Infosec links July 11, 2014

Kaspersky Lab uncovers new Android and iOS spying tools - Ian Barker - betanews

A company called Hacking Team has developed a trojan that can spy on both Android and iOS devices. It’s delivered via spear phishing and malware that gets the trojan installed when the phone is synced with an infected computer. Most of the functions appear to be for surveillance purposes. I wonder who would want to purchase such a thing.

More on Hacking Team's Government Spying Software - Bruce Schneier - Schneier on Securit

Well ethical governments of course. At least that’s who Hacking Team claims they sell the trojan to. What’s the criteria for an ethical government?

  • Must be nice to citizens

  • Must feed the hungry

  • Must provide hugs

  • Must not surv$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

The Ex-Google Hacker Taking on the World's Spy Agencies - Andy Greenberg - WIRED

Really interesting profile on Marquis-Boire who used to work for Google as a security researcher, but now works for First Look Media. His job, to keep journalists who handle sensitive information, e.g. Gleen Greenwald, safe.

This post first appeared on Exploring Information Security.

Bruce Schneier infosec inception links July 8, 2014

Could Keith Alexander's Advice Possibly Be Worth $600K a Month? - Bruce Schneier - Schneier on Security

What does being the head of the National Security Agency (NSA) get you in retirement? A 600K asking price for security advice. And probably for good reason. Think of all the classified knowledge he has that could help an organization become secure.

NSA Targets the Privacy-Conscious for Surveillance - Bruce Schneier - Schneier on Security

If you use Tor, Tails or other privacy/anonymous types of sites and tools (or read BoingBoing), you’re likely being targeted for monitoring by the NSA.

NSA Employee Flees to Hong Kong -- You won't Believe What Happens Next - Bruce Schneier - Schneier on Security

Another batch of NSA documents have hit the media:

90% of the individuals eavesdropped on were not the targets of the surveillance.

What does the NSA do with the data once they’ve determined it’s unnecessary? Keep it.

This post first appeared on Exploring Information Security.

Infosec links June 16, 2014

GCHQ Intercept sites in Oman - Bruce Schneier - Schneier on Security

The Brits have a spy base in the Middle East that taps into undersea cables, according to a Guardian story. What's more interesting than the story itself is that this information did not come from Edward Snowden or his plethora of files. Are we seeing more leakers and whistleblowers within the government? It's very possible.

To defeat encryption, feds deploy the Subpeona - David Kravets - ars technica

Project on Government Oversight's (POGO) mission is:

nonpartisan independent watchdog that champions good government reforms. POGO’s investigations into corruption, misconduct, and conflicts of interest achieve a more effective, accountable, open, and ethical federal government.

According to the story, POGO suggests that whistleblowers use Tor to report abuses to their encrypted submission portal. As a result, and after the most recent potential US Veterans Administration scandal, the government is trying to use super subpoena power to get at the information being submitted to POGO. The response from POGO, "You no has our data:"

If the VA doesn't drop its subpoena, POGO said it would never turn the data over, even if ordered to by a judge.

"We are certainly prepared to go to court," Newman said. "We are certainly prepared to go to jail to prevent any of that information from being released."

Bravo

Trickle down surveillance - Nathan Freed Wessler - Aljazeera America

More and more local police forces are use a device called stingrays. These devices are technology that have trickled down from the NSA and allow the user to track cellphones and identifying information. I can see where this becomes handy, but it's not a pinpoint type of device. It grabs everyone's cell phone information within an area, because it essentially acts like a cellphone tower. There's supposed to be some transparency with these devices, but it appears that some entities are trying to hide the usage of the device.

 

 This post first appeared on Exploring Information Security.

NSA owns your tweets May 14, 2014

This post first appeared on Exploring Information Security.

Surveillance and privacy links April 25, 2014

Info on Russian Bulk Surveillance - Bruce Schneier - Schneier on Security

It appears that the infosec community and media have begun to shine the spotlight on Russian surveillance and their accompanying laws.

Coversnitch - Bruce Schneier - Schneier on Security

It's a lamp that has it's own Twitter account. What does it tweet about? Anyone having a conversation around the lamp. For less than $100 two artists have created a household device that not only listens to your conversations, but also tweets about it.

Parents win against cloud storage of US students' private information - Lisa Vaas - Naked Security

How would you feel if your children's personal information was being uploaded to a cloud provider by the school district he or she goes to? Well, several tech-savvy parents were none to pleased when several school districts across the country were doing exactly that. I get the idea behind the service, but I'm inclined to agree with the outrage. Now if we could just get outraged about parents who compromise their kids personal lives by posting about them on social media sites.

This post first appeared on Exploring Information Security.

InfoSec Links April 5, 2014

Fandango, Credit Karma settle with FTC over app security flaws - by Kate Tummarello - The Hill

If you build an insecure app the FTC is going to come after you. Hopefully, this will make developers start taking security into consideration when build apps. Especially, when it deals with some form of currency.

Web TV service Boxee.tv Hacked, Details of 158,000 Forum Users Leaked - By Eduard Kovacs - Softpedia

If you have a Boxee.tv account you might want to go change your password. And this is just another example of why you want to have different passwords for different accounts. If you need help with managing your password might I suggest Password Safe (look for a post in the future).

Big Brother Goes Dutch - by Lee Munson - Security Watch

The Dutch have voted fore more surveillance. /facepalm

 This post first appeared on Exploring Information Security.