Don’t Fly During Ramadan

A couple of weeks ago, I was scheduled to take a trip from New York (JFK) to Los Angeles on JetBlue. Every year, my family goes on a one-week pilgrimage, where we put our work on hold and spend time visiting temples, praying, and spending time with family and friends. To my Jewish friends, I often explain this trip as vaguely similar to the Sabbath, except we take one week of rest per year, rather than one day per week.
Our family is not Muslim, but by coincidence, this year, our trip happened to be during the last week of Ramadan.
By further coincidence, this was also the same week that I was moving out of my employer-provided temporary housing (at NYU) and moving into my new apartment. The night before my trip, I enlisted the help of two friends and we took most of my belongings, in a couple of suitcases, to my new apartment. The apartment was almost completely unfurnished - I planned on getting new furniture upon my return - so I dropped my few bags (one containing an air mattress) in the corner. Even though I hadn’t decorated the apartment yet, in accordance with Hindu custom, I taped a single photograph to the wall in my bedroom — a long-haired saint with his hands outstretched in pronam (a sign of reverence and respect).

Read more full article here: http://varnull.adityamukerjee.net/post/59021412512/dont-fly-during-ramadan

Computer scientists develop 'mathematical jigsaw puzzles' to encrypt software

Concept illustration of mathematical jigsaw puzzle

UCLA computer science professor Amit Sahai and a team of researchers have designed a system to encrypt software so that it only allows someone to use a program as intended while preventing any deciphering of the code behind it. This is known in computer science as "software obfuscation," and it is the first time it has been accomplished. 

 

Sahai, who specializes in cryptography at UCLA's Henry Samueli School of Engineering and Applied Science, collaborated with Sanjam Garg, who recently earned his doctorate at UCLA and is now at IBM Research; Craig Gentry, Shai Halevi and Mariana Raykova of IBM Research; and Brent Waters, an assistant professor of computer science at the University of Texas at Austin. Garg worked with Sahai as a student when the research was done.

Read more: http://newsroom.ucla.edu/portal/ucla/ucla-computer-scientists-develop-247527.aspx

Apple developer site targeted in security attack, still down

Apple's site for developers was attacked by an intruder last week, the company said Sunday.

In a note to developers, the company said that an "intruder" tried to gain access to developer information, prompting the company to take the service down. Sensitive information on that site was encrypted, Apple said, however it's keeping the site down while security is being hardened. No estimate was provided for when it will be back up.

Apple sent the following to developers on Sunday, detailing some of what happened:

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

An Apple spokesman told CNET that the company's developer Web site is "not associated with any customer information" and that "customer information is securely encrypted."

Apple's developer site is home to software downloads, documentation and forums for third-party software developers. The site became inaccessible to registered developers last Thursday, causing angst for users who could not access those features. On Friday the company noted that it would be extending membership periods to cover the outage, and that any published software would not be removed.

Read more: http://news.cnet.com/8301-13579_3-57594770-37/apple-developer-site-targeted-in-security-attack-still-down

SIM Cards Have Finally Been Hacked, And The Flaw Could Affect Millions Of Phones

Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there’s still one part of your mobile phone that remains safe and un-hackable: your SIM card.
Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud.

Read more: http://www.forbes.com/sites/parmyolson/2013/07/21/sim-cards-have-finally-been-hacked-and-the-flaw-could-affect-millions-of-phones/

RELATED SOURCE

SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets.
With over seven billion cards in active use, SIMs may well be the most widely used security token in the world. Through over-the-air (OTA) updates deployed via SMS, the cards are even extensible through custom Java software. While this extensibility is rarely used so far, its existence already poses a critical hacking risk.
Cracking SIM update keys. OTA commands, such as software updates, are cryptographically-secured SMS messages, which are delivered directly to the SIM. While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the 70s-era DES cipher. DES keys were shown to be crackable within days using FPGA clusters, but they can also be recovered much faster by leveraging rainbow tables similar to those that made GSM’s A5/1 cipher breakable by anyone.

Read more: https://srlabs.de/rooting-sim-cards/

Ubuntuforums.org Hacked!

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.

Read more: http://ubuntuforums.org/announce.html

PRISM Break!

Opt out of PRISM, the NSA’s global data surveillance program. Stop the American government from spying on you by encrypting your communications and ending your reliance on proprietary services.
Please go and see: https://prism-break.org/.

Secret backdoor conspiracy theory: Criticism of MS Windows

Secret backdoor conspiracy theory

In 1999 Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina found a cryptographic public key stored in the variable _KEY and a second key labeled NSAKEY. The discovery lead to a flurry of speculation and conspiracy theories; such as the second key could be owned by the United States National Security Agency (the NSA), and that it could allow the intelligence agency to subvert any Windows user's security. Also researcher Dr. Nicko van Someren discovered these cryptographic keys and a third key in the ADVAPI.DLL file which, at that time, existed in Windows 2000 before its release. Concerns were raised about CPUs with encrypted instruction sets which, if they existed during that time, would have made it impossible to discover the cryptographic keys.

Microsoft denied the allegations — Microsoft attributes the naming of the key was due to a technical review by the NSA pointing out a backup key was required to conform to regulations.

No evidence other than the name of the key has ever been presented that the key enabled a backdoor.

Cryptographer and computer security specialist Bruce Schneier has also argued against the conspiracy theory pointing out that if the NSA wanted a back door into Windows with Microsoft's consent, they would not need their own cryptographic key to do so.

The cryptographic keys have been included in all versions of Windows from Windows 95 OSR2 onwards.

[SOURCE] http://en.wikipedia.org/wiki/Criticism_of_Microsoft_Windows#Secret_backdoor_conspiracy_theory

[RELATED] http://en.wikipedia.org/wiki/NSAKEY

PRISM (surveillance program): WE ARE WATCHED!

PRISM is a clandestine national security electronic surveillance program operated by the United States National Security Agency (NSA) since 2007.^[1][2][3] PRISM is a government codename for a data collection effort known officially as US-984XN.^[4][5]

Edward Snowden
Born	Edward Joseph Snowden June 21, 1983 (age 29)[1] Elizabeth City, North Carolina, United States
Status	In hiding, last known whereabouts: Hong Kong[2]
Nationality	United States
Occupation	System administrator
Known for	PRISM whistleblower

Documents leaked by Edward Snowden^[6] in June 2013 describe the PRISM program as enabling in-depth surveillance on live communications and stored information. It provides for the targeting of any customers of participating corporations who live outside the United States, or American citizens whose communications include web content of people outside the United States. Data which the NSA is able to obtain with the PRISM program includes email, video and voice chat, videos, photos, voice over IP conversations, file transfers, login notifications and social networking details.^[3]

Source: http://en.wikipedia.org/wiki/PRISM_(surveillance_program)

http://en.wikipedia.org/wiki/Edward_Snowden

The Free Software Foundation Campaigning to Stop UEFI SecureBoot

The Free Software Foundation is on an offensive against restricted boot systems and is busy appealing for donations and pledge in the form of signatures in a bid to stop systems such as the UEFI SecureBoot from being adopted on a large-scale basis and becoming a norm in the future.

The FSF, through an appeal on its website, is requesting users to sign a pledge titled "Stand up for your freedom to install free software" that they won’t be purchasing or recommending for purchase any such system that is SecureBoot enabled or some other form of restricted boot techniques. The FSF has managed to receive, as of this writing, over 41,000 signatures. Organizations like the Debian, Edoceo, Zando, Wreathe and many others have also showed their support for the campaign.

The Foundation acknowledges that SecureBoot, if implemented correctly, will help protect systems from malware and other such threats. But, it believes that Microsoft and other hardware manufacturers will implement boot restrictions thus preventing users from installing other operating systems. “...we are concerned that Microsoft and hardware manufacturers will implement these boot restrictions in a way that will prevent users from booting anything other than Windows”,reads the appeal.

Beyond the signatures, FSF is also asking individuals to come forward and donate $50 USD (minimum) for the cause of stopping the SecureBoot. “We need to raise $350,000 by January 31st to help us amplify your voices in 2013. Please, donate today to help us turn up the volume”, notes the campaign page. You can find more information on the campaign here.

SecureBoot has received a lot of criticism from various open source organizations. Promoters of Linux such as the Linux Foundation have already started working towards coming up with ways to make Linux work on UEFI enabled hardware. The Linux Foundation recently released a minimal UEFI SecureBoot preloader that will enable users to install Linux distributions on SecureBoot hardware.

Source: http://paritynews.com/software/item/530-the-free-software-foundation-campaigning-to-stop-uefi-secureboot

PSA: Transition to CyanogenMod.org

We at CM are very trusting of our members, showed by both respect and permissions granted to those people we consider part of the team. Last month, this trust was violated in a substantial way. In the spirit of openness, here is what happened.

CM’s history is well established, with Cyanogen releasing his original ROM for the G1 on XDA forums. Back then, there was no “CyanogenMod” in terms of the organization and structure that we have today. The builds were hosted on Steve’s personal machine, the original server was a donation of spare kit from Phaseburn. And due to the small size (and lack of funds), the CyanogenMod.com domain was bought by a third-party back in 2009 and donated to CM, when CM was a much smaller project and had no online presence besides XDA.

Read full article: http://www.cyanogenmod.org/blog/psa-transition-to-cyanogenmod-org

Boycott Sony : Why are we asking you to take action against Sony?

Boycott Sony

Why are we asking you to take action against Sony?

Sony is using legal actions to harass and intimidate individuals who are modifying their own PS3 systems. Defective by Design supporters are boycotting Sony. Here's the full story:

• Sony sold the PlayStation 3 as a general purpose computer, capable of running the GNU/Linux operating system, but running in a restrictive mode that didn't allow complete access to the powerful hardware.
• Sony stated, "It was fully intended that you, a PS3 owner, could play games, watch movies, view photos, listen to music, and run a full-featured operating system that transforms your PS3 into a home computer." In return, George Hotz (known in programming circles as geohot) announced his efforts to give PS3 owners complete access to their machine's powerful hardware.
• Sony then proceeded to betray their customers by removing the ability to run custom operating systems at all, "due to security concerns."
• In January 2011, Hotz released the cryptographic keys needed to reverse Sony's restrictions and run custom software on the PlayStation 3.
• Sony promptly brought a lawsuit against Hotz.
• Then, another PS3 hacker, Alexander Egorenkov (graf_chokolo) had his home raided by the police and sued him for €1 million. Sony followed-up by confiscating his equipment.

TSA Moving X-ray Body Scanners To Smaller Airports

The Transportation Security Administration has been quietly removing its X-ray body scanners from major airports over the last few weeks and replacing them with machines thatradiation experts believe are safer.

The TSA says it made the decision not because of safety concerns but to speed up checkpoints at busier airports. It means, though, that far fewer passengers will be exposed to radiation because the X-ray scanners are being moved to smaller airports.

Read more: http://www.propublica.org/article/tsa-removes-x-ray-body-scanners-from-major-airports

Ref: http://news.slashdot.org/story/12/10/19/182231/tsa-moving-x-ray-body-scanners-to-smaller-airports

FBI Warns of 'Skyfall' Attack

WASHINGTON -- In a brief but dramatic statement, the FBI warned Thursday that Americans should expect additional terrorist attacks.

A two-sentence press release on FBI.gov said there "may be additional terrorist attacks within the United States and against U.S. interests overseas over the next several days."

The content was disturbing enough, but even stranger was the Web address of the press release: http://www.fbi.gov/pressrel/pressrel01/skyfall.htm. The link was pulled about a half an hour after it was put up.

Read more: http://www.wired.com/politics/law/news/2001/10/47510

Washington confirms Chinese hack attack on White House computer

clam666 writes"White House sources partly confirmed an alarming report that U.S. government computers — reportedly including systems used by the military for nuclear commands — were breached by Chinese hackers.

I mostly submitted it because I just loved the phrase "The attack originated in the form of a spear phish, which involves a spoofed inbound email with either a link to a malicious website or a weaponized document attachment such as a .pdf, Microsoft Excel file or Word document"

Damn those weaponized Excel files."
Source: http://slashdot.org/submission/2285681/washington-confirms-chinese-hack-attack-on-white-house-computer

Generate SSL self-signed certificate and key, enable https encryption in web2py | Recipe | Web2py Slices - Recipes, Tutorials, Code, Questions

Nice article and nice work. For web2py devs who need SSL. It will automatically generate .crt and .key files. Then, if you gonna run web2py, just add -c generated.crt -k generated.key arguments.

Generate SSL self-signed certificate and key, enable https encryption in web2py | Recipe | Web2py Slices - Recipes, Tutorials, Code, Questions

FBI Launches $1 Billion Nationwide Face Recognition System

The U.S. Federal Bureau of Investigation has begun rolling out its new $1 billion biometric Next Generation Identification (NGI) system. In essence, NGI is a nationwide database of mugshots, iris scans, DNA records, voice samples, and other biometrics that will help the FBI identify and catch criminals — but it is how this biometric data is captured, through a nationwide network of cameras and photo databases, that is raising the eyebrows of privacy advocates. Until now, the FBI relied on IAFIS, a national fingerprint database that has long been due an overhaul. Over the last few months, the FBI has been pilot testing a face recognition system, which will soon be scaled up (PDF) until it's nationwide
Read more: http://yro.slashdot.org/story/12/09/07/195218/fbi-launches-1-billion-nationwide-face-recognition-system

What facebook knows about you

WIKILEAKS BOMBSHELL: Surveillance Cameras Around the Country Are Being Used In a Huge Spy Network Called ‘Trapwire’ [Updated 8/13]

“Trapwire is the name of a program revealed in the latest Wikileaks bonanza—it is the mother of all leaks, by the way. Trapwire would make something like disclosure of UFO contact or imminent failure of a major U.S. bank fairly boring news by comparison.”

 ”In an email, Stratfor president Don Kuykendall wrote: “Their clients include Scotland Yard, #10 Downing, the White House and many [multinational corporations]“.

The U.S. cable networks won’t be covering this one tonight (not accurately, anyway), but Trapwire is making the rounds on social media today—it reportedly became a Trending hashtag on Twitter earlier in the day.

Trapwire is the name of a program revealed in the latest Wikileaks bonanza—it is the mother of all leaks, by the way. Trapwire would make something like disclosure of UFO contact or imminent failure of a major U.S. bank fairly boring news by comparison.

Read more: http://consciouslifenews.com/wikileaks-bombshell-trapwire-surveillance-spy-networ/1134041/

Other Source:
Unravelling TrapWire: The CIA-Connected Global Suspicious Activity Surveillance System

Related Video(s):

The Facebook camera that can recognise you every time you walk into a shop

Shoppers could soon be automatically recognised when they walk into a shop using a controversial new camera.

Called Facedeals, the camera uses photos uploaded to Facebook to recognise people as they walk in.

Shoppers who agree to use the system, which has not been developed with Facebook, will be offered special deals.

Read more: http://www.dailymail.co.uk/sciencetech/article-2187801/Were-watching-The-camera-recognise-Facebook-picture-time-walk-shop.html#ixzz23UC4rZeL

Great Video Shows One Minute of Botnet Activity Around the World

Video from Softpedia:

Source: Softpedia

http://news.softpedia.com/news/Great-Video-Shows-One-Minute-of-Botnet-Activity-Around-the-World-276014.shtml