(via Perv Utopia: Light on MacBook webcams can be bypassed | Ars Technica)
go analog - put a piece of tape or post-it note or something over the webcam when not in use…

(via Perv Utopia: Light on MacBook webcams can be bypassed | Ars Technica)

  • go analog - put a piece of tape or post-it note or something over the webcam when not in use…
(via Scientist-developed malware covertly jumps air gaps using inaudible sound | Ars Technica)

Computer scientists have developed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection.
The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an “air gap” between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals…

oh fuck…

(via Scientist-developed malware covertly jumps air gaps using inaudible sound | Ars Technica)

Computer scientists have developed a malware prototype that uses inaudible audio signals to communicate, a capability that allows the malware to covertly transmit keystrokes and other sensitive data even when infected machines have no network connection.

The proof-of-concept software—or malicious trojans that adopt the same high-frequency communication methods—could prove especially adept in penetrating highly sensitive environments that routinely place an “air gap” between computers and the outside world. Using nothing more than the built-in microphones and speakers of standard computers, the researchers were able to transmit passwords and other small amounts of data from distances of almost 65 feet. The software can transfer data at much greater distances by employing an acoustical mesh network made up of attacker-controlled devices that repeat the audio signals…

oh fuck…

(via Snapchat has passed ‘about a dozen’ unopened messages to law enforcement under search warrant)

Think those unopened self-destructing Snaps disappear forever unseen, too? Guess again. After detailing the timeline for how and when user messages are deleted in the spring, Snapchat says that it has given law enforcement “about a dozen” unopened Snaps at the request of law enforcement search warrants since May 2013. In a blog post, trust and safety head Micah Schaffer says that the messages are only manually retrieved under these circumstances in compliance with the Electronic Communications Privacy Act (ECPA)and that only he and the CTO Bobby Murphy have the ability to do so in the 30-day window that the messages remain on the servers. Schaffer went on to say that although the timeline for deleting Stories varies from that of Snaps, Stories fall under the same disclosure process. Stories and the messages they contain can be “viewed repeatedly” for up to 24 hours before they’re automatically deleted. So those selfies meant for two-second viewing aren’t immune from a prying eye? Bummer.

(via Snapchat has passed ‘about a dozen’ unopened messages to law enforcement under search warrant)

Think those unopened self-destructing Snaps disappear forever unseen, too? Guess again. After detailing the timeline for how and when user messages are deleted in the spring, Snapchat says that it has given law enforcement “about a dozen” unopened Snaps at the request of law enforcement search warrants since May 2013. In a blog post, trust and safety head Micah Schaffer says that the messages are only manually retrieved under these circumstances in compliance with the Electronic Communications Privacy Act (ECPA)and that only he and the CTO Bobby Murphy have the ability to do so in the 30-day window that the messages remain on the servers. Schaffer went on to say that although the timeline for deleting Stories varies from that of Snaps, Stories fall under the same disclosure process. Stories and the messages they contain can be “viewed repeatedly” for up to 24 hours before they’re automatically deleted. So those selfies meant for two-second viewing aren’t immune from a prying eye? Bummer.

(via Adobe source code and customer data stolen in sustained network hack | Ars Technica)

Adobe said it suffered a sustained compromise of its corporate network, allowing hackers to illegally access source code for several of its widely used software applications as well as password data and other sensitive information belonging to almost three million customers.
Adobe dropped the bombshell revelation shortly after KrebsonSecurity’s Brian Krebs reported that the hack began sometime in mid August and was carried out by the same criminals who breached LexisNexis and other major US data brokers. In the course of investigating the earlier intrusions, Krebs said he happened upon a 40 gigabyte trove of source code, much of it belonging to Adobe. Adobe confirmed its ColdFusion Web application software and its Acrobat document program were among those that were stolen…

much more info at link

(via Adobe source code and customer data stolen in sustained network hack | Ars Technica)

Adobe said it suffered a sustained compromise of its corporate network, allowing hackers to illegally access source code for several of its widely used software applications as well as password data and other sensitive information belonging to almost three million customers.

Adobe dropped the bombshell revelation shortly after KrebsonSecurity’s Brian Krebs reported that the hack began sometime in mid August and was carried out by the same criminals who breached LexisNexis and other major US data brokers. In the course of investigating the earlier intrusions, Krebs said he happened upon a 40 gigabyte trove of source code, much of it belonging to Adobe. Adobe confirmed its ColdFusion Web application software and its Acrobat document program were among those that were stolen…

much more info at link

(via Chaos Computer Club says it’s beaten Apple’s Touch ID fingerprint reader (video))

Already feeling secure about using just your fingerprint to unlock the new iPhone 5S? European hacker association Chaos Computer Club claims it can be circumvented with “easy everyday means.” According to CCC hacker “Starbug”, tactics laid out in a how-to from 2004 are all that are required, with just a higher res fake needed to beat the Touch ID reader. The process, requires a 2400 DPI photograph of someone’s fingerprint from a glass surface, which is then laser printed at 1200 DPI and used to create a thin latex sheet that serves as the fake. Simple, right? It’s a bit more labor intensive than the old way (just watching someone input their passcode or pattern) but users may want to consider fingerprint access as a measure intended more for convenience than security.

(via Chaos Computer Club says it’s beaten Apple’s Touch ID fingerprint reader (video))

Already feeling secure about using just your fingerprint to unlock the new iPhone 5S? European hacker association Chaos Computer Club claims it can be circumvented with “easy everyday means.” According to CCC hacker “Starbug”, tactics laid out in a how-to from 2004 are all that are required, with just a higher res fake needed to beat the Touch ID reader. The process, requires a 2400 DPI photograph of someone’s fingerprint from a glass surface, which is then laser printed at 1200 DPI and used to create a thin latex sheet that serves as the fake. Simple, right? It’s a bit more labor intensive than the old way (just watching someone input their passcode or pattern) but users may want to consider fingerprint access as a measure intended more for convenience than security.

(via Intelligence Black Budget Reveals Major Focus By NSA On Cracking Encryption | Techdirt)

The pie chart above? That’s $11 billion and it employes 35,000 people. Breaking your encryption. As Poulsen notes, James Bamford (who has followed the NSA closely for years) revealed last year that the NSA had recently made an “enormous breakthrough” in cryptanalysis, and this should raise some questions about just how secure various forms of encryption really are today.

=:O

(via Intelligence Black Budget Reveals Major Focus By NSA On Cracking Encryption | Techdirt)

The pie chart above? That’s $11 billion and it employes 35,000 people. Breaking your encryption. As Poulsen notes, James Bamford (who has followed the NSA closely for years) revealed last year that the NSA had recently made an “enormous breakthrough” in cryptanalysis, and this should raise some questions about just how secure various forms of encryption really are today.

=:O

(via Some SIM cards can be hacked ‘in about two minutes’ with a pair of text messages)

Every GSM phone needs a SIM card, and you’d think such a ubiquitous standard would be immune to any hijack attempts. Evidently not, as Karsten Nohl of Security Research Labs — who found a hole in GSM call encryption several years ago — has uncovered a flaw that allows some SIM cards to be hacked with only a couple of text messages. By cloaking an SMS so it appears to have come from a carrier, Nohl said that in around a quarter of cases, he receives an error message back containing the necessary info to work out the SIM’s digital key. With that knowledge, another text can be sent that opens it up so one can listen in on calls, send messages, make mobile purchases and steal all manner of data.
Apparently, this can all be done “in about two minutes, using a simple personal computer,” but only affects SIMs running the older data encryption standard (DES). Cards with the newer Triple DES aren’t affected; also, the other three quarters of SIMs with DES Nohl probed recognized his initial message as a fraud. There’s no firm figure on how many SIMs are at risk, but Nohl estimates the number at up to 750 million. The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. Nohl plans to spill the beans at the upcoming Black Hat meeting. If you’re listening, fine folks at the NSA, tickets are still available.

yow…

(via Some SIM cards can be hacked ‘in about two minutes’ with a pair of text messages)

Every GSM phone needs a SIM card, and you’d think such a ubiquitous standard would be immune to any hijack attempts. Evidently not, as Karsten Nohl of Security Research Labs — who found a hole in GSM call encryption several years ago — has uncovered a flaw that allows some SIM cards to be hacked with only a couple of text messages. By cloaking an SMS so it appears to have come from a carrier, Nohl said that in around a quarter of cases, he receives an error message back containing the necessary info to work out the SIM’s digital key. With that knowledge, another text can be sent that opens it up so one can listen in on calls, send messages, make mobile purchases and steal all manner of data.

Apparently, this can all be done “in about two minutes, using a simple personal computer,” but only affects SIMs running the older data encryption standard (DES). Cards with the newer Triple DES aren’t affected; also, the other three quarters of SIMs with DES Nohl probed recognized his initial message as a fraud. There’s no firm figure on how many SIMs are at risk, but Nohl estimates the number at up to 750 million. The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. Nohl plans to spill the beans at the upcoming Black Hat meeting. If you’re listening, fine folks at the NSA, tickets are still available.

yow…