jfruh writes: Worries about snooping are now a permanent part of our computing landscape, but Google is attempting to ameliorate those fears by encrypting all data on its Google Cloud Storage service by default. Data is encrypted with 128-bit AES, and you can manage the keys yourself or have Google do it for you. A Google spokesperson said that the company "does not provide encryption keys to any government."
judgecorp writes: Tibetan activists are under cyber attack, and they say the security industry is not helping. The attacks are on a massive scale using fresh flaws, while the industry sells solutions suitable for attacks which use known exploits. Worse, at least one security firm effectively used the Tibetans' plight to its own advantage — its fake honeypot "Tibetan protest" site, built for the sole purpose of gathering information, actually fooled some genuine activists
NettiWelho writes: The Washington Post: The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.
Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.
judgecorp writes: During last week's Zimbabwean election, some huge denial of service attacks took down sites including several reporting on human rights issues and potential irregularities in the election. Those affected suspect government involvement.
twoheadedboy writes: WhatsApp, the popular messaging app, isn't doing SSL as securely as it could/should be, according to security researchers. When a user wants to pay for a licence on an Android device, an in-app browser appears to let the transaction go ahead. But the connection between the browser and the WhatsApp server isn't protected by SSL, even if the connection to the payment services is. That's bad, as it can let hackers carrying out man-in-the-middle attacks know when a WhatsApp user is connecting to a payment service, like PayPal and Google Wallet, as offered by WhatsApp, They can then serve up phishing pages to the user and steal their payment login details. "It's serious as it's a complete and utter failure of HTTPS," says security expert Troy Hunt.
twoheadedboy writes: Claire Perry MP, who has been the main driver of the UK government's plans for default blocking of pornography, has had her website plastered in porn by hackers. But the story only just begins there. Notable blogger Guido Fawkes, otherwise known as Paul Staines, posted on the matter, only to later be accused of sponsoring the hacking himself. During some back and forth over Twitter, it appeared Perry was "confused", as she said Fawkes had posted a link to the defaced page, when he had only shown a screenshot of the site. Given the backlash against the government's plans to censor porn and its technical fallacies, the event could be particularly embarrassing for Perry. She is not commenting on the matter, whilst Staines has threatened to sue unless Perry offers a retraction of her claim he had anything to do with the hack.
twoheadedboy writes: A Chinese hacker group is the chief suspect of spear phishing attacks against the Falun Dafa spiritual group and military organisations in the Philippines. Data handed to TechWeek by AlienVault Labs showed how zero-day malware, designed to pilfer Outlook email account logins, was just one strand of the attacks, which are ongoing. Other malware sought to steal passwords for other accounts, dodging many commercial AV products, whilst remote access tools indicate this is a serious surveillance operation. Chinese authorities have neither confirmed nor denied the claims. But it marks another case of Internet-led surveillance with China's name attached to it, following numerous reports of mass Chinese hacking, which has already allegedly hit massive firms like Facebook and Google.
twoheadedboy writes: Google and its Motorola division have come up with some innovative yet scary ideas on how to fix the world’s password woes, proposing tattoos and pills for truly effective authentication. Presented by Regina Dugan, former DARPA head and lead for advanced research at Motoroladuring the D11 conference, the tattoo works as a wearable NFC patch. But it's the pill that's more of a radical idea. It contains a small chip with a switch and a battery, which uses stomach acids to serve as an electrolyte to power it up. "The switch goes on and off, and it creates an 18-bit ECG-like signal in your body and essentially your entire body becomes your authentication token," Dugan explained. Produced by a company called Proteus Digital Health, the pill has already been cleared by the US Federal Drug Administration. With passwords failing as an authentication mechanism, wearable or swallowable tech might be the answer... even if it is creepy.
twoheadedboy writes: When BT engineers set out to lay fibre broadband cables in remote areas in North Yorkshire, they didn't think they would have many issues. But they didn't see the badgers coming. They discovered badger setts along the planned route for a cable connecting 450 properties to the local exchange. As it is illegal to destroy or upset setts — badgers are considered an endangered species — BT has had to hold off putting down the fibre until it either gains permission from the National Trust or comes up with fresh plans.
twoheadedboy writes: Google is getting tough on zero-day vulnerabilities. It has said it will go public with any information it has on exploited unpatched vulnerabilities a week after it has told the vendor, unless that vendor does something about it. Google’s standard period for keeping exploits under wraps was 60 days so it's clearly taking a hard line. "Seven days is an aggressive timeline and may be too short for some vendors to update their products, but it should be enough time to publish advice about possible mitigations, such as temporarily disabling a service, restricting access, or contacting the vendor for more information," Google researchers said.
twoheadedboy writes: Despite suggestions Bitcoin might be the ideal currency for dealers on the dark web, it appears Perfect Money, a Panama-based operation, is proving the most popular alternative to the now-defunct Liberty Reserve. A source working the underground forums told TechWeekEurope that, for now, fraudsters are rapidly migrating to Perfect Money. Many vendors have started accepting it, having previously primarily used Liberty Reserve, which was shut down following the arrest of its founder and four other members this past week. Internet fraudsters might be interested in Perfect Money as it has distanced itself from the US, cutting off all new American registrations. However, one forum user said he was turned down by Perfect Money as their “type of activity is not welcome”. Other currencies may yet win out...
twoheadedboy writes: Nasdaq has been fined $10 million by the US Securities and Exchange Commission over “poor systems and decision-making” during the Facebook initial public offering. When Facebook went public on 18 May 2012, it was hoping for a major success, but technical glitches and poor decision making at Nasdaq caused real problems. The SEC said “a design limitation” in the system to match IPO buy and sell orders was at the root of the disruption, thought to have cost investors $500 million. Orders failed to register properly, leaving banks like Citigroup and UBS in the lurch and making additional, unnecessary bids. They may still win money back from Nasdaq if legal challenges go their way.
twoheadedboy writes: Mozilla has sent British spyware pusher Gamma International a cease and desist letter, after a report showed how the surveillance software was being delivered under the guise of a Firefox executable. Gamma has come under fire in recent months after its spyware was found in use in countries with poor human rights records. Its FinSpy tool, which can infect smartphones and PCs, was seen in use in various nations run by apparently repressive regimes, including Bahrain, Egypt, Ethiopia, Turkmenistan and Vietnam. Mozilla isn't happy about how that spyware is getting on users' machines, however. "As an open source project trusted by hundreds of millions of people around the world, defending Mozilla’s trademarks from this abuse is vital to our brand, mission and continued success,” said Mozilla chief privacy officer Alex Fowler.
twoheadedboy writes: Major hosting company Go Daddy has been hit by a significant DDoS attack, for the second time in a month. Customers across Europe complained of downtime, whilst GoDaddy.com itself was knocked offline for periods yesterday. There was a "large-scale attack on our European Internet infrastructure", said Go Daddy communications manager Nick Fuller. As witnessed in the Spamhaus attacks of March, it appears the continuing growth in DDoS attack size and prevalence are causing carnage for even the biggest firms.