Ars Technica reports on malicious extensions on the Chrome web browser, which install advertising-based malware that hijack links and inject ad content. Further speech recognition exploits (source) leave open the opportunity for malicious sites to record sound captured by the user's web browser without permission.
"In 1967, The Public Interest, then a leading venue for highbrow policy debate, published a provocative essay by Paul Baran, one of the fathers of the data transmission method known as packet switching [and agent of RAND]. Titled “The Future Computer Utility," the essay speculated that someday a few big, centralized computers would provide 'information processing … the same way one now buys electricity. Highly sensitive personal and important business information will be stored in many of the contemplated systems … At present, nothing more than trust—or, at best, a lack of technical sophistication—stands in the way of a would-be eavesdropper.' To read Baran’s essay (just one of the many on utility computing published at the time) is to realize that our contemporary privacy problem is not contemporary. It’s not just a consequence of Mark Zuckerberg’s selling his soul and our profiles to the NSA. The problem was recognized early on, and little was done about it... It’s not enough for a website to prompt us to decide who should see our data. Instead it should reawaken our own imaginations. Designed right, sites would not nudge citizens to either guard or share their private information but would reveal the hidden political dimensions to various acts of information sharing." -- MIT Technology Review on The Real Privacy Problem
NASA will send you an email or text alert when the International Space Station is visible from your area. IBM scientists have recently made significant advances in nanotechnology. A mathematician thought a poorly-encrypted headhunting email from Google was testing him, but he had actually discovered a major security hole. All of this found via The Brief: A Daily Briefing of Technology News Worth Caring About from MeFi's own nostrich. [via mefi projects]
The holiday season isn't always relaxing for those in the computing security field. 2011's Chaos Communication Congress brought many gifts in the form of vulnerability disclosures, including: malicious documents that infect HP printers, remote control vulnerabilities in prison lock systems, and denial-of-service attacks against Web servers written in just about every scripting language.
Security researchers at North Carolina State University led by Xuxian Jiang (who had previously discovered 12 malicious Android applications sold through Google's Android Market) have uncovered holes in how the permissions-based security model is enforced on numerous Android devices. Called "leaks", these vulnerabilities allow new and existing malicious applications to eavesdrop on calls, track the user's location, install applications, send SMS messages, delete data from the device, and more. (via)
Logging out of Facebook is not enough - Nik Cubrilovic demonstrates how, even after logging out, Facebook tracks every page you visit on sites that integrate Facebook services [via]
“When it comes to user privacy, SSL is the elephant in the room.” Meet Firesheep: a Firefox plugin that sniffs out unencrypted HTTP sessions on your network segment and lets you impersonate any of the users found. Eric Butler unveiled it today at Toorcon 12, a San Diego conference on computing security, and it demonstrates what amounts to a gaping hole in the Web security model.
New Phase for Sobig.f Expected to Hit Friday. Any . . . minute . . . now. . .