The San Jose Mercury News reports that the government of San Jose is contemplating the use of garbage trucks as a platform for mounting license plate readers (archived). The plan involves piping data collected from garbage truck mounted surveillance equipment directly to the San Jose police department. Four police cars operated by the San Jose police department already are fitted with license plate readers, but expanding their deployment to the city's sanitation livery would allow for complete coverage of all of the city's streets every week. San Jose is currently currently struggling with ways to leverage technology to counteract the personnel losses in its police department which has roughly 950 officers this year, a number which is expected to contract to 800 officers sometime next year. San Jose has in the past been referred to as an unofficial "Capital" of Silicon Valley. Technology firms with a substantial presence in San Jose include Adobe, Xilinx, Cisco, and the North American headquarters for Korean firm Samsung.
Category Archives: Security
Drone Update
Previously Qntra has brought you stories of how drones have revolutionized cross border drug shipments, a successful case of property defense against a drone, press photos of police arming ground based drones, and the failure of the United States military to retain trained drone pilots. Today Qntra brings two stories from the drone front. Continue reading
Surviving a Transaction Flood
As populist noisemakers continue to push for blocksize inflation and services set to benefit from forcing users off of full nodes announce "stress tests" composed of transaction floods, the issue of making sure your transactions propagate with timely confirmations and your node stays online come to the forefront. Thankfully there are measures that can be taken now to which can provide benefits during a transaction flood and as fuller blocks becomes a more normal state for the Bitcoin network. Continue reading
Windows 10 Banned From Numerous Torrent Trackers
Concerns about data collection and reporting tools Microsoft was embedded in Windows 10 has reportedly lead a number of top torrent trackers to ban users of Windows 10 from their services. While there are some amorphous concerns about a potential "piracy kill switch" Microsoft could trigger, there are concrete concerns about the level of information Windows 10 collects from installed systems and delivers to Microsoft. The debugging and performance related information collected by Microsoft presents a serious threat to the security of the torrent trackers as well as peers who connect to Windows 10 users in torrent swarms. Continue reading
Hearn's Blacklist Shenanigans
Qntra and others have been detailing potential ulterior motives for the push for an XT hard fork. Populist support for "Bitcoin"XT tends to ignore code that has not been well publicized or that they find inconvenient to acknowledge. The code in question relates to the deanonymization of XT nodes running on Tor and the blacklisting of Tor exit addresses. This is achieved through an IP address blacklist of nodes which "misbehave" and checked daily against a list of nodes maintained by Mike Hearn which the XT client dutifully fetches. Continue reading
Ashley Madison and Established Men Experience Data Liberation
In a PGP-signed statement,1 a group of freedom fighters2 known only as "The Impact Team" followed up on their promise to release the database of user information that they rightfully obtained from Avid Life Media's Ashley Madison, a popular dating website dedicated to fostering extramarital relations, and Established Men, a website dedicated to pairing up beautiful young women with successful older men. Continue reading
-
Avid Life Media has failed to take down Ashley Madison and Established Men. We have explained the fraud, deceit, and stupidity of ALM and their members. Now everyone gets to see their data.
Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles. See ashley madison fake profile lawsuit; 90-95% of actual users are male. Chances are your man signed up on the world's biggest affair site, but never had one. He just tried to. If that distinction matters.
Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends. Embarrassing now, but you'll get over it.
Any data not signed with key 6E50 3F39 BA6A EAAD D81D ECFF 2437 3CD5 74AB AA38 is fake.
Naturally, the woefully incompetent Avid Life Media Chief Executive Officer Noel Biderman called the group "cyber-terrorists," very much in the same vein as Darkode or The Pirate Bay Four, but this is no more genuine than the marketplace thief who bumps into you, steals your wallet out of your pocket in broad daylight, and then screams "THIEF!" at you before he ducks into the shadows with your ID and money. ↩
Microsoft Issues Third Generation Anti-Stuxnet Patch
Back in March Microsoft issued its second generation of patch which was intended to close a privilege escalation vulnerability used to spread the Stuxnet malware closing a portion of the vulnerability that remained after the original patch in 2010. In a bulletin today Microsoft has announced yet another iteration of the patch (archived) to close this bug as the March patch still maintained sufficient attack surface for this vulnerability to continue being exploited. Microsoft also released a tool for logging attempts to exploit this vulnerability as well as a warning that installing any new language packs after applying this patch will negate any protective effects this patch is purported to have. Windows versions including the new "Windows 10" are effected by this continuing vulnerability.
Fiat Chrysler Taken to Court Over Security Vulnerability
The Post-Dispatch reports that a couple from Pacific, Missouri and a Belleville, Illinois man have filed suit against Fiat Chrysler (archived) over security vulnerabilities in their vehicular entertainment system which can adversely affect the safety of motor vehicles with the system installed. The suit was filed in the US District Court in East St Louis on Tuesday and it includes Harmon International Industries, the maker of the entertainment system as a co-defendant. The plaintiffs are aggrieved that the impact of the security vulnerability has diminished the value of their vehicles and further means they over paid for the initial purchase. If the plaintiffs win this case it may open up most current computer manufacturers to claims for diminishing the value of computing products purchased by customers for including Microsoft Windows and other irredeemably flawed components.
OS X Flaw in the Wild Abuses Error Logging Function to Edit sudoers
Malwarebytes reports (archived) that a vulnerability in Apple's latest version of OS X which was reported to exist last month on Stefan Esser's blog (archived) is now appearing on malware in the wild. The flaw came into being through a new feature introduced into the OS X dynamic linker dyld. The new feature allows the linker to log error output to any file on the system without the safety or sanity checks implemented in even "hobbyist" developed Unix systems. Malwarebytes only noticed the flaw being actively exploited because a particular piece of adware had edited the sudoers file on a testing environment while examining the malware. The severity of the flaw though is such that when triggered it can edit any file on the affected machine including executable system files. Esser originally reported this flaw on July 7th, 2015 and Apple has yet to release a patch. On the other hand Esser has published a source code patch on his own which lessens this flaw though it is hard to determine how this patch will interact with possible future updates from Apple.
New Per Block Transaction Highs Wedge Some Nodes: Patch Available
In the past several hours there have been at least two blocks with a sufficient number of transactions per block to leave bitcoin nodes relying on Berkeley Database for block handling to wedge when set to the post March 2013 limit of 40,000 database locks and objects. For a few hours doubling that amount to 80,000 sufficed until a still more complex block arrived. A patch has recently been published which should remedy this issue until such a time the universe undergoes heat death. The patch works by raising the maximums Berkeley Database is configured with in order to handle any number of transactions that can fit into a Bitcoin block. On some platforms like OpenBSD which aggressively allocate memory in advance for safety reasons Bitcoin's RAM usage is increased noticeably with this patch. If your system enforces low per-process memory limits you may have to edit you system's settings.