Connect with us

Australia may allow intelligence agencies to infiltrate tech giants’ networks

Published

on

Google, Microsoft and others have joined forces to oppose a bill proposed by the Australian government.

Global tech giants have stepped up resistance to the Australian government’s proposed cybersecurity bill. Companies are confident that if passed, the law would allow the authorities to force access to their networks without due process of law.

According to Google, Microsoft, Intel, Twitter, eBay, Amazon and Adobe, the law will create “an impracticable set of obligations and an alarming global precedent,” writes The Sydney Morning Herald.

Last year, Australian Prime Minister Scott Morrison spoke about a wave of sophisticated cyberattacks against government and industry at all levels, as well as critical infrastructure, including hospitals, local governments and government agencies.

The government’s proposed bill allows him to declare an emergency so that intelligence agencies, in particular the Australian Signals Directorate, can exercise their power and connect to networks of critical infrastructure (CI) companies to fend off cyberattacks. The bill also establishes a number of reporting obligations for CI operators in the event of a breach.

Last month, the Australian Federal Parliament’s Security and Intelligence Committee recommended halving the law to allow urgent action and give government and industry more time to consult on other issues.

While the government said the right to force computer penetration will only be used as a last resort, tech giants are confident that the law gives the authorities “unprecedented and far-reaching powers that can influence the networks, systems and customers of domestic and international organizations.”

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

New feature from Google allows minors to remove their photos from search

Published

on

This function was first introduced in August this year, but it has become widely available only now.

Google has launched a new security feature that allows individuals under the age of eighteen to submit requests to remove their photos from search results. For the first time, the company announced its plans to implement this function in August this year, but it has become widely available only now.

Anyone can start the process of deleting photos on this page support. To do this, you need to provide the URLs of the images that you want to remove from the search results, the search words for which the search engine gives these photos, the name and age of the minor, as well as the name of the person acting on his behalf, and the status (by whom, for example, parent, guardian, etc.).

As with other erasure requests, it is difficult to say what criteria Google will follow when making a decision. According to the company, images of all minors will be removed “except in cases of public interest or informational value.” It is difficult to say what this will mean in practice.

Based on Google’s wording, only requests from individuals who are currently under eighteen years of age will be accepted. It turns out that if a person is, say, thirty years old, then he will not be able to request the removal of photographs in which he is fifteen.

Google also notes that removing photos from search results does not mean removing them from the internet. The company advises users requesting deletion of snapshots to contact the webmaster first. However, if the appeal does not lead to anything, then removing images from Google search results will certainly be an important step.

Continue Reading

Security

Information security expert hacked Wi-Fi networks in Tel Aviv to find out their reliability

Published

on

The specialist managed to hack 73% of the 5 thousand studied wireless networks.

CyberArk employee Ido Hoorvitch conducted an interesting experiment to find out how strong passwords are for Wi-Fi networks in his hometown of Tel Aviv.

Using equipment to intercept Wi-Fi packets, Horwich collected a sample of 5,000 hashes of wireless networks and exploited a vulnerability to obtain PMKIDs (Pairwise Master Key Identifiers). To do this, he used a $ 50 NIC with monitoring and packet injection support and the WireShark tool.

PMKID is a hash generated using a password, access point MAC address, client MAC address, and wireless network name (SSID).

Horwich first tried to find out how many users had set their cell phone numbers as their wireless password (a common practice in Israel). To crack such a password, you just need to calculate all the combinations of numbers for Israeli phone numbers. Using a standard laptop, the researcher cracked 2,200 passwords; on average, breaking one password took 9 minutes.

Horwich then used the standard dictionary attack method. Using the Rockyou.txt dictionary, the expert managed to crack another 1,359 passwords (almost all of them used lowercase characters)

In total, Horwich was able to guess passwords to access 3,663 out of 5,000 (73%) of the studied wireless networks in Tel Aviv. The technical details of the study can be found here

Continue Reading

Security

The FBI raids the American office of PAX Technology

Published

on

The searches are related to the suspicion of the possible use of PAX equipment in cyberattacks.

Officials from the US Federal Bureau of Investigation raided the Florida office of PAX Technology, a Chinese PoS terminal manufacturer. How reported journalist Brian Krebs, the searches are related to reports of the possible use of PAX systems in cyber attacks against organizations in the United States and Europe.

PAX Technology is one of the world’s largest payment terminal manufacturers and a leading provider of trading solutions and services. The company is headquartered in Shenzhen, China.

According to information American radio station WOKV, the FBI and the Department of Homeland Security raided the PAX Technology warehouse in Jacksonville. Investigators said the searches were carried out on the basis of a court order as part of a federal investigation by the Department of Homeland Security with the participation of the Customs and Border Protection Directorate and the Naval Criminal Investigation Service. The FBI did not comment on the situation.

According to Krebs, citing trusted sources, the FBI launched an investigation into PAX after a major US payment service provider drew attention to strange network packets emanating from the company’s payment terminals. As it turned out, PAX terminals were used as a malware dropper and control infrastructure for organizing attacks and gathering information.

PAX Technology did not respond to Brian Krebs’s inquiry about the situation.

Two major financial providers in the US and UK have already begun to remove PAX terminals from the payment infrastructure, sources said.

“My sources say there is technical evidence for the use of terminals in cyberattacks. The packet sizes do not match the billing information they are supposed to send and do not correlate with the telemetry these devices are supposed to display in the event of a software update. PAX now claims the investigation is racially and politically motivated, ”the source said.

Krebs’ interlocutor did not provide details about the unusual network activity that led to the FBI investigation.

Continue Reading

Most Popular