industryterm:internal network

  • The pioneer’s guide to #gx — decentralized dependency management on IPFS
    https://hackernoon.com/the-pioneers-guide-to-gx-decentralized-dependency-management-on-ipfs-900

    Decentralized package management is an exciting area of tool development for today’s developers. Decentralized package managers have the potential to remove centralized points of failure from the interconnected network of modern software libraries. They give development teams a straight-forward way to ensure their internal networks of code are always available, while at the same time ensuring redundancy across the entire Internet. Decentralized package managers can make our code, one of modern society’s most valuable outputs, more resistant to tampering, censorship, and manipulation.That said, decentralized package management is still incomplete. There are many issues to sort out when publishing our code into networks built around an immutability of digital information where unlimited (...)

    #guide-to-gx #golang #open-source #javascript

  • U.S. tech companies unite behind Apple ahead of iPhone encryption ruling | Reuters
    http://www.reuters.com/article/apple-encryption-google-facebook-idUSKCN0W527Y

    Tech industry leaders including Alphabet Inc’s Google, Facebook Inc, Microsoft Corp, AT&T and more than two dozen other Internet and technology companies filed legal briefs on Thursday asking a judge to support Apple Inc in its encryption battle with the U.S. government.

    The rare display of unity and support from Apple’s sometime-rivals showed the breadth of Silicon Valley’s opposition to the government’s anti-encryption effort, a position endorsed by the United Nations human rights chief.
    […]
    One amicus filing, from a group of 17 Internet companies including Twitter Inc and LinkedIn Corp, asserted that Congress has already passed laws that establish what companies could be obliged to do for the government, and that the court case amounted to an “end run” around those laws.
    […]
    The San Bernardino District Attorney’s summary argument, contained in its application to file an amicus brief, alleges the iPhone might have been “used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino County’s infrastructure.” The court document contained no evidence to support the claim.

    Zeid Ra’ad Al Hussein, U.N. High Commissioner for Human Rights, urged U.S. authorities to proceed with “great caution”, warning: "A successful case against Apple in the U.S. will set a precedent that may make it impossible for Apple or any other major international IT company to safeguard their clients’ privacy anywhere in the world.

    It is potentially a gift to authoritarian regimes, as well as to criminal hackers,” he said in a statement.

    TWO BIG COALITIONS
    The tech and Internet industries largely coalesced around two filings. One includes market leaders Google, Microsoft, Facebook, Amazon.com and Cisco Systems, along with smaller, younger companies such as Mozilla, Snapchat, Slack and Dropbox.

    That group noted that Congress passed the All Writs Act more than 200 years ago, and said the Justice Department’s effort to use the law to force engineers to disable security protections relies on a “boundless” interpretation of the law that is not supported by any precedent.

    The brief also advanced constitutional arguments, saying the order violated free speech, the separation of power and due process.

    The second industry coalition, which includes Twitter, eBay Inc and LinkedIn, contended in its filing that the Communications Assistance for Law Enforcement Act (CALEA) of 1994, along with other statutes, has already made it clear what the companies could or could not be forced to do.

    • San Bernardino shooter’s iPhone may hold evidence of #dormant_cyber_pathogen, DA says
      http://appleinsider.com/articles/16/03/03/san-bernardino-shooters-iphone-may-hold-evidence-of-dormant-cyber-path

      The curious statement was made in reference to an unspecified threat in violation of California Penal Code Section §502 covering protections against tampering, interference, damage and unauthorized access to computer systems. Specifically, Ramos says the iPhone in question could contain evidence “that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino County’s infrastructure.” Beyond that, no other details are offered.

      There is no mention of “cyber pathogens” in Cal. Penal Code §502, but the provision does reference a “#computer_contaminant,” described as a “_set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information.” Ramos appears to be indicating that Farook potentially released a virus or worm onto the county’s internal network using his work-issued iPhone 5c.

  • Why hackers are more & more interested in heath care data

    Health care records can be more valuable because they have a longer shelf life than financial data, which becomes worthless once the fraud is detected and the payment card is cancelled or blocked.
    With health care credentials you can get “free” health care as someone else is paying for the insurance. Unlike credit card numbers, healthcare information is non recoverable, and potentially lethal in the wrong hands.
    Learning a patient’s medications and diagnoses means that a hacker can order expensive drugs or equipment and resell them.

    http://www.infoworld.com/article/2983634/security/why-hackers-want-your-health-care-data-breaches-most-of-all.html

    Social Security numbers can’t easily be cancelled, and medical and prescription records are permanent. There’s also a large market for health insurance fraud and abuse, which may be more lucrative than simply selling the records outright in forums.

    [...]

    criminals monetize health care data in a different way than they cash in on financial data. Most forums selling health care data tend to be more specialized than the carding forums where payment card information is sold. Stolen health care data forums operate more like drug cartels, where health records are not sold outright, but rather used to buy and sell addictive prescriptions,

    [...]

    It makes sense that governments would be interested in getting their hands on this data because it can be useful for building dossiers that reflect a deeper understanding of the target population. Medical and insurance records provide insights about where people live, what medical treatments they had, who their family members are, and who they work for.

    http://www.bloomberg.com/news/articles/2015-06-05/u-s-government-data-breach-tied-to-theft-of-health-care-records

    The disclosure by U.S. officials that Chinese hackers stole records of as many as 4 million government workers is now being linked to the thefts of personal information from health-care companies.

    http://resources.infosecinstitute.com/hackers-selling-healthcare-data-in-the-black-market

    Many healthcare organizations do not perform encryption of records within the internal networks. They also do not use encryption of data at rest and transit. This interest the hackers since the attack surface area is very huge. Health insurance information can be used to purchase drugs or medical equipment, which are then resold illegally, or even to get medical care. The latter can have consequences that go far beyond the financial.

    And the Internet of Things with all the quantifying self data is not going to make it any better

    #health_care
    #hack
    #social_security
    #identity_theft
    #data_breach
    #security
    #dark_net #darknet #dark_web

    ( Athem, Excellus Blue Cross Blue Shield, CareFirst Blue Cross, LifeWise )

  • RT.com sort des documents fuités du ministère de la Défense ukrainien et réintroduit la thèse du missile sol-air.
    Avec quelques variantes…

    Kiev secretly received data from #MH17 crash investigators – Ukrainian hacktivists — RT News
    http://rt.com/news/195128-mh17-crash-cyberberkut-leak

    Ukrainian CyberBerkut hacktivists claim that they have penetrated the internal network of Ukraine’s Defense Ministry and found proof that Kiev is getting secret data from MH17 crash investigators, including information which implies its involvement.

    A document, posted on the website cyber-berkut.net, and allegedly downloaded from Ukraine’s Defense Ministry network, dates back to August 7 and appears to be signed by Colonel Igor Zorin, the chief of Ukraine’s air defense forces. It is a report which maintains that a fragment of a projectile found together with the debris of the crashed flight MH17 is in fact a damage agent of a 9M38 surface-to-air guided missile belonging to the mobile air defense complex Buk or Buk M1.

    Photo scans allegedly depicting the fragment in question have been also posted.

    The document acknowledged that a specific rectangular shape of the fragment pointed out that it could belong to a 9N314 warhead of the 9M38 anti-aircraft missile.

    It was suggested that the final conclusion could be made after analyzing the original fragments depicted in the photographs.

    Évidemment, au vu des photos il est rigoureusement impossible de dire quoi que ce soit…

    Là où ça se complique, c’est que le ministère de la Défense russe, cette fois, fournit d’autres informations…

    Buk and Buk M1 missile systems were developed by the Soviet Union and entered into service in the late 1970s and in early 1980s.

    Earlier this week, a source in Russia’s Defense Ministry told RIA Novosti news agency that after the fall of the Soviet Union, a number of such systems remained in Ukraine and today Kiev possesses no less than 70 Buk M1 systems.

    According to open sources, the Russian army operates only Buk-M1-2 and Buk-M2 missile systems – the latest modified versions developed after Ukraine became independent in 1991.

    The source also accused Valentin Nalivaichenko, head of the Security Service of Ukraine (SBU), of inadvertently leaking that the MH17 Boeing-777-200 crash in July was caused by an outdated missile that only Ukrainian army still operates.

    … et surtout…

    RIA Novosti’s source also said that on the day the MH17 was shot down, Ukraine’s 156th SAM regiment carried out an unauthorized missile launch.

    • En fait, cette dernière information est ancienne (25/07)

      Vol MH17 : exercices de la DCA ukrainienne près de Donetsk le jour du crash (source) | International | RIA Novosti
      http://fr.ria.ru/world/20140725/201935955.html

      Le jour du crash du vol MH17 en Ukraine orientale, des unités de DCA de l’armée ukrainienne se sont entraînées à ôter le verrouillage des systèmes de missiles Bouk-M1, une erreur de manipulation pourrait avoir causé le drame, a annoncé à RIA Novosti une source au sein de l’armée ukrainienne.
      « Le 17 juillet, le commandant de la 156ème unité de missiles sol-air a reçu l’ordre de mener un entraînement consistant à couvrir des troupes terrestres dans la banlieue de Donetsk – il fallait déployer des divisions, assurer le suivi des cibles, et réaliser tout l’éventail d’accompagnement et de destruction des cibles des systèmes aériens Bouk-M1 », a indiqué l’interlocuteur de l’agence.
      Selon lui, malgré le fait que les clés permettant le déverrouillage des missiles aient été fournies aux commandants des batteries, aucun tir de missiles 9М38М1 n’était prévu.

  • #NSA tracking cellphone locations worldwide, #Snowden documents show - The Washington Post
    http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html

    En dehors des chiffres qu’on voit repris partout, les détails techniques sont vraiment intéressants.

    According to top-secret briefing slides, the NSA pulls in location data around the world from 10 major “sigads,” or signals intelligence activity designators.

    A sigad known as STORMBREW, for example, relies on two unnamed corporate partners described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for tasking/updates.”

    STORMBREW collects data from 27 telephone links known as OPC/DPC pairs, which refer to originating and destination points and which typically transfer traffic from one provider’s internal network to another’s. That data include cell tower identifiers, which can be used to locate a phone’s location.

    The agency’s access to carriers’ networks appears to be vast.

    “Many shared databases, such as those used for roaming, are available in their complete form to any carrier who requires access to any part of it,” said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This ‘flat’ trust model means that a surprisingly large number of entities have access to data about customers that they never actually do business with, and an intelligence agency — hostile or friendly — can get ‘one-stop shopping’ to an expansive range of subscriber data just by compromising a few carriers.”