Kaspersky in the crosshairs


Kaspersky is in what you might call "a bit of a pickle."

The Russian cybersecurity firm, famous for its antivirus products and research reports on active threat groups is facing mounting accusations of working with, or for, the Russian government.

These accusations have been made in press and infosec gossip for years. In the past month there’s been more scuttlebutt in the press, an NSA probe surfaced, and the Senate got involved by pushing for a product ban. This week things reached a peak with fresh accusations from Bloomberg and a surprising attack from the Trump administration. Which is odd, considering how eager the current regime is to please and grease the wheels of its Russian counterparts.

Either way, Kaspersky is really in a tight spot this time. The hammer dropped Tuesday when Bloomberg published Kaspersky Lab Has Been Working With Russian Intelligence. It comes from the same reporters who started 2015’s "banyagate," in which Kaspersky Lab Has Close Ties to Russian Spies alleged CEO Eugene Kaspersky colluded with Russian intel in secret sauna meetings.

In each instance Kaspersky — the company, and its CEO of the same name — issued statements refuting the articles point by point and denying the accusations.

This week’s piece claims to be operating on information from 2009 internal company emails obtained from anonymous sources. In them, the company allegedly discusses working on a DDoS product for a Russian government entity.

Without technical descriptions, what Bloomberg wrote about the deployment and maintenance of the DDoS product is quite hazy. On the one hand, it comes across as maybe nefarious; on the other, it’s maybe just enterprise-level threat services. The article did state that Kaspersky participates in "hacking back" on the Russian government’s behalf and that the company’s employees also go on raids with the FSB — both of which are incredibly serious charges which aren’t fully substantiated.

In its statement, Kaspersky said that it does not hack back, but it does assist Russian law enforcement, saying:

"Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government. The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime."

Here I’ll say a couple of things "everyone knows" but few want to admit (or will like to hear). Cybersecurity firms have gone from being infosec startups to becoming intelligence brokers, no matter how anyone tries to package it. This is a permanent feature in the infosec landscape.

What upsets people even more, is that pretty much everyone has worked for, or with, a government or law enforcement at some point. Infosec isn’t black and white: Good luck finding someone in infosec that hasn’t worked for the government — any government — or knows exactly who they’ve worked for at any given time, for that matter.

Which brings us back to Kaspersky.

So far there’s been no public evidence to substantiate accusations that Kaspersky is under Kremlin influence. Yet Bloomberg’s article moved the needle in Washington.

It got a reaction from Senate Democrats, who are rightfully freaked out about Russian government meddling, and also got action from the Trump camp, which is … worth a closer look. For the past few months, DC’s scrutiny of Kaspersky and any alleged ties to the Kremlin (which Kaspersky denies) has only increased as suspicion about the Trump regime has exploded. This paranoia makes sense, even if the lack of concrete public evidence (so far as we know) makes it illogical.

Around July 4, the Senate Armed Services Committee recommended banning the Department of Defense (the Pentagon) from using Kaspersky’s products in 2018. As in, they’re using them now, but they’ll be dropped in the future.

Just before that, on June 25th a "counter-intelligence inquiry" saw the FBI going to the homes of around a dozen Kaspersky employees in the US. Agents questioned employees about their company’s operations, but we didn’t hear anything further.

US Pentagon at sunset

To avoid being banned from the Pentagon’s defense contracts, in response Eugene Kaspersky offered the US government access to his company’s source code. This is ostensibly to show that there are no Russian government backdoors in his products (like antivirus software), which is one of the suspicions. Infosec chatter noted that this wouldn’t make much of a difference either way, considering that antivirus products basically act like rootkits anyway; an antivirus program has access to the advanced privileges in your computer and "calls home" for its updates.

Keep in mind that a lot of us are wondering about evidence as to whether or not Kaspersky and company are tools for the Russian government.

Which brings us to Trump. The Trump administration, being a fiefdom operating under its own mysterious reasons, jumped on the anti-Kaspersky bandwagon this week. Appearing to take its cue from Bloomberg’s article, Trump’s regime moved quickly to stop a few government agencies from using Kaspersky products. Tuesday ABC News reported that Trump was considering a government-wide ban.

Shortly after that the General Services Administration (GSA) took Kaspersky off the list of approved vendors for two government contracts. This makes it prohibitive for agencies to purchase or use the company’s products.

"After review and careful consideration, the General Services Administration made the decision to remove Kaspersky Lab-manufactured products from GSA IT Schedule 70 and GSA Schedule 67 – Photographic Equipment and Related Supplies and Services," a GSA spokesman said.

That’s the weird part. For an administration that says its eager to please the Russian government, it’s a contradiction to have the GSA harm the business of a Russian company. Unlike the speculation about Kaspersky, the GSA is absolutely a proven tool of the Trump administration. It is not on the side of those who want to see Robert Mueller succeed with the Trump-Russia investigation.

The GSA’s new chief was handpicked by Trump and is currently in deep trouble for letting Trump violate the Constitution in regard to his Washington DC Hotel. When senators ask for answers from the GSA about its lenient dealings with Trump, they get obfuscation and silence.

Meanwhile, Kaspersky is under fire from its own community. Infosec is becoming more divided about Kaspersky by the day. Some infosec thought leaders are saying "it’s about time" people stopped trusting and using Kaspersky products. This is another huge contradiction on its own: The industry relies — and in some cases depends — on Kaspersky’s admittedly top-notch, publicly available research on a wide variety of global threat groups (yes, including Russian ones).

That research has gotten everyone out of tight spots. When the Shadow Brokers dumped exploits into the wild and advantageous threat actors started weaponizing them, Kaspersky’s research was where the most reputable cybersecurity companies referred people to for systems patches and protection. There’s no doubt that the Shadow Brokers (widely believed to be a Russian state entity) would’ve had much more of a field day if Kaspersky hadn’t actively worked to undermine the effects of the dump.

I’m not here to bury Kaspersky or to praise it. With few exceptions, I can assure you that pretty much every company that comes near infosec is shady. We don’t know hard facts behind the accusations against Kaspersky, which is frustrating, but we do know that their research contributions have been invaluable.

Typically, research like that sits behind a company’s six-figure enterprise-level paywalls. I just hope that research, and its spirit, doesn’t go away. The future doesn’t look great for the company right now in the US. The Senate Armed Services Committee’s defense-spending policy bill barring Kaspersky’s antivirus software seems to have legs, and that would definitely be a punitive measure against the company. It will need to get approval from the Senate and House before being signed by Trump, but that’s now surprisingly possible.

Maybe Kaspersky’s dogged researchers found the pee tapes? We can only hope.

Images: Getty Images/iStockphoto (Pentagon); Yegor Aleyev\TASS via Getty Images (Eugene Kaspersky)

from Engadget http://engt.co/2uBuKPP

Load Up On Hundreds Of Kindle Books For Super Cheap


Kindle Book Sale

Summer is the time that most people get around to reading all of the books they’ve put aside for the last year (or four) but it’s going to be even harder to get through the backlog with the Kindle book sale going on right now. That reading “to do” list is going to double in size.

Check out all of the titles on a deep discount right now. If you’re into business books, grab The Millionaire Mind, The Inspiration Code: How the Best Leaders Energize People Every Day or Reboot Your Life or Focal Point: A Proven System to Simplify Your Life.

If you’re into cooking, grab The Barbecue Bible or Slow Fire: The Beginner’s Guide to Lip-Smacking Barbecue for super cheap.

Sports and fitness freaks can get their fill with awesome titles like Primal Endurance, No Way Down: Life and Death on K2 and Bear Grylls autobiography Mud, Sweat, and Tears.

Check out all of the Kindle books on sale and load up now.

Shop Now

The BroBible team writes about gear that we think you want. Occasionally, we write about items that are a part of one of our affiliate partnerships and we may get a percentage of the revenue from sales.

from BroBible.com http://bit.ly/2tyjhLG

Ataribox will come in two suitably retro editions


Just over a month since its announcement at E3, Atari is offering a proper look at its first console in over 20 years. In an email to fans, the company reveals the Ataribox will come in two editions, both of which pair a recognizably retro aesthetic with contemporary design flourishes.

As revealed in the teaser vid, one version of the Ataribox draws its design cues from the brown wood found on the original Atari 2600. The other edition comes in red and black with a glass front panel. Both will include ribbed lines that flow around the console’s body and a raised back. A front-facing logo and four indicator lights complete the design. On the back are included a HDMI port, four USB ports, and SD card support.

Although the company is keeping tight-lipped about the console’s specs, it sounds like it will be more than just a NES Classic for the Atari set. The latest info has it that the Ataribox will boast a mix of classic and contemporary titles. Then again, it could do a lot worse than aping Nintendo’s money-raking nostalgia cash-ins.

There’s still no word on pricing, release dates or games — things that might help drum up hype for the new hardware. Atari has a decent library of titles, too, stretching from arcade classic Centipede to this year’s Rollercoaster Tycoon Touch. The company has also been tight-lipped on who, if anyone, it will work with in the wider development community.

Atari believes that keeping quiet is the best policy for now, however, saying that it wants to nail its first console in two decades. "We know you are hungry for more," said the email sent to customers. "We’re not teasing you intentionally; we want to get this right, so we’ve opted to share things step by step." Atari fans are definitely a patient bunch, that’s for sure.

Source: Atari email (via Reddit)

from Engadget http://engt.co/2vat8t9

Nearly 90,000 Sex Bots Invaded Twitter in ‘One of the Largest Malicious Campaigns Ever Recorded on a Social Network’

Screencap: ZeroFOX

Last week, Twitter’s security team purged nearly 90,000 fake accounts after outside researchers discovered a massive botnet peddling links to fake “dating” and “romance” services. The accounts had already generated more than 8.5 million posts aimed at driving users to a variety of subscription-based scam websites with promises of—you guessed it—hot internet sex.

The bullshit accounts were first identified by ZeroFOX, a Baltimore-based security firm that specializes in social-media threat detection. The researchers dubbed the botnet “SIREN” after sea-nymphs described in Greek mythology as half-bird half-woman creatures whose sweet songs often lured horny, drunken sailors to their rocky deaths—presumably for the purpose of feasting upon their vitamin-deficient corpses.

ZeroFOX’s research into SIREN offers a rare glimpse into how efficient scammers have become at bypassing Twitter’s anti-spam techniques. Further, it demonstrates how effective these types of botnets can be: The since-deleted accounts collectively generated upwards of 30 million clicks—easily trackable since the links all used Google’s URL shortening service.

The 90,000 accounts were all created using roughly the same formula: A profile picture of a stereotypically attractive young woman whose tweets included sexually suggestive, if not poorly written remarks that invite users to “meet” with them for a “sex chat.” Millions of users apparently fell for the ruse and, presumably, a small fraction of went on to provide their payment card information to the pornographic websites they were lured to.


“The accounts either engage directly with a target by quoting one of their tweets or attracting targets to the payload visible on their profile bio or pinned tweet,” ZeroFOX reports. Roughly 20 percent of the accounts lay dormant for a year before sending their first tweets, an effort to evade Twitter’s anti-spam detection.

Here’s just a brief sample of the hilariously bad tweets generated by these obviously fake accounts:

  • “I want to #fondle me?”
  • “I want to take my #virgin?”
  • “Came home from training, tired wildly?”
  • “Meow, I want to have sex.”
  • “Boys like you, my figure?”
  • “Want a vulgar, young man?”

The tweets further included links to affiliate programs—web pages that typically redirect users to other adult websites. Members of these programs, which traditionally rely heavily on spam, receive payouts based on the amount of traffic they send to subscription-based porn and so-called “adult dating” websites. Likewise, many of the “dating” websites are themselves scams, chiefly comprised of fake female profiles which encourage visitors to sign up for paid subscriptions with promises of lame cybersex and nudes. (PSA: There are literally no women on the internet that want to have sex with you.)


According to ZeroFOX, two out of five of the domains tweeted by the SIREN botnet are associated with a company called Deniro Marketing. Deniro Marketing was identified earlier this year by noted security researcher Brian Krebs as being tied to a “porn-pimping spam botnet.” (Krebs also filed a report Monday regarding ZeroFOX’s discovery.) The company reportedly settled a lawsuit in 2010 for an undisclosed sum after being accused of operating an online dating service overrun with fake profiles of young women.

A Deniro Marketing employee who answered the phone at its California headquarters on Monday said that no one was available to respond to inquiries from reporters.

While it seems unlikely that Deniro Marketing created the fake accounts itself, it may have contracted a third party—likely located somewhere in Russia or Eastern Europe—to spread the links for them. A “large chunk” of the accounts’ self-declared languages were Russian, ZeroFOX reports, and approximately 12.5 percent of the bot names contained letters from the Cyrillic alphabet.



“To our knowledge, the botnet is one of the largest malicious campaigns ever recorded on a social network,” ZeroFox concludes. Luckily, none of the links tweeted by the SIREN botnet appear to contain malware, nor were any associated with phishing attempts. But with more than 30 million clicks, the discovery reveals what a threat such an operation could be if the goal were shifted slightly to include, for example, the spread of ransomware.

Twitter did not immediately respond to a request for comment.


from Gizmodo http://bit.ly/2uBzR26

Neil deGrasse Tyson reveals the biggest misconceptions people have about the universe


Neil deGrasse Tyson explains some of the biggest misconceptions we have about the universe.

Darren Weaver contributed to an earlier version of this video.

Follow Tech Insider: On Facebook

StarTalk Radio is a podcast and radio program hosted by astrophysicist Neil deGrasse Tyson, where comic co-hosts, guest celebrities, and scientists discuss astronomy, physics, and everything else about life in the universe. Follow StarTalk Radio on Twitter, and watch StarTalk Radio "Behind the Scenes" on YouTube.

Join the conversation about this story »

from SAI http://read.bi/2u1hhxv

Superstar DJ Steve Aoki explains how he gets by on 3-4 hours of sleep a night


Music superstar, producer, and DJ Steve Aoki is one of hardest working professionals in the music industry. As proof, in 2014 he was given a Guinness World Record for "most traveled musician in one year." He’s also known for getting very little sleep and even has "I’LL SLEEP WHEN I’M DEAD" tattooed on his neck. We asked him how he’s able to work so hard, sleep so little, and not burn out.

Aoki’s new album "Steve Aoki Presents Kolony" is out on July 17. 

The following is a transcript of the video: 

So I’m literally on the road for 300 days of the year. My schedule is pretty grueling. I tour, on average, between 230 to 250 shows a year. Every single year. When we do, let’s say, 250 shows … we’re adding in 50 more dates of just travel dates. So I’m literally on the road for 300 days of the year.

Like I never get 8 hours. ‘Cause it’s really difficult to find like an adequate amount of sleep. And I know that’s like your … that’s what you should be getting, 8 hours. So, you know, repair your brain. So your brain works properly and you repair your muscles and stuff like that. But on average I probably get … it’s more like maybe 3 to 4 hours. Sometimes less.

Whenever I can … I nap. So in transportation … I’m napping. I can nap, you know,  literally standing up. And when you’re on the road with me you have to learn how to nap anywhere because we are, we are, like a moving train that just doesn’t stop.

And I have to ask myself the question I guess, like, "How do I go without burning out?" That’s … it takes me a while to really think about that answer. I train my brain to accept that the road is my home, instead of the road is not my home. It’s just a mental thing everything’s mental. Actually, everything starts right here. And if you can control that, you …  then you don’t get burnt out. And you have better discipline.  

Follow Tech Insider: On Facebook

Join the conversation about this story »

from SAI http://read.bi/2tjdj65

Bitcoin Price Drops Below $2,000 as Crypto Markets Fall Toward $70 Billion


The price of bitcoin hit a 49-day low today, falling near $2,000 for the first time in weeks amid a broad sell-off across crypto assets.

The value of the total supply of all cryptocurrencies and crypto assets tracked similarly, dropping to $72bn, a figure that was 37 percent lower than its all-time high of $115bn set in June.

Overall, the figures observed for both bitcoin and the total cryptocurrency market were the lowest since late May. Further, the asset class was down 11% over a 24-hour span at publication, a time during which it shed roughly $9bn in value.

When polled, responding analysts largely credited the decline to short-term concern about the markets, which have undergone a period of rapid appreciation since the beginning of 2017.

Others pointed to the ongoing debate over bitcoin’s technical roadmap, as well as uncertain over how planned upgrades could unfold, as a possible reason.

“It could be people who are not comfortable in holding bitcoin because of August 1st due date,” Andrea Medri, founder of cryptocurrency exchange The Rock Trading, told CoinDesk.

Also cited is the fact that ether’s market has been similarly hit with sell pressure, spurred by the economics supporting recent ICO projects.

Still, others suggested it could be a sign of market-fatigue long expected given the influx of relatively new traders in recent months.

Water slide image via Shutterstock

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at news@coindesk.com.

from CoinDesk http://bit.ly/2t7LU3a

Synthetic or conventional oil? The verdict is finally in


Oil Change

If you’re a good car owner and follow a reasonable maintenance schedule, you most likely change your oil at least twice a year.

This has always been my practice. Scrupulous drivers do it more often, using the traditional "every 3,000 miles" rule. And so do drivers who run their vehicles hard.

But a big question comes up when undertaking this basic task, either yourself or at a professional garage or oil-change location: traditional or synthetic oil?

There are two considerations when making that call: cost and quality. Everybody knows synthetic costs more. But is it worth it?

AAA conducted an extensive scientific analysis to find out. The results, published earlier this month, aren’t shocking, but they could guide consumer behavior toward spending a bit more money to get a long-term review.

Synthetic is better. A lot better.

"Synthetic oil outperformed conventional oil by an average of nearly 50 percent in its independent evaluation, offering vehicles significantly better engine protection for only $5 more per month when following a factory-recommended oil change schedule," the organization said in a statement.

In the study, AAA found that "synthetic engine oils performed an average of 47 percent better than conventional oils in a variety of industry-standard tests," John Nielsen, the organization’s managing director of automotive engineering and repair, said in a statement.

"With its superior resistance to deterioration, AAA’s findings indicate that synthetic oil is particularly beneficial to newer vehicles with turbocharged engines and for vehicles that frequently drive in stop-and-go traffic, tow heavy loads or operate in extreme hot or cold conditions."

Worth it to spend a little more

Infiniti VC-Turbo

A lot of drivers already kind of knew that. I did, but there have been plenty of times when I opted for "dinosaur oil" over the higher-tech and pricier synthetic stuff.

AAA was quite honest about the findings. You aren’t going to hurt your engine if you skip the Mobil 1, one of the best-known synthetics. But you aren’t going to put yourself in the poorhouse if you flip for the synthetic, either — these oils add only $64 a year on average to vehicle-operation costs.

You might think you’re being upsold at the oil-change place. But the upsell pays off for you and the mechanic.

AAA didn’t go light on the research. The report it produced is a deep dive into these lubrications.

"AAA’s engine oil research focused on eight industry-standard ASTM (American Society for Testing and Materials) tests to evaluate the quality of both synthetic and conventional engine oils in terms of shear stability, deposit formation, volatility, cold-temperature pumpability, oxidation resistance and oxidation-induced rheological changes," the organization said.

DeBord Saab Slob

I’ve been opting for synthetic for a few years now because I figure it would cover me better than changing the oil more often.

It is important to remember that you don’t need to go synthetic if cost is an issue — that’s the catch. When my 1998 Saab 900S was on its last legs, I went back to conventional for oil changes. I wasn’t going to deprive myself of a decent bottle of wine for that jalopy, which I loved but had to send to its final reward when I moved back East a few years ago.

However, if you own a newer car or want to maximize the long-term value of your vehicle, AAA’s advice is clear: pay the extra money for the extra protection.

SEE ALSO: Investors are completely ignoring Tesla’s biggest flaw

Join the conversation about this story »

NOW WATCH: Ford replacing its CEO points to the short-termism on Wall Street

from SAI http://read.bi/2u0XJcC

Amazon’s Alexa Works Great in Your Car

Image credit:

This week Amazon had its biggest shopping day ever, with the Dot, the pint-sized version of the company’s Echo, being the best seller of the day. While the device is most commonly used in homes (I have mine sitting in my living room so it can hear me around the apartment) a Business Insider reporter wrote about setting his up in a little bit of a different spot: his car. I’ve actually been using Alexa on the road for roughly the past six months, and have found it really useful, arguably more-so than in my home.

While there absolutely are cars out there with voice control, they aren’t the ones I’m driving. It’s nice to be able to do things like make music requests, ask for the day’s headlines, or add things to your to-do list hands-free (because apparently driving on the freeway is a great way for me to remember things I’ve forgotten). Rather than swapping connected phones to get to my friend’s “perfect” playlist, everyone can make music requests from their seats. For long road trips, trivia and games with Alexa can also help break up the monotony, and I’ve definitely used Alexa to order things I remember I need and know I can get from Amazon while I’m behind the wheel.

If you have a physical house, you can also use it to control smart home gadgets like lights or a garage door opener. The whole experience transforms a “dumb” car into one that feels like a car from the future, even if the actual car is barely functional at this point.


You can check out how that reporter set things up with the Dot here.

While I love the idea of Alexa while I’m driving, I think doing it with a Dot is a little overkill. Ford and Volkswagen have announced plans to bring Alexa to future vehicles, but I’ve been using Logitech’s $30 ZeroTouch smartphone dock and my phone to get pretty much the same effect.

Hardware-wise it’s just a car mount for your phone. There’s a dashboard mount and can air-vent mount. I have the vent one, mostly because I don’t own my own car and like using in rentals. It’s small enough to throw in a pocket or purse, and easily movable between different cars.

Image credit: Logitech

The vent version is cheaper than buying the most-discounted Dot and comes with a handful of other really useful hands-free features too. For instance, you can also ask for driving directions or where the closest gas station is, send and receive texts or Facebook and WhatsApp messages, call friends, or dig through your inbox.


It comes with a small metal sticker you put on the back of your phone, which attaches to the mount in the car when you’re ready to use it. Attaching and detaching the phone when you’re driving is as simple as just placing your phone on the mount (which honestly impresses people all on its own). Once connected, Logitech’s hands-free app will auto launch and you’re good to go.

Do you need Alexa in your car? Of course not. But there’s something totally satisfying about ordering groceries at 75mph.

from Lifehacker http://bit.ly/2vtZRsY

The Google exec in charge of designing Search: ‘There’s always this internal debate about how much functionality should we add’ (GOOG)


Hector Google

Google’s core business, its search engine, is well-known for being clean and simple. Type in what you want and Google will bring up the most relevant websites. That’s how it works.

But Google Search doesn’t just show websites in its results these days. Now it includes an increasing variety of content from websites and tweets to videos and images. The aim is ultimately to provide the user with the most relevant information in the most accessible way. 

Hector Ouilhet, Google’s head of design for Search and Assistant, told Business Insider this week that accommodating all of these new types of content in Search requires some careful consideration. 

"The whole goal is to try to organise information and deliver it to you," he said during an interview at the Tech Open Air conference in Berlin. "That’s the problem we’re trying to solve. The design has to accommodate multiple people, multiple expectations, and multiple situations.

"When you’re looking for whatever answer you want, how do we give you the right answer in a way that you’re like ‘oh yeah, that thing?" said Ouillet, whose team is responsible for the user experience across all of Google’s platforms and products. Today that includes watches and cars, as well as smartphones and computers. 

Sometimes the answer to a Google Search is very precise, because the user’s intention is very specific, Ouillet said. For example: "What is 25 Celsius in Fahrenheit?". But other times the question is more ambiguous and there’s no obvious answer. For example: "How often should I change the tyres on my car?"

Ouillet said Google often shows results to harder, more ambiguous questions with multiple "blocks", which can include a range of different content types. "As technology starts producing much more rich content, so video, images, they’re all coming into this stream of results. So some results are more simple, others are more thorough."


google search

Ouilhet admitted that Googlers don’t always agree on how best to present information to the billions of people that use Google’s search engine, stressing that he doesn’t want to make it feel cluttered. 

"There’s always this internal debate about how much functionality should we add to something," he said. "Ideally we try to keep it focused and simple." 

When asked if there are any similarities between the design for Search and the design for Google’s new offices in Mountain View and London, Ouilhet pointed to the fact that both are becoming "more open and more flexible." He said they were also both becoming more "inclusive between people that belong to Google and people that don’t belong to Google."

Join the conversation about this story »

NOW WATCH: How to supercharge your iPhone in 5 minutes

from SAI http://read.bi/2tiZaGk