Tag Archives: Security

The Ghosts of Spying Past

Posted on by

“In the 1990s, the Clinton administration fought furiously against privacy and security in communication, and we’re still hurting from it today. Yet people in powerful positions are trying to commit the same mistakes all over again.  Doing business safely requires data security: If unauthorized parties can grab credit card numbers or issue fake orders, nobody is safe. However, the Clinton administration considered communication security a threat to national security.  Attorney General Janet Reno said, ‘Without encryption safeguards, all Americans will be endangered.’ She didn’t mean that we needed the safeguard of encryption, but that we had to be protected from encryption.”

http://fee.org/anythingpeaceful/detail/the-ghosts-of-spying-past

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Why an Arms Control Pact Has Security Experts Up in Arms

Posted on by

“Security researchers say a proposed set of export rules meant to restrict the sale of surveillance software to repressive regimes are so broadly written that they could criminalize some research and restrict legitimate tools that professionals need to make software and computer systems more secure.  Critics liken the software rules, put forth by the US Commerce Department, to the Crypto Wars of the late ’90s, when export controls imposed against strong encryption software prevented cryptographers and mathematicians from effectively sharing their research abroad. At issue is the so-called Wassenaar Arrangement, an international agreement proposed US rules are based upon.”

http://www.wired.com/2015/06/arms-control-pact-security-experts-arms/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Hacking Team Breach Shows a Global Spying Firm Run Amok

Posted on by

Few news events can unleash more schadenfreude within the security community than watching a notorious firm of hackers-for-hire become a hack target themselves. In the case of the freshly disemboweled Italian surveillance firm Hacking Team, the company may also serve as a dark example of a global surveillance industry that often sells to any government willing to pay, with little regard for that regime’s human rights record. On Sunday night, unidentified hackers published a massive, 400 gigabyte trove on bittorrent of internal documents from the Milan-based Hacking Team, a firm long accused of unethical sales of tools that help governments break into target computers and phones.”

http://www.wired.com/2015/07/hacking-team-breach-shows-global-spying-firm-run-amok/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Critical OpenSSL bug allows attackers to impersonate any trusted server

Posted on by

“There’s a critical vulnerability in some versions of the widely used OpenSSL code library that in some cases allows attackers to impersonate cryptographically protected websites, e-mail servers, and virtual private networks, according to an advisory issued early Thursday morning.  The bug allows attackers to force vulnerable end-user applications into treating an invalid certificate as a legitimate transport layer security (TLS) or secure sockets layer (SSL) credential. As a result, adversaries with the ability to monitor a connection between the end user and trusted server could intercept or even modify data passing between them.”

http://arstechnica.com/security/2015/07/critical-openssl-bug-allows-attackers-to-impersonate-any-trusted-server/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Google reveals Adobe/Windows font bugs that enable system hijacking

Posted on by

“A Google Project Zero researcher has publicly disclosed details on a number of patched Adobe and Microsoft vulnerabilities, including one in the Adobe Type Manager Font Driver that could enable takeover of a number of systems supporting modern font engines. ATMFD.dll has supported Type 1 and OpenType fonts in the Windows kernel dating back to NT 4.0. The researcher said that the Windows kernel module has used the same interpreter for both Type 1 and OpenType CharStrings, supporting every function in the specification, bloating it unnecessarily. The bug could enable an attacker to chain together exploits that result in full system compromise using just the one vulnerability.”

https://threatpost.com/details-available-on-patched-adobe-windows-font-vulnerabilities/113454

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Google pulls listening software from Chromium

Posted on by

Google has pulled its listening software from the open-source Chromium browser after complaints from developers and privacy campaigners.  The tool, which uses the computer’s microphone to listen out for the ‘OK, Google’ hotword to trigger voice searches, was silently downloaded with updates of Chromium by default.  Open-source advocates complained that Google was downloading a ‘black box’ on to their machines that was not open source and therefore could not be verified to be doing what it said it was meant to do. Google has now made it an optional download that will not be installed unless a user adds it from the Chrome Web Store and opts into the voice-search functionality.”

http://www.theguardian.com/technology/2015/jun/25/google-pulls-listening-software-chromium

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

NSA conducts mass surveillance of the US internet to find cyberattacks

Posted on by

“According to the new documents, the scanning is enabled by broad legal powers, granted by the Department of Justice and FISA court in 2012. An initial Justice Department order (interpreting Section 702 of the FISA Amendments Act) authorized the NSA to target data based on specific IP addresses or threat signatures that were linked to foreign nations. In addition to its surveillance operations, the NSA is tasked with defending official US networks from digital intrusions, a task that’s grown increasingly difficult as states like China have grown more sophisticated.  But according to the documents, limiting the scans to foreign states was too restrictive for the NSA.”

http://www.theverge.com/2015/6/4/8729155/snowden-nsa-internet-cyber-surveillance-cyberattack

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Millions of US government workers hit by data breach

Posted on by

“Chinese hackers are suspected of carrying out a ‘massive breach’ affecting the data of millions of US government workers, officials said.  The Office of Personnel Management (OPM) confirmed on Thursday that almost four million current and past employees have been affected.  The breach could potentially affect every federal agency, officials said.  Susan Collins, a member of the Senate Intelligence Committee, said the attack was thought to originate in China.  OPM serves as the human resource department for the federal government.  The agency issues security clearances and compiles records of all federal government employees.”

http://www.bbc.com/news/world-us-canada-33017310

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

New exploit leaves most Macs vulnerable to permanent backdooring

Posted on by

“Macs older than a year are vulnerable to exploits that remotely overwrite the firmware that boots up the machine, a feat that allows attackers to control vulnerable devices from the very first instruction.  The attack, according to a blog post published Friday by well-known OS X security researcher Pedro Vilaca, affects Macs shipped prior to the middle of 2014 that are allowed to go into sleep mode.  The attack is more serious than the Thunderstrike proof-of-concept exploit late last year. While both exploits give attackers the same persistent and low-level control of a Mac, the new attack doesn’t require even brief physical access. That means attackers half-way around the world may remotely exploit it.”

http://arstechnica.com/security/2015/06/new-remote-exploit-leaves-most-macs-vulnerable-to-permanent-backdooring/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Asking Obama to protect encryption, and why that’s not enough

Posted on by

“The letter was signed by some of the most important cryptologists in the world, including the inventors of many of the key technologies behind modern encryption. The letter is a response to recent requests from the FBI and other agencies for laws requiring that backdoors and attack vectors be built into any encrypted system made by US companies. These backdoors would be specially created to allow law enforcement to snoop on the personal information of the company’s customers. Even if you trust the government not to misuse your personal information, this is very risky; any backdoor created for the government will significantly weaken software against other attacks as well.”

https://www.fsf.org/blogs/community/asking-obama-to-protect-encryption-and-why-thats-not-enough

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet