Temp for infosec workshop
On networks that don’t hide your IP or hostname automatically on connect, your IP is exposed for everyone to see and possibly abuse. Also there are many reasons you might not want to show everyone from what point of the world you are connecting from and/or want to add a little more anonymonity to your online activities. You can do so by connecting to IRC via TOR – dubbed “The Onion Router” – how exactly that works and is set up is shown in a small tutorial video we’ve put online. HowTo: IRC anonymously with TOR | IRC-Junkie.org - IRC News
Skype and Microsoft have managed to leapfrog common sense and build a backdoor into your favourite VOIP application . It is called Lawful Interception and is part of a new patent which Microsoft filed back in 2009, but is now preparing to unleash itself into our world due to its recent approval. Lawful Interception means that government agencies can, without your permission, begin tracking your Skype conversations. Calls can be covertly recorded and used against you in any circumstance. It is legal, it is frightening and it is coming to a voice over IP application near you. I understand where Microsoft is coming from. Microsoft and Skype set to allow backdoor eavesdropping
February 28, 2012 — CSO — Social engineering attacks security at its weakest link: People. Preying on employees' best intentions, social engineers gain unauthorized access to systems and information. So how do you secure people against these tactics? Storytelling, education, processes, and other methods all come into play. CSO's Ultimate Guide to Social Engineering
US shuts down Canadian gambling site with Verisign's help The Department of Homeland Security has seized a domain name registered outside of the US, by individuals who are not American citizens, and who registered with a Canadian registrar. What is unique about this case is that the American authorities did not get the domain's registrar - a Canadian company - to pull the domain. Instead they went to Verisign, which operates the entirety of .com, and had them pull the glue records, the warrant states .
Anonymous Cowards, Deanonymized
By Peter Eckersley, Seth Schoen, Kevin Bankston, and Derek Slater. Google, MSN Search, Yahoo!, AOL, and most other search engines collect and store records of your search queries. If these records are revealed to others, they can be embarrassing or even cause great harm. Would you want strangers to see searches that reference your online reading habits, medical history, finances, sexual orientation, or political affiliation?
Review By Eric Geier February 21, 2012 06:00 AM ET Computerworld - There's been much controversy over mobile OS security, especially where Android is concerned . With 47% of the smartphone market in Q4 of 2011, according to ABI Research, it's no wonder that Android is getting attention. 5 free Android security apps: Keep your smartphone safe
Security Tool HijackThis Goes Open Source
Secret GPS tracker terrifies Ontario man - Canada An Ontario man says he's angry and frightened after discovering someone hid a GPS tracking device under his vehicle, apparently to secretly monitor his movements. “I was doing just a regular inspection on my truck and I found this black box under my truck … with flashing lights inside,” Ben Ferrill of Warsaw, Ont., told Go Public. “I didn’t know what it was.
Why Deep Packet Inspection Is(n’t) Being Talked About With the on-going debate over net neutrality , privacy and the recent battles being fought over SOPA and ACTA , one technology lurks in the background. Its name is often treated as a curse by activists, spoken of dismissively but rarely in any detail, perhaps because the arguments over privacy, civil liberty and human rights provide a more dramatic, if less quantifiable, focal point for the debate. For others, technologists and broadband providers, it is seen as a much needed tool to maintain a functional internet as demand for bandwidth escalates and a necessary means to comply with legal obligations. So what exactly is Deep Packet Inspection and why is it treated with contempt by some and as the saviour from a growing apocalypse of data overload by others? Image courtesy of Kuiu
Is the Government Scaring Web Businesses Out of the US?
UK Student Jailed For Facebook Hack Despite 'Ethical Hacking' Defense
FOIA Request Shows Which Printer Companies Cooperated With US Government
Unauthorized iOS Apps Leak Private Data Less Than Approved Ones
Magid: Latest iPhone and Android app privacy violations deeply troubling The recent revelations that some iPhone and Android apps are uploading and storing users' phone address books without permission is very troubling.
Tor Operations Security 13 December 2011 Tor Operations Security Date: Tue, 13 Dec 2011 18:39:22 -0500 From: wakeupneo555[at]Safe-mail.net To: tor-talk[at]lists.torproject.org Subject: [tor-talk] Tor OPSEC - Operational Security - Great Resource of Information!
From OpenPCD OpenPICC 1 board Breaking into a Mifare Classic protected key vault that uses only anti collision as a security feature - no cryptography is used by that vault. Introduction This device is obsolete - please use OpenPICC SnifferOnly 13.56MHz instead for sniffing The OpenPICC project for Proximity Integrated Circuit Cards (PICC) is the counterpart to OpenPCD. OpenPICC RFID Emulator and Sniffer Project - OpenPCD
Make a Faraday Cage Wallet From Wired How-To Wiki You already have your tin foil hat, and you're pretty sure no one can find you on the Google. However, there's one detail you may not have thought of, and that's those pesky RFID chips.
HTTPS Everywhere is a Firefox and Chrome extension that encrypts your communications with many major websites, making your browsing more secure. Encrypt the web: Install HTTPS Everywhere today. HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation . Many sites on the web offer some limited support for encryption over HTTPS , but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.