Warm Southern Breeze

"… there is no such thing as nothing."

Posts Tagged ‘hacker’

Apple Computer To Make “Back Door” For iPhones

Posted by Warm Southern Breeze on Thursday, August 5, 2021

Apple Computer, Apple Juice: Which One’s Better?

So… I just read this story:

Apple unveils plans to scan US iPhones for images of child sex abuse
By Rebecca Klar – 08/05/21 05:22 PM EDT
https://thehill.com/policy/technology/566603-apple-unveils-plans-to-scan-us-iphones-for-images-of-child-sex-abuse

Sounds good, right?

At least, superficially, perhaps.

The second sentence reads in part, “but security researchers and advocates are warning the scanning update — along with one that aims to give parents protective tools in children’s messages — could pose data and security risks beyond the intended purpose.”

But, here’s the creepy part:
“Apple said its method to detect the abusive material is “designed with user privacy in mind.” Instead of scanning images in the cloud, the system performs “on-device matching” using a database of known child sexual abuse material image hashes provided by child safety organizations.”

Did you get that?

“A database of known child sexual abuse material image hashes provided by child safety organizations.”

Now, what follows is a rather simplified version, and quite frankly, it wouldn’t surprise me to know that Law Enforcement authorities are onto that game. But here’s something even more sophisticated: Image hashes.

Here’s a primer on the matter:
https://jenssegers.com/perceptual-image-hashes

It almost does the same thing, albeit with a slight twist – it’s not encrypted.

The technology is called PhotoDNA, was invented by Microsoft, and essentially, works from a known database of child pornographic images, and analyzes them (creates a “hash”) thereby creating a unique digital identifier for each and every image, that is resistant, or impervious to change, such as the elimination of color, or adjustments made using photo editing software/algorithms, including of size, and analyzes each cell/pixel’s intensity gradients, or edges.

But again, it’s based upon ONE premise: An unencrypted file.

Immediately after reading the headline, I saw the flaw.

That flaw is base upon the presumption that customers of Apple’s iCloud service are uploading UNENCRYPTED files.

HOWEVER… PhotoDNA is alleged to work with encryption.
See: https://5rightsfoundation.com/uploads/5rights-briefing-on-e2e-encryption–csam.pdf

In a very simple way, here’s what Read the rest of this entry »

Posted in - Business... None of yours, - Even MORE Uncategorized!, - Read 'em and weep: The Daily News, WTF | Tagged: , , , , , , , , , , , , | Leave a Comment »

Hackers Break Into Oldsmar, Florida Water Treatment System, Attempt To Poison It

Posted by Warm Southern Breeze on Monday, February 8, 2021

The threat is real.

Russians aren’t only interested in our elections.

Oldsmar, Florida is northeast of Tampa.

thehill.com

Hackers Breach, Attempt To Poison Florida City’s Water Supply

By Maggie Miller
02/08/21 05:25 PM EST

Officials said Monday that a hacker had breached and attempted to poison the water supply for the city of Oldsmar, Fla., last week, but had been unsuccessful.

Pinellas County, Fla., Sheriff Bob Gualtieri announced at a press conference Monday that the hacker had gained control of the operating system at the city’s water treatment facility and had attempted to increase the amount of sodium hydroxide in the water from 100 parts per million to 11,100 parts per million.

“This is obviously a significant and potentially dangerous increase,” Gualtieri told reporters. “Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. It is used to control water acidity and remove metals from drinking water in water treatment plants.”

The hack took place Friday, with one intrusion occurring early in the morning, and a second in the afternoon.

Gualtieri stressed that the treatment center’s operator immediately noticed the increase, with the hacker hijacking the mouse and opening various applications to make the change. The operator on duty immediately reversed the changes made.

“At no time was there a significant adverse effect on the water being treated. Importantly, the public was never in danger,” Gualtieri said. “Even if the plant operator had not quickly reversed the increased amount of sodium hydroxide, it would have taken between 24 and 36 hours for that water to hit the water supply system, and there are redundancies in place where the water had been checked before it was released.”

The sheriff said that his office was working with the FBI and other federal partners to investigate the breach, alongside state and local authorities, and had warned other critical infrastructure groups over the weekend. Gualtieri said the hacker responsible could potentially face state and federal felony charges if caught.

The breach took place two days before the Super Bowl, which took place this year in Tampa, Fla. The city of Oldsmar, which has a population of around 15,000, is located just outside Tampa.

Gualtieri said his office had warned other water treatment plants in the area to be vigilant for attempted cyberattacks, but said there was no evidence any other critical systems had been breached in recent days.

“Right now we do not have a suspect identified, but we do have leads that we are following,” Gualtieri told reporters. “We don’t know right now whether the breach originated from within the United States or outside the country. We also do not know why the Oldsmar system was targeted, and have no knowledge of any other systems being unlawfully accessed.”

Oldsmar Mayor Eric Seidel said at the same press conference that while there were redundancies in the system that almost certainly would have caught the attempted poisoning even if the operator had not noticed the hack, it was critical to be aware of cyber risks.

“The important thing is to put everyone on notice, and I think that is really the purpose of today is to make sure that everyone realizes that these kinds of bad actors are out there, it’s happening, so really take a hard look at what you have in place,” Seidel said.

Cyberattacks on critical infrastructure groups have increased in recent years, with hospitals nationwide seeing a spike in attempted hacks during the COVID-19 pandemic, and the recent hack of IT group SolarWinds by Russian operatives compromising much of the federal government for over a year.

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) put out a joint alert last year warning that foreign actors were targeting U.S. critical infrastructure in cyberspace, including water, gas, and electricity systems.

This came months after CISA issued a separate alert warning of potential cyberattacks on critical infrastructure after a U.S. pipeline operator was targeted in 2019.

CISA, which is the key federal agency responsible for securing critical infrastructure, declined to comment to The Hill on if they are involved in the investigation in Oldsmar.

Posted in - Uncategorized | Tagged: , , , , , , , , , | Leave a Comment »

Redstone Federal Credit Union President: “Members hardly said anything.”

Posted by Warm Southern Breeze on Sunday, March 14, 2010

Huntsville, AL-based Redstone Federal Credit Union President Joe Newberry was characteristically tight-lipped about security when he spoke recently about their new computer system being hacked.

Saying only that …Continue…

Posted in - My Hometown is the sweetest place I know, - Read 'em and weep: The Daily News | Tagged: , , , , , , , , , , , , , , , , , | Leave a Comment »

 
%d bloggers like this: