Tag Archive for: ‘put

Critical Vulnerability Found That Could Put 21M Metamask Users’ Data at Risk

/in


According to recent research, Metamask crypto wallet users could be at risk of losing all their digital assets or even physical threats. Security analyst and cryptographer Alexandru Lupascu, the co-founder of OMNIA protocol, found this vulnerability in the popular Web 3.0 wallet.

How much harm can be done?

Lupascu found that a malicious party can simply create a non-fungible token (NFT) and get a user’s IP address by transferring free ownership of the digital art. A hacker would need to spend as low as $50 to attack someone’s privacy. He mentioned, “Do not underestimate the risk associated with IP leaks.”

Lupascu added that “if malicious actors derive more information from the IP address (think geolocation, GSM carrier, etc.), they can turn it into physical risks, such as kidnapping.”

Furthermore, this attack can be more “devastating than a Distributed Denial of Service (DDoS) attack,” according to the cryptographer. For a simple comparison, this attack can be eight times more powerful than the Mirai botnet attack in Oct 2016 that took down Twitter, Reddit, Spotify, GitHub, Netflix, Airbnb and many more popular websites.

Alexandru published a complete tour of how the attack is done, from minting an NFT to transferring it to the victim to getting the IP address and lastly, compromising privacy or even stealing their crypto assets. He tested this attack on the iOS Metamask app version 3.7.0, but it might also be the same for the Android version. He minted an NFT on OpenSea, the largest NFT marketplace, and edited the ERC-1155 standard smart contract with the Remix Ethereum IDE.

Did they fix it?

According to Lupascu, he found and addressed the security flaw to the Metamask team on Dec 14, 2021, but they neglected and responded to fix this issue by Q2 2022. He said, “For us, it is unacceptable to leave such a large user base at risk for so long, especially if this was known beforehand, as they say.”

After this research was shown to the public, Daniel Finlay, who is the founder of Metamask, admitted, “I think this issue has been widely known for a long time, so I don’t think a disclosure period applies.”

Finlay added, “Alex is right to call us out for not…

Source…

Norton Put a Cryptominer in Its Antivirus Software

/in


This week, we reported that Signal has gone forward with its controversial cryptocurrency integration. All of the encrypted messaging app’s users now have access to MobileCoin, a privacy-focused cryptocurrency that US exchanges still don’t offer. The intent is to give monetary transactions the same protection from surveillance that Signal brought to messaging. But skeptics worry that introducing a financial element will bring unwanted complexity and regulatory scrutiny to Signal, an app that millions of people have come to rely on.

In hacking news, criminal campaign has struck thousands of victims in over a hundred countries, which in itself isn’t necessarily all that unusual. Microsoft fixed the vulnerability the attackers are exploiting, though, nearly a decade ago. The problem: The patch is optional, and most users wouldn’t know where to get it even if they wanted to. If anything, it’s surprising that it took this long for someone to take advantage.

It’s a new year, which means it’s a great time for a couple of refreshers on how to stay safe online. We looked at how to send messages that automatically vanish on various chat apps. And we walked you through a few ways to delete yourself from the internet altogether, should the occasion call for it.

As part of this year’s virtual WIRED HQ at CES, we had a wide-ranging conversation with former congressman Will Hurd about the future of cybersecurity, cryptocurrency, the metaverse, and much more.

And that’s not all! Each week we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.

Norton, what are you doing! Several months ago the antivirus giant snuck a cryptominer into its consumer software, as noted by author and digital rights activist Cory Doctorow earlier this week. The pitch is that you can opt in to letting Norton mine cryptocurrency on your computer while you’re not using it; the software will even set up a secure wallet for you, all for a mere 15 percent cut of the proceeds. To be clear, you should absolutely not do this. Not only is cryptomining a drain on the environment, it introduces complexity and potential security issues to users who likely don’t know what they’re…

Source…

Soccsksargen cops to put up more security checkpoints

/in


Brig. Gen. Alexander Tagum, director of Police Regional Office-12 (PNA GenSan photo

GENERAL SANTOS CITY – The Police Regional Office (PRO) 12 (Soccsksargen) will put up additional security checkpoints in the region’s boundary areas in line with its intensified campaign against criminality and terrorism.

Brig. Gen. Alexander Tagum, PRO-12 director, said Friday the new checkpoints would be established in strategic areas along the boundary highways of the region’s four provinces and four cities.

Tagum said the checkpoints would be operated by personnel of the Regional Mobile Force Battalion 12, which is tasked to monitor people and vehicles entering the region.

“This is part of our security preparations for the Christmas season and the upcoming elections,” he told reporters.

Tagum cited the regional police’s newly launched “Oplan Iron Clad” or Integrated and Revitalized Operation of Neighborhood Watch Against Criminality, Lawlessness, and Disasters.

As part of the campaign, he directed all provincial, city, and municipal police stations and offices to ensure the “round-the-clock” security monitoring and law enforcement within their areas of responsibility.

He cited the increased police visibility and the conduct of mobile security patrols 24/7 or 24 hours a day, seven days a week.

He said they would also sustain the implementation of Oplan Bakal-Sita and Oplan Bulabog along the highways, streets, and other public areas.

“This is to further deter the occurrence of crimes and ensure the safety and security of our communities,” Tagum said.

He said these strategies have been proven to be effective in maintaining peace and order and security in the region.

Tagum said the number of recorded index crimes in the area has dropped to 18.75 percent this year from 34 percent in 2016. (PNA) 

 

 

Source…

Dorries Put In Charge Of Cyber Security Despite Admitting To Sharing Passwords

/in


Tory Nadine Dorries has been put in charge of beefing up Britain’s cyber security despite admitting to sharing her computer password with staff and interns in her office.

Boris Johnson ’s decision to name Ms Dorries Secretary of State for Digital, Culture, Media and Sport in this week’s reshuffle was a surprise to many – who may know her best as a contestant on I’m A Celebrity, Get Me Out of Here.

The bestselling author, 64, has also been under fire over a string of right-wing tweets and comments about race, culture, media and gay rights – which, to her critics, are highly offensive.

In 2013, she prompted accusations of racism when saying ex-MP Chuka Umunna looked like boxer Chris Eubank.

She’s complained that “left-wing snowflakes are killing comedy”.

And she provoked fury by retweeting comments made by far-right extremist Tommy Robinson.

As part of her job, she’ll have responsibility for improving cyber-security in the UK – but has been previously accused of failing to keep her constituents private data “confidential and secure.”

In 2017, she admitted “all my staff” had the password for her private Commons computer.

She defended her decision to tell staff and interns her password, insisting she didn’t have any sensitive information
(

Image:

REUTERS)


“My staff log onto my computer on my desk with my login everyday,” she said. “Including interns on exchange programmes.”

She made the admission in a bid to defend Theresa May ’s former deputy, Damian Green, who had been accused of watching pornography on his Commons computer.

Mr Green denied the allegations.

But Ms Dorries intervened in the debate, insisting the “claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous!!”

Ms Dorries admission came just months after Parliament had suffered a major cyberattack, with hackers trying to gain access to MPs email accounts.

The attack was blamed on Iran.

Commons data protection rules clearly state MPs should not share their passwords, even with staff members.

Her comments sparked alarm from readers and internet security experts.

Jim Killock, of the Open Rights Group, said at the time: “On…

Source…