Chrome Cache Security Vulnerability

Make sure to dump that cache.  From USA Today:
A major security flaw in Google's popular Chrome browser was exposed on Thursday by data management firm Identity Finder.  The flaw comes into play anytime you type personal information into webforms at trusted websites or directly into the Chrome browser address bar.

Researchers found that Chrome's caching mechanism routinely stores names, e-mail addresses, street addresses, phone numbers, bank account numbers, social security numbers and credit card numbers directly onto your hard drive in plain text -- without your knowledge or consent.  The function of a browser cache is to store files from websites, mainly to speed display of web pages on your next visit.  It's trivial for anyone with physical access to your computer to view and copy all of this sensitive personal data.
Posted by on No comments:
Labels: ,

ICANN Concerned Massive Government Surveillance Erodes Trust and Confidence in Internet

A statement issued by ICANN:
The leaders of organizations responsible for coordination of the Internet technical infrastructure globally have met in Montevideo, Uruguay, to consider current issues affecting the future of the Internet.
The Internet and World Wide Web have brought major benefits in social and economic development worldwide. Both have been built and governed in the public interest through unique mechanisms for global multistakeholder Internet cooperation, which have been intrinsic to their success. The leaders discussed the clear need to continually strengthen and evolve these mechanisms, in truly substantial ways, to be able to address emerging issues faced by stakeholders in the Internet.
In this sense:
  • They reinforced the importance of globally coherent Internet operations, and warned against Internet fragmentation at a national level. They expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance.
  • They identified the need for ongoing effort to address Internet Governance challenges, and agreed to catalyze community-wide efforts towards the evolution of global multistakeholder Internet cooperation.
  • They called for accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing.
  • They also called for the transition to IPv6 to remain a top priority globally. In particular Internet content providers must serve content with both IPv4 and IPv6 services, in order to be fully reachable on the global Internet. 
Posted by on No comments:
Labels:

You Are Being Fingerprinted and Tracked

From Kuleuven:
A new study by KU Leuven-iMinds researchers has uncovered that 145 of the Internet’s 10,000 top websites track users without their knowledge or consent. The websites use hidden scripts to extract a device fingerprint from users’ browsers. Device fingerprinting circumvents legal restrictions imposed on the use of cookies and ignores the Do Not Track HTTP header. The findings suggest that secret tracking is more widespread than previously thought.
Posted by on No comments:
Labels:

UK Launches Attack Against Torrent Sites

From Torrent Freak:
The newly founded Intellectual Property Crime Unit of the City of London Police has scored its first victories. Several domain names of major torrent sites have been suspended by their registrars following an urgent request from the unit. SumoTorrent and MisterTorrent lost control over their domains and ExtraTorrent had its .com domain suspended. Not all registrars are caving in that easily though, as easyDNS is refusing to comply and sees the requests as abuse of power.
In the City of London, by the way, corporations are allowed to vote.  
Posted by on No comments:
Labels:

Networking: 5 Wifi Securty Myths and the Crypto-Solution

PC World takes on some apparently popular wifi network security myths.  Excerpt:
Wi-Fi has evolved over the years, and so have the techniques for securing your wireless network. An Internet search could unearth information that’s outdated and no longer secure or relevant, or that’s simply a myth.

We’ll separate the signal from the noise and show you the most current and effective means of securing your Wi-Fi network . . . 

It concludes with a call for encryption:

Now that we’ve dispensed with five Wi-Fi security myths, let’s discuss the best way to secure your wireless network: encryption. Encrypting—essentially scrambling—the data traveling over your network is powerful way to prevent eavesdroppers from accessing data in a meaningful form. Though they might succeed in intercepting and capturing a copy of the data transmission, they won’t be able to read the information, capture your login passwords, or hijack your accounts unless they have the encryption key . . . 
Posted by on No comments:
Labels: , ,

NSA Defends Its Attacks Against Anonymous Networks

The Director of National Intelligence defends the NSA's attacks against anonymous networks.  From Allthingsd:
The National Security Agency may have attempted to penetrate and compromise a widely used network designed to protect the anonymity of its users, but it was only because terrorists and criminals use it, too.

That’s the explanation from Director of National Intelligence James Clapper about the recently disclosed attacks by the NSA and its companion agency in the U.K. against The Onion Router, or Tor, a network that uses a constantly changing list of specially configured servers to relay and anonymize the Internet traffic of its users.

In a statement posted to the DNI’s blog, Clapper acknowledged NSA’s “interest in tools used to facilitate anonymous online communication.” However, media coverage of the work fails to point out that “the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies.”
Perhaps that may sound reasonable, until you realize that by "our adversaries" the NSA basically means EVERYONE, including all US citizens.  Recall this piece from the Guardian:
Since 2011, the total spending on Sigint enabling has topped $800m. The program "actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs", the document states. None of the companies involved in such partnerships are named; these details are guarded by still higher levels of classification.
Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries".
The NSA is the man in the middle . . .

Posted by on No comments:
Labels:

Stop the Trans-Pacific Partnership's Attack on Open Internet

From the Electronic Frontier Foundation:
President Obama was scheduled to meet with the leaders of the other eleven countries negotiating the Trans-Pacific Partnership agreement ahead of the Asia-Pacific Economic Cooperation (APEC) meeting in Bali, supposedly to plan the “end-game” for this massive trade deal. However, he has made a sudden decision to cancel his trip, claiming that this was a casualty of the government shutdown. Obama's announcement adds to the impression that goal of completing TPP at APEC has become unobtainable and reveal how precariously the negotiations are going.
There are reports that the remaining TPP country leaders who will be attending the APEC meeting will still be convening “with the aim of hammering out a framework.” As we've also previously mentioned, smaller issue-specific intersessional meetings have also grown more frequent and gone even further underground. So while the news of his trip getting cancelled is indeed welcome news, the TPP still could be signed even as its contents remain hidden from the public.
We only know what kind of copyright enforcement provisions are in this agreement due to leaks, but what we do know for sure is that this agreement is driven by corporate interests who want to enact their own digital policy standards through an undemocratic, backdoor process. We need to spread the word about the TPP far and wide . . . 

Posted by on No comments:
Labels: ,
Subscribe to: Posts (Atom)