DEAD DROP 15 / BIOMETRIC CREDIT CARD, MALWARE WAR, GOOD USB, PRIVATE DOMAINS
--

Welcome to Dead Drop number 15, your look at what's happening in the worlds of computer security, and digital freedom. As always, all sources links mentioned are below.

- Youtube link
- Archive.org mirror
- Torrent
- Keybase mirror

BREACHES

InterContinental Hotels Group recently found malware on the payment card system at over 1000 of their hotels in the US, and believe customer credit cards, and other sensitive data was likely stolen.

https://www.ihg.com/content/us/en/customer-care/protecting-our-guests/california-residents
http://thehackernews.com/2017/04/hotel-data-breach.html

VULNERABILITIES

A new phishing attack has been found which takes advantage of how browsers display unicode characters for URLs. This kind of thing is usually used when translating characters of foreign languages, but can also be used to make realistic looking URLs. Chrome and Firefox have already issued patches, so update now if you haven't already.

http://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html
https://www.xudongz.com/blog/2017/idn-phishing/
https://threatpost.com/google-fixes-unicode-phishing-vulnerability-in-chrome-58-firefox-standing-pat/125099/

Researchers at Zscaler found that a 4 year old app on the Google Play Store which pretends to be a system update for android is actually malware, and worse still, since 2014, it estimated to have been downloaded by millions of users.

https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store

BIOMETRICS

Mastercard unveiled their next generation credit cards, which now come with a built in fingerprint sensor. Instead of inputting a pin number, the user simply touches the card. They're aiming for rollout by the end of this year. What could possibly go wrong?

https://www.youtube.com/watch?v=ts2Awn6ei4c
https://www.youtube.com/watch?v=fpE-bMjFrkQ

HACKING

Darren from Hak5 uploaded an interesting video recently, showing you how to do things like sniffing certain information like names and room numbers from hotel wifi traffic.

https://www.youtube.com/watch?v=cPQ6muMEYkE

MAL-WAR

Something interesting is happening in the world of Internet of Things malware. A new malware, which appears to have been created by a white hat has been released into the wild, and is directly battling with the mirai botnet.

This new malware, dubbed Hajime, has no destructive qualities, and automatically blocks off things like telnet access so other malware cannot connect.

https://www.symantec.com/connect/blogs/hajime-worm-battles-mirai-control-internet-things
https://threatpost.com/mirai-and-hajime-locked-into-iot-botnet-battle/125112/

PRIVACY

The EFF recently released a report on the various problems with how students are often given Chromebooks by their schools, and in the process, have no choice but to use Google services, and have all their private data automatically collected.

https://www.eff.org/wp/school-issued-devices-and-student-privacy
https://www.youtube.com/watch?v=Azzmbm17u-A

GOOD USB

Engineer Robert Fisk has created USG, a hardware firewall for your USB ports. This little thing can apparently protect against BadUSB, and other malicious firmware attacks. Full details on the github page, as well as instructions on how to make your own.

https://github.com/robertfisk/USG/wiki
https://hackaday.com/2017/03/02/good-usb-protecting-your-ports-with-two-microcontrollers/

IMAGE RECOGNITION

Researchers at EPFL in Switzerland have found a weakness in AI image recognition systems which can reguarly fool them. When a certain pattern is embedded into an image, it confuses the AI, and is unable to successfully identify the visual content.

https://actu.epfl.ch/news/when-deep-learning-mistakes-a-coffee-maker-for-a-c/
https://www.youtube.com/watch?v=yrvNnuTiGuU

DOMAINS

This week Pirate Bay co-founder Peter Sunde launched Njalla, a service which offers apparently full anonymity when purchasing domain names.

Instead of the users buying the domains, this service buys it for them, and grants full usage rights to the user. Customers can also pay using Bitcoin.

https://torrentfreak.com/pirate-bay-founder-launches-anonymous-domain-registration-service-170419/ https://njal.la

VIDEOS

Two great mini documentaries this week from the FreeThink youtube channel.

The first follows an exiled Ethiopian journalist who is teaching other activists and journalists from his home country how to use encryption.

The next video follows artist Heather Dewey-Hagborg, and her quest to teach people about DNA surveillance, and how we often don't think of all the ways we leave different DNA markers everywhere.

Alright, that's it for this week. Let me know what you thought of this episode, and what you want to see more of. Thanks for watching.

https://www.youtube.com/watch?v=NjZQZlXzYl4
https://www.youtube.com/watch?v=MoX_BDWZUG0

--
BY NODE