DEAD DROP 07 / MICROWAVE NETWORKS, BATTERY TRACKING, DEFCON 24 VIDS, VOICE MIMIC
--

Welcome to Dead Drop number 7, a look at what's happening in the worlds of computer security and digital freedom. All source links mentioned are below.

- Youtube link
- Archive.org mirror
- Torrent
- Keybase mirror

BREACHES

1.3 Million blood donor records have been inadvertently exposed by the Red Cross in Australia due to an error which accidentally published it's database to a public website.

http://www.darkreading.com/attacks-breaches/leak-of-13-million-blood-donor-records-is-australias-biggest-breach-ever/d/d-id/1327339
https://www.youtube.com/watch?v=P9YfiHIhqJI

Evony, an online flash game, has also had data from 33 million user accounts dumped from an attack which allegedly took place a few months ago. The dump includes usernames, MD5 hashed passwords, email addresses, and IP addresses.

http://www.infosecisland.com/blogview/24832-33-Million-Evony-User-Accounts-Emerge-Online.html
https://www.youtube.com/watch?v=GbNxfq0-uaE

FINGERPRINTING

A while back I talked about the Battery API which is being used to accurately fingerprint and track users across the web, especially on mobile. Well it seems like Firefox is listening to peoples concerns, and a future version of the browsers will apparently remove all support for it.

https://nakedsecurity.sophos.com/2016/11/02/firefox-kills-the-battery-status-super-cookie/
https://bugzilla.mozilla.org/show_bug.cgi?id=1313580
https://developer.mozilla.org/en-US/docs/Web/API/Battery_Status_API

HACKING

This week DefCon added a tonne of new videos from the speakers at DefCon 24 which was held a few months ago. If the past talks are anything to go by, these will be a must watch.

https://www.youtube.com/user/DEFCONConference/videos
https://www.youtube.com/watch?v=YN_qVqgRlx4

Hak5 also released a new episode where Darren talks to Samy Kamkar, the creator of the MagSpoof and KeySweeper, where they discuss hardware hacking and more.

https://www.youtube.com/watch?v=kqaIL_XJjSI

As well as that, researcher Julian Oliver has created a stealth cell tower, hidden inside an office printer. Inside is a GSM base station which can interact directly with phones, and track them, plus on top of that, the printer functionality still works. There's a full guide on Julian's website for those curious.

https://julianoliver.com/output/stealth-cell-tower
https://boingboing.net/2016/11/03/a-fake-hp-printer-thats-actu.html

VULNERABILITIES

Security researchers have found a cross-site scripting vulnerability on the website building platform Wix, potentially allowing attackers to take full control of websites hosted there. Apparently this effects all 80+ million users.

http://www.infosecisland.com/blogview/24841-DOM-XSS-Vulnerability-Impacts-Over-70-Million-Wix-Websites.html
https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com
https://www.youtube.com/watch?v=hshYJzuOlN4

SURVEILLANCE

Recently released documents have shown that AT&T has a secret program called Project Hemisphere which it uses to sell user data to law enforcement agencies. This means these agencies don't need warrants to access almost 10 years worth of cell tower, wireless, and landline switch data.

http://www.thedailybeast.com/articles/2016/10/25/at-t-is-spying-on-americans-for-profit.html

IDENTITY

Adobe recently announced a new VoiceOver feature from the latest Creative Cloud release. Not sure what it's doing until the hood, but it seems similar to Deepmind's WaveNet, which uses input audio, say the sound of someone speaking, and based on that, allows you to make it say anything in the same voice.

https://www.youtube.com/watch?v=I3l4XLZ59iw

MICROWAVE NETWORKS

And finally, Ars Technica wrote an interesting piece about the various microwave networks installed across Europe. Used for things like high frequency trading, they say the data speeds are about twice those of the normal internet infrastructure. There's something cool about alternative networks isn't there?

http://arstechnica.co.uk/information-technology/2016/11/private-microwave-networks-financial-hft/

--
BY NODE