source:  Artemus FAN, Steve Jones

I’ve been a geocaching fan for years.   My experiences were always interesting and I learned so much about Global Positioning Satellites (GPS), the technology and some clever uses of geocaches beyond the game.

 

While I was traveling, I often carried my Garmin GPS 48 receiver.   I bought it in the 80’s and it has never failed me or  in my quest to hide, find a geocache or determine my exact location.  In January 2008, I was at  the Heydar Aliyev International Airport in Baku, Azerbaijan precisely located at  N40º 27.909” E050º 03.271”. My Garmin unit is so accurate that I can normally approach within three feet of a hidden cache location - provided that cache is reported precisely on www.geocaching.com.

 

Late in the Summer of 1995 I was asked how geocaching could be used to deploy or find an improvised explosive device.   This task was based upon an event that occurred at the Paris Train station.  The Armed Islamic Group (GIA) were broadening the Algerian Civil War in France.  The train station bomb killed eight and injured more than 100 people.

 

A GPS coordinate consists of a latitude and longitude coordinate, for example:    

N36° 48.858” W093° 11.619” (this is my home coordinates and can be seen on Google Earth).

 

With a simple GPS receiver, anyone can use the technology, for good or bad deeds.   Furthermore, it’s a great sport for everyone because geocaching will teach you about the constellation of GPS Satellites, map reading, cache building, building a network of friends as well as helping one with exercise and fitness.

 

My geocaches (caches) are normally large, easily found, and contain nice items for exchange, while the average cache contains a log book, pen, tokens and “travel bugs.”

A travel bug is a token that is moved from one geocache to another by a series of geocaching enthusiasts.

On January 25th, 2017 a fellow geocacher using the handle  “Knocky737”  reported that he found one of my Travel Bugs (Cricket  TBJJMK) in Israel:  GPS Location:

N32° 04.517” E034° 46.680”.   Cricket was originally deployed in Springfield, Virginia on March 26th, 2005 and has travelled through Germany, Austria, Switzerland, and the Czech Republic before landing in Israel.

 The Cricket Travel Bug is a “dog tag” itself and is attached to an American Flag dog tag that I gifted to colleagues and friends on my first deployment to Afghanistan in 2001.

 

As I recall, I dropped several of my travel bugs while I was on a TDY, with a little free time, the need for some exercise and area familiarization.  My other travel bugs were Dragonfly, Mantis, Aphid, Termite and Cicada...all of which have “died” in the last 12 years. 

source: threatpost.com

Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options and comes with top-notch encryption.

Spora was spotted last week by ransomware experts at BleepingComputer, who said after Spora encrypts files on your computer, it offers four tiered payment options: Full Restore ($79); Immunity ($50); Removal ($20); and File Restore ($30). Spora also offers a Free option that allows you to decrypt two random files in order to win confidence that encrypted files can be restored. Pricing varies based on the system infected.

“Spora’s decryption service is something that we haven’t seen in any other ransomware decryption site,” wrote BleepingComputer in a technical breakdown of the ransomware. It said Spora had “the most sophisticated (payment site) it has seen from ransomware authors as of yet.”

Payment options are straightforward with Immunity meaning immunity from future attacks. The Select File option allows victims to choose a limited group of files to restore, but not a full system decryption.

The unique payment options, researchers believe are inspired by cybercriminals seeking more options to provide victims who may be less inclined to pay a full ransom. For example, a victim might be less inclined to pay $79 to recover files they had safely backed up. But they might pay $20 to have the ransomware removed from their system.

Another distinguishing feature of Spora is the implementation of the encryption which researchers say is well thought through. The ransomware works offline, staying low profile and generating no network traffic to outside C2 servers.

 

source: cnet.com

It seems that password security doesn't work.

Many of us rely on simple, easy-to-remember strings of characters and letters, including those found on your keyboard such as "1234567" or "qwertyu."

While these passwords are easy for you to remember, they're also no trouble for attackers using brute-force hacking techniques, or little more than a guess or two. Meaning hackers can easily compromise your online accounts and take over your digital identity.

Despite the growing availability of security features like two-factor authentication, it appears many people still haven't gotten the message about strong passwords.

The most common passwords used to protect our accounts haven't changed much over the past few years, and "123456" is still very much in existence, according to password management service Keeper Security.

 

The company scoured through 10 million passwords which became public domain during 2016 thanks to data breaches. Keeper Security found that almost 17 percent of people used "123456" to protect their accounts from intrusion, while "123456789," "qwerty" and "password" also made the list of 25 Most Common Passwords of 2016.

"We can criticize all we want about the chronic failure of users to employ strong passwords," Darren Guccione, CEO and co-founder of Keeper Security, said. "But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies. It isn't hard to do, but the list makes it clear that many still don't bother."

In total, four of the top 10 most common passwords were six characters or shorter. On average, it only takes seconds to brute-force hack these kinds of accounts. Allowing for such short passwords is the fault of online vendors and operators.

"While it's important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves," Guccione added. "IT administrators and website operators must do the job for them."

There is an interesting exception on the list: "18atcskd2w" was the No. 15 most common password discovered in the data. These accounts were created by bots designed to spread spam on online forums, according to security researcher Graham Cluley.

 

THE TOP 10 LOUSY PASSWORDS OF 2016 (yes, folks...these are really used!)

 

 

source: technewsworld.com

Ever since smartphone makers started incorporating fingerprint scanners as a means of unlocking mobile phones, the Chaos Computer Club has attacked the technology with vigNot long after Apple added Touch ID to its iPhones, the German hackers demonstrated how to lift prints from a surface and create a flexible pad containing the print that could be used to break into a phone.

Now the CCC hacker known as "Starbug" has used digital photography to perform the same trick without lifting any prints at all. At a recent cybersecurity conference, Starbug demonstrated how he created the thumb print of German Minister of Defense Ursula von der Leyen from several news photos.

"After this talk, politicians will presumably wear gloves when talking in public," Starbug said.

The process takes some effort. After finding some high-resolution photos, the fingerprint needs to be outlined on tracing paper, copied onto a plastic board, covered with graphite, then coated with wood glue to create the pad containing the print. The materials to perform the operation can be assembled for about US$200.

While Starbug may have created something that looks like the defense minister's fingerprint, one expert questioned other claims made by the hacker.

"If he can take that fingerprint to a scanner at the Ministry of Defense and make that scanner think he's the minister of defense, then he has done something, but I don't believe he's done that," said Chace Hatcher, CEO ofDiamond Fortress.

"The Chaos Computer Club is suffering from what it accuses the biometric industry of suffering from: hyperbole," he told TechNewsWorld.

"The Chaos Computer Club is pointing out weaknesses in the system, and that's a necessary and admirable thing, but this isn't the 'Holy Cow' moment Starbug purports it to be," Hatcher said. "The idea that public officials are going to start wearing gloves because of this is ludicrous."

Fingerprints From Selfies?

Given the number of selfies posted to the Internet every day, should we start worrying about hackers lifting our fingerprints from those images?

"Most ordinary photographs are not high-resolution enough to detect all the necessary ridges in a fingerprint," said Harry Sverdlove, CTO of Bit9 + Carbon Black.

Even if a high-resolution photo were posted to a social media site, it's unlikely it could be used for capturing fingerprints.