Yubikeys and 2FA / MFA

Google employees have stopped using traditional 2FA and now use physical keys Yubikeys as 2FA can now be hacked via SIM Swaps and the recent cases as in below.

Two-factor authentication, the added security step that requires people enter a code sent to their phone or email, has traditionally worked to keep usernames and passwords safe from phishing attacks.

However, security experts have demonstrated an automated phishing attack that can cut through that added layer of security—also called 2FA—potentially tricking unsuspecting users into sharing their private credentials.

The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. A video of the presentation was posted on YouTube on June 2, bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA.

The hack employs two tools, called Muraena and NecroBrowser, which work in tandem to automate the attacks. The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber, and NecroBrowser as the getaway driver.

Muraena intercepts traffic between the user and the target website, acting as a proxy between the victim and a legitimate website. Once Muraena has the victim on a phony site that looks like a real login page, users will be asked to enter their login credentials, and 2FA code, as usual. Once the Muraena authenticates the session’s cookie, it is then passed along to NecroBrowser, which can create windows to keep track of the private accounts of tens of thousands of victims.

A demonstration of the attack was also released on GitHub, an open source coding site, to provide developers an opportunity to see how it works.

Amit Sethi, senior principal consultant at Synopsys, who was not affiliated with the presentation, says that while attacks against 2FA have been demonstrated in the past, these tools “make one of these attacks easier to execute for lower-skilled attackers.”

Despite this hack, 2FA is still considered a best security practice—far better than the alternative of simply relying on a username and strong password, according to security experts.

“Of course this does not mean that people should not worry,” says Sethi. “We now need to be even more diligent about detecting phishing attempts.”

The researchers, and Sethi, both say that universal second factor is a strong solution, when available. A U2F key is a secondary, physical device that can be plugged into a computer port as an additional way of verifying a person’s identity after they enter their username or password.

If that’s not an option, Sethi also says being vigilant can help thwart potential 2FA phishing attacks. That includes not clicking on links in suspicious emails, checking the a web address in the browser before entering credentials, and avoiding entering sensitive information when using public Wi-Fi.

“If you suspect that your credentials for a website have been compromised, act quickly to change your password, and report the event to the website,” says Sethi.‹

French Fries Soup

This soup is the creamy, hearty solution to leftover french fries that don’t reheat well, and it can use up what’s left in cartons of cream or broth, too.

To create even more body, add a few dabs of cream cheese or handfuls of your favorite grated cheese; to add tang, stir in a little yogurt or sour cream.

Tested size: 2-3 servings.

NGREDIENTS
  • About 3 1/2 portions of cooked french fries eg McDonalds
  • 3 1/2 cups store-bought or homemade no-salt-added vegetable broth (see related recipe; may substitute no-salt-added chicken broth), or more as needed
  • Splash white wine (may substitute malt vinegar)
  • Splash double cream or milk (optional)
  • Salt
  • Freshly ground black pepper
  • 1 to 2 tablespoons ketchup
  • A few dashes malt vinegar
DIRECTIONS

Put the french fries in a medium saucepan and pour the broth over them. Bring to a boil over medium-high heat, then reduce the heat to medium-low; cook, uncovered, for 3 to 4 minutes, until the french fries are quite soft. Remove from the heat.

Use an immersion (stick) blender to puree until smooth. Stir in the wine and the cream or milk, if using. Taste, adding salt and pepper as needed (the amounts depend on how the fries were originally seasoned). If the consistency is too thick, stir in more broth.

If desired, stir together the ketchup (to taste) and enough malt vinegar to thin it out to the desired consistency.

Ladle the soup into bowls. Dot or drizzle each portion with the thinned ketchup; serve hot.

Black Mirror – Is here

Brain hack devices must be scrutinised, say top scientists

By Jane WakefieldTechnology reporter

Neurons in brain
A majority of people thought it was OK for the brain to be hacked to help those with medical conditions but not for enhancement

Devices that merge machines with the human brain need to be investigated, a study has said.

In future, “people could become telepathic to some degree” and being able to read someone else’s thoughts raises ethical issues, experts said.

This could become especially worrying if those thoughts were shared with corporations.

Commercial products should not come from “a handful of companies”, they added

In the study – iHuman: Blurring Lines between Mind and Machine – leading scientists in the field lay out the opportunities and risks of brain-to-computer devices.

Such interfaces refer to gadgets, either implanted in the body or worn externally, that stimulate activity in either the brain or nervous system.

It looked at some of the future possibilities of neural technology, such as:

  • the ability to beam a “neural postcard” to someone so they could see what you see even if they are not there
  • people being able to converse without speaking through access to each other’s thoughts
  • people being able to simply download new skills

As part of the report, scientists asked the public what they thought of such interfaces and found strong support for their use in allowing patients to recover from injury or a medical condition.

But there was far less support for using such devices to enhance functions such as memory or physical strength in healthy people.

‘Benefit of humanity’

Among the risks highlighted by the report was the idea of thoughts or moods being accessed by big corporations as well as the bigger question about whether such devices fundamentally change what it means to be human.

Dr Tim Constandinou, director of the next generation neural Interfaces (NGNI) Lab, at Imperial College London and co-chair of the report, said: “By 2040 neural interfaces are likely to be an established option to enable people to walk after paralysis and tackle treatment-resistant depression, they may even have made treating Alzheimer’s disease a reality.

“While advances like seamless brain-to-computer communication seem a much more distant possibility, we should act now to ensure our ethical and regulatory safeguards are flexible enough for any future development.

“In this way we can guarantee these emerging technologies are implemented safely and for the benefit of humanity.”

The report recommends:

  • a national investigation of the ethical issues presented by neural interfaces to address what data should be collected, how it is kept safe and the acceptability of merging machines and humans
  • creation of a neural interface ecosystem to encourage industry and universities to innovate and collaborate in the field
  • the UK’s Medicines and Healthcare Products Regulatory Agency to trial new ways to bring such products to market, and to prevent a monopoly by big tech firms

In July, Elon Musk announced that his firm Neuralink was applying to start human trials in the US, with electrodes inserted into the brains of patients with paralysis.

And Facebook is supporting research that aims to create a headset with the ability to transcribe words at a rate of 100 per minute, just by thinking.

In the US it is estimated that 60,000 spinal-cord stimulators are implanted annually and around the world some 400,000 people have benefited from cochlear implants.

Thousands of people with Parkinson’s disease and similar conditions have been treated with deep brain stimulation, and artificial pancreases and wireless heart monitors are also common.

Live Web Cam – Gran Canaria

https://www.skylinewebcams.com/en/webcam/espana/canarias/las-palmas-gran-canaria/playa-grande-las-canteras.html

Over 100 London schools ditch the car on World Car Free Day to improve the Capital’s air

“Walking and cycling to school is a great way to get active and tackle London’s toxic air crisis. On this World Car Free Day, and beyond, I would encourage as many Londoners as possible to give up four wheels in favour of going by foot or by bike”

Will Norman

Walking and Cycling Commissioner

Over 100 schools from 18 boroughs will be marking World Car Free Day today by encouraging parents and carers to substitute their car journeys to school with walking or cycling as part of TfL’s sustainable travel to school programme, STARS, to improve air quality in the Capital.

A number of schools across London have set up ‘car-free zones’ near their school gates, while others have ‘park and stride’ spots where parents park a distance from the school gate and walk the rest of the way.

There will also be ‘walking buses’ where children join an organised walk to school, picking up ‘passengers’ on the way as they learn about looking after the environment.

According to the Mayor of London’s research into the health impacts of cars in London, air pollution is a significant health issue with some of the worst pollution hotspots being around schools located on busy and congested roads.

Ambitious

Today’s event follows concerns around the increase in air pollution and congestion on London’s roads. The school run is a major source of traffic and air pollution with school journeys accounting for half the traffic in London between 8:00 and 9:00am during school terms.

The Mayor’s ambitious draft Transport Strategy sets out plans for improving air quality in London by reducing emissions from buses so that all double-deckers operating in the central Ultra Low Emission Zone comply with Euro VI Standard by 2019, ensuring no diesel taxis are granted a first time license in London from 1 January 2018, working to make London’s entire road transport system zero emission by 2050 at the latest and reducing car use on the journey to school.

The Mayor is also launching the toughest emission standard of any city in the world when the T-charge begins on 23rd October. The vast majority of pre-2006 vehicles will need to pay an additional £10 Emissions Surcharge to travel in the central London Congestion Charge zone.

Important first step

This is an important first step to implementing the Ultra Low Emission Zone, which will affect many more vehicles and is expected to reduce NOx emissions by around 50%.

TfL’s STARS programme has been hugely successful in helping primary and secondary school children adopt safe and sustainable ways of travelling, such as cycling, walking and public transport.

Now in its tenth year, the scheme has grown from 180 schools in 2007 to 1,430 in 2017, achieving an average of a 6% decrease in car use.

Just two ten minute walks a day can improve health and wellbeing and reduce the dangers of developing a range of health problems, including Type 2 diabetes, heart disease, some cancers, depression and Alzheimer’s disease.

Great way to get active

Will Norman, Walking and Cycling Commissioner, said: ‘Walking and cycling to school is a great way to get active and tackle London’s toxic air crisis.

‘On this World Car Free Day, and beyond, I would encourage as many Londoners as possible to give up four wheels in favour of going by foot or by bike.’

Leon Daniels, TfL’s Managing Director of Surface Transport, said: ‘Together with the Mayor and working with boroughs we are reducing congestion and improving air quality.

‘It’s great to see our future generations using our STARS programme and World Car Free Day to make the school run green.’

Safer and easier

Tompion Platt, Head of Policy and Communications, Living Streets, said: ‘Making it safer and easier for more families to walk to school is critical to improving air quality around the school gate.

‘Creating safe walking routes, introducing walk to school initiatives and closing school streets to traffic during drop off and pick up times are some of the ways we’re helping schools and parents to ditch the car and choose to walk.’

For further details on the STARS accreditation scheme and the full range of programmes TfL offers to schools and young people, visit tfl.gov.uk/stars or tfl.gov.uk/younglondon.

Transport for London begins search for supplier to build new generation of DLR trains

Customers on the Docklands Light Railway (DLR) are set to benefit from new walk-through air-conditioned trains from 2022.

The new trains, which will increase capacity by over 30%, will be more reliable and provide customers with real time information, air-conditioning and mobile device charging points.

Significant redevelopment is taking place in and around the Docklands area which the DLR serves; in the Royal Docks alone, up to 36,500 jobs and 7,000 homes are being created. To support this growth, TfL will replace two thirds of the existing trains, some of which are 25 years old, and order an additional ten new trains to provide even more capacity.

Danny Price, TfL’s Director of DLR, said: ‘These new trains will enable us to increase capacity on the DLR by 30 %, significantly improving the comfort, reliability and quality of our service for customers. Ordering them now ensures that we get the best value for money in the long term and can support continuing growth in east London. We intend to go out to tender later this year with the new trains entering service from 2022.’

Passenger use is set to continue to grow when the DLR network interchanges with the Elizabeth line from 2018. Services between central London, Shenfield and Abbey Wood will interchange with the DLR at several stations – Canary Wharf, West India Quay, Stratford and Custom House – where new platforms, a new ticket hall and entrance are being constructed.

TfL has published a notice in the Official Journal of the European Union (OJEU) seeking expressions of interest from the train manufacturing industry to build the new trains with improved performance and reliability. A formal Invitation to Tender is expected to be issued in later this year and a contract awarded in Summer 2018.

The DLR celebrated its 30th anniversary earlier this year. It began operating on 31 August 1987, initially running with just 11 trains serving 15 stations. In its first year of operation it carried 6.7m people. Today, the railway – which is entirely step-free – has 45 stations, 38km of track and 56 trains and carries 122 million passengers a year.

Decreased Awareness – Wake-up London!!

In today’s heightened security we are becoming less aware of what’s going on around us, people wearing headphones and walking along looking at their phones. Everyone on the train is completely oblivious of what’s going on around them, people don’t notice when an elderly or pregnant person boards and may need a seat, how are we going to notice a suspicious bag or unattended baggage?
Could Parsons Green have been avoided if someone had noticed the bag and asked the question ‘whose bag is this?’ and got everyone to move away? We’re far too British to dare ask and too engrossed in tech to even notice.

Things need to change, we need to be more aware, look up from your phone and look around the carriage someone might need your seat, someone may be acting suspiciously or a bag that’s been left, there could be a commotion nearby that if you’re aware of could save your life.

Wake-up Londoners your life may depend on it. See a bag alone? Shout out whose bag is this, if no-one answers get well away and encourage others to aswell. See it, say it, sorted.

More reading 

H-O-T Protocol

See it, say it, sorted

What3Words

what3words provides a precise and incredibly simple way to talk about location. W3W have divided the world into a grid of 3m x 3m squares and assigned each one a unique 3 word address.

Better addressing enhances customer experience, delivers business efficiency, drives growth and supports the social and economic development of countries.

With what3words, everyone and everywhere now has an address.

Gin and Tonic Cake

Great for afternoon tea or a summer celebration, and perhaps the only time it’s acceptable to have gin and tonic for elevenses.

For the gin and tonic syrup
150ml tonic water
100g sugar and 30 juniper berries, crushed
30ml gin

For the sponge
300g soft butter
300g golden caster sugar
approx 40 juniper berries, crushed finely
grated zest of one lemon and one lime
6 medium free-range eggs
300g self-raising flour with a teaspoon of baking powder sifted in

For the gin and tonic lemon curd:

40ml gin
250g of good quality shop bought lemon curd

For the lemon and lime butter cream
200g soft butter
Zest of one lemon and one limes, 1 tablespoon of each juice
450g icing sugar

Edible flowers are available from Sainsbury’s in the fresh herb section

Method

Line two 8 inch round cake tins with baking parchment and preheat the oven to 170 degrees fan.

Make your gin and tonic syrup ready for the cake once baked;

Bring the tonic water, sugar and juniper berries to the boil, and then allow the liquid to reduce to about half of the original volume. Leave to cool, strain out the berries and add the gin to the syrup.

For the sponge: Cream the butter, sugar, crushed juniper berries and lemon and lime zest together until very pale and fluffy.

Slowly beat in the eggs until combined.

Gently mix or fold in the flour gently until just incorporated.

Spoon into the cake tins, half the batter in each and bake for approximately 25-35 minutes, to test a skewer or knife should come out clean.

Remove from the oven and leave to cool for 5 minutes then turn out and remove the paper.

Pierce some holes over the cake with a skewer or cocktail stick and generously douse in the gin and tonic syrup by brushing over liberally with a pastry brush. Leave to cool completely.

For the gin and tonic lemon curd: stir the gin into the shop bought lemon curd.

For the butter cream: Beat the soft butter, zests and juice of the lemon and limes with the icing sugar. A hand whisk or free-standing mixer is easiest to do this or if not, lots of elbow grease!

To assemble the cake, slice each cake in half again through the centre to create two layers per sponge, so you have 4 layers in total.

Layer up with a spread of the curd over each layer and a spread of the buttercream between each of the sponges.

Top with a little more buttercream and decorate as you wish. I used crystallised edible flowers and candied lemon and lime pieces. If you prefer keep it simple and add a little more fresh lemon and lime zest.

Optional for decoration:

For the candied lemon and limes:

Slice a lemon and a lime into slices, roughly 4-5mm thick.

Gently bring to the boil 100ml water with 100g of caster sugar. When simmering, lay the slices into the sugar syrup and simmer gently for xx minutes.

Recipe for the Edible crystalised flowers:

Beat one egg white until foamy and paint the petals of your flowers carefully making sure you get in between all the nooks and crannies.

Dust over with fine white caster sugar and leave to set for at least 24 hours on a piece of parchment, so they set hard and dry. These should last for up to two weeks. Alternatively use fresh edible flowers as they are.

 

Turbo Gin & Tonic

Ingredients

35ml Gin (Gin Foundry uses Sipsmith at Junipalooza)

10ml Sandows Cold Brew Coffee

Tonic water

Lemon peel to garnish

Method

Pour the gin over ice into a Collins glass.

Add the cold brew coffee, then top up with tonic water and garnish with a long lemon peel.

We recommend either using a classic gin or a citrus forward gin in a Turbo G&T – the coffee wants to dominate the mix and you need either some fresh acidity or big punchy juniper core to balance it out.

So who’s excited about their first Turbo G&T then?