Skip

655 posts tagged with security.
Displaying 1 through 50 of 655. Subscribe:

Redditor does the research behind the Sony Pictures hacking scandal.

Redditor CSMastermind composes an epic timeline of the Sony information breach. Well sourced, and in laymans terms. [more inside]
posted by butterstick on Dec 21, 2014 - 71 comments

Tchotchkes of our inner lives

There is more to passwords than their annoyance. In our authorship of them, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives. Many of our passwords are suffused with pathos, mischief, sometimes even poetry. Often they have rich back stories. A motivational mantra, a swipe at the boss, a hidden shrine to a lost love, an inside joke with ourselves, a defining emotional scar — these keepsake passwords, as I came to call them, are like tchotchkes of our inner lives. Ian Urbina looks at The Secret Lives of Passwords for the NYT Magazine. (Possible trigger warning - opens with Cantor Fitzgerald looking for passwords the day after 9/11.) [more inside]
posted by RedOrGreen on Nov 21, 2014 - 32 comments

Mind the Gap

We used to think that the ultimate in security was a stand-alone (that is, off the network) computer, sort of like a room with no doors. How can an attacker get in If there's no way to get in? Such computers are referred to as air-gapped. But as early as 1985, it became clear that we might be able to read the contents of a monitor screen from the next room using Van Eck phreaking (dramatized by Neal Stephenson in Cryptonomicon). Now it appears things are even worse. [more inside]
posted by ubiquity on Oct 31, 2014 - 50 comments

(Tweet & Tell Them To Support 2FA)

twofactorauth.org is a site that catalogs digital services based on whether or not they support two factor authentication.
posted by Going To Maine on Oct 26, 2014 - 29 comments

I know who you are and I saw what you did.

How secure is public wi-fi? A lot less than you probably imagine.
posted by Obscure Reference on Oct 20, 2014 - 52 comments

The Internet has been bitten by POODLE

POODLE (Padding Oracle On Downgraded Legacy Encryption) is the latest exploit found in SSL, a protocol used widely across the Internet for secure connections. Engineers at Google discovered the exploit, and they have written a white paper discussing it. In response, Google is disabling SSL in all Google products. Some are calling this the death of SSL. For web users, disabling SSL in your browser is recommended. Here is a tool to identify if your browser is potentially affected by the POODLE exploit.
posted by deathpanels on Oct 16, 2014 - 97 comments

The NSA and me

The NSA and Me is an essay by James Bamford, author of The Puzzle Palace, an early book on the agency. It details how he came to write the book, and the NSA's efforts to keep him from publishing it in the late 70s/early 80s.
posted by Harald74 on Oct 13, 2014 - 13 comments

Running a server? Drop everything and update it now!

Bash software bug may pose bigger threat than Heartbleed. [more inside]
posted by furtive on Sep 24, 2014 - 183 comments

Knee-deep in the Print Head

To highlight the vulnerabilities of an unsecured web interface in Canon Pixma printers that allows the uploading of arbitrary binaries as firmware, information security consultant Michael Jordan has made a printer run Doom (video) as part of a presentation at 44Con 2014. [via]
posted by figurant on Sep 15, 2014 - 30 comments

The (Silk) Road to Hell is paved with noob mistakes

The FBI has recently released details on how the Silk Road black market was taken down. [more inside]
posted by ubiquity on Sep 12, 2014 - 37 comments

Carry That Weight

Emma Sulkowicz is a student at Columbia University; she was raped by a fellow student during her sophomore year, and is one of 23 Columbia and Barnard students who filed a federal Title IX complaint in April alleging that the university mishandled sexual assault cases. Now a senior, Emma plans on carrying an extra-long, twin-size mattress across the quad and through each New York City building – to every class, every day – until the man she says raped her moves off campus, as her senior art thesis, "Carry That Weight" [more inside]
posted by roomthreeseventeen on Sep 3, 2014 - 178 comments

The evolution of credit card skimmers, and how to protect yourself

Credit card skimming was something of a myth in the early 2000s, until someone was caught skimming in 2002 in San Mateo, California. The next year, a skimmer was found on an ATM in a New York deli, and skimmers have been improving every year, following additional protective measures on a range of credit card reading devices, as detailed in Gizmodo's article on the evolution of skimmers. [more inside]
posted by filthy light thief on Sep 2, 2014 - 43 comments

If we're not in pain, we're not alive

You invest so much in it, don't you? It's what elevates you above the beasts of the field, it's what makes you special. Homo sapiens, you call yourself. Wise Man. Do you even know what it is, this consciousness you cite in your own exaltation? Do you even know what it's for?
Dr. Peter Watts is no stranger to MetaFilter. But look past his sardonic nuptials, heartbreaking eulogies, and agonizing run-ins with fascists (and fasciitis) and you'll find one of the most brilliant, compelling, and disquieting science fiction authors at work today. A marine biologist skilled at deep background research, his acclaimed 2006 novel Blindsight [full text] -- a cerebral "first contact" tale led by a diverse crew of bleeding-edge post-humans -- is diamond-hard and deeply horrifying, wringing profound existential dread from such abstruse concepts as the Chinese Room, the Philosophical Zombie, Chernoff faces, and the myriad quirks and blind spots that haunt the human mind. But Blindsight's last, shattering insight is not the end of the story -- along with crew/ship/"Firefall" notes, a blackly funny in-universe lecture on resurrecting sociopathic vampirism (PDF - prev.), and a rigorously-cited (and spoiler-laden) reference section, tomorrow will see the release of Dumbspeech State of Grace Echopraxia [website], the long-delayed "sidequel" depicting parallel events on Earth. Want more? Look inside for a guide to the rest of Watts' award-winning (and provocative) body of work. [more inside]
posted by Rhaomi on Aug 25, 2014 - 84 comments

FRIENDLIEST SCADA ON THE NET

A scan for systems allowing remote desktop connections without passwords performed during a Defcon talk about the Masscan tool found a wide variety of system open for anyone with knowledge of the correct IP address, such as access to a hockey rink, a manufacturing plant for a Swedish condiment, hydroelectric plants and a lot more. [more inside]
posted by rpn on Aug 15, 2014 - 17 comments

Why the Security of USB Is Fundamentally Broken

Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn't just in what they carry, it's built into the core of how they work.
posted by paleyellowwithorange on Aug 11, 2014 - 70 comments

Snowden granted 3-year stay in Russia.

After several days in legal limbo, the world's most notorious whistleblower, Edward Snowden, has been granted a three-year stay in Russia. This is amid breaking news of Russia's issuing of a menu of its own sanctions against U.S./E.U. countries, et al. The former NSA employee has been stranded in Russia for more than a year. Recently, new leaks by other, as yet unknown whistle-blower(s) other than Snowden have surfaced, according to U.S. authorities. The leaks detail certain "rules" for targeting of people for surveillance (including merely searching for privacy software), as well as details on the kind of activity or relationships which may put innocent people on terrorist watch lists.
posted by fantodstic on Aug 7, 2014 - 54 comments

No lump of clay needed.

“If you lose sight of your keys for the better part of 20 seconds, you should consider them lost,” says Jos Weyers, a Dutch lockpicking guru and security consultant. “If you find them later, consider them a souvenir.” The App I Used to Break Into My Neighbor’s Home
posted by fings on Jul 29, 2014 - 54 comments

“U.S. citizens here?” - “U.S. citizens.”

Arizona’s Checkpoint Rebellion
Liberals, libertarians, retirees, and activists protest against immigration patrols far from the border.

Previously:
DHS Checkpoint Refusals
Am I being detained? Am I free to go?
posted by davidstandaford on Jul 22, 2014 - 40 comments

The *first* revelation this week, at least

This week's Glenn Greenwald revelation is that Britain's GCHQ JTRIG intelligence organization offers its agents and planners tools with abilities to increase the search ranking of chosen web sites, “change outcome of online polls”, “masquerade Facebook Wall Posts for individuals or entire countries”, and accomplish “amplification of a given message, normally video, on popular multimedia websites (Youtube).” [more inside]
posted by XMLicious on Jul 16, 2014 - 54 comments

Journey to the Centre of Google Earth

“But what shall we dream of when everything becomes visible?” Virilio replies: “We’ll dream of being blind."
posted by 0bvious on Jun 24, 2014 - 5 comments

That's amazing. I've got the same combination on my luggage!

Two 14 Year Olds Hack Winnipeg ATM. "Matthew Hewlett and Caleb Turon, both Grade 9 students, found an old ATM operators manual online that showed how to get into the machine's operator mode.... Hewlett and Turon were even more shocked when their first random guess at the six-digit password worked. They used a common default password." [more inside]
posted by Joey Buttafoucault on Jun 17, 2014 - 28 comments

Everything is broken

Everything is broken Next time you think your grandma is uncool, give her credit for her time helping dangerous Russian criminals extort money from offshore casinos with DDoS attacks.
Quinn Norton [previously] breaks down the reasons why computers are so hackable by exploring the realities of how software is made and used.
posted by dobie on May 21, 2014 - 65 comments

Google Has (Almost) All The Email

Even if you don't have a Gmail account, many of your contacts do. So Google has a lot of your email, even if you have been trying hard to avoid that.
posted by COD on May 12, 2014 - 105 comments

18 million reasons to go to two-factor authentication

German authorities have discovered yet another giant database of hacked passwords. The German Federal Office for Information Security says it will have a website allowing people to check if their accounts are affected up and running by Monday. Some 3 million Germans are believed affected; there is no indication that the impact is limited to Germans or Germany. A link to an ARD article on the case is here, in German.
posted by rhombus on Apr 4, 2014 - 26 comments

Cyber Threats Map

Cyber Threat Real-Time Map. This Map Tracks Cyberattacks Around the World in Real Time. [Via]
posted by homunculus on Apr 1, 2014 - 10 comments

How Target Blew It

"The breach could have been stopped there without human intervention. The system has an option to automatically delete malware as it’s detected. But according to two people who audited FireEye's performance after the breach, Target's security team turned that function off." Bloomberg reports today on "Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It." (The Target breach, previously.)
posted by jbickers on Mar 13, 2014 - 55 comments

Snowden To Address Audience in First Live Q&A, Days After EU Testimony

The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards: pervasive end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost-effective basis. The result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion. Governments cannot risk the discovery of their exploits by simply throwing attacks at every “endpoint,” or computer processor on the end of a network connection, in the world. Mass surveillance, passive surveillance, relies upon unencrypted or weakly encrypted communications at the global network level.

Edward Snowden submits written testimony to an EU committee investigating mass surveillance, and answers questions. The testimony takes place 3 days ahead of his highly anticipated SXSW appearance, to take place later today. Snowden is expected to speak about privacy, security, mass surveillance programs, free speech and whistle-blowing in a rare remote video appearance before a live audience.
Kansas Congressman Mike Pompeo finds this “deeply troubling” in a letter he's sent to the organizers of the conference.

Meanwhile, people who wish to #asksnowden questions can use the hashtag on Twitter. The talk is to take place at 12pm PT, today.
posted by fantodstic on Mar 10, 2014 - 89 comments

Keys to the Domain

Meet the people who hold the master keys to the internet. Hear all about their quirky sci-fi get together.
posted by stp123 on Feb 28, 2014 - 35 comments

goto fail;

Yesterday, Feb 21, Apple computer released a security patch with a vague description of SSL fixes. It turns out that it's quite a bug which would trivially allow Man in the Middle attacks for assumed-secure connections via SSL. Folks dug into the code and found the code resulting in the bug. If this affects you and your devices, you might want to go upgrade.
posted by rmd1023 on Feb 22, 2014 - 135 comments

Dear America, I Saw You Naked

The TSA saw the near-miss as proof that aviation security could not be ensured without the installation of full-body scanners in every U.S. airport. But the agency’s many critics called its decision just another knee-jerk response to an attempted terrorist attack. I agreed, and wrote to the Times saying as much. My boss wasn’t happy about it.
“The problem we have here is that you identified yourself as a TSA employee,” she said.

Jason Harrington, author of the formerly anonymous Taking Sense Away blog, on his experiences as a dissenter inside of the Transportation Security Administration.
posted by gauche on Jan 31, 2014 - 71 comments

Security Sunday

Ars Technica reports on malicious extensions on the Chrome web browser, which install advertising-based malware that hijack links and inject ad content. Further speech recognition exploits (source) leave open the opportunity for malicious sites to record sound captured by the user's web browser without permission.
posted by Blazecock Pileon on Jan 26, 2014 - 30 comments

The US has one of the worst payment systems in the entire world

Almost alone among developed nations, U.S. credit and debit cards have a magnetic stripe that contains all the financial information necessary to make a purchase. Once information gets stolen from a merchant, it can be encoded into a magnetic stripe and used with a new card. Smart cards in Europe and elsewhere encrypt that data and store it on a microchip, which is much tougher to replicate. More important, the cards also require a personal identification number (PIN) to work. This “chip-and-PIN” system introduces a second authentication, forcing thieves to have both pieces of information to successfully use the card. It’s a combination of advanced technology and simple common sense. - Your Credit Card Has a Dangerous Flaw That the Banks Refuse to Fix
posted by beisny on Jan 17, 2014 - 138 comments

The science-fiction part of the show is that the Machine is accurate

“Person Of Interest”: The TV Show That Predicted Edward Snowden
posted by Rustic Etruscan on Jan 14, 2014 - 57 comments

RSA Paid by the NSA to screw the USA

"Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show." Previous
posted by stoneweaver on Dec 20, 2013 - 74 comments

I always feel like somebody's watching me

For years we've been told that our laptop cameras and webcams are "hardwired" to an LED such that the camera can't be turned on without triggering the light. Yeah, you can see where this is going (the original paper). The exploit works on pre-2008 Macs, though other laptops and webcams could be vulnerable to a similar exploit. The researchers have a kernel extension to prevent this on 2007 / 2008 MacBooks. My preferred solution for the rest of us.
posted by dirigibleman on Dec 20, 2013 - 96 comments

NSA says: squeeeeeee!

The attack can extract full 4096-bit RSA decryption keys from laptop computers ... within an hour ... using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [more inside]
posted by flabdablet on Dec 19, 2013 - 46 comments

A Hundred Bucks Says You Won't Read This Story

Esquire's Chris Jones looks at the old techniques used to make the new US $100 bill.
posted by reenum on Dec 9, 2013 - 50 comments

That's amazing. I've got the same combination on my luggage.

During the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.
posted by Chrysostom on Dec 2, 2013 - 68 comments

the armor of the body politic

"The American homeland is the planet" Not content with a militarized southern border, the U.S. is now militarizing borders around the world (slsa)
posted by allkindsoftime on Nov 19, 2013 - 7 comments

Terminal Cornucopia

Can common items sold in airports after the security screening be used to build lethal weapons? Yes.
posted by Zarkonnen on Nov 16, 2013 - 57 comments

Privacy is not an end in itself

"In 1967, The Public Interest, then a leading venue for highbrow policy debate, published a provocative essay by Paul Baran, one of the fathers of the data transmission method known as packet switching [and agent of RAND]. Titled “The Future Computer Utility," the essay speculated that someday a few big, centralized computers would provide 'information processing … the same way one now buys electricity. Highly sensitive personal and important business information will be stored in many of the contemplated systems … At present, nothing more than trust—or, at best, a lack of technical sophistication—stands in the way of a would-be eavesdropper.' To read Baran’s essay (just one of the many on utility computing published at the time) is to realize that our contemporary privacy problem is not contemporary. It’s not just a consequence of Mark Zuckerberg’s selling his soul and our profiles to the NSA. The problem was recognized early on, and little was done about it... It’s not enough for a website to prompt us to decide who should see our data. Instead it should reawaken our own imaginations. Designed right, sites would not nudge citizens to either guard or share their private information but would reveal the hidden political dimensions to various acts of information sharing." -- MIT Technology Review on The Real Privacy Problem
posted by Potomac Avenue on Nov 12, 2013 - 17 comments

"There are no real consequences for having bad security.”

Should software makers be held financially liable for the insecurity of their products? "The joke goes that only two industries refer to their customers as “users.” But here's the real punch line: Drug users and software users are about equally likely to recover damages for whatever harms those wares cause them." [more inside]
posted by not_the_water on Nov 7, 2013 - 90 comments

EnCrypt Lock and Buy It

A recent strain of malware called Cryptolocker (technical description from BleepingComputer) has been infecting computers across the Internet. It's of the Ransomware (wiki) genre of attack, and searches a computer's drive for critical files by browsing their extensions (for example, focusing on word processing documents, images and music) and encrypts them with its own key that you can then buy back from the hacker for a fee of $100 to $300 dollars payable in Bitcoins. More information about the virus and how to avoid it is available at Krebs On Security, and the Malwarebytes Blog, with more recent developments on Naked Security.
posted by codacorolla on Nov 7, 2013 - 177 comments

The Internet Bug Bounty

Rewarding friendly hackers who contribute to a more secure internet. "We've selected some of the most important software that supports the internet stack, and we want you to hack it. If the public is demonstrably safer as a result of your contribution to internet security, we'd like to be the first to recognize your work and say "thanks" by sending some cash to you or your favorite non-profit." This is a full disclosure bug bounty program, and all vulnerability reports will eventually be made public. Also featuring an Allie Brosh logo for The Internet.
posted by destrius on Nov 6, 2013 - 15 comments

‘PRISM: The SIGAD Used *Most* in NSA Reports!’

How would you, as a junior analyst in S2C41, the branch of the Signals Intelligence Directorate, navigate the millions of records logged daily, in order to find the nugget to get you noticed? “EVILOLIVE, MADCAPOCELOT, ORANGECRUSH, COBALTFALCON, DARKTHUNDER: the names are beguiling. But they don’t always tell us much, which is their reason for existing: covernames aren’t classified, and many of them – including the names of the NSA’s main databases for intercepted communications data, MAINWAY, MARINA, PINWALE and NUCLEON – have been seen in public before, in job ads and resumés posted online.” Daniel Soar sorts through the possibilities in the London Review of Books, 24 Oct 2013. (See also William Arkin's blog on codenames) [more inside]
posted by zbsachs on Nov 4, 2013 - 33 comments

Aviator

Aviator, a web browser from WhiteHat Security. [more inside]
posted by chunking express on Oct 30, 2013 - 53 comments

Ransomware & Rogues Galore

Youtube user rogueamp dedicates his channel to discussing fraudulent antivirus software, AKA "rogues" and "ransomware". (MLYT)
posted by Evernix on Oct 26, 2013 - 7 comments

LinkedIn offer to man-in-the-middle all your email, for free!

LinkedIn offer to man-in-the-middle all of your email, for free! LinkedIn Intro is a new service by LinkedIn, adding inline data to all your iOS emails. "But how can they read my emails?!" you ask: you use the best encryption money can buy! Well, you just need to install one little security certificate... after all, how much of a a bad idea can it be? LinkedIn are well-known for their good security practices!
posted by katrielalex on Oct 25, 2013 - 69 comments

Edit by 04882 joel backdoor

Some D-Link routers have a simple back door in their firmware.
posted by curious nu on Oct 13, 2013 - 61 comments

"Everyone being held was a US citizen."

But that didn't prevent On the Media producer Sarah Abdurrahman and several members of her family and friends from being detained at a Canadian-US border while on the way home from a wedding. The story is all the more frightening as it details Sarah's inability to get any answers about policy from the Border Patrol, including the name of the officers who held her.
posted by Eyeveex on Sep 23, 2013 - 92 comments

Page: 1 2 3 4 5 6 7 8 ... 14
Posts