2950 stories
·
9 followers

Mozilla backpedals after Mr. Robot-Firefox misstep - CNET

1 Comment
The privacy-promoting nonprofit distributed an extension to its Firefox browser that made people worry they'd been hacked.
Read the whole story
freeAgent
5 hours ago
reply
This was f*cking stupid, and Mozilla should have known better. How did this get approved!?

In the meantime, I have disabled all error reporting, telemetry, and permission for Mozilla to occasionally install experimental features into my browser for testing. If this is the sort of thing they intend to do with those permissions, then they get a hard pass.
Los Angeles, CA
Share this story
Delete

Former Botmaster, ‘Darkode’ Founder is CTO of Hacked Bitcoin Mining Firm ‘NiceHash’

1 Share

On Dec. 6, 2017, approximately USD $52 million worth of Bitcoin mysteriously disappeared from the coffers of NiceHash, a Slovenian company that lets users sell their computing power to help others mine virtual currencies. As the investigation into the heist nears the end of its second week, many Nice-Hash users have expressed surprise to learn that the company’s chief technology officer recently served several years in prison for operating and reselling a massive botnet, and for creating and running ‘Darkode,” until recently the world’s most bustling English-language cybercrime forum.

In December 2013, NiceHash CTO Matjaž Škorjanc was sentenced to four years, ten months in prison for creating the malware that powered the ‘Mariposa‘ botnet. Spanish for “Butterfly,” Mariposa was a potent crime machine first spotted in 2008. Very soon after, Mariposa was estimated to have infected more than 1 million hacked computers — making it one of the largest botnets ever created.

An advertisement for the ButterFly Flooder, a crimeware product based on the ButterFly Bot.

ButterFly Bot, as it was more commonly known to users, was a plug-and-play malware strain that allowed even the most novice of would-be cybercriminals to set up a global operation capable of harvesting data from thousands of infected PCs, and using the enslaved systems for crippling attacks on Web sites. The ButterFly Bot kit sold for prices ranging from $500 to $2,000.

Prior to his initial arrest in Slovenia on cybercrime charges in 2010, Škorjanc was best known to his associates as “Iserdo,” the administrator and founder of the exclusive cybercrime forum Darkode.

A message from Iserdo warning Butterfly Bot subscribers not to try to reverse his code.

On Darkode, Iserdo sold his Butterfly Bot to dozens of other members, who used it for a variety of illicit purposes, from stealing passwords and credit card numbers from infected machines to blasting spam emails and hijacking victim search results. Microsoft Windows PCs infected with the bot would then try to spread the disease over MSN Instant Messenger and peer-to-peer file sharing networks.

In July 2015, authorities in the United States and elsewhere conducted a global takedown of the Darkode crime forum, arresting several of its top members in the process. The U.S. Justice Department at the time said that out of 800 or so crime forums worldwide, Darkode represented “one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world.”

Following Škorjanc’s arrest, Slovenian media reported that his mother Zdenka Škorjanc was accused of money laundering; prosecutors found that several thousand euros were sent to her bank account by her son. That case was dismissed in May of this year after prosecutors conceded she probably didn’t know how her son had obtained the money.

Matjaž Škorjanc did not respond to requests for comment. But local media reports state that he has vehemently denied any involvement in the disappearance of the NiceHash stash of Bitcoins.

In an interview with Slovenian news outlet Delo.si, the NiceHash CTO described the theft “as if his kid was kidnapped and his extremities would be cut off in front of his eyes.” A roughly-translated English version of that interview has been posted to Reddit.

According to media reports, the intruders were able to execute their heist after stealing the credentials of a user with administrator privileges at NiceHash. Less than an hour after breaking into the NiceHash servers, approximately 4,465 Bitcoins were transferred out of the company’s accounts.

NiceHash CTO Matjaž Škorjanc, as pictured on the front page of a recent edition of the Slovenian daily Delo.si

A source close to the investigation told KrebsOnSecurity that the NiceHash hackers used a virtual private network (VPN) connection with a Korean Internet address, although the source said Slovenian investigators were reluctant to say whether that meant South Korea or North Korea because they did not want to spook the perpetrators into further covering their tracks.

CNN, Bloomberg and a number of other Western media outlets reported this week that North Korean hackers have recently doubled down on efforts to steal, phish and extort Bitcoins as the price of the currency has surged in recent weeks.

“North Korean hackers targeted four different exchanges that trade bitcoin and other digital currencies in South Korea in July and August, sending malicious emails to employees, according to police,” CNN reported.

Bitcoin’s blockchain ledger system makes it easy to see when funds are moved, and NiceHash customers who lost money in the theft have been keeping a close eye on the Bitcoin payment address that received the stolen funds ever since. On Dec. 13, someone in control of that account began transferring the stolen bitcoins to other accounts, according to this transaction record.

The NiceHash theft occurred as the price of Bitcoin was skyrocketing to new highs. On January 1, 2017, a single Bitcoin was worth approximately $976. By December 6, the day of the NiceHash hack, the price had ballooned to $11,831 per Bitcoin.

Today, a single Bitcoin can be sold for more than $17,700, meaning whoever is responsible for the NiceHash hack has seen their loot increase in value by roughly $27 million in the nine days since the theft.

In a post on its homepage, NiceHash said it was in the final stages of re-launching the surrogate mining service.

“Your bitcoins were stolen and we are working with international law enforcement agencies to identify the attackers and recover the stolen funds. We understand it may take some time and we are working on a solution for all users that were affected.

“If you have any information about the attack, please email us at [email protected]. We are giving BTC rewards for the best information received. You can also join our community page about the attack on reddit.

However, many followers of NiceHash’s Twitter account said they would not be returning to the service unless and until their stolen Bitcoins were returned.

Read the whole story
freeAgent
1 day ago
reply
Los Angeles, CA
Share this story
Delete

Microsoft is forcing users to install a critically flawed password manager

1 Comment

Enlarge (credit: Microsoft)

For almost two weeks, Microsoftå quietly forced some Windows 10 computers to install a password manager with a browser plugin that contained a critical vulnerability almost identical to one disclosed 16 months ago that allows websites to steal passwords, a researcher said Friday.

Google Project Zero researcher Tavis Ormandy said in a blog post that the Keeper Password Manager came pre-installed on a newly built Windows 10 system derived directly from the Microsoft Developer Network. When he tested the unwanted app, he soon found it contained a bug that represents "a complete compromise of Keeper security, allowing any website to steal any password." He said he uncovered a flaw in the non-bundled version of the Keeper browser plugin 16 months ago that posed the same threat.

With only basic changes to "selectors," the old proof-of-concept exploit worked on the version installed without notice or permission on his Windows 10 system. Ormandy's post linked to this publicly available proof-of-concept exploit, which steals an end user's Twitter password if it's stored in the Keeper app. After this post went live, a Keeper spokesman said the bug was different than the one Ormandy reported 16 months ago. He said it affected only version 11 of the app, which was released on December 6, and then only when a user had the accompanying browser plugin installed. The developer has fixed the flaw in the just-released version 11.4 by removing the vulnerable "add to existing" functionality.

Read 4 remaining paragraphs | Comments

Read the whole story
freeAgent
1 day ago
reply
Really, Microsoft?
Los Angeles, CA
Share this story
Delete

I changed my mind about a deeply held belief, and finally saw the world accurately

1 Share
boy and butterfly

Most of us don’t change our minds. Whether the issue at hand is the repeal of net neutrality in the US or Brexit, we avoid information that might shift our viewpoints, assuming that our opponents are simply dumber than we are.

But recently, I had a change of heart about an important issue—and it showed me that it can be detrimental to stick too closely to our convictions.

For the past year, I’ve been investigating the controversial technology of “clean coal”—more accurately known as carbon capture and storage—which allows us to burn fossil fuels without almost any emissions. Many vocal environmentalists oppose any use of fossil fuels. Meanwhile, Donald Trump’s cronies—many of whom seem actively opposed to environmental protection—have thrown their weight behind carbon capture. And so the case seemed clear to me: Carbon capture likely does more harm than good.

At the same time, I couldn’t ignore a nagging doubt. My training in chemistry and chemical engineering told me the technology wasn’t scientifically bunk. And more importantly, some of the foremost climate bodies, such as the Intergovernmental Panel on Climate Change, included carbon capture in almost every economically feasible pathway to avoid catastrophic climate change. Who should I believe?

As I began to report on the technology, it became clear I hadn’t looked beyond my own information bubble and may have been overtly suspicious of carbon-capture technology. By meeting dispassionate experts and visiting sites, for the first time, I began to grasp the enormity of the environmental challenge facing us and to look at the problem in a new light.

More than 80% of the world’s energy still comes from fossil fuels—as it did in the 1970s. Both the nuclear-power revolution and the renewable-energy revolution have yet to make a serious dent in cutting emissions. With the deadline to reach net-zero emissions to avoid dangerous global warming approaching within decades, there is no way to reach the goal without deploying carbon-capture technology. I now believe carbon capture is both vital and viable.

It’s my job as a journalist to seek out counterpoints. But rarely have those counterpoints led to a complete reversal of my stance. In order to form an accurate view of the world, we have to be skeptical toward others’ claims. We also have to be open-minded enough to really listen to them. It’s a tricky balance to strike. But the world would be a better place if we tried.



Read the whole story
freeAgent
1 day ago
reply
Los Angeles, CA
Share this story
Delete

A Watch Expert Describes The Differences Between A $85,000 Watch And A $5,000 Watch

1 Comment
A Patek Philippe 5170P costs a boatload more than a (still very expensive!) Omega Speedmaster Moonwatch. Does it justify the difference?
Read the whole story
freeAgent
1 day ago
reply
This is interesting, but I don't think I'd care to spend even $5k on a watch.
Los Angeles, CA
Share this story
Delete

Doherty on libertarians and Bitcoin, by Alberto Mingardi

1 Share

I think it was Baron Nathan Rothschild who used to answer the question "how did you get rich?" with "I always sell too soon". That may not apply to Bitcoin early adopters, who are the subject of a fascinating piece by Brian Doherty. Doherty has long been a most passionate and capable historian of the libertarian movement (read his Radicals for Capitalism) and here he is writing perhaps a new chapter.

blockchain.jpg We will see with time how what has been hailed as Bitcoin's institutionalisation, the fact that now you can trade futures on Bitcoin, will impact the prize. So far, a Doherty writes, the impression is that "you will always regret using Bitcoin". The price has been and is quite volatile but you just have to think about this year's performance (basically, it grew twenty times) to understand the reasons for regret.

Will it go on? Is there a genuine demand for Bitcoin, as millennials--and, indeed, the rest of us--will grow more and more impatient with a financial system that seems difficult if not arcane compared with the heftiness of the Amazons and Ubers of this world? Or is it just a mania? Libertarians and nerds tend to go for the first, members of the financial establishment for the second. This is indeed one of those cases in which all actors seem to follow their script meticulously.

Doherty's piece has reminded me of Michael Lewis's The Big Short. Lewis wanted to tell the story of odd people who, being somehow outsiders to the financial system, understood the housing bubble ahead of anybody else (see Arnold Kling on the point). I think that this gets a bit lost in the movie adaptation, but it struck me when I read the book. "The Big Short" is a plea to diversity, diversity of backgrounds, of methods, of views, which is essential for the process of price discovery to happen. Cryptocurrencies were a product of this diversity, well before the financial sector awoke to them. They were conceived, and used, and promoted by outsiders who knew more math than economics and whose economics, when they had one, seemed to be of the Austrian blend.

In the last few months, I have asked myself a number of times why in the world I didn't buy Bitcoins when they were launched: I should have been enthusiastic about the idea, and I knew people who dealt in that trade. But I didn't. Doherty's piece healed my wounds by telling me I was hardly alone.

The article is instructive and well written. Read the whole thing.

(0 COMMENTS)
Read the whole story
freeAgent
2 days ago
reply
Los Angeles, CA
Share this story
Delete
Next Page of Stories