Skip to main content

Home/ Future of the Web/ Group items tagged security

Rss Feed Group items tagged

Paul Merrell

What to Do About Lawless Government Hacking and the Weakening of Digital Security | Ele... - 0 views

  • In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and "digital sabotage." And this is no abstract question—these actions increasingly endanger everyone’s security
  • The problem became especially clear this year during the San Bernardino case, involving the FBI’s demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an "outside party." Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw. Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones. Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI’s mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects.  That’s why we’re working on a positive agenda to confront governmental threats to digital security. Put more directly, we’re calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.  
  • Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it’s time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions. This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here.   
  •  
    "In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. "
  •  
    It's not often that I disagree with EFF's positions, but on this one I do. The government should be prohibited from exploiting computer vulnerabilities and should be required to immediately report all vulnerabilities discovered to the relevant developers of hardware or software. It's been one long slippery slope since the Supreme Court first approved wiretapping in Olmstead v. United States, 277 US 438 (1928), https://goo.gl/NJevsr (.) Left undecided to this day is whether we have a right to whisper privately, a right that is undeniable. All communications intercept cases since Olmstead fly directly in the face of that right.
Gonzalo San Gil, PhD.

Keeweb A Linux Password Manager - LinuxAndUbuntu - 0 views

  •  
    "Today we are depending on more and more online services. Each online service we sign up for, let us set a password and this way we have to remember hundreds of passwords. In this case, it is easy for anyone to forget passwords. "
Gonzalo San Gil, PhD.

Malicious computers caught snooping on Tor-anonymized Dark Web sites | Ars Technica UK - 0 views

  •  
    "Misbehaving hidden service directories are scattered around the world. Dan Goodin (US) - Jul 23, 2016 6:45 am UTC"
Gonzalo San Gil, PhD.

HTTPS is not a magic bullet for Web security | Ars Technica - 0 views

  •  
    "Some advocates present HTTPS as synonymous with "security"-but this is not semantics. by Scott Gilbertson - Jul 11, 2016 12:00 pm UTC"
Gonzalo San Gil, PhD.

IPTABLES VS FIREWALLD | Unixmen - 0 views

  •  
    "Today we will walk through iptables and firewalld and we will learn about the history of these two along with installation & how we can configure these for our Linux distributions."
Gonzalo San Gil, PhD.

Network Security Toolkit (NST) Linux OS Released Based on Fedora 24, Linux 4.6 - 0 views

  •  
    "Jul 4, 2016 09:33 GMT · By Marius Nestor · Share: Today, July 4, 2016, Ronald Henderson has announced the release of a new version of the Fedora-based Network Security Toolkit (NST) Linux distribution for network security analysis and monitoring."
Gonzalo San Gil, PhD.

Linux Servers Security: Hack and Defend - Free Sample Chapter - Chris Binnie - 0 views

  •  
    "I'm delighted to be able to offer the first chapter of my brand new book, Linux Server Security: Hack and Defend, for free as a downloadable PDF."
Gonzalo San Gil, PhD.

How to Scan for Rootkits, backdoors and Exploits Using 'Rootkit Hunter' in Linux - 0 views

  •  
    "This article will guide you a way to install and configure RKH (RootKit Hunter) in Linux systems using source code."
Gonzalo San Gil, PhD.

LinkedIn Breach Exposed 117 Million User Accounts - eSecurity Planet [# :/ Note... to k... - 0 views

  •  
    "The stolen database holds 167 million records, of which 117 million include email addresses and passwords. By Jeff Goldman | Posted May 20, 201"
Gonzalo San Gil, PhD.

Lynis 2.2.0 Released - Security Auditing and Scanning Tool for Linux Systems - 0 views

  •  
    " Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing, etc."
  •  
    " Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing, etc."
Gonzalo San Gil, PhD.

Cybersecurity law given thumbs up by European Union's ministers | Ars Technica UK - 0 views

  •  
    "Former adoption paves way for legislation at national level within next two years. by Jennifer Baker - May 17, 2016 1:47pm CEST"
  •  
    "Former adoption paves way for legislation at national level within next two years. by Jennifer Baker - May 17, 2016 1:47pm CEST"
Gonzalo San Gil, PhD.

Linux Foundation Advances Security Efforts via Badging Program - 0 views

  •  
    " The Linux Foundation Core Infrastructure Initiative's badging program matures, as the first projects to achieve security badges are announced."
  •  
    " The Linux Foundation Core Infrastructure Initiative's badging program matures, as the first projects to achieve security badges are announced."
Gonzalo San Gil, PhD.

Open Source Security Process Part 2: Containers vs. Hypervisors - Protecting Your Attac... - 0 views

  •  
    "In part two of this series, Xen Project Advisory Board Chairman Lars Kurth discusses the different security vulnerabilities of containers and hypervisors. Read Part 1: A Cloud Security Introduction."
  •  
    "In part two of this series, Xen Project Advisory Board Chairman Lars Kurth discusses the different security vulnerabilities of containers and hypervisors. Read Part 1: A Cloud Security Introduction."
Gonzalo San Gil, PhD.

Open Source Security Process -- Part 1: A Cloud Security Introduction | Linux.com - 0 views

  •  
    [In part one of this four-part series, Xen Project Advisory Board Chairman Lars Kurth takes a look at the theories behind cloud security and how they relate to The Walking Dead -- yes, the TV show. Read on to find out more. ...]
Paul Merrell

Apple could use Brooklyn case to pursue details about FBI iPhone hack: source | Reuters - 0 views

  • If the U.S. Department of Justice asks a New York court to force Apple Inc to unlock an iPhone, the technology company could push the government to reveal how it accessed the phone which belonged to a shooter in San Bernardino, a source familiar with the situation said.The Justice Department will disclose over the next two weeks whether it will continue with its bid to compel Apple to help access an iPhone in a Brooklyn drug case, according to a court filing on Tuesday.The Justice Department this week withdrew a similar request in California, saying it had succeeded in unlocking an iPhone used by one of the shooters involved in a rampage in San Bernardino in December without Apple's help.The legal dispute between the U.S. government and Apple has been a high-profile test of whether law enforcement should have access to encrypted phone data.
  • Apple, supported by most of the technology industry, says anything that helps authorities bypass security features will undermine security for all users. Government officials say that all kinds of criminal investigations will be crippled without access to phone data.Prosecutors have not said whether the San Bernardino technique would work for other seized iPhones, including the one at issue in Brooklyn. Should the Brooklyn case continue, Apple could pursue legal discovery that would potentially force the FBI to reveal what technique it used on the San Bernardino phone, the source said. A Justice Department representative did not have immediate comment.
Paul Merrell

Apple's New Challenge: Learning How the U.S. Cracked Its iPhone - The New York Times - 0 views

  • Now that the United States government has cracked open an iPhone that belonged to a gunman in the San Bernardino, Calif., mass shooting without Apple’s help, the tech company is under pressure to find and fix the flaw.But unlike other cases where security vulnerabilities have cropped up, Apple may face a higher set of hurdles in ferreting out and repairing the particular iPhone hole that the government hacked.The challenges start with the lack of information about the method that the law enforcement authorities, with the aid of a third party, used to break into the iPhone of Syed Rizwan Farook, an attacker in the San Bernardino rampage last year. Federal officials have refused to identify the person, or organization, who helped crack the device, and have declined to specify the procedure used to open the iPhone. Apple also cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations.
  •  
    It would make a very interesting Freedom of Information Act case if Apple sued under that Act to force disclosure of the security hole iPhone product defect the FBI exploited. I know of no interpretation of the law enforcement FOIA exemption that would justify FBI disclosure of the information. It might be alleged that the information is the trade secret of the company that disclosed the defect and exploit to the the FBI, but there's a very strong argument that the fact that the information was shared with the FBI waived the trade secrecy claim. And the notion that government is entitled to collect product security defects and exploit them without informing the exploited product's company of the specific defect is extremely weak.  Were I Tim Cook, I would have already told my lawyers to get cracking on filing the FOIA request with the FBI to get the legal ball rolling. 
Gonzalo San Gil, PhD.

Make threat intelligence meaningful: A 4-point plan | CSO Online - 0 views

  •  
    "Threat intelligence is a hot topic, but it requires a ton of work to be operational and effective. Here's how to steer clear of the traps Fahmida Y. Rashid By Fahmida Y. Rashid Follow InfoWorld | Mar 3, 2016 4:56 AM PT "
  •  
    "Threat intelligence is a hot topic, but it requires a ton of work to be operational and effective. Here's how to steer clear of the traps Fahmida Y. Rashid By Fahmida Y. Rashid Follow InfoWorld | Mar 3, 2016 4:56 AM PT "
Gonzalo San Gil, PhD.

Why Linux Distros Look Insecure Even Though They're Not | FOSS Force - 0 views

  •  
    "Robin "Roblimo" Miller The transparency of open software means that security vulnerabilities are visible and can't be quietly swept under the rug."
Gonzalo San Gil, PhD.

Diceware Passphrase Home - 0 views

  •  
    "This page offers a better way to create a strong, yet easy to remember passphrase for use with encryption and security programs."
Gonzalo San Gil, PhD.

FBI's Tor Hack Shows the Risk of Subpoenas to Security Researchers | WIRED - 0 views

  •  
    "Computer security researchers who expose hackable vulnerabilities in digital products face plenty of occupational hazards: They can have their work censored by threats of lawsuits from the companies whose products they hack, or they can even be criminally indicted if their white-hat hacking runs afoul of the Computer Fraud and Abuse Act. But one still-mysterious encounter between security researchers and the law points to a newer, equally troubling possibility: They can have their work subpoenaed in a criminal investigation and used as a law enforcement tool."
‹ Previous 21 - 40 of 144 Next › Last »
Showing 20 items per page