Skip to main content

Home/ Indie Nation/ Group items tagged 2013

Rss Feed Group items tagged

John Lemke

NSA paid $10 Million bribe to RSA Security for Keeping Encryption Weak - 0 views

  • According to an exclusive report published by Reuters, there is a secret deal between the NSA and respected encryption company RSA to implement a flawed security standard as the default protocol in its products.
  • Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily.
John Lemke

DARPA Robotics Challenge Trials Day 1 - 0 views

  • Pictured above is Valkyrie from NASA JPL. We reported on Valkyrie earlier this month. Arguably one of the better looking robots of the bunch, Valkyrie proved to be all show and no go today, failing to score any points in its day 1 trials. The day one lead went to Team Schaft, a new robot from Tokyo based startup company Schaft inc. Schaft scored 18 points in its first day. In second place is the MIT team  with 12 points. Third place is currently held by Team TRACLabs with 9 points. All this can change tomorrow as the second day of trials take place. The live stream will be available from 8am to 7pm EST on DARPA’s robotics challenge page.
John Lemke

Cutting the cord: Brazil's bold plan to combat the NSA | The Verge - 0 views

  • "The real danger [from] the publicity about [NSA surveillance] is that other countries will begin to put very serious encryption – we use the term 'Balkanization' in general – to essentially split the internet and that the internet's going to be much more country specific," Google executive chairman Eric Schmidt said at an event in New York this month. "That would be a very bad thing, it would really break the way the internet works, and I think that's what I worry about."
John Lemke

2 million Facebook, Gmail and Twitter passwords stolen in massive hack - Dec. 4, 2013 - 0 views

  • The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world,
  • The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.
  • Of all the compromised services, Miller said he is most concerned with ADP. Those log-ins are typically used by payroll personnel who manage workers' paychecks. Any information they see could be viewed by hackers until passwords are reset.
  • ...1 more annotation...
  • But in a statement, ADP said that, "To [its] knowledge, none of ADP's clients has been adversely affected by the compromised credentials."
John Lemke

YouTube goes nuts flagging game-related content as violating copyright | Ars Technica - 0 views

  • According to TubeFilter, YouTube told these MCNs last week that it would begin pre-screening a sample of their affiliates' videos for copyright violation before the video posts to YouTube, in a process that could take as little as a few hours or up to a few days. The pre-screening system is also be based on good behavior, so to speak, and affiliates who are never caught uploading copyrighted material will be checked less frequently.
John Lemke

Kurt Eichenwald Claims Snowden Is A Chinese Spy And Leaks Are Just To Protect Their Cyb... - 0 views

  • And the attempts to tar and feather Ed Snowden continue. The latest is that famed reporter Kurt Eichenwald, who started attacking Ed Snowden months ago, has written up a long speculative article for Newsweek arguing that Ed Snowden has "escalated the cyber war" by giving China the necessary cover it needs to avoid reining in its own cyber attacks
  • That is, if you follow the bizarre logic here, without Snowden, Eichenwald believes that the US would have somehow convinced the Chinese to stop their cyber attack program. And, now because of Snowden, the Chinese can ignore that effort, by pointing out that the US is doing a ton of online hacking too.
  • Again, nearly everything about that statement is ridiculous. He didn't "leave all of the documents in Hong Kong." He provided heavily encrypted versions to a very small number of journalists, and then got rid of the files himself. Eichenwald takes that to mean he "left" them in Hong Kong, based on nothing, and all of this apparently means that Snowden is working for the Chinese (even though he left China pretty quickly).
John Lemke

Federal Prosecutors, in a Policy Shift, Cite Warrantless Wiretaps as Evidence - NYTimes... - 0 views

  • The practice contradicted what Mr. Verrilli had told the Supreme Court last year in a case challenging the law, the FISA Amendments Act of 2008. Legalizing a form of the Bush administration’s program of warrantless surveillance, the law authorized the government to wiretap Americans’ e-mails and phone calls without an individual court order and on domestic soil so long as the surveillance is “targeted” at a foreigner abroad. A group of plaintiffs led by Amnesty International had challenged the law as unconstitutional. But Mr. Verrilli last year urged the Supreme Court to dismiss the case because those plaintiffs could not prove that they had been wiretapped. In making that argument, he said a defendant who faced evidence derived from the law would have proper legal standing and would be notified, so dismissing the lawsuit by Amnesty International would not close the door to judicial review of the 2008 law. The court accepted that logic, voting 5-to-4 to dismiss the case. In a statement, Patrick Toomey, staff attorney with the American Civil Liberties Union, which had represented Amnesty International and the other plaintiffs, hailed the move but criticized the Justice Department’s prior practice.
  • Still, it remains unclear how many other cases — including closed matters in which convicts are already service prison sentences — involved evidence derived from warrantless wiretapping in which the National Security Division did not provide full notice to defendants, nor whether the department will belatedly notify them. Such a notice could lead to efforts to reopen those cases.
John Lemke

Java-based malware driving DDoS botnet infects Windows, Mac, Linux devices | Ars Technica - 0 views

  • takes hold of computers by exploiting CVE-2013-2465, a critical Java vulnerability that Oracle patched in June. The security bug is present on Java 7 u21 and earlier. Once the bot has infected a computer, it copies itself to the autostart directory of its respective platform to ensure it runs whenever the machine is turned on. Compromised computers then report to an Internet relay chat channel that acts as a command and control server.
  • The botnet is designed to conduct distributed denial-of-service attacks on targets of the attackers' choice. Commands issued in the IRC channel allow the attackers to specify the IP address, port number, intensity, and duration of attacks.
John Lemke

Snowden Keeps Outwitting U.S. Spies - The Daily Beast - 0 views

  • First, it assumes that Snowden’s master file includes data from every network he ever scanned. Second, it assumes that this file is already in or will end up in the hands of America’s adversaries. If these assumptions turn out to be true, then the alarm raised in the last week will be warranted. The key word here is “if.”
    • John Lemke
       
      The two asumptions
  • One U.S. intelligence official briefed on the report said the DIA concluded that Snowden visited classified facilities outside the NSA station where he worked in Hawaii while he was downloading the documents he would eventually leak to journalists Glenn Greenwald and Barton Gellman. On Tuesday, Clapper himself estimated that less than 10 percent of the documents Snowden took were from the NSA.
    • John Lemke
       
      Seems not many of the documents were actually NSA documents.
  • assume
  • ...10 more annotations...
  • DIA director Gen. Michael Flynn put it this way on Tuesday in testimony before the House Permanent Select Committee on Intelligence: “We
  • that Snowden, everything that he touched, we assume that he took, stole.”
  • The U.S. intelligence official briefed on the report said the DIA was able to retrace the steps Snowden took inside the military’s classified systems to find every site where he rummaged around. “Snowden had a very limited amount of time before he would be detected when he did this, so we
  • assume
  • he zipped up the files and left,” this official said.
  • Bruce Schneier, a cybersecurity expert and cryptographer who Greenwald has consulted on the Snowden archive, said it was prudent to
  • assume
  • that lest some of Snowden’s documents could wind up in the hands of a foreign government.
  • In June, Greenwald told the Daily Beast that he did not know whether or not Snowden had additional documents beyond the ones he gave him. “I believe he does. He was clear he did not want to give to journalists things he did not think should be published.”
    • John Lemke
       
      He is not willing to release stuff he felt that journalist should not publish...
  • Snowden, however, has implied that he does not have control over the files he took. “No intelligence service—not even our own—has the capacity to compromise the secrets I continue to protect,” he wrote in July in a letter to former New Hampshire Republican senator Gordon Humphrey. “While it has not been reported in the media, one of my specializations was to teach our people at DIA how to keep such information from being compromised even in the highest threat counter-intelligence environments (i.e. China). You may rest easy knowing I cannot be coerced into revealing that information, even under torture.”
John Lemke

F-Secure: Android accounted for 97% of all mobile malware in 2013, but only 0.1% of tho... - 0 views

  • Android threats are primarily a non-US problem
  • F-Secure believes it would be incorrect to say that “Google hasn’t been actively making efforts to increase the security of the Android platform.”
  • At the very bottom of the list was Google Play itself, with the lowest percentage of malware in the gathered samples: 0.1 percent. F-Secure also noted that “the Play Store is most likely to promptly remove nefarious applications, so malware encountered there tends to have a short shelf life.”
John Lemke

Genetically engineered white blood cells could be the future of HIV treatment | The Verge - 0 views

  • Scientists have successfully modified the white blood cells of 12 patients living with HIV, making their cells resistant to the retrovirus and improving the study participants' overall ability to fight off infection. The researchers achieved this result through a gene editing technique, described today in
  • Unlike the child who went into HIV remission a year ago, the patients in this study continue to test positive for HIV. But the results of this Phase I clinical trial still represent a promising debut for HIV treatments involving tailored gene therapy, as the white blood cells persisted for nearly a year after transfusion.
John Lemke

Exclusive: Secret contract tied NSA and security industry pioneer | Reuters - 0 views

  • Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.
  • RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to concentrate on VeriSign, a security certificate company that had been spun out of RSA. The elite lab Bidzos had founded in Silicon Valley moved east to Massachusetts, and many top engineers left the company, several former employees said.And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for developers brought in just $27.5 million of RSA's revenue, less than 9% of the $310 million total."When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to lead engineering and the Australian operation before he left in 2005. "It became a very different company later on."By the first half of 2006, RSA was among the many technology companies seeing the U.S. government as a partner against overseas hackers.New RSA Chief Executive Art Coviello and his team still wanted to be seen as part of the technological vanguard, former employees say, and the NSA had just the right pitch. Coviello declined an interview request.An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to approval by the National Institutes of Standards and Technology as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard.RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.RSA's contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.
  • Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula "can only be described as a back door."
John Lemke

Iron Maiden makes millions of dollars by playing live for pirates | The Verge - 0 views

  •  
    The only thing the article got wrong is that they are not "pirates"... they are fans.
John Lemke

RapidGator Wiped From Google by False DMCA Notices | TorrentFreak - 0 views

  • File-hosting service RapidGator has had nearly all of its search results wiped from Google, including many clearly non-infringing pages. The URLs in question were removed by the search engine after a DMCA notice from several copyright holders. RapidGator is outraged and says the overbroad censorship is hurting its business, warning that the same could happen to others. “If it happens to us, it can happen to MediaFire or Dropbox tomorrow,” they state.
  • Thus far this has resulted in more than 200 million URLs being removed from Google’s search engine. While many of these takedown claims are legit, some are clearly false, censoring perfectly legitimate webpages from search results. File-hosting service RapidGator.net is one site that has fallen victim to such overbroad takedown requests. The file-hosting service has had nearly all its URLs de-listed, including its homepage, making the site hard to find through Google. Several other clearly non-infringing pages, including the FAQ, the news section, and even the copyright infringement policy, have also been wiped from Google by various takedown requests.
  • “Our robots.txt forbids search engines bots to index any file/* folder/ URLs. We only allow them to crawl our main page and the pages we have in a footer of the website. So most of the URLs for which Google gets DMCA notices are not listed in index by default,” RapidGator’s Dennis explains.
  •  
    Quoting the article: "File-hosting service RapidGator has had nearly all of its search results wiped from Google, including many clearly non-infringing pages. The URLs in question were removed by the search engine after a DMCA notice from several copyright holders. RapidGator is outraged and says the overbroad censorship is hurting its business, warning that the same could happen to others. "If it happens to us, it can happen to MediaFire or Dropbox tomorrow," they state." This is, sooner or later, going to have to be addressed... It totally works against the concept of the cloud. I can not believe that more people are using the cloud for illegal uses than legit.
John Lemke

NSA reportedly intercepting laptops purchased online to install spy malware | The Verge - 0 views

  • According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency's elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA's TAO group is able to divert shipping deliveries to its own "secret workshops" in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. While the report does not indicate the scope of the program, or who the NSA is targeting with such wiretaps, it's a unique look at the agency's collaborative efforts with the broader intelligence community to gain hard access to communications equipment. One of the products the NSA appears to use to compromise target electronics is codenamed COTTONMOUTH, and has been available since 2009; it's a USB "hardware implant" that secretly provides the NSA with remote access to the compromised machine.
  • The Der Spiegel report, which gives a broad look at TAO operations, also highlights the NSA's cooperation with other intelligence agencies to conduct Hollywood-style raids. Unlike most of the NSA's operations which allow for remote access to targets, Der Spiegel notes that the TAO's programs often require physical access to targets. To gain physical access, the NSA reportedly works with the CIA and FBI on sensitive missions that sometimes include flying NSA agents on FBI jets to plant wiretaps. "This gets them to their destination at the right time and can help them to disappear again undetected after even as little as a half hour's work," the report notes.
  •  
    While the scope or the targets are reportedly not known, the article also does not mention anything about a search warrant. This is what happens when the government feels they are above the law.
John Lemke

How LexisNexis and others may have unwittingly aided identity thieves | Ars Technica - 0 views

  • Wednesday's report exposes serious risks in what banks, mortgage companies, and other financial services call "knowledge-based authentication." Representatives from these services frequently rely on a list of about 100 questions such as "What was your previous address?" or "Which company services your mortgage?" when trying to determine if the person on the phone or filling out an application is the individual he claims to be. Ready access to the data stored by the data aggregators can make the difference between a fraudulent application being approved or rejected. Krebs goes on to recount a story told by Gartner fraud analyst Avivah Litan about a fellow analyst who witnessed an identity thief in action.
1 - 20 of 67 Next › Last »
Showing 20 items per page