Apr. 18th, 2014

thewayne: (Cyranose)
Their systems were compromised from late June 2013 to late February 2014. They brought in two security firms to analyze their systems and they found nothing, subsequent analysis found a hack attack that the two firms had not previously encountered.

This is the second time in three years that they've been hacked, they were previously compromised in 2011.

http://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards-stolen-in-michaels-aaron-brothers-breaches/
thewayne: (Cyranose)
I guess they don't realize that birds poop and fish are also known to urinate. Clearly all reservoirs should be covered by an impermeable membrane and guarded with radar-guided machine guns. Clearly this teen is a terrorist and the full might of the law should be used against him. [/sarcasm]

I'll admit it's mildly disgusting, but 38 million gallons? It's totally undetectable.

http://www.kptv.com/story/25262461/teen-urinates-in-portland-water-supply-city-drains-reservoir-of-38-million-gallons
thewayne: (Cyranose)
Thank you, XKCD. It's sad how many people shroud themselves in the Bill of Rights when their bloviation is shut down.

http://xkcd.com/1357/

thewayne: (Cyranose)
Initially it was suspected that Heartbleed was only an attack on servers, it turns out that this is not the case. Heartbleed is an exploit of some bad code in a package called OpenSSL, which is normally run on servers and Linux machines. If a machine is running the compromised version of OpenSSL AND has been hacked so that it can be controlled remotely by ne'er-do-wells, then it is possible for them to do a reverse-Heartbleed attack against personal computers, tablets, smartphones, etc.

As an example, Facebook and Yahoo Mail look up URLs to grab a partial screen capture to link with your message. If you control the remote URL being looked up, it's possible to leverage an attack.

http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed


Meanwhile, a Canadian teen has been arrested by the RCMP for exploiting Heartbleed against the Canadian revenue service. As a result of his attack, the Canadians stopped accepting online tax return submission and extended the deadline.

http://news.slashdot.org/story/14/04/17/1414219/rcmp-arrest-canadian-teen-for-heartbleed-exploit

The shutdown of online returns: http://news.slashdot.org/story/14/04/10/1253227/canada-halts-online-tax-returns-in-wake-of-heartbleed


And it appears that the NSA has known about the exploit and been using it for their own ends.
thewayne: (Cyranose)
Earlier this week the Russian President Vladimir Putin did an annual event which was effectively an open Q&A with the press. Edward Snowden asked him a question about whether Russia conducts mass surveillance on their people, Putin denied it. What a surprise.

In this editorial for The Guardian, Snowden explains that he wanted to get Putin on public record to open a dialog to get Russian journalists and privacy rights advocates to push the question further. Snowden goes on to say that Putin's answers were much like Obama's initial denials.

Personally, I don't know that Russia has the computer/software power to conduct mass surveillance. They probably accumulate a lot of surveillance information but don't have that great of resources for mining it. On the other hand, they have an excellent skill set for spying on targeted individuals, and anyone who stands up and needs to be hammered down will become a targeted individual.

http://www.theguardian.com/commentisfree/2014/apr/18/vladimir-putin-surveillance-us-leaders-snowden


In other news, Snowden's encrypted email provider, Lavabit, lost a contempt appeal. Lavabit provided end-to-end strong encryption, and when the FBI went after Snowden, they demanded all crypto keys, not just the ability to wire tap Snowden's emails. Lavabit unfortunately did sort of a Three Stooges routine in turning over the keys, staying within the letter of the order while clearly ignoring the intent. They were cited for contempt and have now lost, unfortunately because of their attempts to dodge the subpoena, they caused such a mess that the larger issue, that the FBI was overbroad in requesting crypto keys when they should and could have asked for just Snowden's info, was not part of the contempt ruling and wasn't examined.

http://www.wired.com/2014/04/lavabit-ruling/

August 2025

S M T W T F S
     12
34 56789
10111213 141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 14th, 2025 04:31 pm
Powered by Dreamwidth Studios