Join 3,435 readers in helping fund MetaFilter (Hide)

639 posts tagged with Security. (View popular tags)
Displaying 1 through 50 of 639. Subscribe:

Related tags:
+ (70)
+ (63)
+ (61)
+ (47)
+ (44)
+ (44)
+ (43)
+ (36)
+ (36)
+ (32)
+ (27)
+ (26)
+ (25)
+ (21)
+ (20)
+ (19)
+ (18)
+ (18)
+ (18)
+ (18)
+ (17)
+ (17)
+ (16)
+ (16)
+ (16)
+ (14)
+ (14)
+ (14)
+ (14)
+ (13)
+ (13)
+ (13)
+ (13)
+ (12)
+ (12)
+ (12)
+ (12)
+ (12)
+ (12)
+ (12)
+ (11)
+ (11)
+ (10)
+ (10)
+ (10)
+ (10)
+ (10)
+ (10)
+ (10)
+ (10)
+ (9)
+ (9)
+ (9)
+ (9)
+ (9)
+ (9)
+ (9)
+ (8)
+ (8)
+ (8)


Users that often use this tag:
homunculus (20)
mathowie (15)
Postroad (10)
scalefree (7)
Steven Den Beste (7)
zarq (6)
jeffburdges (6)
Blazecock Pileon (5)
skallas (5)
tranquileye (5)
vidur (5)
digaman (5)
amberglow (5)
unSane (4)
kliuless (4)
Artw (4)
These Premises Are... (4)
Irontom (4)
chunking express (4)
crunchland (4)
fenriq (4)
the man of twists ... (4)
Foci for Analysis (3)
netbros (3)
Unregistered User (3)
bkdelong (3)
rzklkng (3)
baylink (3)
ed (3)
thescoop (3)
beisny (3)
dejah420 (3)
Wordshore (3)
semmi (3)
Abiezer (3)
DBAPaul (3)
stoneweaver (3)
allkindsoftime (3)
paleyellowwithorange (3)
rschram (2)
Afroblanco (2)
russilwvong (2)
The Whelk (2)
spitefulcrow (2)
johnnydark (2)
tomcosgrave (2)
ericost (2)
Hackworth (2)
orange swan (2)
destrius (2)
Malor (2)
laz-e-boy (2)
Joe Beese (2)
omidius (2)
Nelson (2)
filthy light thief (2)
flabdablet (2)
Zarkonnen (2)
harmful (2)
Ignatius J. Reilly (2)

No lump of clay needed.

“If you lose sight of your keys for the better part of 20 seconds, you should consider them lost,” says Jos Weyers, a Dutch lockpicking guru and security consultant. “If you find them later, consider them a souvenir.” The App I Used to Break Into My Neighbor’s Home
posted by fings on Jul 29, 2014 - 52 comments

“U.S. citizens here?” - “U.S. citizens.”

Arizona’s Checkpoint Rebellion
Liberals, libertarians, retirees, and activists protest against immigration patrols far from the border.

Previously:
DHS Checkpoint Refusals
Am I being detained? Am I free to go?
posted by davidstandaford on Jul 22, 2014 - 39 comments

The *first* revelation this week, at least

This week's Glenn Greenwald revelation is that Britain's GCHQ JTRIG intelligence organization offers its agents and planners tools with abilities to increase the search ranking of chosen web sites, “change outcome of online polls”, “masquerade Facebook Wall Posts for individuals or entire countries”, and accomplish “amplification of a given message, normally video, on popular multimedia websites (Youtube).” [more inside]
posted by XMLicious on Jul 16, 2014 - 54 comments

Journey to the Centre of Google Earth

“But what shall we dream of when everything becomes visible?” Virilio replies: “We’ll dream of being blind."
posted by 0bvious on Jun 24, 2014 - 5 comments

That's amazing. I've got the same combination on my luggage!

Two 14 Year Olds Hack Winnipeg ATM. "Matthew Hewlett and Caleb Turon, both Grade 9 students, found an old ATM operators manual online that showed how to get into the machine's operator mode.... Hewlett and Turon were even more shocked when their first random guess at the six-digit password worked. They used a common default password." [more inside]
posted by Joey Buttafoucault on Jun 17, 2014 - 28 comments

Everything is broken

Everything is broken Next time you think your grandma is uncool, give her credit for her time helping dangerous Russian criminals extort money from offshore casinos with DDoS attacks.
Quinn Norton [previously] breaks down the reasons why computers are so hackable by exploring the realities of how software is made and used.
posted by dobie on May 21, 2014 - 65 comments

Google Has (Almost) All The Email

Even if you don't have a Gmail account, many of your contacts do. So Google has a lot of your email, even if you have been trying hard to avoid that.
posted by COD on May 12, 2014 - 105 comments

18 million reasons to go to two-factor authentication

German authorities have discovered yet another giant database of hacked passwords. The German Federal Office for Information Security says it will have a website allowing people to check if their accounts are affected up and running by Monday. Some 3 million Germans are believed affected; there is no indication that the impact is limited to Germans or Germany. A link to an ARD article on the case is here, in German.
posted by rhombus on Apr 4, 2014 - 26 comments

Cyber Threats Map

Cyber Threat Real-Time Map. This Map Tracks Cyberattacks Around the World in Real Time. [Via]
posted by homunculus on Apr 1, 2014 - 10 comments

How Target Blew It

"The breach could have been stopped there without human intervention. The system has an option to automatically delete malware as it’s detected. But according to two people who audited FireEye's performance after the breach, Target's security team turned that function off." Bloomberg reports today on "Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It." (The Target breach, previously.)
posted by jbickers on Mar 13, 2014 - 55 comments

Snowden To Address Audience in First Live Q&A, Days After EU Testimony

The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards: pervasive end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost-effective basis. The result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion. Governments cannot risk the discovery of their exploits by simply throwing attacks at every “endpoint,” or computer processor on the end of a network connection, in the world. Mass surveillance, passive surveillance, relies upon unencrypted or weakly encrypted communications at the global network level.

Edward Snowden submits written testimony to an EU committee investigating mass surveillance, and answers questions. The testimony takes place 3 days ahead of his highly anticipated SXSW appearance, to take place later today. Snowden is expected to speak about privacy, security, mass surveillance programs, free speech and whistle-blowing in a rare remote video appearance before a live audience.
Kansas Congressman Mike Pompeo finds this “deeply troubling” in a letter he's sent to the organizers of the conference.

Meanwhile, people who wish to #asksnowden questions can use the hashtag on Twitter. The talk is to take place at 12pm PT, today.
posted by fantodstic on Mar 10, 2014 - 89 comments

Keys to the Domain

Meet the people who hold the master keys to the internet. Hear all about their quirky sci-fi get together.
posted by stp123 on Feb 28, 2014 - 35 comments

goto fail;

Yesterday, Feb 21, Apple computer released a security patch with a vague description of SSL fixes. It turns out that it's quite a bug which would trivially allow Man in the Middle attacks for assumed-secure connections via SSL. Folks dug into the code and found the code resulting in the bug. If this affects you and your devices, you might want to go upgrade.
posted by rmd1023 on Feb 22, 2014 - 135 comments

Dear America, I Saw You Naked

The TSA saw the near-miss as proof that aviation security could not be ensured without the installation of full-body scanners in every U.S. airport. But the agency’s many critics called its decision just another knee-jerk response to an attempted terrorist attack. I agreed, and wrote to the Times saying as much. My boss wasn’t happy about it.
“The problem we have here is that you identified yourself as a TSA employee,” she said.

Jason Harrington, author of the formerly anonymous Taking Sense Away blog, on his experiences as a dissenter inside of the Transportation Security Administration.
posted by gauche on Jan 31, 2014 - 71 comments

Security Sunday

Ars Technica reports on malicious extensions on the Chrome web browser, which install advertising-based malware that hijack links and inject ad content. Further speech recognition exploits (source) leave open the opportunity for malicious sites to record sound captured by the user's web browser without permission.
posted by Blazecock Pileon on Jan 26, 2014 - 30 comments

The US has one of the worst payment systems in the entire world

Almost alone among developed nations, U.S. credit and debit cards have a magnetic stripe that contains all the financial information necessary to make a purchase. Once information gets stolen from a merchant, it can be encoded into a magnetic stripe and used with a new card. Smart cards in Europe and elsewhere encrypt that data and store it on a microchip, which is much tougher to replicate. More important, the cards also require a personal identification number (PIN) to work. This “chip-and-PIN” system introduces a second authentication, forcing thieves to have both pieces of information to successfully use the card. It’s a combination of advanced technology and simple common sense. - Your Credit Card Has a Dangerous Flaw That the Banks Refuse to Fix
posted by beisny on Jan 17, 2014 - 138 comments

The science-fiction part of the show is that the Machine is accurate

“Person Of Interest”: The TV Show That Predicted Edward Snowden
posted by Rustic Etruscan on Jan 14, 2014 - 57 comments

RSA Paid by the NSA to screw the USA

"Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show." Previous
posted by stoneweaver on Dec 20, 2013 - 74 comments

I always feel like somebody's watching me

For years we've been told that our laptop cameras and webcams are "hardwired" to an LED such that the camera can't be turned on without triggering the light. Yeah, you can see where this is going (the original paper). The exploit works on pre-2008 Macs, though other laptops and webcams could be vulnerable to a similar exploit. The researchers have a kernel extension to prevent this on 2007 / 2008 MacBooks. My preferred solution for the rest of us.
posted by dirigibleman on Dec 20, 2013 - 96 comments

NSA says: squeeeeeee!

The attack can extract full 4096-bit RSA decryption keys from laptop computers ... within an hour ... using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [more inside]
posted by flabdablet on Dec 19, 2013 - 46 comments

A Hundred Bucks Says You Won't Read This Story

Esquire's Chris Jones looks at the old techniques used to make the new US $100 bill.
posted by reenum on Dec 9, 2013 - 50 comments

That's amazing. I've got the same combination on my luggage.

During the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.
posted by Chrysostom on Dec 2, 2013 - 68 comments

the armor of the body politic

"The American homeland is the planet" Not content with a militarized southern border, the U.S. is now militarizing borders around the world (slsa)
posted by allkindsoftime on Nov 19, 2013 - 7 comments

Terminal Cornucopia

Can common items sold in airports after the security screening be used to build lethal weapons? Yes.
posted by Zarkonnen on Nov 16, 2013 - 57 comments

Privacy is not an end in itself

"In 1967, The Public Interest, then a leading venue for highbrow policy debate, published a provocative essay by Paul Baran, one of the fathers of the data transmission method known as packet switching [and agent of RAND]. Titled “The Future Computer Utility," the essay speculated that someday a few big, centralized computers would provide 'information processing … the same way one now buys electricity. Highly sensitive personal and important business information will be stored in many of the contemplated systems … At present, nothing more than trust—or, at best, a lack of technical sophistication—stands in the way of a would-be eavesdropper.' To read Baran’s essay (just one of the many on utility computing published at the time) is to realize that our contemporary privacy problem is not contemporary. It’s not just a consequence of Mark Zuckerberg’s selling his soul and our profiles to the NSA. The problem was recognized early on, and little was done about it... It’s not enough for a website to prompt us to decide who should see our data. Instead it should reawaken our own imaginations. Designed right, sites would not nudge citizens to either guard or share their private information but would reveal the hidden political dimensions to various acts of information sharing." -- MIT Technology Review on The Real Privacy Problem
posted by Potomac Avenue on Nov 12, 2013 - 17 comments

"There are no real consequences for having bad security.”

Should software makers be held financially liable for the insecurity of their products? "The joke goes that only two industries refer to their customers as “users.” But here's the real punch line: Drug users and software users are about equally likely to recover damages for whatever harms those wares cause them." [more inside]
posted by not_the_water on Nov 7, 2013 - 90 comments

EnCrypt Lock and Buy It

A recent strain of malware called Cryptolocker (technical description from BleepingComputer) has been infecting computers across the Internet. It's of the Ransomware (wiki) genre of attack, and searches a computer's drive for critical files by browsing their extensions (for example, focusing on word processing documents, images and music) and encrypts them with its own key that you can then buy back from the hacker for a fee of $100 to $300 dollars payable in Bitcoins. More information about the virus and how to avoid it is available at Krebs On Security, and the Malwarebytes Blog, with more recent developments on Naked Security.
posted by codacorolla on Nov 7, 2013 - 177 comments

The Internet Bug Bounty

Rewarding friendly hackers who contribute to a more secure internet. "We've selected some of the most important software that supports the internet stack, and we want you to hack it. If the public is demonstrably safer as a result of your contribution to internet security, we'd like to be the first to recognize your work and say "thanks" by sending some cash to you or your favorite non-profit." This is a full disclosure bug bounty program, and all vulnerability reports will eventually be made public. Also featuring an Allie Brosh logo for The Internet.
posted by destrius on Nov 6, 2013 - 15 comments

‘PRISM: The SIGAD Used *Most* in NSA Reports!’

How would you, as a junior analyst in S2C41, the branch of the Signals Intelligence Directorate, navigate the millions of records logged daily, in order to find the nugget to get you noticed? “EVILOLIVE, MADCAPOCELOT, ORANGECRUSH, COBALTFALCON, DARKTHUNDER: the names are beguiling. But they don’t always tell us much, which is their reason for existing: covernames aren’t classified, and many of them – including the names of the NSA’s main databases for intercepted communications data, MAINWAY, MARINA, PINWALE and NUCLEON – have been seen in public before, in job ads and resumés posted online.” Daniel Soar sorts through the possibilities in the London Review of Books, 24 Oct 2013. (See also William Arkin's blog on codenames) [more inside]
posted by zbsachs on Nov 4, 2013 - 33 comments

Aviator

Aviator, a web browser from WhiteHat Security. [more inside]
posted by chunking express on Oct 30, 2013 - 53 comments

Ransomware & Rogues Galore

Youtube user rogueamp dedicates his channel to discussing fraudulent antivirus software, AKA "rogues" and "ransomware". (MLYT)
posted by Evernix on Oct 26, 2013 - 7 comments

LinkedIn offer to man-in-the-middle all your email, for free!

LinkedIn offer to man-in-the-middle all of your email, for free! LinkedIn Intro is a new service by LinkedIn, adding inline data to all your iOS emails. "But how can they read my emails?!" you ask: you use the best encryption money can buy! Well, you just need to install one little security certificate... after all, how much of a a bad idea can it be? LinkedIn are well-known for their good security practices!
posted by katrielalex on Oct 25, 2013 - 69 comments

Edit by 04882 joel backdoor

Some D-Link routers have a simple back door in their firmware.
posted by curious nu on Oct 13, 2013 - 61 comments

"Everyone being held was a US citizen."

But that didn't prevent On the Media producer Sarah Abdurrahman and several members of her family and friends from being detained at a Canadian-US border while on the way home from a wedding. The story is all the more frightening as it details Sarah's inability to get any answers about policy from the Border Patrol, including the name of the officers who held her.
posted by Eyeveex on Sep 23, 2013 - 92 comments

All Your ***** Belong To Us

Google knows almost every wi-fi password. Of course this means that the NSA also has access to them. Apple might not be much better.
posted by blue shadows on Sep 16, 2013 - 97 comments

NSA may have secretly made major mathematics breakthrough

If the NSA is able to break through banks' computer security, does that mean it solved the prime factorization problem? The New York Times reported recently that “the agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems.” Since banks' encryption codes rely on the fact that nobody knows how to find the prime factors of really large numbers, it could mean that the NSA has found a way to do that. Or it could mean that the NSA has simply gotten lots of banks to give up their information, or found other ways around their encryption. But if they've cracked this long-standing math problem, might the secret leak? What would be the effects?
posted by Sleeper on Sep 12, 2013 - 60 comments

Showdown at the Airport Body Scanner

"As I watch fellow passengers walk into the machines, posing with their arms raised over their heads like prison inmates submitting to a strip search, I feel proud of my small act of protest. Then I spread my legs and await my public groping."
posted by paleyellowwithorange on Sep 3, 2013 - 136 comments

Cookieless Monster

Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting [pdf]. From the 2013 IEEE Symposium on Security and Privacy, this article examines "how web-based device fingerprinting currently works on the Internet. By analyzing the code of three popular browser-fingerprinting code providers, we reveal the techniques that allow websites to track users without the need of client-side identifiers [i.e. cookies]." [more inside]
posted by paleyellowwithorange on Aug 28, 2013 - 33 comments

"...I assumed that this was another such check."

Don't fly during Ramadan. Aditya Mukerjee describes his experience while attempting to clear the U.S. Transportation Security Administration's checks and board a JetBlue flight. After being cleared by the TSA, following two hours of questioning and checks, Mukerjee was prevented by JetBlue from boarding his intended flight. He was offered rebooking for the following day and, when he declined, given a refund.

This isn't the first time that the TSA and JetBlue have been called out for this type of action.
posted by fireoyster on Aug 22, 2013 - 149 comments

Perhaps they could call it WOPR

To reduce the risk of future Edward Snowden style leaks, the NSA wants to reduce the number of people in the loop. Director Keith Alexander told Reuters that the NSA plans to eliminate fully 90 percent of its system administrators and replace them with machines.
posted by Naberius on Aug 9, 2013 - 104 comments

Possible FBI infiltration of TOR

In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail. FreedomWeb, an Irish company known for providing hosting for Tor "hidden services" -- services reached over the Tor anonymized/encrypted network -- has shut down after its owner, Eric Eoin Marques, was arrested over allegations that he had facilitated the spread of child pornography. [more inside]
posted by whyareyouatriangle on Aug 4, 2013 - 126 comments

Snowden walks free in Russia

Russia grants Snowden asylum ; US government goes apeshit. [more inside]
posted by allkindsoftime on Aug 1, 2013 - 295 comments

Hacker Barnaby Jack, dead at 35

Barnaby Jack, a hacker and security researcher previously known for his hacks involving ATMs and insulin pumps, has died in San Francisco. He was 35. His death came just days before he was to give a presentation about techniques for hacking implanted heart devices, which could kill a person from 30 feet away.
posted by anemone of the state on Jul 28, 2013 - 27 comments

The price of security

PreCheck, a new program instituted by the TSA, will allow passengers to keep their shoes, jackets and belts during screening, as well as allow laptop computers and approved liquids to remain in bags for a fee of $85.
posted by Omon Ra on Jul 25, 2013 - 216 comments

Banana Wisconsin

Bulletproof Security is a paramilitary security company. They have provided security to Habitat for Humanity and Empire CAT among others. [more inside]
posted by Pogo_Fuzzybutt on Jul 8, 2013 - 42 comments

Grenades, Bayonets, and Tasers. Oh My!

The TSA has started an Instagram page showing confiscated items from TSA checkpoints in airports around the country.
posted by reenum on Jul 3, 2013 - 36 comments

ILOVEYOU & other trips down viral memory lane

Relive techno fears of yore ... malware aficionado Daniel White collects vintage computer viruses, infects his machines and records the results. See more examples at his YouTube channel.
posted by madamjujujive on Jun 30, 2013 - 22 comments

Why Fear Always Wins

Imagine two politicians: One preaches fear and excessive "security," while the other says terrorism is a negligible risk. They hold, like me, that risk is part of life, and that while some security is necessary, we should mostly just refuse to be terrorized and get on with our lives. Fast-forward 10 years. If I'm right and there have been no more terrorist attacks, the preacher of fear takes credit for keeping us safe. But if a terrorist attack has occurred, my government career is over.
posted by blankdawn on Jun 28, 2013 - 40 comments

Facebook fixed a "shadow profile" leak, but don't quite say what leaked

Going back to at least 2011, it was believed that Facebook kept "shadow profiles" of users and non-users, accumulating information when users synchronize mobile phones, import personal data from e-mail providers, import personal information from instant messaging services, send invitations to friends or make search queries for other people on Facebook. In early 2012, four members of the U.S. House of Representatives Energy and Commerce Committee's Subcommittee on Oversight and Investigations demanded answers from Facebook (PDF) and were told that non-users didn't have "shadow profiles", but the contents of the reply were not made public. Just this past Friday, Facebook released an "Important Message" on a data leak they closed, in which information from members' "shadow profiles" could be obtained. [more inside]
posted by filthy light thief on Jun 23, 2013 - 27 comments

Yahoo is releasing inactive Yahoo IDs

Yahoo, on June 12, announced that it is releasing inactive IDs. Yahoo says they are "committed and confident," while others think it is a "spectacularly bad idea" and a "dirty trick."
posted by TrolleyOffTheTracks on Jun 19, 2013 - 83 comments

Page: 1 2 3 4 5 6 7 8 ... 13