This is worth keeping
in the “Hacker Folder”
Introducing
“Have I been pwned?” – aggregating accounts across website
breaches
… As I analysed
various breaches I kept finding user accounts that were also
disclosed in other attacks – people were having their accounts
pwned
over and over again. So I built this:
The site is now up and
public at haveibeenpwned.com
so let me share what it’s all about.
Just after the Adobe
breach, a number of sites started popping up that let you search
through the breach to see if your email address (and consequently
your password), was leaked. For example there was this
one by Ilias Ismanalijev, here’s
another by Lucb1e and even LastPass got on the bandwagon with
this one. When I used the tool to check my accounts, I found
both my personal and work accounts contained in the breach. I had
absolutely no idea why!
The most likely answer
is that I did indeed create accounts on Adobe, perhaps as far back as
in the days when I was using Dreamweaver to build classic ASP whilst
it was still owned by Macromedia. The point is that these accounts
had been floating around for so long that by the time a breach
actually occurred I had no idea that my account had been compromised
because the site was simply no longer on my radar.
But of course Adobe is
not the only searchable breach online, there’s
also one for Gawker, another for
LinkedIn passwords (emails and usernames weren't disclosed) and
so on and so forth. Problem is, there’s not a tool to search
across multiple breaches, at least not that I’ve found
which is why I’ve built haveibeenpwned.com:
This is worth telling
your Computer Security managers about.
Report
– Linux Worm Targeting Hidden Devices
by Sabrina
I. Pacifici on December 3, 2013
“Symantec
has discovered a new Linux worm that appears to be engineered to
target the “Internet of things”. The worm is capable of
attacking a range of small, Internet-enabled devices in addition to
traditional computers. Variants exist for chip architectures usually
found in devices such as home routers, set-top boxes and security
cameras. Although no attacks against these devices have been found
in the wild, many users may not realize they are at risk, since
they are unaware they own devices that run Linux. The worm,
Linux.Darlloz,
exploits a PHP vulnerability to propagate itself in the wild. The
worm utilizes the PHP
‘php-cgi’ Information Disclosure Vulnerability
(CVE-2012-1823), which is an old vulnerability that was patched in
May 2012. The attacker recently created the worm based on the
Proof of Concept (PoC) code released in late Oct 2013. Upon
execution, the worm generates IP addresses randomly, accesses a
specific path on the machine with well-known ID and passwords, and
sends HTTP POST requests, which exploit the vulnerability. If the
target is unpatched, it downloads the worm from a malicious server
and starts searching for its next target. Currently, the worm
seems to infect only Intel x86 systems, because the downloaded URL in
the exploit code is hard-coded to the ELF binary for Intel
architectures. Linux is the best known open source operating system
and has been ported to various architectures. Linux not only runs on
Intel-based computers, but also on small devices with different CPUs,
such as home routers, set-top boxes, security cameras, and even
industrial control systems. Some of these devices provide a
Web-based user interface for settings or monitoring, such as Apache
Web servers and PHP servers…”
So,some good is coming
out of this mess?
How
the Snowden leak is changing the tech landscape
… Leading
technology firms including Google, Apple, Microsoft and Yahoo
have been working to rebuild users' trust after the disclosure that
the NSA can access information on their servers. For Google, this
has involved announcing efforts to increase
the encryption used for data travelling between
the company's data centres, which the Washington
Post revealed was being accessed by the NSA, as
well as joining legal calls for the release of more government
information at users' request.
Other technology
startups have taken more drastic action. Lavabit, a secure email
provider reportedly used by Edward
Snowden, the NSA whistleblower, shut
down after the government requested a back door
into its systems. Another company, Silent
Circle, closed its email service shortly
afterwards.
(Related) But could we
go too far? I see this as an argument based on weak assumptions. We
do not need to know what a message contains to know that people who
regularly email known terrorists have a connection to that terrorist.
Failure to encrypt simply makes determining if our known terrorist
is a leader or a follower or someone who regularly writes his mother
much easier.
Adam Henschke writes:
Ex-National
Security Agency (NSA) employee Edward Snowden’s various leaks –
the most recent being a slide showing that the NSA infected 50,000 of
computer networks with remote-controlled spyware – confirm that
state intelligence agencies around the world have been collecting and
analysing people’s behaviour online for years.
Many
people now feel that their online privacy and anonymity have been
undermined – particularly as major service providers like Google,
Facebook and Apple have been compromised. In response, some email
service providers (such as Yahoo! last week) are now offering full
encryption of users’ data.
While
privacy is generally seen as morally desirable, the ethical issues
surrounding encryption technologies require some closer
investigation. In order to properly assess such things, we need to
assess not just the claims but the moral foundations upon which they
are based.
What,
then, are the main moral justifications for encryption? What are the
arguments against it? And finally, what responsibilities do
encryption service providers owe their clients and the public at
large?
Read more on Business
Spectator.
Is it easy to draft a
model bill? I doubt it, but it might make for an interesting thought
exercise...
Benjamin Herold writes:
An
influential legislative-advocacy group’s promotion of a model
bill meant to protect the privacy of student
data sends a strong signal that the hot-button issue will be debated
in statehouses around the country in lawmakers’ 2014 sessions.
The
template being provided to state lawmakers by the controversial
American Legislative Exchange Council, known as
ALEC, would require state school boards to appoint a “chief privacy
officer,” create a data-security plan, publish an inventory of all
student-level data being collected by the state, make sure that
contracts with some vendors include privacy and security provisions,
and ensure compliance with federal privacy laws.
Read more on Education
Week, but the full article is behind a paywall.
...and in the US you
worry about being fired.
North
Korean leader's power broker uncle ousted: South Korea
North Korean leader Kim Jong-Un's uncle, seen as his nephew's
political regent and one of the most powerful men in the country, has
apparently been ousted and several associates
executed, South Korea's spy agency said on Tuesday.
… If confirmed, Jang's ouster would mark the most significant
purge at the top of North Korean leadership since Kim
Jong-Un succeeded his late father Kim
Jong-Il in December 2011.
According to the NIS,
Jang was "recently ousted from his position and two of his close
confidantes - Ri Yong-Ha and Jang Soo-Kil - were publicly executed in
mid November", lawmaker Jung
Cheong-Rae told reporters.
(Related) ...and
here's how they do it in China.
20,000
Chinese officials penalized for being too bureaucratic
The Chinese government
has punished over 20,000 officials in the country’s rural areas
this year as part of the Communist Party’s nation-wide campaign,
aimed at cutting down bureaucracy and excessive ceremony.
Perspective They still
have a bit of a way to go to overtake the dollar, but keep
watching...
RMB
now 2nd most used currency in trade finance, overtaking the Euro
by Sabrina
I. Pacifici on December 3, 2013
News
release: ‘”Recent SWIFT data shows that RMB (Chinese Yuan)
usage in traditional trade finance – Letters of Credit and
Collections – grew from an activity share of 1.89% in January 2012
to 8.66% in October 2013, propelling the RMB to the second most used
currency in this market. It ranks behind the USD, which remains the
leading currency with a share of 81.08%. The RMB overtook the Euro,
which dropped from 7.87% in January 2012 to 6.64% in October 2013 and
is now in third place. The top 5 countries using RMB for trade
finance in October 2013 were China, Hong Kong, Singapore, Germany and
Australia. ”The RMB is clearly a top currency for trade
finance globally and even more so in Asia, as shown by SWIFT’s
business intelligence statistics on the pace at which China’s
exporters and importers and their counterparts use the RMB for
Letters of Credit”, says Franck de Praetere, Head of Payments and
Trade Markets, Asia Pacific, SWIFT. In October 2013, the RMB
remained stable in its position as the #12 payments currency of the
world, with a slightly decreased activity share of 0.84% compared to
0.86% in September 2013. Overall, RMB payments increased in value by
1.5% in October 2013, whilst the growth for all payments currencies
was at 4.6%.”
I could click once and
this entire blog would become a book. (There's a App for that)
Would it be worth doing?
Are
paper books becoming obsolete in the digital age, or poised to lead a
new cultural renaissance?
by Sabrina
I. Pacifici on December 3, 2013
Papyralysis
by Jacob
Mikanowski Are paper books becoming obsolete in the digital age,
or poised to lead a new cultural renaissance? November 14th, 2013
The following is a feature article from the inaugural issue of
the LARB
Quarterly Journal.
“WE’RE LIVING IN A
WEIRD MOMENT. Everything has become archivable. Our devices produce
a constant record of our actions, our movements, our thoughts.
Forget memory: if we wanted to, we could reconstruct every aspect of
a life with an iPhone and some hard drives. But at the same time,
physical archives seem to be fading away. Once, they were supported
by a whole ecology of objects and institutions, including prints,
presses, notebooks, letters, diaries, manuscripts, and marginalia.
Now, each of these is vanishing, one after another. Letters don’t
get written. Handwriting’s been forgotten. Presses crumble.
Paper molders. And everyone agrees: the book is next to go. Of
course it won’t happen all at once. Maybe it isn’t even
happening now. Digital books are increasingly popular — but paper
books are more popular still. Publishing is a mess — unless you’re
a giant multinational or a thriving independent. Readership is in
decline — but that depends on what you think ought to be read.
Paper is a frustrating anachronism — and our offices and homes are
full of it. The clash of technologies that we’re living through is
probably less a case of the silents vs. the talkies than of radio vs.
TV. However popular e-readers become, paper books will still be able
to carve out a space in their shadow, at least in the short term.
But how long will the short term last? It used to be possible to
imagine books disappearing in the distant future. Now it feels like
even money that it’s going to happen within our lifetimes… For
almost 2,000 years, a technology called the codex held a monopoly on
the physical form of truth. The codex was made popular by members of
the early Christian church, who gathered individual scrolls and
letters between two covers, creating a bible. With time, the
Christian book replaced the pagan scroll, and ever since, our
relationship to the format has been tinged by a reverence that’s at
once reflexive and frequently denied. The written word has long been
held to be close to the sacred. Milton thought that books made
better receptacles for human souls than bodies. Jews and Muslims in
the Middle Ages refused to throw out any texts, lest they
inadvertently destroy the name of G-d. Perhaps the purest expression
of the idea that books are a form of life comes in the story told by
the Mandeans, an Iraqi people who practice a gnostic religion. One
of the Mandeans’ great sages was a creature named Dinanukht, who
was half-book and half-man. He sat by the waters between worlds,
reading himself until the end of time…”
For my wife, the “Power
Shopper”
– instantly compare
prices on any product on any site in the US, UK, Germany, France,
Canada or Australia.. WindowShopper will present products from more
than 50,000 stores including Amazon, eBay, Best Buy, Newegg, Macys,
Nordstorm, Overstock, Staples, Target, and Walmart. Our index covers
over 200 million products in practically every product category.
I know people who look
for people...
FREE
EBOOK: Research Your Family Tree Online
Online, PDF, EPUB,
Amazon. No password or registration required.
There is no such thing
as “too much research.”
Video
- How to Use Google Books for Research
Google
Books can be a good research tool for students if they are aware
of it and know how to use it. In the video below I provide a short
overview of how to use Google Books for research. You can also find
screenshots of the process here.
No comments:
Post a Comment