How To Access Someone's Stored Passwords on Google Chrome

If a trouble-making friend gained access to your browser, what could they access?  Depending on your choice of browser and its security settings, the answer may be: everything.  From The Guardian:
A serious flaw in the security of Google's Chrome browser lets anyone with access to a user's computer see all the passwords stored for email, social media and other sites, directly from the settings panel. No password is needed to view them.

Besides personal accounts, sensitive company login details would be compromised if someone who used Chrome left their computer unattended with the screen active.
Seeing the passwords is achieved simply by clicking on the Settings icon, choosing "Show advanced settings…" and then "Manage saved passwords" in the "Passwords and forms" section. A list of obscured passwords is then revealed for sites - but clicking beside them reveals the plain text of the password, which could be copied, or sent via a screenshot to an outside site.
Posted by on No comments:
Labels: ,

Overcriminalization: Felony Streaming

Are you familiar with the term overcriminalization?  From Overcriminalized, a project of the Heritage Foundation:
“Overcriminalization” describes the trend in America – and particularly in Congress – to use the criminal law to “solve” every problem, punish every mistake (instead of making proper use of civil penalties), and coerce Americans into conforming their behavior to satisfy social engineering objectives. Criminal law is supposed to be used to redress only that conduct which society thinks deserving of the greatest punishment and moral sanction.
But as a result of rampant overcriminalization, trivial conduct is now often punished as a crime.  Many criminal laws make it possible for the government to convict a person even if he acted without criminal intent (i.e., mens rea). Sentences have skyrocketed, particularly at the federal level.
The Washington Post provides us with a perfect example of this creeping trend in US society and government.  The criminalization of online streaming.  Have you ever watched a streaming video on a site that may not have had all the proper licenses?  The federal government wants to make that a felony:
You probably remember the online outrage over the Stop Online Piracy Act (SOPA) copyright enforcement proposal. Last week, the Department of Commerce’s Internet Policy Task Force released a report on digital copyright policy that endorsed one piece of the controversial proposal: making the streaming of copyrighted works a felony.

As it stands now, streaming a copyrighted work over the Internet is considered a violation of the public performance right. The violation is only punishable as a misdemeanor, rather than the felony charges that accompany the reproduction and distribution of copyrighted material.
Posted by on No comments:
Labels: ,

Fed Malware Takes Down Tor Host

From Wired:
Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.

The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect.

“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”

If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007.
Posted by on No comments:
Labels:

FBI "Harvests" Your Digital Information, Pressures ISP's to Install Surveillance Machines

New revelations of the breadth and scope of the federal government's digital spying and surveillance operations continue apace.  No one is safe from their prying eyes.  From CNET:
The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies' internal networks to facilitate surveillance efforts.

FBI officials have been sparring with carriers, a process that has on occasion included threats of contempt of court, in a bid to deploy government-provided software capable of intercepting and analyzing entire communications streams. The FBI's legal position during these discussions is that the software's real-time interception of metadata is authorized under the Patriot Act.

Attempts by the FBI to install what it internally refers to as "port reader" software, which have not been previously disclosed, were described to CNET in interviews over the last few weeks. One former government official said the software used to be known internally as the "harvesting program."
Posted by on No comments:
Labels:

Government Increasingly Using Hacking Tools

From the Wall Street Journal:
Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.

Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.

People familiar with the Federal Bureau of Investigation's programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can't be wiretapped like a phone, is called "going dark" among law enforcement . . .

The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc.'s GOOG +1.82% Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment. 
Posted by on No comments:
Labels:

Surveillance Society Security Hysteria: Police Harrassing People for Their Internet Search Habits

We should be surprised to read stories like this, but unfortunately, it is not surprising at all.  From The Guardian:
It was a confluence of magnificent proportions that led to six agents from the joint terrorism task force to knock on my door Wednesday morning. Little did my husband and I know that our seemingly innocent, if curious to a fault, Googling of certain things were creating a perfect storm of terrorism profiling. Because somewhere out there, someone was watching. Someone whose job it is to piece together the things people do on the internet raised the red flag when they saw our search history.

Most of it was innocent enough. I had researched pressure cookers. My husband was looking for a backpack. And maybe in another time those two things together would have seemed innocuous, but we are in "these times" now. And in these times, when things like the Boston bombing happen, you spend a lot of time on the internet reading about it and, if you are my exceedingly curious, news junkie 20-year-old son, you click a lot of links when you read the myriad of stories. You might just read a CNN piece about how bomb making instructions are readily available on the internet and you will in all probability, if you are that kid, click the link provided.
Posted by on No comments:
Labels:

Drip: New Leaked Documents Reveal NSA Program to Gather "Nearly Everything a User Does on the Internet"

New revelations about the breadth and depth of the US Federal Government's totalitarian global surveillance system from Glenn Greenwald in the Guardian:
A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden.

The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet.  The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
Posted by on No comments:
Labels:
Subscribe to: Posts (Atom)