The Intimacy of Autonomous Vehicles

This post was originally published on Core77.

Currently, most of the attention on autonomous vehicles is focused on the technology that lets cars drive themselves. However, in the near future, the industry will need to broaden its focus to include what is arguably just as important: the passenger. At Intel, we’ve been working on technology platforms that will allow cars to actually drive themselves for some time. More recently, our UX team has turned to designing, prototyping, and testing a number of experiences for how passengers will operate autonomous vehicles, how passengers will feel safe and confident during a trip, and how these automated systems will communicate clearly, so passengers will understand what an autonomous vehicle is doing, and why.

Much of this work has led us to spend quite a bit of time inside vehicles—incorporating new technologies and new interactions to understand what should be optimized on our platforms—and in this process, we’ve started thinking about the ways in which the physical interiors of autonomous vehicles may need to change. So I’d like to share a few initial thoughts as we begin to form hypotheses about what will be important in these new physical interiors.

One aspect of car ownership we often take for granted is the relationship between driver and passenger. With the exception of picking up a hitchhiker, a driver knows his or her passengers—family members, friends, co-workers, acquaintances—and because of this, there’s a familiarity that lets people share such a small space. And even with taxis and ride hailing services, a front seat/back seat separation exists between driver and passengers, where passengers who share a ride almost always know each other. However, with ride hailing services introducing reduced-rate “pool” options, strangers are now riding in the backs of cars together. And with driverless “mobility-on-demand” services likely to be one of the first ways autonomous vehicles enter the market, we will likely see an increase in the number of passengers who don’t know each other, sharing rides regularly in vehicles without a driver.

Of course, most people have experience sharing rides with strangers. Buses, subways, airplanes, and trains are just some of the ways we travel together. But although we’re often shoulder-to-shoulder, the relatively large interiors, and larger number of people traveling together, make it easy for us to assume a certain degree of anonymity. It’s easier for us to keep to ourselves in the midst of the crowd. But with autonomous vehicles, the interiors are much smaller and hold far fewer people. It’s the closeness of the space—the intimacy— that will be a significant challenge for designers. These interior environments will need to address a number of competing needs. How will they accommodate groups of strangers, and also groups who know each other? How will they provide space for being social and for keeping to oneself? How will they create experiences that promote sharing while also safeguarding individual privacy? And all of these situations will undoubtedly be heightened with no human driver to help set context or mediate interactions.

So, the intimate nature of autonomous vehicles will most likely lead to a significant rethinking of vehicle interiors, prompting car companies to innovate in a variety of ways. But when it comes to designing how people will share these close spaces with each other, we’ve identified three general challenges that seem particularly important for designers to tackle first:


Being together & being apart

From one ride to the next, we see an ever-shifting need to be social or private. Some people will want to sit side-by-side, others across from each other, still others will want to sit in a small circle to share or socialize—all while other passengers may want their own more private, personal spaces. All of this means that seating will have to become much more changeable, flexible, and adaptable. How might seats be combined or separated? Can they be brought out or stowed away, to create more or less space? In what ways could seats be reconfigured into individual or shared seating?


New ways to create privacy

In such intimate spaces, the pressure to have some sort of social interaction with other passengers, even a brief hello, may be substantial. In some contexts, passengers will want to engage, but in others they may want to keep to themselves. Currently, people use headphones or stay heads-down in a book to signal that they are “unavailable” for conversation, but physical aspects of the interior might also be designed to help create discrete spaces. How might partitioning be incorporated into the environment? Could lighting be used to signal a need for privacy? What interior layouts will let passengers use their mobile devices without someone looking over their shoulder?


The ebb and flow of our devices

If one of the main value propositions for autonomous vehicles is to free up driving time for other activities, then passengers will likely use their mobile devices for chatting, texting, watching content, or being productive. This means that vehicle interiors must account for the various needs we have with our mobile devices. What physical areas (device “cup holders”?) will enable us to charge, view, and use our devices hands-free? How will the space accommodate the bags, cases, power cords, stands, headphones, and other peripherals we bring with our devices? And how will the space make it easy for us to remember our devices, so we don’t leave them behind at the end of a trip?

Again, these three challenges look at the interiors of autonomous vehicles as shared environments, much like taxis or ride-hailing vehicles, where passengers may or may not know each other. Many in the industry believe that autonomous vehicles will first hit the market as fleets of “robot-taxis”. This is likely because the value propositions of autonomous vehicles seem familiar and well-aligned with the current “anytime, anywhere” promise of ride-hailing services. For personally-owned autonomous vehicles, other interior design needs will arise, and many aspects of the above challenges may not apply at all.

It will be interesting to see all of the ways these interiors will come to be, as the industry marches on and autonomous vehicles become a reality. In a few short years, we might take a ride, if we’re confident they are safe and trustworthy. And we might continue riding in them, if the interiors are designed with our needs, comfort, and privacy in mind.

To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit and Twitter.


The post The Intimacy of Autonomous Vehicles appeared first on IoT@Intel.

Source: Network News

Anomali Weekly Threat Intelligence Briefing – May 23, 2017

Figure 1: IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Trending Threats

This section provides summaries and links to the top threat intelligence stories from this past week. All IOCs from these stories are attached to this threat briefing and can be used for indicator matching against your logs.

Meet EternalRocks, WannaCry’s Scarier Successor (May 21, 2017)
Security researchers have discovered a new malware dubbed “EternalRocks,” that uses the same vulnerabilities exploited by the “WannaCry” ransomware. In total, the EternalRocks worm uses seven leaked NSA tools to propagate itself. The malware targets Windows operating systems and is capable of receiving remote commands to install additional malware onto an affected machine.
Recommendation: It is paramount that your company stays up-to-date on the latest security patches Microsoft has issued in response to the leaked NSA tools.
Tags: EternalRocks, Worm, Vulnerability

WannaCry Ransomware Decryption Tool Released; Unlock Your Files Without Paying Ransom (May 18, 2017)
Quarkslab security researcher Adrien Guinet has discovered a process that can be used to decrypt files that have been encrypted by the WannaCry ransomware. Guinet released a tool called “WannaKey” that will attempt to retrieve the decryption key left in memory by WannaCry. Guinet notes that the affected machine must not have been rebooted post-infection for WannaKey to work properly, in addition to associated memory not having been allocated and erased by other processes.
Recommendation: Ransomware is a continually evolving threat. It is paramount to have a comprehensive and tested backup solution in place. If a reproducible backup is not available, there may a decryptor available that can assist in retrieving encrypted files. Additionally, educate your employees about the dangers of downloading applications when they are not offered from the website of the official provider/developer.
Tags: WannaCry, Decryption tool

HookAds Malvertising Campaign Leads to RIG EK, Drops LatenBot (May 18, 2017)
Researchers have discovered a malvertising campaign that is redirecting users to a malicious website that attempts to infect the visitor with LatenBot malware. The malicious websites use the RIG Exploit Kit which then uses injected iframes to attempt to drop malicious payloads in the “%Temp%” directory.
Recommendation: Malvertising and exploit kits in general are being developed and improved constantly by cybercriminals, thus keeping software updated with the latest security patches is critical for users and enterprises. This includes both the operating system and all applications being used. Make sure there is a security system in place that can proactively provide a comprehensive defense against attackers targeting new vulnerabilities.
Tags: Malvertising

New Loki Variant Being Spread via PDF File (May 17, 2017)
A new variant of the information stealing malware “Loki Bot” has been discovered being distributed via phishing emails, according to Fortinet researchers. The emails contain a PDF attachment which, if opened, attempts to impersonate Dropbox and claims that the file could not be opened. A link is provided to download the file in order to, purportedly, view the PDF in a web browser but will actually begin downloading Loki Bot. This variant is capable of stealing user credentials for email client software, file management software, gaming software, notes software, and SSH/VNC client software.
Recommendation: The impersonation of legitimate services continues to be an effective phishing tactic to deliver malware. All employees should be informed of the threat phishing poses, how to identify such attempts, and inform the appropriate personnel when they are identified. In the case of Loki Bot infection, the affected system should be wiped and reformatted.
Tags: Phishing

Zomato Hacked; Hacker Puts Up 17 Million Users’ Emails and Passwords on Sale (May 17, 2017)
The restaurant search and discovery service “Zomato,” has acknowledged that unknown threat actors have stolen 17 million out of their 120 million user accounts and hashed passwords. Zomato is assuring its customers that no financial data was stolen because it is stored in a separate database. Researchers have discovered that the 17 million user accounts are being offered for sale for 0.5521 Bitcoins ($1,001 USD).
Recommendation: Even though Zomato claims that the passwords would be difficult to crack, it is recommendation that passwords used on Zomato be changed; as should other passwords if the same password is used for multiple online accounts. Additionally, phishing attacks are likely to follow because of the large amount of emails addresses that have become available to threat actors. This incident represents the importance to educate your employees about the dangers of phishing, how to identify such attempts, and whom to contact if such an email is identified.
Tags: Breach, Credentials, Underground market

Malware Uses Fake WordPress API Domain to Steal Sensitive Cookies (May 17, 2017)
Sucuri security researchers have discovered compromised WordPress websites that are infected with malware designed to steal administrator credentials. The malware will steal cookies and then send them to a fake domain whenever the user accessed the site and loaded the JavaScript code. WordPress has released version 4.7.5 to address this vulnerability, among others.
Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
Tags: Compromised websites, Credential theft

1.9 Million Bell Canada Customer Account Details Stolen, Leaked (May 17, 2017)
The Canadian telecommunications and media company, Bell Canada, has issued a statement regarding unauthorized access to customer information. Overall, unknown threat actor(s) gained access to approximately 1.9 million active customer email addresses and approximately 1,700 names and active phone numbers. The company has informed its customers to be alert for phishing emails and also states that there is no indication that any financial data, passwords, or “other sensitive personal information was accessed.”
Recommendation: It is important that your company institute policies to educate your employees on phishing attacks. Specifically, how to identify such attacks and whom to contact if a phishing email is identified.
Tags: Breach, Leak

DocuSign Breached, Stolen Info Used for Targeted Phishing Campaign (May 16, 2017)
Researchers have discovered a new phishing camping that is specifically targeting customers of the electronic signature and digital transaction management provider, DocuSign. The phishing campaign has taken place because threat actors were able to gain access to a “non-core system” which was used by the company to communicate service-related content to its customers via email. Cybercriminals were able to steal the list of emails and, as of this writing, are distributing targeted phishing emails to those addresses.
Recommendation: The impersonation of legitimate services continues to be an effective phishing tactic to deliver malware. All employees should be informed of the threat phishing poses, how to identify such attempts, and inform the appropriate personnel when they are identified.
Tags: Breach, Phishing

Chrome Browser Hack Opens Door to Credential Theft (May 16, 2017)
Bosko Stankovic, an information security engineer, has discovered a vulnerability in Google Chrome on the latest version of Windows 10 that can be exploited to conduct Server Message Block (SMB) relay attacks, download malicious files, and steal user credentials. Actors would first need to a user to visit a malicious location for this attack to work. This attack could allow an actor to gain access to a Microsoft LAN Manager password hash on Microsoft Windows 10, which actors could then attempt to crack.
Recommendation: It is critical that the latest security patches be applied as soon as possible to the web browser used by your company. Vulnerabilities are discovered relatively frequently, and it is paramount to install the security patches because the vulnerabilities are often posted to open sources where any malicious actor could attempt to mimic the techniques that are described. Additionally, Chrome settings can be changed to ask the user to save a file before downloading, and SMB signing can be used to mitigate SMB relay attacks.
Tags: Vulnerability, Web Browser

Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days (May 16, 2017)
The Shadow Brokers, the group responsible for leaking U.S. National Security Agency (NSA) tools that led to the global WannaCry ransomware campaign, has pledged to release more malicious tools. This time the group is claiming to be opening a subscription-based group called the “Wine of the Month Club” that will be granted access to exploits and malicious tools.
Recommendation: Compromised machines must be wiped and restored to factory settings. Attacks coming from the Shadow Brokers malware could be targeted, and a formal investigation should be initiated by notifying the appropriate law enforcement agencies. Based on the group’s record, it is likely they will release more malicious tools, therefore, staying up-to-date on the latest security patches is crucial.
Tags: Shadow Brokers

Google Researcher Finds Link Between WannaCry Attacks and North Korea (May 15, 2017)
Security researcher Neel Mehta claims to have discovered evidence that the global WannaCry ransomware campaign that began on May 12 has connections to North Korea. Mehta suggests that the WannaCry code contains clues that it was a North Korean state-sponsored group responsible for the attacks. Mehta claims that parts of the source code for WannaCry is nearly identical to the code in the backdoor called “Cantopee” used by the North Korean group called the “Lazarus Group.” Researchers note that even though WannaCry was contained, this is by no means the end of the ransomware.
Recommendation: Always run antivirus and endpoint protection software to assist in preventing ransomware infection. Maintain secure backups of all your important files to avoid the need to even consider payment for the decryption key. Emails received from unknown sources should be carefully avoided, and attachments and links should not be followed or opened. Your company should sustain policies to consistently check for new system security patches. In the case of ransomware infection, the affected systems should be wiped and reformatted, even if the ransom is paid. Other machines on the same network should be scanned for other potential infections.
Tags: WannaCry, Ransomware

Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations (May 15, 2017)
FireEye researchers have identified a new Advanced Persistent Threat (APT) dubbed “APT32,” and “OceanLotus.” The group is believed to have been conducting cyberespionage activities since at least 2014 targeting private sector companies primarily in Southeast Asia with a focus on entities with ties to Vietnam. OceanLotus uses their own specific malware to steal information as well as using phishing emails, the latter of which has been discovered in a new campaign.
Recommendation: Defense in depth (layering of security mechanisms, redundancy, fail safe defense processes) is the best way to ensure safety from APTs, including a focus on both network and host based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of phishing, how to identify such attempts.
Tags: APT, Cyberespionage

Observed Threats

This section includes the top threats observed from the Anomali Community user base as well as sensors deployed by Anomali Labs. A ThreatStream account is required to view this section. Click here to request a trial.

EternalRocks Worm Uses Leaked NSA Toolbox
EternalRocks is a worm that uses the SMB exploits from the leaked NSA toolbox to infect unpatched Windows machines. During the first stage of the infection, the malware downloads .NET libraries and Tor from and respectively. EternalRocks uses Tor to communicate with the C2 server at the address ubgdgno5eswkhmpy[.]onion.

The second stage of the malware is downloaded from https://ubgdgno5eswkhmpy[.]onion/updates/download?id=PC 24 hours after the initial infection. During this stage, the NSA tools are extracted and are used to infect other machine by random scanning for port 445. ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE and ETERNALSYNERGY are being used along with DOUBLEPULSAR, ARCHITOUCH and SMBTOUCH to find other targets to infect. It is possible the malware authors are controlling the spread by using the 24 hour delay between the two stages. .
Tags: EternalRocks, Exploitation, EternalBlue, SMB

Source: Honeypot Tech

Hello World issue 2: celebrating ten years of Scratch

We are very excited to announce that issue 2 of Hello World is out today! Hello World is our magazine about computing and digital making, written by educators, for educators. It  is a collaboration between the Raspberry Pi Foundation and Computing at School, part of the British Computing Society.

We’ve been extremely fortunate to be granted an exclusive interview with Mitch Resnick, Leader of the Scratch Team at MIT, and it’s in the latest issue. All around the world, educators and enthusiasts are celebrating ten years of Scratch, MIT’s block-based programming language. Scratch has helped millions of people to learn the building blocks of computer programming through play, and is our go-to tool at Code Clubs everywhere.

Cover of issue 2 of hello world magazine

A magazine by educators, for educators.

This packed edition of Hello World also includes news, features, lesson activities, research and opinions from Computing At School Master Teachers, Raspberry Pi Certified Educators, academics, informal learning leaders and brilliant classroom teachers. Highlights (for me) include:

  • A round-up of digital making research from Oliver Quinlan
  • Safeguarding children online by Penny Patterson
  • Embracing chaos inside and outside the classroom with Code Club’s Rik Cross, Raspberry Jam-maker-in-chief Ben Nuttall, Raspberry Pi Certified Educator Sway Grantham, and CPD trainer Alan O’Donohoe
  • How MicroPython on the Micro:bit is inspiring a generation, by Nicholas Tollervey
  • Incredibly useful lesson activities on programming graphical user interfaces (GUI) with guizero, simulating logic gates in Minecraft, and introducing variables through story telling.
  • Exploring computing and gender through Girls Who Code, Cyber First Girls, the BCSLovelace Colloqium, and Computing At School’s #include initiative
  • A review of browser based IDEs

Get your copy

Hello World is available as a free Creative Commons download for anyone around the world who is interested in Computer Science and digital making education. Grab the latest issue straight from the Hello World website.

Thanks to the very generous support of our sponsors BT, we are able to offer a free printed version of the magazine to serving educators in the UK. It’s for teachers, Code Club volunteers, teaching assistants, teacher trainers, and others who help children and young people learn about computing and digital making. Remember to subscribe to receive your free copy, posted directly to your home.

Get involved

Are you an educator? Then Hello World needs you! As a magazine for educators by educators, we want to hear about your experiences in teaching technology. If you hear a little niggling voice in your head say “I’m just a teacher, why would my contributions be useful to anyone else?” stop immediately. We want to hear from you, because you are amazing!

Get in touch: with your ideas, and we can help get them published.


The post Hello World issue 2: celebrating ten years of Scratch appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic

STAXX 2.3 is Here – Features New Anomali Limo Service

We’re pleased to announce a major update to STAXX with version 2.3, which includes our brand new Anomali Limo service – a collection of free threat intelligence feeds. We’re also pleased to announce Anomali Forum – a discussion board focused on cybersecurity and threat intelligence.

Anomali Limo

Since we launched STAXX back in November we knew it was a great tool for accessing and sharing threat indicators from a known site, particularly STIX/TAXII providers. In 2.3 we wanted to provide out-of-the-box feeds for users who might not have access to any other intelligence sources. STAXX now integrates Anomali Limo – a free, preconfigured collection of threat feeds. You can find Limo in the Settings -> Sites. Here you can select which feeds you want to collect, how many days of past history to download, and the frequency.

Anomali STAXX Limo sites
Anomali Limo is preconfigured under Settings -> Sites

Anomali STAXX Limo feeds
Limo includes a set of free intelligence feeds

We’ll be enhancing Limo with additional feeds over time – so stay tuned for updates.

If you’re running STAXX and have auto-update turned on, you should already be upgraded to 2.3. If you need to download a fresh copy of STAXX, you can always get it here:

Anomali Forum

Anomali Forum is a discussion board focused on cybersecurity and threat intelligence. Here you’ll find discussions on latest security threats, ability to chat within trusted circles, and discuss and share feedback on specific Anomali products. Forum is fully integrated with Anomali products – so you can just use your existing login to access Forum.

We will be adding content on a daily basis, so please be sure to stop by to Post, Like and Share!

Source: Honeypot Tech

Fail your way to perfection

As educators and makers at Raspberry Pi, we think a lot about failure and how to deal with it constructively. Much has been written about the importance of failure to design and engineering projects. It is undoubtedly true that you can learn a lot from your mistakes, like getting the wrong size of part, mistyping your code, or not measuring when doing your DIY. The importance of failure has even become a bit of a common trope: just think of those slightly annoying inspirational quotes attributed to famous historical figures which you find all over social media.


I have not failed. I’ve just found 10,000 ways that won’t work. Thomas Edison.

Failure can be good!

But, as with many a cliché, there is an underlying truth that it is worth revisiting. Designing, engineering, and creating all involve making mistakes along the way. Even though failures feel bad, by reaching out when something goes wrong, you can call on the expertise of your community, learn, and make the final result better.

However, we often think failing also makes us look bad, so we don’t talk about it as an essential part of the process that got us to the end stage. We make things shiny and glossy to big-up our success, putting all the focus on the result. This tendency is, however, not necessarily helpful if we want to help educate others. As Jonathan Sanderson of NUSTEM puts it:

Jonathan Sanderson on Twitter

stem educators: worth noting: confessions of rank stupidity in digital making get responses, sympathy, offers of help on Twitter. (1/2)

Jonathan Sanderson on Twitter

yet our write-ups only feature the things we did right. Mis-steps and recovery from failure are key parts of process. (2/2)

The NUSTEM team truly believes in this: when sharing their builds, they include a section on what they would do differently next time. By highlighting the journey, and the mistakes made along the way, they are not only helping those that also want to go on that journey, they are also demystifying the process a bit.

Celebrate your fails

Because failure feels bad, we don’t routinely celebrate it. But there are niches where failure is celebrated: Simone Giertz’s (slightly sweary) YouTube videos are a great example. And then there is Hebocon, the Japanese competition for cruddy robots. In fact, the organisers of Hebocon make a great point: crafts that do not go as intended are interesting.

This is as much true when working with young people as it is in the wider world. In Pioneers, we also want to do our bit to celebrate failure. Our judges don’t just watch the teams’ videos to see how they overcame what went wrong along the way, they also have an award category that celebrates wrong turns and dead ends: ‘We appreciate what you’re trying to do’. Our first challenge‘s winning entry in this category was PiCymru’s We Shall Overcomb:

PiCymru : Make us Laugh Challenge

The video of the PiCymru teams Pioneer challenge entry! The team wasn’t able to get things to work the way they hoped, but wanted to share the joy of failure 🙂

The category name was suggested by our lovely judge from the first cycle, stand-up comedian Bec Hill: it’s one of the accepted heckles the audience can shout out at her stand-up scratch nights. Scratch nights are preview events at which a comedian tests new material, and they are allowed to fail on stage. We may not often think of comedy as embracing failure, but comedians do scratch nights specifically to learn from their mistakes, and to make the final product all the better for it. Interestingly, scratch nights are hugely popular with audiences.

So, if you’re working with a group of young people, what can you do to encourage learning from failure and not let them give up?

Helping you to fail better

In our book Ideas start here, for Pioneers mentors, we’ve given a few tips and phrases that can come in useful. For example, if someone says, “It isn’t working!”, you could respond with “Why not? Have you read the error log?” RTFM is a real thing, and an important skill for digital life.

We agree with engineer Prof Danielle George, who believes in being honest about your failures and highlighting their importance to where you’ve got now. “I fail a lot,” she says. “The trick is to embrace these failures; we don’t have to succeed the first time. We learn from our mistakes and move forwards.”

If, as a mentor, you’re not sure how to encourage and support those not used to failing, this article also has some more tips.

If nothing else helps, but you need to feel inspired, think about what someone said to Karen, who sucks at surfing:

Karen, you are actually pretty good at surfing. Keep in mind that billions of other humans wouldn’t dare even try.

How about you? If you have a story of what you learned from failure in one of your projects, share it in the comments!

Mistakes GIF – Find & Share on GIPHY

Discover & Share this Mistakes GIF with everyone you know. GIPHY is how you search, share, discover, and create GIFs.

The post Fail your way to perfection appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic

HakTip 156 – Linux Terminal 201: How To Use tar, gzip, bzip2, and zip

Archiving vs Compression? What’s the difference between tar, gzip, bzip2, and zip? We’ll check out all of them, along with how to use each tool in the terminal on HakTip!

Our Site:
Contact Us:
Threat Wire RSS:
Threat Wire iTunes:
Help us with Translations!

Source: Security news

Source: Zologic

Weaponising a teddy bear

At primary school, I loved my Tamagotchi: it moved, it beeped, it was almost like I could talk to it! Nowadays, kids can actually have conversations with their toys, and some toys are IoT devices, capable of accessing online services or of interacting with people via the Internet. And so to one of this week’s news stories: using a Raspberry Pi, an eleven-year-old has demonstrated how to weaponise a teddy bear. This has garnered lots of attention, because he did it at a cybersecurity conference in The Hague, and he used the Bluetooth devices of the assembled experts to do it.

AFP news agency on Twitter

Eleven-year-old “cyber ninja” stuns security experts by hacking into their bluetooth devices to manipulate teddy bear #InternetofThings

Reuben Paul, from Texas, used a Raspberry Pi together with his laptop to download the numbers of audience members’ smartphones. He then proceeded to use a Python program to manipulate his bear, Bob, using one of the numbers he’d accessed, making him blink one of his lights and record an audio message from the audience.

Reuben has quite of bit of digital making experience, and he’s very concerned about the safety risks of IoT devices. “IoT home appliances, things that can be used in our everyday lives, our cars, lights, refrigerators, everything like this that is connected can be used and weaponised to spy on us or harm us,” he told AFP.

Apparently even his father, software security expert Mano Paul, was unaware of just how unsafe IoT toys can be until Reuben “shocked” him by hacking a toy car.

Reuben is using his computer skills for good: he has already founded an organisation to educate children and adults about cybersecurity. Considering that he is also the youngest Shaolin Kung Fu black belt in the US and reportedly has excellent gymnastics skills, I’m getting serious superhero vibes from this kid!

No Title

No Description

And to think that the toys that were around when I was Reuben’s age could be used for nothing more devious than distracting me from class…

The post Weaponising a teddy bear appeared first on Raspberry Pi.

Source: RaspberryPi – IOT Anonimo

Source: Privacy Online

Source: Zologic

Report on the consultation workshop on a European ICT security certification framework

In its July 2106 Communication on Strengthening Europe’s Cyber Resilience System, the European Commission has committed to develop a proposal for a European ICT security certification framework. As a follow-up on this commitment, the European Commission, together with the European Union Agency for Network and Information Security, organised a consultation workshop with industry and experts from Member States.
Source: Cybersecurity and digital privacy newsletter

Source: Privacy Online

Source: Zologic

TekThing 125 – Fight Ransomware!!! Should I Pay for Antivirus? How To Back Up and Rip DVD, Cable Modem Lawsuit!

How To Fight Ransomware!!! Should I Pay for Antivirus? Back Up DVDs & Blu-rays, Run Pi-hole and OpenDNS!
The Wannacry Ransomware has encrypted the data on hundreds of thousands of computers, we tell you how to fight ransomware, what you should do now before your machine gets infected, why you should check before you pay to decrypt, and more in the video!

10:37 Backing Up DVDs
Dan tweets, “@TekThing I’d like to back up my DVD collection to a NAS that I can stream to my devices on my network. Any tips?” We discuss if it’s legal, and how to use MakeMKV and HandBrake to back up your DVDs, for your own personal use, subtitles, sharing via NAS, and more in the video!

24:12 Should I Pay For Antivirus?
Lennert has a new laptop, and writes, “Is Defender plus a bit of common sense enough to keep your laptop virus free? Should I buy a more powerful tool like Malwarebytes, Kaspersky or Bitdefender?” Find out what we do in the video, and here’s the PCMag article with the good prices!,2817,2372364,00.asp

27:53 Pi-hole And OpenDNS!
Tony D writes TekThing, “You can use the Pi-hole AND OpenDNS!” Find out how in the video!

29:13 Cable Modem Lawsuit?
Several viewers pointed out that there’s a class action lawsuit brewing around Shannon’s new Arris 6190 cable modem. Find out why Shannon’s not worried, and why one of viewers questions whether end users can even detect the problems!

30:42 Do Something Analog
Like Shannon: fly to australia while playing the Nintendo Switch!!! Want to meet up with Shannon and Hak5’s Darren in Australia? Check!
Thank You Patrons! Without your support via, we wouldn’t be able to make the show for you every week!
Amazon Associates:

Source: Security news

Source: Zologic

WatchGuard Wi-Fi Cloud Update

Hello WatchGuard Wi-Fi Cloud Users,

We are planning a brief system update on Sunday, May 21, 2017 between 1:00 AM and 3:00 AM Pacific Time to deploy stability improvements to WatchGuard Wi-Fi Cloud services via 

During the maintenance window, your access points will continue to function normally and client traffic will not be interrupted.  Access to Analyze will be intermittently unavailable for 30 minutes during the maintenance window.

If you have any questions regarding the update, please visit


WatchGuard Wi-Fi Cloud Team

Source: WatchGuard