Year 2014 will be a year of cybersecurity after the NSA revelations made in 2013: The headline news is that the NSA has surreptitiously “burrowed its way into nearly all the security architecture” sold by the world’s largest computer networking companies. A lot of people were shocked how NSA monitored and hacked almost everything in Internet. There will still be NSA aftershocks after new material comes out and different parties react to them (and news sources write about them). U.S. cloud services have been put into question for good reason. There will be a lot of NSA spying litigation. Those spying issues will also fuel some haktivism (it has already started to happen).
Security Professionals: Top Cyber Threat Predictions for 2014 article lists the following predictions that seem to pretty propable: Cybersecurity Regulatory Efforts Will Spark Greater Need for Harmonization, Service-Impacting Interruptions for Online Services Will Persist, We Will See an Increase in Cybercrime Activity Related to the World Cup, Rise of Regional Cloud Services, Dev-Ops Security Integration Fast Becoming Critical, Cybercrime that Leverages Unsupported Software will Increase, Increase in Social Engineering and Ransomware will Impact More People.
Ubiquitous mobile computing is all around us, which will lead to increased risks and concerns about social network privacy. Social networks have quickly become the key organizing principle of Internet communication and collaboration. Android anti-virus apps CAN’T kill nasties on sight like normal AV.
2013 was a very hacked year when there was many cases where information on millions or tens of millions of users were stolen from companies. It’s likely that we will see much more of the same in 2014, the way people use passwords and how the on-line services are built have not changed much in one year.
Gartner predicts that through 2014, improved JavaScript performance will begin to push HTML5 and the browser as a mainstream enterprise application development environment. I expect that HTML5 related security issues are increased due the fact that the technology being used more in 2014.
Over 50% of net traffic to web sited made by bots! More Than Half of Internet Traffic Is Just Bots article says that security and cloud service provider Incapsula analyzed and found out that more than 60 percent of internet traffic is computer generated, compared to less than 40 percent of traffic that is driven by human clicks. 31% of Bots Are Still Malicious. SEO link building has always a major motivation for automated link spamming, but it is decreasing due the fact that Google was able to discourage it. There are more advanced hacking and automatic vulnerability searching.
DDoS attacks are evolving from volumetric Layer 3-4 attacks to much more sophisticated and dangerous Layer 7 multi-vector threats.
There will be still many SCADA security issues in 2014. Even though traditional SCADA vulnerabilities have become easier to find, the increased connectivity brought with IoT will cause new issues. And there will still be very many controls systems openly accessible from the Internet for practically everybody who knows how to do that. There was a large number of SCADA systems found open in Internet in the beginning of 2013, and the numbers have not considerably dropped during the year. I expect that very many of those systems are still too open in the end of 2014.
The Internet is expanding into enterprise assets and consumer items such as cars and televisions. The Internet of Things (IoT) will evolve into the Web of Things, increasing the coordination between things in the real world and their counterparts on the Web. There will be many security issues to solve and as the system become more widely used more security issues on them will be found in them.
Cloud security will be talked about. Hopefully there will be some clear-up on the terminology on that area, because cloud security can mean a lot of things like the term cloud computing. Cloud security could mean how secure your cloud provider is, a service that runs on cloud filtering what comes through it (for example e-mails, web traffic), it could mean to product protecting some service running on cloud, or it could be a traditional anti-virus service that connects to cloud to advance it’s operation (for example update in real-time, verify unknown programs based on data on cloud). Research firm Gartner forecasts that cloud security sales will increase dramatically in the next few years. Cloud Security sales have increased over the past year by 2.1 billion to $ 3.1 billion in 2015.
Marketers try to put “cloud” term to security product brochures as much as they can. Cloud made from the traditional information security sound old-fashioned because companies are under pressure to move services to the cloud. Also, mobile devices and information security dispersed users to set new standards. OpenDNS ‘s CTO Dan Hubbard says that “Because of the data and equipment run in the cloud users with the cloud is the best way to protect them.” The Snowden Effect will also bring this year of PRIVATE cloud talk on table for security reasons because U.S. cloud services have been put into question for good reason.
In Finland a new Cyber Security Center started in the beginning of 2014. Security articles and warnings from it will be published at kyberturvallisuuskeskus.fi.
Late addition: Crypto-currencies like Bitcoin and similar are on the rise. Early adopters already use them already actively. Those crypto-currencies have many security related issues related to them. The values of the crypto-currencies vary quite much, and easily the value drops considerably when they get so used that different governments try to limit using them. Bitcoin is increasingly used as ramsonware payment method. Bitcoins have been stolen lately quite much (and I expect that to increase when usage increases), and those are stolen from users, on-line wallets and from exchanges. When more money is involved, more bad guys try to get into to get some of it. Sometimes bad guys do not try to steal your money, bit use resources you pay (your own PC, your server capacity, etc.) to generate money for them without you knowing about it. If you plan to use those crypto-currencies be careful to understand what you are doing with them, there is a real possibility that you can loose your money and there is no way that lost money can be recovered.
3,382 Comments
Tomi Engdahl says:
Microsoft strengthens encryption for Outlook.com and OneDrive, opens Redmond Transparency Center to let governments review source code
Advancing our encryption and transparency efforts
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/07/01/advancing-our-encryption-and-transparency-efforts.aspx
Tomi Engdahl says:
Sydney wallows in cesspit of WiFi obsolescence and ignorance
World of Warbiking WiFi sniffing peloton finds lots of unsecured connections
http://www.theregister.co.uk/2014/07/02/sydney_wallowing_in_cesspit_of_wifi_obsolescence/
Sophos has brought its Raspberry-Pi-powered World of Warbiking WiFi-sniffing peloton to Sydney and found, as it does everywhere around the world, that some people just can’t be bothered with WiFi security.
In London, the penetrative peloton found 29.5 per cent were using either the dud Wired Equivalent Privacy (WEP) algorithm, or nothing.
Sydney fared a little better, with just 3.98 per cent running WEP and 23.85 running naked. Wi-Fi Protected Access II (WPA 2) was the most prevalent protocol, with 44.02 per cent of the 34.476 networks found along a 4.2 km route
Sophos’ peloton has, to date, visited London, Hanoi, Las Vegas and San Francisco. Results from all cities are quite similar: there’s a fair bit of WEP around the world, less WPA-2 and HTTPs than is sensible and a lot of people who either don’t care or don’t know to care about doing better.
Tomi Engdahl says:
U.S. Pushing Privacy Protection Rights to EU Citizens – See more at: http://www.dailytech.com/US+Pushing+Privacy+Protection+Rights+to+EU+Citizens/article36136.htm#sthash.kVIHN2BG.dpuf
Tomi Engdahl says:
Redmond’s EMET defense tool disabled by exploit torpedo
With latest version shot to pieces, work begins on beta bomb
http://www.theregister.co.uk/2014/07/02/redmonds_emet_defense_tool_disabled_by_exploit_torpedo/
Microsoft’s Enhanced Mitigation Toolkit (EMET) tool can be deactivated andbypassed according to Offensive Security researchers.
The exploit struck dead the latest standard and updated version 4.1 of EMET designed to make attacks more complex and expensive through the use of Address Space Layout Randomisation and Data Execution Prevention among other techniques.
Researchers uploaded exploit code online which torpedoed EMET protections increasingly touted by Microsoft as a means to mitigate new vulnerabilities in lieu of patches.
Black hat attacks using the method are yet to emerge.
Tomi Engdahl says:
Google adds ‘data protection’ WARNING to Euro search results
Wanna see EVERYTHING? Just click the ‘use Google.com’ button. Simples
http://www.theregister.co.uk/2014/06/26/google_adds_blanket_data_protection_law_warning_to_euro_search_results/
Google has begun notifying European Union-based netizens that its search results have to respect the 28-member-state bloc’s 19-year-old data protection law.
The ad giant has plastered the warning on its search engine across the EU from today. But, anyone living in those countries who navigate to Google.com will find that the “censorship” – as Mountain View has wrongly attempted to characterise it – will no longer apply.
Anyone visiting the ubiquitous search engine’s landing page, such as Google.co.uk, will see a “Use Google.com” button in the bottom right-hand corner.
Tomi Engdahl says:
IEEE Launches Anti-malware Services To Improve Security
http://it.slashdot.org/story/14/07/02/0259227/ieee-launches-anti-malware-services-to-improve-security
The IEEE Standards Assocation has launched an Anti-Malware Support Service to help the computer security industry respond more quickly to malware.
The first two services available are
Clean file Metadata Exchange
Taggant System
Tomi Engdahl says:
IEEE Anti-Malware Support Service (AMSS)
CMX and Taggant System: Enabling more effective and efficient response to malware threats.
http://standards.ieee.org/develop/indconn/icsg/amss.html
IEEE Anti-Malware Support Service (AMSS)
IEEE Anti-Malware Support Service (AMSS) is a set of shared support services, created through the collaborative efforts of many of the major players in the computer security industry. It enables the individual security companies and the industry as a whole to respond more effectively and efficiently to the rapidly mutating universe of contemporary malware threats.
AMSS currently consists of two main services: the Clean file Metadata eXchange (CMX), and the Taggant System
CMX provides real-time access to information related to clean software files, even prior to the publication of the corresponding software. This can help reduce the number of false positives detected by anti-virus software when more aggressively searching for malware.
The Taggant System places a cryptographically secure marker in the packed and obfuscated files created by commercial software distribution packaging programs (packers). Legitimate packers are often abused by malware creators to create many, difficult-to-detect variants of their malware.
Tomi Engdahl says:
Microsoft says No-IP accounts massacre was a technical error
Seized first, explained later
http://www.theinquirer.net/inquirer/news/2352891/microsoft-kills-off-no-ip-accounts-in-anti-cybercrime-crusade
MICROSOFT HAS said that the No-IP shuttering that led to criticism was partly down to a technical error.
Earlier this week Microsoft hit No-IP in order to stifle malware, but the knock-on effects led to criticism and talk of millions of innocent victims.
Microsoft closed the domains as part of its ongoing battle against cybercrime. In a blog post it said that it rounded on a company operating as No-IP for “creating, controlling, and assisting in infecting millions of computers with malicious software”. It said that the network harmed Microsoft and everyone else.
Tomi Engdahl says:
Slide set that explains what IEEE is trying to do and why:
IEEE Taggant System
https://media.blackhat.com/bh-us-11/Kennedy/BH_US_11_KennedyMuttik_IEEE_Slides.pdf
A taggant is a chemical or physical marker added to materials to allow various forms of testing. Taggants allow testing marked items for qualities such as lot number and concentration (to test for
dilution, for example). In particular, taggants are known to be widely used in plastic, sheet and flexible explosives.
The IEEE Software Taggant System will allow the “tagging” of the output of Packer Software with a cryptographically secure signature that enables positive origin identification and integrity of a Packed File using standard PKI techniques.
– It is a portable C library
– For packer vendors to write a taggant
– For AV companies to read and verify it
This will effectively “de-anonymize” code created by packers.
Packing of files creates problems for all the players
Benefits for Everyone!
Security Vendors
– More proactive protection
– Less false positives and slowdowns
– Less resources wasted
Software Packer Vendors
– Less false positives
– Enforcing of licensing, less piracy, higher returns
– One point of contact with security industry
– SPV are now part of the solution
– Competitive benefits
– It is free
Packer Users and End-Users
– Less false positives and slowdowns
– It is transparent and free (unlike digital signatures)
We are hoping to solve the problem of packed malware in ~2-3 years
Creating and using files with taggants is free
– Included by the packing software automatically
– The PKI infrastructure will be sponsored by AV companies
Taggants are compatible with authenticode
– Digital signature can be applied after a packer included a taggant
AV products can then block packed malware by recognizing bad sources
Tomi Engdahl says:
E-voting experiments end in Norway amid security fears
http://www.bbc.com/news/technology-28055678
Norway is ending trials of e-voting systems used in national and local elections.
Experiments with voting via the net were carried out during elections held in 2011 and 2013.
But the trials have ended because, said the government, voters’ fears about their votes becoming public could undermine democratic processes.
A report looking into the success of the 2013 trial said about 70,000 Norwegians took the chance to cast an e-vote. This represented about 38% of all the 250,000 people across 12 towns and cities who were eligible to vote online.
However, it said, there was no evidence that the trial led to a rise in the overall number of people voting nor that it mobilised new groups, such as young people, to vote.
The report by Norway’s Institute of Social Research also expressed worries about the fact that online voting took place in what it called “uncontrolled environments”. This, it said, undermined the need for a vote to be made in secret without anyone influencing the voter as they made their choice.
It said there was also some evidence that a small number of people, 0.75% of all voters, managed to vote twice in 2013. They did this by voting once online then travelling to a polling station to cast a paper ballot.
Tomi Engdahl says:
PayPal says sorry: Fat fingers froze fundraiser for anti-spy ProtonMail
Payment goliath blames ‘technical problem’ for account block
http://www.theregister.co.uk/2014/07/01/paypal_unfreezes_funds_for_protonmail_encrypted_email_startup/
PayPal has lifted its embargo on ProtonMail, the Swiss startup raising funds via Indiegogo to build a communications system hardened against surveillance.
The payment giant claims the account freeze wasn’t a matter of policy, but a simple cock-up.
On Monday ProtonMail, which was set up by boffins at CERN and MIT, reported that PayPal had blocked its account and left $280,000 of crowd-funded cash in limbo.
Tomi Engdahl says:
EFF sues NSA over snoops ‘hoarding’ zero-day security bugs
Wants docs showing who chooses to keep us unsafe online
http://www.theregister.co.uk/2014/07/02/eff_sues_nsa_over_agencys_policy_of_hoarding_zeroday_flaws/
Intelligence agencies are among the most prolific buyers of zero-day computer security flaws that can be used to spy on enemies foreign and domestic, or so it’s claimed – and the Electronic Frontier Foundation (EFF) has launched a lawsuit to find out what exactly they are doing with them.
“Since these vulnerabilities potentially affect the security of users all over the world, the public has a strong interest in knowing how these agencies are weighing the risks and benefits of using zero days instead of disclosing them to vendors,” said EFF global policy analyst Eva Galperin.
After the password-leaking Heartbleed bug emerged, the White House cyber-security coordinator Michael Daniel wrote that the US government wasn’t hoarding vast amounts of zero-day security flaws – so-called because there are no software patches to fix them at present time – to use for espionage purposes.
But Daniel admitted Uncle Sam does have some bugs stockpiled: these are assessed under a “Vulnerability Equities Process,” to decide when the security industry should be told and when the intelligence agency can keep back useful holes, which are used to compromise targets.
Tomi Engdahl says:
Open Rights Group finds that one in five websites is blocked by an ISP filter
Overzealousness on a censor list
http://www.theinquirer.net/inquirer/news/2353174/open-rights-group-finds-that-one-in-five-websites-is-blocked-by-an-isp-s-filter
AN INTERNET STUDY performed by the Open Rights Group (ORG) has found that one in every five websites that it looked at is blocked by one ISP censorship system or another.
ORG looked at some 100,000 websites and found that around 20,000 of them are unavailable through some service providers. This one in five figure is high, and the group found that some seemingly innocuous webpages are filtered.
“The government is promoting filters to prevent children and young people from seeing content that is supposed to be for over 18s. This includes pornography and sites that talk about alcohol, smoking, anorexia and hate speech,” said the Open Rights Group.
“In practice, filters block many sites that are not harmful to children. Sometimes, they are blocked by mistake. Sometimes, they are blocked deliberately. For example, many blogs and forums are blocked by default.”
“Different ISPs are blocking different sites and the result is that many people, from businesses to bloggers, are being affected because people can’t access their websites.”
Tomi Engdahl says:
Cybercrooks breed SELF-CLONING MUTANT that STEALS your BANK DETAILS
Fresh Cridex variant plays merry hell via email
http://www.theregister.co.uk/2014/07/02/cridex_trojan_email_worm_hybrid/
Cybercrooks have put together a botnet client which bundles in worm-like functionality that gives it the potential to spread quickly.
Seculert warns that the latest version of the Cridex (AKA Geodo) information stealing Trojan includes a self-spreading infection method.
Infected PCs in the botnet download a secondary strain of malware – an email worm – from the botnet’s command and control servers. That worm pushes out an email with links to download a zip file containing the primary Cridex Trojan.
Seculert discovered that the the email worm is provided with approximately 50,000 stolen SMTP account credentials, including the related SMTP servers.
The Cridex banking Trojan has been around for at least two years.
Tomi Engdahl says:
Seven ISPs Take Legal Action Against GCHQ
http://news.slashdot.org/story/14/07/02/1220240/seven-isps-take-legal-action-against-gchq
ISPs from the U.S., UK, Netherlands, and South Korea have joined forces with campaigners Privacy International to take GCHQ to task over alleged attacks on network infrastructure.
Tomi Engdahl says:
NSA, GCHQ spies have hurt us more than they know – cloud biz
Security is ‘major concern’, say half of potential customers
http://www.channelregister.co.uk/2014/07/02/cloud_industry_survey_2014_gov_spying_harming_takeup/
The PRISM revelations – a real shocker for anyone that didn’t already realise governments monitor their own and other countries’ citizens – have undermined business confidence in moving to the cloud.
This is according to the Cloud Industry Forum, which conducted an annual survey of 250 private and public sector organisations and noted a reverse in patterns seen in recent years.
More than half of those questioned (52 per cent) voiced security as a major concern when asked about moving data to the cloud, up from 37 per cent a year ago.
“In the previous two surveys, people [in the UK] were less sensitive about moving to the cloud,”
Some 59 per cent said security was higher up the agenda in light of Snowden, but only 32 per cent of those had actually changed the way they secure data in the cloud, the majority of which were operating in the public sector.
Tomi Engdahl says:
Austrian Tor Exit Node Operator Found Guilty As An Accomplice Because Someone Used His Node To Commit A crime
https://www.techdirt.com/articles/20140701/18013327753/tor-nodes-declared-illegal-austria.shtml
Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by… effectively now making it illegal to run a Tor exit node. According to the report, which was confirmed by the accused, the court found that running the node violated §12 of the Austrian penal code, which effectively says:
Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.
In other words, it’s a form of accomplice liability for criminality.
Tomi Engdahl says:
Running Cisco Unified Comms? Four words you don’t want to hear: ‘Backdoor SSH root key’
Hardwired login and other vulns in Domain Manager
http://www.theregister.co.uk/2014/07/02/cisco_you_cant_just_leave_your_ssh_keys_lying_around/
Cisco has warned Unified Communications installations can be remotely hijacked thanks to a hardwired SSH login key.
In an advisory, the networking giant said unauthenticated attackers can log into its Unified Communications Domain Manager (Unified CDM) software as a root-level user by exploiting a default SSH key meant for Cisco support reps. The key is embedded in the software, and can be extracted by reverse engineering the Unified CDM’s binary.
“An exploit could allow the attacker to gain access to the system with the privileges of the root user.”
The vulnerability is said to be present in all versions of Cisco Unified CDM prior to version 4.4.2.
“Having the same key on all systems is mistake number one, but wouldn’t be fatal if the secret key would have been tugged away in Cisco’s special safe deposit box,”
make sure their Unified CDM software is updated
flaw can be mitigated by filtering SSH access
Tomi Engdahl says:
Thanks To “Right To Be Forgotten,” Google Now Censors The Press In The EU
http://marketingland.com/eu-right-to-be-forgotten-censorship-89783
The EU’s Right To Be Forgotten removals have been happening for about a week on Google, and now news publications are discovering the fallout. For some searches, you can’t find their news stories relating to certain people.
In particular, both the BBC and the Guardian have shared examples of content that’s now been “forgotten” in Google.
Tomi Engdahl says:
Thieves in Brazil use malware to hijack online payments, steal billions in aggregate
Brazilian ‘Boleto’ Bandits Bilk Billions
http://krebsonsecurity.com/2014/07/brazilian-boleto-bandits-bilk-billions/
With the eyes of the world trained on Brazil for the 2014 FIFA World Cup, it seems a fitting time to spotlight a growing form of computer fraud that’s giving Brazilian banks and consumers a run for their money. Today’s post looks at new research into a mostly small-time cybercrime practice that in the aggregate appears to have netted thieves the equivalent of billions of dollars over the past two years.
Tomi Engdahl says:
Internet filters blocking one in five most-popular websites
http://www.theguardian.com/technology/2014/jul/02/internet-filters-blocking-popular-websites-guido-jezebel
Jezebel and Guido Fawkes sites among those blocked by at least one mobile or fixed line service provider in UK, campaigners say
Tomi Engdahl says:
Coinbase Announces High-Security ‘Vault’ Bitcoin Accounts
http://www.coindesk.com/coinbase-announces-high-security-vault-bitcoin-accounts/
Coinbase is launching a new account that offers additional security features for storing large amounts of bitcoin.
Called ‘Vault’, the new account was designed in response to demand for a more secure type of wallet from Coinbase’s growing customer base of institutions and wealthy individuals, according to company CEO Brian Armstrong
Vault accounts include security features that are common among enterprise bank accounts, such as requiring multiple approvals for a withdrawal.
They also include other extras, like a time-delay feature on withdrawals, which will push a withdrawal back by 48 hours while Coinbase uses a variety of communication channels to contact the account holder to verify the action.
Tomi Engdahl says:
Internet and email providers step up to join legal complaint against UK spy agency
http://www.theverge.com/2014/7/2/5865529/internet-and-email-providers-step-up-to-join-legal-complaint-against-gchq
Privacy International has filed its third legal action in the wake of the Snowden revelations. Today the UK nonprofit filed a joint complaint along with six independent internet and communications service providers around the world, accusing the UK government of violating the Computer Misuse Act 1990 and the European Convention on Human Rights.
Last year, documents released by The Intercept and Der Spiegel showed that GCHQ hacked employees of the Belgian telecom Belgacom and, in cooperation with the US National Security Agency, targeted internet exchange points operated by three private companies.
This complaint is unusual in that Privacy International was able to get private internet companies to cosign it. Most internet service providers in the US have not opposed government surveillance
Tomi Engdahl says:
Have you sought information about the Tor network?
You are most likely the NSA’s list of “to extremists”
NSA’s point of view, all of the Tor network used by extremists in qualifying. This was revealed by German media obtained a hold of the NSA’s use of XKeyscore software source code.
The German channel NDR and WDR studies concluded that the NSA’s list of extremist material ends up in a regular search engine, searching for information, for example Tails software. After this, the NSA to begin monitoring the user’s activities online.
Source: http://www.tivi.fi/kaikki_uutiset/oletko+hakenut+tietoa+torverkosta+olet+todennakoisesti+nsan+listalla+quotaariaineksenaquot/a996543
Tomi Engdahl says:
Secluded HijackRAT: Monster mobile malware multitool from HELL
Probably has feature for getting banking details out of horses’ hooves
http://www.theregister.co.uk/2014/07/03/android_nasty_packs_multiple_tricks/
Cybercrooks have brewed up a malicious Android app that bundles a raft of banking fraud tricks into a single strain of mobile malware.
The Secluded HijackRAT is banking trojan that packs together new and previously unseen tricks, according to net security firm FireEye. The mobile nasty combines private data theft, banking credential theft, spoofing and remote access into a single malicious app. Android malware to date typically has only had one of these capabilities built-in.
Under the control of hackers, the app steals SMSes and contact lists and can send SMSes. It can initiate malicious app updates and scan for banking apps installed on the phone and replace them with fake utilities. The malware also attempts to disable any mobile security software that might be installed on a compromised device.
Tomi Engdahl says:
HOLD THE FRONT PAGE: US govt backs mass spying by US govt
Sucks to be you, Johnny Foreigner. But think of all the terrorism Uncle Sam’s tackling
http://www.theregister.co.uk/2014/07/03/us_government_says_spying_by_us_government_is_ok/
The US government’s Privacy and Civil Liberty Oversight Board (PCLOB) has dealt a blow to opponents of the NSA’s surveillance programs in a new report that reaffirms the controversial Section 702 program.
The PCLOB said in its official review of the program that 702 represented a “considerable value” to the government despite some concerns about the scope with which the program has been collecting information on US citizens.
Tomi Engdahl says:
NSA man says agency can track you through POWER LINES
Boffins throw cold water on electric eavesdropping claims raised in German media
http://www.theregister.co.uk/2014/07/03/tinfoil_hatters_spook_says_nsa_can_track_whistleblowers_through_power_lines/
Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids.
Divining information from electrified wires is a known technique: Network Frequency Analysis (ENF) is used to prove video and audio streams have not been tampered with.
The technique works by analysing the nearly inaudible 50 Hertz energy hum generated by power grids which is inadvertently captured by most audio recording devices. Investigators could strip away layers of audio until the bare hum remains. That hum can then be scrutinised for unnatural variations.
Technology to conduct ENF is not exotic. Bandpass filters can detect variations in the 50Hz hum which would detect dips and rises as small as 0.001 Hz over 10 seconds.
That it is possible to geolocate variations in grid hum, which Heute.de reports the NSA and CIA can do, is more novel.
But experts are dubious the reports are correct.
“Let me start by saying that in principle it could well be possible to use ENF to determine the location a recording was made as well as the time it was made,”
“Firstly,” Harrison said, “the NSA would need to know over what geographic area the specific type of variation occurred”.
The second problem was the need to log ENF values and the secret signal sauce that allowed location to be determined. “This could mean hundreds or thousands of logging devices in a country if you want to be able to locate a recording accurately,”
A third problem relates to the hit and miss process of extracting the relevant data from captured recordings.
If the NSA did have the technology, it was bad news for whistleblowers.
Tomi Engdahl says:
AVG: We need laws to stop biz from tracking our kids
CTO of antivirus firm calls for new laws on children’s privacy
http://www.theregister.co.uk/2014/07/03/avg_data_about_children/
The antivirus giant AVG will today call for legislative action to prevent data-grabbers from spying on children.
Yuval Ben-Itzhak, the antivirus firm’s chief technical officer, will speak at the Child Internet Safety Summit to call for limits on data-gathering on children’s devices.
AVG is well known for its antivirus software, but has recently ventured into the privacy-protection game with a product called PrivacyFix.
“Businesses can not just simply track and share my children’s data by default. You need my consent to do that,”
“It’s time to tell vendors where the line lies. If there are not any law, they are just going to [keep gathering data on minors]. We need to tell lawmakers and influencers that there could be a problem.”
AVG wants to see limits on what data can be gathered about children and an end to the policy vacuum around the internet of stuff. Currently, there are few limits on what data can be gathered from smart devices or apps aimed at children.
“Privacy is not a black-and-white issue like malware or security. It’s grey in the middle, which is why there is legislation needed.”
Tomi Engdahl says:
Oh SNAP! Old-school ’80s Unix hack to smack OSX, iOS, Red Hat?
REAL damage to *nix systems, tools … via SIMPLE wildcard poison tricks, claims researcher
http://www.theregister.co.uk/2014/07/03/unix_wildcard_vuln_lets_hackers_modify_shell_scripts/
Unix-based systems, as used worldwide by sysadmins and cloud providers alike, could be hijacked by hackers abusing a hard-coded vuln that allows them to inject arbitrary commands into shell scripts executed by high-privilege users.
A class of vulnerabilities involving so-called wildcards allows a user to affect shell commands issued by other users through filename manipulation. If the other user is a privileged user, such as root, then the tactic could be used to run elevation of privilege-style attacks.
The old-school hacking technique, uncovered by security researchers at DefenseCode, uses specially crafted filenames featuring wildcards to inject arbitrary arguments to shell commands run by other users.
The bug potentially affects Android, iOS, OS X and all the embedded solutions running on Linux. Oracle, RedHat and other commercial Linux based systems might also be at risk.
“Many of these operating systems have different shell utilities and tools accepting even more command line options,”
Tomi Engdahl says:
The data’s physical location no longer matters
Previously, it was thought that the physical location of the data and control information security ensured. According to Gartner, this line of thinking is no longer valid in “after Snowden period”.
The physical location of the data will not be soon no longer relevant..
Instead of the physical location relevancy increases in the legal position, the political position and the logical location. This change will take place by 2020.
According to Gartner, IT professionals are not familiar with the concept of the legal position. It refers to the legal organization, which controls the data. Political position has grown in importance in recent times a lot. Edward Snowden’s revelations after a major security and privacy question was how organizations deliver data to the authorities. This applies particularly to the American authorities, but also in other countries.
Source: http://etn.fi/index.php?option=com_content&view=article&id=1555:datan-fyysinen-sijainti-ei-enaa-ratkaise&catid=13&Itemid=101
Tomi Engdahl says:
What is Robust? What is Secure? Can We Have Both?
http://rtcmagazine.com/articles/view/103651
We are constantly concerned with security. It has become an entire sub-industry throughout the enterprise, the personal Internet and the embedded spheres. We see security strategies being implemented at the device/hardware level, among platforms with intrusion and detection strategies, with encryption/decryption approaches, and all manner of different efforts. And at the same time hackers ranging from nerdy teenagers in their bedrooms to buildings full of PhD computer scientists in government-funded cyber warfare centers of nations around the world, are working on breaching those efforts. The battle over security is a never-ending struggle, which means you can never really be sure of security.
And we also occasionally—and I believe this is the exception rather than the rule—hear about spectacular breaches such as the recent theft of vast amounts of credit card data from Target. More recently we were alerted to the Heartbleed security bug in OpenSSL
Can this rather discouraging situation be improved by also making robustness as big a concern as what we normally understand as security? What is robustness? Normally we think of it as akin to ruggedness—the ability to maintain operation in the face of harsh conditions, and the ability to sustain a certain amount of damage or compromise yet still maintain operation. Robust security would mean the ability to sustain some successful breaches while maintaining critical security and continuing operation. Robustness linked with security would mean not only different levels but also implementing strategic architectures that can detect and isolate breaches and restructure systems to protect vital functions and data. Admittedly, that is a tall order.
We enthusiastically tout the growth of the Internet of Things as heading for some 50 billion connected devices. Can anyone assure us that there are not paths from some seemingly innocuous network, such as a building management system, which might lead to a very vital system, such as the power grid, by means of some neglected links? Since everything is ultimately connected to the power grid, this means that there are millions of possible paths and that implementing security of the grid itself at all possible access points is utterly imperative. And then levels of security within the grid are needed to implement its own internal robustness.
The Catch-22 here is that we need the intelligence to make a 100-year-old technology more efficient and able to handle new sources of renewable energy.
Tomi Engdahl says:
Google reverses decision to delete British newspaper links
http://www.reuters.com/article/2014/07/03/us-google-searches-idUSKBN0F82L920140703
(Reuters) – Google Inc GOOGL.O GOOG.O on Thursday reversed its decision to remove several links to stories in Britain’s Guardian newspaper, underscoring the difficulty the search engine is having implementing Europe’s “right to be forgotten” ruling.
The Guardian protested the removal of its stories
The incidents underscore the uncertainty around how Google intends to adhere to a May European court ruling that gave its citizens the “right to be forgotten:” to request the scrubbing of links to articles that pop up under a name search.
Privacy advocates say the backlash around press censorship highlight the potential dangers of the ruling and its unwieldiness in practice.
Their current approach appears to be an overly broad interpretation,” a spokeswoman for the Guardian said.
Google, which controls more than 90 percent of European online searches, said it was a learning process.
Tomi Engdahl says:
PANDA chomps through Spotify’s DRM
Tough slog to free ogg
http://www.theregister.co.uk/2014/07/04/spotify_drm_broken/
Music can be ripped from Spotify using a tool that cracks digital rights management copyright protection, a Georgia Tech University researcher says.
Code dubbed Platform for Architecture-Neutral Dynamic Analysis – aka PANDA – posted to GitHub does the job, says researcher Brendan Doln-Gavitt.
“[The technique] by itself is just the starting point for what you would need to really break Spotify’s DRM,”
Tomi Engdahl says:
EPIC FACEBOOK FAIL: FTC complaint filed about creepy research
Study to manipulate emotions ‘failed to follow standard ethical protocols’ say privacy warriors
http://www.theregister.co.uk/2014/07/03/ftc_asked_to_investigate_facebooks_creepy_moodaltering_project/
The Electronic Privacy Information Center (EPIC) has filed an official complaint with the US Federal Trade Commission (FTC) over a research project that manipulated news feeds to mess with the emotions of its users.
“Facebook altered the News Feeds of Facebook users to elicit positive and negative emotional responses,” the complaint claims. “Facebook conducted the psychological experiment with researchers at Cornell University and the University of California, San Francisco, who failed to follow standard ethical protocols for human subject research.”
Tomi Engdahl says:
Investigation of leaked source code reveals NSA tracks users of Tor website, calls visitors to Tails and Linux Journal sites “extremists”
NSA Targets the Privacy-Conscious for Surveillance
https://www.schneier.com/blog/archives/2014/07/nsa_targets_pri.html
Jake Appelbaum et. al, are reporting on XKEYSCORE selection rules that target users — and people who just visit the websites of — Tor, Tails, and other sites. This isn’t just metadata; this is “full take” content that’s stored forever.
NSA targets the privacy-conscious
http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html
Tomi Engdahl says:
Is there Another NSA Leaker?
http://www.securitycurrent.com/en/writers/richard-stiennon/is-there-another-nsa-leaker
This morning a partial analysis of the NSA’s XKEYSCORE code was published in Germany. Jacob Applebaum, an evangelist for the The Onion Project (TOR), was one of the authors.
The report details specific rules written for one of the NSA’s data collection tools, XKEYSCORE, which collects the IP addresses of TOR bridges, and users of the TOR network.
Schneier posted on his site:
“And, since Cory said it, I do not believe that this came from the Snowden documents. I also don’t believe the TAO catalog came from the Snowden documents. I think there’s a second leaker out there.”
Tomi Engdahl says:
Your Android phone is a SNITCH: Wi-Fi bug makes you easy to track
Even asleep, your mobe could be blabbing your every move
http://www.theregister.co.uk/2014/07/03/eff_android_wifi_tracking_bug/
Your mobile device could be compromising your privacy by broadcasting your location history over the air, even when it is in sleep mode, according to new research by the Electronic Frontier Foundation.
Of particular concern are newer Android gadgets, specifically those running Android 3.1 “Honeycomb” or later. That version of the Google OS introduced a feature called Preferred Network Offload (PNO), which has a habit of broadcasting the names of the last 15 Wi-Fi networks a device has joined, even when the screen is off.
The idea is to conserve battery by allowing a phone to connect to known Wi-Fi networks even while in sleep mode, since Wi-Fi uses less power than the mobile data radio. The problem, the EFF says, is that your wireless network history can give a worryingly accurate and thorough picture of your movements.
“This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you’ve spent enough time to use the Wi-Fi,”
Tomi Engdahl says:
Windows users: You get a patch! And you get a patch! And you get a patch! Everybody gets…
But not you, Windows XP. No Patch Tuesday for you
http://www.theregister.co.uk/2014/07/03/patch_tuesday_coming_up_and_servers_are_getting_a_bumper_dose/
Microsoft has issued its usual warning to admins ahead of this month’s Patch Tuesday – and servers are getting some serious fixes.
Tomi Engdahl says:
Use Tor or ‘EXTREMIST’ Tails Linux? Congrats, you’re on an NSA list
Penguinista mag readers, privacy-conscious netizens and more targeted, claims report
http://www.theregister.co.uk/2014/07/03/nsa_xkeyscore_stasi_scandal/
Alleged leaked documents about the NSA’s XKeyscore snooping software appear to show the paranoid agency is targeting Tor and Tails users, Linux Journal readers – and anyone else interested in online privacy.
We already know from leaked Snowden documents that Western intelligence agents hate Tor for its anonymizing abilities.
not only is the NSA targeting the anonymizing network Tor specifically, it is also taking digital fingerprints of any netizens who are remotely interested in privacy.
These include readers of the Linux Journal site, anyone visiting the website for the Tor-powered Linux operating system Tails
Tomi Engdahl says:
The EU’s “right to be forgotten” is a bad idea, and Google is handling it exactly the right way
http://gigaom.com/2014/07/03/the-eus-right-to-be-forgotten-is-a-bad-idea-and-google-is-handling-it-exactly-the-right-way/
Google is telling British media companies that it has removed articles from its index as a result of an EU decision on “the right to be forgotten.” Critics say the company is deliberately over-reacting, but it is just doing what it can to call attention to a bad law.
Tomi Engdahl says:
Goldman says Google has blocked email with leaked client data
http://www.reuters.com/article/2014/07/03/us-google-goldman-leak-idUSKBN0F729I20140703
(Reuters) – Goldman Sachs Group Inc (GS.N) on Wednesday said Google Inc (GOOGL.O) has blocked access to an email containing confidential client data that a contractor sent to a stranger’s Gmail account by mistake, an error that the bank said threatened a “needless and massive” breach of privacy. The breach occurred on June 23 and included “highly confidential brokerage account information,” Goldman said in a complaint filed on Friday in a New York state court in Manhattan.
It has been seeking a court order compelling Google to delete the email
“Google complied with our request that it block access to the email,” Goldman spokeswoman Andrea Raphael said. “It has also notified us that the email account had not been accessed from the time the email was sent to the time Google blocked access. No client information has been breached.”
Tomi Engdahl says:
NSA: Linux Journal is an “extremist forum” and its readers get flagged for extra surveillance
http://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance
Tomi Engdahl says:
Ask Slashdot: Hosting Services That Don’t Overreact To DMCA Requests?
http://ask.slashdot.org/story/14/07/03/169230/ask-slashdot-hosting-services-that-dont-overreact-to-dmca-requests
I run a few websites which are occasionally the target of bogus DMCA takedown requests. Even a cursory look at these requests would reveal that the content these requests try to have removed are not even eligible for copyright
Comment:
You don’t get to pick and choose on a spectrum of “obeying the law.” The DMCA is so poorly written that even a little hesitation or restraint causes a business to lose its liability protection under the “red flag” tests.
Tomi Engdahl says:
Austrian Tor Exit Node Operator Found Guilty As an Accomplice – effectively now making it illegal to run a Tor exit node
Austrian Tor Exit Node Operator Found Guilty As An Accomplice Because Someone Used His Node To Commit A crime
from the bad,-bad-news dept
https://www.techdirt.com/articles/20140701/18013327753/tor-nodes-declared-illegal-austria.shtml
It’s pretty standard to name criminal accomplices liable for “aiding and abetting” the activities of others, but it’s a massive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that “contributes to the completion” of a crime.
Tragically, this comes out the same day that the EFF is promoting why everyone should use Tor. While it accurately notes that no one in the US has been prosecuted for running Tor, it may want to make a note about Austria.
Tomi Engdahl says:
What do we want? CAT VIDEOS! How do we get them? TOR!
Anonymity outfit responds to NSA targeting allegations
http://www.theregister.co.uk/2014/07/04/what_do_we_want_cat_videos_how_do_we_get_them_tor/
The Onion Router project has fired back at the National Security Agency, after it emerged that those who use the network – and read Linux magazines – are considered worthy of surveillance.
Tor’s blogged riposte points out that “Just learning that somebody visited the Tor or Tails website doesn’t tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her location.”
Tomi Engdahl says:
On being targeted by the NSA
https://blog.torproject.org/blog/being-targeted-nsa
We’ve been thinking of state surveillance for years because of our work
in places where journalists are threatened. Tor’s anonymity is based on
distributed trust
Trying to make a list of Tor’s millions of daily users certainly counts
as widescale collection. Their attack on the bridge address distribution
service shows their “collect all the things” mentality
Tomi Engdahl says:
Google removing BBC link was ‘not a good judgement’
http://www.bbc.com/news/technology-28144406
Google’s decision to remove a BBC article from some of its search results was “not a good judgement”, a European Commission spokesman has said.
A link to an article by Robert Peston was taken down under the European court’s “right to be forgotten” ruling.
“Google clearly has a strong interest in making sure that they’re able to work with whatever the legal requirements are, so they position themselves in a particular way over that,” he said.
“It doesn’t come cheap to deal with all of these requests, so they need to find some way to come up with dealing with them.”
“It may be that they’ve decided that it’s simply cheaper to just say yes to all of these requests.”
He added: “That’s going to spark its own debate, and rightly so.”
Google has insisted it will look at each request on merit.
Tomi Engdahl says:
Can the NSA Really Track You Through Power Lines?
http://yro.slashdot.org/story/14/07/03/2221229/can-the-nsa-really-track-you-through-power-lines
Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids. Divining information from electrified wires is a known technique: Network Frequency Analysis (ENF)
Comments:
While the article, you, and i’m sure more to come keep mentioning the need to “place senors” the reality is any Utility company worth it’s salt already has this data logged as part of normal operations through SCADA/DCS systems.
It would be far easier and less far fetched to believe that the NSA would have access to theses logs/DBs for what ever use they wanted. Especially with most major power generation sites being covered under FERC regulations and several of the regulation requirements for Reliability requires operators to track and monitor this exact data that the NSA would need.
Cities and states are already helping with the next gen of contractors via networked street lights.
Smart TVs are almost certainly involved and if they aren’t already, soon will be.
Gullible people seem quite happy to install TVs with inbuit cameras and microphones in their living rooms and connect them to the Internet. What could possibly go wrong?
HUGE problem with this theory.
Tomi Engdahl says:
‘Spy-proof’ IM launched: Aims to offer anonymity to whistleblowers
*reaction gif* I’m just getting all the secret files. BRB…
http://www.theregister.co.uk/2014/07/04/anonymous_im_for_whistleblowers/
Security experts have teamed up to created a stealthy internet messenger client designed especially for whistleblowers.
The invisible.im project promises an instant messenger that leaves no trace. The team behind the project include Metasploit Founder HD Moore and noted infosec and opsec experts The Grugq.
SecureDrop and StrongBox are a good approach for large media organisation such as the New York Times but “are complex and require secure supporting infrastructure”. invisible.im aims to plug this gap with technology an “instant message and file transfer client that leaves as small a metadata trail as possible”.
Tomi Engdahl says:
BlackBerry CEO disses Samsung security: You lot just ‘TALK the TALK’
John Chen joins the queue to knock KNOX
http://www.theregister.co.uk/2014/07/04/blackberry_ceo_chen_disses_samsung_knox/
John Chen, CEO of BlackBerry, has dissed Google’s decision to adopt Sammy’s KNOX security platform across the whole Android ecosystem.
In a blog post on the official BlackBerry website Chen is quoted saying:
While we applaud Google and Samsung for their plans, we don’t think it’s enough for security-minded enterprises.
A survey conducted for Microsoft found that the top two issues for corporate customers buying mobile phones are price and security. So it is no surprise that industry leaders are squabbling over who has the most secure OS.
The latest pop at KNOX from Chen comes on the heels of an earlier blog post where he said “KNOX tries to build a fortress upon an insecure foundation”,