Thursday, November 17, 2016

Fake USB Chargers that Wirelessly Record

Beware of Fake USB Chargers that Wirelessly Record Everything You Type, FBI warns

Last year, a white hat hacker developed a cheap Arduino-based device that looked and functioned just like a generic USB mobile charger, but covertly logged, decrypted and reported back all keystrokes from Microsoft wireless keyboards.
Dubbed KeySweeper, the device included a web-based tool for live keystroke monitoring and was capable of sending SMS alerts for typed keystrokes, usernames, or URLs, and work even after the nasty device is unplugged because of its built-in rechargeable battery. Besides the proof-of-concept attack platform, security researcher Samy Kamkar, who created KeySweeper, also released instructions on how to build your own USB wall charger.
Now, it seems like hackers and criminal minds find this idea smart.
The FBI has issued a warning advisory for private industry partners to look out for highly stealthy keyloggers that quietly sniff passwords and other input data from wireless keyboards.
According to the advisory, blackhat hackers have developed their custom version of KeySweeper device, which "if placed strategically in an office or other location where individuals might use wireless devices", could allow criminals to steal:
  • Intellectual property
  • Trade secrets
  • Personally identifiable information
  • Passwords
  • Other sensitive information
Since KeySweeper looks almost identical to USB phone chargers that are ubiquitous in homes and offices, it lowers the chances of discovering the sniffing device by a target. However, according to a Microsoft spokesperson, customers using Microsoft Bluetooth-enabled keyboards are protected against KeySweeper threat. Also, its wireless keyboards manufactured after 2011 are also protected, as they use the Advanced Encryption Standard (AES) encryption technology. So, the primary method of defense is either to restrict the use of wireless keyboards, or to use keyboards that use the Advanced Encryption Standard (AES) encryption technology.
Although the FBI made no mention of malicious KeySweeper sniffers being found in the wild, the advisory indicates the information about the KeySweeper threat was obtained through an undescribed "investigation."
"The primary method of defense is for corporations to restrict the use of wireless keyboards. Since the KeySweeper requires over-the-air transmission, a wired keyboard will be safe from this type of attack." FBI advised.
Sniffers work against wireless devices that do not use secure encryption for the data transmitted between a keyboard and the computer.
Share Excerpt

Wednesday, November 16, 2016

Researchers identify antibody that neutralizes 98% of HIV strains

© Athit Perawongmetha
An antibody from an HIV-infected person has successfully neutralized 98 percent of HIV isolates tested, including the lion’s share of strains resistant to other antibodies of the same class, US scientists have found.
The striking efficiency of the powerful antibody, named N6, makes it an ideal candidate for further research to treat or prevent HIV infection, scientists from the National Institutes of Health, the largest biomedical research agency in the world, have stated.
Scientists scrutinized the evolution of N6 over time to understand how exactly it managed to develop the ability to potently neutralize the majority of HIV strains.
Researchers say that identifying broadly neutralizing antibodies against HIV has been a real challenge because the virus rapidly changes its surface proteins to avoid recognition by the immune system.
In 2010, scientists at National Institute of Allergies and Infectious Diseases (NIAID’s) Vaccine Research Center (VRC) discovered an antibody called VRC01 that can stop up to 90 percent of HIV strains from infecting human cells.
“Like VRC01, N6 blocks infection by binding to a part of the HIV envelope called the CD4 binding site, preventing the virus from attaching itself to immune cells,” researchers said in a press release published on Tuesday.
Findings from the latest study showed that N6 developed a “unique mode of binding that depends less on a variable area of the HIV envelope known as the V5 region and focuses more on conserved regions, which change relatively little among HIV strains. This allows N6 to tolerate changes in the HIV envelope, including the attachment of sugars in the V5 region, a major mechanism by which HIV develops resistance to other VRC01-class antibodies.”
The new findings suggest that N6 could pose advantages over VRC01, researchers noted, adding that due to its potency, N6 may offer "stronger and more durable prevention and treatment benefits, and researchers may be able to administer it subcutaneously (into the fat under the skin) rather than intravenously."
According to UNAIDS, there were approximately 36.7 million people worldwide living with HIV/AIDS at the end of 2015.  Of these, 1.8 million were children younger than 15 years old. The vast majority of people living with HIV are from low- and middle-income countries.
The WHO estimated that currently only some 54 percent of people with HIV know their status.