On May 13, security advisories published by Debian
revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG
, which is used by key generation
functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
posted by finite
on May 16, 2008 -
NEC plans to market a system later this year that can derive someone's gender and age from images captured with a camera
"The system compares the photo against a database of several thousand faces to figure gender and age based on such factors as facial shape and wrinkles. " According to Nikkei Weekly 01/28/2008 Edition. Link goes to Ubergizmo.
"It's called FieldAnalyst and it's from NEC. The system homes in on faces of people who pass by the video camera. It then rapidly compares the image against samples in a database. It then spits out what it believes is your approximate age is and your gender." .."NEC scientists may next try to add clothing as a characteristic and classify people by whether they wear a suit or a T-shirt." more here
posted by celerystick
on Mar 23, 2008 -
Two years ago, then NSA-chief Gen. Michael Hayden said its domestic surveillance program was "not a driftnet over Lackawanna or Fremont or Dearborn, grabbing all communications and then sifting them out."
Today, a story in the Wall Street Journal
alleges this is precisely what is happening. Total Information Awareness
seems to not have died, but to have just been quietly absorbed into the NSA's already extensive surveillance apparatus, all without the hassle of any kind of transparency or oversight.
posted by [expletive deleted]
on Mar 10, 2008 -
The Anonymity Experiment
. Is it possible to hide in plain sight? Privacy-minded people have long warned of a world in which an individual’s every action leaves a trace, in which corporations and governments can peer at will into your life with a few keystrokes on a computer. Now one of the people in charge of information-gathering for the U.S. government says, essentially, that such a world has arrived.
posted by amyms
on Feb 16, 2008 -
Online communities to become more 'all-encompassing.'
If you join the SHC community on Sears.com, all web traffic to and from your computer thereafter will be copied and sent to a third party marketing research firm - including, for example, your secure sessions with your bank! The Sears.com proxy will send your logins and passwords along with a cleartext copy of all the supposedly secure data. But wait, it gets better
: you can only view the true TOS once the proxy has already been installed. [more inside]
posted by ikkyu2
on Jan 3, 2008 -
This is an ironic tale of the consequences of inept application of cryptographic tools. Or is it?
Dan Egerstad, a Swedish hacker, gained access to hundreds of computer network accounts around the world, belonging to various embassies, corporations and other organizations. How did he do it? Very easily:
by sniffing exit traffic on his Tor
nodes. [more inside]
posted by Anything
on Dec 4, 2007 -
If Bruce Schneier, the expert
voice of security moderation
, is "worried" than so am I. Since the beginning of the year Storm, an advanced, distributed worm network has been growing quietly as its authors tweak its social engineering attack. Now it seems that it is in place and waiting. Schneier's article
. Digital Intelligence and Strategic Operations Group has been monitoring Storm for a year
posted by shothotbot
on Oct 15, 2007 -
You can now catch Simon Munnery's occasionally brilliant comedy series on YouTube. If you only have three minutes to spare then make do with this fuzzy three minute clip of The Security Guard
. If video is not your thing then you can enjoy Munnery's superb articles here
(you could start with this one
Finally, you could treat yourself to his book How To Live
which contains large chunks of all the above.
posted by dodgygeezer
on Oct 13, 2007 -
"What happened to the recommendations of the 9/11 Commission, which Democratic leaders promised to make one of their top legislative priorities? What are the most deadly potential terrorist targets no one talks about—and who's lobbying against securing them? What's the one measure that could improve our chances of preventing an attack—without costing a penny? Why are the 2008 presidential candidates—Republicans and Democrats alike—nowhere on this issue? In this seven-part series Mother Jones' senior correspondent James Ridgeway examines how the government has let homeland security languish since September 11, 2001, with dire consequences."
posted by homunculus
on Sep 11, 2007 -
, media doesn't print names/photos of people only accused, but not yet convicted, but not always. Lots of towns have a police blotter section where arrests are listed.
Here in Seattle, the FBI recently asked
the public for help in identifying two men seen acting suspicious on the ferry system. The Seattle PI
has decided not to publish the photos. Other local
media have. The commentary
on if the PI made the right choice follows predictable paths...
posted by nomisxid
on Aug 21, 2007 -
I now know
what to do in case I ever got stuck on an airplane that's not going anywhere- organize and stage a revolt, like the passengers of Continental flight 1669.
posted by ThePinkSuperhero
on Aug 16, 2007 -
Harry Potter and the Deathly Hollows recently leaked
on a few torrent sites... or did it? Security measures taken
included pallets of books protected by alarms, baited lawyers, and even delivery trucks with satellite tracking, which seems at odds with this UPS delivery truck
stacked with loose boxes 5 days before they are to be delivered. A spokeswoman at Scholastic
, the book's US publisher, said "she was aware of at least three different versions of the file 'that look very convincing' with what she described as 'conflicting content.'" So what's real and what's fake? We'll just have to wait and see
posted by jwells
on Jul 17, 2007 -
The guy over at Make Your Nut
is facing a dilemma I've wondered about myself: what to do about the security risks that are inherent in the many RFID-chipped credit and ATM cards that banks are so keen on issuing today? There's a lot of evidence
out there that indicates that the highly personal information these cards (and the new US passports
as well) carry can be stripped away by a thief with a little motivation and access to relatively low-cost equipment. You can go with the nifty RFID-blocking wallets
previously), or, according to some, you could just grab a hammer
posted by shiu mai baby
on Apr 30, 2007 -
Whether you are a normal searcher, someone trying to download illegal material, a terrorist looking to build a bomb, or just hunting porn, we at Patriot Search welcome you!
Our mission is to provide the best possible search engine to you while at the same time, making sure the government is informed should you search for something obscure, illegal, or unpatriotic
posted by Postroad
on Apr 15, 2007 -
The Next Attack.
"Terrorists in Iraq are becoming proficient at blowing up
oil refineries. Similar plants in a handful of American
cities represent our greatest vulnerability. We could
easily be making them less dangerous. But we’re not." And one of the key players in keeping things that way happens to be Dick Cheney’s son-in-law
posted by homunculus
on Mar 1, 2007 -