Tag Archives: security

FBI pressing for backdoor access to Facebook, Google | via @Engadget

Investigators at the FBI supposedly aren’t happy that social networks like Facebook or Google+ don’t have the same kind of facility for wiretaps that phones have had for decades. If claimed industry contacts for CNET are right, senior staff at the bureau have floated a proposed amendment to the 1994-era Communications Assistance for Law Enforcement Act (CALEA) that would require that communication-based websites with large user bases include a backdoor for federal agents to snoop on suspects.

via engadget.com

Creepy.

Surveillance drones coming to your backyard

Until now, the use of unmanned drones has been tightly regulated by the Federal Aviation Administration. Use has mostly been restricted to government agencies, and applications for private use were considered on a case-by-case basis. As of last summer, the FAA had only approved about 100 applications from private parties to fly unmanned drones.

But that’s about to change. According to the New York Times, the new legislation mandates that the FAA begin allowing the use of small drones (under 4.4 pounds) by law enforcement within 90 days. And the agency must overhaul its drone regulations by September 30, 2015, including allowing more widespread use of drones by private parties.

Computer Virus Hits U.S. Drone Fleet via @wiredmag

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

I certainly understand the tactical advantage of removing our soldiers from combat situations, but I fear what this technology implies. The drones are tools, which can be hijacked and reused – just like any other weapon of war. Or worse, they can be used to justify engaging in conflicts we otherwise normally wouldn’t partake in due to risk. But when we start to value our own lives so much more than our enemies that we put the destrictuive power in the hands of autonomous agents of war, and disconnect ourselves from the reality and consequences of our war machine, we open the door to our military system being hijacked from within, and fostering even more ‘shadow wars.’

Major Internet Service Providers Cooperating with NSA on Monitoring Traffic

Three of the nation’s largest Internet service providers are cooperating with a new National Security Agency program to sift through the traffic of major defense contractors with the goal of blocking cyberattacks by foreign adversaries, senior defense and industry officials say.

The novel program, which began last month on a voluntary, trial basis, relies on sophisticated NSA data sets to identify malicious programs slipped into the vast stream of Internet data flowing to the nation’s largest defense firms. Such attacks, including one last month against Bethesda-based Lockheed Martin, are nearly constant as rival nations and terrorist groups seek access to U.S. military secrets.

Well, that could be the start of something truly terrifying. Simply setting up the infrastructure to do this kind of monitoring is a very dangerous first step. I wonder how they’re intercepting traffic without violating the privacy rights of those communicating from inside the US for non-Terrorist reasons?

Apple cracks down on MacDefender, prevents malware downloads with daily quarantine list — Engadget

Preconceptions aside, Apple products do occasionally spread viruses, and not just the biological kind, which is why Cupertino saw fit to equip Mac OS X 10.6 Snow Leopard with a quarantine function to safely set malware aside. This week, however, Apple’s kicking those digital white blood cells into high gear, updating that quarantine list daily with a new background process. The company’s primarily got its crosshairs on the recent MacDefender scare, of course, but on the off-chance malware starts coming out of the woodwork, it sounds like you won’t have to wait for a formal security update to be forewarned of the dangers. If privacy’s your primary concern, however, you can also opt-out — take a gander at our source links to see how it’s done.

I’m generally not a fan of any software that monitors my activity, intercepting “risky” files on the fly, but not having to install a Malware update every day sounds like an idea Microsoft should steal.

U.S. probes Google’s serious China hacking allegation

Google announced on Wednesday that suspected Chinese hackers tried to steal passwords of hundreds of Google email account holders, including senior U.S. government officials, Chinese activists and journalists.

The claim by the world’s largest Web search company sparked an angry response from Beijing, which said blaming China was “unacceptable”. This pointed to further tensions in Beijing’s already strained relationship with Google and with Washington, which has been warily watching China’s moves in cyberspace.

Well, it was bound to happen sooner or later. Too many people depend on the free Gmail service to handle everything from emails to calendars to contact info, making it quite a high profile target with some very low-hanging fruit.

Makers Of Mac Defender Release New Malware

Apple has promised to take care of the Mac Defender malware that has spread across users’ computers. But the makers of the original have created a new version that’s even more of a threat as it doesn’t require a password to install itself.

Sure, this is annoying – but frightening? Anyone who believed that the most valuable tech company in the world, with an install base in the billions, would be able to produce a computer impervious to the coordinated attacks of the global hacker community, probably had his common sense uninstalled already.

Symantec: Facebook Security Flaw Could Have Compromised User Information

Symantec has published a report claiming that for several years nearly 100,000 Facebook apps have been leaking access codes belonging to millions of users’ profiles.

Symantec’s report says that an app security flaw may have given advertisers and other third parties access to Facebook users’ profiles, though a Facebook spokesperson said in a statement that there is “no evidence” of this occurring.

Writes Symantec:

We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

Symantec compares these “access tokens” to spare keys that let apps interact with your profile.

US Army picks Android

The US military is preparing to arm troops with the latest in mobile technology, developing a mobile device based on the Android OS.

While iPhones are unquestionably the popular choice for preening media types hanging out in Soho, it seems that the Google system is the weapon of choice for military folk for hunting down insurgents in Fallujah.

A prototype device called the Joint Battle Command-Platform being developed by MITRE is already undergoing tests with Android used to run the software as part of a bid to reduce the amount of weighty equipment being lugged around by troops.

There are also already a variety of uses for the smartphone such as apps for keeping track of friendly forces, no doubt also handy for the US’s cannon fodder allies, and ‘critical messaging’ which can exchange important data such as medevac requests.

Why would the army choose to give our soldiers the most unsecured mobile platform in the world? Especially on the heels of the BotNet disaster a month or so ago, I’m very concerned about the potential for critical military information to be compromised by rogue applications installed by unwary users at a whim.

Maybe there will be some kind of private/enterprise security suite developed for Andorid, but there’s no fixing the fact that the platform is fundamentally far more vulnerable than something like BlackBerry’s enterprise-level security features.

Please, let’s just not cross the bridge into allowing our military to pilot drones via handheld mobile devices. It’s a logical extension of bringing as much safety to our personnel as possible, but I find the gamification of war a very troubling possibility. Adding unsecured, powerful communications devices into the mix just seems like a truly terrible idea.

What happens when the network gets hacked, and clever enemies figure out how to ‘spoof’ enemy contact signals? It seems like a very small step to make these phones our own Achilles heel.