New Polish ID cards blocked after fingerprint scanners raise security concerns

The introduction of new national identity cards in Poland has been delayed indefinitely amid concerns expressed by the Internal Security Agency (ABW) about the threat to state security and personal privacy posed by fingerprint scanners. The government has confirmed that it is preparing urgent legislation to postpone the issuance of the cards, which were due to come in on 2 August and bring Poland into line with new EU security rules. Parliament voted almost unanimously in April in favour of the new version of the cards, which are supposed to include the so-called “second biometric feature” of encoded fingerprints (the first is the image of the holder’s face).

— source | Jul 7, 2021

what safety for us. we will give work for the same company that provide cards to pakistan.

Nullius in verba

Failed On Cybersecurity Despite £1bn Spend

UK spy agency GCHQ has admitted it is losing the cybersecurity battle on a national level, despite throwing money at the problem. Alex Dewedney, director of cybersecurity at CESG – the information security arm of GCHQ – warned that it will take a lot more than cash to bring cybersecurity threats under control. The UK Government splashed £950m on cybersecurity over the past five years and George Osborne has promised a further spend of £1.9bn in the coming five years. Combined with the money being spent on protecting IT systems, a total of £3.2bn is expected to be spent over the next half decade.

— source | 2016

Nullius in verba

UEFI images that could be used for malware transport

Russian security firm Kaspersky claims to have found a number of suspicious UEFI images, based on the leaked source code of the Italian firm Hacking Team, containing a malicious implant that could be used place a malicious update on a Windows system.

The images placed a file called IntelUpdate.exe in the victim’s Windows Startup folder.

Researchers Mark Lechtik, Igor Kuznetsov and Yury Parshin said in a detailed blog post that this was the second time that malicious UEFI firmware being used by a threat actor had been found in the wild.

— source | 06 Oct 2020

Nullius in verba

Hack of U.S. Gov’t Data Impacted 21.5 Million

The Obama administration has acknowledged a breach of government computer systems was far worse than they initially disclosed. Hackers stole information including fingerprints and Social Security numbers from 21.5 million people. The Office of Personnel Management said everyone who received a government background check over the last 15 years was likely impacted.


[you have to learn from India. to save Aadhaar data UIDAI built 5 Feet Thick Walls]

Nullius in verba

LinkedIn sued over allegation it secretly reads Apple users’ clipboard content

Microsoft Corp’s LinkedIn was sued by a New York-based iPhone user on Friday for allegedly reading and diverting users’ sensitive content from Apple Inc’s Universal Clipboard application. According to Apple’s website, Universal Clipboard allows users to copy text, images, photos, and videos on one Apple device and then paste the content onto another Apple device. According to the lawsuit filed in San Francisco federal court by Adam Bauer, LinkedIn reads the Clipboard information without notifying the user. According to media reports from last week, 53 apps including TikTok and LinkedIn were reported to be reading users’ Universal Clipboard content, after Apple’s latest privacy feature started alerting users whenever the clipboard was accessed with a banner saying “pasted from Messages.” According to the complaint, LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple’s Universal Clipboard timeout.

— source | Jul 11, 2020

Nullius in verba

The next generation of hackers may target your medical implants

Implantable medical device (IMD) are extremely vulnerable to hacking. These are devices like pacemakers, neurostimulators, and cochlear implants used to restore hearing. As these grew in popularity and complexity, it became essential to make their software updatable, either through a wired or wireless connection. Unfortunately, this also makes them vulnerable to tampering, especially since for years so many devices did not include encryption to secure them from unauthorized access.

The vast majority of hacking incidents over the past several decades have been possible only because of our increasingly connected world. So, as we put more and more of our devices, our information, and our lives online, they become not only appealing targets for hackers but more attainable as well. The more points of access and connection there are to a device, the greater the likelihood it will be improperly secured. In a highly connected world, every piece of information and every point of access has value. This is not necessarily because you yourself are so appealing to the hackers, but because your information or access may make it possible to infiltrate other, far more lucrative targets. But even if you are not the primary target, such dealings can still do great damage to your equipment, your finances, your reputation, and even your life.

Excerpted from Future Minds: The Rise of Intelligence from the Big Bang to the End of the Universe by Richard Yonck.

— source | Mar 14, 2020

Nullius in verba

New flaw in Intel chips lets attackers slip their own data into secure enclave

A new flaw in Intel chips threatens to allow attackers to not just view privileged information passing through the system but potentially also insert new data. The flaw isn’t something the average user has to worry about, but it is a sign of the times as far as the shape of threats to our information’s security. You may be familiar with Meltdown, Spectre and Heartbleed — this one has a decidedly less catchy name: Load Value Injection, or LVI. It was discovered independently by BitDefender and by a multi-university group led by Jo Van Bulck. There are mitigations, of course, but they can severely affect the performance of the chip.

— source | Mar 10, 2020

Intel inside, idiot outside.

Nullius in verba

Intel chipsets have another security issue, this time it’s ‘unfixable’

Researchers have uncovered a fun new vulnerability in Intel processors, and this one has a claim attached that it’s not possible to fix it.Sound familiar? Yeah, there’s been a lot of problems over at Intel in the last couple years. This issue, found and reported by Positive Technologies, mentions CVE-2019-0090 which as the numbered year suggests was already announced last year. However, the plot thickens. If you have an Intel chipset and/or SoC older than the 10th Generation (so anything in the last few years), you will be affected by this.

— source | 6 Mar 2020

Nullius in verba

Intel chips have two more vulnerabilities

More vulnerabilities in Intel CPUs have been made public. There is a lot of major security problems to go through with Spectre and Meltdown, Foreshadow and ZombieLoad. The two new vulnerabilities are Vector Register Sampling (CVE-2020-0548) and L1D Eviction Sampling (CVE-2020-0549).

— source | 28 Jan 2020

Intel inside Idiot outside.

Nullius in verba