Local and Global Community News – Activism / Protests - Animal Advocacy - Animal Rescue- Archaeology/Anthropology/Paleontology/Crypto-zoology , Corporate Assault on our Lives and Our Health, Environmental- Internet/IT - Signs of the Times – Wildlife : News Affiliate of Family Survival Protocol.com
The announcement comes less than 24 hours after hacktivist group warned of a coordinated and targeted attack against the Islamic State in the wake of the deadly wave of terror attacks across Paris.
The hacking collective vowed to “unite humanity,” warning the terrorist group to “expect massive cyber-attacks.”
“Anonymous from all over the world will hunt you down,” the masked Anon spokesman in the video said. “You should know that we will find you and we will not let you go.”
ISIS responded to Anonymous’ video on Monday, calling the hacktivist group “idiots” and offering technical guidance to ISIS supporters in an effort to protect against Anonymous cyber-attacks.
In spite of the ISIS insults aimed at Anonymous, judging by the initial results, it seems the Islamic State is impotent to stop the hacktivist group from decimating the terror group’s social media outreach and recruitment efforts.
NSA Said to Exploit Heartbleed Bug for Intelligence for Years
By Michael RileyApr 11, 2014 11:00 PM CT
The
U.S. National Security Agency knew for at least two years about a flaw
in the way that many websites send sensitive information, now dubbed the
Heartbleed bug, and regularly used it to gather critical intelligence,
two people familiar with the matter said.
The agency’s reported
decision to keep the bug secret in pursuit of national security
interests threatens to renew the rancorous debate over the role of the
government’s top computer experts. The NSA, after declining to comment
on the report, subsequently denied that it was aware of Heartbleed until
the vulnerability was made public by a private security report earlier
this month.
“Reports that NSA or any other part of the government
were aware of the so-called Heartbleed vulnerability before 2014 are
wrong,” according to an e-mailed statement from the Office of the
Director of National Intelligence.
Heartbleed appears to be
one of the biggest flaws in the Internet’s history, affecting the basic
security of as many as two-thirds of the world’s websites. Its discovery
and the creation of a fix by researchers five days ago prompted
consumers to change their passwords, the Canadian government to suspend
electronic tax filing and computer companies including Cisco Systems Inc. (CSCO) to Juniper Networks Inc. to provide patches for their systems.
Photographer: Paul J. Richards/AFP/Getty Images
A computer workstation bears the National Security Agency (NSA) logo inside the Threat... Read More
Putting
the Heartbleed bug in its arsenal, the NSA was able to obtain passwords
and other basic data that are the building blocks of the sophisticated
hacking operations at the core of its mission, but at a cost. Millions
of ordinary users were left vulnerable to attack from other nations’
intelligence arms and criminal hackers.
Controversial Practice
“It
flies in the face of the agency’s comments that defense comes first,”
said Jason Healey, director of the cyber statecraft initiative at the
Atlantic Council and a former Air Force cyber officer. “They are going
to be completely shredded by the computer security community for this.”
Experts
say the search for flaws is central to NSA’s mission, though the
practice is controversial. A presidential board reviewing the NSA’s
activities after Edward Snowden’s leaks recommended the agency halt the
stockpiling of software vulnerabilities.
NSA Denies Report It Knew About And Exploited Heartbleed For Years
Updated with NSA denial
Bloomberg is reporting that
the National Security Agency knew about the Heartbleed flaw for at
least two years and “regularly used it to gather critical intelligence,”
according to two sources. NSA denial
The
NSA has denied the Bloomberg report. “Reports that NSA or any other part
of the government were aware of the so-called Heartbleed vulnerability
before April 2014 are wrong. The Federal government was not aware of the
recently identified vulnerability in OpenSSL until it was made public
in a private sector cybersecurity report,” according to a blog post from the Office of the Director of National Intelligence.
If
the Bloomberg story is true, it would be a major bombshell that is
certain to add fuel to the already contentious debate about the NSA’s
role in surveillance. Last year it was reported that the NSA paid
security firm RSA $10 million to intentionally weaken an encryption
algorithm and had circumvented or cracked other encryption schemes. Reuters recently reported that “NSA infiltrated RSA security more deeply than thought.”
Bloomberg said that the NSA was able to use the Heartbleed flaw to obtain passwords and other user data. Is NSA making us less secure?
Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say
Edward J. Snowden, the N.S.A. leaker, speaking to European officials via videoconference last week.Credit Frederick Florin/Agence France-Presse — Getty Images
WASHINGTON
— Stepping into a heated debate within the nation’s intelligence
agencies, President Obama has decided that when the National Security
Agency discovers major flaws in Internet security, it should — in most
circumstances — reveal them to assure that they will be fixed, rather
than keep mum so that the flaws can be used in espionage or
cyberattacks, senior administration officials said Saturday.
But
Mr. Obama carved a broad exception for “a clear national security or
law enforcement need,” the officials said, a loophole that is likely to
allow the N.S.A. to continue to exploit security flaws both to crack
encryption on the Internet and to design cyberweapons.
The
White House has never publicly detailed Mr. Obama’s decision, which he
made in January as he began a three-month review of recommendations by a
presidential advisory committee on what to do in response to recent
disclosures about the National Security Agency.
But
elements of the decision became evident on Friday, when the White House
denied that it had any prior knowledge of the Heartbleed bug, a newly
known hole in Internet security that sent Americans scrambling last week
to change their online passwords. The White House statement said that
when such flaws are discovered, there is now a “bias” in the government
to share that knowledge with computer and software manufacturers so a
remedy can be created and distributed to industry and consumers.
Caitlin
Hayden, the spokeswoman for the National Security Council, said the
review of the recommendations was now complete, and it had resulted in a
“reinvigorated” process to weigh the value of disclosure when a
security flaw is discovered, against the value of keeping the discovery
secret for later use by the intelligence community.
“This process is biased toward responsibly disclosing such vulnerabilities,” she said.
Until
now, the White House has declined to say what action Mr. Obama had
taken on this recommendation of the president’s advisory committee,
whose report is better known for its determination that the government
get out of the business of collecting bulk telephone data about the
calls made by every American. Mr. Obama announced last month that he
would end the bulk collection, and leave the data in the hands of
telecommunications companies, with a procedure for the government to
obtain it with court orders when needed.
But
while the surveillance recommendations were noteworthy, inside the
intelligence agencies other recommendations, concerning encryption and
cyber operations, set off a roaring debate with echoes of the Cold War
battles that dominated Washington a half-century ago.
One
recommendation urged the N.S.A. to get out of the business of weakening
commercial encryption systems or trying to build in “back doors” that
would make it far easier for the agency to crack the communications of
America’s adversaries. Tempting as it was to create easy ways to break
codes — the reason the N.S.A. was established by Harry S. Truman 62
years ago — the committee concluded that the practice would undercut
trust in American software and hardware products. In recent months,
Silicon Valley companies have urged the United States to abandon such
practices, while Germany and Brazil, among other nations, have said they
were considering shunning American-made equipment and software. Their
motives were hardly pure: Foreign companies see the N.S.A. disclosures
as a way to bar American competitors.
Published: 17:33 EST, 9 April 2014 | Updated: 17:57 EST, 9 April 2014
Internet
users have been warned to change all their computer and phone passwords
following what could be a ‘catastrophic’ security breach.
Major technology firms have urged the public to immediately update their online security.
The
alert is the result of the discovery of an internet bug called
‘Heartbleed’, which is able to bypass computer security settings.
LastPass Heartbleed Checker warns if a website may be at risk. It also reveals websites that aren't affected
HOW TO BEAT THE BUG
If
a password is in any dictionary in any language then it will take just
three minutes to crack, warned computer expert Tony McDowell.
The
worst passwords are the likes of ‘password’, ‘123456’, ‘qwerty’, or
your child’s name. Using the same password for every site can leave you
even more vulnerable to hackers, he added. His
advice is to use a phrase rather than a word. For example, use
‘nameisabella’ rather than just ‘Isabella’ – and use a mixture of
letters and numbers.
A password of ‘name!saBe1la’ would take a year to crack, said Mr McDowell, managing director of Encription Ltd.
‘Most hackers give up after 24 hours unless it is something they really want to gain access to,’ he added.
Edward Snowden warns of personal data vulnerability
The
former NSA contractor takes part in a video conference at the South by
Southwest tech event in Texas and answers questions via Twitter to an
enthusiastic audience.
...
Former
National Security Agency contractor Edward Snowden speaks remotely to
the South by Southwest Interactive conference in Austin, Texas,
superimposed over an image of the Constitution. (Spencer Bakalar / Los Angeles Times / March 10, 2014)
By Steve Appleford
March 10, 2014, 9:31 p.m.
AUSTIN, Texas — Edward Snowden
brought no bombshells when he arrived to an excited round of applause
Monday, his stubbled face relaxed as it was beamed in from across the
continents for a "virtual conversation" about the vulnerability of
personal data. His presence was event enough.
Public appearances by the former National Security Agency
contractor and U.S. exile are rare, and this one was beamed in from an
undisclosed location in Russia via several online proxies for his own
security, a bit of technological cloak-and-dagger that could only add to
his mystique for the three roomfuls of international tech specialists
struggling to hear his words in video that was choppy and often
inaudible.
His message still got through: Personal information is
vulnerable not only to government prying but to growing numbers of
outside infiltrators because companies have failed to adequately protect
the data of their customers. His own exile after leaking to reporters
secret information he had gathered while an NSA consultant has made him a
central figure in that conversation, and he says he has no regrets.
"Would
I do it again? Absolutely," Snowden said into the camera, in response
to one of several questions submitted to him via Twitter (#AskSnowden)
and screened backstage at the South by Southwest Interactive conference.
"I took an oath to support and defend the Constitution. And I saw the
Constitution was being violated on a massive scale."
He warned,
"If we allow the NSA to continue unrestrained, every other government
will accept that as a green light to do the same."
The chosen
Twitter questions were notably nonconfrontational for a figure often the
subject of heated debate even among supporters. One asked whether the
mass surveillance was driven by privatization. Another wondered about
the potential for society to "reap benefits" from the "big data." None
asked about his life in Russia, or what further revelations might be
coming.
The first question came from Timothy John Berners-Lee, a
British scientist known as the inventor of the World Wide Web, who asked
Snowden how he would create an accountability system for governance.
Edward Snowden, the NSA whistleblower whose unprecedented leak of
top-secret documents led to a worldwide debate about the nature of
surveillance, insisted on Monday that his actions had improved the
national security of the United States rather than undermined it, and
declared that he would do it all again despite the personal sacrifices
he had endured.
In remarks to the SXSW culture and technology
conference in Texas, delivered by video link from his exile in Russia,
Snowden took issue with claims by senior officials that he had placed
the US in danger. He also rejected as demonstrably false the suggestions
by some members of Congress that his files had found their way into the
hands of the intelligence agencies of China or Russia.
Snowden
spoke against the backdrop of an image of the US constitution, which he
said he had taken an oath to protect but had seen “violated on a mass
scale” while working for the US government. He accepted praise from Sir
Tim Berners-Lee, the inventor of the world wide web, accorded the first
question via Twitter, who described him as “acting profoundly in the
public interest”.
The session provided a rare and extensive
glimpse into the thoughts of Snowden, granted temporary asylum by Russia
after the US revoked his passport. He struck back strongly against
claims made again last week by the NSA director, General Keith
Alexander, that his release of secret documents to the Guardian and
other outlets last year had weakened American cyber-defences.
“These
things are improving national security, these are improving the
communications not just of Americans, but everyone in the world,”
Snowden said. “Because we rely on the same standard, we rely on the
ability to trust our communications, and without that, we don’t have
anything.”
He added later that thanks to the more secure
communication activity that had been encouraged by his disclosures, “the
public has benefited, the government has benefited, and every society
in the world has benefited”.
Hackers attacked the personal blog of Mt. Gox CEO Mark Karpeles on
Sunday and posted what they claim is a ledger showing a balance of some
950,000 bitcoins based on records they obtained from the defunct
exchange for the virtual currency.
They said the sum contradicts Mt. Gox’s claim in a Japanese
bankruptcy protection filing Feb. 28 that it had lost about 850,000
bitcoins.
Neither Karpeles nor Mt. Gox officials could immediately be reached to verify the claims.
Karpeles has maintained a low profile since the filing in Tokyo
District Court. Mt. Gox, which pulled the plug on its website three days
before the court filing, had announced that about 750,000 customer
bitcoins it held are missing along with 100,000 of its own bitcoins and
$27.3 million in customer deposits.
Karpeles’ blog was titled “Magical Tux in Japan—Geekness brought me
to Japan!” Karpeles, who is French, often used the nickname “MagicalTux”
when posting on public message or chat forums. His blog went offline on
Sunday shortly after it was attacked.
A screenshot of Karpeles' hacked blog. (Click to enlarge; strong language.)
Karpeles did not immediately answer a query sent to his personal email address.
The attackers claim to have obtained database records containing
transaction details from Mt. Gox. They wrote they purposely withheld
users’ personal data. Mt. Gox had as many as 1 million customers as of
December.
The data included a screenshot of what appears to be an internal SQL
database administration tool, Karpeles’ CV and a Windows executable
called “TibanneBackOffice,” among many others. Mt. Gox is a subsidiary
of Tibanne, a company owned by Karpeles.
The release of the data adds to the mysterious circumstances around
Mt. Gox, which at one time was the largest exchange for buying and
selling bitcoin.
Mt. Gox’s demise has enraged its out-of-pocket customers as efforts
continue to derive clues from bitcoin’s public ledger, called the
blockchain, that might indicate the fate of its virtual currency
holdings.
Some
of the biggest names in cryptography and computer science just released
an open letter condemning the surveillance practices of the U.S
government. "Media reports since last June have revealed that the US
government conducts domestic and international surveillance on a massive
scale, that it engages in deliberate and covert weakening of Internet
security standards, and that it pressures US technology companies to
deploy backdoors and other data-collection features," said a statement
posted to masssurveillance.info.
"As leading members of the US cryptography and information-security
research communities, we deplore these practices and urge that they be
changed."
In a speech last week, President Obama addressed
concerns related to NSA's 215 domestic phone records collection program,
but he did not remark on reports that the U.S. government had weakened encryption as part of its practices. Read More Here
.....
An open letter
today from a large group of professors – top US computer security and
cryptography researchers – slams the damage to ecurity caused by NSA
spying:
Inserting backdoors, sabotaging
standards, and tapping commercial data-center links provide bad actors,
foreign and domestic, opportunities to exploit the resulting
vulnerabilities.
The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent.
Because transparency and public consent are at the core of our
democracy, we call upon the US government to subject all
mass-surveillance activities to public scrutiny and to resist the
deployment of mass-surveillance programs in advance of sound technical
and social controls. In finding a way forward, the five principles
promulgated at http://reformgovernmentsurveillance.com/ [a site launched by Google, Apple, Microsoft, Twitter, Facebook, AOL, Yahoo and LinkedIn] provide a good starting point.
The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack
at its core and one that, by default, is intrinsically secure for its
users. Every country, including our own, must give intelligence and
law-enforcement authorities the means to pursue terrorists and
criminals, but we can do so without fundamentally undermining
the security that enables commerce, entertainment, personal
communication, and other aspects of 21st-century life.
We urge the US government to reject society-wide surveillance and the
subversion of security technology, to adopt state-of-the-art,
privacy-preserving technology, and to ensure that new policies, guided
by enunciated principles, support human rights, trustworthy commerce,
and technical innovation.
The Washington Post notes that these are some of the top names in computer cryptography and security, including heavyweights in the government.
Many other top security experts agree:
IT and security professionals say spying could mess up the safety of our internet and computer systems
“By weakening encryption, the NSA allows others to more easily break it. By installing backdoors and other vulnerabilities in systems, the NSA exposes them to other malicious hackers—whether they are foreign governments or criminals. As security expert Bruce Schneier explained, ‘It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create.’” Read More Here
Submitted by Tyler Durden on 01/20/2014 22:02 -0500
Submitted by Michael Krieger of Liberty Blitzkrieg blog,
The hits just keep on coming for ObamaCare. It was less than two weeks ago that I highlighted the potentialpremium rate death spiral
that ObamaCare faces due to the fact that only old and sick people are
signing up for the program. Now it seems there are further security
related concerns plaguing the site, as cyber-security expert David
Kennedy recently claimed that “gaining access to 70,000 personal records
of Obamacare enrollees via HealthCare.gov took about 4 minutes.”
It’s actually hard to be this incompetent if you tried. More from the Washington Times: The
man who appeared before Congress last week to explain
the security pitfalls of HealthCare.gov took to Fox News on Sunday to
explain just how easy it was to penetrate the website.
Hacking expert
David Kennedy told Fox’s Chris Wallace that gaining access to 70,000
personal records of Obamacare enrollees via HealthCare.gov took about 4
minutes and required nothing more than a standard browser, the Daily Caller reported.
Security company IntelCrawler posted these Web images
of a 17-year-old Russian it says may be the architect of the
malware that hacked up to 110 million Target customers, and of online chats (left) it used to track him.
This baby-faced teen is a key suspect in developing the software that
was used in the massive security breach that hit as many as 110 million
Target shoppers last holiday season, according to a shocking new
report.
In addition, the malicious software, or malware, has infected the
payment systems of six other retailers — a possible sign that a
half-dozen other attacks are underway, a California cyber-security firm
said in the report.
The firm, IntelCrawler, which has tracked the malware’s architect for
months, said on Friday that its main suspect is a 17-year-old with
“roots” in St.Petersburg, Russia, who goes by the online nickname
“ree4.”
Mexican couple arrested crossing into the US in connection with Target credit card breach which affected 100million customers
McAllen, Texas Police arrested Mary Carmen Garcia, 27, and Daniel Guardiola Dominguez, 28, on Sunday
The couple were crossing into the U.S. with credit cards believed to contain stolen account information from Target customers
An estimated 100million Target customers had their personal information released in a December security breach
By
Ashley Collman PUBLISHED:
18:10 EST, 20 January 2014
| UPDATED:
18:29 EST, 20 January 2014
Two Mexican nationals were arrested
in south Texas yesterday in connection to the December Target credit
card breach which compromised the personal bank information of an
estimated 100million customers.
McAllen, Texas police arrested 27-year-old Mary Carmen Garcia and 28-year-old Daniel Guardiola Dominguez as they were trying to cross into the U.S. from Reynosa, Mexico. Both are from Monterrey, Mexico.
Police
say the couple crossed into the U.S. last weekend with 100 fraudulent
cards and spent tens of thousands of dollars and brought an addition 96
cards with them on Sunday.
Arrested: Police arrested 27-year-old Mary
Carmen Garcia (left) and 28-year-old Daniel Guardiola Dominguez (right)
trying to cross into the U.S. Sunday with credit card information
believed to have been acquired in a December security breach of Target
Russian teen misidentified in Target breach, expert says
FoxNews.com
The
Russian teenager identified as the author behind the software used in
the security breach that hit Target Corp. during the crucial holiday
season may be incorrect. (AP)
A cyber security firm that fingered a Russian teen for the
malware used to steal 70 million Target customers' credit card numbers
appears to be backing off, but not quite backing down.
Last week, California-based IntelCrawler named 17-year-old Sergey
Tarasov as the kid behind the massive breach, saying he had "roots" in
St. Petersburg and goes by the online nickname "ree4." Tarasov was
subsequently identified in numerous media reports. But in an update to
its report released Monday, IntelCrawler said another author crafted the code, though it still accused Tarasov of playing a role in the breach.
"Three days ago, IntelCrawler researchers claimed that they had found
out who is the brains behind the malware used in the Target breach,"
security expert Brian Krebs
told FoxNews.com in an email. "A couple of hours ago, IntelCrawler
changed their version of the events, publishing data that links another
Russian VK profile to the affair, this time Rinat Shabayev."
So Intelcrawler apparently just changed its mind about the guy
responsible for the Target POS malware. Now they have the right guy
— briankrebs (@briankrebs) January 20, 2014
IntelCrawler had originally released the name of Sergey Tarasov,
which Krebs says was misspelled as Taraspov. While IntelCrawler has
revised its initial report, the company still believes Tarasov is
connected to the malware.
Tim Hornyak
New York Post
, IntelCrawler said another author crafted the code, though it still accused Tarasov of playing a role in the breach.
