“We are enabling an alternative physical communication layer for bitcoin. The result will be a more resilient, censorship-resistant and decentralized network.”
Read more: https://inthemesh.com/archive/txtenna-decentralizing-last-mile-bitcoin/
“In order to sell in the Russian market, the tech companies let a Russian defense agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers. But those same products protect some of the most sensitive areas of the U.S government, including the Pentagon, NASA, the State Department, the FBI and the intelligence community, against hacking by sophisticated cyber adversaries like Russia.”
“Pacemakers from Abbott Laboratories contain critical flaws that allow hijackers within radio range to seize control while the pacemakers are running. The update will require patients to visit a clinic where doctors will put the pacemakers in backup mode while the firmware is being patched. The Abbott letter said that, for certain patients, the update should be performed ‘in a facility where temporary pacing and pacemaker generator change are readily available, due to the very small estimated risk of firmware update malfunction.'”
“Speaking to PC World, Microsoft Corporate Vice President Joe Belfiore explained that Windows 10 is constantly tracking how it operates and how you are using it and sending that information back to Microsoft by default. More importantly he also confirmed that, despite offering some options to turn elements of tracking off, core data collection simply cannot be stopped. This backs up detailed data that some had chosen to dismiss as conspiracy theories. Instead it gave the impression that turning off all user accessible spying options in Windows 10 settings would provide owners with full privacy – that’s tantamount to spying.”
“Windows 10 uses the Internet a lot to support many of its features. The operating system also sports numerous knobs to twiddle that are supposed to disable most of these features and the potentially privacy-compromising connections that go with them. Unfortunately for privacy advocates, these controls don’t appear to be sufficient to completely prevent the operating system from going online and communicating with Microsoft’s servers. We’ve argued recently that operating systems will continue to make privacy-functionality trade-offs. But the flip side of this is that disabling these services for those who don’t want to use them should really disable them.”
“Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns. Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware. One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells. The feature is known as ‘Lenovo Service Engine’ (LSE) – a piece of code presents into the firmware on the computer’s motherboard.”
http://thehackernews.com/2015/08/lenovo-rootkit-malware.html
“Google today released to open source a new patch for the infamous Stagefright vulnerability found in 950 million Android devices after researchers at Exodus Intelligence discovered the original patch was incomplete and Android devices remain exposed to attack. The original four-line code fix for CVE-2015-3824, one of several patches submitted by researcher Joshua Drake of Zimperium Mobile Security’s zLabs who discovered the flaw in Stagefright, still leads to a crash and device takeover. The vulnerabilities affect Android devices going back to version 2.2; newer versions of Android have built-in mitigations such as ASLR that lessen the effects of Stagefright exploits.”
https://threatpost.com/stagefright-patch-incomplete-leaving-android-devices-still-exposed/114267
“Fresh from sorting out the Stagefright flaw, Google has another serious security vulnerability in Android on its hands. A privilege escalation hole allows normal apps to gain superpowers to snoop on a device’s owner, smuggle in malware, and wreak other havoc. The vulnerability, CVE-2015-3825, affects about 55 per cent of Android handsets – basically version 4.3 and above, as well as the current build of Android M. Flaws in the OpenSSLX509Certificate class in Android can be exploited by an app to compromise the system_server process – and gain powerful system-level access on the device.”
http://www.theregister.co.uk/2015/08/10/another_android_flaw_hitting_55_percent_handsets/
“The ongoing legal saga known as the Oracle-Google copyright battle took a huge leap Wednesday when Oracle claimed the last six Android operating systems are ‘infringing Oracle’s copyrights in the Java platform.’ That’s according to the latest paperwork (PDF) Oracle filed in the five-year-old closely watched case that so far has resulted in the determination that Application Programming Interfaces (APIs) are, indeed, copyrightable. Its suit, which had been mired in litigation and appeals, now names Android operating systems Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat, and Lollipop. These are the operating systems that came after Froyo, when the suit was filed in 2010.”
“Oracle’s chief security officer is tired of customers performing their own security tests on Oracle software, and she’s not going to take it anymore. That was the message of a post she made to her corporate blog on August 10—a post that has since been taken down. Perhaps thinking that all the security researchers in the world were busy recovering from Black Hat and DEF CON and would be somehow more pliant to her earnest message, Mary Ann Davidson wrote a stern message to customers entitled ‘No, You Really Can’t‘. Davidson scolded customers who performed their own security analyses of code, calling it reverse engineering and a violation of Oracle’s software licensing.”