Open Source NAC (Network Access Control)
How Dropbox sacrifices user privacy for cost savings Note: This flaw is different than the authentication flaw in Dropbox that Derek Newton recently published. Summary Dropbox, the popular cloud based backup service deduplicates the files that its users have stored online. This means that if two different users store the same file in their respective accounts, Dropbox will only actually store a single copy of the file on its servers. The service tells users that it "uses the same secure methods as banks and the military to send and store your data" and that "[a]ll files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password."
BlackBerry dominates the North American smartphone market, enjoying almost 40 per cent market share. A 20 per cent worldwide market share isn’t exactly a bad thing, too. The total subscriber base for the BlackBerry platform is more than 50 million users. Today, we are proud to present world’s first tool to facilitate forensic analysis of BlackBerry devices by enabling access to protected data stored on users’ BlackBerries. One of the reasons of BlackBerry high popularity is its ultimate security. It was the only commercial mobile communication device that was ever allowed to a US president: Barack Obama has won the privilege to keep his prized BlackBerry despite resistance from NSA. Smartphone Forensics: Cracking BlackBerry Backup Passwords « Advanced Password Cracking – Insight
The problem with defending free speech is that you have to defend those whose words verge on indefensible in order to protect the speech you do like. Making this task considerably more unpalatable is the possibility that the person you're defending verges on indefensible as well, prone to aggravating the situation and undermining his or her defenders at every turn. But the battle must be fought because being a combative jerk still isn't a crime… nor do we want it to be. TechDirt
Facebook Places: Your Friends Are Here, But What About Your Privacy? | ACLUNC dotRights
Open Source Center - Login
The Dark Web Project and Forum Portal As part of its Dark Web project, the Artificial Intelligence Lab has for several years collected international jihadist forums. These online discussion sites are dedicated to topics relating primarily to Islamic ideology and theology. The Lab now provides search access to these forums through its Dark Web Forum Portal, and in its beta form, the portal provides access to 28 forums, which together comprise nearly 13,000,000 messages. The Portal also provides statistical analysis, download, translation and social network visualization functions for each selected forum. Here are some important links for the Dark Web project and Portal: Dark Web Terrorism Research : Research : Artificial Intelligence Laboratory : Eller College of Management : The University of Arizona
Searching the Searchers with SearchAudit Searching the Searchers with SearchAudit John P. John, Fang Yu, Yinglian Xie, Martin Abadi, and Arvind Krishnamurthy August 2010 Search engines not only assist normal users, but also provide information that hackers and other malicious entities can exploit in their nefarious activities. With carefully crafted search queries, attackers can gather information such as email addresses and misconfigured or even vulnerable servers.
Deep packet inspection Bij deep packet inspection (DPI) wordt elektronisch dataverkeer tussen zender en ontvanger inhoudelijk geanalyseerd. Dit gaat verder dan de inspectie van afzender- en ontvangeradres zoals routers dat voor het verder leiden van de gegevens noodzakelijkerwijs moeten doen. Het internet functioneert doordat gegevens in gestandaardiseerde brokstukken worden verdeeld, verpakt en verstuurd.
Top Secret America
Updated Aug. 10, 2010 12:01 a.m. ET (Please see Corrections & Amplifications item below) Google Agonizes on Privacy as Advertising World Vaults Ahead
What They Know
Put your pants back on: Chatroulette logging IP addresses, screengrabbing users Pantsless videocreeps (and anyone who puts a premium on privacy), beware: Chatroulette founder Andrey Ternovskiy recently announced on the official Chatroulette company blog that they've been logging data about users: Recently I decided to seriously look into issue again, and I've had a breakthrough. Luckily we all live in a real world, and we can easily apply the laws of a real world even on an internet application.
Panopticlick Is your browser configuration rare or unique? If so, web sites may be able to track you, even if you limit or disable cookies. Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web. Only anonymous data will be collected by this site.
Report Phishing Sites US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams. You can report phishing to us by sending email to firstname.lastname@example.org. What Is Phishing? Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate.
A blog covering security and security technology. HEADWATER: NSA Exploit of the Day Today's implant from the NSA's Tailored Access Operations (TAO) group implant catalog: HEADWATER (TS//SI//REL) HEADWATER is a Persistent Backdoor (PDB) software implant for selected Huawei routers. The implant will enable covert functions to be remotely executed within the router via an Internet connection. (TS//SI//REL) HEADWATER PBD implant will be transferred remotely over the Internet to the selected target router by Remote Operations Center (ROC) personnel. Schneier on Security