Security trends for 2015

3,110 Comments

1. February 3, 2015 at 8:19 am

   Tomi Engdahl says:

   Symantec Video Series:
   The Case for Next-Gen Security and Data Centers
   http://www.zdnet.com/symantec/

   Reply
2. February 3, 2015 at 9:44 am

   Tomi Engdahl says:

   BMW Remote Unlock Wasn’t Using Secure HTTP
   http://hackaday.com/2015/02/01/bmw-remote-unlock-wasnt-using-secure-http/

   Ah, the old HTTP versus HTTPS. If you want to keep people out, that trailing ‘S’ should be the first thing you do, especially if you’re trying to keep people out of a luxury automobile. It turns out that BMW screwed up on that one.

   BMW has an infotainment feature called ConnectedDrive which builds your favorite apps and services right into the dashboard. You can even unlock the vehicle using this system which is built around a piece of hardware that includes a GSM modem and permanent SIM card. A security research group recently discovered that the commands sent for this system were being pushed over HTTP, the unencrypted sibling of HTTPS.

   The firm, hired by German automobile club ADAC, disclosed the vulnerability and an over-the-air upgrade has already been pushed to patch the flaw. The patch is described to have “turned on” the HTTPS which makes us think that it was always meant to be used and just configured incorrectly in the roll-out.

   Reply
3. February 3, 2015 at 10:11 am

   Tomi Engdahl says:

   Jihadists Increasingly Wary of Internet, Experts Say
   http://www.securityweek.com/jihadists-increasingly-wary-internet-experts-say

   Paris – After having used the Internet profusely for propaganda and recruitment, jihadist organizations have realized that investigators are gleaning crucial information online and are increasingly concealing their web presence, experts say.

   Reply
4. February 3, 2015 at 10:15 am

   Tomi Engdahl says:

   How to Tap the Hardware Random Number Generator in Your Load Balancer
   http://www.securityweek.com/how-tap-hardware-random-number-generator-your-load-balancer

   Cryptography needs entropy the most because cryptographic keys are supposed to be generated from random data, both for static keys such as SSL or SSH keys, and also for ephemeral session keys. Whereas humans generate keys via supposedly random-looking data called “passwords,” computers are supposed to use blocks of completely random data—except they can’t find any. So they fabricate entropy where it doesn’t exist.

   The problem is, making up random data is a bad, bad idea. If the initial seed values can be guessed (often they are easy things such as a process ID or timestamp), then the rest of the stream can be determined.

   “Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.” — John Von Neumann (1951)

   This fabrication of entropy goes on all the time.

   The most popular computer of all time, the iPhone, has not escaped the problem of the lack of entropy.

   Server-side software may be even more susceptible to this problem as more servers become fully virtualized and therefore even farther removed from their own hardware.

   Nadia Heninger and her colleagues wrote a disturbing paper, Mining your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, in 2009. They found that between 1 and 2 percent of all SSL keys on the Internet are factorable (and therefore recoverable), largely due to bad entropy. In 2008, a screw-up in the RNG of one of the Debian distributions resulted in only 15 bits of entropy in their keys. This key generation weakness went unnoticed for years.

   The problem is going to keep happening. According to security luminary Dan Kaminsky, there has been no progress in RNG technology for 25 years.

   Few people realize that a source of real randomness already exists inside nearly every data center. It’s in the load balancer. Years ago, market forces encouraged architectures in which load balancers, in addition to managing traffic load, also terminated the SSL protocol on behalf of the application servers. To compensate for this extra computational load, load balancers started including special chips that performed the cryptographic offload necessary to handle massive amounts of SSL. These chips require lots of randomness, so they produce it from quantum mechanics subsystems. The chipsets are typically Cavium’s Octeon chipset or Intel’s Ivy Bridge. Intel engineers had to build a new type of RNG to meet low-power requirements and, as a result, came up with a nifty all-digital quantum RNG.

   Hardware-based load balancers exist in nearly every data center built after 2000.

   A load balancer can be quickly configured to export a virtual server on the internal network that simply returns, say, one kilobyte of random data to any device that asks for it (a virtualized LAMP server, for example).

   Tapping an already available hardware RNG at the load balancer can solve the problem for devices in the data center, but what about for devices in outside the perimeter?

   There are actually several systems that already deliver streams of random data over the Internet. The most prominent is random.org, which purports to get its entropy from atmospheric scatter.

   Reply
5. February 3, 2015 at 11:39 am

   Tomi Engdahl says:

   DARPA: We KNOW WHO YOU ARE… by the WAY you MOVE your MOUSE
   US crazytech unit backs behaviour biometrics study
   http://www.theregister.co.uk/2015/02/03/behaviour_based_biometrics_darpa_us_army/

   The US’s mad-tech military boffin unit is developing a form of biometric measurement based on how user handles a mouse.

   Behaviour-based biometrics, for example how a computer user handles their mouse or crafts an email, would add to the existing repertoire of authentication techniques. Existing authentication techniques include something you know (such as a password or PIN), something you have (such as a number from an RSA token key-fob) and conventional biometrics (such as your fingerprints).

   The program describes behaviour-based recognition technology as a “cognitive fingerprint” that would replace outdated passwords.

   The current standard method for validating a user’s identity for authentication on an information system requires humans to do something that is inherently unnatural: create, remember, and manage long, complex passwords.

   Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.

   The biometrics program is ultimately geared towards creating next-generation biometrics that can be baked into standard US Department of Defence computer hardware.

   Reply
6. February 3, 2015 at 5:52 pm

   Tomi Engdahl says:

   New Adware Found In Google Play Apps With Millions Of Downloads
   http://techcrunch.com/2015/02/03/new-adware-found-in-google-play-apps-with-millions-of-downloads/

   A new report from security firm Avast out this morning reveals the discovery of a new form of malware on the Google Play store, which begins to display advertisements disguised as warning messages to end users when they unlock their Android smartphone. What’s interesting about this malware – or adware, as it’s better known – is that some of the applications where it was discovered already have a large number of installs. For instance, a card game app called Durak has 5 to 10 million installs according to the data on Google Play.

   However, when further examined, he realized that the apps where the malware was found actually have a fairly large target audience. The apps are available in the English-speaking countries and in other language versions as well, and have been downloaded by millions of users, assuming Google Play’s own data on app installs is accurate.

   In addition to the card game, other apps including an IQ test and a history app were also found to be infected.

   The apps are fairly clever about how they display the advertisements, too. Instead of beginning to show ads immediately after installation, they wait for several days. In some cases, the ads didn’t appear until after the app had been on the phone for a month.

   Apps on Google Play Pose As Games and Infect Millions of Users with Adware
   https://blog.avast.com/2015/02/03/apps-on-google-play-pose-as-games-and-infect-millions-of-users-with-adware/

   Reply
7. February 3, 2015 at 6:01 pm

   Tomi Engdahl says:

   New York Times:
   FireEye report details cyberattacks used by pro-Assad hackers in the Syrian civil war

   Hackers Use Old Lure on Web to Help Syrian Government
   http://www.nytimes.com/2015/02/02/world/middleeast/hackers-use-old-web-lure-to-aid-assad.html?_r=0

   What the fighter did not know was that buried in the code of the second photo was a particularly potent piece of malware that copied files from his computer, including tactical battle plans and troves of information about him, his friends and fellow fighters. The woman was not a friendly chat partner, but a pro-Assad hacker — the photos all appear to have been plucked from the web.

   In this case, the fighter had fallen for the oldest scam on the Internet, one that helped Mr. Assad’s allies.

   Chatting With Hackers

   To gain access to information on the devices of Syrian opposition members, hackers posed as women on Skype, identified the types of devices the targets were using and sent photos laden with malware. Below are excerpts from a chat between a target and a nonexistent woman, “Iman.”

   The Syrian conflict has been marked by a very active, if only sporadically visible, cyberbattle that has engulfed all sides, one that is less dramatic than the barrel bombs, snipers and chemical weapons — but perhaps just as effective. The United States had deeply penetrated the web and phone systems in Syria a year before the Arab Spring uprisings spread throughout the country. And once it began, Mr. Assad’s digital warriors have been out in force, looking for any advantage that could keep him in power.

   The report says the pro-Assad hackers stole large caches of critical documents revealing the Syrian opposition’s strategy, tactical battle plans, supply requirements and data about the forces themselves — which could be used to track them down.

   “You’ve got a conflict with a lot of young, male fighters who keep their contacts and their operations on phones in their back pockets,”

   “And it’s clear Assad’s forces have the capability to drain all that out.”
   Continue reading the main story

   Mr. Assad was also the victim of cyberattacks, but of a far more advanced nature.

   A National Security Agency document dated June 2010, written by the agency’s chief of “Access and Target Development,” describes how the shipment of “computer network devices (servers, routers, etc.) being delivered to our targets throughout the world are intercepted” by the agency.

   And that is a new development. The theft of the rebel battle plans stands in contrast to the cybervandalism carried out in recent years by the Syrian Electronic Army, which American intelligence officials suspect is actually Iranian, and has conducted strikes against targets in the United States, including the website of The New York Times. But mostly these have been denial-of-service attacks, which are annoying but not potential game-changers on the battlefield.

   “It’s the democratization of intelligence,” said Laura Galante, a former Defense Intelligence Agency analyst who now works for FireEye and oversaw the Syria work. “We in the private sector can see some of this, and adversaries can steal it in a wholesale way and understand the full picture of an operation.”

   Reply
8. February 4, 2015 at 7:44 am

   Tomi Engdahl says:

   Tim Cushing / Techdirt:
   FBI added Anonymous hacker Jeremy Hammond to a terrorist watchlist several months before the Stratfor hack and his arrest
   https://www.techdirt.com/articles/20150203/09440829894/fbi-added-lulzec-hactivist-jeremy-hammond-to-terrorist-watchlist-year-before-he-was-arrested.shtml

   Jeremy Hammond — a member of various Anonymous offshoots — had the misfortune of being prosecuted in the United States. While his UK accomplices in the Stratfor hack were sentenced to 1-3 years, Hammond received a 10-year sentence (along with three years of supervised release) for his participation. The length of Hammond’s sentence was mainly due to the CFAA (Computer Fraud and Abuse Act) being a horribly-written law (and there’s a possibility it will get much worse in the future), and the FBI’s willingness to toss the hacktivist under the bus for the sins of Anonymous, while glossing over the fact that it was an FBI informant (Hector Monsegur, aka Sabu) who handed out hacking targets to Hammond.

   Hammond’s lengthy prison sentence may also have to do with other bad laws written by legislators who didn’t have a full understanding of the issues they were attempting to address

   Reply
9. February 4, 2015 at 7:51 am

   Tomi Engdahl says:

   VMware bolstering mobile device management tools with Immidio buy
   http://www.zdnet.com/article/vmware-bolstering-mobile-device-management-tools-with-immidio-buy/

   Summary:Founded in 2008, Amsterdam-based Immidio touts its BYOD approach as one that considers and values end user and IT needs equally.

   Reply
10. February 4, 2015 at 7:54 am

    Tomi Engdahl says:

    Bitcoin Mining Company KnCMiner Gets $15 Million Amid Lawsuits
    http://blogs.wsj.com/venturecapital/2015/02/03/bitcoin-mining-company-kncminer-gets-15-million-amid-lawsuits/

    Venture capitalists continue investing in bitcoin mining company KnCMiner, despite several lawsuits filed against it by customers.

    “We believe in the long term attractiveness of the bitcoin ecosystem,”

    KnCMiner’s main business is to serve as a bitcoin miner, using its powerful machines gathered in a data center in the Arctic Circle to verify bitcoin transactions and to receive bitcoin as a reward.

    Mining is a crucial function in the bitcoin system and will be necessary regardless of how bitcoin ends up being used, Mr. Kotting said. The investment, he said, doesn’t depend on the particular application of bitcoin that takes off, for instance as a currency or as a layer on which other applications are built. Mining will still be necessary to verify each transaction. The investment is only “predicated on the market growing a lot.”

    Although KnCMiner is now largely mining bitcoin for itself, it had launched in June 2013 with a different business. It originally sold bitcoin mining equipment to customers

    Some customers, however, were unhappy with both the quality of the equipment and late delivery times. They requested refunds.

    Reply
11. February 4, 2015 at 8:43 am

    Tomi Engdahl says:

    Android containers for better mobile security?

    Alastair Stevenson / V3.co.uk:
    Samsung and Good Technology launch container and secure app ecosystem for Knox platform

    Samsung secures Android apps with Good for Knox upgrade
    http://www.v3.co.uk/v3-uk/news/2393459/samsung-secures-android-apps-with-good-for-knox-upgrade

    Samsung and Good Technology have launched a joint mobile security suite for enterprise Android users nearly a year after first announcing plans for the service.

    Good for Samsung Knox combines Good Technology’s app container security tool and enterprise app ecosystem with Samsung’s Knox mobile security and management platform.

    The integration was announced at Mobile World Congress 2014 and creates a ‘Good-Secured’ domain within Knox.

    The domain separates, protects and manages Good Technology’s apps as well as unspecified custom apps that have been checked by the Good Dynamics Secure Mobility Platform.

    The Knox platform is based on the US National Security Agency’s Security Enhanced Linux technology.

    It is designed to offer IT managers similar sandboxing powers to those on the BlackBerry Balance, creating separate encrypted work and personal areas on devices.

    Knox also offers certificate management, VPN+ and enterprise mobility management services, which Good Technology also supports.

    Samsung executive vice president Injong Rhee described the launch as a key step in the firm’s efforts to allay enterprise customers’ concerns about Android security.

    “Together, Samsung and Good are addressing the growing importance of mobility management for enterprises by delivering a secure mobile productivity solution for Android that will relieve organisations of past concerns with Android adoption,” he said.

    Reply
12. February 4, 2015 at 8:55 am

    Tomi Engdahl says:

    William Turvill / Press Gazette:
    UK magazine Press Gazette barred by London police from asking questions about use of RIPA against reporters under the FOI Act
    ‘Vexatious’, ‘annoying’ and ‘disruptive’ Press Gazette barred by Met from asking more RIPA questions
    http://www.pressgazette.co.uk/vexatious-annoying-and-disruptive-press-gazette-barred-met-asking-more-ripa-questions

    The Metropolitan Police has barred Press Gazette from requesting information about its use of the Regulation of Investigatory Powers Act to spy on journalists.

    Last night, the force rejected a Freedom of Information Act request on the grounds that it was the sixth question submitted since September.

    Explaining its decision to reject further FoI requests from Press Gazette, the Met said in an email that it has the right to refuse “vexatious requests… which are intended to be annoying or disruptive or which have a disproportionate impact on a public authority”.

    “The Information Commissioner recognises that dealing with unreasonable requests can place a strain on resources and get in the way of delivering mainstream services or answering legitimate requests. Furthermore, these requests can also damage the reputation of the legislation itself.”

    Reply
13. February 4, 2015 at 12:25 pm

    Tomi Engdahl says:

    Wide-Spread SSD Encryption is Inevitable
    http://www.eetimes.com/document.asp?doc_id=1325401&

    The recent Sony hack grabbed headlines in large part due to the political fallout, but it’s not the first corporate enterprise to suffer a high profile security breach and probably won’t be the last.

    Regardless, it’s yet another sign that additional layers of security may be needed as hackers find ways to break through network firewalls and pull out sensitive data, whether it’s Hollywood secrets from a movie studio, or customer data from retailers such as Home Depot or Target. And sometimes it’s not only outside threats that must be dealt with; those threats can come from within the firewall.

    While password-protected user profiles on the client OS have been standard for years, self-encrypting SSDs are starting to become more appealing as they allow for encryption at the hardware level, regardless of OS, and can be deployed in a variety of scenarios, including enterprise workstations or in a retail environment.

    In general, SSDs are becoming more common.

    A survey by the Storage Networking Industry Association presented at last year’s Storage Visions Conference found users lacked interest in built-in encryption features for SSDs, particularly in the mobile space. One of the chief concerns they had when adding features such as encryption to MCUs and SSDs is their effect on performance. Even though many SSDs being shipped today have data protection and encryption features built in, often those capabilities are not being switched on by OEMs, due to the misconception that encryption can reduce performance.

    Ritu Jyoti, chief product officer at Kaminario, said customers are actually requesting encryption as a feature for its all-flash array, but also voice concerns about its effect on performance. “They do ask the question.” Customers in the financial services sector in particular are looking for encryption on their enterprise SSDs, she said, driven by compliance demands, as well as standards outlined by the National Institute of Standards and Technology.

    George Crump, president and founder of research firm Storage Switzerland, recently blogged about Kaminario’s new all-flash array and addressed its new features, including encryption, which he wrote is critical for flash systems in particular because of the way controllers manage flash. “When NAND flash cell wears out the flash controller, as it should, it marks that cell as read-only. The problem is that erasing a flash cell requires that null data be written to it,” he wrote.

    Briefing Note: Kaminario Delivers Encryption, Poised for 2015 Growth
    http://storageswiss.com/2014/12/23/kaminario-delivers-encryption-poised-for-2015/

    Reply
14. February 4, 2015 at 12:43 pm

    Tomi Engdahl says:

    Fusion:
    Inside the prison system’s illicit cell phone trade, and prison officials’ battle to end it

    Inside the prison system’s illicit digital world
    http://fusion.net/story/41931/inside-the-prison-systems-illicit-digital-world/

    Given the importance of digital connectivity in today’s world, maybe it’s no surprise that cell phones have joined drugs and weapons as the contraband of choice in correctional institutions all over the country. The California Department of Corrections and Rehabilitation has seized more than 30,000 cell phones from state facilities since 2012. In 2013 alone, Florida’s corrections department confiscated 4,200 cell phones from the state’s prisons. Sometimes, contraband phones trickle into prisons one by one; other times, they arrive all at once.

    Jails and prisons are supposed to be technological dead zones. In all but the laxest minimum-security facilities, cell phones are banned for inmates, as are personal laptops, tablets, and other Internet-connected devices.

    In many prisons, the most up-to-date device approved for ordinary inmate use is the pay-phone.

    Under the surface, though, America’s correctional institutions are buzzing with illicit tech activity. Some inmates use contraband cell phones to send selfies and texts to loved ones. Others use Facebook and Twitter to complain about their living conditions, and organize collective actions with inmates at other prisons. Inmates’ desire for access to the bounty of the Internet – and correctional officers’ desire to keep those tools away from them – has created new tensions on both sides.

    “It’s a cat-and-mouse game,”

    “Inmates are so creative, and they’re smart,” Simas says. “It’s amazing what they can do with a bunch of time and ingenuity.”

    Once cell phones are inside prison walls, they serve as both communication lifelines and entertainment devices.

    The penalties for being caught using a phone in prison are severe. The Cell Phone Contraband Act of 2010 criminalized cell phone possession in federal prisons

    The latest front in the war on contraband cell phones involves so-called “managed access systems,” special base stations that intercept cellular calls before they’re sent to carrier towers. In prisons equipped with these systems, cell phones with white-listed numbers can operate normally, while voice, text, and data connections from contraband phones are blocked.

    Managed access systems can cost more than a million dollars apiece to install. But some prisons have found a way to lower the cost by partnering with outside vendors.

    dangers of contraband cell phones: they can be used to harass victims, intimidate witnesses, and orchestrate crimes. And it’s true that contraband phones have been used in criminal activity.

    But many inmates use cell phones in more innocuous ways – to amuse themselves and others, to keep up with the world, and communicate with spouses and family members without having to pay the often egregious fees charged by prison pay-phone providers.

    “For every one of those who is a problem, nine more just really want to connect with society,”

    In 2015, as technology forms the base layer of culture, communication, and education, is it cruel and unusual to cut prisoners off from the entire online universe? What’s the role of technology in rehabilitation?

    There are ways to open up parts of the Internet to incarcerated populations without throwing open the floodgates.

    In many ways, technology and prisons are antithetical. Technology is about expanding access and freeing information; prisons are about reining them in. But prisons have never been completely averse to technological change, nor should they be.

    Meanwhile, the Internet – the freest, most democratic informational pipeline ever created – will remain inaccessible to those who have been deemed unworthy of it.

    Reply
15. February 4, 2015 at 2:54 pm

    Tomi Engdahl says:

    Finland challenge the United States?

    In many species a small country can successfully challenge bigger. The right tactics, team work, as well as the realization have been so in ice hockey, in war and in the business world challenger trump cards, if any, could be used. Can Finland challenge the world’s economic and military power in conjunction with a hot issue in today’s security – cyber security? Let’s find out a ten-point comparison.

    The strategic importance of cyber security awareness and importance of Presidents of the speeches, the score tied.

    Resources do not solve everything, but they are needed.
    Although the allocation of resources relate to the Finnish economy, is a social economic investment in cyber security development in Finland remained at very low levels, in spite of the many speeches. -> USA wins

    The central part of the cyber society is clear and up to date legislation. Both the United States and Finland in terms of cyber laws lived for many years in a sort of “intermediate state” – both loose

    Trust and security go hand in hand, including cyber security. If there is no trust, there is no security, and vice versa.
    Confidence, however, point to Finland.

    Cyber ​​security is linked to the state digitalisation rate, ie how dependent (and thus vulnerable) society is the digital world activities.
    Digitality rate both in Finland and in the United States and globally estimated high, but the social ability to tolerate both mentally and physically different cyber enviroment disruptions to give a point to Finland

    Both countries are currently working hard to ensure that the country would be the world’s leading cyber-States.
    Finland has a long tradition in the overall safety of the coordination and practical application. This allows for a smaller country to Finland in better agility and a better awareness of each other’s players

    All activities, including cyber, needs leadership.
    White House cyber coordinator acts as a government “Cyber ​​Czar”. Point to the United States.

    Even the United States can not build a strong cyber his country at national level. International co-operation is needed.
    Relative to its size, Finland does not have to be ashamed of networking, although international cooperation networks must be able to create better. Scores for both.

    Cyber ​​security weakest – or the strongest – link is a man. Cyber ​​security is a must in today’s societies, basic hygiene and civics.
    The most serious cyber threats in the United States than in Finland is the people’s ignorance and lack of understanding. In my experience, I venture to say that the general level of know-how to act safely online, there is a higher, and the point of Finland.

    The wide-ranging expertise, encryption tools, cyber security strategic consensus in both countries in proportion to its size, world class. It is the exploitation of knowledge as well as cyber-business promotion strength. In Finland, excellence is relatively more, but the weakness is our know-how, including parity solutions, pushing the world. Risk-taking ability and marketing are the latest expertise in the international success of a barrier. Competence point of Finland, the business promotion point to the United States.

    Finland has all the prerequisites to be a world leader in cyber security. Comparison with the United States shows that the difficulties as opportunities are parallel to the two digitally networked and knowledge-based high-level country.

    Source: http://blogit.iltalehti.fi/jarno-limnell/2015/02/03/suomi-haastaa-yhdysvallat/?ref=tp

    Reply
16. February 4, 2015 at 3:06 pm

    Tomi Engdahl says:

    Michael Mimoso / Threatpost:
    Cisco report: 1,800 compromised domains serving Flash zero day exploit
    http://threatpost.com/1800-domains-overtaken-by-flash-zero-day/110835

    When the Blackhole exploit kit went away after the arrest of its alleged creator and maintainer Paunch, there were questions about which kit would rise up as its successor.

    It seems that the Angler exploit kit has ascended to the throne.

    Researchers at Cisco’s Talos group today published a report on the most recent Angler Flash zero day (CVE-2015-0311) discovered in the kit by French researcher Kafeine.

    Cisco’s Nick Biasini said 1,800 domains have been compromised by this exploit, and have been used by five IP addresses: 85.25.107.126, 207.182.149.14, 178.32.131.248, 178.32.131.185, and 85.25.107.127.

    “These domains are associated with the landing page and exploits,”

    “This is another example of how Angler Exploit Kit continues to differentiate itself. It changes and evolves on a constant basis producing new variation on the existing exploits as well as providing enough customization on the recent vulnerability (CVE-2015-0311) to effectively avoid reliable detection,” Biasini said. “If the first month of 2015 is any indication, the Angler Exploit Kit could have a big year.”

    - See more at: http://threatpost.com/1800-domains-overtaken-by-flash-zero-day/110835#sthash.WWpfNJ6b.dpuf

    Reply
17. February 4, 2015 at 3:08 pm

    Tomi Engdahl says:

    Jacob Kastrenakes / The Verge:
    California becomes first state to convict someone for operating a revenge porn website — A California jury has convicted the operator of a revenge porn website in what the state believes is the first conviction of its kind nationwide. The operator, Kevin Bollaert, was found guilty …
    http://www.theverge.com/2015/2/3/7971059/revenge-porn-conviction-kevin-bollaert-california

    Reply
18. February 4, 2015 at 3:49 pm

    Tomi Engdahl says:

    Encryption is online the new normal

    Pressures of all Internet traffic encryption to increase.
    This requires more than current best practices.

    The last couple of years, there is no need to be an ICT professional to find out that Internet data security is something wrong. News intrusions and data leaks are the headline stuff. This issue has been at state intelligence organizations, where criminals and when anonymous crackers.

    All levels of players have woken up to find that information security is to improve the internet every level.

    In November, the Internet architecture guiding the IAB (Internet Advisory Board) recommended network traffic encryption of all communication protocols for layers. In the same week WhatsApp messaging service announced to move away from end to end in an encrypted message traffic, where even the service itself is not able to read the user messages.

    Grassroots citizens’ electronic rights online driving Effi announced the next summer to distribute free certificates for web servers, administrators automated service (letsencrypt.org). The aim is to speed up the https practical diffusion to the hundreds of millions of web servers that act as yet without any form of encryption.

    The will is not enough for encryption

    But the mere awakening to the need of encryption is not enough. Cryptographic history of encryption breaking history. Accounting Capacities grow by Moore’s Law and the encryption of mathematics research to identify new weaknesses previously held strong algorithms. Encryption policies can be found also for the negligence or design project as the gaps. None of the encryption algorithm, method or product is actually not even meant to last forever.

    ICT professionals, however, behave as if this were the case. Old and unreliable removal of the identified cryptographic products does not field the way.

    Fair recently purchased through a WLAN access point settings menus. Many manufacturers of fresh 802.11n / ac base station is still one of the options available wep encryption, which can easily be cracked with proven already in 2001.

    By the year 2004 had already developed substitutes encryption procedures that became widespread quickly. Multiple security expert recommended still a long time to set the base stations on even wep, because “even that is better than nothing.” This day is considered safe anymore only WPA2 encryption, which can be found in at least all the 802.11n and 802.11ac access points.

    Why outdated encryption hanging in use for many years in their best-before date after? As early as the 2007 version of the 802.11 standards were defined using wep removal procedure which was only included for compatibility reasons.

    Source: http://summa.talentum.fi/article/tv/1-2015/124822

    Reply
19. February 4, 2015 at 4:02 pm

    Tomi Engdahl says:

    Did you think that AdBlock Plus will protect you from advertising?

    Google, Microsoft, Amazon and Taboola paid to prevent AdBlock Plus developer to block their ads.
    The agreement, the companies have access to the ads through the application of filters.

    Adblock behind the German EYEO more companies in the so-called “white list for” on the condition that the ads do not violate or interfere with the reading web pages.

    Taboolan with the agreement does not appeal to all, as the ad network has a questionable reputation.

    Source: http://www.tivi.fi/Kaikki_uutiset/2015-02-03/Luulitko-ett%C3%A4-AdBlock-Plus-suojelisi-sinua-mainoksilta-Kolme-j%C3%A4tti%C3%A4-ja-yksi-likainen-toimija-osti-p%C3%A4%C3%A4syn-verkkokalvoillesi-3215144.html

    Reply
20. February 4, 2015 at 5:06 pm

    Tomi Engdahl says:

    The Pirate Bay Is an FBI Honeypot: a Disconcertingly Plausible Conspiracy Theory
    http://motherboard.vice.com/read/the-pirate-bay-is-an-fbi-honeypot-a-disconcertingly-plausible-conspiracy-theory

    After months of false starts and constant hype about its prospective return, The Pirate Bay finally came back this weekend. But the response hasn’t been purely excitement from would-be pirates. Instead, it’s been suspicion: Is the FBI running The Pirate Bay as a means to crack down on piracy?

    The Pirate Bay truther movement doesn’t really have any hard facts or any suggestions as to who could actually be running the torrent site, but theorize that the FBI or other government agency (either in the US or Sweden) could have brought the site back online as a honeypot, or fake site meant to entrap criminals. In any case, something “feels off” to many Twitter users and some Reddit users.

    An Anonymous sect called The Anonymous Message has also tweeted that it’s “gotten reports that [TPB] has been seized indirectly by the FBI and is logging IPs.”

    Reply
21. February 5, 2015 at 9:36 am

    Tomi Engdahl says:

    Massive breach at health care company Anthem Inc.
    http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/

    SAN FRANCISCO – As many as 80 million customers of the nation’s second-largest health insurance company, Anthem Inc., have had their account information stolen, the company said in a statement.

    “Anthem was the target of a very sophisticated external cyber attack,”

    The hackers gained access to Anthem’s computer system and got information including names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail addresses and employment information, including income data, Swedish said.

    The affected database had records for approximately 80 million people in it, “but we are still investigating to determine how many were impacted. At this point we believe it was tens of millions,” said Cindy Wakefield, an Anthem spokeswoman.

    That would make it “the largest health care breach to date,”

    Because no actual medical information appears to have been stolen, the breach would not come under HIPAA rules, the 1996 Health Insurance Portability and Accountability Act, which governs the confidentiality and security of medical information.

    No credit card information was obtained, the company said in a statement e-mailed to USA TODAY.

    Anthem has contacted the FBI and is working with Mandiant

    “The Anthem insurance company breach is another in a long line of breaches that continue to have a deep and disheartening effect on consumer behavior and the smooth flow of commerce both here at home and worldwide,” said Rep. Bennie Thompson, D-Miss., ranking member of the Committee on Homeland Security.

    Reply
22. February 5, 2015 at 9:38 am

    Tomi Engdahl says:

    Cadie Thompson / CNBC:
    Silk Road website founder Ross Ulbricht found guilty on all counts
    http://www.cnbc.com/id/102397735

    A jury has ruled Ross Ulbricht, the 30-year-old who founded the black market website Silk Road, guilty on all counts.

    The FBI arrested Ulbricht in a sting operation in October 2013 accusing him of being the criminal mastermind running Silk Road where items such as narcotics, fake IDs and other illegal goods were sold using bitcoin for payment.

    By the time Silk Road was shut down by the feds in 2013, it had generated almost $213.9 million in sales and $13.2 million in commissions, prosecutors said.

    Ulbricht conceded that he was indeed the creator of Silk Road

    Prosecutors, however, argued that there was no evidence that Ulbricht walked away from the black market as he claimed.

    Reply
23. February 5, 2015 at 9:42 am

    Tomi Engdahl says:

    Sean Gallagher / Ars Technica:
    Pawn Storm spyware, aimed at Western governments, military, and media, now targeting non-jailbroken iOS devices, has possible links to Russian government — Spyware aimed at Western governments, journalists hits iOS devices — Alleged Russian gov’t malware records audio, screenshots, steals personal data.

    Spyware aimed at Western governments, journalists hits iOS devices
    Alleged Russian gov’t malware records audio, screenshots, steals personal data.
    http://arstechnica.com/security/2015/02/spyware-aimed-at-western-governments-journalists-hits-ios-devices/

    A malware campaign targeting European defense organizations, governments, and media organizations first detected on Windows computers late last year has now spread to iOS devices, according to a report by security researchers at TrendLabs. The spyware campaign, called “Operation Pawn Storm,” has been linked by some researchers to the Russian government, beginning as tensions between Europe and Russia rose over the crisis in Ukraine.

    Pawn Storm began with “spear phishing” attacks and targeted Web attacks from fake Outlook webmail pages and “typo-squatting” websites that used site names close to those of legitimate sites. Now, the attack has spread to Apple iOS devices—without having to jailbreak them. ”

    Researchers believe that the targeted devices may have already been compromised before these malware agents were installed

    Reply
24. February 5, 2015 at 9:43 am

    Tomi Engdahl says:

    Inside CryptoWall 2.0: Ransomware, professional edition
    Code that switches from 32-bit to 64-bit and turns off Windows’ defenses.
    http://arstechnica.com/information-technology/2015/01/inside-cryptowall-2-0-ransomware-professional-edition/

    It’s been over a year since the first wave of cryptographic extortion malware hit computers. Since then, an untold number of individuals, small businesses and even local governments have been hit by various versions of malware that holds victims’ files hostage with encryption, demanding payment by Bitcoin or other e-currency in exchange for a key to reverse the damage. And while the early leader, CryptoLocker, was taken down (along with the “Gameover ZeuS” botnet) last June, other improved “ransomware” packages have sprung up to fill its niche—including the sound-alike CryptoWall.

    Ransomware is a strange hybrid of digital mugging and commercial-grade coding and “customer service”—in order to continue to be able to generate cash from their malware, the criminal organizations behind them need to be able to process payments and provide victims with a way to get their files back, lest people refuse to pay because of bad word-of-mouth. And to grow their potential market, the extortionists need to find ways to make their “product” work on a wide range of potential target systems. The apex of this combination of crime and commerce is (at least so far) the latest version of CryptoWall—CryptoWall 2.0.

    Reply
25. February 5, 2015 at 9:57 am

    Tomi Engdahl says:

    Laura Zhou / South China Morning Post:
    China’s cyber regulator says all mainland internet users must register real personal details
    http://www.scmp.com/news/china/article/1701395/chinas-internet-watchdog-set-reveal-important-regulation-document-morning

    Reply
26. February 5, 2015 at 12:59 pm

    Tomi Engdahl says:

    Siemens sighs: SCADA bugs abound
    Wimax network kit vulnerable
    http://www.theregister.co.uk/2015/02/05/siemens_sighs_scada_bugs_abound/

    Another security advisory covering Siemens industrial kit has reached the public, this time covering wireless industrial networking hardware.

    ICS-CERT advises that the Ruggedcom range of 802.16e (Wimax, for those with long memories) switches from the company carries a range of vulnerabilities that let attackers scam admin privileges for themselves.

    Products impacted are in the company’s WIN 51xx, WIN 52xx, WIN 70xx and WIN 72xx series. These are Wimax base stations designed for harsh environment deployments.

    The ICS-CERT note puts the kit in a wide range of industries worldwide, including chemical, communications, critical manufacturing, dams, defence, energy, food and agriculture, government facilities, transportation systems, and water and wastewater systems.

    Siemens is asking customers to get in touch (online support request to get a firmware update.

    Reply
27. February 6, 2015 at 9:34 am

    Tomi Engdahl says:

    Bloomberg Business:
    Signs of China-Sponsored Hackers Seen in Anthem Attack — (Bloomberg) — Investigators of Anthem Inc.’s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe.

    Chinese State-Sponsored Hackers Suspected in Anthem Attack
    http://www.bloomberg.com/news/articles/2015-02-05/signs-of-china-sponsored-hackers-seen-in-anthem-attack

    (Bloomberg) — Investigators of Anthem Inc.’s data breach are pursuing evidence that points to Chinese state-sponsored hackers who are stealing personal information from health-care companies for purposes other than pure profit, according to three people familiar with the probe.

    The breach, which exposed Social Security numbers and other sensitive details of 80 million customers, is one of the biggest thefts of medical-related customer data in U.S. history.

    The attack appears to follow a pattern of thefts of medical data by foreigners seeking a pathway into the personal lives and computers of a select group — defense contractors, government workers and others, according to a U.S. government official familiar with a more than year-long investigation into the evidence of a broader campaign.

    The Anthem theft follows breaches of companies including Target Corp., Home Depot Inc. and JPMorgan Chase & Co. that have touched the private data of hundreds of millions of Americans and increased pressure on the U.S. government to respond more forcefully.

    The Federal Bureau of Investigation is leading the investigation, according to Anthem, which has hired FireEye Inc., a Milpitas, California-based security company, to assist.

    Hackers could use stolen information — which Anthem said in its case included birthdates and e-mail addresses — to conduct “phishing” attacks on customers who unwittingly provide access to their companies’ networks.

    In the past year, Chinese-sponsored hackers have taken prescription drug and health records and other information that could be used to create profiles of possible spy targets, according to Adam Meyers, vice president of intelligence at Crowdstrike

    “This goes well beyond trying to access health-care records,” Meyers said. “If you have a rich database of proclivities, health concerns and other personal information, it looks, from a Chinese intelligence perspective, as a way to augment human collection.”

    A different major U.S. health insurer was breached recently by Chinese hackers, according to a person involved in that investigation

    “A lot of these healthcare companies have a lot of very trusted relationships at the network level and the corporate level to some very hard targets on the federal side and the commercial side,”

    “The healthcare environment is in an unfortunate position: It didn’t expect to be a high, heavy target five years ago, so they didn’t prepare,” Hindawi said. “They didn’t expect to have advanced threats from nation-state actors targeting them.”

    Like many other Chinese hacking campaigns, the attacks appear to serve multiple purposes — one commercial and the other related to national security — said one of the U.S. officials.

    Reply
28. February 6, 2015 at 9:37 am

    Tomi Engdahl says:

    Politico:
    Obama administration officials call out China for undermining an open internet, say US and China must work together to address cybersecurity

    China’s Undermining an Open Internet
    We must work together on reliable cybersecurity.
    http://www.politico.com/magazine/story/2015/02/china-cybersecurity-114875.html#.VNSK1i53Bmg

    Cyber threats are becoming more diverse, sophisticated and dangerous. Over the past year, we have seen an exponential increase in the number of commercial data breaches and the theft of trade secrets. Malicious actors have proven increasingly willing to disrupt or destroy computers and networks through cyber attacks. And all of this is happening in an environment where we are connecting more and more things to the Internet, from thermostats to power plants.

    These trends should be a call to action for both the United States and China, the world’s two largest economies, to work together to improve cybersecurity globally. Like the United States, China has a legitimate interest in improving the cybersecurity of its computers and networks and protecting its citizens and businesses from the threats posed by malicious cyber actors.

    But aspects of China’s actions, including the direction of their recently announced regulations—which have been billed as a means to promote better cybersecurity—are not the answer. China’s new rules require technology companies doing business with banks to demonstrate that their products are “secure and controllable” by, among other things, making their source code available to the Chinese government, providing the Chinese government with back doors in software and hardware and requiring localization of foreign intellectual property to China. Not only are these regulations inconsistent with international cybersecurity best practices, they are anticompetitive trade barriers.

    Finally, we believe that nation-states have responsibilities in cyberspace, just as they do elsewhere, to abide by certain standards of behavior. That is why the United States remains deeply concerned about China’s continuing and indisputable government-sponsored cyber theft from companies and commercial sectors around the world for Chinese companies’ advantage.

    The United States is ready to work with China to address the cybersecurity challenge. And if we work together, we can make cyberspace more secure.

    Read more: http://www.politico.com/magazine/story/2015/02/china-cybersecurity-114875.html#ixzz3QxLMqrLC

    Reply
29. February 6, 2015 at 9:40 am

    Tomi Engdahl says:

    Thomas Fox-Brewster / Forbes:
    Russian Hackers Are Selling Access To Sony Pictures Network, Claims US Security Firm

    Forget North Korea – Russian Hackers Are Selling Access To Sony Pictures, Claims US Security Firm
    http://www.forbes.com/sites/thomasbrewster/2015/02/04/russians-hacked-sony-too-claims-us-firm/

    Sony Pictures might have another cyber disaster on its hands. Or the same hackers could still be silently leaking information from the film studio’s servers. That’s what US security firm Taia Global has suggested, making a bold claim in an already heated debate around the November atttacks.

    The firm claimed it has evidence Russian hackers have been silently siphoning off information from Sony’s network for the last few months and may even be the ones responsible for the catastrophic attacks in November, which the US blamed on North Korea. The Russians may have just been working unwittingly alongside the Guardians of Peace hackers

    Though the data was passed to the company via a Ukraine-based hacker, Jeffrey Carr, CEO of Taia, told Forbes he was “100 per cent certain” the information was legitimate and that it’s highly likely the Russians are still on the Sony network.

    Analysis by Taia staff indicated the spreadsheets were not in the original dumps by the so-called Guardians of Peace (GOP), whilst the two most recent emails acquired by Carr were dated 14 January and 24 January, the CEO said.

    Yama Tough told Carr a Russian hacker who carried out “occasional contract work for Russia’s Federal Security Service” was responsible and was now selling access to Sony’s network. “This is all they do, they break into networks and they steal data. And they do it for multiple companies and they never leave the network… It is an ongoing breach,” Carr said.

    The findings throw further doubt on US claims that North Korea was the sole party responsible for taking control of Sony’s systems, shutting them down and leaking gigabytes of data. But Taia’s report indicated that Sony might have just been compromised by two or more groups at the same time. Given the poor state of security at Sony Pictures, as revealed by the leaks, it would come as little surprise if more than one hacker group had breached the company. Indeed, the leaked files from last year showed how Sony had been successfully breached on at least three occasions in 2014.

    Reply
30. February 6, 2015 at 9:43 am

    Tomi Engdahl says:

    You can now send ‘screenshot-proof’ documents and photos with Confide, the ‘Snapchat for business’
    http://www.businessinsider.com/confide-app-adds-screenshot-proof-photo-messaging-2015-2?op=1

    Confide wants to be the off-the-record messaging app for the business world. On Wednesday it added two key features to its arsenal: screenshot-proof documents and photos.

    Now, you can technically still take a screenshot of a document or photo within Confide, but not in the traditional sense. There’s now a new “wanding” feature that allows users to peek at a document or photo through a tiny window, which reveals only a sliver of the full message.

    It’s basically the same technique that Confide uses to block screenshots of text messages, forcing users to move a finger across the words of message to reveal what they say beneath the blocks obscuring them.

    Of course, if you take a screenshot, the message disintegrates and the sender is notified, so you won’t be able to repeat the process.

    You can attach documents from Dropbox, Google Drive, Box, and One Drive, and the same is true for Excel spreadsheets, Word docs, PDFs, and PowerPoints. Once you send it, Confide strips the ability to save, download, or forward the document, so you really only have to worry about people taking a screenshot of a small portion of the document, which you’d be notified of anyways.

    Reply
31. February 6, 2015 at 9:52 am

    Tomi Engdahl says:

    Kashmir Hill / Fusion:
    How every new product, feature, study, and code change at Facebook is systematically scrutinized for privacy concerns

    He won Survivor. Can he beat this?
    The guy standing between Facebook and its next privacy disas
    http://fusion.net/story/41870/facebook-privacy-yul-kwon/

    Facebook privacy is an oxymoron to many. Facebook’s privacy record after all has many blemishes

    The face of the new, privacy-conscious Facebook is Yul Kwon, a Yale Law grad who heads the team responsible for ensuring that every new product, feature, proposed study and code change gets scrutinized for privacy problems. His job is to try to make sure that Facebook’s 9,199 employees and the people they partner with don’t set off any privacy dynamite. Facebook employees refer to his group as the XFN team, which stands for “cross-functional,” because its job is to ensure that anyone at Facebook who might spot a problem with a new app — from the PR team to the lawyers to the security guys — has a chance to raise their concerns before that app gets on your phone. “We refer to ourselves as the privacy sherpas,” says Kwon. Instead of helping Facebook employees scale Everest safely, Kwon’s team tries to guide them safely past the potential peril of pissing off users.

    Kwon, 39, has a million-dollar testament to his ability to orchestrate group dynamics. He was the winner of the 13th season of Survivor, the season in which the CBS reality show controversially divided contestants by race (Kwon is of South Korean descent). His competitors said his gift of diplomacy helped him win — though some called him a “puppetmaster.” “I learned how to navigate difficult environments,” Kwon now says.

    Every product manager at Facebook now goes through a boot camp session with Kwon’s XFN team, and has one of the 8 privacy managers on the team assigned to him or her.

    During the boot camp session, Kwon lounged in a chair at the side of the room in a dark blue polo shirt, dark jeans and black leather loafers (instead of sneakers, which is a giveaway he’s spent a lot of time in D.C.). He doesn’t want people groomed on the long-time Facebook tenet to “move fast and break things” to see the privacy team as onerous. “This process is not designed to slow you down,” he chimes in. “It’s the opposite. If we’re engaged early on, we can help you avoid thorny issues later.”

    This is where new product managers learn about the “Privatron,” Kwon’s tool for keeping track of everything that’s happening at Facebook in order to avoid surprises.

    The privacy sherpas seem to be effective. James Grimmelmann, a University of Maryland professor with a long history of analyzing Facebook’s privacy mistakes, says the company has turned a new page. “Facebook is not my go-to suspect when I open up the news and look for privacy problems. In 2008 and 2009, they did something wrong like clockwork every few months. It was a nasty cycle,” he says. “Facebook moves carefully now. It doesn’t want to move fast and break things anymore.”

    Kwon says the Federal Trade Commission’s crackdown was a turning point for the company: “The FTC consent order made it a priority for us.” The agency has made a concerted push toward regulating privacy, even though it’s not explicitly part of its mission to stop “unfair and deceptive trade practices.”

    On the Facebook emotion manipulation study, Kwon says: “We would have prevented that.”

    One narrowly averted disaster was Nearby Friends, an app you can use to see where your Facebook friends are.
    It took two years to hammer Glancee — which had 50,000 users when it was acquired — into a product that could be released by Facebook as Nearby Friends.

    Working with the privacy sherpas changed Vaccari’s thinking. “It was frustrating at first,” says Vaccari. “I came into Facebook to launch this thing I believed in and I wanted to launch it to as many people as possible. At first the recommendations felt too conservative, but I learned quickly to appreciate the value of these recommendations. A bad launch could have hurt our ability to grow in the future.”

    Facebook launched Nearby Friends in April 2014 very carefully, putting “optional” prominently in its headline.

    Reply
32. February 6, 2015 at 11:33 am

    Tomi Engdahl says:

    Fancybox WordPress plugin reveals zero day affecting thousands
    To the patch-o-tron, admins!
    http://www.theregister.co.uk/2015/02/06/fancybox_clops_zero_day_affecting_thousands/

    A WordPress plugin downloaded half a million times has been used in zero day attacks that served up malware.

    The plugin in question is called FancyBox and creates a lightbox-like interface with which to look at images. It’s been used by unknown actors to deliver a malicious iframe through a persistent cross-site scripting vulnerability identified by Russian researchers Gennady and Konstantin Kovshenin.

    Reply
33. February 6, 2015 at 11:36 am

    Tomi Engdahl says:

    ‘Privacy is DAMAGING to PROGRESS’ says Irish big data whitepaper
    ‘Magna Carta for data’ full of technobabble bullshit
    http://www.theregister.co.uk/2015/02/06/big_data_needs_your_blood_sweat_and_tears_say_boffins/

    More than 350 Irish boffins have signed a white paper calling for nothing less than a “Magna Carta for Data”.

    The Insight Centre for Data Analytics says it wants to “put Europe on the road to fair and relevant legislation”, but most of the language sounds like what it really wants is to water down privacy rights in favour of Big Data businesses.

    “We have progressed so rapidly that the term ownership is obsolete. Does a person own all of the data they generate, for example? Or just the identifying parts of it?” the group innocently asks.

    Dara Murphy, Ireland’s Data Protection Minister, spoke at the presentation of the paper in Brussels on Wednesday, saying: “In seeking to harness the power of Big Data, we must place the protection of individual privacy at the heart of everything we do.”

    Although it makes some conciliatory noises about “trust”, according to the paper “the almost exclusive focus on the privacy of the individual, while politically popular, is potentially damaging to progress.” It further dismisses public fears that “data owners may evolve into monopolies” and “lock in” or “control” citizens, saying this would undermine the benefits of data analytics.

    The paper further suggests that self-censoring behaviour “by those who think they are being monitored” is a problem in the face of potentially unrealistic fears. But it does concede: “Direct harm to autonomy might occur when an autocratic (or democratic) government uses Big Data technologies to effectively root out any resistance.”

    The paper asks eight questions about data ethics but is short on answers.

    Reply
34. February 6, 2015 at 12:29 pm

    Tomi Engdahl says:

    The ‘Exit Scam’ Is the Darknet’s Perfect Crime
    http://motherboard.vice.com/read/darknet-slang-watch-exit-scam?trk_source=popular

    Imagine that you’re a vendor on Evolution, Agora, or another of the Amazon-like underground emporiums modeled on the now-defunct Silk Road.

    Buyers send you payments in Bitcoin, the digital currency that approximates cash on the internet, along with their encrypted mailing addresses, and in return you ship them parcels of methamphetamine, designer psychedelics, or even home-roasted coffee.

    Following me so far? Now imagine that you want to to quit.

    So you sell the last of your drugs, reformat your hard drives, and shut down your vendor accounts on the darknet sites where you used to sell.

    Or do you?

    It turns out that a logistical problem with darknet markets is that when a vendor throws in the towel, it’s very tempting for him or her to stop mailing drugs, but continue pocketing customers’ payments for as long as possible.

    By online consensus, the phenomenon even has a name: an “exit scam.”

    If you’ve built up a good reputation on a darknet market’s seller rating system—which, like eBay, is based on feedback from other users—why not keep pulling in cash until the review system catches up with you?

    “I am sorry guys but I have scammed you.”

    Darknet vendors tend to disappear completely after defrauding buyers, which was why it was so remarkable that one exit scammer recently published a seemingly remorseful confession before disappearing for good.

    Exit scams, according to pseudonymous darknet researcher Gwern, “are hard to say anything precise on by their nature.” That’s true for a few reasons. Buyers are the only ones who know for certain whether they received an order, and so sometimes report having been scammed when there was just a delivery problem. The markets themselves—which have no interest in publicizing their own downsides—typically hide the profile and feedback associated with banned sellers.

    To avoid exit scams, Gwern says, buyers can choose to only deal with buyers who use escrow, meaning the market will hold onto the payment until the buyer confirms that the order has been received.

    “You very rarely hear of exit scams from escrow users,” Gwern said. “Some selective scamming and feedback stuffing, but nothing like exit scams.”

    Reply
35. February 6, 2015 at 1:33 pm

    Tomi Engdahl says:

    With Insider Help, ID Theft Ring Stole $700,000 In Apple Gift Cards
    http://apple.slashdot.org/story/15/02/05/2314218/with-insider-help-id-theft-ring-stole-700000-in-apple-gift-cards

    The Manhattan District Attorney’s office has indicted five people for using personal information stolen from around 200 people to fund the purchase of hundreds of thousands of dollars in Apple gift cards, which in turn were used to buy Apple products. “Using stolen information to purchase Apple products is one of the most common schemes employed by cybercrime and identity theft rings today,”

    With employee help, ID theft ring allegedly stole $700,000 in Apple gift cards
    http://www.itworld.com/article/2880675/with-employee-help-id-theft-ring-allegedly-stole-700000-in-apple-gift-cards.html

    Apple products are some of the most expensive and desirable in tech so it makes sense that the company’s gift cards are proving an attractive currency for criminals.

    On Thursday, the Manhattan District Attorney’s office said it has indicted five people for using personal information stolen from around 200 people to fund the purchase of hundreds of thousands of dollars in Apple gift cards, which in turn were used to buy Apple products.

    stole the names, address, birth dates and social security numbers of patients at the Manhattan dental office
    That data was passed to
    former Apple sales associate from the Bronx, who used it to apply for Apple “instant credit,”

    Instant credit is offered by Apple in conjunction with Barclaycard, and provides an immediate credit line for use in the purchase of Apple products.

    “Using stolen information to purchase Apple products is one of the most common schemes employed by cybercrime and identity theft rings today,”

    “We see in case after case how all it takes is single insider at a company—in this instance, allegedly, a receptionist in a dentists’ office—to set an identity theft ring in motion, which then tries to monetize the stolen information by purchasing Apple goods for resale or personal use,”

    Reply
36. February 6, 2015 at 1:43 pm

    Tomi Engdahl says:

    The World’s Email Encryption Software Relies on One Guy, Who is Going Broke
    http://www.propublica.org/article/the-worlds-email-encryption-software-relies-on-one-guy-who-is-going-broke

    Werner Koch’s code powers the email encryption programs around the world. If only somebody would pay him for the work.

    The man who built the free email encryption software used by whistleblower Edward Snowden, as well as hundreds of thousands of journalists, dissidents and security-minded people around the world, is running out of money to keep his project alive.

    Werner Koch wrote the software, known as Gnu Privacy Guard, in 1997, and since then has been almost single-handedly keeping it alive with patches and updates from his home in Erkrath, Germany. Now 53, he is running out of money and patience with being underfunded.

    “In early 2013 I was really about to give it all up and take a straight job.” But then the Snowden news broke, and “I realized this was not the time to cancel.”

    The fact that so much of the Internet’s security software is underfunded is becoming increasingly problematic. Last year, in the wake of the Heartbleed bug, I wrote that while the U.S. spends more than $50 billion per year on spying and intelligence, pennies go to Internet security. The bug revealed that an encryption program used by everybody from Amazon to Twitter was maintained by just four programmers, only one of whom called it his full-time job. A group of tech companies stepped in to fund it.

    Koch’s code powers most of the popular email encryption programs GPGTools, Enigmail, and GPG4Win. “If there is one nightmare that we fear, then it’s the fact that Werner Koch is no longer available,” said Enigmail developer Nicolai Josuttis. “It’s a shame that he is alone and that he has such a bad financial situation.”

    The programs are also underfunded. Enigmail is maintained by two developers in their spare time.

    Email encryption first became available to the public in 1991, when Phil Zimmermann released a free program called Pretty Good Privacy, or PGP, on the Internet.

    Stallman urged the crowd to write their own version of PGP. “We can’t export it, but if you write it, we can import it,” he said.

    Inspired, Koch decided to try.
    Within a few months, he released an initial version of the software he called Gnu Privacy Guard

    Koch’s software was a hit even though it only ran on the Unix operating system.

    German government gave him a grant to make GPG compatible with the Microsoft Windows

    But in 2010, the funding ran out.

    in August 2012, he had to let the programmer go. By summer 2013, Koch was himself ready to quit.

    But after the Snowden news broke, Koch decided to launch a fundraising campaign

    Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation’s Core Infrastructure Initiative.

    Securing the future of GnuPG
    https://gnupg.org/

    Reply
37. February 6, 2015 at 4:25 pm

    Tomi Engdahl says:

    Owen Bowcott / Guardian:
    UK court rules GCHQ mass internet surveillance was unlawful, breached human rights law

    UK-US surveillance regime was unlawful ‘for seven years’
    http://www.theguardian.com/uk-news/2015/feb/06/gchq-mass-internet-surveillance-unlawful-court-nsa

    Regulations governing access to intercepted information obtained by NSA breached human rights laws, according to Investigatory Powers Tribunal

    The regime that governs the sharing between Britain and the US of electronic communications intercepted in bulk was unlawful until last year, a secretive UK tribunal has ruled.

    The Investigatory Powers Tribunal (IPT) declared on Friday that regulations covering access by Britain’s GCHQ to emails and phone records intercepted by the US National Security Agency (NSA) breached human rights law.

    Advocacy groups said the decision raised questions about the legality of intelligence-sharing operations between the UK and the US. The ruling appears to suggest that aspects of the operations were illegal for at least seven years – between 2007, when the Prism intercept programme was introduced, and 2014.

    Eric King, deputy director of Privacy International, said: “For far too long, intelligence agencies like GCHQ and NSA have acted like they are above the law. Today’s decision confirms to the public what many have said all along – over the past decade, GCHQ and the NSA have been engaged in an illegal mass surveillance sharing programme that has affected millions of people around the world.”

    “We must not allow agencies to continue justifying mass surveillance programmes using secret interpretations of secret laws. The world owes Edward Snowden a great debt for blowing the whistle, and today’s decision is a vindication of his actions.”

    Reply
38. February 6, 2015 at 4:33 pm

    Tomi Engdahl says:

    Mark Scott / New York Times:
    Google’s advisory council on the Right to be Forgotten suggests limiting it to Europe

    Limit ‘Right to Be Forgotten’ to Europe, Panel Tells Google
    http://bits.blogs.nytimes.com/2015/02/06/limit-right-to-be-forgotten-to-europe-panel-says/?_r=0

    Europe’s so-called right to be forgotten should apply only in Europe.

    That was the majority opinion in a recommendation published on Friday by an eight-person committee set up by Google to provide guidance over how the search giant should comply with a landmark privacy ruling in the 28-member bloc.

    The committee can only provide recommendations to Google and does not have the power to force the company to change its operations. It also has no legal powers in Europe, where individual countries’ data protection authorities will make the final decisions on how the privacy ruling should be enforced.

    The decision by Europe’s highest court, published in May, said that anyone with connections to Europe could ask Google and other search engines to remove links about themselves from online search results.

    In its report, the advocacy group for privacy and freedom of speech sided with Google, saying the privacy ruling should be limited to Europe.

    “We believe that delistings applied to the European versions of search will, as a general rule, protect the rights of the data subject adequately,” the committee said, noting that roughly 95 percent of web searches in Europe are funneled through Google’s regional domains.

    The group said that other interests, including the right of those outside the European Union to access online information, also must be considered.

    Reply
39. February 9, 2015 at 8:20 am

    Tomi Engdahl says:

    Shane Harris / The Daily Beast:
    Samsung’s SmartTV privacy policy warns that voice recognition can collect and transmit sensitive personal information to improve the product
    — Your Samsung SmartTV Is Spying on You, Basically — You may be loving your new Internet-connected television and its convenient voice-command feature …

    Your Samsung SmartTV Is Spying on You, Basically
    http://www.thedailybeast.com/articles/2015/02/05/your-samsung-smarttv-is-spying-on-you-basically.html

    You may be loving your new Internet-connected television and its convenient voice-command feature—but did you know it’s recording everything you say and sending it to a third party?

    Careful what you say around your TV. It may be listening. And blabbing.

    A single sentence buried in a dense “privacy policy” for Samsung’s Internet-connected SmartTV advises users that its nifty voice command feature might capture more than just your request to play the latest episode of Downton Abbey.

    “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party,” the policy reads.

    Writing in Salon in November 2014, Michael Price, counsel in the Liberty and National Security Program at the Brennan Center for Justice at the NYU School of Law, said the details in his new smart TV’s lengthy privacy policy made him “afraid to use it.” Price didn’t name the brand, but the wording matches exactly what’s contained in Samsung’s notice to its customers.

    “I do not doubt that this data is important to providing customized content and convenience, but it is also incredibly personal, constitutionally protected information that should not be for sale to advertisers and should require a warrant for law enforcement to access,” Price wrote.

    Reply
40. February 9, 2015 at 8:24 am

    Tomi Engdahl says:

    Quentin Hardy / New York Times:
    VPNs increasingly used to circumvent geo restrictions, access content on sites like Netflix

    VPNs Dissolve National Boundaries Online, for Work and Movie-Watching
    http://bits.blogs.nytimes.com/2015/02/08/in-ways-legal-and-illegal-vpn-technology-is-erasing-international-borders/

    Rod Drury, an entrepreneur in Auckland, New Zealand, regularly visits the United States. Sometimes there are multiple visits a day.

    “People here can’t get Netflix, so they get a VPN that gives them a U.S. I.P. address, and watch Netflix like they’re in America,” he said. “If I want something off iTunes, I buy U.S. cards online.”

    Decoding the jargon: Millions of people around the world now pay for virtual private computer networks — a security method that uses encryption to hide Internet traffic — and similar services to hook into a server in the United States. As far as the video and retail services can tell, Mr. Drury is one more American customer.

    If the Internet breaks down national boundaries, it may happen from the comfort of our couches. VPNs were originally thought of as a way for companies to guarantee security or dissidents to avoid the prying eyes of their governments. Now they are part of a larger movement for people to work and play anywhere on the planet, at all times.

    And if the software can’t come to consumers, the customers use VPN to get to the software.

    “Unblock geo-restricted websites and web services like Netflix, Hulu, BBC iPlayer, Skype, and many more!” says the webpage of PureVPN, which charges $45 a year to turn you into a virtual American. You might prefer being Canadian, since Netflix Canada has a bigger selection of films.

    Reply
41. February 9, 2015 at 8:28 am

    Tomi Engdahl says:

    Kevin Poulsen / Wired:
    Drone maker DJI expands use of geofences as DHS warns that hobbyist drones can be used as weapons
    http://www.wired.com/2015/02/white-house-drone/

    Reply
42. February 9, 2015 at 9:07 am

    Tomi Engdahl says:

    Wanna see something insane? How about an SSH library written in x64 assembly?

    HeavyThing x86_64 assembler library
    https://2ton.com.au/HeavyThing/

    GPLv3 licensed, commercial support available
    Very fast TLS 1.2 client/server implementation
    Very fast SSH2 client/server implementation

    Reply
43. February 9, 2015 at 9:25 am

    Tomi Engdahl says:

    Facebook Malware that infected more than 110K and still on the rise
    http://seclists.org/fulldisclosure/2015/Jan/131

    A new trojan is propagating through Facebook which was able to infect more
    than 110,000 users only in only two days.

    The trojan tags the infected user’s friends in an enticing post. Upon
    opening the post, the user will get a preview of a porn video which
    eventually stops and asks for downloading a (fake) flash player to continue
    the preview. The fake flash player is the downloader of the actual malware.

    In the new technique, which we call it “Magnet”, the malware gets more
    visibility to the potential victims as it tags the friends of the victim in
    a the malicious post. In this case, the tag may be seen by friends of the
    victim’s friends as well, which leads to a larger number of potential
    victims. This will speed up the malware propagation.

    The malware is able to hijack keyboard and mouse movement (at initial
    investigation)

    Tag Scams on Facebook Ensnare over 5,000 in Less than One Hour
    http://news.softpedia.com/news/Tag-Scams-on-Facebook-Ensnare-Over-5-000-In-Less-than-One-Hour-471381.shtml

    An elaborated scheme has been set up by cybercriminals targeting Facebook users and preying their curiosity to direct them to dangerous online locations that deliver malware or try to subscribe them to premium-rate services.
    The scammers launched the malicious campaign over the weekend, using a classic “tag scam” as lure. In this particular case, the crooks send to the victim an enticing looking image posing as the thumb for a video, saying that some of their friends have been tagged in it.

    Users are redirected several times until they reach the scam page
    According to Bitdefender, the number of friends allegedly tagged in the video is always 20 and the lure is changed every time.

    Depending on the device used to access the fake content, the cybercriminals direct to different pages. In the case of mobile navigation, the potential victim is sent to the site of a premium rate service that attempts to subscribe them for at least €3 / $3.

    On Windows operating system, the redirect is to a page impersonating Facebook, which purports to serve a different video than the original one. Accessing the content is gated by the request to download a fake update for Flash Player.

    The file is malicious and when launched, it proceeds to install two pieces of malware, one used to funnel in other threats and the other to spread the scam through the victim’s Facebook account.

    Reply
44. February 9, 2015 at 9:26 am

    Tomi Engdahl says:

    China to ban online impersonation accounts, enforce real-name registration
    http://in.reuters.com/article/2015/02/04/china-internet-censorship-idINKBN0L811520150204

    (Reuters) – China will ban from March 1 internet accounts that impersonate people or organisations, and enforce the requirement that people use real names when registering accounts online, its internet watchdog said on Wednesday.

    China has repeatedly made attempts to require internet users to register for online accounts using their real names, although with mixed success.

    Many users of social media create parody accounts of prominent figures and institutions to poke fun at them.

    Reply
45. February 9, 2015 at 11:20 am

    Tomi Engdahl says:

    Reborn Pirate Bay could be an FBI honeypot
    You’ll have to suck it and see
    http://www.theinquirer.net/inquirer/news/2394029/reborn-pirate-bay-could-be-an-fbi-honeypot

    THE REBIRTH OF THE PIRATE BAY that we reported on recently could be a sham site set up by the FBI with the intention of snagging punters.

    It could not be, but there are increasing suspicions that this is the case, and there were probably some clues at the time.

    Questions were raised about the new site, including the passing of the old admins and the decision to use Cloudflare integration.

    In some cases people pointed to FBI-like flags. The use of Cloudflare suggests that user information might be exposed to the warrant-like demands of the surveillance agencies.

    The Pirate Bay people have denied that the site is a puppet for the FBI and have explained away the use of Cloudflare in a statement sent to TorrentFreak.

    Pirate Bay Responds to Cloudflare and Moderation Concerns
    http://torrentfreak.com/pirate-bay-will-ditch-cloudflare-asks-users-moderate-150203/

    The Pirate Bay has responded to concerns about its use of U.S.-based CDN service CloudFlare. According to the people behind the site, this is only a temporary measure to reduce the load on its servers. In addition, TPB now asks users to report fake torrents, noting that the staff’s moderating capabilities are disabled for security reasons.

    “Due to severe security issues regarding the old moderator team all moderation has temporarily been disabled,” TPB notes.

    Finally, it’s worth noting that The Pirate Bay’s .onion address has been brought back online too, which allows people to browse the site over the Tor network.

    Reply
46. February 9, 2015 at 12:03 pm

    Tomi Engdahl says:

    Don’t count on antivirus software alone to keep your data safe
    Buckle up with belt and braces
    http://www.theregister.co.uk/2015/02/09/dont_count_on_antivirus_alone_to_protect_your_data/

    TJX hacking mastermind Albert Gonzalez scoffed at antivirus tools. He and his cohorts wrote malware specifically designed to evade their detection. One can imagine him laughing as his team of hackers broke into corporate networks using SQL injection attacks and gained administrative access.

    Then he probably guffawed, Bond villain-style, as he uploaded the malware directly into server memory, and when the corporate networks began happily delivering customer credit card data directly to his servers chuckled all the way to the bank.

    Gonzalez was perhaps the biggest cyber criminal in history. He was eventually jailed for hacking more than 250 companies, ranging from retailers such as TJX and grocery chain Hannaford Bros through to payment processing company Heartland.

    He pilfered data from under their noses and cost them hundreds of millions of dollars. Even though many of these firms had antivirus software installed, they didn’t detect what he was doing. Why?

    Don’t be mistaken: antivirus software is a crucial part of any security arsenal and every day malware scanners the world over detect and throttle millions of malicious software strains. This is not a category of software that we should live without.

    These are solid, reliable tools but when attackers are determined enough, antivirus software alone may not stop them from grabbing your data.

    The malware industry thrives on zero-day attacks – exploits using obscure or completely unknown vulnerabilities. A hacker smart enough to devise one – and there are plenty – can get past malware detectors.

    The smart IT manager uses complementary technologies to reduce the risk of attack, and one is to look at the potential delivery channels for malware.

    One way in which attacks are delivered is via drive-by downloads.

    Web protection software can reduce that risk by blacklisting certain sites or groups of sites. Filtering web access is a good way to reduce the risk of infection by simply prohibiting access to sites that are not necessary for work.

    It can also be a worthy complement to antivirus software that will attempt to detect anything installed via the browser. This multi-faceted protection is a basic tenet of modern cyber security.

    Another important vector is email.

    Employee training is all-important here but it must be backed by a technological solution too. All it takes is for one user to open a file or click a link to a fake IT administrator page asking them to enter their single sign-on password as part of a security audit, and you can wave goodbye to the integrity of your network.

    The best way to counter threats delivered via email is to choke them off before employees even see them. Monitoring and filtering emails is therefore an important part of any corporate cyber-security strategy.

    Having these filtered offsite by a third-party service mitigates the problem, ensuring that only clean communications touch company servers.

    Even after all these measures have been taken, there is still the chance that a company’s systems can be compromised.

    The likes of Gonzalez, or the Sony Pictures hackers, are determined assailants. The battle doesn’t stop with web protection or email scanning.

    Making sure the software running on the network is up to date is an important aspect of any cyber-security strategy so that attackers can’t exploit any of the known vulnerabilities in the average operating system or application.

    Patch management processes and tools are critical, especially as companies grow larger and IT infrastructures become more complex.

    The way to do that is to layer your defences, using multiple tools and protecting different parts and communications channels of the IT infrastructure.

    Managing it centrally also gives you a single point of access

    This concept reflects a long-established military strategy: defence in depth, in which layers wear down an attacker’s ability to mount an offensive.

    In a modern environment, where companies live and die by their data, don’t rely on a thin red line to protect it all

    Reply
47. February 9, 2015 at 12:04 pm

    Tomi Engdahl says:

    We’ll ask GCHQ to DELETE records of ‘MILLIONS’ of people – Privacy International
    ‘Illegal’ spying tribunal ruling fallout
    http://www.theregister.co.uk/2015/02/09/ruling_trigger_gchq_deletion_requests/

    Campaigning group Privacy International is preparing to help “potentially millions” of people request that their GCHQ records be deleted, following a landmark ruling by the Investigatory Powers Tribunal on Friday.

    Reply
48. February 9, 2015 at 1:44 pm

    Tomi Engdahl says:

    A $10 USB charger with built-in wireless keylogger means more security headaches
    http://www.zdnet.com/article/a-10-usb-charger-with-built-in-wireless-keylogger-is-a-security-nightmare/

    Summary:Think that keeping hackers out of your digital fortress is already hard work, or that that BYOD is a security timebomb waiting to blow up in your face? Well, here’s something new for you to worry about – a $10 USB charger that features a built-in wireless keylogger.

    Think that keeping hackers out of your digital fortress is already hard work, or that that BYOD is a security timebomb waiting to blow up in your face? Well, here’s something new for you to worry about – a $10 USB charger that features a built-in wireless keylogger.

    KeySweeper to connect to nearby wireless keyboards – Kamkar uses Microsoft keyboards in the demonstration – and passively sniff, decrypt and log all of the keystrokes.

    Unplugging KeySweeper doesn’t make you any safer either because it also features an internal battery.

    This device is possible because of the painfully weak security employed by wireless keyboards.

    How can you defend against this? Here are some options:

    1. Because the device is passive, detecting it is next to impossible without a thorough physical examination of ALL your hardware.
    2. Don’t use wireless keyboards.

    “Keyboards from multiple manufacturers are affected by this device. Where Microsoft keyboards are concerned, customers using our Bluetooth-enabled keyboards are protected from this type of attack. In addition, users of our 2.4GHz wireless keyboard designs from July 2011 onwards are also protected because these keyboards use Advance Encryption Standard (AES) technology.” – a Microsoft spokesperson

    Reply
49. February 9, 2015 at 2:36 pm

    Tomi Engdahl says:

    Two Bitcoin stories:

    Inside the Chinese Bitcoin Mine That’s Making $1.5M a Month
    http://motherboard.vice.com/read/chinas-biggest-secret-bitcoin-mine

    I Visit Libraries to Sell Bitcoins to Random People from the Internet
    http://motherboard.vice.com/read/i-visit-libraries-to-sell-bitcoins-to-random-people-from-the-internet?trk_source=popular

    I sell Bitcoin because it’s a fairly easy way to make money, but I also sell it because I want the community to grow and the technology to succeed. Before I started dealing, it was just an abstract concept. Some buyers are purely speculators, but the more I interact with them, the more I realize how many different types of people are not only studying Bitcoin, but also using it.

    Reply
50. February 10, 2015 at 8:09 am

    Tomi Engdahl says:

    Alex Hern / Guardian:
    Samsung rejects TV privacy concerns: we do “not retain voice data or sell it to third parties”

    Samsung rejects concern over ‘Orwellian’ privacy policy
    http://www.theguardian.com/technology/2015/feb/09/samsung-rejects-concern-over-orwellian-privacy-policy

    Smart TV voice recognition software could transmit ‘personal or other sensitive information’ to a third party, Samsung’s policy warns

    Users of Samsung’s Smart TV devices have raised concerns over the device’s privacy policy, which seems to suggest that they should not discuss any sensitive topics in their living room while the television is plugged in.

    Samsung privacy policy warns: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of voice recognition.”

    The third-party mentioned is thought to be Massachusetts-based voice recognition company Nuance, which provides the technology to Samsung as a white-label service.

    Parker Higgins, an activist for San Francisco-based advocacy group Electronic Frontier Foundation who brought the privacy policy to light, compared the feature to the telescreens in George Orwell’s dystopian novel 1984.

    Orwell wrote: “Any sound that Winston made, above the level of a very low whisper, would be picked up by it, moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork.”

    Samsung said the ability to control the TV using voice commands can be activated or deactivated by the user and that the Smart TV displaced when it is actively listening. Samsung said: “Should consumers enable the voice recognition capability, the voice data consists of TV commands or search sentences, only. Users can easily recognise if the voice recognition feature is activated because a microphone icon appears on the screen.”

    It added: “Samsung does not retain voice data or sell it to third parties. If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search. At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.”

    Emma Carr, director of privacy campaign group Big Brother Watch, said: “Samsung needs to understand that not everyone wants to be spied on by their TV. It is outrageous that the company has even stated in its own privacy policy that if the TV’s owner does decide not to share their private information, then the company may still take the information anyway.

    “Few people would expect a TV to intrude on our privacy, yet this is increasingly becoming the case.”

    Reply