×
Censorship

Tor Tests Undetectably Encrypted Connections In Iran 157

Posted by timothy from the great-song-from-flock-of-seagulls dept.
Sparrowvsrevolution writes "Ahead of the anniversary of Iran's revolution, the country's government has locked down its already-censored Internet, blocking access to many services and in some cases cutting off all encrypted traffic on the Web of the kind used by secure email, social networking and banking sites. In response, the information-freedom-focused Tor Project is testing a new tool it's calling 'obfsproxy,' or obfuscated proxy, which aims to make SSL or TLS traffic appear to be unencrypted traffic like HTTP or instant messaging data. While the tool currently only disguises SSL as the SOCKS protocol, in future versions it will aim to disguise encrypted traffic as any protocol the user chooses. Tor executive director Andrew Lewman says the idea is to 'make your Ferrari look like a Toyota by putting an actual Toyota shell over the Ferrari.'" Reader bonch adds: "A thread on Hacker News provides first-hand accounts as well as workarounds."
Google

Google Offering Cash For Your Cache 152

Posted by samzenpus from the have-a-couple-bucks dept.
pigrabbitbear writes "The gradual transformation of the web into an ultra-personalized, corporate-owned social space in the cloud has raised more than a few legitimate concerns about data privacy. Google, for obvious reasons, has always been one of the top cheerleaders for this metamorphosis. Touting a fresh new privacy policy that allows data about you from all of their services to coalesce, they've recently been particularly bullish about rendering that increasingly realistic digital portrait of you that lies stuffed away in their servers. It has led us again to question: How much are we comfortable with our machines knowing about us? How much is our privacy really worth? With their new program, Google is now asking those questions quite directly, and preceding them with dollar signs. Are we all on the verge of making our own information age Faustian bargains?"
Government

Hacked Syrian Officials Used '12345' As Email Password 231

Posted by samzenpus from the I've-got-the-same-combination-on-my-luggage dept.
Nominei writes "The Israeli newspaper Haaretz reports that the Syrian President, aides and staffers had their email hacked by Anonymous, who leaked hundreds of emails online. Reportedly, many of the accounts used the password '12345' (which their IT department probably warned them to change when the accounts got set up, of course)."
Businesses

The Gradual Death of the Brick and Mortar Tech Store 491

Posted by samzenpus from the say-hello-to-the-dodo dept.
Cutting_Crew writes "As we all know brick and mortar stores have been closing left and right recently. We had CompUSA, Borders and Circuit City all close their doors within the last 4 years. According to an article on Forbes.com, it is spelled out pretty clearly why Best Buy is next in line to shut its doors for good. Some of the reasons highlighted include a 40% drop is Best Buy stock in 2011, lack of vision regarding their online services, management too concerned with store sales instead of margins and blatant disregard for quality customer service."
Encryption

Sponsor a Valve On Colossus 30

Posted by timothy from the don't-worry-they-have-tubes-too dept.
mikejuk writes "The UK's National Museum of Computing has come up with a novel idea to raise funds for its new gallery for its rebuilt Colossus computeryou can sponsor a valve. All you have to do is buy a small area in a picture of Colossus (at £0.1 per pixel — min £10), upload a picture to occupy the space, set a URL and pay using PayPal."
Encryption

Pasadena Police Encrypt, Deny Access To Police Radio 487

Posted by Soulskill from the can't-broadcast-where-their-combat-UAVs-are dept.
An anonymous reader writes "There is media (but not public?) outcry over the Pasadena, CA police switch from analog radio that can be picked up by scanners to encrypted digital radio that cannot. 'On Friday, Pasadena police Lt. Phlunte Riddle said the department was unsure whether it could accommodate the media with digital scanners. Riddle said the greatest concern remains officer safety. "People who do bank robberies use scanners, and Radio Shack sells these things cheap," Riddle said. "We just had a robbery today on Hill Avenue and Washington Boulevard," Riddle said. "The last thing I want to do is to have the helicopter or the officers set up on the street and the criminals have a scanner and know where our officers are." Just prior to the switch over, city staffers said they would look into granting access to police radio chatter, most likely by loaning media outlets a scanner capable of picking up the secure signal.'"
Businesses

Proposed Law Would Give DHS Power Over Privately Owned IT Infrastructure 300

Posted by timothy from the for-great-justice dept.
CelticWhisper writes "H.R. 3674, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PRECISE Act), would allow the U.S. Department of Homeland Security to require improved security practices from those businesses managing systems whose disruption could prove detrimental to critical life-sustaining or national-security initiatives." As the article points out, this is just "one of 30 or so such bills currently percolating on the Hill."
Chrome

No More SSL Revocation Checking For Chrome 152

Posted by timothy from the substitute-my-own dept.
New submitter mwehle writes with this bit from Ars Technica: "Google's Chrome browser will stop relying on a decades-old method for ensuring secure sockets layer certificates are valid after one of the company's top engineers compared it to seat belts that break when they are needed most. The browser will stop querying CRL, or certificate revocation lists, and databases that rely on OCSP, or online certificate status protocol, Google researcher Adam Langley said in a blog post published on Sunday. He said the services, which browsers are supposed to query before trusting a credential for an SSL-protected address, don't make end users safer because Chrome and most other browsers establish the connection even when the services aren't able to ensure a certificate hasn't been tampered with."
Crime

Cops Set Up Extortion Sting On Symantec's Source Code Thieves 168

Posted by timothy from the don't-worry-now-we're-telling-the-truth dept.
Sparrowvsrevolution writes "Hackers linked with Anonymous leaked another 1.26 gigabytes of Symantec's data Monday night, what they say is the source code company's PCAnywhere program. More interestingly, also posted a long private email conversation that seems to show a Symantec exec offering the hackers $50,000 to not leak the company's data and to publicly state they had lied about obtaining it. Symantec has responded by revealing that in fact, the $50,000 offer had been a ruse, and the 'Symantec exec' was actually a law enforcement agent trying to trace the hackers. It adds that all the information the hackers have released, including a 2006 version of Norton Internet Security, is outdated and poses no threat to the company or its customers. Symantec says the Anonymous hackers began attempting to extort money from the company in mid-January, and it responded by contacting law enforcement, though it won't comment on the results of the fake payoff sting while the investigation is still ongoing."
Encryption

Defendant Ordered To Decrypt Laptop Claims She Had Forgotten Password 1009

Posted by Unknown Lamer from the war-on-alzheimer's-patients dept.
wiedzmin writes "A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month's end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense." The article clarifies that her lawyer stated she may have forgotten the password; they haven't offered that as a defense in court yet.
Mozilla

Sandboxed Flash Player Coming To Firefox 86

Posted by Soulskill from the box-in-the-fox dept.
Trailrunner7 writes "Adobe, which has spent the last few years trying to dig out of a deep hole of vulnerabilities and buggy code, is making a major change to Flash, adding a sandbox to the version of the player that runs in Firefox. The sandbox is designed to prevent many common exploit techniques against Flash. The move by Adobe comes roughly a year after the company added a sandbox to Flash for Google Chrome. Flash, which is perhaps the most widely deployed piece of software on the Internet, has been a common attack vector for several years now, and the attacks in some cases have been used to get around exploit mitigations added by the browser vendors. The sandbox is designed to prevent many of these attacks by not allowing exploits against Flash to break out into the browser itself."
Facebook

Moglen: Facebook Is a Man-In-The-Middle Attack 376

Posted by Soulskill from the can-we-blame-alice-and-bob-for-this dept.
jfruh writes "In an email exchange with privacy blogger Dan Tynan, Columbia law professor Eben Moglen referred to Facebook as a 'man in the middle attack' — that is, a service that intercepts communication between two parties and uses it for its own nefarious purposes. He said, 'The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we harm people by destroying their privacy for them. It's not the sharing that's bad, it's the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.' Tynan is a critic of Facebook, but he thinks Moglen is overstating the case."
Android

Symantec Identifies Android Trojans That Mutate With Every Download 97

Posted by samzenpus from the learning-at-a-geometric-rate dept.
angry tapir writes "Symantec researchers have identified a new premium-rate SMS Android Trojan that modifies its code every time it gets downloaded in order to bypass antivirus detection. This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it."
Facebook

Facebook Malware Goes Viral 123

Posted by samzenpus from the spreading-the-bad-news dept.
itwbennett writes "Just a few hours after a fake CNN news report appeared on Facebook Friday, more than 60,000 users had gone to the spoofed, malware bearing page according to Sophos Senior Security Advisor Chester Wisniewski. Facebook didn't respond to IDG News Service's request for information on 'how widespread the problem was or whether its own security had been breached, but Wisniewski said that there are a number of ways that status updates could appear without users' knowledge.'"
Crime

Job Seeking Hacker Gets 30 Months In Prison 271

Posted by samzenpus from the hire-me-or-else dept.
wiredmikey writes "A hacker who tried to land an IT job at Marriott by hacking into the company's computer systems, and then unwisely extorting the company into hiring him, has been sentenced to 30 months in prison. The hacker started his malicious quest to land a job at Marriott by sending an email to Marriott containing documents taken after hacking into Marriott servers to prove his claim. He then threatened to reveal confidential information he obtained if Marriott did not give him a job in the company's IT department. He was granted a job interview, but little did he know, Marriott worked with the U.S. Secret Service to create a fictitious Marriott employee for use by the Secret Service in an undercover operation to communicate with the hacker. He then was flown in for a face-to-face 'interview' where he admitted more and shared details of how he hacked in. He was then arrested and he pleaded guilty back in November 2011. Marriott claims the incident cost the company between $400,000 and $1 million in salaries, consultant expenses and other costs."
Businesses

Half of Fortune 500s, US Agencies Still Infected With DNSChanger Trojan 112

Posted by samzenpus from the still-here dept.
tsu doh nimh writes "Two months after authorities shut down a massive Internet traffic hijacking scheme, the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies. Internet Identity, a Tacoma, Wash. company that sells security services, found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities. Computers still infected with DNSChanger are up against a countdown clock. As part of the DNSChanger botnet takedown, the feds secured a court order to replace the Trojan's DNS infrastructure with surrogate, legitimate DNS servers. But those servers are only allowed to operate until March 8, 2012. Unless the court extends that order, any computers still infected with DNSChanger may no longer be able to browse the Web. The FBI is currently debating whether to extend the deadline or let it expire."
Chrome

German Government Endorses Chrome As Most Secure Browser 174

Posted by Soulskill from the taking-the-browser-war-across-the-pond dept.
New submitter beta2 writes "Several articles are noting that the German IT security agency BSI is endorsing Google Chrome browser: 'BSI ticked off Chrome's anti-exploit sandbox technology, which isolates the browser from the operating system and the rest of the computer; its silent update mechanism and Chrome's habit of bundling Adobe Flash, as its reasons for the recommendation. ... BSI also recommended Adobe Reader X — the version of the popular PDF reader that, like Chrome, relies on a sandbox to protect users from exploits — and urged citizens to use Windows' Auto Update feature to keep their PCs abreast of all OS security fixes. To update applications, BSI gave a nod to Secunia's Personal Software Inspector, a free utility that scan a computer for outdated software and point users to appropriate downloads.'"
Encryption

Satellite Phone Encryption Cracked 54

Posted by Soulskill from the our-fictional-military-characters-are-in-trouble dept.
New submitter The Mister Purple writes "A team of German researchers appears to have cracked the GMR-1 and GMR-2 encryption algorithms used by many (though not all) satellite phones. Anyone fancy putting a cluster together for a listening party? 'Mr. Driessen told The Telegraph that the equipment and software needed to intercept and decrypt satellite phone calls from hundreds of thousands of users would cost as little as $2,000. His demonstration system takes up to half an hour to decipher a call, but a more powerful computer would allow eavesdropping in real time, he said.'"
Communications

Anonymous Posts Audio of Intercepted FBI Conference Call 336

Posted by timothy from the sounds-like-a-job-for-rupert-murdoch dept.
DrDevil writes "A member of the computer hacking group Anonymous has hacked into a telephone conference between the FBI and Scotland Yard (London Police) and posted it on the internet. The Daily Telegraph has a comprehensive article on the hack. The audio of the call can be heard here." Reader eldavojohn snips as well from the AP's story as carried by Google: "Those on the call talk about what legal strategy to pursue in the cases of Ryan Cleary and Jake Davis — two British suspects linked to Anonymous — and discuss details of the evidence gathered against other suspects."

Slashdot Top Deals