Skip to main content

Home/ Indie Nation/ Group items matching "Security" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
6More

NSA Is Tracking Mobile Phone Location On So Many People It Can't Handle The Data Storag... - 0 views

www.techdirt.com/...cant-handle-data-storage.shtml mobile mobile phone data law legal tech security yourrights spying tracking nsa
shared by John Lemke on 05 Dec 13 - No Cached
  • The NSA cannot know in advance which tiny fraction of 1 percent of the records it may need, so it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection.
  • NSA defends the program by saying that it uses the location data to find "unknown associates of known intelligence targets." Basically, it's tracking where everyone goes, just in case people end up spending time with people the NSA deems as being terrorists.
  • Elsewhere in the article, they quote NSA officials repeatedly saying that the program is "tuned to be looking outside the United States," but not saying it only collects info outside the US. Also, they make clear, once a person leaves the US, the NSA no longer believes the 4th Amendment applies to them, so their location is fair game in this giant database.. Asked for specific numbers, an NSA person said:
  • ...1 more annotation...
  • It’s awkward for us to try to provide any specific numbers..."
    • John Lemke
      John Lemke on 05 Dec 13
       
      Sad day when accountability becomes awkward.
    • John Lemke
      John Lemke on 05 Dec 13
       
      Sad day when accountability becomes awkward.
2More

Acoustic cryptanalysis - 0 views

www.cs.tau.ac.il/...acoustic hack IN-Pub security encryption audio acoustic
shared by John Lemke on 18 Dec 13 - No Cached
  • Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
  • John Lemke on 18 Dec 13
     
    When I first read the article, I though it would take some sensitive mics but, quoting the article "Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away."
4More

FBI Arrested CEO of 'StealthGenie' for Selling Mobile Spyware Apps - 0 views

thehackernews.com/...Mobile-spying-app.html 2014 indienationnews tech news surveillance spying malware spyware FBI UK StealtyGenie mobile arrested apps security
shared by John Lemke on 01 Oct 14 - No Cached
  • The Federal Bureau of Investigation (FBI) has arrested the CEO of a UK-based company for allegedly advertising and selling a spyware app to individuals who suspect their romantic partners of cheating on them.
  • The dodgy cell phone spyware application, dubbed as StealthGenie, monitors victims’ phone calls, text messages, videos, emails and other communications "without detection" when it is installed on a target's phone, according to the Department of Justice.
  • Once installed on the phone, it allows conversations to be monitored as they take place, enables the purchaser to call the phone and activate it at any time to monitor all surrounding conversations within a 15-foot radius, and collects the user’s incoming and outgoing email and SMS messages, incoming voicemail, address book, calendar, photographs, and videos. All of these functions are enabled without the knowledge of the user of the phone.
  • ...1 more annotation...
  • Akbar was charged with conspiracy, sale of a surreptitious interception device, advertisement of a known interception device and advertising a device as a surreptitious interception device in US District Court for the Eastern District of Virginia.
4More

Shellshock: Code injection vulnerability found in Bash | LIVE HACKING - 0 views

www.livehacking.com/...on-vulnerability-found-in-bash 2014.09.29-TNN code bash hacking indienationnews 2014 technology tech security
shared by John Lemke on 26 Sep 14 - No Cached
  • A code injection vulnerability in the Bourne again shell (Bash) has been disclosed on the internet. If exploited then arbitrary commands can be executed, and where Bash is used in relation to a network service, for example in CGI scripts on a web server, then the vulnerability will allow remote code execution.
  • The problem is that Bash does not stop after processing the function definition; it continues to parse and execute any shell commands following the function definition
  • The vulnerability is deemed as critical because Bash is used widely on many types of UNIX-like operating systems including Linux, BSD, and Mac OS X.
  • ...1 more annotation...
  • The most prominent attack vector is via HTTP requests sent to CGI scripts executed by Bash. Also, if SSH has been configured to allow remote users to run a set of restricted commands, like rsync or git, this bug means that an attacker can use SSH to execute any command and not just the restricted command.
7More

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks - 0 views

thehackernews.com/...ash-Vulnerability-exploit.html 2014.09.29-TNN indienationnews vulnerability bash hackers security vunerability
shared by John Lemke on 27 Sep 14 - No Cached
  • Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well.
  • the vulnerability is already being used maliciously by the hackers.
  • There is as of yet no official patch that completely addresses both vulnerabilities, including the second, which allows an attacker to overwrite files on the targeted system.
  • ...3 more annotations...
  • It's things like CGI scripts that are vulnerable, deep within a website (like CPanel's /cgi-sys/defaultwebpage.cgi)," Graham wrote in a blog post. "Getting just the root page is the thing least likely to be vulnerable. Spidering the site and testing well-known CGI scripts (like the CPanel one) would give a lot more results—at least 10x." In addition, Graham said, "this thing is clearly wormable and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable—once the worm gets behind a firewall and runs a hostile DHCP server, that would be 'game over' for large networks."
  • 32 ORACLE PRODUCTS VULNERABLE
  • PATCH ISSUED, BUT INCOMPLETE
  • John Lemke on 27 Sep 14
     
    "Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well."
3More

Spy court renews NSA metadata program | TheHill - 0 views

thehill.com/...8-spy-court-renews-nsa-program 2014 spy nsa metadata law legal indienationnews tech technology
shared by John Lemke on 14 Sep 14 - No Cached
  • With a surveillance reform bill stuck in the Senate, the federal court overseeing spy agencies on Friday reauthorized the National Security Agency’s controversial bulk collection of Americans' phone records.
  • Given that legislation has not yet been enacted, and given the importance of maintaining the capabilities of the Section 215 telephony metadata program, the government has sought a 90-day reauthorization of the existing program,” the Justice Department and Office of the Director of National Intelligence said in a joint statement, referring to the section of the Patriot Act that authorizes the program.
  • The NSA’s phone records program needs to be reauthorized by the FISC every 90 days. The current authority expires on Dec. 5.
2More

Federal Prosecutors, in a Policy Shift, Cite Warrantless Wiretaps as Evidence - NYTimes... - 0 views

www.nytimes.com/...less-wiretaps-as-evidence.html 2013 spying wiretapping law legal government US court+decisions nytimes evidence policy federal
shared by John Lemke on 27 Oct 13 - No Cached
  • The practice contradicted what Mr. Verrilli had told the Supreme Court last year in a case challenging the law, the FISA Amendments Act of 2008. Legalizing a form of the Bush administration’s program of warrantless surveillance, the law authorized the government to wiretap Americans’ e-mails and phone calls without an individual court order and on domestic soil so long as the surveillance is “targeted” at a foreigner abroad. A group of plaintiffs led by Amnesty International had challenged the law as unconstitutional. But Mr. Verrilli last year urged the Supreme Court to dismiss the case because those plaintiffs could not prove that they had been wiretapped. In making that argument, he said a defendant who faced evidence derived from the law would have proper legal standing and would be notified, so dismissing the lawsuit by Amnesty International would not close the door to judicial review of the 2008 law. The court accepted that logic, voting 5-to-4 to dismiss the case. In a statement, Patrick Toomey, staff attorney with the American Civil Liberties Union, which had represented Amnesty International and the other plaintiffs, hailed the move but criticized the Justice Department’s prior practice.
  • Still, it remains unclear how many other cases — including closed matters in which convicts are already service prison sentences — involved evidence derived from warrantless wiretapping in which the National Security Division did not provide full notice to defendants, nor whether the department will belatedly notify them. Such a notice could lead to efforts to reopen those cases.
1More

Spy Babe Now Wants to Design Astronaut Outfits | Danger Room | Wired.com - 0 views

www.wired.com/...ts-to-design-astronaut-outfits 2011 writeabout spy espinoge security Russia AnnaChapman Chapman babe design Fashion
shared by John Lemke on 26 Feb 11 - No Cached
  • John Lemke on 26 Feb 11
     
    Is your national space program fashion-forward enough? Astronauts getting a little frumpy after the Cold War? Having trouble getting that space plane off the ground? Why not lift morale and brighten up the place with some fierce new uniforms designed by planet Earth's most infamous ex-spy? Yes, Russia's famously outed sleeper agent Anna Chapman is back in yet another installment of her merciless publicity tour. This time, she's looking to help the ground crew at Khrunichev State Research and Production Space Center work it down the runway in style. Frilly epaulets for all! "Chapman told me that she intends to participate in designing clothing for the Khrunichev [Space] Center, in what capacity, designer or financially, she did not specify," the Gagarin Astronaut Training Center's top astronaut told Russian state media today.
1More

Researchers discover that cars can be hacked with music - Hack a Day - 0 views

hackaday.com/...-cars-can-be-hacked-with-music researchers cars 2011 hack exploit malware vehicle security automobile mp3
shared by John Lemke on 17 Mar 11 - No Cached
  • John Lemke on 17 Mar 11
     
    ome car entertainment systems were susceptible to specially-crafted MP3 files. The infected songs allowed them to inject malicious code into the system when burned to a CD and played. While this sort of virus could spread fairly easily with the popularity of P2P file sharing, it would likely be pretty useless at present.
1More

Snowden Leak: NSA Flagged Israel as Leading Espionage Threat - 0 views

www.ethicsintech.com/srael-leading-espionage-threat 2014 nsa israel indienationnews government surveillance spying
shared by John Lemke on 02 Nov 14 - No Cached
  • The National Security Agency listed Israel among a handful of nations considered to pose the “greatest threat” to American government, military and industrial secrets, classified documents leaked by whistleblower Edward Snowden reveal.
3More

Feds Say Legally Dead Is Slightly Alive - Lowering the Bar - 0 views

www.loweringthebar.net/...ly-dead-is-slightly-alive.html 2014 indienationnews law dead
shared by John Lemke on 18 Aug 14 - No Cached
  • Under state law a person can be presumed dead after five years. Miller had been gone for eight, and efforts to find him (for child-support purposes) had been unsuccessful.
  • So "I don't know where that leaves you," Judge Davis told Miller, "but you're still deceased as far as the law is concerned." And he still is, because he did not appeal that ruling
  • in April the Social Security Administration sent letters to Miller's two daughters, demanding that they pay back the federal death benefits they got while Miller was legally dead. They got about $100 a week until they were 18, and the payments totaled less than $30,000. Including fees and interest, the SSA sought $47,256 from the daughters. It reportedly said that if it couldn't get the money from them, it would then seek it from the ex-wife, and only if she also couldn't pay would it go after the guy who abandoned them in the first place.
« First ‹ Previous 61 - 71 of 71
Showing 20 items per page