For years we've been told that our laptop cameras and webcams are "hardwired" to an LED such that the camera can't be turned on without triggering the light. Yeah, you can see where this is going (the original paper). The exploit works on pre-2008 Macs, though other laptops and webcams could be vulnerable to a similar exploit. The researchers have a kernel extension to prevent this on 2007 / 2008 MacBooks. My preferred solution for the rest of us.
Why 256 bit keys are long enough. A nice graphic explanation by Schneier why brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space. [more inside]
The National Security Agency is building a data center in San Antonio that’s the size of the Alamodome. Microsoft has opened an 11-acre data center a few miles away. Coincidence? Not according to author James Bamford, who probably knows more about the NSA than any outsider. Bamford's new book reports that the biggest U.S. spy agency wanted assurances that Microsoft would be in San Antonio before it moved ahead with the Texas Cryptology Center. Bamford notes that under current law, the NSA could legally tap into Microsoft’s data without a court order. Whatever you do, don't take pictures of it the spy building unless you want to be taken in for questioning.
Klaatu barada...Jikto? First there was Nikto. Then along came Wikto. Last Saturday at Shmoocon Billy Hoffman introduced the world to Jitko, a client-side vulnerability scanner that exploits your browser & turns your PC into a platform for finding holes in computers across the Internet (or behind your firewall). Reactions were mixed. Does Jikto go too far?
You know Bruce Schneier the polymath security genius. Now meet Bruce Schneier the kind-hearted reviewer of local Minnesota restaurants. (He doesn't like to give bad reviews -- sounds like "security through obscurity" to me!)
"To tell the truth ... I'm sorta surprised they haven't caught me yet," The Washington Post ran an interesting interview with a botmaster, a young man who made serveral thousands of dollars a month installing XXX spyware on machines that he controlled. He installed the software on the machines of people he did not know by hacking into them remotely. The lenghty article included a partial photo of the botmaster along with vauge descriptions of the small midwestern town where the man lives, and was published with the understanding that the man's identity would be kept secret. Someone should have told that to the person that manages photos at the Washington Post. An estute reader over at Slashdot was able to locate some extra information stored in the picture's metadata including the photographer and the location the picture was taken, Roland, Oklahoma, a town of less than 3000 people. Whoops.
Mitnick and Me. Kevin Mitnick's girlfriend, TechTV producer Darci Wood, blogs their lives and defends his activities in anticipation of Kevin's return to the Internet later this month. Mitnick anticipates the end of his probation in today's NY Times.
Is state government finally doing something right? Who knows? this seems legit enough. Apparently, if you register you can get cyber security alerts delivered to your mailbox. Can I register if I'm from say, Nebraska? Furthermore, how real is the threat to Florida's cyber infrastructure anyways?
This is some scary stuff. Life in prison for malicious hacking? We can't keep rapists and murderers away from society for very long but now hackers & crackers could be jailed for life? And on top of that the FBI can monitor internet packets without a warrant? If you enjoy your freedom from gov't surveillance, it looks like it's time to start using PGP.
These personal computer security tips could prove very useful to anyone looking to secure their data.