CyberSecurity Pulse 2016-07-28
|“The past was dead, the future was unimaginable.”|
Deep Web Is Under the Glass After the Munich Massacre
According to an official press conference by the German police, the shooter who killed nine people and wounded 35 used a manipulated Glock 9mm. According to some research lines also cited by various German newspapers and by the Bavarian Ministry of the Interior, Joachim Herrmann, there are evidences that the gun would have been obtained from markets in the deep web with the objective of escaping known restrictions in several European countries regarding the acquisition of weapons.
Even if some journalistic investigations in the past have seen how the attempts to buy weapons have ended up in a scam, the possibility of acquiring them anonymously via Tor platforms and paying for them using, for example, cryptocurrencies to preserve the identity of the buyer has become a real possibility technically speaking. These methods, that have gained prominence these days with the tragic event in Munich, also represent an alternative that can also be used to deal with other complementary markets such as retail distribution of narcotics or illegal pornographic content.
The Security of Electronic Voting Machines Is Still Questionable
The use of electronic voting machines without paper trail of the votes performed by citizens is increasing the fear about the chances of a significant security incident that might compromise the integrity of the results in the upcoming presidential elections in the USA. Deffending a position that the Computer Science philantropist Richard Stallman has also defended in the past, the expert Joe Kiniry has also joined the concern about these incidents which, in his opinion, are technically possible given that only half of the states are currently conducting audits to verify the polling results according to Verified Voting.
Wikileaks Releases a Platform to Search on Hillary Clinton's Emails
Almost at the same time at which Hillary Clinton has been finally elected as the Democratic candidate for the US presidency, Wikileaks has released a platform that allows users to search the 19,252 emails and » More than 8,000 attachments of relevant members of the party to which the organization has got access recently. The leakage, which has been announced as the first part of a series of volumes related to the candidate and which has been released to the organization by a cyberidentity named as Guccifer 2.0, includes information linked to up to seven relevant figures of the party as the Communications Director and various others financial directors and avisors.
Rest of the Week´s News
Malicious Computers Caught Snooping on Tor
Last Friday, researchers from Northeastern University said that they found at least 110 such systems actively snooping on sites that use Tor to mask their operators' identities. To achieve this, a series of hidden services were deployed as honeypots to monitor the traffic that these sites were receiving. Amongst the petitions received, different attack vectors where identified including SQLi, XSS, and user enumeration attemps.
Telegram Vulnerability Recorded Anything MacOS Users Pasted
A bug in the Telegram Messenger app logged anything its users pasted into their chats in its syslog on MacOS, even if they had opted for the end-to-end encrypted mode. The vulnerability was spotted earlier this month by the Russian researcher on information security Kirill Firsov.
SMS-based Two-Factor Authentication Is Insecure
SMS-based Two-Factor Authentication (2FA) has been declared insecure and has been deprecated by NIST to the extent that it will not be covered in future releases of its Digital Authentication Guideline. The organization argues that it's too easy for anyone to obtain a phone while the operator has no way to verify whether the person who receives the 2FA code is the correct recipient.