background preloader

Secure Web

Facebook Twitter

Open Source NAC (Network Access Control)


SecureDataTransfer. SecureCloud. How Dropbox sacrifices user privacy for cost savings. Note: This flaw is different than the authentication flaw in Dropbox that Derek Newton recently published.

How Dropbox sacrifices user privacy for cost savings

Summary Dropbox, the popular cloud based backup service deduplicates the files that its users have stored online. This means that if two different users store the same file in their respective accounts, Dropbox will only actually store a single copy of the file on its servers. The service tells users that it "uses the same secure methods as banks and the military to send and store your data" and that "[a]ll files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password. " However, the company does in fact have access to the unencrypted data (if it didn't, it wouldn't be able to detect duplicate data across different accounts). Smartphone Forensics: Cracking BlackBerry Backup Passwords « Advanced Password Cracking – Insight. BlackBerry dominates the North American smartphone market, enjoying almost 40 per cent market share.

Smartphone Forensics: Cracking BlackBerry Backup Passwords « Advanced Password Cracking – Insight

A 20 per cent worldwide market share isn’t exactly a bad thing, too. The total subscriber base for the BlackBerry platform is more than 50 million users. Today, we are proud to present world’s first tool to facilitate forensic analysis of BlackBerry devices by enabling access to protected data stored on users’ BlackBerries. One of the reasons of BlackBerry high popularity is its ultimate security. It was the only commercial mobile communication device that was ever allowed to a US president: Barack Obama has won the privilege to keep his prized BlackBerry despite resistance from NSA. TechDirt. Facebook Places: Your Friends Are Here, But What About Your Privacy? Open Source Center - Login. Dark Web Terrorism Research : Research : Artificial Intelligence Laboratory : Eller College of Management : The University of Arizona. The Dark Web Project and Forum Portal As part of its Dark Web project, the Artificial Intelligence Lab has for several years collected international jihadist forums.

Dark Web Terrorism Research : Research : Artificial Intelligence Laboratory : Eller College of Management : The University of Arizona

These online discussion sites are dedicated to topics relating primarily to Islamic ideology and theology. The Lab now provides search access to these forums through its Dark Web Forum Portal, and in its beta form, the portal provides access to 28 forums, which together comprise nearly 13,000,000 messages. The Portal also provides statistical analysis, download, translation and social network visualization functions for each selected forum.

Searching the Searchers with SearchAudit. Searching the Searchers with SearchAudit John P.

Searching the Searchers with SearchAudit

John, Fang Yu, Yinglian Xie, Martin Abadi, and Arvind Krishnamurthy August 2010 Search engines not only assist normal users, but also provide information that hackers and other malicious entities can exploit in their nefarious activities. With carefully crafted search queries, attackers can gather information such as email addresses and misconfigured or even vulnerable servers. We present SearchAudit, a framework that identifies malicious queries from massive search engine logs in order to uncover their relationship with potential attacks. Seed, expands the set using search logs, and generates regular expressions for detecting new malicious queries. Queries as seed, SearchAudit discovers an additional 4 million distinct malicious queries and thousands of vulnerable Web sites. Live Messenger user credentials. Deep packet inspection. Top Secret America.

Google Agonizes on Privacy as Advertising World Vaults Ahead. Updated Aug. 10, 2010 12:01 a.m.

Google Agonizes on Privacy as Advertising World Vaults Ahead

ET (Please see Corrections & Amplifications item below) A confidential, seven-page Google Inc. GOOG +0.62% Google Inc. Cl C U.S.: Nasdaq $589.72 +3.64 +0.62% Sept. 8, 2014 4:00 pm Volume (Delayed 15m) : 1.41M AFTER HOURS $590.00 +0.28 +0.05% Sept. 8, 2014 7:21 pm Volume (Delayed 15m) : 16,150 P/E Ratio N/A Market Cap $400.38 Billion Dividend Yield N/A Rev. per Employee $1,321,030 08/26/14 Google Acquires Video and Spec... 08/07/14 Is Your Neighborhood Gentrifyi... 08/01/14 East Coast Google Barge Headed... Your Value Your Change Short position "vision statement" shows the information-age giant in a deep round of soul-searching over a basic question: How far should it go in profiting from its crown jewels—the vast trove of data it possesses about people's activities? What They Know.

Put your pants back on: Chatroulette logging IP addresses, screengrabbing users. Pantsless videocreeps (and anyone who puts a premium on privacy), beware: Chatroulette founder Andrey Ternovskiy recently announced on the official Chatroulette company blog that they've been logging data about users: Recently I decided to seriously look into issue again, and I've had a breakthrough.

Put your pants back on: Chatroulette logging IP addresses, screengrabbing users

Luckily we all live in a real world, and we can easily apply the laws of a real world even on an internet application. With the help of a few good developers we've started collecting information, such as IP addresses, logs and screen captures of offenders who actually break US/UN laws by broadcasting inappropriate content in a specific situations. We've captured and saved thousands of IP addresses of alleged offenders, along with logs and screenshots which prove wrong behavior. We are initiating a conversation with enforcement agencies and we are willing to provide all the information we have. Panopticlick. Report Phishing Sites. US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams.

Report Phishing Sites

You can report phishing to us by sending email to What Is Phishing? Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate.

Learn More About Phishing The following documents and websites can help you learn more about phishing and how to protect yourself against phishing attacks: Methods of Reporting Phishing Email to US-CERT In Outlook Express, you can create a new message and drag and drop the phishing email into the new message. Schneier on Security.