distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.
The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn't be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.
The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates.
Critical Linux Vulnerability Discovered
From Ars Technica:
How Many Americans Think They Can Catch an STD from their Computer?
If only there were a place where people had access to vast troves of information, and could seek it out to inform themselves about things they do not understand . . . From the LA Times:
A recent study found that many Americans are lost when it comes to tech-related terms, with 11% saying that they thought HTML — a language that is used to create websites — was a sexually transmitted disease. The study was conducted by Vouchercloud.net, a coupons website, as a way to determine how knowledgeable users are when it comes to tech terms . . . Besides HTML, there were some other amusing findings:
Florida: Big Business and Big Government Collude to Further Undermine the Constitution of the United States
The government of the United States honors its illegal commitments to corporations over its supposed commitment to upholding the Constitution of the United States. If this doesn't make your blood boil, you are probably a fascist. From Ars Technica:
A police department in Florida failed to tell judges about its use of a cell phone tracking tool "because the department got the device on loan and promised the manufacturer to keep it all under wraps," the American Civil Liberties Union said in a blog post today.
The device was likely a "Stingray," which is made by the Florida-based Harris Corporation. Stingrays impersonate cell phone towers in order to compel phones to "reveal their precise locations and information about all of the calls and text messages they send and receive," the ACLU noted. "When in use, stingrays sweep up information about innocent people and criminal suspects alike."All government employees who participated in these despicable acts should be tried for treason.
The tracking technology was used by the Tallahassee Police Department in September 2008 to locate a man accused of rape and the theft of a purse, which contained the alleged victim's cell phone. The man, James L. Thomas, was convicted of sexual battery and theft, but he filed an appeal "contending that evidence obtained in violation of the Fourth Amendment, and article I, section 12 of the Florida Constitution, was introduced against him at trial," according to a court ruling in November 2013 that reversed the conviction and ordered a new trial.
Police "did not want to obtain a search warrant because they did not want to reveal information about the technology they used to track the cell phone signal," the District Court of Appeal ruling said. "The prosecutor told the court that a law enforcement officer 'would tell you that there is a nondisclosure agreement that they’ve agreed with the company.'"
Predictable: UK Internet Censorship Official Arrested for Child Pornography
It appears one of the higher up UK officials in charge of crafting that government's internet censorship policy and "pornography filter" is himself a pedophile and likely child pornographer. You can't make this stuff up folks. These people are degenerate scum. One wonders how many other pedos there are wandering the halls of Downing Street. From the Guardian:
A senior aide to David Cameron resigned from Downing Street last month the day before being arrested on allegations relating to child abuse images. Patrick Rock, who was involved in drawing up the government's policy for the large internet firms on online pornography filters, resigned after No 10 was alerted to the allegations.
Rock was arrested at his west London flat the next morning. Officers from the National Crime Agency subsequently examined computers and offices used in Downing Street by Rock, the deputy director of No 10's policy unit, according to the Daily Mail, which disclosed news of his arrest. No 10 confirmed on Monday evening that Rock had been arrested. A spokesman: "On the evening of 12 February, Downing Street was first made aware of a potential offence relating to child abuse imagery. It was immediately referred to the National Crime Agency (CEOP).
Tennessee: Safety Hysterics Implement University Movement Tracking System
From Tennessee State University:
Tennessee State University (TSU) is implementing a new policy to keep students and staff safe. The changes come after a rash of vandalism and a shooting this school year on campus.
It's already difficult for students to get around campus without identification.
"I use it going to the cafeteria, going in and out of my dorm and driving on campus," freshman Xavier Johnson explained about the importance of his identification.
A new policy has students and staff lining the halls at the campus police department. Each one is required to get a new photo identification. Starting on March 1st it must be prominently displayed while on campus.
The current policy requires everyone to be able to present identification only when asked.
Online Learning: Free Lecture Courses on Data Communications, Networking, Cryptography and Computer Security
I've been meaning to bring these resources together into a post for some time now. There are a ridiculous number of free university level courses on communications, networking, cryptography and computer security available online. Here are some of the better courses, lectures and video tutorials that I've come across over the last six months, all of which are appropriate for people who are looking for in depth introductions to these fields, or more experienced folks who would like a refresher on the fundamentals.
• Steve Gordon's Lecture Courses
Steve Gordon is an Associate Professor at Sirindhorn International Institute of Technology (SIIT), Thammasat University, Thailand. On his Youtube page, you can find four complete lecture series on Security and Cryptography, IT Security, Data Communications and Networks, and Internet Technologies and Applications.
• Introduction to Cryptography
Christof Paar, a Professor at Ruhr University, Bochum Germany, provides an introduction to modern cryptography in this series of 24 lectures.
• Cryptography and Network Security
Prof. D. Mukhopadhyay, from the Department of Computer Science and Engineering at the Indian Institute of Technology provides a broad introduction to Cryptography and Network security in this series of 41 lectures. Production quality could be better, but the video lectures are substantive in nature.
• Computer System Engineering
This undergraduate course, taught by Prof. Robert Morris and Prof. Samuel Madden from MIT, covers the basics of networking and computer security. The first few lectures are not available. But the units on networking and cryptography are available in full beginning with lecture 9.
• Fundamentals of Computer Networking
This series contains over 30 lectures by Professor Parviz Kermani Department of Electrical & Computer Engineering at Manhattan College, and provides an in depth introduction to the basics of computer networking.
• Google Tech Talks on Cryptography (Assorted lectures and seminars from the Google Tech Talk series relating to cryptography and computer security)
• Intro to Network Scanning (Basic introduction to network scanning tools)
• Intro to Pentesting (10 short tutorials)
Lecture Series
Steve Gordon is an Associate Professor at Sirindhorn International Institute of Technology (SIIT), Thammasat University, Thailand. On his Youtube page, you can find four complete lecture series on Security and Cryptography, IT Security, Data Communications and Networks, and Internet Technologies and Applications.
• Introduction to Cryptography
Christof Paar, a Professor at Ruhr University, Bochum Germany, provides an introduction to modern cryptography in this series of 24 lectures.
• Cryptography and Network Security
Prof. D. Mukhopadhyay, from the Department of Computer Science and Engineering at the Indian Institute of Technology provides a broad introduction to Cryptography and Network security in this series of 41 lectures. Production quality could be better, but the video lectures are substantive in nature.
• Computer System Engineering
This undergraduate course, taught by Prof. Robert Morris and Prof. Samuel Madden from MIT, covers the basics of networking and computer security. The first few lectures are not available. But the units on networking and cryptography are available in full beginning with lecture 9.
• Fundamentals of Computer Networking
This series contains over 30 lectures by Professor Parviz Kermani Department of Electrical & Computer Engineering at Manhattan College, and provides an in depth introduction to the basics of computer networking.
Miscellaneous Video
• Whitfield Diffie on the History of Public Key Cryptography• Google Tech Talks on Cryptography (Assorted lectures and seminars from the Google Tech Talk series relating to cryptography and computer security)
• Intro to Network Scanning (Basic introduction to network scanning tools)
• Intro to Pentesting (10 short tutorials)
British and US Spy Agencies Compromise Yahoo Chat
It needs to be said: the actions of intelligence agencies such as the NSA and the British GCHQ amount to an act of war against innocent civilian populations around the world. This brings their actions into line with the definition of terrorism, the use of force or the threat of the use of force against civilian populations to achieve political ends. It is time for people to stand up and call these government agencies out for what they are: state sponsored terrorist groups. From The Guardian:
Britain's surveillance agency GCHQ, with aid from the US National Security internet users not suspected of wrongdoing, secret documents reveal.
Agency, intercepted and stored the webcam images of millions of GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.
In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.
Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of "a whole new level of violation of our users' privacy".
Subscribe to:
Posts (Atom)