684 posts tagged with security.
Displaying 1 through 50 of 684. Subscribe:

built on sand

When workers first arrived on the lot that Monday morning, they got a message through a security guard or a colleague or a handwritten sign taped up to the wall: Don’t turn on your computer. Later, someone might pop in and deliver the latest directive fourth-hand: “Unplug your computer from the wall.“ Which plug? The network cable? The power cord? Who knows? Just unplug everything. Says one worker: “It was all the hysteria of not knowing.” --One year later, what it was like to work at Sony when all their internal systems got hacked.
posted by Potomac Avenue on Nov 24, 2015 - 16 comments

Eleanor Saitta calls for secure decentralized collaboration tools

"Given that we still have so far to go, why am I telling people they should stop writing secure messaging tools? Because we have too many other tools we also need." Decentralized collaboration is how programmers work on software projects; it's also a good model for nonprofits, NGOs, and distributed teams of all kinds, especially ones which operate in risky environments or have powerful adversaries, according to this essay by Eleanor Saitta, a security consultant, systems thinker, and activist. She lists a number of system properties such teams need (decentralization, offline-friendliness, end-to-end encryption, etc) and two dozen ideas for needed tools: mind mapping, wiki, map-based storytelling, work assignment and tracking, reference management, and so on. [more inside]
posted by mbrock on Nov 23, 2015 - 21 comments

I started this business because my mom was too lazy to roll dice

Mira is a sixth grade student in NYC. In this century's answer to a lemonade stand, she started a business hand-crafting memorable, nearly unbreakable passwords.
posted by Mchelly on Oct 28, 2015 - 69 comments

Obviously the best thing to do is put a chip in it

Internet of Shit. Laugh now, while you can still buy a toaster that doesn't have Linux on it. The Internet of Things previously: 1, 2
posted by jklaiho on Oct 27, 2015 - 87 comments

In Case You Aren't Paranoid Enough About Social Media & Privacy

"One broader implication of this is that no one should take the NSA seriously when they say they are only collecting “metadata” on whom someone contacts, rather than the content of the communication. Social network metadata is incredibly powerful." How to tell whether a Twitter user is pro-choice or pro-life without reading any of their tweets
posted by COD on Oct 9, 2015 - 47 comments

Why you might want to shred your boarding pass after flying

If you leave your boarding pass in the seat-pocket in front of you after your flight has landed, someone else could upload it to this site, and you might be surprised at how much they could find out about you.
posted by John Cohen on Oct 8, 2015 - 39 comments

CJEU Strikes Down Safe Harbour Data Sharing

Europe's top court, the Court of Justice of the European Union (CJEU), has struck down the 15-year-old Safe Harbour agreement that allowed the free flow of information between the US and EU.
posted by XtinaS on Oct 6, 2015 - 22 comments

On what street did you lose your childlike sense of wonder?

Nihilistic password security questions
posted by gwint on Oct 5, 2015 - 96 comments

Unlockdown Nation

Why are little kids in Japan so independent? - 'If we had a nonviolent society, kids could walk around on their own, unafraid, like they do in Japan'. (via)
posted by kliuless on Oct 3, 2015 - 83 comments

/ -----///----​///----///----///----​///----///----///​----/// -----/

The Tangled History of Barbed Wire by Robert Zaretsky [Boston Globe]
“Like inventors from Joseph Guillotin to Alfred Nobel, whose creations escaped their original purpose and were yoked to evil ends, Joseph Glidden would have been shocked at what became of his. In 1874, the Illinois farmer and New Hampshire native, fastening sharpened metal knots along thick threads of steel, created barbed wire. Thanks to its high resilience and low cost, the rapid installation of the coils and lasting dissuasion of the barbs, the wire transformed the American West. Ranchers could protect their cattle against predators, both wild and human, as they pushed the frontier ever further west. The wire itself came to be called 'devil’s rope.'”
Previously. Previously. Previously.
posted by Fizz on Sep 26, 2015 - 13 comments

Of course I'd like to sit around and chat... but someone's listening in

Fresh from The Intercept (that fearless vanguard of journalism helmed by Glenn Greenwald and Laura Poitras): disturbing documents exposing the unfathomable reach of the United Kingdom's GCHQ in its quest for total awareness of global internet traffic. A hundred billion user actions logged per day. A "Black Hole" database of 1.1 trillion logs. Frightening programs like KARMA POLICE, MEMORY HOLE, and MUTANT BROTH that correlate the kilo-crore corpus -- IP addresses, cookies, forum posts, search histories, emails, and passwords all compiled and cross-referenced into a real-time "diary" that gives penetrating insight into the relationships, beliefs, and desires of every web user on the planet. Internal documents suggest only widespread encryption can threaten the regime -- a movement the UK is determined to subdue (previously). [more inside]
posted by Rhaomi on Sep 26, 2015 - 105 comments

About that password ...

Utility for testing (and cracking) "Is your password secure? We’ve all heard a lot of advice about what sorts of passwords you should never pick – and there are various tools that claim to assess the security of your password online. However, these can only be dubiously accurate. The only way to really test the security of your passwords is to try to break them. FUD and previously [more inside]
posted by key_of_z on Sep 24, 2015 - 23 comments

click click, clickclick click

How the way you type can shatter anonymity—even on Tor [more inside]
posted by the man of twists and turns on Sep 6, 2015 - 64 comments

Love, Hate, Security, and the Writer

"This was also the tour that I was jumped by a disgruntled fan in the ladies room. A rather tall woman, she may have not been over six feet tall, but only seemed that tall after she slammed me up against the wall, and forced me in a corner (people often seem taller when they’re threatening you). She was angry about the new book, angry about Anita having sex with someone that wasn’t Richard, and angry with me for adding new men to her life, and basically not happy with the way my series had turned in book ten, Narcissus in Chains." Laurell K. Hamilton on book tour woes.
posted by Shmuel510 on Aug 28, 2015 - 24 comments

A QA Engineer walks into a B͏̴͡͡Ą̛Ŗ̴

The Big List of Naughty Strings is a Github repository containing a long list of hypothetical user inputs that can potentially wreck havoc on a computer program, including SQL Injection, malformed and evil HTML, stupid Unicode gimmicks, or innocuous phrases that look like profanity.
posted by schmod on Aug 21, 2015 - 27 comments


Following up on their promise last month to release the data they hacked from Ashley Madison (the online infidelity-enablement site) hackers have released a ship-load personal information on ASM users. The hackers claim it is more of an attack on the shady business practices of the corporation than the users. (Though in contrast to other hacks, it looks like ASM managed to do a better job of storing passwords semi-securely). But certainly a lot of people's private issues are now public, including 10,000 folks with government emails, and many writers are warning: "Don't be smug, this is only the beginning. And Wired has some useful advice on checking out if you or a loved one is among the hacked data: Don't.
posted by Potomac Avenue on Aug 19, 2015 - 396 comments

Blackhat 2015 Keynote

End of the Internet Dream? - by Jennifer Granick This field should be in the lead in evolving a race, class, age, and religiously open society, but it hasn’t been. We could conscientiously try to do this better. We could, and in my opinion should, commit to cultivating talent in unconventional places.

Today, the physical design and the business models that fund the communications networks we use have changed in ways that facilitate rather than defeat censorship and control.
posted by CrystalDave on Aug 18, 2015 - 49 comments

Oracle's CSO praises Free Software

Oracle's CSO wrote a (now deleted) blog post arguing against reverse engineering in which she mocked security researchers, compared them to cheating spouses, accused them of wasting her time, discounted bug-bounty programs, refused to credit vulnerability reporters, and promoted her sister's murder-mystery books. The reaction from the security community was unanimously opposed (1, 2, 3, ...) and some are looking on the lighter side by writing Oracle Fan Fiction.
posted by autopilot on Aug 11, 2015 - 50 comments

The Typewriters That Came In From The Cold

In 1983, the US got a tip-off that the Soviets had designed a new breed of hard-to-find bug, capable of relaying information from office equipment. The Moscow Embassy had more than ten tons of gear, all of which was immediately suspect. It had to be fixed, and now. Problem one: how do you replace it all? Problem two: how do you get the old stuff back? Problem three: what on earth were they looking for? What they found surprised them! A tale of bureaucracy, secrecy, narrow corridors and IBM Selectrics that weren't quite what they seemed. (SL NSA PDF)
posted by Devonian on Aug 5, 2015 - 35 comments

Hackers Remotely Control Jeep Cherokee

Security researchers Charlie Miller (@0xcharlie) and Christopher Valasek (@nudehaberdasher) have found an exploit for Chrysler's Uconnect infotainment system allowing for remote control of many vehicle functions including climate control, audio, braking, and under certain conditions, steering. They plan to release details during a talk at next month's DEFCON 23 hacking conference. Chrysler has already issued a patch for the vulnerability, but it requires a manual update.
posted by Small Dollar on Jul 21, 2015 - 133 comments

Adobe Flash (1996-2015? 2016? SOON?)

Have you kept up with your Flash patches (TWO more major vulnerabilities found in the last week), or is is time to disable it in your browsers or just uninstall it completely? (Uninstall in Windows | Uninstall in Mac) A few hours ago, Mozilla started blocking Flash by default in Firefox. Facebook's new chief security officer wants to set a date to kill Flash. And YouTube gave up on it ages ago, so you don't need Flash to see cute videos.
posted by maudlin on Jul 13, 2015 - 134 comments

ida-cracked-files-sostituire agli originali.rar

Italian surveillence software vendor Hacking Team were hacked, with 400GB of data dumped. According to leaked invoices, Hacking Team sold offensive software to countries including South Korea, Sudan, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia, Ethiopia, Egypt, and Luxemburg. There are initial indications that Hacking Team had pretty poor operation security, for example, using the password Ht2015!. [more inside]
posted by These Premises Are Alarmed on Jul 6, 2015 - 44 comments


Mozilla is moving to deprecate support of HTTP:

After a robust discussion on our community mailing list, Mozilla is committing to focus new development efforts on the secure web, and start removing capabilities from the non-secure web. There are two broad elements of this plan:
* Setting a date after which all new features will be available only to secure websites
* Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.

posted by Chrysostom on May 1, 2015 - 84 comments

A new wrinkle in "A Wrinkle in Time"

A previously unknown 3-page passage, cut from "A Wrinkle in Time", has been found by Madeline L'Engle's granddaughter, and published by the Wall Street Journal. It provides strong insight into the political thought regarding conformity and security in the book.
“I’ve come to the conclusion,” Mr. Murry said slowly, "that it’s the greatest evil there is. Suppose your great great grandmother, and all those like her, had worried about security? They’d never have gone across the land in flimsy covered wagons. Our country has been greatest when it has been most insecure. This sick longing for security is a dangerous thing, Meg, as insidious as the strontium 90 from our nuclear explosions . . .”
posted by nubs on Apr 17, 2015 - 35 comments

Dealing with the digital afterlife of a hacker

Dealing with the digital afterlife of a hacker It’s been three months since Michael died, and Beth has only been able to access and understand a sliver of what he left behind in the digital world. Kalat, who has been working closely with Beth to access Michael’s data, says this ought to be a wake up call to everyone who spends a significant amount of their life online—not just hackers.
posted by CrystalDave on Mar 23, 2015 - 27 comments

"https://https..." is not from Department of Redundancy Department

Don't want some random hacker looking over your shoulder when you surf U.S. federal government websites? You may be in luck!

Today the White House announced a proposal — https://https.cio.gov/ — to make all public-facing U.S. government websites use HTTPS across the board within two years. Want to give your two cents on the idea? Forget writing a letter, make a pull request! [more inside]
posted by metaquarry on Mar 17, 2015 - 36 comments

Roads? Where We're Going, We Don't Need Roads.

The Obama administration is investigating allegations that two senior Secret Service agents, including a top member of the president’s protective detail, drove a government car into White House security barricades after drinking at a late-night party last week, an agency official said Wednesday.
House Oversight Committee Chairman Jason Chaffetz told CNN that his initial understanding is that the two agents were "partying in Georgetown" when they responded to an incident at the White House. Mr. Chaffetz added: “It’s never good to be drunk at work, especially if you are in the Secret Service.”
posted by Going To Maine on Mar 11, 2015 - 47 comments

10 of the Safest Major Cities Around the World

For the Safe Cities Index 2015, the Economist Intelligence Unit (EIU) ranked 50 of the world's biggest cities on:

Digital security: Identity theft, online privacy
Health security: Environment, air and water quality
Infrastructure safety: Buildings, roads, bridges
Personal safety: Crime, violence

Lifehacker looks at the results. [more inside]
posted by ellieBOA on Mar 11, 2015 - 35 comments

That last line sounds kind of familiar

Here's what happens when you install the top ten download.com apps.
posted by DoctorFedora on Jan 13, 2015 - 123 comments

Redditor does the research behind the Sony Pictures hacking scandal.

Redditor CSMastermind composes an epic timeline of the Sony information breach. Well sourced, and in laymans terms. [more inside]
posted by butterstick on Dec 21, 2014 - 100 comments

Tchotchkes of our inner lives

There is more to passwords than their annoyance. In our authorship of them, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives. Many of our passwords are suffused with pathos, mischief, sometimes even poetry. Often they have rich back stories. A motivational mantra, a swipe at the boss, a hidden shrine to a lost love, an inside joke with ourselves, a defining emotional scar — these keepsake passwords, as I came to call them, are like tchotchkes of our inner lives. Ian Urbina looks at The Secret Lives of Passwords for the NYT Magazine. (Possible trigger warning - opens with Cantor Fitzgerald looking for passwords the day after 9/11.) [more inside]
posted by RedOrGreen on Nov 21, 2014 - 32 comments

Mind the Gap

We used to think that the ultimate in security was a stand-alone (that is, off the network) computer, sort of like a room with no doors. How can an attacker get in If there's no way to get in? Such computers are referred to as air-gapped. But as early as 1985, it became clear that we might be able to read the contents of a monitor screen from the next room using Van Eck phreaking (dramatized by Neal Stephenson in Cryptonomicon). Now it appears things are even worse. [more inside]
posted by ubiquity on Oct 31, 2014 - 50 comments

(Tweet & Tell Them To Support 2FA)

twofactorauth.org is a site that catalogs digital services based on whether or not they support two factor authentication.
posted by Going To Maine on Oct 26, 2014 - 29 comments

I know who you are and I saw what you did.

How secure is public wi-fi? A lot less than you probably imagine.
posted by Obscure Reference on Oct 20, 2014 - 52 comments

The Internet has been bitten by POODLE

POODLE (Padding Oracle On Downgraded Legacy Encryption) is the latest exploit found in SSL, a protocol used widely across the Internet for secure connections. Engineers at Google discovered the exploit, and they have written a white paper discussing it. In response, Google is disabling SSL in all Google products. Some are calling this the death of SSL. For web users, disabling SSL in your browser is recommended. Here is a tool to identify if your browser is potentially affected by the POODLE exploit.
posted by deathpanels on Oct 16, 2014 - 97 comments

The NSA and me

The NSA and Me is an essay by James Bamford, author of The Puzzle Palace, an early book on the agency. It details how he came to write the book, and the NSA's efforts to keep him from publishing it in the late 70s/early 80s.
posted by Harald74 on Oct 13, 2014 - 13 comments

Running a server? Drop everything and update it now!

Bash software bug may pose bigger threat than Heartbleed. [more inside]
posted by furtive on Sep 24, 2014 - 183 comments

Knee-deep in the Print Head

To highlight the vulnerabilities of an unsecured web interface in Canon Pixma printers that allows the uploading of arbitrary binaries as firmware, information security consultant Michael Jordan has made a printer run Doom (video) as part of a presentation at 44Con 2014. [via]
posted by figurant on Sep 15, 2014 - 30 comments

The (Silk) Road to Hell is paved with noob mistakes

The FBI has recently released details on how the Silk Road black market was taken down. [more inside]
posted by ubiquity on Sep 12, 2014 - 37 comments

Carry That Weight

Emma Sulkowicz is a student at Columbia University; she was raped by a fellow student during her sophomore year, and is one of 23 Columbia and Barnard students who filed a federal Title IX complaint in April alleging that the university mishandled sexual assault cases. Now a senior, Emma plans on carrying an extra-long, twin-size mattress across the quad and through each New York City building – to every class, every day – until the man she says raped her moves off campus, as her senior art thesis, "Carry That Weight" [more inside]
posted by roomthreeseventeen on Sep 3, 2014 - 178 comments

The evolution of credit card skimmers, and how to protect yourself

Credit card skimming was something of a myth in the early 2000s, until someone was caught skimming in 2002 in San Mateo, California. The next year, a skimmer was found on an ATM in a New York deli, and skimmers have been improving every year, following additional protective measures on a range of credit card reading devices, as detailed in Gizmodo's article on the evolution of skimmers. [more inside]
posted by filthy light thief on Sep 2, 2014 - 43 comments

If we're not in pain, we're not alive

You invest so much in it, don't you? It's what elevates you above the beasts of the field, it's what makes you special. Homo sapiens, you call yourself. Wise Man. Do you even know what it is, this consciousness you cite in your own exaltation? Do you even know what it's for?
Dr. Peter Watts is no stranger to MetaFilter. But look past his sardonic nuptials, heartbreaking eulogies, and agonizing run-ins with fascists (and fasciitis) and you'll find one of the most brilliant, compelling, and disquieting science fiction authors at work today. A marine biologist skilled at deep background research, his acclaimed 2006 novel Blindsight [full text] -- a cerebral "first contact" tale led by a diverse crew of bleeding-edge post-humans -- is diamond-hard and deeply horrifying, wringing profound existential dread from such abstruse concepts as the Chinese Room, the Philosophical Zombie, Chernoff faces, and the myriad quirks and blind spots that haunt the human mind. But Blindsight's last, shattering insight is not the end of the story -- along with crew/ship/"Firefall" notes, a blackly funny in-universe lecture on resurrecting sociopathic vampirism (PDF - prev.), and a rigorously-cited (and spoiler-laden) reference section, tomorrow will see the release of Dumbspeech State of Grace Echopraxia [website], the long-delayed "sidequel" depicting parallel events on Earth. Want more? Look inside for a guide to the rest of Watts' award-winning (and provocative) body of work. [more inside]
posted by Rhaomi on Aug 25, 2014 - 84 comments


A scan for systems allowing remote desktop connections without passwords performed during a Defcon talk about the Masscan tool found a wide variety of system open for anyone with knowledge of the correct IP address, such as access to a hockey rink, a manufacturing plant for a Swedish condiment, hydroelectric plants and a lot more. [more inside]
posted by rpn on Aug 15, 2014 - 17 comments

Why the Security of USB Is Fundamentally Broken

Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn't just in what they carry, it's built into the core of how they work.
posted by paleyellowwithorange on Aug 11, 2014 - 70 comments

Snowden granted 3-year stay in Russia.

After several days in legal limbo, the world's most notorious whistleblower, Edward Snowden, has been granted a three-year stay in Russia. This is amid breaking news of Russia's issuing of a menu of its own sanctions against U.S./E.U. countries, et al. The former NSA employee has been stranded in Russia for more than a year. Recently, new leaks by other, as yet unknown whistle-blower(s) other than Snowden have surfaced, according to U.S. authorities. The leaks detail certain "rules" for targeting of people for surveillance (including merely searching for privacy software), as well as details on the kind of activity or relationships which may put innocent people on terrorist watch lists.
posted by fantodstic on Aug 7, 2014 - 54 comments

No lump of clay needed.

“If you lose sight of your keys for the better part of 20 seconds, you should consider them lost,” says Jos Weyers, a Dutch lockpicking guru and security consultant. “If you find them later, consider them a souvenir.” The App I Used to Break Into My Neighbor’s Home
posted by fings on Jul 29, 2014 - 54 comments

“U.S. citizens here?” - “U.S. citizens.”

Arizona’s Checkpoint Rebellion
Liberals, libertarians, retirees, and activists protest against immigration patrols far from the border.

DHS Checkpoint Refusals
Am I being detained? Am I free to go?
posted by davidstandaford on Jul 22, 2014 - 40 comments

The *first* revelation this week, at least

This week's Glenn Greenwald revelation is that Britain's GCHQ JTRIG intelligence organization offers its agents and planners tools with abilities to increase the search ranking of chosen web sites, “change outcome of online polls”, “masquerade Facebook Wall Posts for individuals or entire countries”, and accomplish “amplification of a given message, normally video, on popular multimedia websites (Youtube).” [more inside]
posted by XMLicious on Jul 16, 2014 - 54 comments

Journey to the Centre of Google Earth

“But what shall we dream of when everything becomes visible?” Virilio replies: “We’ll dream of being blind."
posted by 0bvious on Jun 24, 2014 - 5 comments

That's amazing. I've got the same combination on my luggage!

Two 14 Year Olds Hack Winnipeg ATM. "Matthew Hewlett and Caleb Turon, both Grade 9 students, found an old ATM operators manual online that showed how to get into the machine's operator mode.... Hewlett and Turon were even more shocked when their first random guess at the six-digit password worked. They used a common default password." [more inside]
posted by Joey Buttafoucault on Jun 17, 2014 - 28 comments

Page: 1 2 3 4 5 6 7 8 ... 14