The possibility that there is a backdoor in one of the officially recommended random number generators (RNGs) used to create encryption keys, has caused two well-known encryption experts to declare the scheme to be useless.
If you thought using an Apple with Mac OS was safe from all the nasties out there, think again!!! Even though the risk is lower for Mac OS compared to Windows, you still need to take the proper precautions.
In the words of many Windows antimalware developers, OS X users can feel a little less smug about their security after a new piece of OS X malware was discovered circulating on various fake codec sites. As would be expected, this news is beginning to receive fairly widespread coverage across the Internet, though more coverage has been received in recent days on arguments about whether the Leopard firewall is fundamentally flawed or not (probably not).Read more
Those tempted to download software cracks to unlawfully activate software from a trial mode into a paid mode have been warned that they may be unknowingly installing hacking tools onto their system.
Security features that Apple Inc. added to Leopard look great on paper, but in practice most are half-baked or useless, experts said Wednesday. And none of those features, good or bad, will make a whit of difference in how safe Mac users are when they hit the Internet.
"If security was the deciding factor, I wouldn’t be using my MacBook. But it’s not [the deciding factor]. The MacBook, and the tools on it, that’s what is."
Read this article on The Register about how attacker were able to hack the Bank of India website to infect its online customers with malware. You might re-think whether your bank is truly delivering on its promises for safer online banking... go through their policy statements... you might be surprised to find out exactly how much they claim liability if you get compromised while doing an online transaction.
The $84 million Internet porn filter implemented just recently by the Australian government has been cracked by a teenager in just 30 minutes :) Read more...
This maybe a lesson to some people that in the world of computer security, big bucks alone can't solve their problems...
Five of the eight Ubuntu community servers were compromised and used to attack other systems. The servers were shut down to deal with the compromise and are now back online. Canonical, the sponsor and manufacturer of Ubuntu, states the breach was due to more than 15 unpatched web applications running in parallel on the systems, out of date server software being used and the systems using unencrypted FTP.reported on SANS... read full article.
This is an interesting article about e-passports and buffer overflows in e-passport readers.
I think since there are some countries introducing e-passports (Maldives issued its first e-passport to the president and first lady on July 26 this year) it is important to be aware of the security issues involved in them.
There have been a number of security issues (including hacks that were demonstrated to the public) involving e-passports especially in the EU and USA. Some articles talk about how people can actually read the information stored on these RFID chips from a distance without the knowledge of the owner. So imagine someone being able to steal your biometric information such as facial or fingerprint information and store it on his own e-passport and... Well you get the idea!
Original Article: Wired - Scan This Guy's E-Passport and Watch Your System Crash
Recently I came across an interesting post on Schneier's blog on how people can abuse the system, especially if such systems aren't designed in such a way to avoid such vulnerabilities.
I will just quote as it was in the original article which was also quoted no his post.
" Defense lawyers in a number of other terrorism suspect cases accused informants of solely seeking financial boon by creating so-called terrorists that did not exist.Original Article: Southern California InFocus: Is Big Brother at your mosque?According to court records, Eldawoody was paid $100,000 over a period of 3 years.
Since Siraj's conviction, Eldawoody has his rent covered and receives a monthly stipend of $3,200.
According to The Washington Post, a police spokesman indicated the direct payments to Eldawoody would likely continue "indefinitely."
With such incentives, critics argue, informants are likely to be created out of thin air to join the "inform-and-cash" industry.
Meanwhile, the Muslim community across the country is feeling the heat of being closely watched.
"This is creating mistrust between our community and law enforcement officials," Ayloush said.
In light of their extensive criminal records, Ayloush added, these individuals would neither qualify as police officers nor as FBI agents, yet they are on the payroll of law enforcement agencies and are allowed to do law enforcement work.
"We all respect hardworking law enforcement agents," Ayloush said. "But mercenary informants? Hardly." "
YouTube is truly the most popular service for sharing and uploading video from people throughout the world. It has become a way of life for some people as they spend hours and hours on channels viewing videos ranging for funny clips to those showing high school students beating up and bullying other kids.
Since this craze has been spreading among the Internet users like an epidemic, some people have been devising ways of using this to their advantage, and these people have alternative motives than to just share a visually appealing video clip.
Yes I am talking about the black hat hackers once again exploiting something that people use because they simply can. Security experts say that those video files that you view can be booby trapped.
A fake video file containing the Zlob Trojan has been planted on the video-sharing site. If selected, the Trojan bombards infected users with ads. It might also be used to upload other forms of malware onto compromised PCs. - The Register
