Many major corporations are now talking about fake news and misrepresentative content and how important it is to fight against it. But intentionally or not, these same corporations are actually helping fund sites that traffic false news by placing ads on them.

In the not-so-distant past, media advertising was much simpler. All that the companies had to do was buy ad space in magazines and newspapers and they would reach desired readers. Before buying ad space, these corporations could check to see if the newspaper or magazine was trustworthy, and that was it.

Nowadays, with digital ads, it’s much harder to know which site is trustworthy because ads are placed by automated systems, not actual people. These algorithms decide where the ads will wind up, so it’s not always easy for companies to steer them away from questionable sites.

So although no major brand has intention of bankrolling sites with fake news, they often do so unwittingly. To make matters worse, “fake news” can be hard to define at times. Basically, a brand doesn’t have a foolproof way of not getting on sites that spread fake news.

The conclusion? Even if a major brand shows up on a site, it doesn’t make it trustworthy – or rather, site’s stories don’t always have to be trustworthy. It’s evident that automatic advertising needs more fine-tuning, but until then, it might be a good idea to check stories on multiple sources.

Reference:

Phys.org (https://phys.org/news/2017-01-intentionally-big-brands-fund-fake.html)

According to a report in The Guardian newspaper, WhatsApp messages could be vulnerable to interception. It appears that due to their encryption techniques and a security backdoor, WhatsApp messages could be read without its users knowing.

The facebook-owned app relies on an encryption method that uses unique security keys within the Signal protocol that are “traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman.” Facebook also claims that no one can intercept the messages, not even the company itself, which is why the app is advertised as putting emphasis on privacy in the first place.

The problem is, this end-to-end encryption protocol has a slip: WhatsApp can force the generation of the new encryption keys for offline users without those users being aware of the change. According to The Guardian, this makes the sender re-encrypt messages with the new generation of keys and send them again for any messages that have not been marked as delivered.

The recipient of the messages is made not aware of this change in encryption, and the sender is only notified if they have chosen to receive encryption warnings in settings. However, even if they choose to receive warnings, senders are notified only after the messages have been re-sent. This process is what allows WhatsApp to intercept and read some of the users’messages.

Steffen Tor Jensen, head of information security and digital counter-surveillance at the European-Bahraini Organisation for Human Rights said: “WhatsApp can effectively continue flipping the security keys when devices are offline and re-sending the message, without letting users know of the change till after it has been made, providing an extremely insecure platform.”

Reference:

The Guardian (https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages)

Phys.org (https://phys.org/news/2017-01-whatsapp-vulnerable-snooping.html)

A new study conducted by the researchers at the University of Texas at San Antonio reveals that overconfident email recipients are actually helping phishing succeed. So when it comes to phishing scams, being under confident is a good strategy to follow.

The problem with phishing emails and overconfidence lies in the fact that most people believe they’re smarter than the criminals behind the scams, which makes them an easy prey. “Many times, people think they know more than they actually do, and are smarter than someone trying to pull of a scam via an e-mail,” said H.R. Rao, a UTSA College of Business faculty member.

It’s no wonder really, as phishing is evolving alongside the Internet. It’s become rare to see an obvious scam – nowadays, they’re much more subtle. Often they look like regular emails from companies that ordinary people trust. This is because cyber criminals are getting better and better at mimicking the logos of the popular companies.

The solution? Becoming more educated about the phishing subject and being less confident about it. Rao even suggests citizen workshops and online games that inform people of the new dangers of the Internet.

Reference:

University of Texas at San Antonio(http://www.utsa.edu/today/2017/01/phishing.html)

In the inevitable and not-so-far quantum-future that awaits us, quantum encryption techniques will be of utmost importance. They use individual photons as an extremely secure way to encode data, but as with any other encryption method, there is a downside to a quantum encryption too, which is the disability to emit photons at high rates.

“One of the most important figures of merit for single-photon sources is brightness – or collected photons per second – because the brighter it is, the more data you can transmit securely with quantum encryption,” said Yousif Kelaita, of Nanoscale and Quantum Photonics Lab, Stanford University, California.

Now, Kelaita and colleagues have managed to create a new type of light-enhancing optical cavity that is ultra small – only 200 nanometers tall and 100 nanometers across. Their new nanocavity system is able to significantly increase the emission brightness of quantum dots, which are nanometer-scale semiconductor particles that can emit single photons.

The researchers developed the new nanocavity system by using highly reflective silver to coat the sides of a nanoscale semiconductor pillar sitting on a substrate. Why silver? Because it makes the light bounce around inside the nanopillar, essentially turning it into an ultra-small optical cavity. And because the same design concept can be used to build nanocavities from other materials, they can be tailored for different single-photon emitters.

The new nanoscale system represents a step toward brighter single-photon sources, which could help the development of a truly secure quantum-based encryption.

Reference:

The Optical Society (http://www.osa.org/en-us/about_osa/newsroom/news_releases/2016/ultra-small_nanocavity_advances_technology_for_qua/)

Researchers at the Indiana University have launched a powerful new tool called Hoaxy in the fight against fake news. The new tool works by visualizing how claims in the news spread through social networks, and by fact checking some of those claims.

Because of the rapid growth of fake news that sometimes has the power to sway public opinion, many major web services are making changes in order to stop the spread of fake news. For example, Facebook now has a system that allows users to flag stories that they suspect are fake, which are then referred to third-party fact-checkers. Google has recently banned the use of advertisement services on websites that are known to post fake news.

Hoaxy will help move things faster: users can now enter a claim they read into the service’s website and see results that show incidents of the claim in the media and attempts to fact-check it (this is done by independent organizations). Users can also choose to select these results to generate a visualization of how the articles are shared across social media.

The site’s search results also display headlines that appeared on sites known to publish unverified or inaccurate claims based upon lists compiled and published by reputable news and fact-checking organizations.

The researchers emphasize that they’re not the ones who decide what is true and what is false – Hoaxy is there only to help users observe how unverified stories and the fact-checking of those stories spread on public social media. In the end, it’s up to users to evaluate the evidence about a claim.

Source:

Indiana University Bloomington (http://news.indiana.edu/releases/iu/2016/12/iu-hoaxy.shtml)

Together with the National Emergency Supply Agency and the private sector, VTT Technical Research Centre of Finland has created tailored solutions for improved cybersecurity and disruption-free operations for manufacturers. This, now ending KYBER-TEO project, will make companies and manufacturers more able to defend themselves from possible cyber attacks.

As you know, a cyber attack can easily cause millions of dollars of damage, environmental contamination and even personal injuries. If really serious, a breach of cyber security can affect the whole society.

To improve security and help companies defend themselves, KYBER-TEO project has developed tailored solutions – each company was encouraged to create their own security concepts and practices and purchase cyber-secure automation systems. “In the case of every company, the cyber security of the tested systems was developed even further and in a better direction,” said Principal Scientist, Pasi Ahonen of VTT. “Hopefully, the companies have also learned how to identify information security vulnerabilities or gaps in their systems.”

As a part of the project, a small online cooperation forum on automation-system cyber security was created. The goal is to deepen confidential communication in the future and help companies deal with security problems whenever they need advice.

Source:

VTT (http://www.vttresearch.com/media/news/greater-readiness-repels-cyber-threats-to-manufacturers)

Google has announced the launch of the Project Wycheproof that includes more than 80 test cases and targets cryptography problems. Named after the smallest mountain in the world, Moun Wycheproof, this project’s main motivation is to have an achievable goal – “the smaller the mountain the easier it is to climb it!”.

As Google’s security engineers, Daniel Bleichenbacher and Thai Duong explain, in cryptography, even small mistakes can have catastrophic consequences. Making the problem worse is the fact that mistakes in open source cryptographic software libraries repeat often and remain undiscovered for too long. And because this is what is used to encrypt the transmission of data across the internet, it’s crucial to find a solution, fix, and whenever possible, prevent cryptographic mistakes.

“Our first set of tests are written in Java, because Java has a common cryptographic interface. This allowed us to test multiple providers with a single test suite,” Google’s blog states.

Project Wycheproof will develop as many tests as possible in order to check the most popular cryptographic algorithms and software libraries that support them. In fact, the blog states that external contributors are welcome too, as Project Wycheproof is “by no means complete”.

Source:

Google Online Security Blog (https://security.googleblog.com/2016/12/project-wycheproof.html)

Digital Trends (http://www.digitaltrends.com/computing/google-project-whcheproof-cryptographic-tests-libraries-algorithms/)

Antivirus firm ESET recently released a report stating that its researchers have discovered a new exploit kit spreading via malicious ads on many reputable and popular websites. Since October this year, these malicious ads have been displayed to more than a million web surfers who use Internet Explorer browser.

ESET researchers say that the cybercriminals have been targeting Internet Explorer users by scanning their computers for vulnerabilities in Flash Player. Basically, these ads use images that contain malicious code buried within the parameters of their alpha channel. This, by the way, is used to define the transparency of each pixel in an image, meaning that adding the malware to an image’s alpha channel is a minor modification, resulting in an image that has only slightly different tone than the original. In other words, the malware is based on the Stegano exploit kit.

Once the advertisement is displayed on the visitor’s screen, it starts exploiting loopholes in Internet Explorer first to check if the user’s PC is running on a malware analyst’s machine. Then it does the same thing with Flash Player, where it yet again checks if it’s being monitored. “If results are favorable, it will attempt to download the encrypted payload from the same server again, disguised as a GIF image. The payload is then decrypted and launched via regsvr32.exe or rundll32.exe,” ESET explains.

But ESET states that web surfers can stay safe by using a reliable internet security solution and by updating their security software, browser, and Flash Player regularly.

Source:

ESET (https://www.eset.com/us/business/resources/detail/malicious-code-hides-in-pixels-of-advertising-banners-eset-uncovers-new-stegano-exploit-kit//)

Digital Trends (http://www.digitaltrends.com/computing/eset-malware-images-alpha-channel-browser-defense-broxu-stegano/)

Although artificial intelligence is constantly improving, we’re still far from it writing software. For now, we, human beings, are the only ones that know how to write software, and while we can be excellent at it, we’ll never be perfect. This means that there will always be at least few coding mistakes that malicious hackers will be able to exploit. For example, a single bug can open the door to a hacker copying credit card numbers or deleting extremely important files – this is serious business, as you can see.

The good news is that the researchers at the Colombia Universtity have developed a new software called Shuffler that is able to stop such attacks by allowing programs to continuously scramble their code as they run.

“Shuffler makes it nearly impossible to turn a bug into a functioning attack, defending software developers from their mistakes,” said David Williams-King, new study’s lead author. “Attackers are unable to figure out the program’s layout if the code keeps changing.”

Shuffler is fast, user-friendly and it runs alongside the code it defends without making modifications to program compilers or to the computer’s OS. In fact, it’s so efficient that it randomizes itself to defend against possible bugs in its own code!

However, researchers say that the software needs a few more improvements before it’s made public. They want to make Shuffler easier to use on software they haven’t yet tested, and improve its ability to defend against attacks that take advantage of server crashes.

Source:

Columbia University In The City of New York (http://datascience.columbia.edu/new-software-continuously-scrambles-code-foil-cyber-attacks)

A team of researchers at Ben-Gurion University of the Negev has found malware that can turn conventional computers into perpetual eavesdropping devices – even without a microphone.

In a paper “SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit,” the team demonstrates how most computers and laptops today are susceptible to this kind of attack. In order to show how commonly used tech can be exploited, they used malware called SPEAKE(a)R that can transform headphones into a pair of microphones.

“The fact that headphones, earphones and speakers are physically built like microphones and that an audio port’s role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers,” explains Prof. Yuval Elovici, one of the researchers.

How is this possible? It’s actually pretty easy. A typical PC structure contains a number of audio jacks, each of which is used either for input (line-in), or for output (line-out). Modern motherboards and sound cards include an option for jack retasking or jack remapping. In other words, you have the option to change the function of an audio port with software.

Malware exploits this option by reconfiguring the headphone jack from a line-out jack to a microphone jack. This way, connected headphones function as a pair of recording microphones, essentially turning your PC into an eavesdropping device.

The researchers explain that potential software countermeasures include completely disabling audio hardware and using an HD audio driver that can alert users when microphones are being accessed. Anti-malware and intrusion detection systems should also be developed in the future.

Source:

Ben-Gurion University of the Negev(http://in.bgu.ac.il/en/Pages/news/eaves_dropping.aspx)