Sophos: Firefox Voted Most Trustworthy Browser

What's your preferred browser?  A Sophos survey finds Firefox in the lead.  From Naked Security:


About a month ago I asked Naked Security readers Which web browser do you trust? Your answer was emphatic: it's Firefox.  I asked this question because trustworthiness has become an important selection criteria for web browsers and there is no objective test for it.

Modern web browsers are mature and complex products and, despite inflated version numbers and conspicuously busy release cycles, their feature sets evolve quite slowly.
Selecting the right web browser is no longer a question of what the software can do, it's about whether or not it can do the things we expect it to do quickly, securely and with due regard for our privacy.

Our poll offered readers the chance to vote for one of the six most popular web browsers -  Chrome, Firefox, Internet Explorer, Opera, Safari and Chromium - and asked which you trusted the most.
Image source: The Bandwidth Blog.
Posted by on No comments:
Labels:

LinkedIn Accused of Hacking Users Address Books to Spam Their Contacts

Is anyone else sick and tired of getting spammed with email requests to join LinkedIn from family, friends and co-workers?  It appears that LinkedIn users are now sick and tired of having their contact lists surreptitiously mined and exploited by the service.  From Bloomberg:
LinkedIn, owner of the world’s most popular professional-networking website, was sued by customers who claim the company appropriated their identities for marketing purposes by hacking into their external e-mail accounts and downloading contacts’ addresses.
The customers, who aim to lead a group suit against LinkedIn, asked a federal judge in San Jose, California, to bar the company from repeating the alleged violations and to force it to return any revenue stemming from its use of their identities to promote the site to non-members, according to a court filing . . . 
Posted by on No comments:
Labels: ,

Copyright Extremists Seek Censored Search

Copyright extremists and their lobbying organizations such as the MPAA and the RIAA are at it again.  From Tech Dirt:
Remember how back after SOPA ended, the MPAA's Chris Dodd kept going on and on about how he was going to take a more conciliatory and partnership-based approach to the tech industry (which he mistakenly seems to believe is defined by "Google")? Apparently that's out the window. Today both the MPAA and the RIAA have launched a one-two punch on Google, which is clearly designed to do one thing: get Google to start censoring its search results so that it no longer returns what people are looking for, but instead returns what the MPAA and RIAA think should be the right search results. The fundamental problem, of course, is that the MPAA and RIAA both seem to think that Google is supposed to deliver the answers they want the public to see, when everyone else recognizes Google's role is to return the results its users are searching for.
Posted by on No comments:
Labels:

Research Group Cracks Taiwan's National "Smart Card" Digital Certificates

Ironically, it is often the ineptitude and incompetence of our security protocols that leave us the most insecure.  Is there anyone more vulnerable to attack that the person who thinks they are invulnerable because they have received reassuring platitudes and slogans from those running the security racket?  From Smart Facts, a report by a group of international researchers:  
An attacker can efficiently factor at least 184 distinct 1024-bit RSA keys from Taiwan's national "Citizen Digital Certificate" database. The big story here is that these keys were generated by government-issued smart cards that were certified secure. The certificates had all the usual buzzwords: FIPS certification from NIST (U.S. government) and CSE (Canadian government), and Common Criteria certification from BSI (German government).

These 184 keys include 103 keys that share primes and that are efficiently factored by a batch-GCD computation. This is the same type of computation that was used last year by two independent teams (USENIX Security 2012: Heninger, Durumeric, Wustrow, Halderman; Crypto 2012: Lenstra, Hughes, Augier, Bos, Kleinjung, Wachter) to factor tens of thousands of cryptographic keys on the Internet.

The remaining 81 keys do not share primes. Factoring these 81 keys requires taking deeper advantage of randomness-generation failures: first using the shared primes as a springboard to characterize the failures, and then using Coppersmith-type partial-key-recovery attacks. This is the first successful public application of Coppersmith-type attacks to keys found in the wild.
Posted by on No comments:
Labels:

Blue Jay: Police Twitter Surveillance App

Ars Technica has a lengthy and interesting piece on Blue Jay, a Twitter live feed scanner intended for use by law enforcement officers, from a company with connections deep inside the US intelligence bureaucracy.  From Ars:

  . . . the "Law Enforcement Twitter Crime Scanner," which provides real-time, geo-fenced access to every single public tweet so that local police can keep tabs on #gunfire, #meth, and #protest (yes, those are real examples) in their communities. BlueJay is the product of BrightPlanet, whose tagline is "Deep Web Intelligence" and whose board is populated with people like Admiral John Poindexter of Total Information Awareness infamy.
BlueJay allows users to enter a set of Twitter accounts, keywords, and locations to scan for within 25-mile geofences (BlueJay users can create up to five such fences), then it returns all matching tweets in real-time. If the tweets come with GPS locations, they are plotted on a map. The product can also export databases of up to 100,000 matching tweets at a time.
Posted by on No comments:
Labels: ,

Online Learning: Three Free Introduction to Computer Science Courses

These days, with a bit of perseverance and discipline, it is entirely possible to receive a world class education in computer science for free online from the comfort of your own home.  Many of the top computer science departments at US universities make their course lectures and materials freely available on the net, providing motivated individuals with a range of choices that is almost unbelievable in its scope.  In this post, we'll take a look a three Introduction to Computer Science courses that have been made freely available online from Harvard, MIT and Stanford.  The Harvard course provides an introduction to C, PHP and JavaScript.  Stanford focuses on Java. And MIT utilizes the Python programming language. 

Harvard's Intensive Introduction to Computer Science
Course site and description:
This free online computer science course is an introduction to the intellectual enterprises of computer science. Topics include algorithms (their design, implementation, and analysis); software development (abstraction, encapsulation, data structures, debugging, and testing); architecture of computers (low-level data representation and instruction processing); computer systems (programming languages, compilers, operating systems, and databases); and computers in the real world (networks, websites, security, forensics, and cryptography). The course teaches students how to think more carefully and how to solve problems more effectively. Problem sets involve extensive programming in C as well as PHP and JavaScript.
Stanford's Introduction to Computer Science and Programming Methodology
Course site and description:
This course is the largest of the introductory programming courses and is one of the largest courses at Stanford. Topics focus on the introduction to the engineering of computer applications emphasizing modern software engineering principles: object-oriented design, decomposition, encapsulation, abstraction, and testing. 
Programming Methodology teaches the widely-used Java programming language along with good software engineering principles. Emphasis is on good programming style and the built-in facilities of the Java language. The course is explicitly designed to appeal to humanists and social scientists as well as hard-core techies. In fact, most Programming Methodology graduates end up majoring outside of the School of Engineering. 
MIT's Introduction to Computer Science and Programming
Course site and description:
This subject is aimed at students with little or no programming experience. It aims to provide students with an understanding of the role computation can play in solving problems. It also aims to help students, regardless of their major, to feel justifiably confident of their ability to write small programs that allow them to accomplish useful goals. The class will use the Python programming language.  Many of the problem sets focus on specific topics, such as virus population dynamics, word games, optimizing routes, or simulating the movement of a Roomba.
Posted by on No comments:
Labels: , ,

iPhone Fingerprint ID: More Trouble Than It's Worth?

If you believe the security pronouncements of any of the giant tech firms, please leave your information in the comments, I have a bridge to sell you.  Of course, the mainstream media are not nearly so skeptical.  Indeed, they're eating it up.  From Bloomberg:
Apple’s use of fingerprint scanning in its new iPhone models could lead more device makers to adopt the authentication method as a successor to passwords - - and that’s fine with privacy advocates.

The introduction coincides with the rise of cybercrime and revelations that the U.S. National Security Agency has intercepted Internet communications and cracked encryption codes on devices including the iPhone.

Apple said that on the new iPhone, information about the fingerprint is stored on the device and not uploaded to company networks -- meaning it wouldn’t be in data batches that may be sent to or collected by U.S. intelligence agencies under court orders.

“They’re not building some vast biometric database with your identity associated with your fingerprint that the NSA could then get access to,” Joseph Lorenzo Hall . . . .
That latter quote is rather funny, as governments and corporations routinely deny that they are building vast databases on us as they build vast databases on us.  Wired is a bit more circumspect:
There’s a lot of talk around biometric authentication since Apple introduced its newest iPhone, which will let users unlock their device with a fingerprint. Given Apple’s industry-leading position, it’s probably not a far stretch to expect this kind of authentication to take off. Some even argue that Apple’s move is a death knell for authenticators based on what a user knows (like passwords and PIN numbers).
While there’s a great deal of discussion around the pros and cons of fingerprint authentication — from the hackability of the technique to the reliability of readers — no one’s focusing on the legal effects of moving from PINs to fingerprints.
Because the constitutional protection of the Fifth Amendment, which guarantees that “no person shall be compelled in any criminal case to be a witness against himself,” may not apply when it comes to biometric-based fingerprints . . .
Posted by on No comments:
Labels: , , ,
Subscribe to: Posts (Atom)