A new study by KU Leuven-iMinds researchers has uncovered that 145 of the Internet’s 10,000 top websites track users without their knowledge or consent. The websites use hidden scripts to extract a device fingerprint from users’ browsers. Device fingerprinting circumvents legal restrictions imposed on the use of cookies and ignores the Do Not Track HTTP header. The findings suggest that secret tracking is more widespread than previously thought.
You Are Being Fingerprinted and Tracked
From Kuleuven:
UK Launches Attack Against Torrent Sites
From Torrent Freak:
The newly founded Intellectual Property Crime Unit of the City of London Police has scored its first victories. Several domain names of major torrent sites have been suspended by their registrars following an urgent request from the unit. SumoTorrent and MisterTorrent lost control over their domains and ExtraTorrent had its .com domain suspended. Not all registrars are caving in that easily though, as easyDNS is refusing to comply and sees the requests as abuse of power.In the City of London, by the way, corporations are allowed to vote.
Networking: 5 Wifi Securty Myths and the Crypto-Solution
PC World takes on some apparently popular wifi network security myths. Excerpt:
It concludes with a call for encryption:
Wi-Fi has evolved over the years, and so have the techniques for securing your wireless network. An Internet search could unearth information that’s outdated and no longer secure or relevant, or that’s simply a myth.
We’ll separate the signal from the noise and show you the most current and effective means of securing your Wi-Fi network . . .
It concludes with a call for encryption:
Now that we’ve dispensed with five Wi-Fi security myths, let’s discuss the best way to secure your wireless network: encryption. Encrypting—essentially scrambling—the data traveling over your network is powerful way to prevent eavesdroppers from accessing data in a meaningful form. Though they might succeed in intercepting and capturing a copy of the data transmission, they won’t be able to read the information, capture your login passwords, or hijack your accounts unless they have the encryption key . . .
NSA Defends Its Attacks Against Anonymous Networks
The Director of National Intelligence defends the NSA's attacks against anonymous networks. From Allthingsd:
The National Security Agency may have attempted to penetrate and compromise a widely used network designed to protect the anonymity of its users, but it was only because terrorists and criminals use it, too.Perhaps that may sound reasonable, until you realize that by "our adversaries" the NSA basically means EVERYONE, including all US citizens. Recall this piece from the Guardian:
That’s the explanation from Director of National Intelligence James Clapper about the recently disclosed attacks by the NSA and its companion agency in the U.K. against The Onion Router, or Tor, a network that uses a constantly changing list of specially configured servers to relay and anonymize the Internet traffic of its users.
In a statement posted to the DNI’s blog, Clapper acknowledged NSA’s “interest in tools used to facilitate anonymous online communication.” However, media coverage of the work fails to point out that “the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies.”
Since 2011, the total spending on Sigint enabling has topped $800m. The program "actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs", the document states. None of the companies involved in such partnerships are named; these details are guarded by still higher levels of classification.
Among other things, the program is designed to "insert vulnerabilities into commercial encryption systems". These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as "adversaries".The NSA is the man in the middle . . .
Stop the Trans-Pacific Partnership's Attack on Open Internet
From the Electronic Frontier Foundation:
President Obama was scheduled to meet with the leaders of the other eleven countries negotiating the Trans-Pacific Partnership agreement ahead of the Asia-Pacific Economic Cooperation (APEC) meeting in Bali, supposedly to plan the “end-game” for this massive trade deal. However, he has made a sudden decision to cancel his trip, claiming that this was a casualty of the government shutdown. Obama's announcement adds to the impression that goal of completing TPP at APEC has become unobtainable and reveal how precariously the negotiations are going.
There are reports that the remaining TPP country leaders who will be attending the APEC meeting will still be convening “with the aim of hammering out a framework.” As we've also previously mentioned, smaller issue-specific intersessional meetings have also grown more frequent and gone even further underground. So while the news of his trip getting cancelled is indeed welcome news, the TPP still could be signed even as its contents remain hidden from the public.
We only know what kind of copyright enforcement provisions are in this agreement due to leaks, but what we do know for sure is that this agreement is driven by corporate interests who want to enact their own digital policy standards through an undemocratic, backdoor process. We need to spread the word about the TPP far and wide . . .
Silk Road Shutdown an Opportunity for Black Market Internet Entrepreneurs
Nature abhors a vacuum. With the shutdown of Silk Road, we are likely to see some copy cats spring up across the web. From the Guardian:
Although it was certainly the most high profile, Silk Road was not the first illegal marketplace hidden within the dark web or on the open internet.
"Silk Road will almost certainly be replaced by a copycat-like site, as has been the case in carder markets where people trade fraudulent credit card information. Those kinds of places have been shut down in the past and very, very quickly replaced by others," said Rik Ferguson, vice-president of security research at Trend Micro, talking to the Guardian.
Sites similar to Silk Road already exist within the Tor network. Two stores called Atlantis and Sheep Marketplace offer illegal drugs, equipment and services akin to Silk Road.
However, some sites go further – Bitcoin-powered shop called Black Market Road, for instance, also sells illegal weapons, something Silk Road withdrew after high profile shootings in the US.
Adobe Hacked: Data on 3 Million Customers Compromised
From Adobe:
Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident . . .
Subscribe to:
Posts (Atom)