665 posts tagged with security.
Displaying 1 through 50 of 665. Subscribe:

Hackers Remotely Control Jeep Cherokee

Security researchers Charlie Miller (@0xcharlie) and Christopher Valasek (@nudehaberdasher) have found an exploit for Chrysler's Uconnect infotainment system allowing for remote control of many vehicle functions including climate control, audio, braking, and under certain conditions, steering. They plan to release details during a talk at next month's DEFCON 23 hacking conference. Chrysler has already issued a patch for the vulnerability, but it requires a manual update.
posted by Small Dollar on Jul 21, 2015 - 132 comments

Adobe Flash (1996-2015? 2016? SOON?)

Have you kept up with your Flash patches (TWO more major vulnerabilities found in the last week), or is is time to disable it in your browsers or just uninstall it completely? (Uninstall in Windows | Uninstall in Mac) A few hours ago, Mozilla started blocking Flash by default in Firefox. Facebook's new chief security officer wants to set a date to kill Flash. And YouTube gave up on it ages ago, so you don't need Flash to see cute videos.
posted by maudlin on Jul 13, 2015 - 134 comments

ida-cracked-files-sostituire agli originali.rar

Italian surveillence software vendor Hacking Team were hacked, with 400GB of data dumped. According to leaked invoices, Hacking Team sold offensive software to countries including South Korea, Sudan, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia, Ethiopia, Egypt, and Luxemburg. There are initial indications that Hacking Team had pretty poor operation security, for example, using the password Ht2015!. [more inside]
posted by These Premises Are Alarmed on Jul 6, 2015 - 44 comments

HTTP SOL

Mozilla is moving to deprecate support of HTTP:

After a robust discussion on our community mailing list, Mozilla is committing to focus new development efforts on the secure web, and start removing capabilities from the non-secure web. There are two broad elements of this plan:
* Setting a date after which all new features will be available only to secure websites
* Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.

posted by Chrysostom on May 1, 2015 - 84 comments

A new wrinkle in "A Wrinkle in Time"

A previously unknown 3-page passage, cut from "A Wrinkle in Time", has been found by Madeline L'Engle's granddaughter, and published by the Wall Street Journal. It provides strong insight into the political thought regarding conformity and security in the book.
“I’ve come to the conclusion,” Mr. Murry said slowly, "that it’s the greatest evil there is. Suppose your great great grandmother, and all those like her, had worried about security? They’d never have gone across the land in flimsy covered wagons. Our country has been greatest when it has been most insecure. This sick longing for security is a dangerous thing, Meg, as insidious as the strontium 90 from our nuclear explosions . . .”

posted by nubs on Apr 17, 2015 - 35 comments

Dealing with the digital afterlife of a hacker

Dealing with the digital afterlife of a hacker It’s been three months since Michael died, and Beth has only been able to access and understand a sliver of what he left behind in the digital world. Kalat, who has been working closely with Beth to access Michael’s data, says this ought to be a wake up call to everyone who spends a significant amount of their life online—not just hackers.
posted by CrystalDave on Mar 23, 2015 - 27 comments

"https://https..." is not from Department of Redundancy Department

Don't want some random hacker looking over your shoulder when you surf U.S. federal government websites? You may be in luck!

Today the White House announced a proposal — https://https.cio.gov/ — to make all public-facing U.S. government websites use HTTPS across the board within two years. Want to give your two cents on the idea? Forget writing a letter, make a pull request! [more inside]
posted by metaquarry on Mar 17, 2015 - 36 comments

Roads? Where We're Going, We Don't Need Roads.

The Obama administration is investigating allegations that two senior Secret Service agents, including a top member of the president’s protective detail, drove a government car into White House security barricades after drinking at a late-night party last week, an agency official said Wednesday.
House Oversight Committee Chairman Jason Chaffetz told CNN that his initial understanding is that the two agents were "partying in Georgetown" when they responded to an incident at the White House. Mr. Chaffetz added: “It’s never good to be drunk at work, especially if you are in the Secret Service.”
posted by Going To Maine on Mar 11, 2015 - 47 comments

10 of the Safest Major Cities Around the World

For the Safe Cities Index 2015, the Economist Intelligence Unit (EIU) ranked 50 of the world's biggest cities on:

Digital security: Identity theft, online privacy
Health security: Environment, air and water quality
Infrastructure safety: Buildings, roads, bridges
Personal safety: Crime, violence

Lifehacker looks at the results. [more inside]
posted by ellieBOA on Mar 11, 2015 - 35 comments

That last line sounds kind of familiar

Here's what happens when you install the top ten download.com apps.
posted by DoctorFedora on Jan 13, 2015 - 123 comments

Redditor does the research behind the Sony Pictures hacking scandal.

Redditor CSMastermind composes an epic timeline of the Sony information breach. Well sourced, and in laymans terms. [more inside]
posted by butterstick on Dec 21, 2014 - 100 comments

Tchotchkes of our inner lives

There is more to passwords than their annoyance. In our authorship of them, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives. Many of our passwords are suffused with pathos, mischief, sometimes even poetry. Often they have rich back stories. A motivational mantra, a swipe at the boss, a hidden shrine to a lost love, an inside joke with ourselves, a defining emotional scar — these keepsake passwords, as I came to call them, are like tchotchkes of our inner lives. Ian Urbina looks at The Secret Lives of Passwords for the NYT Magazine. (Possible trigger warning - opens with Cantor Fitzgerald looking for passwords the day after 9/11.) [more inside]
posted by RedOrGreen on Nov 21, 2014 - 32 comments

Mind the Gap

We used to think that the ultimate in security was a stand-alone (that is, off the network) computer, sort of like a room with no doors. How can an attacker get in If there's no way to get in? Such computers are referred to as air-gapped. But as early as 1985, it became clear that we might be able to read the contents of a monitor screen from the next room using Van Eck phreaking (dramatized by Neal Stephenson in Cryptonomicon). Now it appears things are even worse. [more inside]
posted by ubiquity on Oct 31, 2014 - 50 comments

(Tweet & Tell Them To Support 2FA)

twofactorauth.org is a site that catalogs digital services based on whether or not they support two factor authentication.
posted by Going To Maine on Oct 26, 2014 - 29 comments

I know who you are and I saw what you did.

How secure is public wi-fi? A lot less than you probably imagine.
posted by Obscure Reference on Oct 20, 2014 - 52 comments

The Internet has been bitten by POODLE

POODLE (Padding Oracle On Downgraded Legacy Encryption) is the latest exploit found in SSL, a protocol used widely across the Internet for secure connections. Engineers at Google discovered the exploit, and they have written a white paper discussing it. In response, Google is disabling SSL in all Google products. Some are calling this the death of SSL. For web users, disabling SSL in your browser is recommended. Here is a tool to identify if your browser is potentially affected by the POODLE exploit.
posted by deathpanels on Oct 16, 2014 - 97 comments

The NSA and me

The NSA and Me is an essay by James Bamford, author of The Puzzle Palace, an early book on the agency. It details how he came to write the book, and the NSA's efforts to keep him from publishing it in the late 70s/early 80s.
posted by Harald74 on Oct 13, 2014 - 13 comments

Running a server? Drop everything and update it now!

Bash software bug may pose bigger threat than Heartbleed. [more inside]
posted by furtive on Sep 24, 2014 - 183 comments

Knee-deep in the Print Head

To highlight the vulnerabilities of an unsecured web interface in Canon Pixma printers that allows the uploading of arbitrary binaries as firmware, information security consultant Michael Jordan has made a printer run Doom (video) as part of a presentation at 44Con 2014. [via]
posted by figurant on Sep 15, 2014 - 30 comments

The (Silk) Road to Hell is paved with noob mistakes

The FBI has recently released details on how the Silk Road black market was taken down. [more inside]
posted by ubiquity on Sep 12, 2014 - 37 comments

Carry That Weight

Emma Sulkowicz is a student at Columbia University; she was raped by a fellow student during her sophomore year, and is one of 23 Columbia and Barnard students who filed a federal Title IX complaint in April alleging that the university mishandled sexual assault cases. Now a senior, Emma plans on carrying an extra-long, twin-size mattress across the quad and through each New York City building – to every class, every day – until the man she says raped her moves off campus, as her senior art thesis, "Carry That Weight" [more inside]
posted by roomthreeseventeen on Sep 3, 2014 - 178 comments

The evolution of credit card skimmers, and how to protect yourself

Credit card skimming was something of a myth in the early 2000s, until someone was caught skimming in 2002 in San Mateo, California. The next year, a skimmer was found on an ATM in a New York deli, and skimmers have been improving every year, following additional protective measures on a range of credit card reading devices, as detailed in Gizmodo's article on the evolution of skimmers. [more inside]
posted by filthy light thief on Sep 2, 2014 - 43 comments

If we're not in pain, we're not alive

You invest so much in it, don't you? It's what elevates you above the beasts of the field, it's what makes you special. Homo sapiens, you call yourself. Wise Man. Do you even know what it is, this consciousness you cite in your own exaltation? Do you even know what it's for?
Dr. Peter Watts is no stranger to MetaFilter. But look past his sardonic nuptials, heartbreaking eulogies, and agonizing run-ins with fascists (and fasciitis) and you'll find one of the most brilliant, compelling, and disquieting science fiction authors at work today. A marine biologist skilled at deep background research, his acclaimed 2006 novel Blindsight [full text] -- a cerebral "first contact" tale led by a diverse crew of bleeding-edge post-humans -- is diamond-hard and deeply horrifying, wringing profound existential dread from such abstruse concepts as the Chinese Room, the Philosophical Zombie, Chernoff faces, and the myriad quirks and blind spots that haunt the human mind. But Blindsight's last, shattering insight is not the end of the story -- along with crew/ship/"Firefall" notes, a blackly funny in-universe lecture on resurrecting sociopathic vampirism (PDF - prev.), and a rigorously-cited (and spoiler-laden) reference section, tomorrow will see the release of Dumbspeech State of Grace Echopraxia [website], the long-delayed "sidequel" depicting parallel events on Earth. Want more? Look inside for a guide to the rest of Watts' award-winning (and provocative) body of work. [more inside]
posted by Rhaomi on Aug 25, 2014 - 84 comments

FRIENDLIEST SCADA ON THE NET

A scan for systems allowing remote desktop connections without passwords performed during a Defcon talk about the Masscan tool found a wide variety of system open for anyone with knowledge of the correct IP address, such as access to a hockey rink, a manufacturing plant for a Swedish condiment, hydroelectric plants and a lot more. [more inside]
posted by rpn on Aug 15, 2014 - 17 comments

Why the Security of USB Is Fundamentally Broken

Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn't just in what they carry, it's built into the core of how they work.
posted by paleyellowwithorange on Aug 11, 2014 - 70 comments

Snowden granted 3-year stay in Russia.

After several days in legal limbo, the world's most notorious whistleblower, Edward Snowden, has been granted a three-year stay in Russia. This is amid breaking news of Russia's issuing of a menu of its own sanctions against U.S./E.U. countries, et al. The former NSA employee has been stranded in Russia for more than a year. Recently, new leaks by other, as yet unknown whistle-blower(s) other than Snowden have surfaced, according to U.S. authorities. The leaks detail certain "rules" for targeting of people for surveillance (including merely searching for privacy software), as well as details on the kind of activity or relationships which may put innocent people on terrorist watch lists.
posted by fantodstic on Aug 7, 2014 - 54 comments

No lump of clay needed.

“If you lose sight of your keys for the better part of 20 seconds, you should consider them lost,” says Jos Weyers, a Dutch lockpicking guru and security consultant. “If you find them later, consider them a souvenir.” The App I Used to Break Into My Neighbor’s Home
posted by fings on Jul 29, 2014 - 54 comments

“U.S. citizens here?” - “U.S. citizens.”

Arizona’s Checkpoint Rebellion
Liberals, libertarians, retirees, and activists protest against immigration patrols far from the border.

Previously:
DHS Checkpoint Refusals
Am I being detained? Am I free to go?
posted by davidstandaford on Jul 22, 2014 - 40 comments

The *first* revelation this week, at least

This week's Glenn Greenwald revelation is that Britain's GCHQ JTRIG intelligence organization offers its agents and planners tools with abilities to increase the search ranking of chosen web sites, “change outcome of online polls”, “masquerade Facebook Wall Posts for individuals or entire countries”, and accomplish “amplification of a given message, normally video, on popular multimedia websites (Youtube).” [more inside]
posted by XMLicious on Jul 16, 2014 - 54 comments

Journey to the Centre of Google Earth

“But what shall we dream of when everything becomes visible?” Virilio replies: “We’ll dream of being blind."
posted by 0bvious on Jun 24, 2014 - 5 comments

That's amazing. I've got the same combination on my luggage!

Two 14 Year Olds Hack Winnipeg ATM. "Matthew Hewlett and Caleb Turon, both Grade 9 students, found an old ATM operators manual online that showed how to get into the machine's operator mode.... Hewlett and Turon were even more shocked when their first random guess at the six-digit password worked. They used a common default password." [more inside]
posted by Joey Buttafoucault on Jun 17, 2014 - 28 comments

Everything is broken

Everything is broken Next time you think your grandma is uncool, give her credit for her time helping dangerous Russian criminals extort money from offshore casinos with DDoS attacks.
Quinn Norton [previously] breaks down the reasons why computers are so hackable by exploring the realities of how software is made and used.
posted by dobie on May 21, 2014 - 65 comments

Google Has (Almost) All The Email

Even if you don't have a Gmail account, many of your contacts do. So Google has a lot of your email, even if you have been trying hard to avoid that.
posted by COD on May 12, 2014 - 105 comments

18 million reasons to go to two-factor authentication

German authorities have discovered yet another giant database of hacked passwords. The German Federal Office for Information Security says it will have a website allowing people to check if their accounts are affected up and running by Monday. Some 3 million Germans are believed affected; there is no indication that the impact is limited to Germans or Germany. A link to an ARD article on the case is here, in German.
posted by rhombus on Apr 4, 2014 - 26 comments

Cyber Threats Map

Cyber Threat Real-Time Map. This Map Tracks Cyberattacks Around the World in Real Time. [Via]
posted by homunculus on Apr 1, 2014 - 10 comments

How Target Blew It

"The breach could have been stopped there without human intervention. The system has an option to automatically delete malware as it’s detected. But according to two people who audited FireEye's performance after the breach, Target's security team turned that function off." Bloomberg reports today on "Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It." (The Target breach, previously.)
posted by jbickers on Mar 13, 2014 - 55 comments

Snowden To Address Audience in First Live Q&A, Days After EU Testimony

The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards: pervasive end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost-effective basis. The result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion. Governments cannot risk the discovery of their exploits by simply throwing attacks at every “endpoint,” or computer processor on the end of a network connection, in the world. Mass surveillance, passive surveillance, relies upon unencrypted or weakly encrypted communications at the global network level.

Edward Snowden submits written testimony to an EU committee investigating mass surveillance, and answers questions. The testimony takes place 3 days ahead of his highly anticipated SXSW appearance, to take place later today. Snowden is expected to speak about privacy, security, mass surveillance programs, free speech and whistle-blowing in a rare remote video appearance before a live audience.
Kansas Congressman Mike Pompeo finds this “deeply troubling” in a letter he's sent to the organizers of the conference.

Meanwhile, people who wish to #asksnowden questions can use the hashtag on Twitter. The talk is to take place at 12pm PT, today.
posted by fantodstic on Mar 10, 2014 - 89 comments

Keys to the Domain

Meet the people who hold the master keys to the internet. Hear all about their quirky sci-fi get together.
posted by stp123 on Feb 28, 2014 - 35 comments

goto fail;

Yesterday, Feb 21, Apple computer released a security patch with a vague description of SSL fixes. It turns out that it's quite a bug which would trivially allow Man in the Middle attacks for assumed-secure connections via SSL. Folks dug into the code and found the code resulting in the bug. If this affects you and your devices, you might want to go upgrade.
posted by rmd1023 on Feb 22, 2014 - 135 comments

Dear America, I Saw You Naked

The TSA saw the near-miss as proof that aviation security could not be ensured without the installation of full-body scanners in every U.S. airport. But the agency’s many critics called its decision just another knee-jerk response to an attempted terrorist attack. I agreed, and wrote to the Times saying as much. My boss wasn’t happy about it.
“The problem we have here is that you identified yourself as a TSA employee,” she said.

Jason Harrington, author of the formerly anonymous Taking Sense Away blog, on his experiences as a dissenter inside of the Transportation Security Administration.
posted by gauche on Jan 31, 2014 - 71 comments

Security Sunday

Ars Technica reports on malicious extensions on the Chrome web browser, which install advertising-based malware that hijack links and inject ad content. Further speech recognition exploits (source) leave open the opportunity for malicious sites to record sound captured by the user's web browser without permission.
posted by Blazecock Pileon on Jan 26, 2014 - 30 comments

The US has one of the worst payment systems in the entire world

Almost alone among developed nations, U.S. credit and debit cards have a magnetic stripe that contains all the financial information necessary to make a purchase. Once information gets stolen from a merchant, it can be encoded into a magnetic stripe and used with a new card. Smart cards in Europe and elsewhere encrypt that data and store it on a microchip, which is much tougher to replicate. More important, the cards also require a personal identification number (PIN) to work. This “chip-and-PIN” system introduces a second authentication, forcing thieves to have both pieces of information to successfully use the card. It’s a combination of advanced technology and simple common sense. - Your Credit Card Has a Dangerous Flaw That the Banks Refuse to Fix
posted by beisny on Jan 17, 2014 - 138 comments

The science-fiction part of the show is that the Machine is accurate

“Person Of Interest”: The TV Show That Predicted Edward Snowden
posted by Rustic Etruscan on Jan 14, 2014 - 57 comments

RSA Paid by the NSA to screw the USA

"Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show." Previous
posted by stoneweaver on Dec 20, 2013 - 74 comments

I always feel like somebody's watching me

For years we've been told that our laptop cameras and webcams are "hardwired" to an LED such that the camera can't be turned on without triggering the light. Yeah, you can see where this is going (the original paper). The exploit works on pre-2008 Macs, though other laptops and webcams could be vulnerable to a similar exploit. The researchers have a kernel extension to prevent this on 2007 / 2008 MacBooks. My preferred solution for the rest of us.
posted by dirigibleman on Dec 20, 2013 - 96 comments

NSA says: squeeeeeee!

The attack can extract full 4096-bit RSA decryption keys from laptop computers ... within an hour ... using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [more inside]
posted by flabdablet on Dec 19, 2013 - 46 comments

A Hundred Bucks Says You Won't Read This Story

Esquire's Chris Jones looks at the old techniques used to make the new US $100 bill.
posted by reenum on Dec 9, 2013 - 50 comments

That's amazing. I've got the same combination on my luggage.

During the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.
posted by Chrysostom on Dec 2, 2013 - 68 comments

the armor of the body politic

"The American homeland is the planet" Not content with a militarized southern border, the U.S. is now militarizing borders around the world (slsa)
posted by allkindsoftime on Nov 19, 2013 - 7 comments

Terminal Cornucopia

Can common items sold in airports after the security screening be used to build lethal weapons? Yes.
posted by Zarkonnen on Nov 16, 2013 - 57 comments

Page: 1 2 3 4 5 6 7 8 ... 14