#OpTrapWire, Anonymous against surveillance systems In this days I have written several times regarding surveillance systems and the huge business around it. Private companies, government agencies and cyber units are all working to develop new tools to spy on wide audience. This tools are really attractive for those governments that desire to monitor and pursue dissident, in many cases these application arming the hands of the Executioner. A spyware is a tool and it could be used for good purposes as bad ones, we cannot demonize them, however, we must remain outraged when the companies in the name of money violate all kinds of rules to make profit at the expense of the human rights. It’s normal at this point that the voice of Anonymous thunder in defense of these rights by bringing the light of the sun a problem that is often shelved for obvious reasons, to talk about certain issues is inconvenient and detrimental to the interests of many. Which are the revelation made by Wikileaks? “God Bless America. The web site RT.com published
Ludlam's TrapWire questions go unanswered The Australian Senate has voted against answering questions about the video-surveillance system known as TrapWire. Greens Senator Scott Ludlam asked the Senate today to question the government on whether TrapWire is being used locally. His motion was denied, however, without calling for a division of the assembly. Following the vote, Ludlam addressed the Senate, expressing his bafflement over why the motion was denied. "It simply asks — yes or no — whether these systems are deployed anywhere in Australia. "I would have thought that was a fairly straightforward request." The issue does not appear to be over, however, with Ludlam reinviting the government to address the chamber on the issue "so that we don't have to use other mechanisms". These include seeking answers from the Attorney-General, Defence minister and Home Affairs minister. "The Government could have done this the easy way. "All we want to know is whether the system operates here.
Body scanners set for November roll-out Body scanning equipment will be rolled out to all Australian international airports from November, despite lingering concerns about their effectiveness. The security machines, costing AU$230,000 each, produce a generic outline of the human body and reveal metal and non-metal items under clothing, unlike the unpopular and controversial scanners in the US, which can show intimate body features. They have already been trialled in Melbourne and Sydney. The scanners were originally to have been put into place by July, however, laws to allow the scanners were only passed by the Federal Parliament today. In the US, US Marshals from a court house saved 35,000 images on their scanner. Albanese also assured passengers that the level of radiation put out by the scanners is low. "The millimetre-wave body scanners are perfectly safe, and one body scan emits 10,000 times less frequency energy than a single mobile phone call," he said in a statement. "This Bill could be giving a false sense of security."
Help us crack Gauss' encryption: Kaspersky Labs Kaspersky Lab is appealing to the public to help crack a code embedded in a piece of malware it believes is nation-state sponsored. Called Gauss, it is the latest in a string of malware that has possible links to Flame, Duqu and Stuxnet. Kaspersky researchers, so far, believe it is an espionage toolkit, designed to steal browser passwords, banking details and other credentials, but what it is meant to do on the intended target's computer is hidden within encrypted code. According to Kaspersky researchers, in order for the malware to deliver its payload to the intended victim only, the malware looks at certain aspects of the target's system configuration, including certain file or folder names present on the system. Researchers have already attempted to use millions of combinations of known folder names, but to no success. The company has now released sections of encrypted data, and is appealing for anyone who might be able to break the codes to contact Kaspersky Lab.
Another sad example of why IT, not government, is ultimately responsible for cybersecurity My brain sometimes makes strange connections. For example, when I learned that Republican senators are blaming Democratic senators for blaming Republican senators for not passing a cybersecurity bill, I somehow thought of Huey Lewis' 1984 hit, "I Want a New Drug". The song seems weirdly appropriate in a few different ways. First, of course, "I Want a New Drug" was a hit back in 1984, the year of George Orwell's anachronistic but moderately prophetic tome on nationalism, repression, censorship, and the surveillance society. It's important to be thinking about issues of liberty and privacy when thinking about a new, comprehensive cybersecurity bill. But, secondly, the song "I Want a New Drug" is, essentially, a laundry-list of specifications. Our cybersecurity bills are also laundry lists -- and we also have a laundry list of bills. One grants the government better access to shared information. Now, think about it. They're IT professionals.
Adobe patches critical Flash, Reader and Acrobat vulnerabilities Adobe has patched critical vulnerabilities in its Flash Player, Reader and Acrobat software products that let attackers take control of Windows systems and execute malicious code. Adobe published security updates for the critical vulnerabilities on Tuesday. The most severe vulnerability, CVE-2012-1535, affects Adobe Flash Player 11.3.300.270 for Windows, Macintosh and Linux, and its earlier versions. It allows attackers to remotely control a computer and is being exploited in the wild in "limited targeted attacks", Adobe said in a security advisory. The vulnerability is being distributed via malicious Microsoft Word documents and targets the ActiveX version of Flash Player for Internet Explorer on Windows systems. Adobe did not specify which version(s) of IE the exploit affects. Along with this, Adobe issued a critical security update for its Reader and Acrobat software to fix a set of vulnerabilities that could let attackers execute malicious code.
Android's Flash Player is dead - live with it And lo, it has come to pass. Today's the day that Adobe delists Flash Player from the Google Play store. If it's not already on your Android phone or tablet, you now won't be able to get it on there in an officially-sanctioned way. If it's already on there, breathe easy, you can continue to get updates — unless you're on Android 'Jelly Bean' 4.1. According to Adobe, if Flash is not already installed, the device is probably not certified for Flash (here's a list of devices that are certified) and is therefore increasingly unlikely to run Flash content properly. Except, of course, users can still install Flash Player by other means, as I have done. I actually have two Jelly Bean devices: a Nexus S smartphone that got the upgrade a few weeks ago (gradually slowing it down over time, although that's fodder for a different article), and my nice shiny Nexus 7 tablet, which came with Jelly Bean. Here be monsters Now, as I said, don't do this. In other words, let Flash Player go. Blame game
Microsoft fixes five critical security flaws on Patch Tuesday Microsoft has released a bevy of software updates to its most popular products in order to protect against the nasties that float around on the Web. All in all, 26 vulnerabilities will be patched with Microsoft's latest update. Five are rated critical meaning they should be applied immediately. The Redmond, WA. The most important above all is MS12-060 which patches a flaw in Windows Common Control, allowing in hackers from malware-laced Rich Text Format (RTF) documents and Office documents, including through malicious websites. Three of the patches in total fix flaws that would allow attackers to exploit machines through "specially crafted" webpages. "The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability," Microsoft noted. Kaspersky Labs' Threatpost says this is flaw is being actively exploited. Put on a fresh pot of coffee and get patching.
Security mindset must change with cloud SINGAPORE--Companies need to move away from the mentality of having complete control over their IT infrastructure and securing different IT stacks in a piecemeal manner when they make the move toward cloud computing, industry executives urge. Jim Reavis, co-founder and executive director of Cloud Security Alliance (CSA), said traditional IT security practices have always been black and white in that tech departments know they have complete control over the company's hardware and infrastructure. In knowing this, they can develop their own security regime or outsource it to a third-party provider completely, Reavis added during the CloudSec 2012 conference held here on Wednesday. With cloud computing though, IT security has become more "grey" as traditional practices no longer apply. Companies and their IT teams will not know which part of the infrastructure they have control over and will have to work with service providers to ensure their systems are safe, he noted.