Privacy Watch Weekly – 2016-09-02


Alaska Native groups criticize fair board over rappers’ ejection

If you enjoyed the fair being free of people walking about with rifles on their back, you can thank private property rights. If you enjoyed being able to do …


Kali Linux 2016.2 — Download Latest Release Of Best Operating System For Hackers

As promised at the Black Hat and Def Con security and hacking conferences, Offensive Security – the creators of Swiss army knife for researchers, penetration testers, and hackers – has finally released the much awaited Kali Linux 2016.2.

Kali Linux is an open-source Debian-based Linux distribution designed to help ethical hackers and security professionals with a wide range of tools for


Sophos CEO Kris Hagerman recognized as 14th Most Influential Executive by CRN

Kris Hagerman

Kris Hagerman
Sophos CEO

We’re delighted to say that Kris Hagerman, our CEO and fearless leader, has been ranked 14th in CRN’s Top 25 Most Influential Executives and CRN’s Top 100 Executives (US). These two high profile lists recognize Kris as a leader and visionary in the channel, security sector and technology in general.

In building its shortlist of top influential executives, CRN says it looks for those who “through their vision, passion and fire have set the agenda for the channel and for the tech industry as a whole.”

Since joining Sophos in September 2012, Kris has certainly done that.

Kris took Sophos public in 2015 – the largest ever IPO in the UK for a software company – and under his leadership the company launched synchronized security, along with our revolutionary Security Heartbeat technology – a first of its kind in the industry.

We’ve acquired great companies with innovative technology, and late last year we released our first ever Home product. We even introduced a Sophos Store, where you can get your very own version of Kris’ favorite surfboard.

Sophos is a rewarding place to work, and we’re continually named an ideal company for graduates to start their career. We support efforts to grow and educate the cybersecurity workforce through initiatives like our first-ever Girls in Coding Day, we recently invested in a new career-program partnership with Willis College in Ottawa, and we are proud to play an active role as a responsible corporate citizen, such as our efforts to adopt Ropda village in India.

I’m honored to receive this recognition from CRN,” said Kris. “I love everything about Sophos – we have a great team, a strong and authentic culture, and our complete security portfolio is something to be immensely proud of. Together with our robust partner community, we protect over 220,000 enterprises of all sizes all over the world – a number that is growing by over a thousand every month. We are committed to continue building on our rich heritage to deliver a cloud-enabled and fully integrated next-generation security platform that provides enterprise-grade security – that is also easy to manage.

And why did CRN think Kris deserved to rank so highly? Here’s what it said:

Kris Hagerman is pushing Sophos to new heights, first with the fall launch of Security Heartbeat – the vendor’s vision for integrating endpoint and network security – and then with the May rollout of a new program that ports that technology to a managed services model, giving channel partners total flexibility in how they deliver synchronized security. When a CEO literally puts “channel” into his company’s mission statement, it’s pretty clear where he stands on the importance of partnership.

But Kris won’t stop there. Over the last few years, Sophos has been introducing next-gen protection technologies such as Malicious Traffic Detection, Application and File Reputation, Runtime Behaviour Detection, and Synchronized Security, which go far beyond signature recognition to prevent, detect and remediate an entire system that is under attack.

Our release of Sophos Intercept X later this year will change the way the market views endpoint protection. With exploit detection, anti-ransomware capabilities and the ability to hunt down and destroy persistent malware and spyware, Sophos Intercept X heralds a new age in endpoint protection.

With Kris at the helm, the future is exciting for us at Sophos, our customers and our channel partners.

Congratulations Kris!

Filed under: Corporate, Partners Tagged: CRN, Kris Hagerman, Sophos


Hey, Music Lovers! Last.Fm Hack Leaks 43 Million Account Passwords

Another Day, Another Data Breach!

If you love to listen to music online and have an account on Last.fm website, your account details may have compromised in a data breach that leaked more than 43 Million user personal data online.

Last.fm was hacked in March of 2012 and three months after the breach, London-based music streaming service admitted to the incident and issued a warning,


Update your Mac OS X — Apple has released Important Security Updates

If you own a Mac laptop or desktop, you need to update your system right now.

It turns out that the critical zero-day security vulnerabilities disclosed last week, which targeted iPhone and iPad users, affect Mac users as well.

Late last week, Apple rolled out iOS 9.3.5 update to patch a total of three zero-day vulnerabilities that hackers could have used to remotely gain control of an


Tonight Mr. Robot is Going to Reveal ‘Dream Device For Hackers’

Mr. Robot is the rare show that provides a realistic depiction of hacks and vulnerabilities that are at the forefront of cyber security. This is the reason it’s been the most popular TV show of its kind.

Throughout season 1 and season 2, we have seen that connected devices are the entry point of choice of Elliot and fsociety to breach networks and traditional security controls.

Pwn Phone On


Scientists show that ‘Superman’ disguise could actually work

Small alterations to a person’s appearance, such as wearing glasses, can significantly hinder positive facial identification, new research shows.


Dropbox Hacked — More Than 68 Million Account Details Leaked Online

Hackers have obtained credentials for more than 68 Million accounts for online cloud storage platform Dropbox from a known 2012 data breach.

Dropbox has confirmed the breach and already notified its customers of a potential forced password resets, though the initial announcement failed to specify the exact number of affected users.
<!– adsense –>
However, in a selection of files obtained


Record-breaking 1.9 Gbps Internet Speed achieved over 4G Mobile Connection

Elisa, one of the biggest Finnish Internet Service Providers (ISP), claims to have achieved a new world record for 4G network with 1.9 gigabit-per-second (Gbps) data download speed using Huawei technology.

Currently, Sweden and the United Kingdom have been crowned as the top countries across the world when it comes to fastest mobile 3G and 4G speeds, but now Finland is also working hard to


Chainfire’s SuHide — Now You Can Hide Your Android Root Status On Per-App Basis

Famous Android developer Chainfire released an experimental hack with a new app, called “Suhide,” that allows users to hide the root status of their rooted Android devices on an app-by-app basis.

Rooting your Android device can bring a lot of benefits by giving you access to a wide variety of apps and deeper access to the Android system…But at what cost?

One of the major drawbacks of


Two US State Election Systems Hacked to Steal Voter Databases — FBI Warns

A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states, according to the FBI, who found evidence during an investigation this month.

Although any intrusion in the state voting system has not been reported, the FBI is currently investigating the cyberattacks on the official websites for voter registration


Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains

A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.

The certificate authority, named WoSign, issued a base certificate for the Github domains to an unnamed GitHub user.

But How? First of all, do you know, the traditional Digital Certificate


German Artist Gets Strangers Around The World To Exchange Data Offline

Read more: Art, Nyc, Online Privacy, Berlin, Open Data, Spy, Aram Bartholl, Dead Drops, Usb, HuffPost Live 321 News


One in two users click on links from unknown senders

Most people know that e-mails and Facebook messages from unknown senders can contain dangerous links. However, many users still click on them and researchers have investigated why. The results: up to 56 percent of e-mail recipients and around 40 percent of Facebook users clicked on a link from an unknown sender although they knew of the risks of their computer becoming infected with a virus. And the main reason? Curiosity.


Russian Lawmaker’s Son Convicted of Stealing 2.9 Million Credit Card Numbers

The son of a prominent Russian lawmaker has been found guilty in the United States of running a hacking scheme that stole and sold 2.9 million US credit card numbers using Point-of-Sale (POS) malware, costing financial institutions more than $169 Million.

Roman Seleznev, 32, the son of Russian Parliament member Valery Seleznev, was arrested in 2014 while attempting to board a flight in the


Crypto 2016: Breaking the Circuit Size Barrier for Secure Computation Under DDH

The CRYPTO 2016 Best Paper Award, went to a paper written by Boyle et al [1]. The paper provides several new protocols based on a DDH assumption with applications to 2PC (2 party-computation), private information retrieval as well as function secret sharing.

Even more interesting, the authors present a protocol where 2PC for branching programs is realized in a way that communication complexity depends only on the input size and the computation is linear of circuit size.

The central idea develops around building efficient evaluation of RMS (restricted multiplication straight line) programs. The special feature of RMS is that they allow multiplications only with memory and input values; the additions come for free between memory values. Although this class seems quite restrictive it covers the class of branching programs (logaritmic depth boolean circuits with polynomial size and bounded input).

In the 2PC evaluation of RMS, suppose there is a linear shared memory value $[y]$ between the parties $P_1$ and $P_2$. When $P_1$ wants to share an input value $x$ to $P_2$ it sends an ElGamal encryption of $x$, $g^{xc}$ where $c$ is a symmetric ElGamal key. Clearly, the encryption is homomorphic with respect to multiplication, but how can we make any operations between a linear SS (secret shared) value and an ElGamal encryption?

This is solved by introducing a distributive DLog procedure which converts the El-Gamal ciphertexts into linear SS values. The method uses a truncated PRF which counts the number of steps until the PRF evaluated in the ElGamal encryption equals to $0$. Unfortunately this algorithm has a probability of outputting an incorrect result but it can be fixed by evaluating multiple instances of the same protocol in parallel and then use an MPC protocol to select the result majority.

Of course, there are some caveats at the beginning of the scheme such as converting the key generation procedure to a public key one and removing circularity key assumptions. These are gradually presented by the authors so that it can ease the reader’s understanding of the ideas.

What I find neat is that at the end of the paper we can see easily how to reduce the communication for general ‘dense’ arithmetic circuits by splitting them in multiple reduced depth chunks and then apply the RMS programs for each gate (because an addition or multiplication gate can be represented as a branching program).

Of course we can spot some open problems left as future work such as:

  1. Extend the protocols for larger classes other than branching programs.
  2. Protocol only works for $2$ parties. Can we find something with constant communication for multiple parties without using FHE?
  3. Can we convert the protocol for malicious parties in some other way rather than a generic complier as in [2]?

[1]: Boyle, Elette, Niv Gilboa, and Yuval Ishai. “Breaking the Circuit Size Barrier for Secure Computation Under DDH.”
[2]: Ishai, Yuval, et al. “Cryptography with constant computational overhead.” Proceedings of the fortieth annual ACM symposium on Theory of computing. ACM, 2008.


Opera Browser Sync Service Hacked; Users’ Data and Saved Passwords Compromised

Opera has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week.

Opera Software reported a security breach last night, which affects all users of the sync feature of its web browser.
<!– adsense –>
So, if you’ve been using Opera’s Cloud Sync service, which allows users to synchronize their browser data and settings


Megaupload Domains Seized by FBI ‘Hijacked’ to Host Porn Ads

Well, we all know that the FBI has previously hosting porn on the Internet. I still remember the case of PlayPen, the world’s largest dark web child pornography site, which was seized by FBI and ran from agency’s own servers to uncover the site’s visitors.

Now, one of the most popular sites owned and operated by the FBI has been serving porn as well.

FBI-owned Megaupload.org and several


Hacker reveals How He Could have Hacked Multiple Facebook Accounts

How to Hack a Facebook Account?

That’s possibly the most frequently asked question on the Internet today. Though the solution is hard to find, a white hat hacker has just proven how easy it is to hack multiple Facebook accounts with some basic computer skills.

Your Facebook account can be hacked, no matter how strong your password is or how much extra security measures you have taken. No

Share

Comments are closed