An OAP security guard was savagely beaten and left for dead after he challenged an intruder inside a factory. The 73-year-old was left alone with serious head injuries for six hours until a colleague found him and raised the alarm.
Click to play Tap to play
The video will start in 8Cancel
Watch this video again
Video will play in
Watch: Ram raiders batter their way into Toy Shop to steal games consoles
The site was sealed off by officers while forensic enquiries took place.
This was a sustained and violent attack on an elderly man.
We believe he challenged a man found inside the premises which led to the unprovoked attack taking place.
The attacker then left the factory and the injured man was not discovered until five hours later.
Enquiries are continuing and we are studying CCTV and carrying our forensic investigations at the scene.
We are still trying to establish what the man was doing inside the premises and what, if anything was stolen. Witnesses or anyone with information should call police on 101 or Crimestoppers, in confidence, on 0800 555 111.
(Image: file photo)
(Image: file photo)
Several tech giants have said they are examining a trove of documents leaked earlier this week that purport to show the CIA’s ability to hack into phones, computers, and smart TVs. The documents, released by WikiLeaks1, did not contain exploit code that could be used by hackers to carry out attacks, but the documents do provide details of vulnerabilities that may help security researchers identify some flaws in tech products, including Android devices and iPhones. Apple, Google, Microsoft, and Samsung were all named in the thousands of released documents, which are believed to have come from the CIA’s Center for Cyber Intelligence. The CIA has so far not commented directly on the authenticity of the leak, but on Wednesday it suggested that the release had damaged national security by helping its adversaries “with tools and information to do us harm.”
WikiLeaks founder Julian Assange said in a Thursday press conference that he will give the tech companies “exclusive access”2 to some of the technical details it has of the CIA’s hacking tools, as part of an effort to expedite the security patching process. But so far there has been no such evidence of sharing files with tech companies, however. Apple said in a statement3 that it will “rapidly address any identified vulnerabilities” it finds in its Macs or iPhone software. Google, too, said it will4 “implement any further necessary protections” and that its analysis is ongoing.
Microsoft said it was “looking into” the reports, but didn’t comment further. But security experts say that many of the vulnerabilities have already been patched. Jon Sawyer, an Android security researcher, said that most of the Android bugs listed have been already patched.
“The list seems to be limited to Android 2.2 to 4.4.4 — we are on Android 7.1.1 now,” said Sawyer . He said that many of the bugs related to legacy versions of Android and older devices. “Vague descriptions of bugs is no more worrisome than the fact they know any software has unknown vulnerabilities,” he said, adding that Google was “in no worse position than they were a week ago.”
An analysis by F-Secure showed that the majority of Android users are still using Android 4.45 . Google’s own statistics shows that the software version is third6 behind Android 5 and Android 6. Will Strafach, an iOS security researcher, said that “essentially, there is nothing” in the documents that point to working vulnerabilities of iOS 10 and later. Almost 80 percent of users are currently on a version of iOS 10, says Apple7. Strafach said the Samsung smart TV vulnerability, which required an older firmware version and physical access to the device, had also been fixed. In a brief statement, a Samsung spokesperson said the company was “urgently looking into the matter.”
Linux, the open-source operating system, was also listed in the cache of documents. “Linux is a very widely used operating system, with a huge installed base all around the world, so it is not surprising that state agencies from many countries would target Linux along with the many closed source platforms that they have sought to compromise,” said Nicko van Someren, chief technology officer at The Linux Foundation, speaking to BBC News8. He emphasized that the rapid release of security patches “enable the open source community to fix vulnerabilities and release those fixes to users faster.” But the status of other products isn’t fully known.
In the cache, close to two-dozen antivirus products, including Kaspersky, Symantec, and Avast, were listed as having vulnerabilities that were exploitable by the CIA. According to the Associated Press9, the CIA used unflattering terms to deride antivirus makers, many of which the agency exploited through vulnerabilities in their software. In one case, a flaw in Kaspersky antivirus allowed the CIA to “bypass Kaspersky’s protections,” but founder Eugene Kaspersky told an AP reporter that the vulnerability was fixed “years ago.”
Avira, another antivirus maker, said it fixed a “minor vulnerability” within hours of the documents’ release. Cindy Cohn, director of the Electronic Frontier Foundation, said the CIA had “failed to accurately assess the risk of not disclosing vulnerabilities.” “Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans,” she said.
WikiLeaks said so far it has released only a fraction of what it says it obtained, and that more files will be released in the coming days and weeks.
- ^ released by WikiLeaks (www.zdnet.com)
- ^ give the tech companies “exclusive access” (www.zdnet.com)
- ^ in a statement (www.zdnet.com)
- ^ said it will (www.zdnet.com)
- ^ still using Android 4.4 (labsblog.f-secure.com)
- ^ the software version is third (developer.android.com)
- ^ says Apple (developer.apple.com)
- ^ speaking to BBC News (www.bbc.com)
- ^ to the Associated Press (hosted.ap.org)
Security research has cracked the captcha conundrum nightmare
A SECURITY RESEARCHER HAS EARNED HIS MONEY this week by poking a fat hole into the Google Captcha system by turning Google on itself.
The attack is simple, but that doesn’t mean that it is not capable . In very short terms, it takes the audio Captcha challenge from Google, runs it through Google’s voice recognition technology and throws it back as a response.
A teaser on GitHub introduces us to the easy logic vulnerability attack1, while a more detailed blog on the East-Ee Security site provides the necessary information . There we learn that some human interaction is involved because it is necessary to select the audio ReCaptcha option.
“ReBreakCaptcha knows how to solve ReCaptcha v2 audio challenges . Therefore, we need a methodology of how to get an audio challenge every time2 . What is our goal ? To bypass the ReCaptcha . Can we do this ? Yes . How ?
Google Speech Recognition API!,” says our anonymous poster. Google helps out by offering the challenged user the chance to download the audio file challenge . This makes the crack much easier.
“Now comes the fun part, taking advantage of one Google’s service to beat another Google’s service ! Let’s download the audio file and send it to Google Speech Recognition API,” adds the blog.
“Now we have the audio challenge file and are ready to send it to Google Speech Recognition . How can this be done ? Using their API.
“Before doing so, we will convert it to a wav’ format which is requested by Google’s Speech Recognition PI.”
So what we have here is something of a dog bites dog incident . Except someone has incited the dog to bite itself and got a python involved .
The research used a Python library named SpeechRecognition and got nothing but positive results.
“We will use this library implementation of Google Speech Recognition API . We will send the wav’ audio file and the Speech Recognition will send us back the result in a string (e.g .
25143′) . This result will be the solution to our audio challenge,” adds the blog.
“The verification stage is fairly short . All we need to do now is to copy-paste the output string from Stage 2 into the text box and click Verify’ on the ReCaptcha widget . That’s right, we now semi-automatically used Google’s Services to bypass another service of its own.”
A proof of concept is posted on GitHub.