Bruce Scheier @ his "Schneier on Security" Blog:
This article, on the cozy relationship between the commercial personal-data industry and the intelligence industry, has new information on the security of Skype.
'Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies.
Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project. The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011.
A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. ....'
Continued : http://www.schneier.com/blog/archives/2013/06/new_details_on.html
Also:
Skype 'Explored Making Government Snooping Easier'
Report: Skype set up Project Chess to enable official snooping
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Alert
NEWS - June 21, 2013
As his defense attorney expected, a Swedish court has found Gottfrid "anakata" Svartholm Warg guilty of "invasion of Nordea's mainframe," aggravated fraud, and attempted aggravated fraud. He was sentenced (Swedish) to two years in prison.
The Pirate Bay cofounder will also likely have to face related charges in a high-profile hacking case in neighboring Denmark, but the Swedish and Danish legal systems have not yet determined if or when he will be extradited.
"I think he will be [extradited]. It's a matter of time," Ola Salomonsson, Svartholm Warg's defense attorney, told Ars, adding that his client had not decided whether to appeal the decision. "He just wants to read this sentence and consider everything. He could actually have a longer time in prison: the prosecutor asked for four years and he was sentenced to two years. You never know, an appeal could give him another year or so. Maybe that has an impact on Svartholm Warg. I don't know yet."
Continued : http://arstechnica.com/tech-policy/2013/06/pirate-bay-cofounder-gets-two-years-in-prison-for-it-firm-hack/
Also:
Pirate Bay co-founder sentenced for hacking Swedish companies
Pirate Bay founder Warg jailed for two years for hacking and fraud
Pirate Bay founder gets two years in prison for Swedish hacking
Discussion is locked
11 Posts
- Collapse
- Collapse -
- Collapse -
The privacy officials of six countries and the European Commission have a host of questions about Google Glass, wouldn't mind getting their hands on the devices, and are wondering why, exactly, Google hasn't rung most of them up to hash out the privacy issues.
In an open letter to Google CEO Larry Page, the privacy overseers mused about not being consulted regarding privacy in the internet-enabled head gear:
We understand that other companies are developing similar products, but you are a leader in this area, the first to test your product "in the wild" so to speak, and the first to confront the ethical issues that such a product entails. To date, however, most of the data protection authorities listed below have not been approached by your company to discuss any of these issues in detail.
The letter - signed by 36 worldwide privacy officials from Canada, Australia, New Zealand, Mexico, Switzerland and Israel, several Canadian provinces, and a representative from the EC's privacy-focused Article 29 Working Party - notes that Glass has been the subject of many articles that have "raised concerns about the obvious, and perhaps less obvious, privacy implications of a device that can be worn by an individual and used to film and record audio of other people."
Continued : http://nakedsecurity.sophos.com/2013/06/20/privacy-officials-from-six-nations-want-answers-about-google-glass/
Also:
Google Glass: Privacy officials from six nations ask Larry Page for more info
Six Nations Ask For More Privacy Info About Glass
- Collapse -
Two more top secret NSA documents that Edward Snowden shared with reporters of The Guardian have revealed that his claims about what the agency's analysts are authorized to do are true, and have shown that the extent of how much communication from and to U.S. nationals the agency can store is much broader that it was publicly known so far.
The two documents have shown that the NSA keeps "content repositories" holding records of devices associated with U.S. individuals, as well as records of their "electronic communications accounts / addresses / identifiers" that can serve to identify them as U.S. citizens and exempt then from future surveillance.
They also show that despite NSA analysts having been instructed to use "reasonable judgment" when trying to determine if the collected communication is tied to U.S. or non-U.S. persons, they are given a considerable leeway for mistakes.
Continued : http://www.net-security.org/secworld.php?id=15117
Also: Lawmakers introduce new bill to compel gov't to declassify secret court opinions
- Collapse -
Wells Fargo clients are again targeted by data-stealing malware through a well-crafted spam campaign. The Trojan known as Fareit comes packed with a password-stealing component that allows malware writers to gather sensitive details from users' devices, including Facebook and email credentials.
According to Bitdefender data, the systems most infected with this family of Trojans are located in the US, home to Wells Fargo. In the last week, the same type of Trojan has been making rounds in France, Croatia, Italy, Australia, Belgium, Spain, Romania, Egypt, and the United Arab Emirates.
Fareit is a multiple-component malware family that consists of a password-stealing component that grabs sensitive information from the victim's computer and sends it to a remote machine. The malware family also contains a DDoS component that may be controlled to flood other servers in collective attacks. Once installed, the malware also downloads and executes Zbot or Zeus, one of the most notorious and widespread Trojans so far
Continued : http://www.hotforsecurity.com/blog/wells-fargo-clients-targeted-by-fareit-malware-sensitive-info-exposed-6449.html
- Collapse -
Researchers at FireEye have spotted a malware campaign using Google Docs to redirect victims and evade callback detection mechanisms.
Connecting the malicious server via Google Docs, offers the malicious communication the protection provided by the legitimate SSL offered by Google, explained FireEye researcher Chong Rong Hwa.
"One possible way to examine the SSL traffic is to make use of a hardware SSL decrypter within an organization," the researcher noted. "Alternatively, you may want to examine the usage pattern of the users. Suppose a particular user accesses Google Docs multiple times a day, the organization's Incident Response team may want to dig deeper to find out if the traffic is triggered by a human or by malware."
According to FireEye, the campaign uses on spear-phishing attacks targeting countries such as Laos, Singapore and Cambodia.
The document used in this attack exploits CVE-2012-0158, and creates a decoy document and a malware dropper named exp1ore.exe, blogged Chong Rong Hwa, a researcher at FireEye. This dropper will then drop wab.exe and wab32res.dll inside the temp folder. By running wab.exe, the malicious DLL will be loaded.
Continued : http://www.securityweek.com/google-docs-abused-protect-malicious-traffic
- Collapse -
Chris Boyd @ the ThreatTrack Security Lab blog:
A slick looking fake Tumblr staff blog lifting the design of the real thing, which takes advantage of Yahoo's recent acquisition of Tumblr to fool users complete with a posting from Fake David Karp?
Go on then, release the Ask box spam: [Screenshot]
The URL in question is a Whois protected site created on the 19th June 2013 called tumblernews.com (note the misspelling of "Tumblr"), which wraps content hosted at another domain in a frame. The other domain appears to be a cosmetics / skin care site of some description, and also plays host to a fake news page advertising weight loss so it's possible they've been hacked in order to host the rogue content. [Screenshot]
"Thanks to Yahoo!'s recent acquisition, we are opening the giveaway floodgates.
What does this mean for you? It means we're giving back to the community.
Click here to receive your Free $250 Olive Garden Giftcard ....... "
Continued: http://www.threattracksecurity.com/it-blog/scammers-claim-yahoos-acquisition-of-tumblr-opens-giveaway-floodgates/
- Collapse -
LinkedIn, the professional networking site which had been reported as hacked or hijacked yesterday, was in fact the victim of human error at the company's DNS provider, Network Solutions, an error which appears to have affected up to 5,000 domains in all. Network Solutions has said in a blog posting that while trying to resolve a DDoS (Distributed Denial of Service) attack, it accidentally changed the DNS records of a "small number" of customers.
According to Cisco security researcher, Jaeson Schultz, the 'hijacking' involved the domain's name servers being replaced with name servers at ztomy.com and nearly 5,000 domains may have been affected by the change, including usps.com. Others affected included Fidelity and Yelp. Curiously, several of the domains pointed not at ztomy.com itself but to various sub-domains such as ns1620.ztomy.com, ns2620.ztomy.com, ns1621.ztomy.com, ns2621.ztomy.com and so on. "The fact that so many domains were displaced in such a highly visible way supports Network Solutions' claim that this was indeed a configuration error", says Schultz
Continued : http://www.h-online.com/security/news/item/DNS-provider-s-error-caused-LinkedIn-hack-and-affected-5-000-more-1894413.html
Also: The LinkedIn hack that wasn't
Related to: LinkedIn Suffers Outage Due to DNS Issue
- Collapse -
From the Symantec Security Response Blog:
FakeAV software is a type of scam using malware that intentionally misrepresents the security status of a computer and attempts to convince the user to purchase a full version of the software in order to remediate non-existing infections. Messages continue to pop up on the desktop until the payment is made or until the malware is removed. This type of fraud, which typically targets computers, began several years ago and has now become a household name. The scam has evolved over time and we are now seeing FakeAV threats making their way onto Android devices.
One interesting variant we have come across, detected by Symantec as Android.Fakedefender, locks up the device just like Ransomware. Ransomware is another well-known type of malware that takes a computer hostage, by denying the user access to their files for example, until a payment/ransom is handed over. [Screenshot: FakeAV Android app]
Once the malicious app has been installed, user experience varies as the app has compatibility issues with various devices. However, many users will not have the capability to uninstall the malicious app as the malware will attempt to prevent other apps from being launched. The threat will also change the settings of the operating system.
Continued (with video) here: http://www.symantec.com/connect/blogs/fakeav-holds-android-phones-ransom
- Collapse -
Customers of Argos, the popular UK retailer, are warned about a fake Facebook page that scammers use to harvest Facebook "Likes."
According to Hoax Slayer, the bogus Argos page instructs users to "Like" and share the scam, promising them HD TVs.
Of course, no one gets to see any of the promised prizes. Instead, the scammers can make a hefty profit if they trick a large number of users into liking their Facebook page.
That's because they can later sell the page on the black market to other fraudsters who can use it to advertise their shady services and products, or simply to distribute other scams.
Argos is aware of the bogus Facebook page.
Continued : http://news.softpedia.com/news/Fake-Argos-Facebook-Page-Promises-HD-TV-s-in-Exchange-for-Likes-362584.shtml
- Collapse -
Even after all these years, search giant Google must really, really regret having accidentally grabbed private data with its Street View. The data was collected from cafes and other open Wi-Fi networks. Google has apologized, repeatedly, but governments are still talking about it.
The Wi-Fi "spying" scandal seems to be one that won't end. It feels almost ironic this month in the wake of the National Security Agency leaks revealing that all Americans' truly private data is actually being collected and used. What Google collected was from public networks and could have been grabbed by a criminal or any hacker using simple software like Firesheep. And there's no evidence the search giant ever used it for anything or shared it with anyone.
A Federal Trade Commission investigation into Google's conduct ended without any action, but state attorneys general in the US and European governments kept going after Google. The UK had closed its investigation, but it re-opened it last year after Google admitted that it found additional discs of data it didn't delete the first time around.
Continued : http://arstechnica.com/tech-policy/2013/06/google-has-35-days-to-delete-private-street-view-data-or-else/
Also:
U.K. regulator gives Google 35 days to scrap its remaining Street View data
Google must delete last of UK Street View data
Google ordered to delete data collected by Street View cars
- Collapse -
To end the week on a lighter note...........
Compliments of Bruce Schneirer:
A fine piece: "A Love Letter to the NSA Agent who is Monitoring my Online Activity."
A similar sentiment is expressed in this video
http://www.schneier.com/blog/archives/2013/06/love_letter_to.html
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic