Sapere Aude
Tag: security
cia director uses aol for work, gets hacked. being a digital illiterate has consequences.
WikiLeaks is releasing documents from one of CIA chief John Brennan’s non-government email accounts. Brennan used the account occasionally for several intelligence related projects.
We recently switched Google’s 2b line repository over to BoringSSL, our fork of OpenSSL. This means that BoringSSL is now powering Chromium (on nearly all platforms), Android M and Google’s production services. For the first time, the majority of Google’s products are sharing a single TLS stack and making changes no longer involves several days of work juggling patch files across multiple repositories. This is a big positive for Google and I’m going to document some of the changes that we’ve made in BoringSSL in this post.
Syrians are helped along their journeys by Arabic-language Facebook groups like “Smuggling Into the E.U.,” with 24k members, and “How to Emigrate to Europe,” with 39k. Migrants share photos and videos of their journeys taken on their smartphones. The groups are used widely by those traveling alone and with traffickers. In fact, the ease and autonomy the apps provide may be cutting into the smuggling business.
yet again, companies who don’t get software feeling the urge to add useless functionality that of course is completely insecure. the internet of things is going to be fun.
Another industry is learning the hard way that they suck at software.
Imagine it’s 1995, and you’re about to put your company’s office on the Internet. Your security has been solid in the past—you’ve banned people from bringing floppies to work with games, you’ve installed virus scanners, and you run file server backups every night. So, you set up the Internet router and give everyone TCP/IP addresses. It’s not like you’re NASA or the Pentagon or something, so what could go wrong?
That, in essence, is the security posture of many modern automobiles—a network of sensors and controllers that have been tuned to perform flawlessly under normal use, with little more than a firewall (or in some cases, not even that) protecting it from attack once connected to the big, bad Internet world.
The NSA is worried enough about advances in the technology to start transitioning away from algorithms that are vulnerable to a quantum computer. Does this mean that the agency is close to a working prototype in their own classified labs? Unlikely. Does this mean that they envision practical quantum computers sooner than my 30-to-40-year estimate? Certainly.
James Mickens gives us a light-hearted survey of the bleak, hideous security present and why things are going to get much, much – much – worse in the future.
We report on the results of 2 online surveys — 1 with 231 security experts and 1 with 294 MTurk participants — on what the practices and attitudes of each group are. Our findings show a discrepancy between the security practices that experts and non-experts report taking. For instance, while experts most frequently report installing software updates, using 2-factor authentication and using a password manager to stay safe online, non-experts report using antivirus software, visiting only known websites, and changing passwords frequently.
an overview of the nest of vipers doing 0day business with hacking team. all these companies are good targets for being taken down.
The recent compromise of Hacking Team’s email archive offers 1 of the first public case studies of the market for 0days. Because of its secretive nature, this market has been the source of endless debates on the ethics of its participants. The archive also offers insight into the capabilities and limits of offensive-intrusion software developers.
Gregor J. Rothfuss 