The NSA Uses Powerful Toolbox in Effort to Spy on Global Networks. In January 2010, numerous homeowners in San Antonio, Texas, stood baffled in front of their closed garage doors.
They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded. No matter how many times they pressed the buttons, the doors didn't budge. The problem primarily affected residents in the western part of the city, around Military Drive and the interstate highway known as Loop 410. In the United States, a country of cars and commuters, the mysterious garage door problem quickly became an issue for local politicians. Ultimately, the municipal government solved the riddle. It was thanks to the garage door opener episode that Texans learned just how far the NSA's work had encroached upon their daily lives. On-Call Digital Plumbers According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies.
Hacker News. Google Online Security Blog: Announcing the first SHA1 collision. Posted by Marc Stevens (CWI Amsterdam), Elie Bursztein (Google), Pierre Karpman (CWI Amsterdam), Ange Albertini (Google), Yarik Markov (Google), Alex Petit Bianco (Google), Clement Baisse (Google) Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife.
You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash functions compress large amounts of data into a small message digest. How is NSA breaking so much crypto? 1401 08 12 mickens. More Than 1 Million Google Accounts Breached by Gooligan. As a result of a lot of hard work done by our security research teams, we revealed today a new and alarming malware campaign.
The attack campaign, named Gooligan, breached the security of over one million Google accounts. The number continues to rise at an additional 13,000 breached devices each day. Our research exposes how the malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more. Gooligan is a new variant of the Android malware campaign found by our researchers in the SnapPea app last year.
Check Point reached out to the Google Security team immediately with information on this campaign. Sans titre. Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response. Google. Uber. That’s It. I’ve Had Enough! IoT Goes Nuclear - Creating a ZigBee Chain Reaction. GitHub - manwhoami/MMeTokenDecrypt: Decrypts and extracts iCloud and MMe authorization tokens on Apple macOS / OS X. No user authentication needed, no dependencies. Why I won't recommend Signal anymore - Sander Venema.
One of the things I do is cryptography and infosec training for investigative journalists who have a need to keep either their sources and communications confidential so they can more safely do their work in the public interest.
Often they work in places which are heavily surveilled, like Europe, or the United States. Ed Snowden’s documents explain a thing or two about how the US intelligence apparatus goes about its day-to-day business. They sometimes also work in places in the world where rubber hose cryptanalysis is more common than in say the U.S. or Europe. Which is why crypto tools alone are not the Alpha and the Omega of (personal) security. This requires careful consideration of what to use when, and in what situation. To be clear: the reason for this is not security. What is Signal? Signal is an app published by OpenWhisperSystems, a company run by Moxie Marlinspike. Multiple problems with Signal There are however, multiple issues with Signal, namely: Stealth Cell Tower. Rogue Cellular Infrastructure Disguised as Office Printer Stealth Cell Tower is an antagonistic GSM base station in the form of an innocuous office printer.
It brings the covert design practice of disguising cellular infrastructure as other things - like trees and lamp-posts - indoors, while mimicking technology used by police and intelligence agencies to surveil mobile phone users. Masquerading as a regular cellular service provider, Stealth Cell Tower surreptitiously catches phones and sends them SMSs written to appear they are from someone that knows the recipient.
Exploratorium. GOST cryptography: English. A single byte write opened a root execution exploit. Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras. Over the last few weeks we've seen DDoS attacks hitting our systems that show that attackers have switched to new, large methods of bringing down web applications.
They appear to come from the Mirai botnet (and relations) which were responsible for the large attacks against Brian Krebs. Our automatic DDoS mitigation systems have been handling these attacks, but we thought it would be interesting to publish some of the details of what we are seeing. In this article we'll share data on two attacks, which are perfect examples of the new trends in DDoS. Sans titre. Strange Loop - IP Spoofing — Idea of the day. 20 September 2016 I recently gave a talk at the Strange Loop conference in St Louis.
The recording and slides are available, but for easier consumption here's a transcript. Good morning!