Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn't just in what they carry, it's built into the core of how they work
posted by paleyellowwithorange
on Aug 11, 2014 -
This week's Glenn Greenwald revelation
is that Britain's GCHQ JTRIG intelligence organization offers its agents and planners tools
with abilities to increase the search ranking of chosen web sites, “change outcome of online polls”, “masquerade Facebook Wall Posts for individuals or entire countries”, and accomplish “amplification of a given message, normally video, on popular multimedia websites (Youtube).” [more inside]
posted by XMLicious
on Jul 16, 2014 -
Two 14 Year Olds Hack Winnipeg ATM.
"Matthew Hewlett and Caleb Turon, both Grade 9 students, found an old ATM operators manual online that showed how to get into the machine's operator mode.... Hewlett and Turon were even more shocked when their first random guess at the six-digit password worked. They used a common default password." [more inside]
posted by Joey Buttafoucault
on Jun 17, 2014 -
Everything is broken Next time you think your grandma is uncool, give her credit for her time helping dangerous Russian criminals extort money from offshore casinos with DDoS attacks.
] breaks down the reasons why computers are so hackable by exploring the realities of how software is made and used.
posted by dobie
on May 21, 2014 -
“The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards: pervasive end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost-effective basis. The result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion. Governments cannot risk the discovery of their exploits by simply throwing attacks at every “endpoint,” or computer processor on the end of a network connection, in the world. Mass surveillance, passive surveillance, relies upon unencrypted or weakly encrypted communications at the global network level.
Edward Snowden submits written testimony to an EU committee investigating mass surveillance, and answers questions.
The testimony takes place 3 days ahead of his highly anticipated SXSW appearance, to take place later today. Snowden is expected to speak about privacy, security, mass surveillance programs, free speech and whistle-blowing in a rare remote video appearance before a live audience.
Kansas Congressman Mike Pompeo finds this “deeply troubling” in a letter he's sent to the organizers of the conference.
Meanwhile, people who wish to #asksnowden questions can use the hashtag on Twitter. The talk is to take place at 12pm PT, today.
posted by fantodstic
on Mar 10, 2014 -
The TSA saw the near-miss as proof that aviation security could not be ensured without the installation of full-body scanners in every U.S. airport. But the agency’s many critics called its decision just another knee-jerk response to an attempted terrorist attack. I agreed, and wrote to the Times saying as much. My boss wasn’t happy about it.
“The problem we have here is that you identified yourself as a TSA employee,
” she said.
Jason Harrington, author of the formerly anonymous Taking Sense Away
blog, on his experiences as a dissenter inside of the Transportation Security Administration
posted by gauche
on Jan 31, 2014 -
Almost alone among developed nations, U.S. credit and debit cards have a magnetic stripe that contains all the financial information necessary to make a purchase. Once information gets stolen from a merchant, it can be encoded into a magnetic stripe and used with a new card. Smart cards in Europe and elsewhere encrypt that data and store it on a microchip, which is much tougher to replicate. More important, the cards also require a personal identification number (PIN) to work. This “chip-and-PIN” system introduces a second authentication, forcing thieves to have both pieces of information to successfully use the card. It’s a combination of advanced technology and simple common sense. - Your Credit Card Has a Dangerous Flaw That the Banks Refuse to Fix
posted by beisny
on Jan 17, 2014 -
During the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes
posted by Chrysostom
on Dec 2, 2013 -
"In 1967, The Public Interest
, then a leading venue for highbrow policy debate, published a provocative essay by Paul Baran
, one of the fathers of the data transmission method known as packet switching [and agent of RAND
]. Titled “The Future Computer Utility,"
the essay speculated that someday a few big, centralized computers would provide 'information processing … the same way one now buys electricity. Highly sensitive personal and important business information will be stored in many of the contemplated systems … At present, nothing more than trust—or, at best, a lack of technical sophistication—stands in the way of a would-be eavesdropper.' To read Baran’s essay (just one of the many on utility computing published at the time) is to realize that our contemporary privacy problem is not contemporary. It’s not just a consequence of Mark Zuckerberg’s selling his soul and our profiles to the NSA. The problem was recognized early on, and little was done about it... It’s not enough for a website to prompt us to decide who should see our data. Instead it should reawaken our own imaginations. Designed right, sites would not nudge citizens to either guard or share their private information but would reveal the hidden political dimensions to various acts of information sharing." -- MIT Technology Review on The Real Privacy Problem
posted by Potomac Avenue
on Nov 12, 2013 -
A recent strain of malware called Cryptolocker (technical description from BleepingComputer
) has been infecting computers across the Internet. It's of the Ransomware (wiki)
genre of attack, and searches a computer's drive for critical files by browsing their extensions (for example, focusing on word processing documents, images and music) and encrypts them with its own key that you can then buy back from the hacker for a fee of $100 to $300 dollars payable in Bitcoins. More information about the virus and how to avoid it is available at Krebs On Security
, and the Malwarebytes Blog
, with more recent developments on Naked Security
posted by codacorolla
on Nov 7, 2013 -
Rewarding friendly hackers who contribute to a more secure internet.
"We've selected some of the most important software that supports the internet stack, and we want you to hack it. If the public is demonstrably safer as a result of your contribution to internet security, we'd like to be the first to recognize your work and say "thanks" by sending some cash to you or your favorite non-profit." This is a full disclosure bug bounty program, and all vulnerability reports will eventually be made public. Also featuring an Allie Brosh logo for The Internet.
posted by destrius
on Nov 6, 2013 -
How would you, as a junior analyst in S2C41, the branch of the Signals Intelligence Directorate, navigate the millions of records logged daily, in order to find the nugget to get you noticed?
“EVILOLIVE, MADCAPOCELOT, ORANGECRUSH, COBALTFALCON, DARKTHUNDER: the names are beguiling. But they don’t always tell us much, which is their reason for existing: covernames aren’t classified, and many of them – including the names of the NSA’s main databases for intercepted communications data, MAINWAY, MARINA, PINWALE and NUCLEON – have been seen in public before, in job ads and resumés posted online.” Daniel Soar sorts through the possibilities in the London Review of Books
, 24 Oct 2013. (See also William Arkin's blog on codenames) [more inside]
posted by zbsachs
on Nov 4, 2013 -
But that didn't prevent
On the Media producer Sarah Abdurrahman and several members of her family and friends from being detained at a Canadian-US border while on the way home from a wedding. The story is all the more frightening as it details Sarah's inability to get any answers about policy from the Border Patrol, including the name of the officers who held her.
posted by Eyeveex
on Sep 23, 2013 -
If the NSA is able to break through banks' computer security, does that mean it solved the prime factorization problem?
The New York Times reported
recently that “the agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems.” Since banks' encryption codes rely on the fact that nobody knows how to find the prime factors of really large numbers, it could mean that the NSA has found a way to do that. Or it could mean that the NSA has simply gotten lots of banks to give up their information, or found other ways around their encryption. But if they've cracked this long-standing math problem, might the secret leak? What would be the effects?
posted by Sleeper
on Sep 12, 2013 -
Don't fly during Ramadan.
Aditya Mukerjee describes his experience while attempting to clear the U.S. Transportation Security Administration's checks and board a JetBlue flight. After being cleared by the TSA, following two hours of questioning and checks, Mukerjee was prevented by JetBlue from boarding his intended flight. He was offered rebooking for the following day and, when he declined, given a refund.
This isn't the first time that the TSA and JetBlue have been called out for this type of action
posted by fireoyster
on Aug 22, 2013 -
, a new program instituted by the TSA, will allow passengers to keep their shoes, jackets and belts during screening, as well as allow laptop computers and approved liquids to remain in bags for a fee of $85.
posted by Omon Ra
on Jul 25, 2013 -