Tag Archive for: fail

Hired ‘hackers’ try, and fail, to invade Brazil vote system

/in


BRASILIA, Brazil (AP) — More than 20 would-be hackers gathered in the Brazilian electoral authority’s headquarters in the capital this week. Their mission: infiltrate the nation’s voting system ahead of a hotly anticipated race in October.

Their 3-day battery of attempted assaults ended Friday and was part of planned testing that happens every election year, usually proceeding without incident or, for that matter, drawing any attention. But with President Jair Bolsonaro continuously sowing doubt about the system’s reliability, the test took on an outsized significance as the electoral authority, known as the TSE, seeks to shore up confidence in the upcoming general elections.

Analysts and members of the TSE said the test’s results were more encouraging than ever. All the experts attempting to disrupt the system — among whom were Federal Police agents and university professors in engineering, information technology, data security and computer science — had failed.

“No attack managed to alter the destination of a vote in the electronic ballot,” Julio Valente da Costa, the TSE’s secretary of information technology, told The Associated Press in an interview afterward. “The importance of this test is for us to rest assured, at least about all the technology and computing components for the elections.”

When Bolsonaro won the presidential race four years ago, he claimed he had actually secured victory in the first round, not the runoff weeks later. The former army captain has repeatedly made accusations the voting system used for three decades is vulnerable, and at times said he possesses proof fraud occurred, but has never presented any evidence.

Last year, Bolsonaro suggested the election could be canceled unless a voting reform was passed in Congress. But the proposed constitutional change did not garner enough votes.

Analysts and politicians have expressed worry that far-right Bolsonaro, who is trailing leftist former President Luiz Inácio Lula da Silva in all early polls, is laying the groundwork to follow the lead of his ally, former U.S. President Donald Trump, and reject election results.

The TSE has gone to great lengths to bring more openness to the…

Source…

Apple AirTag Android App is Absolutely Awful—Tracker Detect Fail

/in


Apple is proud to announce its anti-stalking app for Android. The Tracker Detect app lets Android users scan for malicious, hidden AirTag trackers placed by stalkers, thieves and other bad people. Sounds great, right? Except …

“Tracker Detect is a big disappointment,” says the editor of MacWorld. In tests, the app didn’t actually detect trackers. And it can’t actually use a legitimate AirTag.

Good grief. In today’s SB Blogwatch, we get lost.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The Song Society.

Follow the Money

What’s the craic? Igor Bonifacic reports—“Apple releases Tracker Detect to protect Android users from AirTags stalkers”:

Multiple incidents of bad actors abusing AirTags
Apple has released Tracker Detect, a new Android app designed to help those without an iOS device to find out if someone is using [a] Find My-compatible device to snoop their location. … You’ll get instructions on how to remove its battery or otherwise disable it.

The release of Tracker Detect comes following multiple incidents of bad actors abusing AirTags to stalk people. In Canada, for example, police recently warned of thieves using the $29 device to steal expensive cars.

“AirTag provides industry-leading privacy and security features. … Tracker Detect gives Android users the ability to scan for … trackers that might be traveling with them without their knowledge,” an Apple spokesperson [said].

Wait. Pause. This is a Thing? Ian Sherr has background—“Apple’s following through on a promise to help Android users”:

It didn’t offer support for other phones
Privacy advocates warned earlier this year that Apple AirTags could be used as a way to track and stalk people. Critics noted that … it likely has greater reach than any other device tracking service. They also noted that Apple built proactive warnings about nearby AirTags into its iPhones, but that it didn’t offer support for other phones.

Oh! Well, I bet Eva Galperin—@evacide—will be happy:

I have to go put it through its paces
When Apple launched the AirTag earlier this year, its anti-stalking mitigations included a warning if a…

Source…

GUEST ESSAY: Here’s why castle-wall defenses utterly fail at stopping deceptive adversaries

/in


When it comes to cyber attacks, most businesses think: “It could never happen to us,” but some plots are just hitting a little too close to home.

Related: T-Mobile breach reflects rising mobile device attacks

DevOps Experience

For instance, if you’ve ever played Grand Theft Auto, you know the goal is quite simply mass destruction: Use whatever resources you have at your disposal to cause as much damage as you possibly can and just keep going.

Not familiar with Grand Theft Auto? Let’s try Super Mario Bros. then. As Mario makes his way through eight increasingly difficult worlds, each of them is protected by a castle. As Mario reaches the end of each castle, he can defeat Bowser.

This is not unlike the mindset of modern cyber attackers – they’re wreaking havoc and becoming pros at finding ways to get away with it.Living-off-the-land (LotL) attacks are providing a way for adversaries to stay under cover. Attackers use tools and features that are already available in the systems they’re targeting so they look like legitimate users — until they steal your crown jewels.

But you can fight back. There are several methods of active defense that companies can utilize to safeguard their networks, and it’s time for CISOs to start picking. To date, the main goal in mind has been to prevent attackers from breaching your defenses and making their way into the castle, but the reality is this approach is flawed.

Israeli

Attackers will get in, it’s only a matter of time. Traditional network security solutions, such as firewalls, are not effective at detecting and stopping lateral attack movement – and that’s where the real damage is done. Many forms of access control and endpoint protection, such as EDR, are nothing more than a checkpoint that provides unfettered access once defeated – like Mario raising a flag after beating a level.

To take the analogy further, only after defeating Bowser does Mario learn that it wasn’t the real Bowser after all and that “our princess is in another castle.” Rather than just keeping Mario out of the castle entirely – i.e. deploying traditional perimeter defenses – in this scenario, Bowser deployed an advanced threat protection by sending…

Source…

World’s best 500+ cybersecurity experts fail to hack the Morpheus processor

/in


, , , , , ,

search relation.

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

 

Source…