# sec: oops! 5G, a European dilemma (the 1st one of a series): the quiet spread of Huawei

<< China's Huawei has quietly become a leading supplier of the backbone equipment for mobile networks, particularly in developing markets thanks to cheaper prices. >>

<< Each year it invests between 10 and 15 percent of its sales revenue on research and development. It spent $13.8 billion on R&D  (Research and development) in 2017 and $15 billion last year. >>

<< It's a dilemma for European telecoms firms: Should they steal a march on competitors and rapidly roll out next-generation 5G mobile networks using equipment from top supplier Huawei? Or should they heed US-led warnings of security threats and sit tight, and possibly fall behind? >>

<< Huawei strenuously denies its equipment could be used for espionage. >>

<< Deutsche Telekom, in an internal document obtained by Bloomberg, warned that Europe could fall behind China and the United States by as much as two years if it forgoes using Huawei's 5G equipment. >>

Erwan Lucas. European telecoms' dilemma: Huawei or the highway? Feb 3, 2019.

https://phys.org/news/2019-02-european-telecoms-dilemma-huawei-highway.html  

Also

https://flashontrack.blogspot.com/search?q=%23+sec

# e-web-sec: IoT comes to (hack to) the Masses; the begin

<< Internet of Things, aka “IoT” is all the rage. You know, all these new connected things like Nest thermostats, Hue lights, digital door locks and other devices that have lights, sensors, motors or switches, along with a small computer and are connected to the Internet.>>

<< On Monday (Feb. 8), building IoT-based devices is going to get a lot easier and cheaper thanks to Particle.io >>

Robert Scoble. Internet of Things Comes to the Masses. February 12, 2016

http://www.kurzweilai.net/robert-scoble-internet-of-things-comes-to-the-masses

# e-web-sec-privacy: 50 corporations only ...

<< 50 corporations track third-party data from 88 percent of 1 million top websites >>

http://www.kurzweilai.net/50-corporations-track-third-party-data-from-88-percent-of-1-million-top-websites

Tim Libert, a doctoral student at the Annenberg School for Communication at the University of Pennsylvania. Exposing the hidden web. Internat. Journal of Communication 9(2015); 3544-61 (open access).

http://ijoc.org/index.php/ijoc/article/download/3646/1503

# e-sec: please, what time is it (among other)?

<< By their very nature of being wearable, these devices [wristband and armband devices such as smartwatches and fitness trackers], however, provide a new pervasive attack surface threatening users privacy, among others >>

Tony Beltramelli, Sebastian Risi. Deep-Spying: Spying using Smartwatch and Deep Learning. (Submitted on 17 Dec 2015)

http://arxiv.org/abs/1512.05616

also:

David Glance,  New ways your smartwatch (and phone) may be spying on you. University Of Western Australia, The Conversation. January 6, 2016

http://m.phys.org/news/2016-01-ways-smartwatch-spying.html

# sec: sometimes the repair is crippling ...

<< Microsoft has temporarily stopped fixing a serious security flaw on personal computers powered by certain chips from Advanced Micro Devices because the repair is crippling the affected machines >>

Microsoft stops fixing security flaw on PCs with AMD chips. Jan 9, 2018.

https://m.phys.org/news/2018-01-microsoft-flaw-pcs-amd-chips.html

Windows operating system security update block for some AMD based devices. Jan 10, 2018.

https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices

# sec: adversarial audio attacks; small sound perturbations to hack a Machine Learning model and remedies

<< Adversarial audio attacks can be considered as a small perturbation unperceptive to human ears that is intentionally added to the audio signal and causes a machine learning model to make mistakes. >>

Mohammad Esmaeilpour, Patrick Cardinal, Alessandro Lameiras Koerich. A Robust Approach for Securing Audio Classification Against Adversarial Attacks. arXiv:1904.10990 [cs.LG] Apr 24, 2019.

https://arxiv.org/abs/1904.10990

Ingrid Fadelli. An approach for securing audio classification against adversarial attacks. May 7, 2019.

https://m.techxplore.com/news/2019-05-approach-audio-classification-adversarial.html

# web-sec: recently, they lost control of the majority of they hacking tools ...

<< Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation >>

Vault 7: CIA Hacking Tools Revealed. 7 Mar. 2017.

https://wikileaks.org/ciav7p1/

also:

http://flashontrack.blogspot.it/search?q=hack

also:

<< dalle viscosita' silenti d' inane baldacchino  ... >>

2151 - a voting machine (to explain precisely). Jan. 15, 2008.

http://inkpi.blogspot.it/2008/01/2151-voting-machine-to-explain.html

# e-sec: byzantine fault in-tolerance

<< Byzantine failures are considered the most general and most difficult class of failures among the failure modes >>

<< The objective of Byzantine fault tolerance is to be able to defend against Byzantine failures, in which components of a system fail with symptoms that prevent some components of the system from reaching agreement among themselves, where such agreement is needed for the correct operation of the system >>

<< Byzantine failures imply no restrictions, which means that failed node can generate arbitrary data, pretending to be a correct one, which makes fault tolerance utterly difficult. >> Nov. 19, 2016.

https://en.m.wikipedia.org/wiki/Byzantine_fault_tolerance

# e-sec: when something smells funny ...

<< why do  the  best hackers  on  the  planet  not  work  for  the  (..)? Because  the  (..) will  not  hire  anyone  with  a  24-inch  purple  mohawk,  10gauge  ear  piercings,  and  a  tattooed  face  who  demands  to ... >>

<< Cyberscience  is  not  just  something  you  can  learn.  It  is  an  innate  talent. The  Juilliard  school  of  music  cannot  create  a  Mozart.  A  Mozart  or  a Bach,  much  like  our  modern  hacking  community, is  genetically  created. A  room full  of  Stanford  computer  science  graduates  cannot  compete with  a  true  hacker  without  even  a  high-school  education. >>

John McAfee. I'll  decrypt  the San  Bernardino  iPhone. Feb. 18, 2016.

http://www.techinsider.io/john-mcafee-ill-decrypt-the-san-bernardino-iphone-for-free-so-apple-doesnt-need-to-place-a-back-door-on-its-product-2016-2

<< (..) But I’m smart enough to know when something smells funny >> John McAfee. Ars Technica. Feb.19, 2016

https://mobile.twitter.com/arstechnica/status/700707638795968512

# e-web-sec: qucpu will make vital cryptography simple to crack

<< Quantum computers could bring about a quantum leap in processing power >>

<< But there's also a dark side: this extra power will make it simple to crack the encryption keeping everything from our emails to our online banking secure >>

<< A recent report from the Global Risk Institute predicted that there is a one in seven chance vital cryptography tools will be rendered useless by 2026, rising to a 50% chance by 2031 >>

<< As a report from the National Institute of Standards and Technology (NIST) released in April notes, this algorithm [to solve a problem called integer factorization] can be used to efficiently solve the mathematical problems at the heart of three of the most widely-used encryption approaches: Diffie-Hellman key exchange, RSA, and elliptic curve cryptography >>

Edd Gent. Quantum Computers Could CrushToday’s Top Encryption in 15 Years. Nov 24, 2016

https://singularityhub.com/2016/11/24/quantum-computers-could-crush-todays-top-encryption-in-15-years

Michele Mosca. A quantum of prevention for our cyber-security.

http://globalriskinstitute.org/publications/quantum-computing-cybersecurity/

# e-sec: "soft" vulnerabilities (2015)

<< CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities >>

http://www.cvedetails.com/top-50-vendor-cvssscore-distribution.php

CVSS - Common Vulnerability Scoring System -  National Vulnerability Database (NVD)

https://nvd.nist.gov/cvss.cfm

# sec: oops! also blockchain system seems to show some security vulnerabilities

<< Smart contracts - stateful executable objects hosted on blockchains like Ethereum - carry billions of dollars worth of coins and cannot be updated once deployed >>

AA << present a new systematic characterization of a class of trace vulnerabilities, which result from analyzing multiple invocations of a contract over its lifetime >>

Ivica Nikolic, Aashish Kolluri, et al. Finding The Greedy, Prodigal, and Suicidal Contracts at Scale. arXiv: 1802.06038 [cs.CR]. Feb 16, 2018.

https://arxiv.org/abs/1802.06038

Kristin Houser. Uh Oh: Blockchain May Not Be as Secure as We Thought. Mar 2, 2018.

https://futurism.com/blockchain-security-smart-contracts/ 

Mike Orcutt. Ethereum's smart contracts are full of holes. MIT Tech Rev. Mar 1, 2018.

https://www.technologyreview.com/s/610392/ethereums-smart-contracts-are-full-of-holes/

Also

# e-ai: an intriguing hypothesis: cheating that system will become near impossible. Jun 18, 2017

http://flashontrack.blogspot.it/2017/06/e-ai-intriguing-hypothesis-cheating.html

# e-sec: a priori cracked; 'verifiable computing' vs chip manufacturing

<< Medical devices, public infrastructure and voting machines, as well as financial, military and government electronics could all be compromised long before their first use if backdoors were added to their chips during the manufacturing process.  The issue could affect CPUs, GPUs and motherboards, but also storage and memory components. These days we're seeing more companies employ cryptographic signing for their software to ensure that the code delivered to the users is identical what was written by the vendors (although not all companies are taking this to heart yet). A similar validation process is needed for hardware to ensure its integrity. >>

Lucian Armasu. University Researchers Invent Solution To Protect Chips Against Manufacturing Sabotage. August 26, 2016  4:00 PM

http://www.tomshardware.com/news/chip-protection-solution-manufacturing-sabotage,32569.html

Researchers design a chip that checks for  sabotage. Integrated Circuits Can Monitor Their Own Computations and Flag Defects. August 23, 2016

http://engineering.nyu.edu/press-releases/2016/08/23/cybersecurity-researchers-design-chip-checks-sabotage

# e-sec: Sun Tzu style: unpredictable (chaotic) environment to defending cpu from cyber-attacks

<< We want our computers to perform the way we expect. But what if the key to defeating malware is introducing a bit of chaos? >>

<< Programs you know and trust could be approved to run in a standard environment where they'll function normally, while detected malware are sequestered in a third environment, called deceptive. Instead of squashing them immediately, Chameleon would let the malicious processes continue to work in a façade environment while collecting information that can be used to understand and defeat them >>

<< Predictable computer systems make life too easy for attackers >>

Alisson Clark, January 21, 2016

http://m.phys.org/news/2016-01-defending-cyber-attacks-sun-tzu-style.html

https://twitter.com/physorg_com/status/690237559511846913

l'approccio "Sun Tzu  style" benche' antico sembrerebbe funzionale anche nell'ambito della sicurezza informatica ... quando le grandi idee ciclicamente riemergono dirompenti ...

# e-web-sec: almost nine percent

<<  Almost 9 percent of popular apps downloaded from Google Play interact with websites that could compromise users’ security and privacy >>

Sarah Nightingale On Dec  3, 2015

http://ucrtoday.ucr.edu/33508

# e-sec: brainjacking in medical implants

<< Here  are  some  real  examples  of  what  can  be  achieved  if  you  have  access  to  somebody’s  DBS [Deep Brain Stimulation] electrodes.  You  can  induce  mania,  hypersexuality,  and  even  pathological  gambling.  You  can modify  emotions.  Patients  undergoing  DBS  therapy  have  sometimes  experienced  pathological crying  and  inappropriate  laughter,  "likely  due  to  off-target  stimulation,"  says  the  paper.  Strong sensations  of  fear  and  panic  have  also  been  observed. >>

Charlie  Sorrel.  Brainjacking,  Or  How  Hackers  Can  Remote Control  Your  Medical  Implants. 06.29.16 11:46  AM

http://www.fastcoexist.com/3061323/brainjacking-or-how-hackers-can-remote-control-your-medical-implants

Laurie Pycroft, Sandra G. Boccard, et al. Brainjacking: Implant Security Issues in Invasive Neuromodulation. DOI: http://dx.doi.org/10.1016/j.wneu.2016.05.010. Published Online: May 13, 2016

http://www.worldneurosurgery.org/article/S1878-8750(16)30272-8/abstract