#Defcon Level Warning System
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
70% of Tumblr users say the Dashboard is their favorite place to spend time online.
Note
I feel like the ricbull levels should be hurricane style with categories because whenever we go up a category it feels like we're being attacked from all sides like hurricane force winds..
A quick explainer:
Categories: Based on level of damage possible (Category 5 = Catastrophic (Ricbull Confirmed), Category 4 = Extreme, 3= Extensive, 2 = Moderate, 1 = Minimal (Ricbull is cancelled))
Level: Based on how close we are to all out war (1 = Nuclear war is imminent (Ricbull Confirmed), 2 = VERY Elevated Readiness, 3 = Elevated Readiness, 4 = Above Normal Readiness, 5 = normal (Ricbull is cancelled))
Color: Based on how toxic the environment is to our well being (Green = Good (Ricbull Confirmed), Yellow = Moderate, Orange = Unhealthy for Sensitive Groups, Red = Unhealthy for Everyone, Purple = Hazardous (Ricbull is cancelled))
90 notes
·
View notes
Note
Isn’t Crowley in season 2 the gayest thing you’ve ever seen?
Extraordinarily gay, Anon. If there was an early warning system for homosexuality like they have for belligerent actions in the military, Crowley would be at DEFCON Fabulous. Allow me to share a few of my favorite gay Crowley moments:
So, for the first two moments, I'm thoroughly amused and delighted by just how much more David has upped the "dramatic bitch" quotient in season 2. We saw in season 1 that Crowley could be very dramatic when the occasion called for it--such as that little pesky thing called the Apocalypse--but what feels different to me now is that this is Crowley's "everyday" dramatic bitch. The part of him he kept hidden in the first season but now feels comfortable showing, specifically and especially to Aziraphale.
It's one of several things that adds to the very "domestic" feeling of season 2, along with Crowley also whipping off his sunglasses the minute he sets foot in the bookshop. He saunters in like there's a red carpet on the floor and waits expectantly for Aziraphale to tell him he's pretty, and even just standing there, Crowley radiates The Gay in epic quantities.
And then there is the third moment. Crowley in Heaven, in that absolutely ludicrous outfit. The gold sigil. The scarf. The headband. He looks like he just got done inventing glory holes and is excessively smug about the blasphemy of it all. The entire outfit literally goes from hideously ugly to incredible just because Crowley is taking the word "extra" to new heights (or depths, as it were).
I also think that the reason Crowley is so much more dramatic and so much gayer in season 2 is because of David. We know that Michael put everything of himself into Aziraphale in the first season and repeatedly said that he didn't know where the line was between the character and himself, but in contrast, I think David was playing Crowley by the book. (Quite literally, as in Crowley the way he was written in the GO novel.)
Now, though, it's plainly obvious that David has put much more of himself into the role, as we've seen him wear that exact headband IRL and the trackslut--sorry, tracksuit--seems to be an homage to the hoodie David was living in throughout the seasons of Staged...and it's also unzipped to the navel, as David was fond of doing in scenes with Michael with nothing on underneath.
So yes, Crowley in season 2 of GO is most certainly the gayest thing I've ever seen, but not just because of the clothes. It's the level of comfort in his skin, the feeling of safety he seems to have with Aziraphale that lets him be who he really is, without fear or worry. It's that he can be a dramatic bitch knowing full well that Aziraphale will call him a dramatic bitch, but still love him anyway. I think we are going to see all sorts of levels to Crowley's gayness this season (with and without Aziraphale), and I'm so excited for it...
#anonymous#reply post#good omens 2#crowley#david tennant#soft scottish hipster gigolo#the gold sigil though#and that scarf#he looks like a gay '80s mod jogger#so wrong that it's right#david tennant knows what's up#no way he doesn't know exactly what he is doing#choices#can't wait to watch#gifs by me#discourse
58 notes
·
View notes
Text
For anyone who cares where we are on the national alert system 👇
If you wish to follow it for upcoming events👇
This is NOT a joke... Pay Attention 🤔
#pay attention#educate yourself#educate yourselves#knowledge is power#reeducate yourself#reeducate yourselves#think for yourself#think for yourselves#think about it#do your homework#do some research#do your own research#do your research#question everything#ask yourself questions#defcon
17 notes
·
View notes
Text
Global Radiation Report: DefCon 3 - Current Level
Global Radiation Report: DefCon 3 – Current Level
Defcon 3 – Round house 3-8-2022 | 4:51 pm UTC Taken from Defcon Level Warning System: https://www.defconlevel.com/current-level.php Taken from Defcon Level Warning System: https://www.defconlevel.com/current-level.php Only reached 3 times in the past 10 years. The Top 12 current Gamma Radiation readings in the US. City, State CPM @ 1608 hours Mar 8, 2022 2010 to 12/31/2021 Billings,…
View On WordPress
#"...on the Road to Extinction"#Defcon Level Warning System#nuclear#Radiation#Top 12 current Gamma Radiation readings in the US
0 notes
Photo
CLIMATE CHANGE/SEA LEVEL RISE WARNING LEVELS VISUALIZED ON NYC BRIDGES 🚨🚨🚨 Repost @biberarchitects ・・・ The most recent UN Climate Report on our planet's health is incredibly frustrating and fills us with hopelessness. As we all begin to process this, while wild fires are raging and as more grim reports are released, we wonder "why is humanity attempting to commit suicide?" and "Why are some communities in denial about this situation?" For the believers, we start to wonder about how to engage these communities, how can they begin to empathize with the impact of this news? What if we create a symbol, a reminder of the impending doom, an experience that people can easily wrap their heads around. If you've ever been to an area that's been flooded locals will be happy to point out the flood's scar known as the high water mark. In lieu of waiting for #climate change's scars we should highlight it. Let's create those scars on the NYC's bridges with three warnings, bad (yellow), worse (orange), and worst (red). Similar to our Defcon system, as things get better (hopefully) we'll start to erase/remove the red bar, then the orange, then eventually the yellow. Its a team effort, so if we do this in every city/town we could potentially motivate everyone to get their shit together and get things back to a green/blue level. (at Brooklyn Bridge) https://www.instagram.com/p/BrqPRDkFxQ8/?utm_source=ig_tumblr_share&igshid=1meqfbg3a5sts
14 notes
·
View notes
Text
A very significant feature leaves millions of Dell PCs vulnerable
A very significant feature leaves millions of Dell PCs vulnerable
https://theministerofcapitalism.com/blog/a-very-significant-feature-leaves-millions-of-dell-pcs-vulnerable/
Researchers have known per years on security issues with the basic computer code known as firmware. It often is full of vulnerabilities, it’s hard to update with patches, and it’s getting more and more target real-world attacks. Now, a well-intentioned mechanism to easily update the firmware of Dell computers is vulnerable to itself as a result of four rudimentary errors. I these vulnerabilities could be used to gain full access to target devices.
He new discoveries of researchers at security firm Eclypsium impact 128 recent models of Dell computers, including desktops, laptops and tablets. Researchers estimate that vulnerabilities expose a total of 30 million devices and that farms operate even on models that incorporate Microsoft Secure Core PC Protections: A Specifically Built System to reduce the firmware vulnerability. Dell is currently releasing patches for defects.
“These vulnerabilities are in an easy-to-exploit mode. It’s basically like traveling back in time, it’s almost like the 90’s again, ”says Jesse Michael, Eclipse’s lead analyst. “The industry has reached all this maturity of security features in the application and operating system code, but they do not follow the best practices in the new security features of the firmware.”
The vulnerabilities appear in a Dell feature called BIOSConnect, which allows users to easily and even automatically download firmware updates. BIOSConnect is part of a broader Dell remote operating system upgrade and management feature called SupportAssist, which has had its own share of potentially problematic vulnerabilities. The update mechanisms are valuable targets for attackers, because they can be contaminated by distributing malware.
The four vulnerabilities that researchers discovered in BIOSConnect would not allow hackers to generate malicious Dell firmware updates to all users at once. They could be used, however, to target victims devices individually and easily achieve remote control of the firmware. Compromising device firmware can give attackers total control of the machine, as the firmware coordinates hardware and software and acts as a precursor to the operating system and computer applications.
“This is an attack that allows an attacker to go directly to the BIOS,” the core firmware used in the boot process, says Eclypsium researcher Scott Scheferman. “Before the operating system booted and knew what was happening, the attack had already happened. It is an evasive, powerful and desirable set of vulnerabilities for an attacker who wants to persist. “
An important caveat is that attackers could not directly exploit the four BIOSConnect errors from the open Internet. They need to establish themselves on the victims ’internal network of devices. But researchers point out that ease of exploitation and lack of control or registration at the firmware level would make these vulnerabilities attractive to hackers. Once an attacker has compromised the firmware, it can probably remain undetected for a long time on a target’s networks.
Eclipsium researchers revealed vulnerabilities to Dell on March 3rd. They will present the results at the Defcon security conference in Las Vegas in early August.
“Dell fixed several vulnerabilities in the Dell BIOSConnect and HTTPS boot features available with some Dell client platforms,” the company said in a statement. “Features will be updated automatically if customers have Dell automatic updates have been enabled“Otherwise, the company says customers should manually install the patches” as soon as possible. “
Eclipse researchers warn, however, that this is an update you may not want to download automatically. Because BIOSConnect itself is the vulnerable mechanism, the safest way to get updates is to go to Dell. Drivers and downloads website and manually download and install updates from here. However, for the average user, the best approach is to simply upgrade Dell, even if you can as quickly as possible.
Source link
0 notes
Text
Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons
Speakers are everywhere, whether it's expensive, standalone sound systems, laptops, smart home devices, or cheap portables. And while you rely on them for music or conversation, researchers have long known that commercial speakers are also physically able to emit frequencies outside of audible range for humans. At the Defcon security conference in Las Vegas on Sunday, one researcher is warning that this capability has the potential to be weaponized.
It’s creepy enough that companies have experimented with tracking user browsing by playing inaudible, ultrasonic beacons through their computer and phone speakers when they visit certain websites. But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume. Those aural barrages can potentially harm human hearing, cause tinnitus, or even possibly have psychological effects.
“I’ve always been interested in malware that can make that leap between the digital world and the physical world,” Wixey says. “We wondered if an attacker could develop malware or attacks to emit noise exceeding maximum permissible level guidelines, and therefore potentially cause adverse effects to users or people around.”
Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.
The research analyzed the potential acoustic output of a handful of devices, including a laptop, a smartphone, a Bluetooth speaker, a small speaker, a pair over-ear headphones, a vehicle-mounted public address system, a vibration speaker, and a parametric speaker, which channels sound in a specific direction. Wixey wrote simple code scripts or slightly more complete malware to run on each device. An attacker would still need physical or remote device access to spread and implant the malware.
From there, Wixey placed them one by one in a soundproof container with minimal echo called an anechoic chamber. A sound level meter within the enclosure measured the emissions, while a surface temperature sensor took readings of each device before and after the acoustic attack.
Wixey found that the smart speaker, the headphones, and the parametric speaker were capable of emitting high frequencies that exceeded the average recommended by several academic guidelines. The Bluetooth speaker, the noise canceling headphones, and the smart speaker again were able to emit low frequencies that exceeded the average recommendations.
Additionally, attacking the smart speaker in particular generated enough heat to start melting its internal components after four or five minutes, permanently damaging the device. Wixey disclosed this finding to the manufacturer and says that the device maker issued a patch. Wixey says that he is not releasing any of the acoustic malware he wrote for the project or naming any of the specific devices he tested. He also did not test the device attacks on humans.
“There are a lot of ethical considerations and we want to minimize the risk,” Wixey says. “But the upshot of it is that the minority of the devices we tested could in theory be attacked and repurposed as acoustic weapons.”
The experiments on the internet-connected smart speaker also highlight the potential for acoustic malware to be distributed and controlled through remote access attacks. And Wixey notes that existing research on detrimental human exposure to acoustic emanations has found potential effects that are both physiological and psychological.
The acoustic academic research community has increasingly been warning about the issue as well. "We are currently in the undesirable situation where a member of the public can purchase a $20 device that can be used to expose another human to sound pressure levels...in excess of the maximum permissible levels for public exposure," Timothy Leighton, a researcher at the University of Southampton wrote in the October issue of the Journal of the Acoustical Society of America.
And while it is still unclear whether acoustic weapons played a role in the attack on United States diplomats in Cuba, there are certainly other devices that intentionally use loud or intense acoustic emanations as a deterrent weapon, like sound cannons used for crowd control.
“As the world becomes connected and the boundaries break down, the attack surface is going to continue to grow,” Wixey says. “That was basically our finding. We were only scratching the surface and acoustic cyber-weapon attacks could potentially be done at a much larger scale using something like sound systems at arenas or commercial PA systems in office buildings.”
"The physics makes sense. And absolutely, it could potentially be dangerous."
Ang Cui, Red Balloon
Other Internet of Things device researchers have stumbled on similar findings in their work as well, whether they originally intended to study acoustic emanations or just realized the potential through studying consumer electronics. Last year, a group of researchers reported findings at the Crypto 2018 conference in Santa Barbara, California that ultrasonic emanations from the internal components of computer monitors could reveal the information being depicted on the screen.
Vasilios Mavroudis, a doctoral researcher at University College London, also found in his research into ultrasonic tracking that most commercial speakers are capable producing at least "near-ultrasonic" frequencies—sounds that are inaudible to humans, but don't quite technically qualify as ultrasonic—if not more.
And Ang Cui, who founded the embedded device security firm Red Balloon, published research in 2015 in which he used malware to broadcast data from a printer by crunching the internal components of the printer to make sounds that could be picked up and interpreted by an antenna.
“I’m not at all surprised that speakers can be manipulated this way,” Cui says. “Think about it— if there’s no limiter or filter in place, things that make sounds can be forced to make really loud or intense sounds. The physics makes sense. And absolutely, it could potentially be dangerous.”
Wixey suggests a number of countermeasures that could be incorporated into both device hardware and software to reduce the risk of acoustic attacks. Crucially, manufacturers could physically limit the frequency range of speakers so they’re not capable of emitting inaudible sounds. Desktop and mobile operating systems could alert users when their speakers are in use or issue alerts when applications request permission to control speaker volume.
Speakers or operating systems could also have digital defenses in place to filter digital audio inputs that would produce high and low frequency noises. And antivirus vendors could even incorporate specific detections into their scanners to monitor for suspicious audio input activity. Environmental sound monitoring for high frequency and low frequency noise would also catch potential cyber-acoustic attacks.
Though acoustic weapons are certainly not an all-purpose offensive tool, Wixey points out that one of the most insidious things about this class of potential attacks is that in many cases you would have no idea they’re going on. “You never really know, unless you’re walking around with a sound meter, what you’re being exposed to,” he says.
More Great WIRED Stories
0 notes
Text
Cyberpunk Games
Pure Cyberpunk:
.hack Franchise
//N.P.P.D. RUSH//- The milk of Ultraviolet
2064: Read Only Memories
AaAaAA!!! - A Reckless Disregard for Gravity
Access Denied
Acid Spy
Adrenix
AdvertCity
Aerannis
Akira
Akira Psycho Ball
All Walls Must Fall - A Tech-Noir Tactics Game
Alternativa
Anachronox
Appleseed Franchise
AquaNox 1 & 2 - Having actually tried to play this, I want to point out it has some of the worst voice acting I’ve ever heard.
Astrboy Franchise
Axiom Verge
Beneath A Steel Sky - Free on GOG
Binary Domain
Bionic Heart 1 & 2
Blacklight: Retribution
BLADENET
Blade Runner
BloodNet
A Blurred Line
Bot Vice
Brigador: Up-Armored Edition
Burn Cycle
Cardinal Cross
Chäos;HEAd
Chaos Overlords
Chaser
City of Chains
Collateral
Construct: Escape the System
Cowboy Bebop
Cradle
CRIMSON METAL
Cyber City 2157: The Visual Novel
Cyberflow
CyberMage: Darklight Awakening
Cyberpunk Arena (VR)
Cyberpunk 3776
Cypher
Darknet
Defcon 5
Defragmented
Delta V
DESYNC
Deus Ex Franchise
Dex
Digimon Franchise
Disney TRON: Evolution
Distance
Download 1 & 2
DreamBreak
DreamWeb
Dystopia
Echo Tokyo
Electric Highways
Else Heart.Break()
The End
ENYO Arcade
Epanalepsis
E.Y.E: Divine Cybermancy
Fallout Franchise (There’s not much of it being post-apocalyptic, but it’s there)
Far Cry 3: Blood Dragon
Flashback Franchise
Forsaken
Frozen Synapse Franchise
Furi
Gadget: Invention, Travel & Adventure
Gemini Rue
Ghost 1.0
Ghost in the Shell Franchise
GIGA WRECKER
Gloom
GRIDD: Retroenhanced
Gunpoint
Hacker's Beat
Hacknet
Hardline
hackmud
Hard Reset
Hell: A Cyberpunk Thriller
Hover : Revolt Of Gamers
ICEY
I Have No Mouth, and I Must Scream (Rape warning)
Infinity Racer
Interphase
Invisible Apartment Franchise
Invisible, Inc.
Jazzpunk
Judge Dredd: Dredd vs. Death
JYDGE
Kanye Quest 3030 (Yes it’s that Kanye, no I don’t know either)
Katana ZERO
Kill to Collect
The Lawnmower Man
Leap of Fate
The Maker's Eden
Manhunter: New York
Manhunter 2: San Francisco
Mars: War Logs
Master Reboot
Megaman Franchise
Megazone 23: Aoi Garland
The Mercury Man
Metal Gear 2: Solid Snake
Metal Gear Rising Revengeance
Metal Gear Solid
Metal Gear Solid 2: Substance
Metal Gear Solid 4: Guns of the Patriots
Metal Gear Solid: The Twin Snakes
Metrocide
MIDNIGHT
Murder
Neon Chrome
Neon Drive
Neon Struct
NeoTokyo
Neuromancer
NeuroVoider
Nex Machina
Nightlong: Union City Conspiracy
Nikopol: Secrets of the Immortals
North
observer_
Oni
Osman
Outrage
P.A.M.E.L.A.
Policenauts - Features a breast-fondling mechanic apparently.
Primordia
Project: Snowblind
Psycho-Pass: Mandatory Happiness
Quadrilateral Cowboy
Quanero VR
Quantum Replica
Raw Data (VR)
Remember Me
The Red Strings Club
Republique
Restricted Area
Rez
Ricochet
RONIN
ROOT
Ruiner
Sairento VR
Satellite Reign
Security Hole
Sentience: The Android's Tale
Shift Quantum
Shin Megami Tensei 1
Shin Megami Tensei: Digital Devil Saga Franchise
Shin Megami Tensei: NINE
Sindome
Silencer
SiN Franchise
Sinless
Slave Zero
Solid Runner
Soul Axiom
Snatcher
StarCrawlers
Star Ocean: Till the End of Time
State of Mind
Steel Harbinger
Strain Tactics
Street Level
Strider Franchise
Syndicate Franchise
Syndicate Wars
System Crash
System Shock 1 & 2
Technobabylon
Techolust (VR)
The Technomancer
There Came an Echo
Tokyo 42
Transistor
Tron 2.0
UBERMOSH
The Uncertain
UnderRail
Until I Have You
Uplink
VA-11 Hall-A: Cyberpunk Bartender Action
Vektor Wars
Vegas Prime Retrograde
Void And Meddler
Volume
VR Invaders
Watch Dogs Franchise
Westboro
X-Kaliber 2097
Zegapain NOT
Upcoming games:
Copper Dreams
Cyberpunk 2077
Kitaru
The Last Night
Spinnortality
Synapse
Cyberpunk with magic:
Bombshell
Dirge of Cerberus: Final Fantasy VII
Final Fantasy 7 (at least to begin with anyway)
The Longest Journey & Dreamfall Franchise
Magrunner: Dark Pulse - Cthulhu is there, or something like that
Megamagic: Wizards of the Neon Age
ShadowRun Franchise
Tex Murphy (magic is rare but it’s there)
Xenogears
Xenosaga
Special Mention:
Kingdom Hearts - The Tron levels.
Neochron 1 & 2 - Defunct MMOs.
Omikron: The Nomad Soul - A David Cage game, which probably constitutes as its own genre and content warning these days.
Overwatch - Most of the tech qualifies as cyberpunk, but the visual style does not.
22 notes
·
View notes
Text
DEFCON Warning System at Level 4 as Fears of War With North Korea Rise
The DEFCON Warning System has urged caution over a “significantly raised” possibility of a nuclear strike by North Korea which may feel “backed into a corner” by the escalating situation in East Asia. The group has also warned of “significant progress” in Kim Jong-un’s nuclear weapons programme, which it says are advanced enough to target the mainland United States with an “inaccurate but successful” strike.
This comes as US bombers escorted by stealth fighter jets have flown several missions close to North Korea in recent weeks. American airforce chiefs have said they intend to continue flying sorties in international airspace, despite a warning from the hermit state that they “reserved the right” to shoot them down. Dictator Kim has relentlessly persisted in his nuclear weapons and long-range ballistic missile programmes despite widespread international condemnation and a series of crippling sanctions. READ MORE
0 notes
Quote
In 1981, hearings in the U.S. House of Representatives revealed a long and mostly secret history of spectacular failures in the computerized BMEWS (Ballistic Missile Early Warning System). The BMEWS, especially in times of high international tension, would serve as the primary trigger for nuclear retaliation. Since missiles not launched before an incoming strike arrived would be destroyed, commanders experienced a strong incentive to “use ’em or lose ’em” upon receiving a BMEWS warning. Despite presidential control of weapons release, many feared that under conditions of extreme stress, the very short decision times available might lead to fatal mistakes in the event of a BMEWS false alert. Some of the thousands of hardware, software, and operator errors suffered by the system did in fact produce relatively serious false alerts. These periodic failures began almost as soon as the BMEWS was installed. Four days after its initial activation in 1960, a BMEWS station in Greenland broadcast a warning of a full-scale Soviet attack to NORAD headquarters. The radar image turned out to be a mirage generated by radar reflections off the rising moon. New generations of computers, software, and operating procedures not only failed to eliminate such problems but in fact, many argued, made the unavoidable accidents more dangerous. In the autumn of 1979, NORAD computers generated warnings of a Soviet submarine-launched ballistic missile attack. U.S. defense systems, with only ten minutes from warning to expected impact, instantly prepared to retaliate. With four minutes left before the putative Soviet missiles arrived, frantic officers finally discovered a training tape accidentally mounted on the warning system’s drives. There were 147 false alerts during one 18-month period after NORAD installed new computers. Of these, four moved the U.S. strategic forces to a higher DEFCON (defense condition) status, one step closer to a nuclear response. [...] As the complexity of the computer-centered BMEWS system grew, so did the numbers and types of errors. While an isolated computer problem usually posed little threat, combinations of problems stemming from human as well as electronic sources could produce extremely subtle failures (as demonstrated by experience with other complex technological systems such as nuclear power plants). Detecting and resolving these errors became increasingly difficult. As the difficulty of error detection increased, so did the level of uncertainty about the correct interpretation of any alert.
Paul Edwards, The Closed World (1996)
#paul edwards#the closed world#cold war#nuclear weapons#computers#in 1960 the US almost initiated a nuclear war with the invading moon
11 notes
·
View notes
Text
5 reasons why supply chain security must be on your agenda
Presented by Intel
How do you know that the critical parts inside your servers and devices are not poor quality, ready to fail at a crucial moment? Or, worse, hide malware with nefarious intentions like key-stroke logging, data theft, or sabotage?
Outside of leading-edge advances like Intel® Transparent Supply Chain protecting globally linked sellers, buyers, and partners from these kind of threats is difficult. Leaders like GE are embracing new risk management approaches that provide component level traceability and authentication.
Yet many enterprises and vendors remain poorly prepared to prevent or detect growing supply chain cyber-risks. They cannot easily spot compromised parts or breaches that expose their organizations and partners to data loss and widespread disruption.
From not good to worse
Two years ago, Steve Durbin, Managing Director of the Information Security Forum (ISF), warned: “When I look for key areas where information security may be lacking, one place I always come back to is the supply chain.” A widely cited study found 16% of companies purchased counterfeit IT equipment.
Since then, things have gotten worse. A recent global survey of 1,300 companies found 90% were “unprepared” for supply chain cyber-attacks
False alarm or wake-up call?
So it’s no surprise that widespread anxiety followed a sensational report in late 2018 claiming China had hidden tiny spy chips on servers shipped to major companies.
The allegations were quickly denied and eventually debunked. But the incident raised troubling questions: “A lot of people asked: ‘What if that could happen?’” says Charlie Stark, an Intel Supply Chain specialist and engineer.
It’s a critical concern, and not just for industry manufacturers and procurement pros. Supply chains are lifelines for tech sellers and buyers alike. Over the last few years, they’ve increasingly become a battlefield, under incessant attack by nations and criminals. A small but tellingly grim sign of popularity: Presentations on hacking supply chains at Black Hat and Defcon.
Whether you are a technology buyer, seller, manufacturer, investor, or security professional, here are five reasons why supply chain cybersecurity belongs on your radar and action list.
1. Supply chain hacks are growing
Experts says threats are both skyrocketing and under-reported. They now make up as much as 50% of all cyberattacks, according to industry estimates, spiking 78% last year-over-year. As many as two-thirds of companies have experienced an incident. Average cost: $1.1 million. A 2018 study by the Ponemon Institute found 56% of organizations suffered a breach caused by one of their vendors. Federal watchdogs report widespread counterfeiting of ICs and other electronic parts in the DoD supply chain.
Several forces are feeding this troubling growth. Cloudification of supply chains, IoT, globalization, and shifts to vast, interlinked digital ecosystems are major factors. Geopolitics is another. Organized crime also is eager to exploit weak supply chain links. “Hack once-exploit many” is a lucrative business model, with low cost and high ROI, according to researcher Cybereason.
2. Everybody is seeking solutions
Predictably, public and private sector voices are raising alarms. Recent reports by Accenture and BSI, for example, identify supply chain cybersecurity as a top challenge. A leading public-private coalition recently called for rapid and rigorous cooperation on the issue. The most influential of these partnerships, the ICT Supply Chain Risk Management Task Force, includes more than 50 government bodies and businesses, led by the Department of Homeland Security.
The National Institute for Standards and Technology (NIST) issued new guidelines for supply chain risk management. So great is the concern that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has proclaimed a “National Supply Chain Integrity Month.” A major agency task force report issued in September outlined key threat scenarios, recommendations, and baselines.
3. Hack once, hurt many
Supply chain attacks are actually two kinds of threats. The first seeks to disrupt or cripple actual supply chains. Think of nation-state assaults on key infrastructure or energy systems.
But others use supply chains as a channel to attack dozens, hundreds, or potentially thousands of connected partners. By finding and exploiting weak links, attackers can hop between linked entities, stealing data, and spying or destroying as they go. This is what makes the attacks so dangerous — and attractive for hackers.
4. Hardware is a new target
Kingslayer, CloudHopper, CCleaner, ShadowPad, ShadowHammer, Black Ghost Knifefish, Heriplor. All these recent attacks on supply chains used or targeted software. Now, hackers have upped the ante. Thwarted by better software protection, they’re targeting hardware. Such nefarious burrowing into the hardware stack — down to firmware and BIOS and UEFI — is a big threat in any environment. But it is magnified many-fold in a supply chain.
5. Damage can be widespread
Harm from supply chain breaches is insidious. It sows doubt about product reliability and security. As the figure below shows, there’s a spectrum of potential harm in manufacturing, with supply chain attacks at the apex.
Source: Intel
The U.S. Cybersecurity and Infrastructure Security Agency warns of supply risks at every stage: Design, development and production, distribution, acquisition and deployment, maintenance, and disposal.
Similarly, breaches cause a range of organizational harm, including damaged reputations, non-compliance, and lost business.
Source: Deloitte
Tech and electronics are favorite targets, as are defense, financial services, and energy, but no industry is immune. The 2019 Global Threat Report found more than half of cyberattacks now leverage what it calls “island hopping.” That means attackers aren’t targeting just one organization. “Attackers… don’t just want to rob you and those along your supply chain,” authors warned. “[They] want to ‘own’ your entire system.”
Source: Global Threat Report
The importance of ecosystem protections
All these factors combine into a grim reality: Supply chain threats are bad — and likely to worsen.
There’s widespread agreement: organizations must be proactive in developing information-driven cyber-defense of supply chains. But what’s the most effective approach? For many buyers and sellers, it’s participation in a certified eco-system.
“Companies should consider defining reasonable levels of security and associated controls requiring sub-contractors, vendors, and critical supply chain partners to meet or exceed those standards as part of established business agreements,” advises Chadd Carr, director of PricewaterhouseCoopers (PwC) National Cyber Threat Research Center.
Accenture makes similar recommendations: ”Organizations should routinely seek full awareness of their threat profiles and points of supply chain vulnerability. [They should] try to improve processes that guard against the cybersecurity risks inherent in the landscape of modern global business operations by integrating cyberthreat intelligence into M&As and other strategically important actions, incorporating vendor and factory testing into their processes, and implementing industry-focused regulations and risk assessment standards.”
To understand the critical key role played by ecosystem protections, and how they work, read Part 2.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact [email protected].
The post 5 reasons why supply chain security must be on your agenda appeared first on Actu Trends.
0 notes
Text
ALERT NOTICE! DefCon 3 – Current Level - Round House - Bob Nichols - USA
ALERT NOTICE! DefCon 3 – Current Level – Round House – Bob Nichols – USA
By Bob Nichols – March 6, 2022 GET BOB NICHOLS EMAIL UPDATES HERE Defcon 3 – Round house Defcon Level Warning System Current Live OSINT Raised Alert Estimates Last Change: Feb 28th, 2022 Taken from Defcon Level Warning System: https://www.defconlevel.com/current-level.php Only reached 3 times in the past 10 years. The Top 12 current Gamma Radiation readings in the US. READ THE ENTIRE ARTICLE…
View On WordPress
#"Start with the Science"#DodgeTheRads#DefCon 3 – Current Level#Defcon Level Warning System#Fukushima#NICHOLS ON FUKUSHIMA AND MORE VIDEOS#Top 12 current Gamma Radiation readings in the US#twitter.com/YourRads#we are the media now
0 notes
Text
Here’s Why Inclusive Web Design with SEO Wins 2020 via @kim_cre8pc
Inclusive web design with SEO creates new opportunities for digital marketers and web designers seeking a competitive edge.
Website conversions depend on how well webpages assist people with decision making starting from search queries. Your role as an SEO is making webpages appear in search engine results at the precise moment for the exact people requesting them. Advanced online marketing considers the webpage user experience to stick the landing, which takes them into the realm of web design. The fun is figuring out who those people are so you can target them in search engines and web design decisions. Most of the time businesses have a fairly good idea of who they are trying to sell products to and who might benefit from their services.
What are the pieces we may be missing?
Why is there a spike in website ADA accessibility lawsuits?
Why study neuroscience and human behavior, behavioral economics and how people sort, search, and filter information?
How can we apply hundreds of research studies to web design and marketing?
The People Layer of Search Engine Marketing
If you are an SEO professional, your primary directive is to make webpages rank high in search engines for specific search terms. This is not always an easy task if the webpages are not designed to the proper W3C standards or maintained properly, creating performance issues that search engines notice. What happens when a person clicks into well-ranked webpages? Holistic UX and SEO is the practice of optimizing the whole user experience rather than treating some of its parts. It has been around for nearly 20 years but not applied universally and inclusive design was even less heard of. The holistic approach includes:
Website accessibility.
Information architecture.
Human behavior.
Social media marketing.
Persuasive web design.
Content writing.
The parts that people can either see, listen to or interact with using a computer, mobile or assistive device contain opportunities tucked inside for search engine marketers to explore. What’s simmering behind understanding people as users, in addition to search engine bots, are page performance, browsers, operating systems, machine learning, and lots and lots of code of varying flavors. This exploratory road has no end – which is why SEO will never die. Digital marketers who play with conversions design and persuasive architecture wrestle it all into a small cell phone device experience. And then, if you want to be hip for 2020, you look for the people you forgot to target in your marketing strategies, such as those with disabilities or minor impairments that make searching or interaction with web sites difficult without some assistance or assistive software or device.
An Accessible Target Market
I know what you’re thinking. An SEO professional only needs to be concerned with getting pages ranked so that their clients generate revenue. What if you are not targeting everyone who is looking for your client’s website? People use computers in ways you may not have considered before. Not only that, everyone wants equal access to websites and tasks. For example, the ability to download a coupon should be the same for everyone. The experience of ordering pizza or having a shopping order placed online for home delivery should be available to everyone. A blind person wanting to book a service for a sighted friend should be able to do that with a screen reader without any barriers. An anxious person researching natural remedies requires a user experience that is calming and orderly.
Technology Creates Inclusiveness
Years of researching how people use computers, search for information and conduct online activities led to exciting advances in machine learning. Google’s massive algorithm advance to BERT is one example. So are voice-activated house lights, transcribing podcasts and adding closed captions to videos. We now know that font selections, color choices, when to use color, how to instruct cell phones to render pages, how to structure content on webpages for improved comprehension, and where to put links and calls to action are all factors to consider when designing webpages that will respond successfully to an accurate search query result.
Who needs us to care about these things?
Are they included in your business requirements?
Are your developers trained in how people with low vision or no computer mouse navigate webpages?
Do people ask questions the same way or do they choose words with different meanings based on their culture?
Remember, our job is to help people make decisions, whether this begins in a search engine or once they arrive on a webpage. We are unable to do either without truly understanding people and their online behavior habits. Unfortunately, companies forget many people. This is one of the reasons for ADA lawsuits but truly isn’t a new revelation. Traditionally businesses spend years testing and adapting to what they think their customers want. Inclusive design means that websites work for everyone.
Aristotle, the Blind Monster
What do these Sesame Street characters have in common?
Granny Bird
Forgetful Jones
Buster the Horse
Aristotle
Honkers
Dingers
Simon Soundman
Slimey the Worm
Each had a special need, disability, or impairment of some type. They are not popular or as memorable as Bert, Ernie, and Prairie Dawn. Aristotle was a blind monster character created by Sesame Street to increase awareness about the inclusiveness of people with disabilities. Slimey the Worm does not speak. Buster the Horse helped Forgetful Jones, the cowboy who always forgot things. The Honkers only communicated by honking, rather than words. If you study Sesame Street puppet characters, one of the interesting discoveries is that many of them had a friend who helped them with something such as battling a fear, trying to remember something, or communicating with others. In this subtle way, inclusion is taught.
Inclusive Design Embraces a Wider Target Market
Inclusive means that everyone gets a chance to be included, regardless of whether or not they have a disability, or a minor impairment that makes it difficult to do what others can do. When a company decides to build a website and advertise it after it launches, they absolutely must hire or train staff in inclusive design. The typical practice is for web designers and SEO professionals to create user personas and mental models to help their projects stay focused on who the intended target user is. Preferably these user personas are based on real people and tested with them in their natural environments, using their specific assistive technology. The benefits of a unified, holistic, inclusive approach consisting of SEO, usability, accessibility, information architecture and readable content are limitless.
Steps to Inclusive Design
A website that refuses to function for everyone becomes an easy target for social media shout outs, bad reviews for the brand and an ADA website lawsuit. Not every company agrees to invest in website accessibility testing or training for their developers, which sets them up with a disadvantage both from a potential legal situation to a branding one. A company that ignores the needs of users does so at their own risk. The prime directive, which is to help website visitors make good decisions while on your website, crumbles when support for them is removed.
Could they read your webpages on their mobile device?
What about mobile devices with accessibility settings turned on?
Were they able to understand what to do and where to go on your website while in an anxious state?
Could they see and understand your content?
Were your visitors able to use forms on any computer device, with or without a mouse pointer?
If you are doing competitive research, check other brands to see if there are comments from people who can’t use the website at all. The following are some suggestions for inclusive web design for SEO pros:
Avoid forcing visitors to call for customer service as the only method for contact. Provide alternatives, such as an accessible form or email contact.
Never make a phone call the only way to make contact if someone has a problem using your website. This requires them to disclose their disability, which is demeaning, and there may not be immediate help during off-hours. If your PDF forms are not accessible, it is discrimination to “make them call us and we can put it in the mail for them.”
When optimizing documents such as PDF, PowerPoint and Word documents, they must also be accessible. Adobe has an accessibility checker that walks you through errors and aids in remediation. An alternative to these documents, such as an HTML version, helps meet the WCAG2.1 standard.
Revisit the source code. Generic <div>, <span>, and <p> elements instead of semantic markup present issues for screen readers.
Revisit widgets and plugins to make sure they make sense to screen reader users. They must properly expose information about the names, roles, and values of components in accordance with ARIA techniques.
Do not change the wording to Contact Us, About Us and similar pages. Many screen reader users search the page for specific keywords or phrases to get to those pages quickly. Changing the wording to those pages makes it impossible for them to locate them.
Mind your headings. Start the main content of a webpage with a level 1 heading (<h1>), with no other headings before it. The sub-sections of the page should each be level 2 headings (<h2>) and sub-sections within them marked as level 3 (<h3>). Yes, there are exceptions. This is the recommended guideline.
Break up large amounts of content with sub-headings, bullet points, illustrative images (with alt attributes), shorter sentences and smaller paragraphs. Avoid distractions if you wish to help people remember what they read or because their ADHD or dyslexia responses just shot up to DEFCON 1 warnings.
For news or blog articles, include a simplified summary of the important points at the beginning of the story.
A person’s sensory abilities should not prevent or hinder receiving information. An easy example are hashtags. For phrases, capitalize the first letter of each word. Example: #BestDayEver
Inclusive design opens up a world of possibilities to reach an even greater target market. It goes beyond basic usability and persuasive design tactics. For developers, adding ARIA and making accessible JavaScript and mobile applications is a new playground. There are not enough accessibility QA trained people to meet the demand. Avoiding an accessibility ADA lawsuit is driving many companies to seek accessibility specialists. Many SEO consultants and agencies are adding additional services to include inclusive design and accessibility. This is not just to prevent the threat of a lawsuit but because their clients are investing in their branding and meeting today’s highly competitive marketing challenges. SEO and inclusive design provide great opportunities for you in 2020.
https://www.businesscreatorplus.com/heres-why-inclusive-web-design-with-seo-wins-2020-via-kim_cre8pc/
0 notes
Text
Original Post from Talos Security Author:
Newsletter compiled by Jon Munshaw.
Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
Sorry we missed you last week, we were all away at Hacker Summer Camp. If you missed us at Black Hat, we have a roundup up on the blog of some of the “flash talks” from our researchers and analysts.
Patch Tuesday was also this week, and we’ve got you covered with Snort rules and coverage of some of the most critical bugs.
We also have our weekly Threat Roundup, which you can find on the blog every Friday afternoon. There, we go over the most prominent threats we’ve seen (and blocked) over the past week.
Upcoming public engagements with Talos
Event: “It’s never DNS…It was DNS: How adversaries are abusing network blind spots” at SecTor Location: Metro Toronto Convention Center, Toronto, Canada Date: Oct. 7 – 10 Speaker: Edmund Brumaghin and Earl Carter Synopsis: While DNS is one of the most commonly used network protocols in most corporate networks, many organizations don’t give it the same level of scrutiny as other network protocols present in their environments. DNS has become increasingly attractive to both red teams and malicious attackers alike to easily subvert otherwise solid security architectures. This presentation will provide several technical breakdowns of real-world attacks that have been seen leveraging DNS for a variety of purposes such as DNSMessenger, DNSpionage, and more.
Cyber Security Week in Review
The United Nations says it is investigating 35 different North Korean state-sponsored cyber attacks in 17 countries. A new report states the attacks hoped to raise money to fund the country’s atomic weapons program.
Police in South Wales, U.K. are starting to use facial recognition apps to identify suspects without having to take them to a station. The department plans to start testing the app over the next few months on 50 different officers’ phones, but privacy groups are already pushing back.
A sponsored presentation at Black Hat regarding the “Time AI” program was taken down after researchers attacked the talk online and in person. At least one attendee interrupted the talk and accused the speaker of misleading people by pitching this new form of encryption.
Adobe disclosed dozens of vulnerabilities as part of its monthly security update this week, including 76 bugs in Acrobat and Reader. There were also 22 critical vulnerabilities patched in Photoshop.
Google says it is working on replacing passwords for Google services for 1.7 billion Android users. Engineers at the company say the goal is to allow Android users to log into Google sites and services using their fingerprint or other methods because “new security technologies are surpassing passwords in terms of both strength and convenience.”
Facebook disclosed that they previously allowed contractors to listen in on and transcribe users’ conversations. The social media site says it recently discontinued the practice, but the Irish Data Protection Commission is still looking into the practice for possible GDPR violations.
A bug in the Steam video game store could open Windows’ users to attacks, but the company says it is not within its scope to fix.
The FBI released a report warning Americans of a recent uptick in dating scams. The agency says malicious actors are using data apps to convince victims to open up new bank accounts to send them money under the guise of a fake user.
Security researchers at the DEFCON conference discovered a critical vulnerability in the F-15, a popular fighter jet used by the U.S. military. If exploited, the bug could shut down a portion of the plane’s cameras and sensors, preventing the transmission of data during missions.
Notable recent security issues
Title: 31 critical vulnerabilities addressed in latest Microsoft security update Description: Microsoft released its monthly security update Tuesday, disclosing more than 90 vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical,” 65 that are considered “important” and one “moderate.” This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. Snort SIDs: 35190, 35191, 40851, 40852, 45142, 45143, 50936 – 50939, 50969 – 50974, 50987, 50988, 50940, 50941, 50998, 50999, 51001 – 51006 (Written by Cisco Talos analysts) Title: Cisco releases security patches for multiple products, including high-severity bugs in WebEx Teams Description: Cisco released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit the more critical bugs to take control of an affected system. Some of the most severe vulnerabilities exist in Cisco WebEx Network Recording for Microsoft Windows and Cisco Webex Player for Windows. These bugs, identified across five different CVEs, could allow a remote attacker to execute arbitrary code on an affected system. Snort SIDs: 50902, 50904 – 50907 (Written by Amit Raut)
Most prevalent malware files this week
SHA 256: b22eaa5c51f0128d5e63a67ddf44285010c05717e421142a3e59bba82ba1325a MD5: 125ef5dc3115bda09d2cef1c50869205 Typical Filename: helpermcp Claimed Product: N/A Detection Name: PUA.Osx.Trojan.Amcleaner::sbmt.talos SHA 256: 3f6e3d8741da950451668c8333a4958330e96245be1d592fcaa485f4ee4eadb3 MD5: 47b97de62ae8b2b927542aa5d7f3c858 Typical Filename: qmreportupload.exe Claimed Product: qmreportupload Detection Name: Win.Trojan.Generic::in10.talos
SHA 256: 8c0b271744bf654ea3538c6b92aa7bb9819de3722640796234e243efc077e2b6 MD5: f7145b132e23e3a55d2269a008395034 Typical Filename: 8c0b271744bf654ea3538c6b92aa7bb9819de3722640796234e243efc077e2b6.bin Claimed Product: N/A Detection Name: Unix.Exploit.Lotoor::other.talos SHA 256: 39a875089acaa37c76dd333c46c0072c6db0586c03135153fe6c15ac453ab750 MD5: df61f138409416736d9b6f4ec72ac0af Typical Filename: cslast.gif Claimed Product: N/A Detection Name: W32.39A875089A-100.SBX.TG SHA 256: 7acf71afa895df5358b0ede2d71128634bfbbc0e2d9deccff5c5eaa25e6f5510 MD5: 4a50780ddb3db16ebab57b0ca42da0fb Typical Filename: xme64-2141.exe Claimed Product: N/A Detection Name: W32.7ACF71AFA8-95.SBX.TG
Go to Source Author: Threat Source newsletter (Aug. 15) Original Post from Talos Security Author: Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week.
0 notes