Tag Archives: Software

Could Shapeshifting ‘Material Support’ Doctrine Take A Bite Out Of Apple?

Posted on by

“Recently, Congress, the administration, and pundits have not been shy about threatening to use material support against social media companies like Twitter. Wittes and Bedell reason, it’s not a great leap to see how a judge would find Apple equally guilty.  Apple would violate the law, the two write, if it continued to provide its encrypted services to a customer after the FBI has served a warrant for the customers’ communications.  Wittes and Bedell argue that ‘the sale of an encrypted phone by a major company to the general public cannot plausibly constitute material support for terrorism.’  We’re not so sure.”

http://www.defendingdissent.org/now/news/shapeshifting-material-support-apple/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Firefox PDF exploit found in the wild

Posted on by

“An advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.  The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the ‘same origin policy’) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable.  The exploit leaves no trace it has been run on the local machine.”

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Google, Samsung phones will now receive monthly over-the-air security updates

Posted on by

“Mere hours after Samsung shared plans to issue over-the-air (OTA) security updates ‘about once per month’ for its Android devices, Google has announced pretty much the same strategy. Starting this week, Nexus devices will receive regular OTA updates each month focused on security, in addition to the usual platform updates.  Just like Samsung, Google didn’t explicitly say why the new Android security update process is being unveiled now, but it did mention Stagefright, a vulnerability disclosed last week that affected roughly 95 percent of Android devices. In short, the security hole could allow a hacker to remotely access an Android smartphone using only a person’s telephone number.”

http://venturebeat.com/2015/08/05/google-announces-nexus-devices-will-now-receive-monthly-over-the-air-security-updates/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

0-day bug in fully patched OS X comes under active exploit to hijack Macs

Posted on by

“Hackers are exploiting a serious zero-day vulnerability in the latest version of Apple’s OS X so they can perform attacks that install malware without requiring victims to enter system passwords, researchers said.  As Ars reported last week, the privilege-escalation bug stems from new error-logging features that Apple added to OS X 10.10. Developers didn’t use standard safeguards involving additions to the OS X dynamic linker dyld, a failure that lets attackers open or create files with root privileges that can reside anywhere in the OS X file system. Researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs.”

http://arstechnica.com/security/2015/08/0-day-bug-in-fully-patched-os-x-comes-under-active-exploit-to-hijack-macs/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

New attack on Tor can deanonymize hidden services with 88% accuracy

Posted on by

“Computer scientists have devised an attack on the Tor privacy network that in certain cases allows them to deanonymize hidden service websites with 88 percent accuracy.  Hidden services allow people to host websites without end users or anyone else knowing the true IP address of the service. The deanonymization requires the adversary to control the Tor entry point for the computer hosting the hidden service. It also requires the attacker to have previously collected unique network characteristics that can serve as a fingerprint for that particular service. The new research underscores the limits to anonymity on Tor, which journalists, activists, and criminals alike rely on to evade online surveillance.”

http://arstechnica.com/security/2015/07/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Windows 10: keylogging, harvesting browser history, purchases, and covert listening

Posted on by

“By default, Microsoft gets to see your location, keystrokes and browser history — and listen to your microphone, and some of that stuff is shared with ‘trusted [by Microsoft, not by you] partners.’  You can turn this all off, of course, by digging through screen after screen of ‘privacy’ dashboards, navigating the welter of tickboxes that serve the same purposes as all those clean, ration-seeming lines on the craps table: to complexify the proposition so you can’t figure out if the odds are in your favor.  Oh, and if you’ve already chosen to use Firefox as your default browser, Microsoft overrides your decision when you ‘upgrade’ and switches you to the latest incarnation of Internet Explorer.”

http://boingboing.net/2015/08/03/windows-10-defaults-to-keylogg.html

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Who Is Building the Private, Peer-to-Peer Marketplace?

Posted on by

“Online commerce today is mostly centralized; companies own websites where users visit to buy and sell things. Those companies charge fees, monitor their users’ data, and censor their transactions based on their own rules and on behalf of the government.  OpenBazaar is different. Instead of relying on a centralized third party, trades occur directly between buyers and sellers. Users install peer-to-peer software on their computers, similar to bitcoin or BitTorrent, and this connects them to other users running the same software. They transact in bitcoin. Since there’s no middleman, there are no fees, no collection of data, and no censorship of trade.”

http://fee.org/freeman/detail/who-is-building-the-private-peer-to-peer-marketplace

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

PITA Side-Channel Attack Steals GPG Key from Laptops

Posted on by

“It’s unlikely that anyone envisioned the evolution of cryptographic key thievery to include leavened flatbread, but that’s where we’ve arrived.  Researchers from Tel Aviv University in Israel are expected in September to present a paper at the Workshop on Cryptographic Hardware and Embedded System on the latest side-channel attack exposing crypto keys. The scientists—Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer—have developed an inexpensive rig they say from close proximity steals GnuPG keys from a laptop. The setup, which they’ve called the Portable Instrument for Trace Acquisition (PITA), does indeed fit inside pita bread.”

https://threatpost.com/pita-side-channel-attack-steals-gpg-key-from-laptops/113447

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

Author Behind Ransomware Tox Calls it Quits, Sells Platform

Posted on by

“The developer behind Tox, a ransomware-as-a-service tool that only surfaced late last month, acknowledged in a post on Pastebin Wednesday that despite his plan to stay ‘quiet and hidden,’ he’s quickly found himself over his head.  Now the malware author is looking to sell Tox but claims if no one buys it he’ll just release the keys and decrypt his victim’s files.  Tox is encouraging prospective buyers to contact him to purchase both source code and documentation for the ransomware, adding that he’ll entertain offers for the platform and virus together, or as a package deal, alongside an additional database and .onion private key.”

https://threatpost.com/author-behind-ransomware-tox-calls-it-quits-sells-platform/113151

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet

The Future of the Web Looks a Lot Like Bitcoin

Posted on by

“More and more, it seems, the priorities of these institutions do not align with those of the people they serve. Remember when Facebook toggled the digital levers in its social network to run massive psychology experiments on its users?  When confronted with an intractable problem, we’ve settled for the least egregious option by placing responsibility for our digital data in as few hands as possible. Because, really, the only thing sillier than trusting some central authority with our most precious digital records would be trusting a bunch of strangers with them.  And yet, this is precisely what Bitcoin achieves: a public database that everyone can see, anyone can add to, and no one can destroy.”

http://spectrum.ieee.org/computing/networks/the-future-of-the-web-looks-a-lot-like-bitcoin

Scan to Donate Bitcoin to Freedomwat.ch Staff
Did you like this?
Tip Freedomwat.ch Staff with Bitcoin
Donate via Installed Wallet