175016743
submission
krakman writes:
more than 2,800 injured, 9 dead in Lebanon as pagers used by Hezbollah explode
Looks like someone is having serious supply chain issues..
“Each one who received a new pager, throw it away,” said a voice message that was circulated to Hezbollah members, according to one of the members, who shared it with The Washington Post.
174541633
submission
krakman writes:
In the SEC's case against 2020 hacking victim SolarWinds, U.S. District Judge Paul A. Engelmayer on Thursday, granted most of the company’s motion to dismiss, holding that current laws give the SEC authority only over financial controls, not all internal controls.
Engelmayer did not dismiss the case entirely, allowing the SEC to try to show that SolarWinds and top security executive Timothy Brown committed securities fraud by not warning in a public “security statement” before the hack that it knew it was highly vulnerable to attacks.
140477192
submission
krakman writes:
Corellium virtualized ios.. and let others have access to the virtualized ios for 'security research purposes'.
Apple supposedly tried to buy the predecessor company and failed.. then they did what apple does best... Sued...for violations of copyright law.
Then .. it happened.. apple lost.. a florida judge threw out apple's case... more on this in (paywalled) article: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.washingtonpost.com...
and lost...
68170717
submission
krakman writes:
Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.
The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging Chancellor Merkels phone earlier.
Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.
Another result of Security being thought of after the fact, as opposed to part of the initial design.
56455023
submission
krakman writes:
From Bloomberg...
http://www.bloomberg.com/news/...
Bitcoin plunged more than 8 percent today after a Tokyo-based exchange halted withdrawals of the digital currency, citing technical malfunction.
Mt. Gox, claimed in a blog post it needed to “temporarily pause on all withdrawal requests to obtain a clear technical view of the currency processes.” It promised an “update” — not a reopening — on Monday, Feb. 10, Japan time.
This is day after Russia's Prosecutor General concluded Bitcoin and other digital currencies are illegal under current law.
54356315
submission
krakman writes:
With the NSA disclosures, French media was 'outraged'. Yet they appear to be worse then the NSA, with a new law that codifies standard practice and provides for no judicial oversight while allowing electronic surveillance for a broad range of purposes, including “national security,” the protection of France’s “scientific and economic potential” and prevention of “terrorism” or “criminality.” ( NYTIMES article: http://www.nytimes.com/2013/12/15/world/europe/france-broadens-its-surveillance-power.html )
The government argues that the law, passed last week with little debate as part of a routine military spending bill, which takes effect in 2015, does not expand intelligence powers. Rather, officials say, those powers have been in place for years, and the law creates rules where there had been none, notably with regard to real-time location tracking.
French intelligence agencies have little experience publicly justifying their practices. Parliamentary oversight did not begin until 2007.
The Association des Services Internet Communautaires, or @sic, an advocacy group whose members include AOL, eBay, Facebook, Google, Microsoft and several top French Internet companies, discovered the new legislation essentially by chance.
“There was no consultation at all,” said Giuseppe de Martino, @sic’s director and an executive at Dailymotion, a French online video service. “No one said anything about it to us.”
54347583
submission
krakman writes:
In a NY Times article ( http://www.nytimes.com/2013/12/15/us/officials-say-us-may-never-know-extent-of-snowdens-leaks.html) a 6 month internal investigation has not been able to define the actual files that Edward Snowdon had copied.
There is a suspicion that not all the documents have been leaked to newspapers, and a senior NSA official (Rick Ledgett), who is heading the security agency’s task force examining Mr. Snowden’s leak, has said on the record, that he would consider recommending amnesty for Mr. Snowden in exchange for those unleaked documents.
The investigation managed to reveal so far, that Snowdon hacked firewalls and used coworkers security credentials to gain systemwide access.
“They’ve spent hundreds and hundreds of man-hours trying to reconstruct everything he has gotten, and they still don’t know all of what he took,” a senior administration official said. “I know that seems crazy, but everything with this is crazy.”
That Mr. Snowden was so expertly able to exploit blind spots in the systems of America’s most secretive spy agency illustrates how far computer security still lagged years after President Obama ordered standards tightened after the WikiLeaks revelations of 2010.
54034463
submission
krakman writes:
A very interesting story on how the background to how the FBI can investigate and get details from computers over the net, without knowing anything about the computer location. Not from some conspiracy rag, but Washington Post regarding FBI "network investigative techniques":
"The man who called himself “Mo” had dark hair, a foreign accent and — if the pictures he e-mailed to federal investigators could be believed — an Iranian military uniform. When he made a series of threats to detonate bombs at universities and airports across a wide swath of the United States last year, police had to scramble every time.
Mo remained elusive for months, communicating via e-mail, video chat and an Internet-based phone service without revealing his true identity or location, court documents show. So with no house to search or telephone to tap, investigators turned to a new kind of surveillance tool delivered over the Internet." ...
