June 2012
5 posts
May 2012
53 posts
DHS Considers Collecting DNA From Kids; DEA and US... →
Documents just released by US Immigration & Customs Enforcement (ICE) in response to one of EFF’s Freedom of Information Act requests show that DHS is considering collecting DNA from kids ages 14 and up—and is exploring expanding its regulations to allow collection from kids younger than that. The proposal appears to be working its way through DHS in the wake of regulations from the...
Threat Level - Privacy, Crime and Security Online →
In the battle to prevent law enforcement from collecting data about the activities of users online for fishing expeditions, there are few tools available in the arsenal of accountholders. Which makes it all the more important for internet companies like Twitter, Google and others to fight back on behalf of users. That’s exactly what Twitter did when it filed a surprisingly feisty motion (.pdf)...
Yahoo released private certificate with new... →
Yahoo! introduced a new “browser”, Axis, last night, both as a standalone application for iPhone and iPad and as a browser extension on Chrome, Firefox, Internet Explorer and Safari. Axis is meant to offer faster, smarter searching using Yahoo’s services. Within hours of the launch, hacker and blogger Nik Cubrilovic posted on his blog that the Chrome extension came with a...
What A Secure Top-Level Domain Can And Can't Do →
As Ralph Waldo Emerson once surmised, “Build a better mousetrap and the world will beat a path to your door.” Maybe so. Then again, maybe no. I have to say I was equally intrigued and amused by the recent news announced by Artemis introducing a new top-level domain (TLD) that folds in security for Internet member sites from inception. As reported on Decrypted.com, to become a secure...
SecurID software tokens cloned →
Security specialist Behrang Fouladi has managed to clone the software token from RSA’s SecurID two-factor authentication system. SecurID serves as an additional layer of security, for example when logging into a company’s VPN. It uses secret seed values known only by the two communication partners to create temporary token codes, which users must then enter, in addition to their...
New York Legislation Would Ban Anonymous Online... →
Did you hear the one about the New York state lawmakers who forgot about the First Amendment in the name of combating cyberbullying and “baseless political attacks”? Proposed legislation in both chambers would require New York-based websites, such as blogs and newspapers, to “remove any comments posted on his or her website by an anonymous poster unless such anonymous poster agrees to attach his...
Nmap now fully ready for IPv6 →
Nearly three years after the last major release of Nmap, version 6.0 of the open source network scanner has been released. Nmap is a popular utility for scanning and mapping network ranges to extract information about the systems attached to the network and the network’s topology. In version 6.0, the developers have added full IPv6 support while enhancing Nmap’s scripting engine, web...
Anonymous hacks Bureau of Justice, leaks 1.7GB of... →
The hacktivist group Anonymous claims to have leaked 1.7GB of data belonging to the United States Bureau of Justice Statistics (BJS). The file, which has been uploaded as a torrent and posted on The Pirate Bay, reportedly contains internal e-mails as well as the website’s “entire database dump.” It remains to be seen if there’s anything incriminating in this leak. After all, the BJS is simply a...
Iranian Hackers Claim They Compromised NASA SSL... →
A self-professed Iranian hacker gang announced in an online post that it compromised an SSL certificate belonging to NASA and subsequently accessed information on “thousands” of NASA researchers. Word of the alleged hack by the Iranian Cyber Warriors Team was first reported last week by SecurityWeek, which said NASA confirmed that its security office was “investigating the...
Hands-on with CrashPlan: cloud backup for all →
We’ve recently spent a fair amount of time talking about cloud syncing solutions for PCs and mobile devices. In addition to syncing files and data across multiple devices, these services also provide as much off-site backup as most home users need. But power users and businesses often need more control than the typical cloud sync service can offer—whether it’s over what data is backed up...
Kickstarter Data Breach Publishes 70,000 Startup... →
An application programming interface (API) error on the popular Kickstarter crowdfunding website exposed the plans and descriptions of more than 70,000 yet-to-be launched projects. The API bug exposed project descriptions, goals, durations, rewards, videos, images, locations, categories, and usernames for unlaunched projects. In a statement, Kickstarter said that no account or financial data of...
Adobe Reverses Course, Plans Free Updates for... →
Just a few days after the company announced that customers would have to pay for security updates to some of its popular products, Adobe officials backed off of that idea and announced that patches for flaws in Illustrator, Photoshop and Flash Professional would be provided after all. Last week, Adobe issued patches for a long list of vulnerabilities in Flash and other products, but it also...
New .Secure Global TLD Proposed →
A group of security experts is working to put together a new global TLD that will require companies and individuals applying for domains to adhere to strict security policies and requirements. The proposed .secure TLD is intended to be a known safe group of domains and would include mandatory use of DNSSEC, TLS for every HTTP session and other security technologies. The .secure TLD is being...
California, Congress Move to Keep Facebook... →
California’s Assembly passed legislation Thursday that would forbid employers or prospective employers from demanding access to employees’ personal, private online lives, such as their Facebook accounts. The development comes a day after Sen. Richard Blumenthal (D-Connecticut) and Reps. Martin Heinrich (D-New Mexico) and Ed Perlmutter (D-Colorado) proposed similar legislation on the federal...
New .secure Internet Domain On Tap →
A new top-level domain (TLD) in the works for the Internet will bake security in from the outset: The .secure domain will require fully encrypted HTTPS sessions and a comprehensive vetting process for websites and their operators. If the new domain takes off, it could shift the way Web domains are secured. It’s basically a “safe neighborhood” on the Net, its creators say, and...
The hotel wifi is out to get you!! →
According to this warning from the government, travelers are catching viruses from their hotel wifi. Should you be afraid? No. Popups tricking you are a danger all the time, and all hotspots (whether at the hotel, or Starbucks, or the local bar) are always an increased danger. But they cite no evidence that hotels in particular are more dangerous. That hotels are more dangerous is plausible. For...
FBI Fears Bitcoin's Popularity with Criminals →
The FBI sees the anonymous Bitcoin payment network as an alarming haven for money laundering and other criminal activity — including as a tool for hackers to rip off fellow Bitcoin users. That’s according to a new FBI internal report that leaked to the internet this week, which expresses concern about the difficulty of tracking the identify of anonymous Bitcoin users, while also unintentionally...
Thousands of Twitter passwords allegedly exposed →
55,000 Twitter account names and passwords were, it was claimed last night, published on Pastebin on 7 May. The list ran over over five separate pages on the document publishing platform. Twitter confirmed it was looking into the situation and said it was resetting the passwords of affected accounts. Later examination of the list by Twitter revealed that it contained 20,000 duplicates, suspended...
Exiled Americans' Challenge to No-Fly List Gets... →
About a dozen U.S. citizens and lawful permanent residents who cannot fly to or from the United States because they are on the so-called “no-fly list” will finally have their case heard by a federal appeals court Friday. The two-year-old suit claims the plaintiffs, who include two retired U.S. military veterans stranded in Egypt and Colombia, have been unconstitutionally barred from flying...
We lost a Beatle →
Hey Listen: There WAS no fucking Google.
In 1986, when my crew of eleven-year-olds discovered The Beasties’ encrypted vinyl doctrine, we had our work cut out for us. We couldn’t just type their lyrics into some futuristic machine and have the meanings handed back—each crass little Easter egg had to be decoded by perverted detective work, or by relying on older brothers and irresponsible doormen...
Jericho Botnet Targets Banks And Financial... →
An emerging botnet is taking aim at banks and financial institutions, according to researchers at Palo Alto Networks. The botnet, dubbed Jericho, is a variant of well-known banking Trojans such as Jorik, the researchers say. Palo Alto Networks’ Wildfire analysis engine has detected more than 42 unique but related banking botnet samples that are part of an ongoing criminal enterprise aimed...
Homeland Security Concedes Airport Body Scanner... →
Federal investigators “identified vulnerabilities in the screening process” at domestic airports using so-called “full body scanners,” according to a classified internal Department of Homeland Security report. DHS has spent nearly $90 million replacing traditional magnetometers with controversial X-ray body scanning machines that are intended to detect items that could be missed by a metal...
MI6 Codebreaker Attended U.S. Security Conference... →
A top British codebreaker who died a mysterious death in his flat two years ago had just returned from a computer security conference in the United States before his death, according to information disclosed during an inquest this week. The body of Gareth Williams, a codebreaker with Britain’s MI6 spy agency, was discovered stuffed into a sports bag in his bathtub on Aug. 23, 2010, though he’s...
Make Every Day a Day Against DRM →
Today, we join the Free Software Foundation in celebrating a Day Against DRM. DRM software restricts the way users can interact with content, which hits close to home for an organization like EFF. Even worse, “anti-circumvention” laws that regulate whether users can bypass DRM, like section 1201 of the DMCA, effectively give that software the force of law. A decade ago, most of the...
RIP MCA: A Tribute To Paul’s Boutique and Music... →
Today’s sad news of the passing of Adam Yauch, the Beastie Boy’s MCA, caused us to take a moment to reflect on the impact that the Beastie Boys, and their seminal record Paul’s Boutique, had on remix culture. Released in 1989, Paul’s Boutique reportedly contains somewhere between 100 and 300 samples. In fact, one of the engineers who worked on the record estimated that “95% of the sounds” on...
Study: More than 90% of Americans Take Action on... →
That’s my takeaway from a new study of 2,000 households by Consumer Reports:
There are more than 150 million Americans using Facebook at this point, and that number is growing. … a new exhaustive study from Consumer Reports on social networking privacy found that 13 million American Facebook users have never touched their privacy settings. (“Study: 13 Million People Haven’t Touched Facebook...
Hackers have breached top secret MoD systems,... →
Computer hackers have managed to breach some of the top secret systems within the Ministry of Defence, the military’s head of cyber-security has revealed. Major General Jonathan Shaw told the Guardian the number of successful attacks was hard to quantify but they had added urgency to efforts to beef up protection around the MoD’s networks. “The number of serious incidents is...
Firefox WebSocket bug compromises Tor anonymity →
The current versions of the Tor Browser Bundle (TBB) include a bug that makes it possible for information about visited web sites to leak out of the anonymising layer. On version 2.2.35-9 of TBB for Windows and version 2.2.35-10 for Mac OS X and Linux, the included version of Firefox does not send DNS requests over the Tor network if the browser is using the WebSocket protocol. This means that...
Serious Remote PHP Bug Accidentally Disclosed →
A serious remote-code execution vulnerability in PHP was accidentally disclosed Wednesday, leading to fears of an outbreak of attacks on sites that were built using vulnerable versions of PHP. The bug has been known privately since January when a team of researchers used it in a capture the flag contest and then subsequently reported it to the PHP Group. The developers were still in the process...