Outernet: Project Seeks to Create Worldwide Free Satellite Internet

From Outernet:
Outernet connects everyone around the globe.
There are more computing devices in the world than people, yet only 60% of the global population has access to the wealth of knowledge found on the Internet. The price of smartphones and tablets is dropping year after year, but the price of data in many parts of the world continues to be unaffordable for the majority of global citizens. In some places, such as rural areas and remote regions, cell towers and Internet cables simply don't exist. The primary objective of the Outernet is to bridge the global information divide.
Broadcasting data allows citizens to reduce their reliance on costly Internet data plans in places where monthly fees are too expensive for average citizens. And offering continuously updated web content from space bypasses censorship of the Internet. An additional benefit of a unidirectional information network is the creation of a global notification system during emergencies and natural disasters.
Access to knowledge and information is a human right and Outernet will guarantee this right by taking a practical approach to information delivery. By transmitting digital content to mobile devices, simple antennae, and existing satellite dishes, a basic level of news, information, education, and entertainment will be available to all of humanity.
Although Outernet's near-term goal is to provide the entire world with broadcast data, the long-term vision includes the addition of two-way Internet access for everyone. For free.

Snowden Drip: Government Funded Character Assassination Squads Rampant Online

From The Intercept:
One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents.
Over the last several weeks, I worked with NBC News to publish a series of articles about “dirty trick” tactics used by GCHQ’s previously secret unit, JTRIG (Joint Threat Research Intelligence Group). These were based on four classified GCHQ documents presented to the NSA and the other three partners in the English-speaking “Five Eyes” alliance. Today, we at the Intercept are publishing another new JTRIG document, in full, entitled “The Art of Deception: Training for Online Covert Operations.”
By publishing these stories one by one, our NBC reporting highlighted some of the key, discrete revelations: the monitoring of YouTube and Blogger, the targeting of Anonymous with the very same DDoS attacks they accuse “hacktivists” of using, the use of “honey traps” (luring people into compromising situations using sex) and destructive viruses. But, here, I want to focus and elaborate on the overarching point revealed by all of these documents: namely, that these agencies are attempting to control, infiltrate, manipulate, and warp online discourse, and in doing so, are compromising the integrity of the internet itself.
Follow the link for all the gory details.  Here's a sample slide from the leaked document:


Voice Chat App Aids Anti-Government Uprisings Across the World

From Defense One:
Entrepreneur Bill Moore was in his Austin, Texas, office last Thursday, watching explosive growth for his company’s walkie-talkpublic dissatisfaction over crime and multiple other factors.
ie app, Zello, inside Venezuela. Zello had become the favorite app of protest organizers there after recently hitting the mark as the most popular app in Ukraine. Over the past few days in Venezuela, the protests ballooned following rapidly rising food prices, controversy over President Nicolas Maduro’s economic policies,
Moore was finding that in Venezuela that popularity had a price. Shortly after 9 p.m., his Twitter feed blew up with messages from users inside the country. The government-owned Internet service provider, CANTV, which hosts 90 percent of Venezuela’s Internet traffic, was blocking the app as well as access to Zello’s website. Downloads were dropping off considerably.
Check out Zello here.

Goto Fail: Apple iOS Bug Compromises SSL, Opens Vector for Attackers

From ZDNet:
Apple on Friday revealed a major SSL (Secure Socket Layer) vulnerability in
its software that affects all devices, allowing hackers to intercept and alter communications such as email and login credentials for countless Apple hardware users.

A new version of Apple's iOS for its tablets and phones was rushed out the door Friday to patch the vulnerability, wherein its mobile, tablet and desktop software is not doing SSL/TLS hostname checking — communications meant to be encrypted, are not.

The patch has only been issued for the more recent iPhones (4 and later), iPod touch (5th generation) and iPad (2nd generation).

Security researchers across several communities believe that Mac computers are even more exposed, as they are currently left hanging without a patch.
Imperial Violet has details on the bug itself:

So here's the Apple bug:

static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                 uint8_t *signature, UInt16 signatureLen)
{
 OSStatus        err;
 ...

 if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
  goto fail;
 if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
  goto fail;
  goto fail;
 if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
  goto fail;
 ...

fail:
 SSLFreeBuffer(&signedHashes);
 SSLFreeBuffer(&hashCtx);
 return err;
}
 
(Quoted from Apple's published source code.)
Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn't conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.
If you're worried your system may be affected, follow the link above to Imperial Violent, who has created a tool to do a quick check.

Massive Data Breach at University of Maryland

Governments, corporations, educational institutions, all of them completely incompetent when it comes to basic data security.  This is going to be a headache for a lot of people.  From Malwarebytes:
The University of Maryland (UMD) said it was the victim of a recent cyberattack, according to their statement released Wednesday. In the letter, UMD President Wallace D. Loh said he was informed of the breach yesterday evening by Brian Voss, the Vice President of Information Technology at the university.

“A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students and affiliated personnel,” Dr. Loh said. “The records included name, Social Security number, date of birth, and University identification number.”

Snowden Leaks Spurred Massive Growth at DuckDuckGo

From Fastcolabs:
When Gabriel Weinberg launched a search engine in 2008, plenty of people thought he was insane. How could DuckDuckGo, a tiny, Philadelphia-based startup, go up against Google? One way, he wagered, was by respecting user privacy. Six years later, we're living in the post-Snowden era, and the idea doesn't seem so crazy.
In fact, DuckDuckGo is exploding.  Looking at a chart of DuckDuckGo's daily search queries, the milestones are obvious. A $3 million investment from Union Square Ventures in 2011. Just prior to that, a San Francisco billboard campaign. Inclusion in Time's 50 Best Websites of 2011. Each of these things moved the traffic needle for DuckDuckGo, but none of them came close to sparking anything like the massive spike in queries the company saw last July. That's when Edward Snowden first revealed the NSA's extensive digital surveillance program to the world. The little blue line on the chart hasn't stopped climbing north since.

Google Exploring Plans to Roll Out Fiber to 34 New Cities

Given the planned Comcast/Time Warner merger, we need as much real competition as we can get.  From Google:
Over the last few years, gigabit Internet has moved from idea to reality, with dozens of communities (PDF) working hard to build networks with speeds 100 times faster than what most of us live with today. People are hungrier than ever for faster Internet, and as a result, cities across America are making speed a priority. Hundreds of mayors from across the U.S. have stated (PDF) that abundant high-speed Internet accessPortland, Nashville (PDF) and dozens of others have made high-speed broadband a pillar of their economic development plans. And Julian Castro, the mayor of San Antonio, declared in June that every school should have access to gigabit speeds by 2020.

We've long believed that the Internet’s next chapter will be built on gigabit speeds, so it’s fantastic to see this momentum. And now that we’ve learned a lot from our Google Fiber projects in Kansas City, Austin and Provo, we want to help build more ultra-fast networks. So we’ve invited cities in nine metro areas around the U.S.—34 cities altogether—to work with us to explore what it would take to bring them Google Fiber.
is essential for sparking innovation, driving economic growth and improving education.