04.04.14
Posted in News Roundup at 7:09 am by Dr. Roy Schestowitz
Full-Disclosure
-
-
Once on the cutting edge of vulnerability disclosure, Full-Disclosure has become too unpleasant to read or moderate.
-
From the time I first started writing regularly about IT security in 2003 until today, the Full-Disclosure mailing list has been a must-read resource every day—but that apparently is ending today.
‘Ethical’
Weev
-
-
We’ve been covering the ridiculous DOJ case against Andrew “weev” Auernheimer for quite some time. If you don’t recall, Auernheimer and a partner found a really blatant security hole on AT&T’s servers that allowed them to very easily find out the email addresses of iPad owners. There was no breaking in to anything. The issue was that AT&T left this all exposed. But, with a very dangerous reading of the CFAA (Computer Fraud and Abuse Act) and a bunch of folks who don’t understand basic technology, weev was sentenced to 3.5 years in jail (and has been kept in solitary confinement for much of his stay so far). Part of the case is complicated by the fact that weev is kind of a world class jerk — who took great thrill in being an extreme online troll, getting a thrill out of making others miserable. But, that point should have no standing in whether or not exposing a security hole by basically entering a URL that AT&T failed to secure, becomes a criminal activity.
Misc.
-
Windigo, as the attack campaign has been dubbed, has been active since 2011 and has compromised systems belonging to the Linux Foundation’s kernel.org and the developers of the cPanel Web hosting control panel, according to a detailed report published Tuesday by researchers from antivirus provider Eset. During its 36-month run, Windigo has compromised more than 25,000 servers with robust malware that sends more than 35 million spam messages a day and exposes Windows-based Web visitors to drive-by malware attacks. It also feeds people running any type of computer banner ads for porn services.
-
A revamped early random number generator in iOS 7 is weaker than its vulnerable predecessor and generates predictable outcomes.
A researcher today at CanSecWest said an attacker could brute force the Early Random PRNG used by Apple in its mobile operating system to bypass a number of kernel exploit mitigations native to iOS.
-
The Tor network is in danger of being swamped by criminals abusing its anonymity to hide an underworld of parasitic botnets, malicious command and control and ‘darknet’ markets, according to research from Kaspersky Lab.
-
-
For years, security researchers have warned about the risks of keylogging software on computing platforms. Keyloggers, quite literally log and record the keystrokes taken by a user in a bid to learn passwords and other valuable information.
-
Permalink
Send this to a friend
Posted in News Roundup at 7:01 am by Dr. Roy Schestowitz
-
Regrettably, the owner of WikiLeaks-Forum strives to manipulate public opinion in several ways with the help of his staffers. The forum pretends to host lively discussions of a huge community while in fact most of the forum posts (more than 90 percent) are done by staffers.
-
Several in the GOP want to stop a request for scientists to disclose financial conflicts in their research. What good reason could they possibly have?
-
I had fairly well concluded that the most likely cause was a fire disrupting the electrical and control systems, when CNN now say the sharp left turn was pre-programmed 12 minutes before sign off from Malaysian Air Traffic control, which was followed fairly quickly by that left turn.
-
Almost everything is fake. The brave proverbs with which we were brought up – the truth will out, cheats never prosper, virtue will triumph – turn out to be unfounded. For the most part, our lives are run and our views are formed by chancers, cheats and charlatans. They construct a labyrinth of falsehoods from which it is almost impossible to emerge without the help of people who devote their lives to navigating it. This is the role of the media. But the media drag us deeper into the labyrinth.
There are two kinds of corporate lobbyists in the UK. There are those who admit they are lobbyists but operate behind closed doors, and there are those who operate openly but deny they are lobbyists. Because David Cameron has broken his promise to shine “the light of transparency on lobbying in our country and … come clean about who is buying power and influence” we still “don’t know who is meeting whom. We don’t know whether any favours are being exchanged. We don’t know which outside interests are wielding unhealthy influence … Commercial interests – not to mention government contracts – worth hundreds of billions of pounds are potentially at stake.” (All that was Cameron in 2010, by the way) At the same time, the media is bustling with people working for thinktanks which refuse to say who is paying them, making arguments that favour big business and billionaires.
-
The channel has made an extraordinary connection with its target audience of 16- to 34-year-olds. Its closure could alienate a generation
Permalink
Send this to a friend
Posted in Intellectual Monopoly at 6:59 am by Dr. Roy Schestowitz
-
A spokesperson for BIS (the Department of Business, Innovation and Skills), commented on the reforms, saying, “One of these measures is copyright exception for archiving and preserving. The existing preservation exception will be updated to apply to all types of media and to museums and galleries, as well as libraries and archives.”
-
-
The Saudi Arabian Ministry of Culture and Information has blocked access to The Pirate Bay, for reasons yet unknown. In addition to the notorious torrent site, Torrentz.eu, Rarbg and possibly several others are blocked too. As always, local users are already discussing ways to work around the restrictions.
-
In 1989, a little known group from New York released an album that would change the course of hip hop. De La Soul’s 3 Feet High and Rising sounded like nothing else: spoken word, skit, and psychedelia; sampled exhaustively, sampled from life. 25 years in, it sounds all the more remarkable. It sounds like the Internet.
-
Two individuals accused of millions of dollars worth of Android piracy signed plea agreements with the U.S. Government last week, but at least one other defendant has different things in mind. With the hiring of a “much-feared civil rights lawyer”, the former operator of Applanet is going on the offensive against the DOJ.
-
It’s been almost a year since US District Judge Otis Wright issued a sanction order repudiating the lawyers behind the “copyright trolling” organization known as Prenda Law. Since then, several other judges have pounded Prenda with expensive sanction orders. Just last week, Paul Hansmeier, Paul Duffy, and John Steele—the three lawyers commonly linked to Prenda—were found to be in contempt of a devastating sanction order won by AT&T and Comcast.
Permalink
Send this to a friend
Posted in News Roundup at 6:55 am by Dr. Roy Schestowitz
Mostly chronological:
-
Next week, on 3 April, Members of the European Parliament will vote on the future of Net Neutrality and the open Internet in Europe. After years of struggle across the European Union, either solid legal protections for the freedom of expression and innovation online will be introduced or telecom operators will be given free reign to discriminate between online communications and use this to force out competition. In light of approaching European elections, citizens must call on their representatives to vote in favour of the protection of fundamental rights and the internet as we know it.
-
A few days before the vote that will decide the future of Net Neutrality and the Internet commons in Europe, La Quadrature du Net calls on all Members of the European Parliament to support the amendments proposed by the Social-Democrats (S&D), the Greens (Greens/EFA), the United Left (GUE/NGL) and the Liberals1 (ALDE). These amendments contain strong provisions to protect freedom of expression and freedom of information online, reassert the principle of fair competition and guarantee that users may freely choose between services online. From now until 3 April, citizens should urge their representatives to support this cross-party package of amendments in order to preserve the Internet commons.
-
The battle to preserve the open internet is reaching its final stage, with the big European Parliament vote taking place on April 3rd. The report adopted by the Industry Committee two weeks ago includes provisions undermining the principle of net neutrality, putting the open internet and freedom of speech at risk. The good news is that four political groups have tabled proposals for final vote that would prevent discrimination and enshrine real net neutrality in law. Now it is up to our representatives to choose – openness and competition or closed, uncompetitive networks.
-
-
The European Parliament took a major step towards enshrining net neutrality in law today, when the EU Parliament voted yes to a new Regulation for a Telecommunications Single Market.
-
-
-
-
-
Today the European Parliament adopted in first reading the Regulation on the Single Telecoms Market (see the vote call). By amending the text with the amendment proposals made by the Social-Democrats (S&D), Greens (Greens/EFA), United Left (GUE/NGL) and Liberals (ALDE), the Members of the European Parliament took a historic step for the protection of Net Neutrality and the Internet commons in the European Union. La Quadrature du Net warmly thanks all citizens, organisations and parliamentarians who took part in this campaign, and calls on them to remain mobilised for the rest of the legislative procedure.
-
-
-
Earlier this month, the U.S. government surprised the Internet community by announcing that it plans to back away from its longstanding oversight of the Internet domain name system. The move comes more than 15 years after it first announced plans to transfer management of the so-called IANA function, which includes the power to add new domain name extensions (such as dot-xxx) and to alter administrative control over an existing domain name extension (for example, approving the transfer of the dot-ca domain in 2000 from the University of British Columbia to the Canadian Internet Registration Authority).
Permalink
Send this to a friend
Content is available under CC-BY-SA