Skip

654 posts tagged with security.
Displaying 101 through 150 of 654. Subscribe:

Two Words: Extremist Sharks

"To aid the national security community in imagining contemporary threats, the Australian Security Research Centre (ASRC) is organising Australia’s Security Nightmares: The National Security Short Story Competition. The competition aims to produce a set of short stories that will contribute to a better conception of possible future threats and help defence, intelligence services, emergency managers, health agencies and other public, private and non-government organisations to be better prepared." (via)
posted by vidur on Sep 12, 2012 - 44 comments

Java 7 Vulnerability

A working, cross-platform Java 7 exploit is now in the wild. It's apparently a pair of bugs, working in tandem; neither, alone, would be enough to escape the Java sandbox, but together, any machine, be it Windows, Mac, or Linux, can be instantly and silently compromised, simply by viewing a malicious web page. Only Java 7 is vulnerable, but because of the way Oracle schedules patches, it may be unfixed until October. You can test your machine for the flaw; if vulnerable, you'll want to at least disable Java in your Web browser, if not remove it altogether. On Firefox, NoScript will provide a little protection, by not running Java code unless you click it, but the vulnerability remains.
posted by Malor on Aug 29, 2012 - 104 comments

Your Passwords Are Much Weaker Than You Think

Why passwords have never been weaker—and crackers have never been stronger. Ars weighs in on the amazing advances the bad guys have made in password cracking over the last few years. Think you know how to choose something that's safe? The probability is quite high that you don't, even if you're technically ept. [more inside]
posted by Malor on Aug 21, 2012 - 184 comments

At 5:00 PM, they remote wiped my iPhone. At 5:01 PM, they remote wiped my iPad. At 5:05, they remote wiped my MacBook Air.

Yes, I was hacked. Hard. Mat Honan, a tech journalist, had his iPhone and Mac remotely wiped and his gmail account deleted within the space of 5 minutes. Password cracked? No. Security question leak? No. Social engineering Apple tech support.
posted by gwint on Aug 6, 2012 - 224 comments

Not like the Queen, but like John Hurt

"We thought we were hosts like the queen is at a posh garden party, when actually we're hosts in the way that John Hurt is in Alien." As the Olympics approach, the scandals, inconveniences, mistakes and problems keep mounting, ranging from the frustrating through the comic to the tragic. For your appreciation, a picture of the London Olympics 2012. [more inside]
posted by outlier on Jul 16, 2012 - 300 comments

Cisco called, they want their Internet back

Introducing Cisco Connect Cloud! Now available mandatory for Linksys Smart Wi-Fi Routers, Cisco Connect Cloud gives you almost anybody anytime, anywhere access to your home network.
posted by flabdablet on Jun 30, 2012 - 67 comments

This country will self-destruct in 3 .. 2 ..

"McPhee describes two things: how Switzerland requires military service from every able-bodied male Swiss citizen—a model later emulated and expanded by Israel—and how the Swiss military has, in effect, wired the entire country to blow in the event of foreign invasion. To keep enemy armies out, bridges will be dynamited and, whenever possible, deliberately collapsed onto other roads and bridges below; hills have been weaponized to be activated as valley-sweeping artificial landslides; mountain tunnels will be sealed from within to act as nuclear-proof air raid shelters; and much more." (via)
posted by vidur on Jun 20, 2012 - 100 comments

See something, send something

The Massachusetts Bay Transit Authority has released MBTA See Say [iTunes link], a free iPhone/Android app that allows riders to "send the MBTA Transit Police pictures, text messages, and locations of unattended packages or suspicious activity" [link to MBTA apps page]. The camera's flash is disabled when a photograph is taken within the app. According to ELERTS, who built the app for the MBTA, "the opportunity to crowdsource information from riders who witness suspicious or criminal activities has not been realized by transit systems." The MBTA, which is the fifth largest transit system in the United States, is the first system to adopt this technology.
posted by catlet on Jun 19, 2012 - 62 comments

An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

"Flame" is the name of a newly-identified malware program which utilizes a previously unknown MD5 collision attack to successfully spoof Microsoft Terminal Services, and install itself as a trusted program using Windows Update, Microsoft has confirmed. The program appears to have targeted computers in the Middle East, and specifically Iran; analysts have alleged it is likely created by the same entity that designed Stuxnet. Flame has been live and actively spying since 2010, but went undetected until recently, due to sophisticated anti-detection measures. [more inside]
posted by mek on Jun 8, 2012 - 53 comments

To Profile or Not to Profile?

To Profile or Not to Profile? A Debate between Sam Harris and Bruce Schneier.
posted by brundlefly on May 29, 2012 - 150 comments

Cyberwar: China's move discovered

Revolutionary hardware backdoor discovered in China-made military-grade FPGA chips. Claims were made by the intelligence agencies around the world, from MI5, NSA and IARPA, that silicon chips could be infected. We developed breakthrough silicon chip scanning technology to investigate these claims. We chose an American military chip that is highly secure with sophisticated encryption standard, manufactured in China. Our aim was to perform advanced code breaking and to see if there were any unexpected features on the chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
posted by scalefree on May 27, 2012 - 152 comments

Isn't that Byronic?

Computer security consultant Byron Sonne (previously, previously) has been acquitted of charges he plotted to attack the G20 summit in Toronto.
posted by unSane on May 15, 2012 - 12 comments

The Avian Flu: Transparency vs. Public Safety

"Experimental adaptation of an influenza H5 HA confers respiratory droplet transmission to a reassortant H5 HA/H1N1 virus in ferrets." After an extensive, months-long debate, one of two controversial papers showing ways the H5N1 "avian" influenza virus could potentially become transmissible in mammals with only 3 or 4 mutations was published in Nature today. The journal included an editorial on the merits and drawbacks of "publishing risky research" with regard to biosafety. The debate included an unprecedented recommendation by The US National Science Advisory Board for Biosecurity (NSABB) to block publication -- a decision they later reversed. (Via: 1, 2) Nature's special report has additional articles, including interviews with the teams behind both papers.
posted by zarq on May 3, 2012 - 37 comments

A real world distopian sports event

Not content with displacing the poor, menacing photographers and blocking ambulances the london olympics now wants ground-to-air missiles, presumably to shoot down rogue skywriters who might misuse it's brand.
posted by Artw on Apr 28, 2012 - 68 comments

Timeo Danaos et dona ferentis.

Multiple analysts warned of vulnerabilities, but instead of being heeded they were severely punished After a lengthy DDOS attack, some determined hacking, and repeated attempts to penetrate its hardened security layer, the host was finally rooted by a cunningly designed piece of social and mechanical engineering. When the malware released its payload, not only was the system completely wiped, but the culture that created it as well. This day in tech: the original Trojan.
posted by unSane on Apr 24, 2012 - 29 comments

Telnet Times Ten Thousand

If you've ever worked with the command prompt on a Unix-based computer, you're likely familiar with SSH (Secure SHell), which is a program and a protocol that allows you (yes, you!) to securely access a remote system. While SSH has certainly earned the "Secure" portion of its namesake over the years, it's functionality as a shell has ironically received very little attention, and has begun to show signs of age and obsolescence: SSH doesn't work very well on mobile connections, and its support for Unicode is buggy and incomplete. A group of MIT researchers think they've found solutions to these problems, and have created Mosh as a potential successor to SSH, which fixes many of the old protocol's annoyances and shortcomings, while retaining all of SSH's security features.
posted by schmod on Apr 12, 2012 - 77 comments

"Refusing to allow such threats to paralyze the entire university community in its pursuit of learning and teaching,"

Starting on February 13th The University of Pittsburgh has received a steady stream of bomb threats. The Chancellor of the University has stated that the school has no intention of ending its semester early even though the threats show no sign of stopping and the authorities have been unable to find any leads after finding that some of the threats were routed through systems in Austria. The school's Vice Chancellor wrote this letter to students and faculty in response to the ongoing situation.
posted by sendai sleep master on Apr 9, 2012 - 101 comments

Courtyard Marriott in Times Square is spying on and manipulating your Internet

Web developer Justin Watt was staying at the Courtyard Marriott in Times Square, New York and using the hotel wifi to access the Internet. He noticed some strangeness on his website... and on every other website he visited (not to mention YouTube was broken.)
In short, Marriott is injecting JavaScript into the HTML of every webpage its hotel customers view for the purpose of injecting ads (and in the meantime, breaking YouTube). Marriott’s wireless internet service provider is a third-party company called Hotel Internet Services, so it is possible, though unlikely, that Marriott doesn’t know what’s going on. But it’s crazy to me that I’m paying $368 a night for a hotel room, and this is how I get treated.
[more inside]
posted by gen on Apr 5, 2012 - 113 comments

Flashback MacOS botnet

Flashback is the first significant MacOS botnet, reportedly infecting and controlling over half a million Macs. Flashback has been around for since September 2011 but recently got a boost with a Trojan that exploits a security hole in Apple's Java distribution; a vulnerable Mac can be infected simply by visiting a web site, no user password required. Apple released a fix for the Java exploit yesterday, some six weeks after Microsoft, Adobe, and Oracle released their fixes.
posted by Nelson on Apr 4, 2012 - 174 comments

A Burger, an Order of Fries, and Your Credit Card Number

"Why are small businesses such frequent targets? Because they offer hackers the easiest path to your financial information. In fact, security consultants say, there’s an entire underground industry built around extracting customers’ credit card numbers from retailers’ point-of-sale systems." Slate: Why it’s so easy for hackers to steal financial information from restaurants
posted by beisny on Mar 24, 2012 - 20 comments

Security theatre theatre.

In the latest (ongoing) Economist debate (run Oxford-style), security expert Bruce Schneier and architect of the TSA Kip Hawley are facing off to respectively defend and attack the motion "This house believes that changes made to airport security since 9/11 have done more harm than good." Overview. Opening statements. Rebuttals. (Surprisingly cogent) comments from the floor.
posted by unSane on Mar 23, 2012 - 32 comments

Attacking the DC Internet Voting System

Attacking the Washington, D.C. Internet Voting System (PDF). "When we inspected the terminal server’s logs, we noticed that several other attackers [from Iran, New Jersey, India, and China] were attempting to guess the SSH login passwords." J. Alex Halderman, a computer scientist at the University of Michigan, describes how thoroughly he and his team were able to penetrate a pilot Internet voting system run by the District of Columbia, as part of an open public test in 2010. An earlier report on the attack. Via comp.risks. [more inside]
posted by russilwvong on Mar 19, 2012 - 56 comments

ms12-020 mistery: the packet stored in the "chinese" rdpclient.exe PoC is the EXACT ONE I gave to ZDI!!! @thezdi? @microsoft? who leaked?

Included in this month's Patch Tuesday was MS12-020, which is a remote exploit in Microsoft's widely deployed Remote Desktop Protocol (RDP). Microsoft projected an exploit would be out 'within a month', but a Proof-of-Concept (PoC) appeared on a Chinese website within a few days. Professionals are concerned. The discoverer of the vulnerability noted that the PoC included the exact packet he had crafted to help Microsoft understand he issue; this points to a leak in the MAPP early vulnerability sharing program. A full remote exploit isn't out yet, but is expected soon.
posted by These Premises Are Alarmed on Mar 18, 2012 - 36 comments

Blogger: 1, TSA: -1,000,000,000

Body scanners attacked again as US blogger Jon Corbett who blogs for TSA Out of Our Pants! exposes how to beat the body scanners, carrying a metal box in a secret shirt pocket through security at two airports. [more inside]
posted by nickrussell on Mar 7, 2012 - 130 comments

The idea, of course, is to let your attacker have the bag

"A man wearing bowler hat reading a newspaper is seen leaning leisurely against a car. Another person comes from behind and starts hitting the poor man on the head with an iron bar. He does not react at all, still reads his paper. The third man appears looking puzzled. The man takes his hat of and shows it to the other two. They take the hat and examine it." Beat The Bandit, 1961 is a video (01:46) presentation of amazing security/anti-theft inventions that you'll surely feel compelled to buy.
posted by vidur on Mar 5, 2012 - 23 comments

Android apps can secretly copy photos [SLNYT]

Android apps can secretly copy photos [SLNYT] "Android apps do not need permission to get a user's photos, and as long as an app has the right to go to the Internet, it can copy those photos to a remote server without any notice, according to developers and mobile security experts."
posted by paleyellowwithorange on Mar 1, 2012 - 88 comments

"Carried to its logical end, TSA policy would have to require passengers to travel naked or handcuffed."

"The Transportation Security Administration (TSA) ... have made air travel the most difficult means of mass transit in the United States, at the same time failing to make air travel any more secure." Steve Moore has been an FBI Special Agent, head of the Los Angeles Joint Terrorism Task Force's Al Qaeda and extra-territorial squads, a SWAT agent trained to interdict airplane hijackings, and a pilot. His father literally wrote the book on airline security. And he has come to the conclusion that "TSA is one of the worst-run, ineffective and most unnecessarily intrusive agencies in the United States government." [more inside]
posted by Zozo on Feb 29, 2012 - 170 comments

Choosing good passwords

Choosing good passwords - a straightforward real-world guide for the average user, by AusCERT. Also includes links out to a fun and informative piece on The Top 500 Worst Passwords of All Time, and more in-depth material aimed at the tech and security savvy, like this enjoyable conference talk: Security As If Your Life Depended On It (because it might!). So we can avoid becoming xkcd cartoons.
posted by philipy on Feb 26, 2012 - 71 comments

Somebody set up us the [fork] bomb

Stripe, a company that processes credit cards for web apps, decided to play a security wargame called Capture the Flag where you are given a logiin and password for a server and are invited to use your hacking abilities to gain access to accounts with increasing access and authorization. People who beat the server and "capture the flag" at /home/the-flag/.password are invited to contact the company for bragging rights and a T-shirt. Just one problem: the hacking game has been hacked, with something called a fork bomb. [more inside]
posted by Deathalicious on Feb 23, 2012 - 60 comments

Kuang Grade Mark Eleven

He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the US and wipes clean the minute he returns . In China, he disables Bluetooth and Wi-Fi , never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery , for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "Chinese are very good at installing key-logging software on your laptop." - Travel precautions in the age of digital espionage.
posted by Artw on Feb 13, 2012 - 125 comments

"The Enemy", wear thin?

"Muslim-American Terrorism in the Decade Since 9/11" (PDF) is a report by Professor Charles Kurzman of the University of North Carolina, published by the Triangle Center for Terrorism and Homeland Security. The TCFTHS is a collection of experts in the "Research Triangle" of North Carolina, associated with Duke, UNC and NC State and RTI, the independent research institute dedicated to aggregating and marketing the research resources of these three institutions. [more inside]
posted by running order squabble fest on Feb 8, 2012 - 23 comments

DMARD: Domain-based Message Authentication, Reporting & Conformance

For the past 18 months, engineers at PayPal, Google, Facebook, Yahoo, AOL, Microsoft and nine other technology companies have spent their off-hours (and some on-hours) working hand in hand to tackle the problem that plagues them all: e-mail phishing. The result is DMARC, or, "Domain-based Message Authentication, Reporting & Conformance". It's not new, but puts SPF and DKIM to work in a new way.
posted by Blake on Jan 31, 2012 - 45 comments

The long strange trip of a Singaporean assault rifle

The long strange trip of a Singaporean Cold-War-era assault rifle into the hands of Somali pirates in the Gulf of Aden, and what it reveals about the unintended consequences of the global trade in small arms and ammunition. [slnyt]
posted by killdevil on Jan 26, 2012 - 9 comments

Do you want to see something scary?

GQ reports on paraplegic web cam hacker Luis Mijangos [more inside]
posted by Potomac Avenue on Jan 25, 2012 - 20 comments

"Your mother sells whelks by the hull"

"One in three teens has shared a password with a friend or significant other." [more inside]
posted by jeffburdges on Jan 24, 2012 - 62 comments

SEAndroid

The U.S. National Security Agency (NSA) has begun releasing Security-Enhanced Android patches and tools, which port their Security-Enhanced Linux tools to Android devices. SEAndroid and SELinux provide mandatory access control designed to limit the amount of damage that rogue or exploited software can do. [more inside]
posted by jeffburdges on Jan 21, 2012 - 35 comments

So, would your holiness care to change her password?

The holiday season isn't always relaxing for those in the computing security field. 2011's Chaos Communication Congress brought many gifts in the form of vulnerability disclosures, including: malicious documents that infect HP printers, remote control vulnerabilities in prison lock systems, and denial-of-service attacks against Web servers written in just about every scripting language.
posted by spitefulcrow on Jan 1, 2012 - 32 comments

The Year Secrecy Jumped the Shark

The EFF's Year End Review   The ACLU's This Year in Civil Liberties   Amnesty International's Anual Report (video) [more inside]
posted by jeffburdges on Dec 25, 2011 - 11 comments

Beyond the Border

The U.S.-Canada Beyond the Border agreement is wide-ranging in its impact. Indeed, Prime Minister Harper referred to it Wednesday as "the most significant step forward in Canada-U.S. co-operation since (NAFTA)". This deal promises regulatory alignment (including the food and automotive sectors), quicker border crossings for business or travel (with pre-clearance options), and "screened once, accepted twice" cargo. Perhaps the biggest concern for Canadians however are the changes this agreement could have for their privacy. [more inside]
posted by stinkycheese on Dec 8, 2011 - 130 comments

A leaking woodpecker

Security researchers at North Carolina State University led by Xuxian Jiang (who had previously discovered 12 malicious Android applications sold through Google's Android Market) have uncovered holes in how the permissions-based security model is enforced on numerous Android devices. Called "leaks", these vulnerabilities allow new and existing malicious applications to eavesdrop on calls, track the user's location, install applications, send SMS messages, delete data from the device, and more. (via)
posted by Blazecock Pileon on Dec 5, 2011 - 30 comments

We need some angry nerds.

"The PC is dead. Rising numbers of mobile, lightweight, cloud-centric devices [represent] an unprecedented shift of power from end users and software developers on the one hand, to operating system vendors on the other ... This is a little for the better, and much for the worse." - Jonathan Zittrain, Harvard Law Professor (via battellemedia.com) [more inside]
posted by jeffburdges on Dec 4, 2011 - 153 comments

and battery

The assault on Los Alamos National Laboratory: A drama in three acts
posted by fantabulous timewaster on Nov 10, 2011 - 30 comments

James Fallows on what it's like to have your webmail hacked

Hacked! James Fallows writes in the Atlantic Monthly on how his wife's Gmail account was hacked, and years of email were deleted. Summary: if you have Gmail, you should be using its new 2-step verification; use strong passwords; don't re-use passwords. [more inside]
posted by russilwvong on Nov 5, 2011 - 97 comments

Borders. Security. Refugees. Jerusalem.

The Atlantic is in the middle of a four-part special report on the Israel / Palestinian peace process, called "Is Peace Possible?" which features multimedia presentations on and analyses of what they believe are the four core issues of the conflict: Borders, Security, Refugees, and Jerusalem. (The latter two will be released on Monday, November 7 and 14th, respectively) The report was put together in collaboration with the S. Daniel Abraham Center for Middle East Peace. [more inside]
posted by zarq on Nov 1, 2011 - 21 comments

Phone home

Secret iOS business; what you don’t know about your apps
posted by Artw on Oct 19, 2011 - 125 comments

Stuxnet II: Electric Duqu

A year after the infrastructure-attacking Stuxnet worm was discovered in Iran, a new piece of malware using some of the same techniques (but apparently with different goals) has been found infecting systems in Europe. The new malware, dubbed “Duqu” [dü-kyü], appears to have been written by someone with direct access to the Stuxnet source code.
posted by gemmy on Oct 18, 2011 - 49 comments

Who Watches The Robots?

Wired Magazine: Mystery virus hits U.S drone fleet
posted by The Whelk on Oct 8, 2011 - 68 comments

Exploiting Fear

How Two Scammers Built an Empire Hawking Sketchy Software
posted by vidur on Oct 4, 2011 - 23 comments

Logging out of Facebook is not enough

Logging out of Facebook is not enough - Nik Cubrilovic demonstrates how, even after logging out, Facebook tracks every page you visit on sites that integrate Facebook services [via]
posted by Blazecock Pileon on Sep 27, 2011 - 123 comments

Why the world is scared of hacktivists

They’re watching. And they can bring you down: Why the world is scared of hacktivists. [Via]
posted by homunculus on Sep 25, 2011 - 94 comments

Page: 1 2 3 4 5 6 7 8 ... 14
Posts