

Google Fiber (NASDAQ: GOOG) and other large telcos like AT&T (NYSE: T) have gained national attention for their 1 Gbps FTTH builds in major cities like Atlanta and Austin, Texas. But Ting said its goal is to bring similar capabilities to areas like Sandpoint where the population is less than 10,000 people.

“While it’s obviously very important to get major metros connected with fast fiber Internet, Ting Internet is proving that the fastest Internet access available isn’t just for city centers,” said Elliot Noss, CEO of Ting and its parent company Tucows. “Smaller cities and towns need faster, more reliable Internet too. Maybe even more so.”

Sandpoint will be the fourth area where Ting offers its FTTH service.

In early 2015, Ting launched FTTH service Charlottesville, Va. followed by Westminster, Md., later that year. In early 2016, Ting Internet began demand generation and assessment in Holly Springs, N.C.

Although network installation costs vary by location, Ting said they are not more than $200 for a home or $400 for an individual business. The Ting Internet Box, which doubles as a high speed wireless router, costs $199 up front or a user can pay $9 a month for the device.

Eligible residential customers can get a 1 Gbps connection for $89, while business services are available for $139 a month. The service provider is also offer a symmetrical 5 Mbps service for $19 a month.

Ting is taking its 1 Gbps FTTH show to the Sandpoint, Idaho area with plans to offer the service to residents in the communities of Sandpoint, Dover, Ponderay and Kootenai.Similar to the way it launched services in Holly Springs, N.C. and in Virginia, interested residents and businesses that reside in these towns can pre-order service by going to the ting.com/sandpoint site.The service provider said that pre-orders will impact not just when Ting starts bringing service to a town, but also where it will begin its network buildout.

 

Source: Ting sets Sandpoint, Idaho as its next 1 Gbps broadband target – FierceTelecom

WARNING! Android phones can be hacked with a simple text

Monday, July 27th, 2015

The problem stems from the way Android phones analyze incoming text messages. Even before you open a message, the phone automatically processes incoming media files — including pictures, audio or video. That means a malware-laden file can start infecting the phone as soon as it’s received, according Zimperium, a cybersecurity company that specializes in mobile devices.

If this sounds familiar, that’s because this Android flaw is somewhat like the recent Apple text hack.

But in that case, a text message with just the right characters could freeze an iPhone or force it to restart. This Android flaw is worse, because a hacker could gain complete control of the phone: wiping the device, accessing apps or secretly turning on the camera.

In a statement to CNNMoney, Google (GOOGLTech30) acknowledged the flaw. It assured that Android has ways of limiting a hacker’s access to separate apps and phone functions. Yet hackers have been able to overcome these limitations in the past.

The bug affects any phone using Android software made in the last five years, according to Zimperium. That includes devices running Android’s Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop iterations (Google names its Android versions alphabetically after desserts).

android text

Zimperium said it warned Google about the flaw on April 9 and even provided a fix. The company claims Google responded the very next day, assuring a patch would be shared with customers in the future.

Typically, in these situations, companies are given a 90-day grace period to issue a fix. It’s a rule even Google abides by when it finds flaws in others’ software.

But it’s been 109 days, and a fix still isn’t largely available. That’s why Zimperium is now going public with the news.

The issue now is how quickly Google will manage to fix this for everybody. While Apple can push out updates to all iPhones, Google can’t.

Google is notorious for having a fractured distribution system. Several entities stand in between Google and its users, and they routinely slow down the release of new software. There’s phone carriers — like AT&T (TTech30) and Verizon (VZTech30) — and makers of physical devices — likeSamsung (SSNLF) — all of which need to work together to issue software updates.

Google told CNNMoney it already sent a fix to its “partners.” However, it’s unclear if any of them have started pushing that out to users themselves.

For that very reason, Google recently put its own Nexus phones first in line to receive updates.

This could be a test case that shows why it’s so important to receive updates quickly.

Chris Wysopal is a longtime hacker and now an executive at cybersecurity firm Veracode. He called this Android’s version of Heartbleed, the devastating bug that put millions of computer networks at serious risk last year.

“I’m interested to see if Google comes up with a way to update devices remotely,” he said. “Unless they can do that, we have a big disaster on our hands.”

 

Android phones can be hacked with a simple text – Jul. 27, 2015.

Red Hat eyes Canonical with docker-focused Enterprise Linux 7 Atomic Host- The Inquirer

Thursday, March 5th, 2015

RED HAT has announced the launch of Red Hat Enterprise Linux 7 (RHEL7) Atomic Host, which it describes as a “purpose-built container host for secure and reliable containerised applications across the open hybrid cloud.”

In a bid to rival Canonical’s Ubuntu Core sofware, new features in this edition include security bolstered by on-demand updates, with a reduced image size and instant notifications about all patches and updates as they become available.

Red Hat explained that SELinux, cgroups and kernel namespaces isolate each container in a multi-layer environment for added security.

Atomic updating and rollback allows for deployment of new versions in a single step, while keeping the old image in case a rollback is required.

Container images in docker format can be deployed and run as application containers, while certification and support means that added assurance from a chain of independent software vendors is approved by Red Hat.

Kubernets allows container orchestration at scale, creating large-scale business applications from discrete services.

Super-privileged containers allow host management applications to access other containers, but in a controlled manner making third-party software deployment easier and more secure.

Finally, RHEL7 Atomic Host is capable of deploying across the hybrid cloud including to physical hardware, hypervisors including Red Hat Enterprise Virtualization, VMware and Microsoft Hyper-V, and on certified public cloud services like Amazon Web Services and Google Cloud Platform.

Jim Totton, vice president and general manager of the platforms business unit at Red Hat, said: “Twelve years ago, Red Hat delivered the first iteration of RHEL, taking a cutting-edge software technology and moulding it into the backbone that powers the enterprise, from the server to the cloud.

via Red Hat eyes Canonical with docker-focused Enterprise Linux 7 Atomic Host- The Inquirer.

Record-breaking 1Tbps Speed achieved Over 5G Mobile Connection – Hacker News

Thursday, February 26th, 2015

New Generations usually bring new base technologies, more network capacity for more data per user, and high speed Internet service, for which Internet service providers usually advertise. However, it is believed that the fifth generation (5G Technology) of mobile network will be beyond our thoughts.1TBPS OVER 5GSecurity researchers from the University of Surrey have just achieved Record-Breaking data speeds during a recent test of 5G wireless data connections, achieving an incredible One Terabit per second (1Tbps) speed – many thousands of times faster than the existing 4G connections.After 4G, 5G is the next generation of mobile communication technology that aims at offering far greater capacity and be faster, more energy-efficient and more cost-effective than anything that has seen before. The boffins say 5G will be different – very different.The 5G test was conducted at the university’s 5G Innovation Centre (5GIC), which was founded by a host of telecoms industry partners including Huawei, Fujitsu, Samsung, Vodafone, EE, Aircom, BT, Telefonica, Aeroflex, BBC and Rohde & Schwarz.

via Record-breaking 1Tbps Speed achieved Over 5G Mobile Connection – Hacker News.

Galaxy S6, S6 Edge show up side by side in leaked pics – SlashGear

Thursday, February 26th, 2015

Yesterday, the Galaxy S6 was leaked in all its prototype glory. Still cased in bubble wrap, we got our first look at what might be the next flagship from Samsung. Now, we’re getting a better look at the device, and a comparison to the Galaxy S6 Edge. Side by side (edge to edge?), the two phones give us our first look at Samsung’s new two-phone flagship scheme. Oddly enough, while the thought of a curved screen might not appeal to you, these pics might change your mind.


The Galaxy S6 is pretty close to what we saw yesterday, and has one feature that’s immediately noticeable. The home button is a bit chunkier; not so slim and ling this time around. That’s likely because Samsung has changed their fingerprint scanning to perform more like the Touch ID you find on the iPhone and iPad, where you don’t have to drag a finger across the button.

Samsung_Galaxy_S6_Edge_side-by-side_1

That edgy Galaxy S6 is actually pretty sharp. In these pics, the curve isn’t quite as pronounced as the Note Edge. I actually enjoy the Note Edge, so a dual-sided slope is going to be pretty interesting.

Around back, we find the camera hardware is bulging, and the flash sits right next to it. We hope that pretty obvious bulge means there is some amazing hardware packed in — something that iterates on Samsung’s recent history of really good smartphone cameras.

Samsung_Galaxy_S6_Edge_side-by-side_2-640x373

Still, it’s hard not to notice Samsung has decided to come to MWC with two flagship phones, each with its own use cases and market. The last time someone did that, Apple was giving us two big iPhones. Hopefully, the same move pulls Samsung from their rut.

via Galaxy S6, S6 Edge show up side by side in leaked pics – SlashGear.

Thai Gov’t promises nationwide broadband | Bangkok Post: business

Thursday, February 26th, 2015

Mr Pridiyathorn Devakula

 

The government Thursday vowed to make cheap Internet service accessible to all villages in Thailand within two-and-a-half years as part of its digital-economy strategy.

Speaking at a seminar today, MR Pridiyathorn Devakula, deputy prime minister responsible for economic issues, said the government would try to make Internet access available to the largest numbers of Thai people at low cost.

He said the government aimed to set up a public-private venture to develop broadband infrastructure across the country. Government agencies should convert the value of fibre-optic cable under their ownership into capital for the new venture. The process is expected to take about 18 months.

Another year will be required to lay fibre to all almost 75,000 villages in the country, said MR Pridiyathorn.

He said there would data centres networking all government agencies will be developed within a year.

Please credit and share this article with others using this link:. via Gov’t promises nationwide broadband | Bangkok Post: business.

http://www2.bangkokpost.com/business/telecom/484274/gov-t-promises-nationwide-broadband

Samsung’s Smart TV ‘surveillance’ prompts FTC complaint | PCWorld

Thursday, February 26th, 2015

A complaint filed by a privacy group to the U.S. Federal Trade Commission charged that Samsung’s Smart TVs intercept and record private communications of consumers in their homes, violating a number of rules including the Children’s Online Privacy Protection Act.

samsung

The Electronic Privacy Information Center has asked the FTC to investigate and stop the practice by Samsung of collecting private communications and transmitting the recordings to a third party.

The group, which was involved in FTC privacy cases that led to settlements with Google and Facebook, has also asked the agency to investigate other companies engaged in similar practices as those of Samsung.

The South Korean company’s privacy policy for its Smart TV came under criticism as it cautioned customers to “please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

Alleging violation of the FTC Act, EPIC said users were not typically aware that Samsung Smart TVs would record and transmit over the Internet their private conversations.

Users are “so outraged” by the company’s recording and transmission practices that they are calling for class action lawsuits, it added.

via Samsung’s Smart TV ‘surveillance’ prompts FTC complaint | PCWorld.