Tag Archives | Security
They’re all around us — the number of people being tracked as suspected terrorists will soon cross the one million mark, Reuters reports:
… Read the rest
The number of names on a highly classified U.S. central database used to track suspected terrorists has jumped to 875,000 from 540,000 only five years ago, a U.S. official said. Among those was Boston Marathon bomber Tamerlan Tsarnaev, whose name was added in 2011.
Maintained by the National Counterterrorism Center, the highly classified database is not a “watchlist,” but a repository of information on people whom U.S. authorities see as known, suspected or potential terrorists from around the world.
The “Terrorist Identities Datamart Environment” is a master database which agencies use to build other catalogs of possible terrorists, like the “no-fly” list which prevents people on it from boarding airplanes.
Karen Greenberg, an expert in counter-terrorism policy at Fordham University, questioned whether the growth in the database’s size made it easier for officials to spot threats before they materialize.
Lifehacker has a rundown of recommendations for simple browser add-ons (such as Disconnect, Do Not Track Me, and the adorably-mascotted Ghostery) for keeping your online browsing and communications safe from tracking:
… Read the rest
Anti-tracking and anti-cookie extensions have exploded recently. Disconnect (Firefox/Chrome/IE/Safari) is our pick because it continues to add useful features and improve its database, and its secure Wi-Fi and bandwidth optimization features aren’t available in other tools. It blocks third party tracking cookies and gives you control over all site scripts and elements from a simple-to-use toolbar menu. It also protects you from tracking by social networks like Facebook, Google, and Twitter, which use your browsing even off-site to collect data about you.
HTTPS Everywhere (Firefox/Chrome) is a must-have regardless of what other security tools you opt to use. Once installed, the extension will shunt your connection to SSL whenever possible, and will try to find secure versions of the sites you visit.
In coming years, allowing a machine to momentarily observe your mental activity may be the key to open your email account or front door. Via Dark Reading:
… Read the rest
It sounds like something straight out of science fiction: brainwaves taking the place of passwords in the name of authentication. A new study by researchers from the U.C. Berkeley School of Information examined the brainwave signals of individuals performing specific actions to see whether they can be consistently matched to the right individual.
Participants were asked to imagine performing a repetitive motion from a sport of their choice, singing a song, watching a series of on-screen images and silently counting the objects, or choose their own thought and focus on it for 10 seconds.
To measure the subjects’ brainwaves, the team used the NeuroSky Mindset, a Bluetooth headset that records Electroencephalographic (EEG) activity. In the end, the team was able to match the brainwave signals with 99 percent accuracy.
On your next flight, you may want to look over your shoulder at what the person next to you is doing. Help Net Security reports:
… Read the rest
An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, galvanized the crowd attending the Hack In The Box Conference in Amsterdam. Teso showcased an Andorid app, PlaneSploit, that remotely controls airplanes on the move.
Teso has been working in IT for the last eleven years and has been a trained commercial pilot for a year longer than that. By creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes’ Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircraft.
His testing laboratory consists of a series of software and hardware products. But the connection and communication methods, as well as ways of exploitation, are absolutely the same as they would be in an actual real-world scenario.
Our key-less and password-less future will hinge on being identified via our fingerprints, irises, and vocal tones. The problem is, someone else may have a copy of your finger. Via the BBC:
A Brazilian doctor faces charges of fraud after being caught on camera using silicone fingers to sign in for work for absent colleagues, police say.
Thaune Nunes Ferreira, 29, was arrested on Sunday for using prosthetic fingers to fool the biometric employee attendance device used at the hospital where she works near Sao Paulo. She is accused of covering up the absence of six colleagues. Her lawyer says she was forced into the fraud as she faced losing her job.
Police said she had six silicone fingers with her at the time of her arrest, three of which have already been identified as bearing the fingerprints of co-workers.
Via the MIT Technology Review, Tom Simonite writes:
… Read the rest
A freshly discovered weakness in a popular piece of software, known in the trade as a “zero-day” vulnerability, can be cashed in for prices in the hundreds of thousands of dollars from defense contractors, security agencies and governments. This trade in zero-day exploits is poorly documented, but it is perhaps the most visible part of a new industry that in the years to come is likely to swallow growing portions of the U.S. national defense budget.
It became clear that this type of assault would define a new era in warfare in 2010, when security researchers discovered a piece of malicious software known as Stuxnet. Now [known] to have been a project of U.S. and Israeli intelligence, Stuxnet was carefully designed to infect multiple systems needed to access and control industrial equipment used in Iran’s nuclear program.
No U.S. government agency has gone on the record as saying that it buys zero-days.
An Amazon spokeswoman in Germany, Ulrike Stoecker, said Monday the online retailer has ended its relationship with Hensel European Security Services “with immediate effect.”
A documentary shown on ARD public television last week showed staff of the security company – whose initials spell out the name of Adolf Hitler’s deputy Hess – wearing clothes linked to Germany’s neo-Nazi scene. It interviewed people claiming they were mistreated by the staff.
Stoecker told The Associated Press that Amazon has a “zero tolerance limit for discrimination and intimidation and expects the same of other companies it works with.”
The idea is to “democratize encryption” by making it available to the non-tech-savvy with the push of a button. Will this be used for good or evil? Slate‘s Ryan Gallagher explains:
… Read the rest
The startup tech firm Silent Circle’s groundbreaking encrypted data transfer app will enable people to send files securely from a smartphone or tablet at the touch of a button—photographs, videos, spreadsheets, you name it—sent scrambled from one person to another in a matter of seconds.
The technology uses a sophisticated peer-to-peer encryption technique that allows users to send encrypted files of up to 60 megabytes through a “Silent Text” app. The sender of the file can set it on a timer so that it will automatically “burn”—deleting it from both devices after a set period of, say, seven minutes. It’s a game-changer that will almost certainly make life easier and safer for journalists, dissidents, diplomats, and companies trying to evade surveillance.
The machines are being removed, but the disturbing grayscale images of travelers’ bloated bodies will continue to haunt our nightmares. Via Boomberg:
The U.S. Transportation Security Administration will remove airport body scanners that privacy advocates likened to strip searches after OSI Systems Inc. (OSIS) couldn’t write software to make passenger images less revealing.
TSA will end a $5 million contract with OSI’s Rapiscan unit. The agency removed 76 of the machines from busier U.S. airports last year. It will now get rid of the remaining 174 Rapiscan machines, with the company absorbing the cost.
Airline passengers were offended by the revealing images, including those of children and the elderly. The Washington- based Electronic Privacy Information Center sued the agency in July 2010, claiming the scanners violated privacy laws and has called use of the machines equivalent to a “physically invasive strip search.”