March 2011
45 posts
2 tags
Mobile Carrier Delays Harm Internet Security →
By delaying or even blocking security updates for mobile devices, mobile carriers put their users, their business, and the country’s critical infrastructure at unnecessary risk. Mobile security problems plague the entire software stack — the baseband, the kernel, the application frameworks, and the applications — and carriers continue to resist shipping regular and frequent updates. For a...
4 tags
Comodo Says Two More Registration Authorities... →
Officials at Comodo have acknowledged that an additional two registration authorities affiliated with the company have been compromised in the wake of the high-profile attack on the company that was disclosed last week. However, no forged certificates were issued as a result of the new attacks. In a message on a discussion thread set up after the original attack on a Comodo registration...
3 tags
What Location Tracking Looks Like →
Your cell phone company knows everywhere you go, twenty-four hours a day, every day. How concrete is this fact for you? It’s very concrete for Malte Spitz, a German politician and privacy advocate. He used German privacy law — which, like the law of many European countries, gives individuals a right to see what private companies know about them — to force his cell phone carrier to reveal...
4 tags
Attacking and Defending the Tor Network →
The Tor Project has become a vital mechanism for privacy advocates, human rights activists, journalists and others in sensitive positions to evade online censorship and persecution. And while the governments interested in limiting user access to the Internet and controlling content have had some recent success in preventing the use of the anonymity network, Tor members have been working on new...
4 tags
Restaurant Chain is First Fined Under... →
A Massachusetts restaurant chain was the first company fined under the state’s toughest in the nation data breach law and will have to pay $110,000 in penalties, according to a statement by the Massachusetts Attorney General. The Briar Group LLC entered into a settlement with Massachsuetts Attorney General Martha Coakley over allegations that the chain failed to protect patrons’...
5 tags
Alleged Comodo Hacker Posts Forged Mozilla Cert,... →
The unnamed hacker who has taken credit for the attack on Comodo last week that resulted in a number of fraudulent certificates being issued for high-value sites belonging to Google, Yahoo and Microsoft has posted the certificate that he issued himself for a Mozilla domain, as well as the private key for that certificate, in an effort to prove his claims. The hacker was apparently incensed that...
1 tag
Friends Don’t Let Friends Get Into Finance →
After having been a tech executive for many years, I needed to take a break, and I wanted to give back to society. Duke University engineering dean Kristina Johnson gave me a great spiel about how the school’s Masters of Engineering Management program churns out great engineers, and how engineers solve the world’s problems. She said that I could make a big impact by teaching engineering students...
5 tags
Microsoft Shuts off HTTPS in Hotmail for Over a... →
Microsoft appears to have turned off the always-use-HTTPS option in Hotmail for users in more than a dozen countries, including Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan. Hotmail users who have set their location to any of these countries receive the following error message when they...
3 tags
Know your nukes: understanding radiation risks in... →
Coverage of the recent problems with Japanese nuclear reactors has increased public awareness of radioactive isotopes of cesium, iodine, and uranium, but it hasn’t helped people understand what makes a given isotope dangerous. It’s no surprise, really; the threat posed by a particular isotope depends on a combination of factors, including its half-life, mode of decay, and what...
4 tags
Should Have Known Better Than To Trust The NY... →
Earlier this week, we wrote about a report in the NY Times of people in China having their phone calls cut off mid-call when someone says the word “protest.” In our comments, many people questioned whether or not this was true, and with good reason. It now turns out that the story appears to be complete bunk. A bunch of folks in China have been testing this and can find no evidence...
4 tags
Obama's Consistency Problem →
On Tuesday, three days after the U.S. launched military action against Libyan forces, President Obama got around to articulating a rationale for doing so. “The core principle that has to be upheld here,” he explained, “is that when the entire international community, almost unanimously, says that there is a potential humanitarian crisis about to take place, that a leader who...
2 tags
Netflix spooks Hollywood more than ever →
Hollywood film executives want you to know that they are not at war with Netflix or the Internet. Some of them told me over the past week that they have every intention to continue to distribute films and TV shows over the Web and at attractive prices to boot. They plan to provide viewers with a multitude of ways to access Internet content: on Web-connected handhelds and TVs, video game...
4 tags
European Commission hit by cyberattack →
The European Commission, including the body’s diplomatic arm, has been hit by what officials said Thursday was a serious cyberattack. The attack was first detected on Tuesday and commission sources have said that it was sustained and targeted. External access to the commission’s e-mail and intranet has been suspended and staff have been told to change their passwords in order to...
4 tags
Congressman Probing HBGary Scandal Fears ‘Domestic... →
When a small team of hackers launched a 24-hour assault on software security firm HBGary Federal last month, they did so to take revenge on its CEO, who had sought to penetrate the global collective they aligned themselves with known as Anonymous. They did that and more. Now a Congressional subcommittee has asked to see all HBGary Federal’s contracts with the U.S. military and the National...
4 tags
Dear Hollywood: It's Time To Realize Artificial... →
If you haven’t yet, you really should read Greg Sandoval’s excellent report from Hollywood on how the major studios are feeling about Netflix these days. The whole thing is quite enlightening, but can basically be summed up thusly:
“The prevailing feeling among the studio managers I spoke with is that Netflix’s streaming service will be a good outlet for the...
3 tags
Sony Claims PlayStation 3 Hacker Sabotaged Hard... →
Sony is accusing alleged PlayStation 3 hacker George Hotz of surrendering two “nonfunctional” hard drives in violation of a court order, and then taking off to South America. But Hotz’s lawyer said Wednesday that Sony is “crying alligator tears” over the issue. Sony is suing the 21-year-old Glen Rock, New Jersey, man on charges he violated the Digital Millennium Copyright Act by publishing an...
4 tags
Comodo / Iran →
No reason to believe Comodo attack came from Iran
“All of the above leads us to one conclusion only:- that this was likely to be a state-driven attack.”
This is not the only logical conclusion.
The IP address of the source is almost meaningless these days. It’s trivially easy to find an open proxy and bounce your attack through it, proxy through an infected botnet, bounce through...
1 tag
Manhattan Federal Judge Kimba Wood Calls Record... →
“If plaintiffs were able to pursue a statutory damage theory predicated on the number of direct infringers per work, defendants’ damages could reach into the trillions,” she wrote. “As defendants note, plaintiffs are suggesting an award that is ‘more money than the entire music recording industry has made since Edison’s invention of the phonograph in...
4 tags
Tor is used by the US Govt? The Sky is Blue? HOLY... →
Recently, there’s been a lot of noise on PGPBOARD and Cryptome about Tor, Jacob Appelbaum and the US Government spying on you. There’s been suspicions of backdoors and other inproprieties with the Tor project. First, let’s deal with the allegations against Jacob Appelbaum saying that he hacked the Tor proejct. Tor is open source and I checked out the latest copy and did git blames over the...
4 tags
Phony SSL Certificates issued for Google, Yahoo,... →
A major issuer of secure socket layer (SSL) certificates acknowledged on Wednesday that it had issued 9 fraudulent SSL certificates to seven Web domains, including those for Google.com, Yahoo.com and Skype.com following a security compromise at an affiliate firm. The attack originated from an IP address in Iran, according to a statement from Comodo Inc. Comodo, of Jersey City, New Jersey, said,...
3 tags
Obama's War of Choice →
In December 2007 The Boston Globe asked 12 presidential candidates about military action aimed at stopping Iran from building nuclear weapons. “In what circumstances, if any,” the Globe asked, “would the president have constitutional authority to bomb Iran without seeking a use-of-force authorization from Congress?” Here is how Barack Obama responded: “The President...
7 tags
Detecting Certificate Authority compromises and... →
The Tor Project has long understood that the certification authority (CA) model of trust on the internet is susceptible to various methods of compromise. Without strong anonymity, the ability to perform targeted attacks with the blessing of a CA key is serious. In the past, I’ve worked on attacks relating to SSL/TLS trust models and for quite some time, I’ve hunted for evidence of non-academic...
2 tags
Back to the front of the pack: Ars reviews Firefox... →
Mozilla has officially released Firefox 4, a major update of the popular open source Web browser. The new version introduces a much-improved user interface, significant performance enhancements, strong support for the latest Web standards, and noteworthy new features like built-in support for synchronizing bookmarks and other browser data. Firefox 4 has been under development for over a year—the...
2 tags
3 tags
Amazon cuts off Lendle, other book lending... →
Amazon now allows Kindle users to lend certain books to other Kindle users, but it seems the company doesn’t actually want people to use that service. Amazon has cut off API access from lending service Lendle, which allowed Kindle users to list the lendable books they had purchased for perusal by other users. And because Lendle doesn’t offer any other services, the owners have taken...
3 tags
An Introduction to the Federated Social Network →
Lately, EFF’s work to protect rights and liberties in the online world has focused rather heavily on social networking sites and their policies. The logic is borne out by the numbers — Facebook and Twitter combined claim hundreds of millions of worldwide users, so advocating for stronger privacy and less censorship from these kinds of websites will mean a better Internet for lots and lots...
2 tags
Homegrown: Rustock Botnet Fed by U.S. Firms →
Aaron Wendel opened the doors of his business to some unexpected visitors on the morning of Mar. 16, 2011. The chief technology officer of Kansas City based hosting provider Wholesale Internet found that two U.S. marshals, a pair of computer forensics experts and a Microsoft lawyer had come calling, armed with papers allowing them to enter the facility and to commandeer computer hard drives and...
3 tags
US Army 'kill team' in Afghanistan posed for... →
Commanders in Afghanistan are bracing themselves for possible riots and public fury triggered by the publication of “trophy” photographs of US soldiers posing with the dead bodies of defenceless Afghan civilians they killed. Senior officials at Nato’s International Security Assistance Force in Kabul have compared the pictures published by the German news weekly Der Spiegel to...
1 tag
Case Study: How TED Learned That 'Giving It Away'... →
LaRae Meadows was kind enough to send over her analysis of how the famed TED conference not only embraced the whole CwF RtB concept, but also learned that giving away the infinite goods can massively increase the value of scarce goods. It’s actually a really great case study example. One of the complaints that we sometimes hear in response to arguments about giving away the infinite goods...
3 tags
Former NSA, CIA Chief: Declassify Cyber... →
The former head of America’s most powerful and secretive intelligence agencies thinks the U.S. government classifies too much information on cybersecurity vulnerabilities. “Let me be clear: This stuff is overprotected,” writes retired four-star Gen. Michael Hayden, in the new issue of the Air Force’s Strategic Studies Quarterly. “It is far easier to learn about physical threats from U.S....
2 tags
TSA Admits Bungling of Airport Body-Scanner... →
The Transportation Security Administration is re-analyzing the radiation levels of X-ray body scanners installed in airports nationwide, after testing produced dramatically higher-than-expected results. The TSA, which has deployed at least 500 body scanners to at least 78 airports, said Tuesday the machines meet all safety standards and would remain in operation despite a “calculation error” in...
2 tags
Making Twitter More Secure: HTTPS →
It seems the information security industry has finally convinced Twitter to enable HTTPS and provide an option to have it enabled always. Tools like FireSheep and multiple research has been pushing companies to force HTTPS all the time. Make sure to enable this especially fi you frequent public networks. Twitter has posted this blog post with instructions:
Full Article
3 tags
Hacker Spies Hit Security Firm RSA →
Top security firm RSA Security revealed on Thursday that it’s been the victim of an “extremely sophisticated” hack. The company said in a note posted on its website that the intruders succeeded in stealing information related to the company’s SecurID two-factor authentication products. SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number...
2 tags
Sunshine Week Shame: 10 Ways the Government Is... →
As Sunshine Week sets, it’s a good time to take a quick inventory of the federal government’s ongoing failures of transparency. MapLight.org, which tracks the influence of money in politics, ran down the opacity the public confronts at every level of government — from antiquated campaign-finance reporting requirements to Freedom of Information Act shortfalls.
Full Article
2 tags
Auditor loses McAfee employee data →
An external auditor lost a CD with information on thousands of current and former McAfee employees, putting them at risk of identity fraud. The disc was lost on Dec. 15 by Deloitte & Touche USA, McAfee spokeswoman Siobhan MacDermott said Thursday. The Santa Clara, Calif.-based security software company was first notified on Jan. 11, and on Jan. 30, it received particulars of the data that...
1 tag
International Music Score Library Project Raises... →
Humanity’s musical treasures — Beethoven piano sonatas, Schubert songs, Mozart symphonies and the like — come to life in performance. But they truly survive as black marks on a page, otherwise known as scores. Now a Web site founded five years ago by a conservatory student, then 19 years old, has made a vast expanse of this repertory available, free.
Full Article
3 tags
What's the deal with deleting data from flash... →
Before flying back to the United States, you wipe your SSD flash. You run “dd if=/dev/zero of=foo; rm foo” twice in order to fill the file system. You then run your level hacker tools to confirm that the drive does indeed only contain zeroes (such as “photrec”, which restores deleted photos). Yet, when passing through customs, the border guards seize your laptop and find the proof of...
2 tags
What Islamist Terrorist Threat? →
Know thy enemy is an ancient principle of warfare. And if America had heeded it, it might have refrained from a full-scale “war” on terrorism whose price tag is touching $2 trillion. That’s because the Islamist enemy it is confronting is not some hyper-power capable of inflicting existential—or even grave—harm. It is, rather, a rag-tag band of peasants whose malevolent ambitions are far beyond...
3 tags
Why a Conference of 400 People Had More Impact... →
I recently got back from attending the RSA Conference in San Francisco. This event is pretty much the headline event in IT Security for North America and one of the largest in the world. The conference had about 16,000 people in attendance this year. Due to the size of this event, multiple smaller events have popped up. One of those events was Security B-Sides.
Full Article
2 tags
Military May Be Engaged in Illegal Psychological... →
On February 23, Rolling Stone reported that Lt. Gen. William Caldwell, a three-star general in charge of training Afghan troops, commanded his Information Operations (IO) cell to target congressional delegations visiting his base as part of a campaign to manipulate the perceptions and opinions of U.S. senators and representatives through psychological operations (PSYOP).
Full Article
4 tags
Anonymous plans defense for Bradley Manning -... →
Given his treatment while in confinement, as well as the list of new charges against him, Bradley Manning has gained another set of champions to his dilemma. Anonymous has promised to avenge Manning, and wage a media war with the U.S. military. The Tech Herald has spoken to one of those involved for a rundown of current events. “Manning is an absolute hero. If this means me going to...
3 tags
New Bill In Connecticut Would Make It Illegal For... →
We’ve seen numerous stories in the last year of police abusing anti-wiretap laws to go after people who record police activities in public. Thankfully, there are some people who realize this is wrong. A Connecticut state senator, Martin Looney, has apparently introduced legislation that not only says that it’s the right of citizens to record on-duty police officers, but (more...
4 tags
Google pulls 56 malicious apps from Android... →
According to reports from Android Police and mobile security vendor Lookout, more than 50 stolen Android applications have been removed from the Android Marketplace for containing Malware. The malicious code has the ability to steal sensitive information and open a backdoor to the device. The initial warning about rogue Android applications came from a user on Reddit who noticed pirated versions...
4 tags
HBGary Federal CEO Aaron Barr Steps Down →
Embattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after an embarassing data breach. The announcement comes three weeks after Barr became the target of a coordinated attack by members of the online mischief making group Anonymous, which hacked into HBGary Federal’s computer network and published tens of thousands of company...
4 tags
After dealing with Anonymous, HBGary Federal’s CEO... →
The game is over for Aaron Barr. HBGary Federal’s CEO, who was targeted by Anonymous, announced his resignation on Monday during an interview with Kaspersky’s news portal, Threatpost. Barr said he would step down to focus on his family and rebuild his reputation. Aaron Barr has rarely given interviews to the media since the events that led to Anonymous using him, his company HBGary...