Salon.com > Security

Hacker won’t help Saudi spies

Tue, 14 May 2013 20:41:00 +0000

What do you do when you're a hacker specializing in secure communications protocols, and you get a request to help the Kingdom of Saudi Arabia spy on its own people? For San Francisco's Moxie Marlinspike, a respected computer security expert, the experience provoked a thoughtful examination of the current state of hacker culture.

Not so long ago, hackers often perceived themselves as standing in opposition to authority and governments. Moreover, the subcategory of hackers who specialized in discovering and publicizing security vulnerabilities -- referred to as "exploits" in the security trade -- did so out of a belief that the best way to improve the integrity of our communication systems was by publicizing dangerous security holes.

Times have changed. As Joseph Menn documented in a breakthough special report for Reuters last week, today's security-minded hackers often end up working directly for defense contractors, hand in hand with the U.S. government. Identifying exploits and selling them off to the highest bidder has become a lucrative business. Worst of all, the buyers of these exploits aren't interested in improving security, but instead often plan to deploy these vulnerabilities for their own purposes.

TSA delays policy permitting knives onboard

Tue, 23 Apr 2013 12:06:00 +0000

A Transportation Security Administration policy scheduled to go into effect this week, which would have allowed passengers to carry pocket knives onto planes, has been temporarily put on hold. The temporary delay, while coinciding with the wake of the Boston bombings, had been urged by a number of parties in the aviation industry concerned by the policy, which would permit pocket knives, golf clubs, hockey knives and replica bats on flights. "Flight attendants, who had opposed allowing small knives on planes from the beginning, said they were working hard to make the temporary delay a permanent ban," Politico reported.

Via Politico:

The world is actually more peaceful than ever

Tue, 23 Apr 2013 11:45:00 +0000

In the aftermath of the Boston Marathon bombings, it is important to keep things in perspective, by emphasizing what the mass media tend to neglect — namely, the fact that the world has become much more peaceful in recent decades and is getting more peaceful all the time.

It does not diminish the horror of mass casualty attacks on civilians, in this and other countries, to point out that today’s terrorist incidents provide a counterpoint to a declining arc of political violence worldwide. Both violence among states and violence within states have diminished dramatically in the last few generations.

If we look at battle deaths in the last century, the spurts in the Cold War, associated with the Korean, Indochina and Soviet-Afghan wars, were dwarfed by the huge spikes of slaughter associated with the world wars. And with the end of the Cold War came a steep decline in political violence worldwide — mainly because the two sides no longer kept local conflicts going by arming and supplying opposing sides from Latin America to Africa to Asia and the Middle East.

Boston explosions highlight a frightening new reality

Mon, 15 Apr 2013 20:51:00 +0000

We don’t know what the cause of the Boston Marathon explosion yet. It could be terrorism (especially with initial reports of multiple explosive devices). It could be some infrastructure-related explosion. But the fact that such a catastrophe is no longer completely surprising is terrifying.

I heard the news as most did - through the digital grapevine. My initial reaction was the same as that of many people with loved ones in Boston - entirely personal and worried about possible friends and family who might have been maimed or, god forbid, killed. But while I fretted and texted and called, I also realized that something had changed in me -- and in all of us -- since I fled the U.S. Capitol back on Sept. 11, 2001. What had changed was that while I was nervous, worried, disgusted and anxious -- and while I was shaking my head muttering rhetorical questions about the senselessness of the world -- I was no longer shocked.

Suddenly, NYPD doesn’t love surveillance anymore

Tue, 02 Apr 2013 11:45:00 +0000

The Big Brother theory of surveillance goes something like this: pervasive snooping and monitoring shouldn't frighten innocent people, it should only make lawbreakers nervous because they are the only ones with something to hide. Those who subscribe to this theory additionally argue that the widespread awareness of such surveillance creates a permanent preemptive deterrent to such lawbreaking ever happening in the first place.

I don't personally agree that this logic is a convincing justification for the American Police State, and when I hear such arguments, I inevitably find myself confused by the contradiction of police-state proponents proposing to curtail freedom in order to protect it. But whether or not you subscribe to the police-state tautology, you have to admit there is more than a bit of hypocrisy at work when those who forward the Big Brother logic simultaneously insist such logic shouldn't apply to them or the governmental agencies they oversee.

Newspaper that published gun permit holder data hires armed security guards

Wed, 02 Jan 2013 15:55:00 +0000

The Journal News, the Lower Hudson Valley newspaper that made headlines for publishing local gun permit holders' data last week, has now hired armed security guards to protect its headquarter office, effective until the end of the day today.

The Rockland County Times reports that "according to police reports on public record, Journal News Rockland Editor Caryn A. McBride was alarmed by the volume of 'negative correspondence'" she received following the publishing of the data, "namely an avalanche of phone calls and emails to the Journal News office."

The police, however, dimissed McBride's concerns, one of which was based on an email that questioned "what McBride would get in her mail now.” Police said that the email “did not constitute an offense" or they did not consider it a threat, prompting McBride to hire a private investigation firm.

h/t Politico

Bank reimburses hacking victim $300K

Fri, 30 Nov 2012 20:47:00 +0000

In a case that may set a precedent for liability in hacking fraud incidents, a bank in Maine has agreed to reimburse a construction company $345,000 that was lost to hackers. A court ruled that the bank’s security practices were “commercially unreasonable,” reported Wired Friday.

In 2009, hackers installed malware on construction firm Patco’s computers and stole its banking credentials to steal around $300,000. People’s United Bank has agreed to pay Patco Construction Co. all the money it lost plus interest. Although a U.S. District Court ruled that People’s United wasn’t responsible for the lost money as Patco claimed, the First Circuit Court of Appeals found the bank was responsible for an increased fraud risk and advised on the settlement.

"The case raised important questions about how much security banks and other financial institutions should be reasonably required to provide commercial customers," noted Wired. Jeremy Kirk at ComputerWorld.com wrote that the case is "a sign that small businesses are having greater success at shifting liability toward banks in online security meltdowns, including out-of-court settlements."

Don’t be the next Broadwell

Wed, 14 Nov 2012 18:15:00 +0000

Call it Paula Broadwell blowback. If there's anything we've learned from the tawdry mess that has suddenly overwhelmed our nation's highest military and intelligence agency leaders, it's that it's far too easy for the government to pry into our email. Long-standing privacy concerns have reawakened with a vengeance. Last night, a correspondent amusingly writing Salon under the pseudonym "Fox Mulder" beseeched us to publish "an in-depth story (or stories) on how citizens can regain their privacy from the National Security State." We're working on that, but in the meantime, here are some quick and dirty tips for how you can start locking down your online life.

Remember, there are always going to be trade-offs for increased security , the more you encrypt your data to make it impossible for snoops to access, the more inconvenient it will be to get at your own information yourself. So be forewarned -- you can find an astonishing plenitude of information on the Web about how to secure your information, but complete privacy is never going to be hassle-free.

1) Your smartphone

Skype hands over information on teen Wikileaks fan

Mon, 12 Nov 2012 21:55:00 +0000

Skype, the Microsoft-owned online calls site, has shown scant regard for protecting user privacy. According to Russia Today, the company handed over sensitive account data pertaining to a teenage WikiLeaks fan from Holland to a Texas-based private cyber-intelligence firm, iSIGHT Partners.

A 16-year-old Dutch teenager's user information was released to iSight without even so much as a warrant. RT reported:

The youngster was suspected of being involved in Operation Payback, an Anonymous-endorsed initiative that targeted the servers of PayPal, Visa, Mastercard and others after those companies blocked WikiLeaks from receiving online payment backs in December 2010. When hacktivists responded to the blockade by overflowing the servers of those sites with distributed denial-of-service (DDoS) attacks, PayPal asked Dallas, Texas’ iSIGHT Partners Inc., a self-described“global cyber intelligence firm,” to investigate.

FBI warns of malware targeting Androids

Tue, 16 Oct 2012 21:38:00 +0000

The FBI is warning Android phone users about a new type of malware (short for "malicious software") that targets the devices' operating systems. According to Mashable Tech, "The malware lures victims in different ways. One advertises itself as a 'work at home' opportunity that promises a lucrative payday just for sending out email; an attached link then leads to a website that spreads Loozon [the malware] to its target."

According to a release from the Internet Crime Complaint Center (IC3) -- a partnership between the FBI and the Nation White Collar Crime Center -- the malware steals contact details from the user's address book and phone number. Another malicious application noted by IC3, "FinFisher," works to remotely control and monitor an infected device.

However, ZDNet's Stephen Vaughan-Nichols has been swift to decry FBI warnings as "badly written," noting that the malware has little to do with a problem in Android security, but relies on user mistakes:

Cheaper DNA sequencing brings privacy risks

Thu, 11 Oct 2012 20:53:00 +0000

The Presidential Commission on Bioethics warned Thursday that the rise of affordable DNA sequencing could jeopardize patient privacy. The Hill reported that the commission released a new report embracing the "promise" of whole-genome sequencing, but warning about the importance of government oversight:

Commission Chairwoman Amy Gutmann described day-to-day situations in which an individual's "most personal data" could be exploited without their knowledge. "In many states in the U.S., someone could legally pick up your discarded coffee cup and send a sample of your saliva out for sequencing to see if you show a predisposition for certain diseases," Gutmann said in a statement.

The commission's report called the potential consequences of covert testing "profound." "This information might then be misused, for example, by a contentious spouse as evidence of unfitness to parent in a custody case," the report stated. "Or, the information might be publicized by a malicious stranger or acquaintance without the individual's knowledge."

Only about half of U.S. states protect residents from covert testing, according to the commission.

The panel noted that while genome sequencing is currently very expensive, prices are dropping rapidly. With this in mind, the report recommended preemptive federal and state action to put security and privacy standards in place.