Thursday, May 24, 2018

How hackers can steal your information on public Wi-Fi

3:15 PM
You enjoy “free internet” through Wi-Fi hotspots libraries, coffee shops, at bars, and other public places. It seems harmless. Little do you know, a stranger could know your birthplace, the schools you attended, and your recent search history in 20 minutes.

Just a couple of years ago, strangers could login as you on Facebook if you were on the same Wi-Fi network as them. They’d be able to view and send messages from your account, and even post statuses.

You don’t have to swear off public Wi-Fi for the rest of your life, and it’s not entirely the venue’s fault. Instead, let’s figure out why public Wi-Fi is so attractive to hackers and explore how they steal your information. We’ll share a simple solution that protects you from the vast majority of hackers’ strategies and tactics.

Public Wi-Fi security: how hackers steal your data

Most public connections are either unsecured or have shared passwords. Public Wi-Fi makes for an easy target for hackers.

Hackers want to sit between you and the websites you visit in order to look at your information. They do this with little effort on public Wi-Fi. Besides the lack of security, all sorts of different people might their share sensitive information through public Wi-Fi.

In comparison, let’s say a hacker eavesdropped on someone’s residential Wi-Fi. The hacker would only see sensitive information from one or two people before they needed to hack another house.

Where do sniffers come from?
Hackers use sniffers to steal data, spy on network activity, and collect information on users. Usually, the end goal is to obtain passwords and account information for banking and shopping sites. Typically hackers place sniffers in places that offer unsecured Wi-Fi connections such as those found at coffee shops, hotels, and airports. Sniffers are also used to impersonate other devices on the network in what’s known as a spoofing attack in order to steal sensitive information.

How do you recognize a sniffer?
Unauthorized sniffers can be virtually impossible to detect and can be inserted almost anywhere, making them extremely dangerous to a network's security. Basic users will likely never know if a sniffer is spying on their network data. You could, in theory, run your own sniffer and monitor DNS traffic to find other sniffers, but for the standard user it’s much simpler to run anti-sniffer software to catch any intruders, or to use an internet security program that will hide your browsing activity.

The Man In the Middle
Most hackers strike with a man in the middle (MITM) attack. Simply put, they watch or tweak your data in transit.

In a MITM attack, the hacker sees the information going to and from your computer. They intercept, and alter, the communication between you and the website. (Think that sounds scary? Just wait till your appliances connect to the internet.)

The Evil Twin
The “evil twin” is a variation of MITM attacks. With this attack, hackers set up rogue Wi-Fi hotspots. You might connect to a harmless looking hotspot, like one entitled, “Free Public Wi-Fi”. You figure that maybe someone was being generous.

Little do you know, you might have fallen right into a hacker’s trap. Once you’re connected, hackers can see any data you send and collect through this internet connection.

Devious hackers can set up a legitimate-looking Wi-Fi connection. For example, hackers can broadcast a network name that’s the name of a coffee shop or library. Unsuspecting victims will connect to the evil twin. Unfortunately, their computer still looks connected to the legitimate hub instead.

Some hacker techniques are advanced enough to lure your computer into automatically connecting to their Wi-Fi connection. They do this by broadcasting fake certificates and credentials that match routers you’ve connected to in the past.

The Packet Sniffer
MITM and evil twins aren’t the only strategies for hackers. They use software called packet sniffers to collect victims’ data. A packet sniffer captures all packets of data that pass through a network interface (e.g., the network interface card in your computer).

Network or system administrators can use packet sniffing to monitor and troubleshoot network traffic. Unfortunately, when hackers use packet sniffing, they eavesdrop on network traffic. They listen in on the information you send through the public Wi-Fi connection and use it for their own interests.

It’s actually pretty easy for hackers to pull off these attacks. Here’s how you can protect yourself from hackers snooping on your sensitive information:

How to protect your data from hackers
Some public Wi-Fi connections (like Starbucks) force you to login after you’ve connected. That means it’s safe, right?

Actually, these authentication screens have nothing to do with security. Rather, it’s about the provider trying to identify you (and potentially charge you in cases with paid Wi-Fi). Here are some tactics to defend yourself from hackers’ attacks.

Two-Factor Authentication for Passwords
TechRepublic suggests combining two factor authentication and VPNs to keep sensitive business information secure. This layer of defense is also useful with your personal information. VPNs make it difficult for hackers to read your password.

Play safe with another layer of defence. Turn on two-factor authentication for all your web services (e.g., email, social networks, etc.). This simply means that when you try to login to a website, the website will text message your phone with a code that you’ll enter into the site in addition to your password.

Even if a hacker has your password, they won’t have your phone — which makes it much more difficult for them to login to your account.

Constant Vigilance
It might seem obvious to some, but you have to err on the side of caution when browsing the internet. Never let your curiosity get the best of you. In your browser, block cookies and remove tracking. Avoid unsafe or untrusted software (especially if it’s free or sounds too good to be true), and avoid dodgy links in your inbox, or on your social media feeds.

Tether Your Internet Connection
If you have a remarkable data plan, you can tether off your mobile device or phone. Since this is a private connection, it’ll be much more difficult, and less rewarding, for a hacker to break into.

Of course, this can be a bit pricey depending on where you live. It might also tax your phone’s battery, so use with your own power supply.

Encrypt Yourself
When you’re using public Wi-Fi, your computer or mobile phone sends data to the router like radio waves.

You can defend yourself by encrypting your radio waves. Encrypting your data makes it almost impossible for peering eyes to see your data.

Sites that use HTTPS technology encrypt your connection. Websites like Facebook, Paypal, and Google secure your connection with HTTPS (not HTTP). A man in the middle attack occurs significantly less with these instances. (Here’s an in-depth technical explanation on StackExchange.)

Many websites still use HTTP, which makes it likelier for a MITM attack to take place. Let’s say that, hypothetically, https://www.facebook.com doesn’t connect through HTTPS. A hacker might redirect a victim to the hacker’s page, disguised to look like Facebook. They’ll collect sensitive information in this MITM attack.

As an aside, I know that might sound like fear mongering, but someone duped the public and faked a Bloomberg report, and Twitter spiked share prices. If they’re capable of that, a hacker can definitely make a page that looks like Facebook.

Something similar to this actually happened with Facebook in 2010 (back when parts of the site still used HTTP). Developer Eric Butler discovered he could login as other people that were sharing a Wi-Fi connection with him. He even created a Firefox extension called Firesheep to show people how they could do the same.

On a desktop or laptop computer, and in Chrome on Android and Safari for iOS devices, you can verify a site is HTTPS secured with the green badge next to the URL. It’s more difficult to tell which apps are also encrypted (there was a scare just two years ago), although Apple is pushing developers to use HTTPS by default.

Just last year, a paper to be published in Proceedings of the 23rd USENIX Security Symposium showed that the Gmail app could be hacked 92 percent of the time, a Chase app 83 percent of the time, and the Amazon app 48 percent of the time. (The study examined Android apps.)

Because this connection happens inside the app, it’s hard to tell whether it’s secure. Even if an app uses HTTPS, there’s no guarantee that it’s done properly. For example, apps could be set to accept any certificate, and thus be susceptible to MITM attacks.

Unfortunately, many websites and services don’t use HTTPS technology yet. Here’s how you can encrypt your connection for all these other sites.

FBI Takes control of a massive botnet that infected over 500K Devices

3:01 PM
Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack.
Yesterday we reported about a piece of highly sophisticated IoT botnet malware that infected over 500,000 devices in 54 countries and likely been designed by Russia-baked state-sponsored group in a possible effort to cause havoc in Ukraine, according to an early report published by Cisco's Talos cyber intelligence unit on Wednesday.
Dubbed VPNFilter by the Talos researchers, the malware is a multi-stage, modular platform that targets small and home offices (SOHO) routers and storage devices from Linksys, MikroTik, NETGEAR, and TP-Link, as well as network-access storage (NAS) devices.

Meanwhile, the court documents unsealed in Pittsburgh on the same day indicate that the FBI has seized a key web domain communicating with a massive global botnet of hundreds of thousands of infected SOHO routers and other NAS devices.
The court documents said the hacking group behind the massive malware campaign is Fancy Bear, a Russian government-aligned hacking group also known as APT28, Sofacy, X-agent, Sednit, Sandworm, and Pawn Storm.
The hacking group has been in operation since at least 2007 and has been credited with a long list of attacks over the past years, including the 2016 hack of the Democratic National Committee (DNC) and Clinton Campaign to influence the U.S. presidential election.

"This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities," John Demers, the Assistant Attorney General for National Security, said in a statement.
Among other, Talos researchers also found evidence that the VPNFilter source code share code with versions of BlackEnergy—the malware responsible for multiple large-scale attacks targeting devices in Ukraine that the U.S. government has attributed to Russia.
VPNFilter has been designed in a way that it could be used to secretly conduct surveillance on its targets and gather intelligence, interfere with internet communications, monitor industrial control or SCADA systems, such as those used in electric grids, other infrastructure and factories, as well as conduct destructive cyber attack operations.

The seizure of the domain that is part of VPNFilter's command-and-control infrastructure allows the FBI to redirect attempts by stage one of the malware (in an attempt to reinfect the device) to an FBI-controlled server, which will capture the IP address of infected devices and pass on to authorities around the globe who can remove the malware.
Users of SOHO and NAS devices that are infected with VPNFilter are advised to reboot their devices as soon as possible, which eliminates the non-persistent second stage malware, causing the persistent first-stage malware on their infected device to call out for instructions.
"Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure," the DoJ said.
Since VPNFilter does not exploit any zero-day vulnerability to infect its victims and instead searches for devices still exposed to known vulnerabilities or having default credentials, users are strongly recommended to change default credentials for their devices to prevent against the malware.
Moreover, always put your routers behind a firewall, and turn off remote administration until and unless you really need it.
If your router is by default vulnerable and can't be updated, it is time you buy a new one. You need to be more vigilant about the security of your smart IoT devices.

Your Alexa Devices Has Being Hacked

2:54 PM
When smart homes misread their owner’s intentions, the results can be scary. After Amazon Alexa mistakenly recorded a conversation between a Portland, Oregon, woman and her husband, the voice assistant sent the recording a Seattle resident’s phone on the couple’s contact list, a Fox affiliate reports.

The home was equipped with Amazon smart home devices to control heating, lights, and their home security system.  “My husband and I would joke and say, ‘I’d bet these devices are listening to what we’re saying,'” Danielle, who declined to give her last name, told KIRO-TV.

The Portland residents only learned of the error when the person who received the voice message, one of her husband’s employees, called to alert them.

“The person on the other line said, ‘Unplug your Alexa devices right now. You’re being hacked,'” Danielle said.

“We unplugged all of them, and he proceeded to tell us that he had received audio files of recordings from inside our house. At first, my husband was, like, ‘No, you didn’t!’ And the (recipient of the message) said, ‘You sat there talking about hardwood floors.’ And we said, ‘Oh gosh, you really did hear us.'”

What had been family joke became an ugly reality. “I felt invaded,” Danielle said. “A total privacy invasion. Immediately, I said, ‘I’m never plugging that device in again because I can’t trust it.'”

Danielle contacted Amazon for an immediate investigation into their privacy invasion. Amazon engineers found that indeed Alexa had listened, recorded, and sent the conversation to the contact, she said.

According to Danielle, “They said, ‘Our engineers went through your logs, and they saw exactly what you told us; they saw exactly what you said happened, and we’re sorry.’ He apologized like 15 times in a matter of 30 minutes, and he said, ‘We really appreciate you bringing this to our attention; this is something we need to fix!'”

With no further explanation Amazon’s part, the engineer told Alexa assumed the wrong command had been given. Danielle also said that, although the Alexa software includes instructions to inform senders before transmitting recordings, they had no audible notice.

In response to a KIRO-TV inquiry, Amazon sent the following statement: “Amazon takes privacy very seriously. We investigated what happened and determined this was an extremely rare occurrence. We are taking steps to avoid this from happening in the future.”

Amazon reportedly offered to shut off the family’s Alexa communications features, but Danielle is done and wants her money back from Amazon. So far, according to the Fox affiliate, Amazon has not agreed to refund the family’s costs for the devices.

Tuesday, May 22, 2018

Katie Cassidy says she didn't rely on father David Cassidy to make it as an actress

2:27 AM

Life in Hollywood wasn’t always easy for Katie Cassidy.

The 31-year-old actress, who stars as dual superhero/supervillain Black Canary and Black Siren in the comic book series “Arrow,” recently teamed up with Capital One to introduce a new financial wellness/improvement program at Capital One cafes across the country.

It’s a partnership that hits close to home, she told Fox News.

Cassidy revealed that at age 17 she was ready to embark on her Hollywood career, but funds were lacking.

“My mother and stepfather basically said 'Alright, we wish you the best of luck, but you’re on your own,'” Cassidy recalled. “I actually had to start from nothing and build my own way out of it by making financial goals… It’s been an interesting journey, but one I can relate to in terms of struggling.”

However, Cassidy is no stranger to the limelight. The Los Angeles native is the daughter of former teenage heartthrob David Cassidy, still remembered for his hit ‘70s series “The Partridge Family.”

Both her grandparents, Jack Cassidy and Evelyn Ward, were actors. And her father's real stepmother was Academy Award-winning actress Shirley Jones, who co-starred with him in the beloved show.

While show business may run in Cassidy’s blood, she insists her last name was never a free pass to fame.

Katie Cassidy David Cassidy AP

Katie Cassidy with her father David Cassidy.


“I was so nervous when I moved out at 18,” she said. “I had a couple thousand dollars to my name. I remember it was all trial and error for me. I had to figure it all out on my own.

"I wished I did had someone to talk to who could have helped me feel better about my situation. And knowing I wasn’t the only one out there. I remember I had to go and ask my mom for groceries sometimes because I wasn’t the best person with budgeting. I had to learn the hard way, but you live and learn. It builds character and strength," she noted.

Cassidy also shared she didn’t grow up with her biological father, who passed away in late 2017 at age 67 from liver failure.

“I have his blood in me, but I grew up with my mom and stepdad,” she explained. “Most people don’t know that… I was probably a little pissed off at the time when they were like, ‘Sorry, we’re not helping you. You’re on your own.’ But I have to say that I’m really glad they did that because it taught me so much. And I had to learn everything on my own and figure it all out… I had to learn to build confidence, self-esteem and achieving those financial goals.

“David Cassidy is my father, yes… But for me, it was always really important with acting to stay in class, study it and earn it on my own. My dad didn’t help me. I think having the last name, in my opinion, put a lot more pressure on me throughout the process of auditioning because you’re held under a microscope. People have certain expectations. But at the end of the day, talent is talent. You have to be able to deliver.”

And Cassidy’s determination to make it as an actress has paid off. She has been starring as the masked blonde bombshell since 2012 and is gearing up to launch Season 7 debuting sometime this year. She previously appeared in “Gossip Girl,” “Supernatural” and “7th Heaven,” among other hit TV shows.

Still, playing a crime-fighter doesn’t get easy with time.

“Unfortunately, yes, there have been times that stuff happens,” said Cassidy about accidents happening on set. “But that’s why we have an incredible stunt crew. I have a stunt double so if something’s going to be dangerous, she jumps in for me. But I also went through fight training. They actually let me do a lot of the fight scenes on my own once I had the proper training. And it’s really fun. I have a blast.”

“And to play a superhero, you have to look like a superhero,” she chuckled. “So you have to find the time to go to the gym in the middle of filming. But it definitely pays off. And it’s always worth it. I just feel so fortunate and so grateful."

Cassidy hopes the lasting success of “Arrow” will lead to a possible film in the near future.

In 2017, the Associated Press reported “Wonder Woman,” which starred Gal Gadot, was a massive box office hit, pulling in an estimated $57.2 million in North American theaters during opening weekend. The action film, directed by Patty Jenkins, quickly earned $205 million domestically in two weeks.

“I think [a Black Canary film] would be fantastic as long as they’re casting me in it,” she laughed. “I hate to say that, but the truth is, this is a character I’ve played for six years, so I feel very close to her… I worked my ass off for it. So that would be awesome. I would love it. I’m just putting it out there to the universe in case somebody is [reading] this at some point and wants to make that movie. I would love to be a part of it.”

Cassidy is grateful for her success and wants the world to know she achieved it on her own terms. That’s the reason why she turned down a chance to hang out with Britain’s Prince Harry while vacationing in Miami with friends back in 2014.

Cassidy was single at the time and Prince Harry, who was also with friends, had just broken up with his ex-girlfriend, British actress Cressida Bonas.

A post shared by Katie Cassidy (@katiecassidy) on Dec 29, 2017 at 12:49am PST

She told ET in April she didn’t want to be labeled as “Harry’s girl” by the tabloids and wanted to preserve her own identity.

“Earning it on my own merit is how I live my life,” said Cassidy. “So no, I was not about to go get photographed with Prince Harry. That was not something that was in my interest. I was basically like, ‘Thank you, but no thank you with all due respect I can’t be photographed with you guys.’

"The next day, I saw them and they basically said to me and my girlfriends, ‘You know what? We actually have respect for you guys. That’s the coolest thing ever. Nobody has ever said no to us. It’s kind of really awesome. And I was like, ‘Well, somehow now has!’”

Harry would go on to marry former “Suits” actress Meghan Markle. And now Cassidy is gearing up to tie the knot with Matthew Rodgers.

And as Cassidy continues to embark on her journey in Hollywood, she says she’ll never forget the biggest piece of advice she received from her father.

“He said, ‘Don’t ever stop learning,’” he recalled. “‘You can never learn too much. Don’t ever stop developing, building your craft, going to classes and studying.’ He said, ‘If you want to do this, know it is hard. You need to be serious about it.’ And once he saw that I was and did take it seriously, he was 100 percent supportive… And everybody has a superhero inside of them.”

Hawaii volcano lava flow reportedly nears geothermal plant's property

2:23 AM

Hawaiian officials on Monday said they were responding to reports of lava from the Kilauea volcano nearing the Big Island's geothermal plant, which could result in the release of dangerous gases and mandatory evacuations.

Hawaii News Now reported that no wells at the 815-acre Puna Geothermal Venture’s property were threatened, but warned that if lava reaches a well it could cause the release of hydrogen sulfide, which is a dangerous gas.

The Puna Geothermal Venture, known as PGV, is a "geothermal energy conversion plant bringing steam and hot liquid up through underground wells," according to the Hawaiian Electric Company. It provides 25 percent of the power to the Big Island, Reuters reported.


"The hot liquid (brine) is not used for electricity at this time. The steam is directed to a turbine generator that produces electricity," the power company said. "The exhaust steam from this turbine is used to vaporize (heat) an organic working fluid, which drives a second turbine, generating additional electricity."

The report said authorities removed about 60,000 gallons of flammable pentane from the facility. The report said workers there are trying to kill three active wells and are having difficulties with one.

Reuters reported that the wells are about 8,000 feet underground to tap into steam to produce power.

"Safety has been foremost our no. 1 priority for our employees and also for the surrounding community so with that we're not going to spare any resources to ensure safety," Mike Kaleikini of PGV told HNN.

The volcano has been generating earthquakes and spewing lava, sulfur dioxide and ash since it began erupting in Big Island backyards on May 3.

The dangers have forced at least 2,000 people to evacuate and destroyed more than 40 buildings. It’s also created anxiety for thousands of others about the possibility of lava heading their way or cutting off roads they depend on to get to work, school and grocery stores.

Fox News' Travis Fedschun and The Associated Press contributed to this report

Edmund DeMarche is a news editor for FoxNews.com. Follow him on Twitter @EDeMarche.

Maze turns your InVision prototypes into flexible testing tools

2:22 AM

Meet Maze, a startup building a user interface testing tool for your app prototypes. Maze is a simple web-based service that lets you turn InVision and Marvel files into UX tests.

While most designers work with InVision and Marvel, it’s hard to turn those designs into a quantitative test. Maze isn’t a video recording tool and doesn’t require you to watch video footage.

It isn’t a new prototyping tool either as the startup wants you to keep using InVision and Marvel. Maze can record a user path from a web browser on desktop or mobile without having to install anything.

After setting up your test, you can share a link with a bunch of users. When you open this link, you get clear instructions telling you what you’re supposed to do (“find the nearest Lebanese restaurant” or “add John as friend” for instance). After each test, Maze automatically shows you the next one so you can keep going.

Developers then get a dashboard with a clear overview of the different tests. You can see the success rate, the time it takes to do something and the screen areas that get a lot of taps. You can also look at individual tests.

You can use Maze for simple A/B tests by sending two different designs to different groups and comparing the results.

Thousands of designers have tried the service so far, including people working for Amazon, Airbnb, Uber and Shopify.

The company has raised a $470,000 pre-seed round with Partech and Seedcamp (£350,000). Maze uses a software-as-a-service approach with a limited free plan and multiple paid subscriptions.

I played with the product for a few minutes and it’s a polished experience. You wouldn’t expect that from such a young startup. While I’m not a designer, I think many designers are probably going to use it regularly.

[gallery ids="1643670,1643671,1643672"]

About Us


News And Reports On Serious Current Conspiracy Theories including The New World Order Freemasons Extraterrestrials Religion Secret Societies Global Warming Secret Government projects and facilities, including the notorious Area 51 in Nevada, as well as "Alien-related laws", government contractors, agencies and aircraft. Daily Weird News and Odd Strange Videos, Conspiracy Theories, Latest UFO Sightings, Creepy Aliens, Scary Ghosts, Ancient & Unexplained Mysteries!