In a somewhat disturbing case of life imitating art, it seems that real world turmoil is catching up with classic science fiction projections of a dystopian future as envisioned by writers like George Orwell and Ray Bradbury — a world where the general populace is under constant surveillance, and the technology that we’ve become overly dependent on has become our greatest liability.
If the recent NSA debacle wasn’t alarming enough for you, Google recently acquired Nest, the smart device firm and home automation pioneer. Home automation, of course, means having multiple devices (kitchen appliances, thermostats, locks and security cameras, etc.) equipped with wireless capability and controllable through an app on a smart device. Your phone, in essence, becomes a remote control for your entire house. Some systems, like the one which Samsung recently premiered at CES 2014, will only enable the company’s own products to interact with one another, and the more glitzy products like the ADT home security systems allow homeowners to control their thermostats and other electronics (regardless of brand) with their smart phone.
If it sounds too good to be true…that’s because it potentially is, as this article from Trend Labs explains. The IP configuration on the devices is simple and the security options are quite limited, leaving them easily penetrable by hackers and thieves. Part of the risk, of course, is that if you have a home security system that can be entirely disabled through a smartphone, a thief could hack into your accounts, deactivate your entire security system with the push of a mere button, and enter your home freely. All of your data becomes more accessible to hackers, and now Google will have even more comprehensive data to sell to third party candidates who can market products even more aggressively to you.
Orwell and Bradbury basically called the whole thing…
One of the great things about science-fiction is that, whatever paranoid projections it makes about future global conditions, it’s always very much a product of its own time.This news raises all sorts of issues for an overly imaginative person.
The situation is like George Orwell’s 1984, where the general public can’t even so much as think in privacy. Everyone is under constant surveillance, and the entire system is under the pretense that this is somehow what’s best for society.
The citizens of Orwell’s fictional Oceania all have “telescreens” in their apartments, which enables Big Brother (whether that’s merely a governmental agency monitoring the public or one chief observer is never entirely clear) to supervise every given moment of everyone’s lives, and to possess an absurd level of intel on every given person under the jurisdiction of their central government. Replace telescreens with tablets, and Big Brother with Facebook and Google, and ask yourself how much of a deviation this setup is from life as we know it today.
It also calls to mind a particularly eerie story penned by Ray Bradbury 1950 entitled August 2026: There Will Come Soft Rains. The story focuses on “a-day-in-the-life” of a fully automated home after the extinction of the human race. The house prepares meals, recites important dates and reminders through an intercom system with a pre-recorded voice. We come to learn, throughout the course of the story, that the family who owned the house have been wiped out. We hear about silhouettes permanently fixed unto the side of the homes, in a manner that evoked the victims of Hiroshima and Nagasaki who were vaporized in an atomic blast.
So Bradbury’s grim musings couldn’t have been more fitting for his time, and they are startlingly relevant now. Just as humans channel their ingenuity and creativity into constructive things, or things which enhance life for humanity (all of the advancements in home technology, for instance) the misapplication of that creativity — and the misapplication of technology itself– can have dire, even catastrophic, consequences on humanity.
Is it really as bad as all of that?
Only time will tell, but it does seem more and more likely that whatever minor conveniences the technology yields will hardly justify the potential security risks.
You would hope that, in some cases, paranoid science-fiction literature would help prevent future atrocities from occurring by anticipating them. It’s sort of comforting that we’ve not yet reached the place anticipated by Arthur C. Clarke, where computers have superior intellect to humans and can function, not only with autonomy, but willfully against people. It’s pretty disconcerting, however, that we seem to be drawing nearer and nearer to those imagined realities, not merely a novel thought and fodder for pop literature, but a grim facet of our day to day lives.Read more
Hmm. Hold up. So if we go by this Wikipedia entry..
People need to understand, this means RSA took around 2% of what they’d make in one year. FOR A BACK-DOOR OMG. Does this not sound more like a tax, than a payment (never mind a bribe!)? How much would you care about an extra 2% per year? Exactly. Thats all I got. Someone else needs to close that gap. -Max
Intentional flaws created by the National Security Agency in RSA’s encryption tokens werediscovered in September, thanks to documents released by whistleblower Edward Snowden. It has now been revealed that RSA was paid $10 million by the NSA to implement those backdoors, according to a new report in Reuters.
Two people familiar with RSA’s BSafe software told Reuters that the company had received the money in exchange for making the NSA’s cryptographic formula as the default for encrypted key generation in BSafe.
“Now we know that RSA was bribed,” said security expert Bruce Schneier, who has been involved in the Snowden document analysis. “I sure as hell wouldn’t trust them. And then they made the statement that they put customer security first,” he said.
RSA, now owned by computer storage firm EMC Corp, has a long history of entanglement with the government. In the 1990s, the company was instrumental in stopping a government plan to include a chip in computers that would’ve allowed the government to spy on people.
The new revelation is important, Schneier said, because it confirms more suspected tactics that the NSA employs.
“You think they only bribed one company in the history of their operations? What’s at play here is that we don’t know who’s involved,” he said.
Other companies that build widely-used encryption apparatus include Symantec, McAfee, and Microsoft. “You have no idea who else was bribed, so you don’t know who else you can trust,” Schneier said.
RSA did not return a request for comment, and did not comment for the Reuters story.
Saudi militants were behind the massive car bombing and assault on Yemen’s military headquarters that killed more than 50 people, including foreigners, investigators said in a preliminary report released Friday.
Al-Qaeda claimed responsibility for the attack, saying it was retaliation for US drone strikes that have killed dozens of the terror network’s leaders.
The attack – the deadliest in Sanaa since May 2012 – marked an escalation in the terror network’s battle to undermine the US-allied government and destabilise the impoverished Arab nation despite the drone strikes and a series of US-backed military offensive against it.
US forces also have been training and arming Yemeni special forces, and exchanging intelligence with the central government.
Military investigators described a two-stage operation, saying heavily armed militants wearing army uniforms first blew up a car packed with 500 kilograms of explosives near an entrance gate, then split into groups that swept through a military hospital and a laboratory, shooting at soldiers, doctors, nurses, doctors and patients.
Officials earlier said 11 militants were killed, including the suicide bomber who drove the car. It was not clear if the 12th attacker was captured or escaped.
The investigative committee led by Yemen’s Chief of Staff Gen. Ahmed al-Ashwal, said militants shot the guards outside the gates of the military hospital, allowing the suicide bomber to drive the car inside, but a gunfight forced him to detonate his explosives before reaching his target.
It said the 12 militants killed, included Saudis.
Two military officials told The Associated Press that wounded soldiers had told them the assailants who stormed the hospital separated out the foreigners and shot everybody in the head.
Other military officials said American security agents were helping with the investigations, but that could not be confirmed. All officials spoke on condition of anonymity because they were not allowed to brief reporters.
Yemeni commandos and other security forces besieged the militants before they could reach the ministry’s main building, preventing them from going further than the ministry’s entrance gate. All the attackers were killed by 4:30 pm Thursday, according to the committee.
Yemeni security forces launched a manhunt in the capital to find the perpetrators, sparking gun battles that killed five suspected militants and a Yemeni commando, officials said.
The committee, which sent its report to Yemeni President Abed Rabbo Mansour Hadi, did not explain how it came to its conclusions.
The report, read on state TV, raised the death toll to 56 and said more than 200 people were wounded.
The foreigners killed included two aid workers from Germany, two doctors from Vietnam, two nurses from the Philippines and a nurse from India, according to Yemen’s Supreme Security Commission.
But a spokesman for the Philippines’ Department of Foreign Affairs, Raul Hernandez, said on Friday that seven Filipinos were killed in the attack, including a doctor and nurses, while 11 others were wounded.
The victims were among 40 Filipino workers in the hospital. Hernandez said that the Philippines’ honorary consul reported that the others survived by pretending to be dead.
It was not immediately possible to reconcile the conflicting accounts. But officials from the military hospital said Friday that at least 10 foreigners had been killed.
The United States considers the Yemeni al-Qaeda branch to be the most active in the world and it has escalated drone attacks against the militants in Yemen.
via SkyNewsRead more
Hackers Chris Valasek and Charlie Miller have demonstrated from the backseat of a Toyota Prius that all you need is a Macbook and a USB cable in order to hack into a computer-controlled car.
Valasek is the director of security intelligence for IOActive and Miller is a security engineer for Twitter.
These two security researchers showed that they can turn off the breaks, for example, even if the driver is at the helm.
Using a grant from the Defense Advanced Research Projects Agency (DARPA), Miller and Valasek have been researching computerized car vulnerabilities since 2012 and will be displaying their findings at DEF CON, a hacker’s conference in Las Vegas next month.
Miller asserted that they “had full control of braking” and that they “disengaged the brakes so if you were going slow and tried to press the brakes they wouldn’t work. We could turn the headlamps on and off, honk the horn. We had control of many aspects of the automobile.”
• Turn off power to the steering
• Have the onboard GPS give incorrect directions
• Change the numbers on the speedometer
• Force the car to change direction
Miller explained: “At the moment there are people who are in the know, there are nay-sayers who don’t believe it’s important, and there are others saying it’s common knowledge but right now there’s not much data out there. We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars.”
Using the vehicle’s electronic control unit (ECU) and the on-board diagnostics port (OBD), Miller and Valasek gained control over a 2010 Ford Escape and Toyota Prius.
ECUs are embedded systems that “controls one or more of the electrical system or subsystems in a motor vehicle.”
The OBD is the “vehicle’s self-diagnostic and reporting” apparatus that “gives the vehicle owner or repair technician access to the status of the various vehicle sub-systems.”
A representative from Toyota explained that the hacker would have to be in the car to manipulate its systems.
He said: “Altered control can only be made when the device is connected. After it is disconnected the car functions normally. We don’t consider that to be ‘hacking’ in the sense of creating unexpected behavior, because the device must be connected – ie the control system of the car physically altered. The presence of a laptop or other device connected to the OBD [on board diagnostics] II port would be apparent.”
Hacking into cars that are remotely controlled, such as Google’s self-driving vehicles, is a concern and this researcher could uncover implications for security purposes.
In 2010, teams from the University of Washington (UW) and the University of California (UC) were able to breach the computer systems of cars using cellular phone connections, Bluetooth headsets and a CD.
Stefan Savage from UC explained that their research “explores how hard it is to compromise a car’s computers without having any direct physical access to the car.”
Computerized cars “contain cellular connections and Bluetooth wireless technology” that could be tapped into remotely and used to take over the controls of the vehicle, listen into the conversations taking place in the cab of the car and completely compromise the safety of the vehicle.
Because computer connections to cars are virtually indistinguishable from internet-connected computers, their propensity toward vulnerabilities from outside influences are similar.
Using an On-Star navigation unit, a hacker could utilize the controls a remote technician at the GPS corporation’s on-call center because they are fully capable of controlling a vehicle in the event of an accident or call from a customer.
With complete disregard for driver privacy, the Obama administration gave their consent to the National Highway Traffic Safety Administration (NHTSA) to mandate black box event data recorders (EDR) be installed in all new cars in the US.
The NHTSA says that by September 2014 all car and light trucks will be equipped with EDRs that will silently “record the actions of drivers and the responses of their vehicles in a continuous information loop.”
The information recorded by EDRs includes:
• vehicle speed
• whether the brake was activated in the moments before a crash
• crash forces at the moment of impact
• information about the state of the engine throttle
• air bag deployment timing and air bag readiness prior to the crash
• whether the vehicle occupant’s seat belt was buckled
The NHTSA claims that “EDRs do not collect any personal identifying information or record conversations and do not run continuously.”
Advanced EDRs can collect detailed information about drivers and their driving habits; including the size and weight of the driver, the seat position, the habits of the driver as well as passengers.
The excuse is the EDRs gather information about car crashes in the moments leading up to the accident that manufacturers can use to improve their safety measures when constructing vehicles. However, the government regulation utilizes surveillance technology with policies that do not outline the expressed use of the data collected in the EDRs.Read more
Information security, especially at schools that provide training on the subject, in for-profit higher education should not be a premium. It would make a really great story to send an “undercover” technician to DeVry and Rasmussen campuses to observe their incredible service delivery.
Rasmussen’s portal has long had a SQL injection vulnerability that has been published on the internet several times. It still remains uncorrected.
Rasmussen College and DeVry Institute of Technology are both HLC accredited schools with for-profit business models. Both schools often claim, “the same accreditation as Harvard” and other quality Universities. Surprisingly, the two institutions have a lot more in common. From sharing questionable leadership to providing questionable placement practices for students and even extremely questionable security policies, these institutions are the embodiment of the flaws of American education.
The curriculum, and curriculum for partner schools as mentioned later, is created by individuals that rarely have any current knowledge in the subjects. Course material is often incorrect or misunderstood by the instructors. The policy of both institutions require instructors with Masters Degrees, but because they do not invest in qualified candidates they will allow, for example, an individual with a Masters Degree in Business to teach OpenGL Programming based on course material created by an individual with no programming experience.
Rasmussen and DeVry not only share the same accreditation, but the sponsorship was provided with the same seed money. The two institutions share employees, transferring their employees back and forth. One such employee is Todd Pombert, a newly appointed Vice President of Infrastructure and Technology for Rasmussen College. Having very little professional experience when compared to individuals at similar roles, it was insisted Todd be given this role by Gerald Gagliardi. Gerald Gagliardi is on the board of directors for businesses like NetWolves and Rasmussen College itself. A shrewd investor from Boca Raton, Mr. Gagliardi is shrewd investor that has used his resources to create successful people and businesses as he decides. There is no altruism here.
Rasmussen College, Inc. itself, along with it’s sister company Deltak Innovation which is now owned by John Wiley & Sons in an attempt to break into online courseware, is reorganizing. Rasmussen Collge will be its own entity with I.T. services provided by Collegis Managed Services. These are the same employees but now with a different title. Services provided include lead generation, hosting online courses with the Angel, Blackboard and Moodle LMS systems; retaining student data and more. Customers of Collegis include Purdue University, University of Florida, Gonzaga, Benedictine, Lubbock, Anna Maria College and more – if a school’s online URL includes learntoday.info it is a Rasmussen (now Collegis) resource. Similarly, if the URL begins with “engage” then it is most likely a Collegis resource. These schools are outsourcing to Collegis hosting some of their online courses. There are no operational controls, no security officer and no practice in providing even the smallest amount of protection for the data these schools have hosted with Collegis. In particular, many colleges are Jesuit schools that are preyed upon for their association to other Jesuit colleges.
In the case of Todd Pombert this individual was promoted to a very senior role with no practical or noticeable work experience that should be required for a leader in an industry requiring critical care in student information security. A drop-out from his Master’s Degree, this individual maintains this position only because of the multi-level-marketing that DeVry and Rasmussen consider as qualifications for employment. There is no Security Officer for Rasmussen College. There is no reputable third party providing those services. Todd Pombert does not have the qualifications to adhere to industry practices that provide protection, confidentiality and integrity to managed services exposing flaws to their customers. Worse, an educational institution cannot provide and does not insist on the training required to keep students of Rasmussen and its partners safe. The lack of knowledge is so blatant that Todd Pombert keeps an archive of every email he received at DeVry to use as reference at Rasmussen. From confidential information, business plans, document templates and even financial data, much of DeVry’s history and future decisions are recorded unsecured on a “competitor” owned laptop with no disk encryption.
The school has all of the students in the same domain as contractors, faculty, staff and the board of directors. Not only does this create conflicts, but it allows any domain user (ie: student, contractor, etc) to browse the domain for information about any other user. Students are free to attempt to brute force Executive passwords giving them access to unencrypted financial information of other students and more. The network services between campus and the datacenter is the same class A network – you can reach the Chicago based datacenter from a school in Fargo from any ethernet jack. There are no standard, practical security mechanisms in place to prevent such a thing.
Students are forced to use a password convention that they often can’t change – firstname.lastname password: fl1234. This 6 character password utilizes the last four digits of the student’s social security number. None of the websites have any protection from common brute force attacks. If you know the name of a student (Joe Smith) then you know 1/3 of his password (jsXXXX) and it is trivial to use the portal, online courses or other services to continually guess 0000-9999. This exposes the student to possible fraud from someone acquiring their personal identifying information as well as allows an intruder to view the student’s grades, financial data email to the student with the same password and any academic work the student has previously submitted.
Staff manage students through a public RDP system at class.learntoday.info. There is no password policy assigned. Staff are free to use passwords including their own names and more. If an intruder gains access to the RDP system all student financial data is stored unencrypted on a Windows file share.
The wireless network for Rasmussen is WEP. WEP is a long outdated mechanism for securing a wireless network. Modern approaches to attacking WEP networks can allow an intruder to gain access within minutes. Again, financial data for students and the school itself are not encrypted in-place or in-flight. An attacker is able to gain access to any information just by being near a campus or corporate site.
There is no NAP, no RADIUS no 802.1X. The networks are completely unprotected. Coincidentally, both schools teach courses that promote the use of tools capable of easily harvesting corporate, student and financial data like Wireshark and Snort.
Even basic controls have been neglected. The printers and copiers throughout all sites run default settings with no authentication and the web interface enabled. Anyone can request a re-print of jobs including social security numbers or financial data.
The employee portal itself did not follow practical standards and did not have SSL protecting employee information from being broadcast in plain text. That includes the passwords of financial aid employees as well as C-level visitors to local campuses.
These points above may not even be considered the most critical flaws in the service provided. The practices of Rasmussen and DeVry are a blight on Higher Education as a whole. Their practices should be considered, and some are outright, criminally negligent.
Rasmussen and DeVry continue to pay their questionable leadership large amounts of money. This is a clear misappropriation. If even a fraction of Todd Pombert’s salary was spent on security reviews, operational controls or educating Todd Pombert then these schools would not be risking disastrous consequences for their students and students of large, responsible institutions like Purdue and the University of Florida.
For Rasmussen (Collegis) hosted instances of online platforms nearly all of the content has the same ACL. There is nothing protecting content from one school from being used in another school’s offering or worse – being copied by an intruder.
Finally, to add insult to injury, while these schools are raking in student tuition to pay higher amounts of money to irresponsible leadership, they are placing students with Bachelor’s degrees as minimum wage Gamestop clerks. They claim this to be “in-field” placement for Information Technology students. The subject of ballooning student loans is covered in-depth lately and there is no need to remind you that these students will never be able to pay their debt for an education they received at profit for individuals just as qualified as graduates.
-Anonymous Email Submission-Read more
City Dome Discovered On Mars In Juventae Chasma, Video & Photos
The Sixth Day of Fire, Tear Gas, and Blood in Istanbul
Woolwich murder: Younger brother of Michael Adebolajo ‘was paid thousands to spy in Middle East’ by MI6
Any iOS Device Can Be Compromised Within One Minute
SUPREME COURT: POLICE MAY TAKE DNA FROM EVERYONE THEY ARREST
North Carolina Law Would Make It Illegal to Expose Monsanto
Taxpayer dollars used by U.S. government to promote GMOs in other countries
Nutrition Information Every Cancer Patient Should Know
Every Week Night 12-1am EST (9-10pm PST)Read more
DynCorp is one of the most lucrative and infamous military contractors in the world, perhaps only surpassed by Halliburton. They both have a documented history of gunrunning, drug dealing, and human trafficking.
In addition, the actual work that they do on the record is sub par and their rebuilding efforts have gotten terrible reviews, especially DynCorp.
Despite this history of nefarious behavior and poor work, Dyncorp was just awarded a brand new $72.8 million dollar contract by the US government. Not only that, but they have also been given an advance exoneration from any liability.
That’s right, our wonderful government has just given DynCorp almost $73 million to continue what many believe will be shabby work that may only be used as a front for more sinister operations.
“DynCorp of West Virginia, one of the largest military contractors in Afghanistan, was awarded a $72.8 million contract to train pilots for the Air Force about one week after the special inspector general for reconstruction called the company’s earlier work at the Kunduz army base “unsatisfactory.”
The Special Inspector General for Afghanistan Reconstruction (SIGAR) wrote a scathing report in 2010 and a followup this year which found “serious soil stability issues . . . structural failures, improper grading, and new sink holes” that threatened the well-being of troops stationed there.
One sink hole was found near an electrical power transformer, whose failure “would result in a loss of electrical power over a large portion of Camp Pamir, causing significant financial loss and increasing the risk of injury through fire and electrical shock,” the report said.”
Dyncorp’s crimes go way deeper than this wasteful and careless construction work, as was mentioned earlier they are also heavily involved in clandestine operations that would make your average citizen cringe if they heard any of the details.
The Project on Government Oversight (POGO) did an investigation of the company and found 10 instances of misconduct, including a whistleblower lawsuit in which DynCorp agreed to pay $7.7 million to resolve allegations that it submitted inflated claims for the construction of camps in Iraq.
This same sort of behavior was reported from Halliburton when they destroyed hundred thousand dollar trucks to get them off the books and spent millions on air conditioning for empty tents, all in order to inflate their budgets.
The State Department’s own inspector general even filed a report claiming that DynCorp should pay the government $157,000 to reimburse them for food shortages at Camp Falcon in Kabul, Afghanistan, between November 2009 and January 2010.
These official reports are only scratching the surface though, there is a much darker side to these defense contractors.
As I discussed in my book Alchemy of the Modern Renaissance:
“Some of the world’s largest multinational corporations such as DynCorp and Halliburton were exposed as major players in the global human trafficking market.
These companies did not work alone, but cooperated with each other through various subsidiaries and had the luxury of government protection.
When suspicion was brought upon these companies it was swept under the rug by government officials, even high-ranking members of the establishment such as Donald Rumsfeld were implicit in covering up this scandal.
On March 11th 2005 he was questioned by Congresswoman Cynthia McKinney and he admitted on the record that the allegations did have credibility, but he pushed the blame off onto a few “rogue” employees.
He used the “few bad apples” line that the government always dishes out when they are caught up in scandal.
Although Rumsfeld and other high ranking officials claimed that they would look into the case, they actually prevented any serious investigations from taking place.
This happens every day, even organizations like the UN and NATO have come under fire for running slave rings out of third world countries when they are on “peacekeeping missions”
When Rumsfeld was questioned by Cynthia McKinney about Dyncorp and their supposed child sex/slavery ring and why our country keeps giving this company more and more money, Rumsfeld of course shifted all blame away from the government and Dyncorp as a whole.
“Mr. Secretary, I watched President Bush deliver a moving speech at the United Nations in September 2003, in which he mentioned the crisis of the sex trade. The President called for the punishment of those involved in this horrible business.
But at the very moment of that speech, DynCorp was exposed for having been involved in the buying and selling of young women and children. While all of this was going on, DynCorp kept the Pentagon contract to administer the smallpox and anthrax vaccines, and is now working on a plague vaccine through the Joint Vaccine Acquisition Program.
Mr. Secretary, is it [the] policy of the U.S. Government to reward companies that traffic in women and little girls?”
A RICO lawsuit filed in 2002 on behalf of a former Dyncorp employee directly claimed that children were being sold by employees in Bosnia.
Middle-aged men having sex with 12- to 15-year-olds was too much for Ben Johnston, a hulking 6-foot-5-inch Texan, and more than a year ago he blew the whistle on his employer, DynCorp, a U.S. contracting company doing business in Bosnia.
According to the Racketeer Influenced Corrupt Organization Act (RICO) lawsuit filed in Texas on behalf of the former DynCorp aircraft mechanic, “in the latter part of 1999 Johnston learned that employees and supervisors from DynCorpwere engaging in perverse, illegal and inhumane behavior [and] were purchasing illegal weapons, women, forged passports and [participating in other immoral acts. Johnston witnessed coworkers and supervisors literally buying and selling women for their own personal enjoyment, and employees would brag about the various ages and talents of the individual slaves they had purchased.”
Rather than acknowledge and reward Johnston’s effort to get this behavior stopped, DynCorp fired him, forcing him into protective custody by the U.S. Army Criminal Investigation Division (CID) until the investigators could get him safely out of Kosovo and returned to the United States.
The quote from the whistleblower below pretty much sums up the horrors we are dealing with.
“My main problem,” he explains, “was [sexual misbehavior] with the kids, but I wasn’t too happy with them ripping off the government, either. DynCorp is just as immoral and elite as possible, and any rule they can break they do.”
Although most employees of DynCorp are obviously just trying to do their job, the fact that this company has such a horrific past should be reason enough not to award them contract after contract with no real investigation of the past allegations levied against them.
For a dose of ‘entertainment’ on this subject, see movie “The Whistleblower” which is based on this true story of Sex Trafficking corruption in Bosnia
Security professionals, geeks and hackers around the world are hosting a series of cryptography training sessions for the general public.
The ‘crytoparty’ sessions were born in Australia and kicked off last week in Sydney and Canberra along with two in the US and Germany.
Information security experts and privacy advocates of all political stripes have organised the causal gatherings to teach users how to use cryptography and anonymity tools including Tor, PGP and Cryptocat.
Multiple sessions were proposed in Melbourne, Sydney, Adelaide, Canberra, Perth and two in Queensland. A further 10 were organised across Europe, Asia, Hawaii and North America, while dozens of requests were placed for sessions in other states and countries.
The cryptoparties were born from a Twitter discussion late last month between security researchers and Sydney mum and privacy and online activist known by her handle Asher Wolf.
For Wolf, the sessions were a way to reignite technical discussions on cryptography.
“A lot of us missed out on Cypherpunk (an electronic technical mailing list) in the nineties, and we hope to create a new entry pathway into cryptography,” Wolf said.
“The Berlin party was taught by hardcore hackers while Sydney had a diverse range of people attending. The idea is to teach people who don’t crypto how to use it.”
The concept resonated with the online security and privacy community.
It took only hours for about a dozen sessions to spring up around the world on a dedicated wiki page following what was only a casual Twitter exchange between Wolf and others — now cryptoparty organisers.
“When I woke up in the morning, they were all there,” Wolf said.
There was no formal uniformity between each crytoparty. Some were hands-on, with users practising on laptops and tablets, while others were more theory-based with some organisers.
Each session runs for around five hours.
The free classes could accommodate a maximum of about 30 to 40 attendees. One of the first parties in the Southeastern US state of Tennessee had more than 100 people turn up to its afterparty, an event complete with music, beer and fire-twirling.
Highlights: Foreign troops drafted in; drug deals in training classroom; ineffective screening processes and detection technology; photographs of sensitive mock-up screening areas taken by un-screened trainees; 200k ‘casket linings’ delivered; uniforms being stolen; plan for an evacuation of London; drones on-line (incl. armed); poor standard of security recruits — cant speak English.
Exclusive interview with investigative journalist Lee Hazledean who is training undercover as a security guard for the London olympics with private security firm G4S. Lee is a filmmaker and investigative TV journalist. He has also been involved in major stories on the IRA and how British Army infiltrated the organisation and carried out false flag operations. He has managed to get undercover as part of the security team at the 2012 Olympics with G4S. He has found there is a media black out on all major news outlets to do with the Olympics unless the story is broken in a news paper or foreign news agency it’s unlikely to see the light of day. Security training and officers are so appaling that the safety and security of the London 2012 Olympics are in jeopardy.
A few example’s: During an exercise he was asked to pose as a would-be terrorist and managed to get knives, guns and IED’s through security screening on every occasion and every exercise. The X-Ray operators have only two days of training, they aren’t trained properly and miss the most obvious prohibited items gun’s, knives, IED’s, ammunition etc. Bag and physical searchers again are missing dangerous weapons, trainees can’t use vital security equipment like the HHMD (Hand Held Metal detectors) they can’t even communicate properly with the public on a basic level. Worryingly the ‘Rapiscan’ walk through metal detectors don’t work properly and aren’t sensitive enough to pick up large knives, ammunition and other metallic threats. He was told that they would be set to go off only after 50 people have walked through to limit queuing time and to get spectators into the venue. So a Terrorist if they basically queued up would probably get through wearing a suicide vest. In classes there are drug deals going down, people can’t speak any English. People who haven’t even completed their SIA licenses yet are being picked to be Team Leaders over highly trained security officers, ex soldiers and ex police. Lee is concerned that weapons or worse will be getting into the games. However, what’s more disturbing is that uniforms are already going missing or being stolen. The training facility is an accurate mock-up of the actual security measures at the Olympic venues. Lee has witnessed several people taking photos on their mobile phones in the training facility and whilst they have been a few people caught by trainers most aren’t noticed. We know that terrorists take surveillance photos to gain intelligence. Contemporary International claim that they have mobile phone ‘jammers’ in the facility, however trainers admitted to Lee that there were no ‘jammers’ at all, it was a verbal deterrent.
Also there are plans for the evacuation of London, G4S are going to be at the forefront, as well as 100,000 troops coming in via Woolwich barracks made up of regular British Forces, American regular army and European troops. Lee was not told why there would be any need for an evacuation of the whole of London, they just said it was to be a “defining moment in the history of London”. This could just be a precaution but the public should be made aware of the foreign invasion which is taking place right now. The troops are being held across London in various barracks once they’ve been through Woolwich. Lee also had this information confirmed by an army doctor who was shocked at all the foreign troops coming into London. There is also a shipment of what are being described as casket linings, each casket can hold four or five people and 200,000 casket linings have been delivered we believe from America. Also we were shown videos of drones attacking targets in Afghanistan and were told that drones will be patrolling the sky’s over London during the Olympics carrying out surveillance and search and destroy missions if necessary.
London 2012 Olympics: ‘Missiles Left Unguarded’ Outside East London Flats:-
London 2012 Olympics: Public Given Access to Blackheath Anti-aircraft Missile Launcher:-
The Link Between Olympics’ Security and FEMA Concentration Camps:-
VPNs and SSH tunnels can both securely “tunnel” network traffic over an encrypted connection. They’re similar in some ways, but different in others – if you’re trying to decide which to use, it helps to understand how each works.
An SSH tunnel is often referred to as a “poor man’s VPN” because it can provide some of the same features as a VPN without the more complicated server setup process – however, it has some limitations.
How a VPN Works
VPN stands for “virtual private network,” – as its name indicates, it’s used for connecting to private networks over public networks, such as the Internet. In a common VPN use case, a business may have a private network with file shares, networked printers, and other important things on it. Some of the business’s employees may travel and frequently need to access these resources from the road. However, the business doesn’t want to expose their important resources to the public Internet. Instead, the business can set up a VPN server and employees on the road can connect to the company’s VPN. Once an employee is connected, their computer appears to be part of the business’s private network – they can access file shares and other network resources as if they were actually on the physical network.
The VPN client communicates over the public Internet and sends the computer’s network traffic through the encrypted connection to the VPN server. The encryption provides a secure connection, which means the business’s competitors can’t snoop on the connection and see sensitive business information. Depending on the VPN, all the computer’s network traffic may be sent over the VPN – or only some of it may (generally, however, all network traffic goes through the VPN). If all web browsing traffic is sent over the VPN, people between the VPN client and server can’t snoop on the web browsing traffic. This provides protection when using public Wi-Fi networks and allows users to access geographically-restricted services – for example, the employee could bypass Internet censorship if they’re working from a country that censors the web. To the websites the employee accesses through the VPN, the web browsing traffic would appear to be coming from the VPN server.
Crucially, a VPN works more at the operating system level than the application level. In other words, when you’ve set up a VPN connection, your operating system can route all network traffic through it from all applications (although this can vary from VPN to VPN, depending on how the VPN is configured). You don’t have to configure each individual application.
How an SSH Tunnel Works
SSH, which stands for “secure shell,” isn’t designed solely for forwarding network traffic. Generally, SSH is used to securely acquire and use a remote terminal session – but SSH has other uses. SSH also uses strong encryption, and you can set your SSH client to act as a SOCKS proxy. Once you have, you can configure applications on your computer – such as your web browser – to use the SOCKS proxy. The traffic enters the SOCKS proxy running on your local system and the SSH client forwards it through the SSH connection – this is known as SSH tunneling. This works similarly to browsing the web over a VPN – from the web server’s perspective, your traffic appears to be coming from the SSH server. The traffic between your computer and the SSH server is encrypted, so you can browse over an encrypted connection as you could with a VPN.
However, an SSH tunnel doesn’t offer all the benefits of a VPN. Unlike with a VPN, you must configure each application to use the SSH tunnel’s proxy. With a VPN, you’re assured that all traffic will be sent through the VPN – but you don’t have this assurance with an SSH tunnel. With a VPN, your operating system will behave as though you’re on the remote network – which means connecting to Windows networked file shares would be easy. It’s considerably more difficult with an SSH tunnel.
For more information about SSH tunnels, see this guide to creating an SSH tunnel on Windows with PuTTY. To create an SSH tunnel on Linux, see our list of cool things you can do with an SSH server.
Which Is More Secure?
If you’re worried about which is more secure for business use, the answer is clearly a VPN — you can force all network traffic on the system through it. However, if you just want an encrypted connection to browse the web with from public Wi-Fi networks in coffee shops and airports, a VPN and SSH server both have strong encryption that will serve you well.
There are other considerations, too. Novice users can easily connect to a VPN, but setting up a VPN server is a more complex process. SSH tunnels are more daunting to novice users, but setting up an SSH server is simpler – in fact, many people will already have an SSH server that they access remotely. If you already have access to an SSH server, it’s much easier to use it as an SSH tunnel than it is to set up a VPN server. For this reason, SSH tunnels have been dubbed a “poor man’s VPN.”
Businesses looking for more robust networking will want to invest in a VPN. On the other hand, if you’re a geek with access to an SSH server, an SSH tunnel is an easy way to encrypt and tunnel network traffic – and the encryption is just as good as a VPN’s encryption.
This is a guide with which even a total noob can get high class security for his system and complete anonymity online. But its not only for noobs, it contains a lot of tips most people will find pretty helpfull. It is explained so detailed even the biggest noobs can do it^^ :
=== The Ultimate Guide for Anonymous and Secure Internet Usage v1.0.1 ===
Table of Contents:
- Obtaining Tor Browser
- Using and Testing Tor Browser for the first time
- Securing Your Hard Drive
- Setting up TrueCrypt, Encrypted Hidden Volumes
- Testing TrueCrypt Volumes
- Securing your Hard Disk
- Temporarily Securing Your Disk, Shredding Free Space
- Installing VirtualBox
- Installing a Firewall
- Firewall Configuration
- Installing Ubuntu
- Ubuntu Initial Setup
- Installing Guest Additions
- Installing IRC (Optional)
- Installing Torchat (Optional)
- Creating TOR-Only Internet Environment
- General Daily Usage
By the time you are finished reading and implementing this guide, you will be able to securely and anonymously browse any website and to do so anonymously. No one not even your ISP or a government agent will be able to see what you are doing online. If privacy and anonymity is important to you, then you owe it to yourself to follow the instructions that are presented here.
In order to prepare this guide for you, I have used a computer that is running Windows Vista. This guide will work equally well for other versions of Windows. If you use a different operating system, you may need to have someone fluent in that operating system guide you through this process. However, most parts of the process are easily duplicated in other operating systems.
I have written this guide to be as newbie friendly as possible. Every step is fully detailed and explained. I have tried to keep instructions explicit as possible. This way, so long as you patiently follow each step, you will be just fine.
In this guide from time to time you will be instructed to go to certain URLs to download files. You do NOT need TOR to get these files, and using TOR (while possible) will make these downloads very slow.
This guide may appear overwhelming. Every single step is explained thoroughly and it is just a matter of following along until you are done. Once you are finished, you will have a very secure setup and it will be well worth the effort. Even though the guide appears huge, this whole process should take at the most a few hours. You can finish it in phases over the course of several days.
It is highly recommended that you close *ALL* applications running on your computer before starting.Read more
Over the past year, the U.S. government has begun to think of Anonymous, the online network phenomenon, as a threat to national security. According to The Wall Street Journal, Keith Alexander, the general in charge of the U.S. Cyber Command and the director of the National Security Agency, warned earlier this year that “the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.” His disclosure followed the U.S. Department of Homeland Security’s release of several bulletins over the course of 2011 warning about Anonymous. Media coverage has often similarly framed Anonymous as a threat, likening it to a terrorist organization. Articles regularly refer to the Anonymous offshoot LulzSec as a “splinter group,” and a recent Fox News report uncritically quoted an FBI source lauding a series of arrests that would “[chop] off the head of LulzSec.”
This is the wrong approach. Seeing Anonymous primarily as a cybersecurity threat is like analyzing the breadth of the antiwar movement and 1960s counterculture by focusing only on the Weathermen. Anonymous is not an organization. It is an idea, a zeitgeist, coupled with a set of social and technical practices. Diffuse and leaderless, its driving force is “lulz” — irreverence, playfulness, and spectacle. It is also a protest movement, inspiring action both on and off the Internet, that seeks to contest the abuse of power by governments and corporations and promote transparency in politics and business. Just as the antiwar movement had its bomb-throwing radicals, online hacktivists organizing under the banner of Anonymous sometimes cross the boundaries of legitimate protest. But a fearful overreaction to Anonymous poses a greater threat to freedom of expression, creativity, and innovation than any threat posed by the disruptions themselves.
No single image better captured the way that Anonymous has come to signify the Internet’s irreverent democratic culture than when, in the middle of a Polish parliamentary session in February 2012, well-dressed legislators donned Guy Fawkes masks — Anonymous’ symbol — to protest their government’s plan to sign the Anti-Counterfeiting Trade Agreement (ACTA). The treaty, designed to expand intellectual-property protection, involved years of negotiation among the United States, Japan, and the European Union, which are all like-minded on copyright law. It had the support of well-organized and well-funded companies, particularly in Hollywood and the recording industry. Although originally negotiated in secret, its contents were exposed by WikiLeaks in 2008. As a result, public pressure caused the treaty’s negotiators to water down many of its controversial provisions. But the final version still mimicked the least balanced aspects of U.S. copyright law, including its aggressive approach to asset seizure and damages. And so a last-minute protest campaign across Europe, using the symbolism of Anonymous, set out to stop the agreement from coming into force. So far, it has succeeded; no signatory has ratified it.
That is power — a species of soft power that allows millions of people, often in different countries, each of whom is individually weak, to surge in opposition to a given program or project enough to shape the outcome. In this sense, Anonymous has become a potent symbol of popular dissatisfaction with the concentration of political and corporate power in fewer and fewer hands.
It is only in this context of protest that one can begin to assess Anonymous’ hacking actions on the Internet. Over the last several years, the list of Anonymous’ cyber targets has expanded from more-or-less random Web sites, chosen for humor’s sake, to those with political or social meaning. In 2010, Anonymous activists launched a distributed denial of service (DDoS) attack — an action that prevents access to a Web site for several hours — against Web sites of the Motion Picture Association of America and the International Federation of the Phonographic Industry, the major trade groups for the film and music industries. The action came in response to revelations that several Indian movie studios had used an Indian company called Aiplex to mount vigilante DDoS attacks against illegal file-sharing sites.
By: Yochai Benkler, April 4, 2012Read more
Anonymous have unveiled their second major release for this week’s installment of FuckFBIFriday. Their target this time around is Frank Wuterich, the US Marine that admitted to killing Iraqi civilians — and received no jail time for his crime.
Early Friday afternoon, members of the loose-knit online collective Anonymous began circulating news that the website for Puckett and Faraj, the high-profile attorneys that represented Sgt. Frank Wuterich in his recent trial, had been hacked. Wuterich admitted to leading Marines into two civilian homes in Haditha, Iraq in 2005, massacring 24 civilians including women, children and an elderly man confined to a wheelchair.
In response, hacktivists with Anonymous have uncovered gigabytes worth of correspondence from Sgt. Wuterich’s attorneys and affiliated parties.
Last month, a military tribunal finally finished their hearing on Sgt. Wuterich, more than six years after the notorious slaughter. Insiders reported before his sentencing that he was expected to receive only 90 days behind bars. When the case ended, he was sentenced to zero.
Anonymous members have hacked into the website for Sgt. Wuterich’s attorneys and have since defaced it with a detailed message explaining how the self-proclaimed “cold-blooded killer” became their latest target.
“As part of our ongoing efforts to expose the corruption of the court systems and the brutality of US imperialism, we want to bring attention to USMC SSgt Frank Wuterich who along with his squad murdered dozens of unarmed civilians during the Iraqi Occupation,” reads a message now on the homepage of his attorney’s website. “Can you believe this scumbag had his charges reduced to involuntary manslaughter and got away with only a pay cut?”
“Meanwhile,” adds the Anonymous-penned message, “Bradley Manning who was brave enough to risk his life and freedom to expose the truth about government corruption is threatened with life imprisonment.”
“When justice cannot be found within the confines of their crooked court systems, we must seek revenge on the streets and on the internet – and dealing out swift retaliation is something we are particularly good at. Worry not comrades, it’s time to deliver some epic ownage.”
In addition to defacing the website of his attorneys, nearly 3 gigabytes of email correspondence belonging to his attorneys have been leaked online.
“And to add a few layers of icing to this delicious caek, we got the usual boatloads of embarrassing personal information. How do you think the world will react when they find out Neal Puckett and his marine buddies have been making crude jokes about the incident where marines have been caught on video pissing on dead bodies in Afghanistan? Or that he regularly corresponds with and receives funding from former marine Don Greenlaw who runs the racist blog http://snooper.wordpress.com? We believe it is time to release all of their private information and court evidence to the world and conduct a People’s trial of our own,” writes Anonymous
The announcement this afternoon comes only hours after Anonymous operatives posted a recorded phone message that they intercepted from the FBI and Scotland Yard. Hours later, The Associated Press reports that the FBI confirmed the interception and says it is going after the parties responsible.
SOURCE: http://rt.com/usa/news/anonymous-time-wuterich-attorneys-463/Read more