code – Michmutters
Categories
Technology

Researchers Find Stolen Algorithms in Commercial Cybersecurity Products

LAS VEGAS – BLACK HAT USA 2022 – An analysis conducted by two researchers has revealed that some commercial cybersecurity products rely on algorithms that have been taken from other security tools without authorization.

The results of the research will be presented on Thursday at the Black Hat conference in Las Vegas by Tom McGuire, instructor at Johns Hopkins University, and Patrick Wardle, macOS security expert and founder of the Objective-See Foundation, a non-profit that provides free and open source macOS security resources.

The analysis focused on OverSight, a free tool offered via the Objective-See Foundation. The app enables users to monitor a Mac’s microphone and webcam, and alerts them whenever the mic is activated or the camera is accessed by a process.

The analysis led to the discovery of three security tools — developed by three different companies — that used OverSight algorithms without authorization. OverSight has been available as a free tool since 2016, but it was only made open source in 2021. Reverse engineering it in an effort to create commercial products would be unethical, if not illegal.

Using Google and Yara rules, the researchers identified commercial products using the same method names, paths, strings, undocumented registry keys, and parsing logic as OverSight.

Code stolen by commercial security application from OverSight

The offending companies were contacted and provided with proof that OverSight algorithms had been used in their products without authorization. They acknowledged the issue — even though one of the firms only took the researchers seriously after being faced with the possibility of public backlash — and promised to remove the code, and even offered financial compensation.

wardle awning SecurityWeek that the compensation offered by the companies was reasonable — even if it was only a ‘drop in the bucket’ for them. The money will be used by the Objective-See Foundation for its Objective by the Sea conference, books and free tools.

However, Wardle said, the most important aspect is that all of the companies seemed eager to make changes and ensure that such practices are avoided in the future, which was one of the project’s main goals, along with bringing attention to the issue.

The companies that used the algorithms without authorization have not been named, but Wardle told SecurityWeek that they were both small and larger companies that had been using the stolen intellectual property for various products, including simple utilities and bigger macOS security products. A majority were dedicated cybersecurity companies, but the algorithms were also misused by a tech company.

On the other hand, it’s worth mentioning that the researchers concluded that in a majority of cases the infringement is the work of a single — possibly naive — developer, rather than ‘malice of the entire corporation’.

“I went in thinking the entire corp. was likely conspiring to steal from my non-profit, whereas that really wasn’t the case,” Wardle said.

The goal of this research was to encourage others to look into these practices and help developers find out if their code has been stolen — the researchers believe this practice is likely more common than we think. However, Wardle noted that you need both a software developer and a competent reverse engineer to identify this type of theft.

“It doesn’t matter if your code is closed-source — if people want to steal it they will,” Wardle said. “I knew that technically this wasn’t complicated, but figured the fact that it wasn’t open-source (originally) would be a clear ‘hey, this is private, don’t steal’. Apparently not.”

Related: Repurposing Mac Malware Not Difficult, Researcher Shows

Related: Hackers Can Bypass macOS Security Features With Synthetic Clicks

view counter

Edward Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:
Tags:

.

Categories
Technology

Warzone 2 Reveal Event Announced

Activision has finally announced when it will be revealing more details on Call of Duty: Warzone 2. We’ve known for quite some time now that the follow-up battle royale shooter, which Activision is only referring to as “Warzone 2.0,” would be releasing at a time later in 2022. And while the end of the year is rapidly approaching , we still haven’t seen anything about what will be next for war zone. Fortunately, Activision has now confirmed that more information will be coming around the corner in a new event next month.

Revealed in a new blog post on the Call of Duty website, Activision detailed what it’s calling “Call of Duty: Next,” which is an event slated to take place on September 15th. In short, Call of Duty: Next will feature news on “the imminent future of Call of Duty” which includes information on Modern Warfare 2, war zone 2and the mobile port of Call of Duty: Warzone. Rather than revealing all of these details slowly over time, Activision and developer Infinity Ward have opted to instead have one mega-event that will highlight a number of upcoming projects.

In addition to seeing new footage from Modern Warfare 2 and war zone 2 at this event, there’s a good chance that we could also get a launch date for the latter title at Call of Duty: Next. given that war zone 2 is set to release before the end of the year, Activision is nearing the point where it would likely start revealing more plans for launch. If a release date does come about at this event, we’ll be sure to keep you in the loop here on ComicBook.com.

whenever Call of Duty: Warzone 2 does release, it will be coming to PS5, PS4, Xbox Series X, Xbox One, and PC. The game won’t be compatible with the original war zonehowever, which means that progress and items won’t transfer to the sequel.

How do you feel about Activision opting to hold one big showcase to show off more of what’s coming to Call of Duty in the future? And what are you specifically expecting to see from war zone 2? Let me know either down in the comments or reach out to me on Twitter at @MooreMan12.

.

Categories
Australia

Got a question about the Somerton Man breakthrough? Ask the experts in our live Q&A blog and catch up on the mysterious case

The case of the Somerton Man has baffled detectives and amateur sleuths for decades.

Now it’s your chance to ask the experts just how one of Australia’s most enduring mysteries has been solved — and why the story has attracted so much attention.

University of Adelaide professor Derek Abbottwho spent decades researching the case and helped to uncover the man’s identity, will join us from 12pm (AEST) to tackle all your curly questions.

Colleen Fitzpatricka renowned forensic genealogist who lent her expertise to the case, and ABC journalist and host of Radio National podcast The Somerton Man Mystery, Fiona Ellis Joneshave also slow their time to respond to your top questions from our audience call-out.

The live feed will begin at midday but, in the meantime, here’s what you need to know about the case:

A man is found dead on the beach — but no-one knows who he is

The Somerton Man's face mold and a digital image of the man it was taken from
Digital illustrator Daniel Voshart created an image of the Somerton Man based on the face mold created after he was found dead.(Supplied: Daniel Voshart)

On December 1, 1948, a man’s body was found slumped against a wall under the esplanade at Somerton Beach in Adelaide. But there were few clues to determine his identity.

He had a half-smoked cigarette on his lapel and a few personal items in his possession: two combs, a box of matches, a used bus ticket to the area, an unused second-class train ticket, a packet of chewing gum and cigarettes .

A post-mortem revealed the man had a “stinkingly” enlarged spleen and internal bleeding in the stomach and liver, and it was concluded the death resulted from poison.

Then the paper was found: ‘Tamam Shud’

In the months following the mystery man’s death, the case took a strange turn.

A suitcase believed to belong to him was found at Adelaide Railway Station. It contained an assortment of his belongings including a shaving brush, a knife in a sheath and boot polish.

Somerton Man
The personal items found inside a suitcase believed to belong to the mysterious Somerton Man.(Supplied)

Some of his clothes had the tags removed and others, including his tie, had T Keane printed on them.

Then, a tiny rolled-up piece of paper inscribed with the words “Tamam Shud” was found hidden deep in the fob pocket of the man’s trousers.

The scrap of paper found in the Somerton Man's fob pocket.
The scrap of paper found in the Somerton Man’s fob pocket with the Persian words “Tamam Shud”.(Supplied: Professor Derek Abbott)

The torn paper was later traced back to a book of ancient Persian poetry, the Rubaiyat of Omar Khayyam, which had been left in the back seat of a car near where the body was found.

The words roughly translate to “the end” or “the finish”, and the poems touch on themes including the need to live life to the fullest and having no regrets when it ends.

Was the Somerton Man a spy?

In July 1949, a copy of The Rubaiyat with the page containing “Tamam Shud” torn out was handed in to police.

The man who contacted the authorities said he found it in the back of his car in November 1948 — a month before the man’s body was discovered.

A black and white photo of a book with a section torn out.
A scrap of paper which read Tamam Shud was torn from the final page of copy of Rubaiyat of Omar Khayyám, authored by 12th-century poet, Omar Khayyám.(Supplied: Carolyn Billsborrow )

The book contained a sequence of letters and a couple of telephone numbers, but they didn’t lead investigators any closer to uncovering the Somerton Man’s identity.

The strange sequence and the fact labels had been removed from the man’s clothes fueled speculation he might have been a spy.

A man in white overalls walks past gravestones as excavation crews work in the background
Forensic science and excavation crews were onsite to assist with the Somerton Man’s exhumation.(ABC News: Michael Clements)

ABC Radio Adelaide’s Daniel Keane spoke to University of Adelaide professor Derek Abbott last month, prior to the Somerton Man’s identity being uncovered, about the theories.

“I don’t think there’s compelling evidence — just these scattered circumstantial things that can be explained in different ways,” Professor Abbott said.

Last week, after decades of searching for answers, Professor Abbott and forensic genealogist Colleen Fitzpatrick made a breakthrough.

The previously unidentified man was named as Melbourne electrical engineer Carl “Charles” Webb — far from the answer some were expecting.

live updates

By Bridget Judd

You’re a little early, but check back at 12:00pm (AEST)

Over the next couple of hours, we’ll put your questions to Derek Abbottwho helped uncover the Somerton Man’s identity.

You can make a submission by clicking the blue ‘leave a comment’ button above.

The live stream will begin at 12:00 p.m. (AEST)so come and join the conversation then!

posted , updated

.