Brazilian Kids Being Tracked By Embedded Computer Chips

by Kyle in Brazil, Everywhere Else, Featured, Security, Tech
Comments Off on Brazilian Kids Being Tracked By Embedded Computer Chips 0 Like 1,850

If the headline sounds like something out of a strange sci-fi movie, well it’s not. This is actually a true story out of Brazil. Grade school students in a northeastern Brazilian city have new uniforms. Those uniforms may look like typical school uniforms but they are not.

Twenty thousand students in a northeastern Brazilian school system are wearing uniform t-shirt embedded with microchips. All 20,000 students attend one of 25 schools in the Victoria da Conquista’s public school system. There are 213 schools in the system and when it’s all said and done 43,000 students aged 4 to 14 will be wearing the chip embedded t-shirts.

The entire program, which cost the school system over $670,000 to implement, is aimed at targeting tardiness and truancy. The chip notifies the parent of the child by text message when their student has entered the school. It also lets them no if the student hasn’t entered the school after 20 minutes with a text message that says “Your child has still not arrived at school”.

More after the break
Read More…

Hacktivism, All Explained In An Infographic

by Nick Tippmann in Government, Hacktivism, Media, Security, Tech
Comments Off on Hacktivism, All Explained In An Infographic 0 Like 1,733

Anarchist, Hackers, Criminals, Freedom Fighters, which ever you want to call them. Hacktivist has become part of the vocabulary over the past two years with groups like Anonymous, LulzSec and others. Below is a graphic explaining where it started recently, the cause and effect of such actions which we’ve seen.

Read More…

It’s A Bird, It’s A Plane, No, It’s Pirate Bay

by Nick Tippmann in Gadgets, Security, SOPA, Tech, Web
2 Comments 0 Like 1,729

Pirate Bay which recently due to legal litigation against another site, revamped how it would do business is doing so yet again. First they would no longer allow users to download Torrent files from them, but instead use a magnet to do so. Now is flying in the Drones to do its work.

Seeing how the US has no legal grounds over International waters, that’s where The Pirate Bay is heading, but not in ships. Using GPS-controlled drones, instead of data centers.

Everyone knows WHAT TPB is. Now they’re going to have to think about WHERE TPB is. We were further informed that the first drone will probably fly above international waters.We’re already the most resilient and the most down to earth. That’s why we need to lift off, being this connected to the ground doesn’t feel appropriate to us anymore,

Is the statement Pirate Bay told TorrentFreaks earlier today. Not sure how it’ll work, don’t worry, they’ve also even explained it as they are not shy that this’ll be their next move to combat what has been an offensive by the US against websites, the government doesn’t like, even if no legal grounds to stop it are there.

With the development of GPS controlled drones, far-reaching cheap radio equipment and tiny new computers like the Raspberry Pi, we’re going to experiment with sending out some small drones that will float some kilometers up in the air. This way our machines will have to be shut down with aeroplanes in order to shut down the system. A real act of war. We’re just starting so we haven’t figured everything out yet. But we can’t limit ourselves to hosting things just on land anymore. These Low Orbit Server Stations (LOSS) are just the first attempt. With modern radio transmitters we can get over 100Mbps per node up to 50km away. For the proxy system we’re building, that’s more than enough.

Lets just make sure those in control don’t accidentally fly over New York as they already have the ability to not only shot down planes, but Drones as well.

Scott Pelley: Are you satisfied that you’ve dealt with threats from aircraft, even light planes, model planes, that kind of thing?

Kelly: Well, it’s something that’s on our radar screen. I mean in an extreme situation, you would have some means to take down a plane.

Pelley: Do you mean to say that the NYPD has the means to take down an aircraft?

Kelly: Yes, I prefer not to get into the details but obviously this would be in a very extreme situation.

Pelley: You have the equipment and the training.

Kelly: Yes

As you can see again in an article we posted in September of last year. Here video included.

This’ll be a new challenge as we may see more Torrent sites trying to do the same. We’ll be keeping an eye on this as more news comes in.

 

Source: TorrentFreak

Return Voyage For LulzSec? Rumors Say Yes And No

by Nick Tippmann in Featured, Security, Tech, , Web
1 Comment 0 Like 2,050

The infamous collective of 6 people who became famous last year for websites in which they’ve hacked as well as companies may be back. Or may not be, matters whom you talk to. LulzSec because famous quickly via Twitter for hacking into the likes of Fox’s TV shows and reveling the contestants before the X-Factor even aired. Along with hacks like PBS and others. However, in the last couple of weeks everything seemed to have ended with their “leader” Sabu, who was outed as a FBI informant.

Now a YouTube video may contradict their demise…

Read More…

YouTube remotely accesses the camera on your tablet or phone

by Cameron Wright in Cameron Wright, Featured, Google, Mobile, Security
Comments Off on YouTube remotely accesses the camera on your tablet or phone 1 Like 9,707

According to a “security expert” YouTube can remotely access the camera on your tablet or phone reports Read Write Web via The London Times (paywall).  The reason I even paid attention to this was the fact that it was found at the bottom of the article and was mentioned in passing.  If this were truly the case, would this not be the headline?  With all the discussions of privacy and contacts happening lately certainly this would make waves with different government agencies. This is a very serious accusation to make and yet there is no solid evidence to support this claim; actually the “evidence” provided by the “security expert” uses the description found in the permission description (read below).

In an article about Facebook reading users emails (more on that later) the London Times and RWW accused Google owned YouTube of remotely accessing the camera found on tablets and smartphones. “Facebook, according to the report, joins several high-profile Web firms that have been caught snooping on their customers. Flickr, dating site Badoo and Yahoo Messenger have all been accused of accessing users’ private data, and YouTube can remotely access and operate a smartphone’s camera, security experts told the Times.”  We pinged Google for an official statement and received this reply;

This is so silly…it requests the camera permission so you can launch camera to take a video from within the YouTube app. It’s not like the app can turn on your camera without asking you.

The permission being discussed is found in Hardware Controls and reads as follows:

TAKE PICTURES AND VIDEOS
Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.

The idea that Google or YouTube would give themselves the ability to remotely access your video camera is, well, silly.  It illustrates the very real issue that companies are facing when it comes to permissions and users privacy.  What is needed is more education regarding permissions and the use of data by these companies.

 

Sources: Read Write Web via The London Times

Enhanced by Zemanta

Path, your contacts, and disaster response: Dave Morin takes the high road

by Cameron Wright in Cameron Wright, Featured, Security, Startups
1 Comment 0 Like 2,065

Path co-founder Dave Morin takes the high road today, after the news that your complete contact list is being uploaded to their servers. This morning a developer named Arun Thampi released an article titled: Path uploads your entire address book to their servers.  Included in the article were a number of screenshots and detailed instructions to replicate his findings.  Though there is no time stamp on the article, the first comment was left by Dave Morin, instead of ignoring or running from the issues he chose to immediately respond.  First with the comment:

Arun, thanks for pointing this out. We actually think this is an important conversation and take this very seriously. We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently[sic] as well as to notify them when friends and family join Path. Nothing more.

We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval.

Dave Morin
Co-Founder and CEO of Path

*Italics – Emphasis mine

Read More…

Apple iMessage Fails To Protect Privacy

by Neil Lund in Apple, Featured, Security
Comments Off on Apple iMessage Fails To Protect Privacy 0 Like 1,743

Apple iMessage fails to protect privacy. An Apple employee had his iMessage account accidentally hacked by a flaw in the way Apple currently has their iMessage account hardwired to the users SIM card. The apple employees personal details, communications and pictures have been released to the public via Gizmodo and Business Insider. Imagine if you were him. All your little details of your life being available to an anonymous person that could use that information to blackmail you into doing things you really don’t want to do or ruin relationships you have by exposing private personal or work conversations that are not meant to be public knowledge. The list goes on and on. I’m sure you can think of a few things wrong with this scenario too.

Here’s the short story of what happened. A mothers sons iPhone needed service, she takes it to an Apple store in her area for service, she picks it up with it appearing to be working as it should, they later find out it is somehow receiving a mysterious mans iMessage communication. Apparently it was transmitting an Apple employees information. More of the story can be found from the source links.

Currently Apples iMessage account is tied to the users SIM card. This is bad. Other messaging services have a sign in type account instead that makes this particular problem not happen. I’m sure Apple is going to fix this issue quickly. Anyone glad you’re using an Android device right about now?

 

Via Gizmodo & Business Insider

CES 2012: Surf Easy Personal Internet Web Browser

by Kyle in CES 2012, Security, Startups, Tech
1 Comment 0 Like 1,645

At CES 2012 we met with the investors of a new start-up called Surf Easy. Surf Easy is a personal web browsing product.

The Surf Easy personal web browsing solution is actually Mozilla’s Firefox on a secure and encrypted USB flash drive. When you put the Surf Easy USB key into a Mac or PC it asks you for your password and then opens up your own personal, private and secure web browser.  Unlike traditional web browsing, everything you browse while using Surf Easy is stored on the USB key.

The Surf Easy web browser keeps your cookies, passwords, and history safely on the key itself and send your information encrypted to their cloud based servers. This way whether you are using your own computer, a hotel computer or a friend’s computer your information stays with you.

Surf Easy also saves your bookmarks, and as much history as you would like so you can pick up where you left off. They were at CES 2012 in Eureka park with their private investors.

Surf Easy may miss the boat though, as the service costs $60. We’re not sure that the price makes it an attractive solution to something that can be easily replicated. We are also nervous about the fact that they wouldn’t allow us to self test.

Zuckerberg Admits To Making Mistakes While Settling US Regulator Privacy Complaint

by Kyle in Security,
Comments Off on Zuckerberg Admits To Making Mistakes While Settling US Regulator Privacy Complaint 0 Like 2,752

“I’m the first to admit that we’ve made a bunch of mistakes,”, Mark Zuckeberg said today in regards to settling a privacy complaint by the United States Federal Trade Commission (FTC).

Facebook today agreed to settle complaints by the Federal Trade Commission that they knowingly failed to protect users privacy. They are now subject to a 20 year agreement that requires Facebook to clearly get user consent before sharing material that was previously protected by more restrictive measures.  Facebook also agreed to independent reviews of the companies privacy policies.

“Companies must live up to their promises about privacy,” FTC Chairman Jon Leibowitz said on a conference call with reporters. The settlement “will protect consumer choices and ensure they have full and truthful information about their data.”

More after the break
Read More…

We have the ability to stop your freedom of speech, and now the ability to crash your plane

by Nick Tippmann in Security, Tech, Transportation
Comments Off on We have the ability to stop your freedom of speech, and now the ability to crash your plane 0 Like 2,877

 

That is the statement that New York Police Department Commissioner Ray Kelly told 60 Minutes tonight. With the inability to trust his own government Kelly needed a way to play God and be able to control everything people do in his jurisdiction.

“We couldn’t rely on the federal government alone.”

While we understand the wish to protect your area, this may have gone to far. Here is an snip of the interview from the video below.

Read More…

SSL encryption can be broke with Crypto Attack

by Nick Tippmann in Security, Tech
Comments Off on SSL encryption can be broke with Crypto Attack 0 Like 1,002

 

With Android applications like DroidSheep which acts like a sniffer that gains the cookie from non-SSL sites so users can gain access into those accounts(Facebook) under those users, that application and others are about to be broken wide open. Websites such as those who process online payments, Emails(Google) and Facebook(if you can ever find where its at all) use SSL to protect users from having their info taken from others. However that could/is about to change.

Researches have found protocol that allows attackers to silently decrypt data that’s passing between a webserver and the browser. The exploit used BEAST to do its work. It works by doing two attacks, one contains code that must be loaded into the victim’s web browser and the second one captures and decrypts HTTPS session cookies which can be done in just five minutes.

 

Juliano Rizzo and Thai Duong say the vulnerability compromises TLS (Transport Layer Security) 1.0, the encryption mechanism that secures Web sites accessed using HTTPS (Secure Hypertext Transfer Protocol). TLS is the successor to SSL (Secure Sockets Layer) and is widely used at financial sites.

 

When Paypal was asked about this by PC Mag their PR stated,

We have got a team of security people and it is always working on updates and upgrades and they are looking into this already

No word yet on if this exploit has been released to the public some how, however the ability to attack SSL encrypted websites is a major security threat.

 

Source: The Hackers News