Group items tagged

"Security researchers warn that cybercriminals have started using Java exploits signed with digital certificates to trick users into allowing the malicious code to run inside browsers. A signed Java exploit was discovered Monday on a website belonging to the Chemnitz University of Technology in Germany that was infected with a Web exploit toolkit called g01pack, security researcher Eric Romang said Tuesday in a blog post. "

Android applications downloaded by as many as 185 million users can expose end users' online banking and social networking credentials, e-mail and instant-messaging contents because the programs use inadequate encryption protections, computer scientists have found. The researchers identified 41 applications in Google's Play Market that leaked sensitive data as it traveled between handsets running the Ice Cream Sandwich version of Android and webservers for banks and other online services. By connecting the devices to a local area network that used a variety of well-known exploits, some of them available online, the scientists were able to defeat the secure sockets layer and transport layer security protocols implemented by the apps. Their research paper didn't identify the programs, except to say they have been downloaded from 39.5 million and 185 million times, based on Google statistics.

Sergei Skorobogatov, a postdoc in the Security Group at the Computer Laboratory of the University of Cambridge has written up claims that reprogammable microchips from China contained secret back-doors that can be used to covertly insert code:

Let's say you have two hosts, somewhere out on the Internet: Maybe dedicated servers, maybe Amazon EC2 or Rackspace instances, maybe a mix of the above. Now assume it's your job to provide secure, encrypted connectivity between two services running on those hosts. If those services do not use an encrypted protocol by themselves - such as non-SSL capable SMTP mail servers - then the standard answer has always been: "Use stunnel or OpenVPN!". While both of those are good, cross-platform solutions which can forward unsecure traffic over an encrypted tunnel, I believe that they come not only with administrative overhead, but also introduce a significant performance hit. I believe that there are now solutions that are easier to use, more flexible and most importantly, deliver much better performance. In this article, I will compare stunnel performance  characteristics with vCider's virtual private network solution (sign up for use with up to 8 nodes is free). You will see that vCider not only offers more flexibility and is easier to use, but also provides significantly better network performance and reduced CPU load. For my test, I have created two Ubuntu instances on Rackspace. Please note that both stunnel as well as vCider can work across network and cloud provider boundaries.

If you miss those great 1990s movies in which cyberspace runs amok, you'll get a kick out of this video of a real-life system for monitoring cyber-attacks. The new DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security) cyber-alert system has been in the making for several years, but now the developer has posted a cute video, to show you what it looks like.If you miss those great 1990s movies in which cyberspace runs amok, you'll get a kick out of this video of a real-life system for monitoring cyber-attacks. The new DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security) cyber-alert system has been in the making for several years, but now the developer has posted a cute video, to show you what it looks like.

The Economist is hosting a debate between Bruce Schneier and former TSA honcho Kip Hawley, on the proposition "This house believes that changes made to airport security since 9/11 have done more harm than good." I'm admittedly biased for Bruce's position (he's for the proposition), but it seems to me that no matter what your bias, Schneier totally crushed Hawley in the opening volley. The first commenter on the debate called Hawley's argument "post hoc reasoning at its most egregious," which sums it all up neatly.

The Tor Project is considering paying operators to host exit relays in efforts to increase the speed and security of its global anonymity network. Under early consideration is a suggestion by Tor founder Rodger Dingledine that operators receive $100 a month to cover bandwidth costs. The Broadcasting Board of Governors (BBG) has already donated an undisclosed amount of funds over 12 months to provide for at least 125 fast exit relays which would provide extra capacity for Tor users.

"These are the top 10 countries to request user data from tech companies in 2012. Guess who's leading the pack? In other national security news, The Atlantic reports "defenders of Edward Snowden's leaks got a bit trickier Wednesday afternoon, with revelations about his embarrassing past. Turns out, Snowden was once a teenager and, worse, that time period was encapsulated online.""

Inside NYU art professor David Darts' black metal lunchbox, painted with a white skull and crossbones, is the PirateBox - a tiny Linux server, a wireless router, and a battery. Turn the PirateBox on and you have a self-contained mobile communications and file-sharing device, whereby those in the vicinity can upload and download files securely and anonymously. (See this 2011 Ars Technica story for photos and details.) Built with free and open source software and openly licensed itself, the PirateBox has inspired a number of other projects, including Alan Levine's Storybox and now Jason Griffey's LibraryBox.

Louisville's hackerspace LVL1 is working on a home automation setup for the space, and they call it MOTHER. Using open-source home automation software called HOLOS, the capabilities include: * Monitoring of LVL1 Space Occupancy & Zone Occupancy * Measuring of "Hacktivity Levels" of each Zone * Monitoring of individual member occupancy * INSTANT WOMP MODE! (dubstep everywhere at the press of a button) * Notifications of "Abnormal" hacktivity levels * Monitoring of various websites and notifications of LVL1 mentions * Various "Nagging" (Take out the trash, It's cold please shut the door, I haven't seen you in 3 days, please come visit your mother, etc…) * "Member Scenes" - Auto setting of audio, lights, etc.. based on specific members present * Logging and Graphing of ALL data * Voice recognition and communication * Control of Lighting and appliances * Security System monitoring and notification of alerts * Phone calls and emails based notifications * Google Talk communication with AIML chat integration

Dan Siroker helps companies discover tiny truths, but his story begins with a lie. It was November 2007 and Barack Obama, then a Democratic candidate for president, was at Google's headquarters in Mountain View, California, to speak. Siroker-who today is CEO of the web-testing firm Optimizely, but then was a product manager on Google's browser team-tried to cut the enormous line by sneaking in a back entrance. "I walked up to the security guard and said, 'I have to get to a meeting in there,'" Siroker recalls. There was no meeting, but his bluff got him in.

The Shared Learning Collaborative, a Gates Foundation-funded initiative, rebranded itself this week. There's a new name - inBloom, Inc. - but the mission and plans remain the same, the new non-profit insists. That mission is to build an open source, cloud-based education data infrastructure in the hopes of addressing a number of problems schools face: the lack of data interoperability between the various databases and software systems that they utilize and the merits of spending money to update outdated administrative IT (versus, say, buying instructional - or other - tech and/or versus spending money on something altogether non-tech).

Why Facebook Is Never Safe By Adam Brereton Tags: wikileaks tor the internet technology jacob appelbaum anonymous adam brereton Want to know what a hacker, developer, activist and former Wikileaks wonk thinks about Facebook, the internet, and the future of computing? Read Adam Brereton's interview with Jacob Appelbaum

Last week, the Iranian government apparently started a new censorship program that blocks encrypted Internet traffic. Even Iranians who had taken steps to evade government firewalls were being stymied-and the immediate impact can be seen in usage of the Tor network.

A privacyscore estimates the privacy risk of using a website based on how they handle your personal and tracking data.

Malware researchers investigating a Trojan linked in a gaming forum as a how-to video for Diablo III got a surprise when the hacker started chatting with them-through a feature in the malware. Franklin Zhao & Jason Zhou of antivirus company AVG were looking for keylogging code in the malware with a debugger after downloading it to a virtual machine when a chat box popped up. The hacker asked, in Chinese, "What are you doing? Why are you researching my Trojan?"