Skip

654 posts tagged with security.
Displaying 151 through 200 of 654. Subscribe:

Hacker Rattles Security Circles

“My country should have control over Google, Skype, Yahoo, etc.,” he said by e-mail. “I’m breaking all encryption algorithms and giving power to my country to control all of them.” Is an independent Iranian hacker trying to help his government spy on its people?
posted by beisny on Sep 12, 2011 - 24 comments

Guardian editor alleged to have leaked Cablegate password

Wikileaks has alleged that Guardian editor David Leigh negligently leaked the encryption passphrase to the unredacted 'Cablegate' archive in an upcoming book. The Guardian denies the charges, but states that "[a] Twitter user has now published a link to the full, unredacted database of embassy cables", potentially putting informants at risk.
posted by p3on on Aug 31, 2011 - 203 comments

DigiNotar SSL certificate compromise

Two days ago a user asked Google about a strange warning he was getting when trying to access Gmail from Iran. Turns out he was getting a fraudulent SSL certificate that was issued incorrectly for *.google.com by DigiNotar, a Dutch certificate authority. It seems likely this was a deliberate man-in-the-middle attack to snoop email in Iran. This attack is the second SSL certificate compromise in a year (previously), pointing to a fundamental design flaw in Internet security. [more inside]
posted by Nelson on Aug 30, 2011 - 45 comments

Backdoor, yeah, yeah, snicker, snicker.

You may already be screwed. And not in the good way you were hoping for. MeFi kink favourite, FetLife has been ignoring a longstanding security and privacy compromise. (nsfw)
posted by rodgerd on Aug 9, 2011 - 63 comments

"...nor shall be compelled in any criminal case to be a witness against himself..."

Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these. Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) that encrypting all inculpatory digital evidence will serve to defeat the efforts of law enforcement officers to obtain such evidence through judicially authorized search warrants, and thus make their prosecution impossible.

The "if you were innocent, you'd have nothing to hide" argument rears its head, in a big way. [more inside]
posted by fifthrider on Jul 11, 2011 - 215 comments

Robert Morris, 1932-2011

Robert Morris, a pioneer in the field of computer security, early major contributor to the UNIX operating system, and father of Robert Tappan Morris (author of the Morris Worm), has died at 78. NYT [more inside]
posted by fireoyster on Jun 29, 2011 - 23 comments

The Next Generation

DEFCON Kids! [more inside]
posted by jeffburdges on Jun 27, 2011 - 15 comments

Searching public hacker databases to keep your passwords safe

Should I Change My Password checks a list of e-mails connected to passwords released by hackers to the public (source list here) and tells you if your password has been compromised.
posted by The Devil Tesla on Jun 25, 2011 - 50 comments

not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities

"Hackers of the world are uniting and taking direct action against our common oppressors - the government, corporations, police, and militaries of the world" says LulzSec (previously) in their latest release, Chinga La Migra. "We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 (previously) and the racial profiling anti-immigrant police state that is Arizona."

#antisec is a new track from nerdcore rapper ytcracker (previously)
posted by finite on Jun 23, 2011 - 47 comments

Yet more censational news

Lulzsec appear to have hacked the UK 2011 Census which, if true, could be quite a significant ramp up of the security wars. Grabbing a few million credit card numbers is one thing, 60 million identities is something else entirely. Not to mention the celebrity data. Here's the Hacker News comment thread, and a list of the actual census questions to show what could be on offer.
posted by Duug on Jun 21, 2011 - 135 comments

I think Lulzsec is a pretty cool guy. eh hacks US Senate and doesn't afraid of anything.

LulzSec (twitter account) have hacked senate.gov. The group has previously hacked Bethesda, Pron.com, FBI affilliates amongst others. Although some argue that LulzSec represent the catalyst to improve IT security, this message to the Senate seems likely to provoke a more direct investigation: [more inside]
posted by jaduncan on Jun 13, 2011 - 141 comments

The only secure password is the one you can’t remember.

People who use Sony don't make very good passwords. "None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems." [more inside]
posted by -->NMN.80.418 on Jun 7, 2011 - 142 comments

Tupac the Kiwi

Over the weekend, PBS' website was hacked by a group calling itself "The Lulz Boat", or "LulzSec". The PBS site displayed a story claiming that rapper Tupac Shakur was alive and well in New Zealand. (He's not). The hack was apparently over the Frontline program that aired last week, 'Wikisecrets', which Julian Assange called "hostile". This follows a separate, unrelated breach at Lockheed Martin, also publicized over the weekend. (Previously)
posted by IvoShandor on May 30, 2011 - 62 comments

Can't touch this

Last week the Texas House of Representatives unanimously passed a bill (House Bill 1937) prohibiting public servants from intrusively touching anyone seeking access to a public building or form of transportation. (TIME, Dallas News, Washington Times) The blogosphere touted the legislation as a move to criminalize TSA groping. Today, the bill was withdrawn from consideration by the state senate after a threat from the TSA and Department of Justice to "close down all the airports in Texas". Protesters are currently marching on the state capitol. [more inside]
posted by thescientificmethhead on May 25, 2011 - 93 comments

Of spies, special forces and drone strikes

Warfare: An advancing front - "The US is engaged in increasingly sophisticated warfare, fusing intelligence services and military specialists" [more inside]
posted by kliuless on May 21, 2011 - 19 comments

you may say I'm a dreamer

-Only an 'energy internet' can ward off disaster
-We must electrify the transport sector [more inside]
posted by kliuless on May 19, 2011 - 58 comments

"We noticed an issue yesterday...:

In last week's post about the PSN security breach, several MeFites recommended LastPass for storing passwords. Well, yesterday they found some anomolous network traffic, and they're asking all users to update their master password. (Some notes from James Fallows of The Atlantic. One guy explaining why you shouldn't freak out. Ask MeFi: "What simple, secure, portable password and secure data management systems do you use?")
posted by epersonae on May 5, 2011 - 97 comments

Conflict, Security, and Development

Remove the scourge of conflict - "Taming mass violence is the theme of the World Bank's latest World Development Report, which focuses on 'conflict, security and development' [pdf] ... Mass violence destroys all hopes of progress. We should make a huge effort to eliminate this scourge. It seems feasible. It is desirable. So try."
posted by kliuless on Apr 30, 2011 - 18 comments

TSA a Giant Waste of Money

John Mueller and Mark Stewart may have found the one part of government we can afford to cut in their paper "Terror, Security, and Money: Balancing the Risks, Benefits, and Costs of Homeland Security" From the abstract "The cumulative increase in expenditures on US domestic homeland security over the decade since 9/11 exceeds one trillion dollars. It is clearly time to examine these massive expenditures applying risk assessment and cost-benefit approaches that have been standard for decades."
posted by RSaunders on Apr 27, 2011 - 30 comments

PlayStation Network and Qriocity Security Breach

Sony's PlayStation Network and Qriocity have been down since April 20 2011 due to an illegal intrusion. Today Sony announced that user data - birthdate, user name, password, e-mail address, possibly credit card information, and more - has been compromised for its 69 million users, exposing them to identify theft amongst other things. [more inside]
posted by Foci for Analysis on Apr 26, 2011 - 285 comments

RSA has been hacked.

Computer security vendor RSA, maker of two-factor authentication SecurID, has been hacked by unknown parties. In an open letter to it customers RSA Executive Chairman Arthur W. Coviello, Jr. calls the attack the work of an Advanced Persistent Threat, meaning a highly skilled, well-funded group acting deliberately & precisely to achieve a specific goal. RSA's clients include many Fortune 100 companies, US Government, Military & Intelligence Community organizations.
posted by scalefree on Mar 17, 2011 - 118 comments

Cracking voyeurism

Using honeypots and logging tools, some server admins have logged actual server break-in attempts by nincompoop crackers. [more inside]
posted by Foci for Analysis on Mar 11, 2011 - 50 comments

Car-go or Car-stop?

Yesterday Air Canada said it would stop shipments of all cargo to the U.S.A. due to an "emergency change to US security" [more inside]
posted by sardonyx on Mar 10, 2011 - 60 comments

iTunes Scammers At It Again

A thread at Apple's Support site has popped up with frustrated users describing nearly identical iTunes account disruptions: up to hundreds of dollars of charges are being racked up by fraudulent buyers, using iTunes gift card balances and even credit card information to fund the purchases. [more inside]
posted by Khazk on Mar 9, 2011 - 71 comments

Stasi, SSIS, ...

"I almost can't believe I'm witnessing this. We're inside the fortress of terror, our very own Mordor..." [more inside]
posted by jeffburdges on Mar 7, 2011 - 74 comments

It's Dangerous to Go Alone! Take This.

Security-in-a-Box. A complete guide to digital security for advocates and human rights defenders (and for you too!). It includes all the info and tools you'll need for anything related to personal digital security.
Mobiles in-a-box: Tools and tactics for mobile advocacy.
Message in-a-box: Everything you need to make and distribute your own media.
NGO-in-a-box: Set up you NGO using free and open-source software.
[more inside]
posted by lemuring on Feb 28, 2011 - 14 comments

It's a purr-fect night for a heist.

When the sun goes down, it's time to hit the streets. Dusty is a cat burglar.
posted by XhaustedProphet on Feb 28, 2011 - 28 comments

“Duuuuuuuudddde! It’s 7 a.m. where you are, who died?”

Security reporter Brian Krebs [previously] visits Russian illicit online prescription baron Pavel Vrublevsky.
posted by These Premises Are Alarmed on Feb 21, 2011 - 3 comments

"The Package"

Inside the Secret Service. Sidebars: Radio Chatter and The Presidential Motorcade (Via) [more inside]
posted by zarq on Feb 8, 2011 - 48 comments

Some people learn lessons the hard way.

Aaron Barr, of security company HBGary, claimed in the Financial Times to have infiltrated Anonymous and to be collecting information on members of the group. Predictably, Anonymous responded by hacking HBGary's website and replacing its front page, as well as by stealing Barr's research documents on Anonymous (and social networking accounts) and releasing them to the public, along with thousands of internal HBGary emails.
posted by Pope Guilty on Feb 7, 2011 - 199 comments

I felt a great disturbance in the Force, as if millions of to-do lists suddenly cried out in terror, and were suddenly silenced

IPv6, a newer version of the Internet Protocol that most of the net will convert to during the next few years due to "address exhaustion" with the current IPv4, (previously, previously) has a variety of advanced security features in it. Once IPv6 is fully rolled out and all the technical people are familiar with it, computers connected to the internet will be much safer from some kinds of hacking - but until then we may be in for a bumpy ride.
posted by XMLicious on Feb 1, 2011 - 60 comments

Fish finger

Security advisor Brian Krebs on the 'hacking' of web dating site Plenty of fish by Chris Russos.
posted by unliteral on Jan 31, 2011 - 73 comments

Today's status: Smokey Bear.

A little bit of security theater will shut down in April as the Department of Homeland Security will end the color coded Homeland Security Advisory System. The terror alert has not changed from yellow in over four years, unless you are on an international flight. The system has been criticized immensely since its introduction. And don't forget the jokes. [more inside]
posted by Mister Fabulous on Jan 28, 2011 - 28 comments

At these prices you'd be crazy not to buy one

A blogger for information security firm Imperva reports the discovery of a hacker site offering root access on US & foreign government, military & educational sites for sale for prices ranging from $55 to $499, or just database records for the reasonable price of $20/1000. Besides US sites the hacker(s) also offer government servers in India, Taiwan & Italy. The hacker(s) also provide what they claim is proof of their access for the skeptical or cautious buyer. No credit card offers, please - the only currency they accept is Liberty Reserve.
posted by scalefree on Jan 21, 2011 - 29 comments

Newsflash: Terrorism existed before 9/11

We never used to go nuts about terrorism.
posted by dougrayrankin on Dec 29, 2010 - 64 comments

The Daily Patdown: Your Daily Dose of Security Theater

The Daily Patdown - Your daily Dose of Security Theater. Some pictures of groping therein. [via mefi projects]
posted by Burhanistan on Dec 20, 2010 - 46 comments

X-rays for naught

The TSA let a loaded gun get on an airplaine. (also, also, also) [more inside]
posted by knz on Dec 19, 2010 - 136 comments

Casinos: not the fortresses they pretend to be

After hearing of a recent heist in which a bandit wearing a motorcycle helmet robbed the Bellagio of $1.5 million in chips (the 10th Vegas casino robbery this year), I remembered the scene from Ocean's 11 where Reuben expounds upon why it is nigh impossible to steal from a Las Vegas casino. But that simply isn't true. Granted, no one has infiltrated a casino for a massive $160 million haul, but sizable losses have occurred over the years: 18 Casino Heists: The Strange, The Surgical, and The Stupid; 5 Most Famous Casino Heists in History, Top 10: Epic Las Vegas Heists; 13 Real Heists from Around the World (there is duplication of mentioned events on these sites, as well as non-casino-related crimes). Casino Security (Wiki) may be high tech (Google .pdf quickview), but it's not unbeatable (Casino insider tells (almost) all about security). Of course, there are other ways to steal from a casino, but you might still get caught. And it's hard to find much lore about successful robberies, mostly because casinos don't want that kind of publicity. [more inside]
posted by bwg on Dec 15, 2010 - 37 comments

Subject: Allegations regarding OpenBSD IPSEC

Theo de Raadt: I have received a mail regarding the early development of the OpenBSD IPSEC stack. It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack, in particular the IPSEC stack. [more inside]
posted by These Premises Are Alarmed on Dec 14, 2010 - 94 comments

Bring It On.

An anonymous hacking outfit called "Gnosis" has infiltrated Gawker Media, hijacking the front page and leaking the company's internal chat logs, source code, and content databases along with the usernames, email addresses, and passwords of over 1.3 million users (including Gawker staff). The attack, which was motivated by what the group describes as the "outright arrogance" with which the company's bloggers taunted anonymous imageboard 4chan (semi-previously), affects every site in the Gawker network, including Gizmodo, Kotaku, Lifehacker, Jezebel, Deadspin, Jalopnik, and io9. While most of the leaked passwords are encrypted, more than 200,000 of the simpler ones in the torrent file have been cracked, and the links between account names and email addresses are in plaintext for all to see. Since the integrity of Gawker's encryption methods remains in doubt, it is recommended that anyone who has ever registered an account on any Gawker property change their passwords immediately, especially if the same log-in information is used for other services.
posted by Rhaomi on Dec 12, 2010 - 312 comments

List of commercial airliner bombings.

This list of commercial airliner bombings appears in the Ask a Rocket Scientist section of Aerospaceweb.org. It presents a comprehensive and descriptive catalog of 86 bombings and attempted bombings since 1933, 54 of which resulted in fatalities, and offers some information that might be relevant to the question of airline security.
posted by washburn on Nov 29, 2010 - 44 comments

We'll need to declaw that cat.

Airport-security cartoons from The New Yorker’s archives (1938 - present).
posted by gman on Nov 23, 2010 - 28 comments

Can you imagine 50 people a day, I said 50 people a day? Friends, they may think its a movement.

Nov. 24 is National Opt-out Day from airport back-scatter scanners Time to call BS on TSA's kabuki theater of airport security: "As public anger grows over the TSA's body scanners and intrusive new airport pat-down procedure, a Web site is urging travelers to "opt out" from the body scanners and instead choose to have a pat-down in public view, so that everyone can "see for themselves how the government treats law-abiding citizens." OptOutDay.com declares November 24 to be the day when air travelers should refuse to submit to a full body scan and choose the enhanced pat-down -- an option many travelers have described as little short of a molestation."
posted by TDIpod on Nov 10, 2010 - 395 comments

Man in disguise boards international flight

Man boards plane in elderly disguise (video) Canadian authorities have detained a young Asian man who was wearing a silicone head and neck mask making him appear to be an elderly Caucasian male. [more inside]
posted by KokuRyu on Nov 5, 2010 - 73 comments

Potentially sinister

Security alerts have been declared at Airports in the US, UK and Middle East after the discovery of suspicious packages originating in Yemen. The packages, modified toner cartridges, have been described as "definitely not a complete bomb" but being "potentially sinister".
posted by Artw on Oct 29, 2010 - 291 comments

Firesheep demonstrates how ineffective Web security is

“When it comes to user privacy, SSL is the elephant in the room.” Meet Firesheep: a Firefox plugin that sniffs out unencrypted HTTP sessions on your network segment and lets you impersonate any of the users found. Eric Butler unveiled it today at Toorcon 12, a San Diego conference on computing security, and it demonstrates what amounts to a gaping hole in the Web security model.
posted by spitefulcrow on Oct 24, 2010 - 67 comments

How to Analyze People on Sight, 1921

How to Analyze People on Sight, The Five Human Types, 1921. And other volumes of interest at Project Gutenberg.
posted by wallstreet1929 on Oct 1, 2010 - 29 comments

Typical pre-alpha bugginess, or embarrassing beginner mistakes?

Late yesterday the much-hyped "privacy aware, personally controlled" Diaspora social network platform (discussed previously) published its open-source developer release. "Feel free to try to get it running on your machines and use it," the team urged, "but we give no guarantees. We know there are security holes and bugs, and your data is not yet fully exportable." The Register's initial report is less than rosy: Code for open-source Facebook littered with landmines
posted by The Winsome Parker Lewis on Sep 17, 2010 - 58 comments

Needle program exchange

The Haystack application aims to use steganography to hide samizdat-type data within a larger stream of innocuous network traffic. Thus, civilians in Iran, for example, could more easily evade Iranian censors and provide the world with an unfiltered report on events within the country. Haystack earned its creator Austin Heap a great deal of positive coverage from the media during the 2009 Iranian election protests. The BBC described Heap as "on the front lines" of the protesters' "Twitter revolution", while The Guardian called him an Innovator of the Year. Despite the laudatory coverage, however, the media were never given a copy of the software to examine. Indeed, not much is known about the software or its inner workings. Specialists in network encryption security were not allowed to perform an independent evaluation of Haystack, despite its distribution to and use by a small number of Iranians, possibly at some risk. As interest in the project widens and criticisms of the media coverage and software continue to mount, Heap has currently asked users to cease using Haystack until a security review can be performed.
posted by Blazecock Pileon on Sep 13, 2010 - 31 comments

This Is About Power, Not Security

I Am Detained by the Feds for Not Answering Questions.
posted by bwg on Sep 10, 2010 - 288 comments

Page: 1 2 3 4 5 6 7 8 ... 14
Posts