Attacking the Washington, D.C. Internet Voting System (PDF). "When we inspected the terminal server’s logs, we noticed that several other attackers [from Iran, New Jersey, India, and China] were attempting to guess the SSH login passwords." J. Alex Halderman, a computer scientist at the University of Michigan, describes how thoroughly he and his team were able to penetrate a pilot Internet voting system run by the District of Columbia, as part of an open public test in 2010. An earlier report on the attack. Via comp.risks. [more inside]
Newstweek: fixing the facts. Newstweek is a device that injects fake news into unsecured wireless connections. More info at hackaday.
The Haystack application aims to use steganography to hide samizdat-type data within a larger stream of innocuous network traffic. Thus, civilians in Iran, for example, could more easily evade Iranian censors and provide the world with an unfiltered report on events within the country. Haystack earned its creator Austin Heap a great deal of positive coverage from the media during the 2009 Iranian election protests. The BBC described Heap as "on the front lines" of the protesters' "Twitter revolution", while The Guardian called him an Innovator of the Year. Despite the laudatory coverage, however, the media were never given a copy of the software to examine. Indeed, not much is known about the software or its inner workings. Specialists in network encryption security were not allowed to perform an independent evaluation of Haystack, despite its distribution to and use by a small number of Iranians, possibly at some risk. As interest in the project widens and criticisms of the media coverage and software continue to mount, Heap has currently asked users to cease using Haystack until a security review can be performed.
The crypto used in 802.11 wireless networking has been cracked. The crack is devastating; it's fast and passive. Simply by listening, the 40-bit key can be cracked in 15 minutes. Worse, the crack scales linearly with the number of bits in the key, so raising the key length to 128 bits would raise the crack time to about an hour. 802.11 is used in such products as the Linksys Etherfast Wireless and the Apple Airport. From now on those products should be considered to be completely insecure.
Roll your own Carnivore. A network security firm has released its own software package to duplicate the abilities of the FBI's packet-sniffing black box. Or at least, its admitted abilities.