Karsten Nohl and a team of fellow researchers has cracked
the 64-bit encryption used in 80% of the world's GSM phones. Nohl
had previously cracked the encryption in the MIFARE
smartcard system, demonstrating
that the encryption on that device can be cracked in approximately no time whatsoever. These, of course, aren't the first gaping holes in cellphone security to come to light; indeed, lack of security
seems to be part of the design spec. Perhaps all new cellphones should be just be distributed with a deck of cards
posted by kaibutsu
on Dec 28, 2009 -
The University of East Anglia's Climatic Research Unit
suffered a security breach
this week. Hackers made off with thousands of email correspondences between some of the world's top climate scientists, and posted them to the Internet1
Tony Hake has posted an article
at The Examiner, highlighting what he feels are the most egregious examples of scientists manipulating and hiding data to support the established theories about Climate Change. Some of the scientists involved counter
that the quotes are taken out of context, and that "People are using language used in science and interpreting it in a completely different way".
1 I'm not going to link to them, but the Examiner article mentions where to get them.
posted by Who_Am_I
on Nov 20, 2009 -
Remember when your computer just worked? Did you click 'OK' to that recommended update on programs like iTunes, Adobe Reader, or Yahoo Messenger, only to realize that the older version ran faster or had better features? Then Version Download
may be your solution. Includes back-level versions of browsers, audio and video, security and anti-virus, FTP, file-sharing and communications software.
posted by netbros
on Oct 10, 2009 -
In 1984 computer pioneer Ken Thompson wrote one of the seminal works of computer security, Reflections on Trusting Trust [PDF]
. In it he postulated putting a trojan horse inside a compiler as a means of infecting software compiled by it. 25 years later somebody has finally done just that. Researchers at anti-virus house Sophos have discovered a virus
that places a backdoor into applications compiled with the Delphi language. They've identified at least 3000 separate Delphi applications that have had this backdoor compiled into them so far, including banking programs and programs used for cellphone programming.
posted by scalefree
on Aug 20, 2009 -
Neurosecurity: security and privacy for neural devices.
"An increasing number of neural implantable devices will become available in the near future due to advances in neural engineering. This discipline holds the potential to improve many patients' lives dramatically by offering improved—and in some cases entirely new—forms of rehabilitation for conditions ranging from missing limbs to degenerative cognitive diseases. The use of standard engineering practices, medical trials, and neuroethical evaluations during the design process can create systems that are safe and that follow ethical guidelines; unfortunately, none of these disciplines currently ensure that neural devices are robust against adversarial entities trying to exploit these devices to alter, block, or eavesdrop on neural signals. The authors define 'neurosecurity'—a version of computer science security principles and methods applied to neural engineering—and discuss why neurosecurity should be a critical consideration in the design of future neural devices." [Via Mind Hacks]
posted by homunculus
on Jul 8, 2009 -
, the former chief of the CIA's "bin Laden Station", and the initially anonymous author of Imperial Hubris
, pulls an O'Reilly
on yesterday's Glenn Beck broadcast
"The only chance we have as a country have right now is for Osama bin Laden to deploy and detonate a major weapon in the United States [...] only Osama can execute an attack which will force Americans to demand that their government protect them [...] with as much violence as necessary." [more inside]
posted by WCityMike
on Jul 1, 2009 -
Hiding in "plane" sight.
Images and details of the significant efforts made by the United States to prevent the Japanese from bombing our west coast aircraft factories. I wonder what this effort would take today to "fool" Google Maps/Earth. [more inside]
posted by hrbrmstr
on Jun 8, 2009 -
The commercials are all over television — and they certainly are attention-grabbing. They’re the ones where the heavy, bald guy is sitting in his easy chair talking in a squeaky female voice about all the clothes he bought — including a bustier. Or the little old lady speaking with the gruff voice of a younger man about the sweet motorcycle she now owned. Identity theft is a serious crime — one that is occurring with an alarming frequency. The Identity Theft Manifesto
explains how criminals get your personal info
, and what you can do about it
posted by netbros
on Jun 1, 2009 -
A message from baby Emily.
Most popular baby names + Medicare advice + awful Elvis impersonation = EPIC FAIL. A single link video post from the Social Security Administration. You will laugh. Until you remember we (USians) paid for this. (via Andrew Sullivan)
posted by fourcheesemac
on May 17, 2009 -
Beyond even the outrageously broad "state secrets" privilege invented by the Bush administration and now embraced fully by the Obama administration, the Obama DOJ has now invented a brand new claim of government immunity, one which literally asserts that the U.S. Government is free to intercept all of your communications (calls, emails and the like) and -- even if what they're doing is blatantly illegal and they know it's illegal -- you are barred from suing them unless they "willfully disclose" to the public what they have learned.
- Glenn Greenwald
. [more inside]
posted by Joe Beese
on Apr 7, 2009 -
Passport RFIDs cloned wholesale by $250 eBay auction spree.
"Using inexpensive off-the-shelf components, an information security expert has built a mobile platform that can clone large numbers of the unique electronic identifiers used in US passport cards and next generation drivers licenses. The $250 proof-of-concept device
- which researcher Chris Paget built in his spare time - operates out of his vehicle and contains everything needed to sniff and then clone RFID, or radio frequency identification, tags. During a recent 20-minute drive in downtown San Francisco, it successfully copied the RFID tags of two passport cards without the knowledge of their owners." [Via]
posted by homunculus
on Feb 3, 2009 -
The National Security Agency is building a data center
in San Antonio that’s the size of the Alamodome. Microsoft has opened an 11-acre data center
a few miles away. Coincidence? Not according to author James Bamford
, who probably knows more about the NSA than any outsider. Bamford's new book
reports that the biggest U.S. spy agency wanted assurances that Microsoft would be in San Antonio before it moved ahead with the Texas Cryptology Center
. Bamford notes that under current law, the NSA could legally tap into Microsoft’s data without a court order. Whatever you do, don't take pictures of it the spy building unless you want to be taken in for questioning.
posted by up in the old hotel
on Dec 8, 2008 -
Trolling the Head of the TSA: Bruce Schneier [previously
], consummate voice of sanity on all issues of security, co-authors an article in The Atlantic
] demonstrating how weak and ultimately pointless most of the new security practices put in place at airports since 9/11 are by, among other things, boarding airplanes with large amounts of liquid, using fake boarding passes he printed off his computer, and wearing an "I <3 Hezbollah" t-shirt. TSA head Kip Hawley then responds
on the TSA's blog. Schneier then responds to the response
blog. Hawley then leaves a comment
to that post. Schneier fires back again
in his monthly newsletter. Quite an interesting and intelligent debate, despite both men humorously falling victim to the idioms of the medium and getting increasingly snarky with each passing post. [via this month's crypto-gram, a good read all the way around.]
posted by ChasFile
on Nov 17, 2008 -
The Things He Carried.
"Airport security in America is a sham—'security theater' designed to make travelers feel better and catch stupid terrorists. Smart ones can get through security with fake boarding passes and all manner of prohibited items—as our correspondent did with ease."
posted by chunking express
on Oct 16, 2008 -
Psych Securities LLC.
"With future forecasts declaring ultimate doom from all components of the man-altered world, it seems there is a clog in the conduit of information transmitted between those in control and the public at large. Black Ops, psychological torture, acoustic weapons, Project Starfire, and a multitude of other state sponsored programs exist, well-hidden in plain sight, shrouded in a stigma of conspiracy and diluting any significant public inquiry. Psych Securities LLC is an ongoing exploration of this aforementioned covert reality, most clearly seen while in an alternative psychological state. By compiling
declassified documents, historical narratives, and psychedelic conjecture, a visual world is pieced together; undermining strategies of deception and concealed truths
posted by homunculus
on Aug 18, 2008 -
Clear passenger data stolen.
A unencrypted laptop with the personal data, including name, address, SSi number, passport number, date of birth, etc. of every one of the 33,000+ users of the the Clear
system has been stolen. The Clear system allows travelers who register and pay an annual fee to bypass airport security lines by using a smart card in some airports. TSA has suspended new registrations until Verified Identity Pass, Inc.
, a subsidiary of GE, figures out how to install PGP. VIP is the only private contractor allowed to register users to the Clear system. Via
posted by dejah420
on Aug 5, 2008 -
The Department of Homeland Security has expressed interest
[PDFs] in forcing all commercial airline passengers to wear a taser bracelet that can be used to incapacitate anyone on an airline. This video
, from the company that will produce the bracelets, explains how the bracelet would be put on the passenger at the point that they clear security, and would not be removed until they leave secure areas. It would take the place of boarding passes, carry personal and biometric information about the passengers, track and monitor every passenger via GPS and shock the wearer on command, immobilizing him or her for several minutes. DHS official, Paul S. Ruwaldt of the Science and Technology Directorate, office of Research and Development is also excited about the possiblility of using it as an interrogation tool at airports. Ah freedom, who knew it smelled like burning flesh?
posted by dejah420
on Jul 12, 2008 -
On May 13, security advisories published by Debian
revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG
, which is used by key generation
functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
posted by finite
on May 16, 2008 -
NEC plans to market a system later this year that can derive someone's gender and age from images captured with a camera
"The system compares the photo against a database of several thousand faces to figure gender and age based on such factors as facial shape and wrinkles. " According to Nikkei Weekly 01/28/2008 Edition. Link goes to Ubergizmo.
"It's called FieldAnalyst and it's from NEC. The system homes in on faces of people who pass by the video camera. It then rapidly compares the image against samples in a database. It then spits out what it believes is your approximate age is and your gender." .."NEC scientists may next try to add clothing as a characteristic and classify people by whether they wear a suit or a T-shirt." more here
posted by celerystick
on Mar 23, 2008 -
Two years ago, then NSA-chief Gen. Michael Hayden said its domestic surveillance program was "not a driftnet over Lackawanna or Fremont or Dearborn, grabbing all communications and then sifting them out."
Today, a story in the Wall Street Journal
alleges this is precisely what is happening. Total Information Awareness
seems to not have died, but to have just been quietly absorbed into the NSA's already extensive surveillance apparatus, all without the hassle of any kind of transparency or oversight.
posted by [expletive deleted]
on Mar 10, 2008 -