Results 1 to 15 of 15

Thread: Speech Recognition Feature in Chrome Exploited by Spies

  1. Header
  2. Header-68

BLiNC Magazine, always served unfiltered

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1

    Speech Recognition Feature in Chrome Exploited by Spies

    Cyber attackers have found a way to use the speech recognition feature in Chrome to spy on ordinary users of the worldwide web. They managed to switch on a microphone using bugs in the Google Chrome browser. The exploit was discovered by one of the developers, who found it when working on a popular JavaScript Speech Recognition library. This allowed the developer to find many bugs in the browser and to come up with an exploit which combines all.


    The developer was quick to report the exploit to Google’s security team in private back in September 2013. In less than a week, Google’s engineers have found the bugs, suggested fixes, and in the next five days a patch was ready. By the way, the developer’s find was nominated for Chromium’s Reward Panel.

    The strange thing was that as time passed, the fix wasn’t released. When asked why, Google’s team answered that there was an ongoing discussion within the Standards group, to agree on the best course of action. In other words, the company couldn’t decide what to do, though there were not many options.

    It’s 2014 already, but Google is still waiting for the Standards group to agree on the correct behavior, while leaving Chrome browser vulnerable. Indeed, all it takes is a user to visit a website exploiting speech recognition to offer some interesting new functionality.

  2. #2

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    New VPN Technology Claims to Thwart Great Firewall of China

    January 28, 2014

    The Great Firewall of China, which restricts Chinese citizens’ access to a free Internet, is a mechanism that many try to tunnel through in order to access sites like YouTube and Facebook. While VPNs work some of the time, the Chinese government has developed technology to not only discover but disconnect such tools. Speaking with TorrentFreak, Internet company Golden Frog says that their new Chameleon VPN protocol aims to thwart such efforts.

    vyprvpnThe Great Firewall of China is a formidable and oppressive beast. This series of surveillance and censorship mechanisms operated by the Chinese government was created in order to restrict Chinese citizens’ access to content on the Internet, thereby controlling their information intake and shaping their opinions.

    By Western standards the list of sites censored by the government is shocking. Facebook, YouTube, various Google sites, Wikipedia, WordPress, the Internet Movie Database, Dropbox, Archive.org and even The Pirate Bay are all blocked in China, and that’s just the tip of the iceberg.

    Of course, this blatant censorship only prompts the tech savvy to find technological solutions to the problem, known locally as the Golden Shield Project. One of the most popular in recent times is to use a VPN service but there are signs that the Chinese authorities are beginning to take notice. Entering the URLs of some popular VPN services into a specialist censorship checker reveals that many are getting blocked.

  3. #3

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    Now Carmakers Spy on You
    Added: Saturday, January 11th, 2014

    The recent news is that automakers have been collecting and keeping information about where you have been. According to a US government watchdog, the owners of the cars can’t demand that the data about where they have been be destroyed.

    According to the Government Accountability Office, they found that major carmakers have differing policies about how much information they can collect and how long they can keep it. Media reports confirm that the carmakers collect location data to provide drivers with real-time traffic situation, to help find the nearest gas station, or to provide emergency roadside assistance.

    So, Toyota, Honda and Nissan found themselves at the centre of the investigation, as well as navigation system creators Garmin and TomTom and developers of Google Maps and Telenav. Apparently, automakers had taken steps to protect privacy and were never selling personal information of owners, but it didn’t change the fact that drivers aren’t aware of all risks.

    Some experts say that more work needed to be done to ensure privacy protections for in-car navigation systems and mapping applications. Perhaps, the location privacy legislation will be reintroduced later in 2014.

    With cars getting smarter, there is more than just navigation systems providing interesting information. Event data recorders, known worldwide as "black boxes," store information in the event of crashes. Such transponders as EZ-PASS transmit location and can even be used by law enforcement and for research. Moreover, some car owners agree to monitoring of driving habits in order to qualify for lower insurance rates or to keep tabs on young drivers.

    A contractor working with these three companies told the Government Accountability Office that when a consumer requests services, such data as location, VIN and other information may be kept for up to 7 years.

  4. #4

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    Google Removed Chrome’s Infected Twitter and Feedly Extensions
    Added: Friday, January 24th, 2014

    The tech giant has pulled rogue malware-serving extensions from its Chrome web store after they were found to hijack links and serve intrusive advertising.

    Both extensions were initially legitimate instruments to connect to Twitter and the RSS service. However, they were later bought and subverted by entities selling invasive advertising. Those companies used the extensions in question as a platform to hijack Google searches, redirect links to ads and serve intrusive adverts to unsuspecting users.

    Chrome extensions are normally used to add certain functions to a web browser, like apps do with a mobile phone. Browser extensions may add new features or remove others – for example, block adverts or add quick links to other services like Twitter and Facebook. Chrome web store policy prevents developers from inserting ads on more than one part of a page, but it turned out that invasive adware has made use of the automatic update feature of the browser. The latter allows Google Chrome and its extensions to be silently updated in the background without human interaction.

    “Add to Feedly” creator admitted that he had sold his extension to someone for an undisclosed small price – four-figure offer for something that had taken just one hour to create. Now the unknown buyer added code into Feedly and silently installed it on users’ machines via the update mechanism, to start serving invasive adverts while people are surfing the web. The same happened with another small extension known as “Tweet This Page” – it was also silently altered to serve adverts, redirect links and hijack Google searches.

    In the meantime, developers of larger extensions confirmed that they have also been approached in a similar manner by various companies, which were looking for extensions and user data. Browser’s extensions which access a webpage’s content require user’s permission upon install, and it is used by the malware developers to inject adverts into pages without people knowing.

    Once installed, the malware can’t be detected via traditional means – by anti-malware or antivirus software. Therefore, it can only be removed by uninstalling the Chrome extension, but for many users it’s not easy to find the cause of the problem.

  5. #5

    US Authorities Don't Know What to Do with Seized Bitcoins

    US Authorities Don't Know What to Do with Seized Bitcoins

    US prosecutors in Manhattan hauled in almost 30,000 Bitcoins, which is worth $27 million at the moment. This digital money had belonged to Silk Road, a virtual black market trading drugs and hacking services. The FBI shut down the service a few months ago and arrested its founder in San Francisco.


    Name:  d58d2f72-c4c9-4bf2-a31a-fbe7d637e522-460x276.jpeg
Views: 75
Size:  48.4 KB

    Thus far, nobody was brave enough to claim the Bitcoins found in electronic wallets used to store the digital currency. But this is not all. An additional 145,000 Bitcoins ($128 million) were also discovered, but the FBI’s claim on them is currently being disputed by Ross William Ulbricht, the man recognized as the founder and main operator of Silk Road.

    This situation puts the government in an unusual position, if you remember their concerns about the way in which digital currencies are used by criminals in money laundering. Bitcoin is actually just a software code which defines units of value that users can move back and forth among themselves. Bitcoin’s value isn’t pegged to a hard currency like the dollar or the euro but is rather determined by the demand for digital currency.

    The government is still trying to decide what to do with the seized money. The matter is that Bitcoin’s value has fluctuated wildly over the past few months. Actually, when Silk Road was shut down, the seized amount was worth only $3.6 million, far below current $27 million. But today a large sale of Bitcoins by the government could drive down the currency’s price.

    It is known that most goods seized by American authorities end up in the hands of the US Marshals. There the goods are either auctioned or repurposed for government use. The Marshals aren’t only experienced in unloading forfeited SUVs or houses, they also deal with complex financial instruments, foreign companies and other kinds of obscure assets forfeited by criminals. Even though Bitcoin is a new form of asset, the Marshals will find out how to liquidate it – whether via an exchange or a buyer who wants to buy it directly from them.

    The founder of Silk Road, Ross William Ulbricht, 29, was arrested in October in a San Francisco public library. He was charged by prosecutors in New York with money laundering, computer hacking and drug trafficking and is currently being held at a federal detention centre in New York without bail. Although Ulbricht has maintained his innocence, he hasn’t entered a formal plea.

  6. #6

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    Vice chairman of the Bitcoin Foundation who lobbies on behalf of the digital currency was arrested. He is accused of conspiracy to commit money laundering and encouraging anonymous drug trading.

    Charlie Shrem, the Bitcoin’s vice chairman, was arrested at JFK airport. This news came as a shock for the digital currency lobby group and its supporters. Two of them, twins Winklevoss, are known for their early involvement with Facebook, and have recently become backers of the digital currency.

    Aside from Shrem, one more individual, Robert Faiella, was also arrested and charged for the same crimes. It is known that he was operating a small Bitcoin exchange under the name BTCKing. The charges accuse both men of engaging in a scheme to sell over $1 million in Bitcoins to Silk Road members. If you remember, Silk Road was the online black marketplace shut down by the FBI last year.

    Charlie Shrem was one of the top executives on the Bitcoin Foundation, and the staff of the foundation have been doing their best to distance the digital currency from its links to crime. They testified to the US Senate in 2013 and were lobbying regulators in Washington. They keep insisting that Bitcoin Foundation had never been involved in any of the allegations.

    In the meantime, the US drug enforcement administration confirmed that charges depict their commitment to identifying people promoting the sale of illegal drugs. Both arrested men are charged with facilitating anonymous drug sales and earning substantial profits. It is clear that the charges stem from Charlie’s ownership of the BitInstant exchange – he is its CEO and co-founder. The exchange hit the headlines last May when the famous twins led a seed round that raised $1.5 million of investment. As you can understand, the timing of the charges is unfortunate for the Winklevoss, who are set to speak soon at a conference on digital currencies. They explained that when they invested in BitInstant in 2012, its management swore they would abide by all applicable laws. Although the exchange isn’t directly named in the indictment of Charlie Shrem, the twins are deeply concerned about his arrest. The Winklevoss reminded that they are just passive investors in BitInstant and are ready to do everything they can to help law enforcement agencies.

    However, the papers revealed that Charlie Shrem is also charged with failing to report any suspicious activity regarding Faiella’s unauthorized transactions via the company. They are accused of developing a scheme to sell over $1 million in Bitcoins to criminals bent on trafficking drugs on Silk Road. Apparently, Bitcoins can be laundered and used to fuel criminal activity like any traditional currency, so law enforcement had to act immediately.

    It was found that Robert Faiella offered digital currency for sale on the Silk Road website – this move would entail knowing of their drugs trade. The Bitcoins for sale were bought from the BitInstant exchange, and Shrem, as its compliance officer, was supposed to ensure its compliance of anti-money-laundering laws.

    The accusations say that Shrem knowingly allowed Faiella to use BitInstant services to purchase Bitcoins for Silk Road members, and even personally processed all transactions and provided discounts on high-volume order. For some reason, Shrem never filed suspicious activity reports about the transactions, but instead helped Faiella circumvent the anti-money-laundering restrictions.

    It should be noted that Winklevoss twins’ investment in the exchange was only a small part of their total investment in digital currency. So they can’t be happy about the news that Shrem and Faiella’s arrest affected the price of Bitcoin, which instantly dropped by 3% on the Mtgox exchange.

  7. #7

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    Security firm’s report revealed that Amazon online services are the biggest malware servers across the globe, followed by GoDaddy and Google. The reason is that malware producers take advantage of the cloud. The report claims that hackers are using cloud hosting platforms in order to quickly and effectively serve malware to oblivious users. This allows them to bypass detection and geographic blacklisting by serving from a trusted provider like Amazon.

    Security experts found out that the intruders compromised legitimate websites for nefarious purposes, along with buying and hosting their own websites. Today’s ease of website creation, low cost and speed of deployment allows to infect millions of machines and lots of enterprise systems. Of course, cloud providers, including Amazon, GoDaddy and Google, have security policies against malicious activity and do their best to take down offenders once they are discovered. The problem is that a huge number of sites hosted on their cloud systems all make that discovery job difficult, while the malware producers are trying to seek safety in numbers. Security experts admitted that it’s still up to providers to do something to stop the proliferation of malware and hold responsibility for monitoring the activities on their properties.

    Information from the report also demonstrated that in the last quarter of 2013, the United States was the most active malware hosting nation, accounting for 44% of the worldwide share of malware. This is 5 times more than Germany, which accounted for 9% of the global malware and followed the US in the list. As for the online services, Amazon appeared the top malware-hosting provider (16% of the global share), followed by GoDaddy (14% share).

    Some may remember that a few months ago a Google-backed BitTorrent client was caught spreading malware to Windows PCs and Android users.

  8. #8

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    Snowden leaks revealed that the NSA has installed spying software in 100,000 machines all over the globe. Most of the software was installed when the agency got access to computer networks. Moreover, it is claimed that the National Security Agency had a secret technology to enter even computers not connected to the Internet.

    Papers leaked by Edward Snowden claim that the technology in question had been in use within the last five years. It relied on a covert channel of radio waves transmitted from tiny circuit boards and USB cards secretly inserted in the machines. Apparently, this fixed the biggest problem the US intelligence agencies faced before: getting into machines that users have tried to make impervious to spying or cyber attack.

    The victims of the program, code-named Quantum, have included Chinese military – the same one that Washington has in turn accused of conducting digital attacks on American military. Besides, Quantum could also be found in Russian military networks and systems used by Mexican police and drug cartels, EU trade institutions and allies like Saudi Arabia, India and Pakistan.

  9. #9

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    The Chinese tech giant has made a 40% rise in annual operating profit despite being blacklisted in the United States because of claims of cyber spying. The record growth is attributed to Huawei growing in emerging markets.

    The results of 2013 showed that Huawei had a tough year, as two of the largest markets (the US and Australia) refused to let the company take government contracts. Huawei chose another way and placed its hopes in developing markets and Europe, where it has made headway building 4th-generation mobile networks.

    The unlisted company has denied any spying links with the Chinese government and recently reported an unaudited 2013 operating profit of $4.8 billion (increase of 43%). Huawei’s revenue was $39.3 billion (8% increase, despite the goal of 10%). The Chinese giant, which ranks behind Ericsson in telecom gear sales, is expected to release audited financial results for 2013 in the 2nd quarter of 2014. Huawei’s flagship carrier business, which provided almost 3/4 of revenue in 2012, sells equipment to telecom operators.

    In addition, smartphone shipments reached 52 million units worldwide in 2013, though the goal was 60 million unit target. The company is recognized as the 3rd-largest smartphone maker globally in the 3rd quarter of 2013, with a 5% market share. But the company is far beyond Samsung and Apple, accounting for 35% and 13% share respectively. Finally, Huawei also has an enterprise segment, which builds and sells communications equipment to businesses and institutions.

  10. #10

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    The Federal Bureau of Investigation has seized the entire email database of a well-known anonymous webmail service TorMail. This means that all of your secret mails now can be read by the agents. The service was seized while investigating a hosting company accused for sheltering kids porn in 2013. Now the US government claims that it has uncovered lots of emails that can be used in unrelated investigations.

    Seized from Freedom Hosting, the email database emerged in court papers in the end of January when prosecutors indicted a Florida individual for trading counterfeit credit cards on the Internet. The FBI executed a search warrant on a Gmail account the alleged counterfeiters used, and discovered that orders for fake cards were sent to a TorMail e-mail account. Then the agents obtained a search warrant for that account and accessed it from the FBI’s own copy of “data and information from the TorMail email server, including the content of TorMail email accounts”.

    It means that the FBI collects data into a virtual lock box and leaves it there until it manages to obtain specific authority to tap it later. So far the agency doesn’t search the trove for incriminating evidence before receiving a warrant. However, now the FBI has a copy of the TorMail’s servers and is able to execute endless search warrants.

    The problem for TorMail users is that the mail service once claimed that it was absolutely immune to spying. This move gives the FBI the second major victory over so-called anonymous communication. Back in 2013, the agency won a court order demanding secure email provider Lavabit to turn over the master encryption keys for its site. This court decision would have given agents the technical ability to spy on all 400,000 users of the service. Instead of complying, Lavabit preferred to voluntarily close down and is currently appealing the surveillance order.

    As for TorMail, this service was known as the webmail provider of the Darknet of anonymous and encrypted sites and services, which makes the cache of the US authorities very valuable.

  11. #11

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    The hacker group loyal to Syrian strongman Bashar al-Assad has recently managed to break into the online calling service Skype. A few days ago the Syrian Electronic Army published the contact information of Microsoft CEO Steve Ballmer, suggesting that someone might want to call him.

    It seems that the Syrian Electronic Army is upset that the tech giant is monitoring all Skype calls for the American spooks. Although most people would consider this outrageous, it doesn’t tend to generate so much outrage as what else Syria can do.

    A message published on Skype's official Twitter feed on the first day of the year, apparently by the hacking group (as it included hashtag #SEA), recommended people not to use Microsoft emails (hotmail, outlook), as those were monitoring all accounts and selling the data to the governments.

    Messages like those were also posted on Skype's official Facebook pages and on its website blog. Millions of people could see them before they were removed in late afternoon. However, the Syrian Electronic Army later tweeted out copies of that message "for those who missed it”.

    It should be noted that this week a monitoring group claimed the death toll in Syria's civil war, which started three years ago as peaceful protests against 40 years of rule by Assad's family, had increased to at least 130,000.

  12. #12

    Re: Speech Recognition Feature in Chrome Exploited by Spies

    Facebook Might Lose 4/5 of All Users in 3 Years
    Added: Wednesday, January 29th, 2014

    According to the researchers at Princeton University, the most popular social network in the world, Facebook, has spread like smoke, but now people slowly become immune to its attractions. The predictions are that the platform will be largely abandoned by 2017.

    The expectations of Facebook’s impending doom build on comparing the growth curve of epidemics to those of online social networks. The researchers believe that, like bubonic plague, Facebook may also eventually die out.

    Facebook celebrates its 10th birthday this week and has survived longer than its many rivals like Myspace and Bebo. However, the Princeton forecast states that the network will lose 80% of its user base within the next several years.

    The researchers have based their prediction on the number of times the word “Facebook” was typed into Google search. According to Google Trends charts, Facebook searches peaked a year ago and have since been slowing down. The researchers explained that ideas, just like diseases, have been spreading infectiously between people before dying out one day. This model is successfully described with epidemiological models and can be applied to online social network dynamics. The matter is that ideas are spread between people who share ideas with each other, but once idea manifesters lose interest with it and no longer manifest the idea, they get “immune”.

    Four months ago, Facebook reported almost 1.2 billion monthly active users, and the company is due to update investors on its traffic numbers soon. Although desktop traffic to the service is reported to be falling, it can be explained by the fact that people now mostly access the network via their mobile phones.

    The researchers used a “SIR” (susceptible, infected, recovered) model of disease for their study. The latter creates equations to map the spread and recovery of epidemics. Different equations against the lifespan of Myspace were tested before being applied to Facebook. The former network was created in 2003 and reached its peak in 2007 with 300 million registered users, but fell out of use by 2011. Acquired by News Corp for $580 million, Myspace soon signed a $900 million deal with Google and was once valued at $12 billion. However, in the end it was sold by News Corp for as little as $35 million.

    Well, the 870 million users who access Facebook via their mobile phones can easily explain the drop in Google searches – they don’t have to type the word Facebook into Google to log on, because they have mobile apps now. Still, Facebook has officially admitted that during the previous 3 months they did see a decrease in daily users, especially among younger teens. However, the company’s investors are quite happy with Facebook’s share price, which reached record highs this month, valuing the social network at $142 billion.

  13. #13

    Re: Speech Recognition Feature in Chrome Exploited by Spies


  14. #14

    Re: Speech Recognition Feature in Chrome Exploited by Spies


  15. #15

    Re: Speech Recognition Feature in Chrome Exploited by Spies



    KG used to be

Similar Threads

  1. BBC Modern Spies
    By airdog07 in forum The BLiNC Lounge
    Replies: 8
    Last Post: September 23rd, 2013, 07:33 PM
  2. state-of-the-art facial recognition technology
    By airdog07 in forum The BLiNC Lounge
    Replies: 4
    Last Post: August 30th, 2013, 04:32 PM
  3. Hackers Found and Exploited Security Flaw in Java
    By airdog07 in forum The BLiNC Lounge
    Replies: 9
    Last Post: September 17th, 2012, 09:26 PM
  4. Chrome browser issue?
    By MarcoPoko in forum Suggestions and Feedback
    Replies: 3
    Last Post: March 24th, 2011, 06:22 AM
  5. Replies: 0
    Last Post: November 7th, 2008, 03:25 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •