Posts Tagged ‘security’

I reviewed Ronald Diebert’s new book Black Code in this weekend’s edition of the Globe and Mail. Diebert runs the Citizen Lab at the University of Toronto and has been instrumental in several high-profile reports that outed government spying (like Chinese hackers who compromised the Dalai Lama’s computer and turned it into a covert CCTV)        

Link:
Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

As I blogged earlier this week, the Syrian Electronic Army hacked The Onion’s Twitter account and used it to post a bunch of dumb messages attacking Israel, the US, and the UN. Now, the Onion’s IT administrators have posted a detailed account of how Syrian hackers used a series of staged and careful phishing attacks        

Read More:
Anatomy of a state-sponsored phishing attack: how the Free Syrian Army hacked The Onion

Noryungi writes “Scientific American reports, in a chilling story, that the Hanford, Washington, nuclear waste vitrification treatment plant is off to a bad start. Bad planning, multiple sources of radioactive waste, leaking containment pools are just the beginning. It’s never a good sign when that type of article includes the word ‘spontaneous criticality,’ if you follow my drift…” It seems the main problem is that the waste has settled in distinct layers, and has to be piped through corroded old tubes. Leading to all sorts of exciting problems (e.g.

Link:
Hanford Nuclear Waste Vitrification Plant "Too Dangerous"

Ever since BitCoin appeared, I’ve been waiting for two security experts to venture detailed opinions on it: Dan Kaminsky and Ben Laurie. Dan has now weighed in, with a long, thoughtful piece on the merits and demerits of BitCoin as a currency and as a phenomenon. Bitcoin’s fundamental principle of fraud management is one of        

See the original article here:
Dan Kaminski on BitCoin

Indiana University has replaced their supercomputer, Big Red, with a new system predictably named Big Red II. At the dedication HPC scientist Paul Messina said: “It’s important that this is a university-owned resource. … Here you have the opportunity to have your own faculty, staff and students get access with very little difficulty to this wonderful resource.” From the article: “Big Red II is a Cray-built machine, which uses both GPU-enabled and standard CPU compute nodes to deliver a petaflop — or 1 quadrillion floating-point operations per second — of max performance. Each of the 344 CPU nodes uses two 16-core AMD Abu Dhabi processors, while the 676 GPU nodes use one 16-core AMD Interlagos and one NVIDIA Kepler K20.” Read more of this story at Slashdot

Continue Reading:
Indiana University Dedicates Biggest College-Owned Supercomputer

New submitter trims writes “The TSA is now in the public comment stage of its project to roll out Advanced Imaging Technology (i.e. full-body X-ray) scanners. The TSA wants your feedback as to whether or not this project should be continued or cancelled. Now is your chance to tell the TSA that this is a huge porkbarrel project and nothing more than Security Theater. You can comment at http:///www.regulations.gov and reference the docket ID TSA-2013-0004.” Note: the backscatter X-ray machines are being phased out, in favor of millimeter-wave systems; the linked documents give the government’s side of the story when it comes to efficacy, safety, privacy, and worth

Read the original post:
TSA Accepting Public Comments On Whole Body Airport Screening

An anonymous reader writes “With the latest development work on Clang ahead of the release of LLVM version 3.3, Clang is now C++11 feature complete. The last remaining features of the ISO C++11 feature specification have been implemented. C++11 support for GCC is also more or less complete.” Read more of this story at Slashdot.

See the original post:
LLVM Clang Compiler Now C++11 Feature Complete

Microsoft had been expected to roll out two-factor authentication for its accounts, and the company officially announced its plans today. The software maker will roll out an upgrade to Microsoft accounts over the coming days to enable an optional two-factor authentication service to improve account security. The service will protect an entire Microsoft account using a certification process with codes. Similar to Google, Microsoft will also let users use app passwords for services, like Xbox, that don’t currently directly support two-factor authentication. A Windows Phone app to support the service is already available and the app supports a standard protocol for two-step verification codes, meaning you can also use it for Gmail and…

More:
Two-factor authentication announced for Microsoft accounts

When bombs explode in a crowded city street, individuals and governments naturally ask themselves, “Could we have prevented this if we had been paying better attention to people and things that were out of place?” Trouble is, that question leads to a whole cascade of other questions — covering everything from personal privacy to racism.        

View article:
If you see something, say something: Liveblogging from a lecture about terrorism, security, and visual narratives

Google’s rolled out an “Inactive Account Manager” — a dead-man’s switch for your Google accounts. If you set it, Google will watch your account for protracted inactivity. After a set period, you can tell it to either squawk (“Email Amnesty International and tell them I’m in jail,” or “Email my kids and tell them I’m        

View post:
Google adds a "dead-man’s switch" — uses cases from torture-resistance to digital wills

New submitter JonOomph writes “Director Alex Cox, the creator of Repo Man and Sid and Nancy, is making plans via Kickstarter for his next film, Bill, the Galactic Hero, a feature-length science fiction comedy set in the far reaches of our galaxy. He is challenging the norm by shooting the film on 35mm monochrome (black and white) film, possibly the last film to ever attempt this, and possibly the first feature film to be edited with popular open source video editor OpenShot.” If you don’t like spoilers, I suggest reading this short but fascinating piece on Repo Man (one of my all-time favorite movies) only after watching it. Read more of this story at Slashdot.

More:
Repo Man Director Alex Cox Plans To Edit Next Film With OpenShot

A huge network of over 90,000 IP addresses has been targeting WordPress blog installations with a brute force attack, attempting to gain access by using the default “admin” username by trying multiple passwords. Two prominent hosting providers, CloudFlare and HostGator , report that the scale of the current attack is much larger than usual. CloudFlare tells The Next Web that is has blocked 60 million requests in the past hour.

See more here:
Massive botnet using brute force attack to target WordPress sites

A company called RT66 appears to be injecting code into secure Web-sessions, possibly with collusion from ISPs like CMA Communications. No one’s sure how they’re doing this, neither RT66 or CMA are answering questions, and it’s bad news all around.        

Continue reading here:
ISPs and creepy ad company injecting traffic into secure Web sessions

Projectophile’s Clare has a funny post about the hazards presented by beautiful mid-century modern home designs to children. My grandparents had a proper split-level MCM when I was a kid, and it’s a wonder we survived. As Clare says, “I love open, flowing space as much as the next modern girl. But I know it        

More:
Mid-Century Modern housing designs vs children

waderoush writes “How many electronic gadgets did you own in 2005? How many do you own today? The answer is almost certainly a lot fewer. Counter to the dominant trend in consumer technology since the 1920s — and despite predictions of a coming ‘Internet of things’ — there may actually be *less* electronic stuff in our homes and offices today than ever before.

Read more here:
Where Have All the Gadgets Gone?

Nerval’s Lobster writes “The Green Grid, which helped popularize metrics for minimizing wasted electricity in data centers, has developed a new method for cutting down on wasted electronics as old servers and other equipment reach their inevitable retirement. The Electronics Disposal Efficiency metric is designed to help minimize electronic waste, specifically servers and other enterprise hardware. It will take a cue from other organizations, including the Solving the E-waste Problem (StEP) Initiative. The Green Grid is trying to build on established regulations that govern the disposal of consumer electronics such as televisions, including the rules governing Waste Electronics and Electrical Equipment (WEEE) within the EU. The metric isn’t concerned with whether equipment has been reused or recycled, or where it’s broken down into component parts

Read the original post:
The Green Grid Publishes New Data Center Recycling Metric

How times have changed. The US Transportation and Security Administration on Tuesday announced it would be relaxing the restrictions on items prohibited from being carrying aboard airplanes. Starting April 25th, for the first time since the September 11th, 2001 attacks, the agency will allow airline passengers to pack “small knives,” and sports equipment in their carry on baggage. The changes are being made to try and reduce the number of items the TSA confiscates that the agency doesn’t think pose a threat to safety, Bloomberg reports. But flight attendant labor groups are criticizing the decision as unsafe and shortsighted

More:
TSA to allow small knives, sports equipment on planes starting April 25th

Microsoft has revealed that it has also “recently experience a similar security intrusion” to the hacking attacks on Facebook and Apple . In a statement on the Microsoft Security Response Center blog , Microsoft’s Matt Thomlinson says a “small number of computers” were found to be infected with malware, including some in the company’s Mac business unit. “We have no evidence of customer data being affected and our investigation is ongoing,” says Thomlinson. It appears that the attacks are related to a Java vulnerability that has hit a number of firms, including Twitter , Apple , and Facebook . A popular iPhone developer website, iPhoneDevSDK, was recently patched to prevent a malware issue that infected employee computers at Facebook…

Read this article:
Microsoft says it was also attacked by hackers, small number of PCs infected with malware

As part of a (brief) rant on Twitter today about the dangers of using web services that are based in the United States, Mega founder Kim Dotcom said the service will expand “in the coming years” beyond cloud storage to offer secure email, web chat, voice, video, and “mobile” (emphasis his) products. Naturally, no details have been offered beyond the single tweet teasing the new features, but from a series of messages on Twitter it’s clear that the focus is on privacy. The tease came after Dotcom advised his followers not to use US-based web services, like Gmail, Skype, and iCloud, claiming that they have to “provide (by law) secret & untraceable NSA backdoors to all your data.” The expanded web services would most certainly be based in… Continue reading…

Read the original:
Kim Dotcom teases new ‘secure’ and private Mega email, chat, voice, and video services

Reports from the Russian region of the Ural Mountains suggest that a meteor may have exploded 10,000 meters above the ground this morning. YouTube videos show loud blasts and bright objects falling from the sky, and an emergency official told Reuters that “It was definitely not a plane. We are gathering the bits of information and have no data on the casualties so far.” The incident occurred in Chelyabinsk, about 1,500 kilometers (930 miles) east of Moscow. “Preliminary indications are that it was a meteorite rain,” said an emergency official speaking to RIA-Novosti

Read More:
Russia rocked by possible meteor explosion

Microsoft is having one of its biggest “Patch Tuesday” monthly security updates ever, issuing fixes for a whopping 57 flaws in Windows, Internet Explorer, Microsoft Office, and other products. And who does Microsoft have to thank for more than half of these reported problems? Google. Continue reading…

View original post here:
Google engineers found over half the bugs in Microsoft’s latest security update

President Obama on Tuesday signed a new cybersecurity executive order, allowing the government to share more information it has on so-called national “cyber threats” with private companies, namely infrastructure providers. The executive order expands upon a voluntary cyber threat information-sharing program already in place — the ” Enhanced Cybersecurity Services program” (PDF) launched in May 2012 under the Departments of Defense and Homeland Security as part of a larger initiative for information sharing between the government and defense contractors, known as the ” Defense Industrial Base Cybersecurity Activities (PDF) .” Participation in that program has gone up and down, though, with 17 companies joining initially only for five to… Continue reading…

Link:
President Obama signs cybersecurity order

If you need yet another reason to ensure your Facebook privacy settings are adequately locked down, Raytheon’s “Riot” software should do the trick. Developed by the Massachusetts-based security firm, Riot — short for Rapid Information Overlay Technology — can quickly mine various social networks for an individual user’s data, using previous posts to predict your future behavior and / or your location at any given time. A video obtained by The Guardian , sourced from a 2010 presentation, demonstrates how the software can quickly dig for sensitive data like the top 10 places you visit most frequently. That information can then be parsed into more specific criteria (how many times you hit the gym each month, what time you typically go,… Continue reading…

Read More:
‘Riot’ software could help governments spy on your real-life activity through social networks

An anonymous reader writes “NASA is trying to measure the air pollution by flying a plane at various altitudes over the bay area. The tests are a part of a larger effort led by the DISCOVER-AQ campaign — a multi-year program launched across the United States in 2011 by NASA’s Langley Research Center in Hampton, Virginia. DISCOVER-AQ stands for Deriving Information on Surface conditions from Column and Vertically Resolved Observations Relevant to Air Quality. NASA’s Langley Research Center in Hampton, Va., is the lead center for the mission.” Read more of this story at Slashdot

More:
NASA Planes Fly Over Bay Area To Measure Air Pollution Levels

Flozzin writes with news that documents published to the U.S. Federal Communications Commission’s website have provided new details about Project Glass, Google’s augmented-reality headset. “A test report describes video playing on the device alongside audio running to a ‘vibrating element.’ The description tallies with a patent filing suggesting it plays sound via ‘bone-conduction’ tech rather than earbuds. Developers are due to receive a test edition of the headset later this year. …

See original article:
Details of Google’s Project Glass Revealed In FCC Report