Monthly Archives: October 2013

12-year-old admits to hacking major government websites for Anonymous

Posted by John Conley III on

A 12-year-old Canadian boy has pleaded guilty to three charges of hacking government websites under the affiliation of ‘hacktavist’ initiative Anonymous.

A court heard on Thursday how the fifth grader – from the Montreal suburb of Notre-Dame-de-Grâce – wreaked computer havoc during the Quebec student uprising in 2012, with some sites out of service for two days.

He has pleaded guilty to three charges related to hacking websites that included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites.

The attacks took some of the sites offline for up to two days, at what police estimated as a cost of $60,000 in damages.
Read more: http://www.dailymail.co.uk/news/article-2477746/Fifth-grader-just-12-years-old-admits-charges-major-hacking-targeting-government-websites.html#ixzz2j1rHVB00

Related articles

Ponemon Institute Survey Results: How Single Sign-On is Changing Healthcare – SSO Vendor Comparison

Posted by John Conley III on

Ponemon Institute Survey Results: How Single Sign-On is Changing Healthcare – SSO Vendor Comparison

by Imprivata

 

This report reveals the findings of the Ponemon Institute Survey: How Single Sign-On Is Changing Healthcare and provides a detailed analysis of single sign-on vendors. The report shows that of the >400 users of SSO technology surveyed, it was determined that SSO technology saves clinicians from 8 to 15 minutes a day depending on the SSO solution utilized, which can be translated into 103-191 hours per year.

 

Single sign-on automates the login process, enabling clinicians and IT practitioners to login only

once to their desktop in order to gain faster access to applications – removing clicks, keystrokes

and complex passwords. In light of the rigorous data security requirements in the healthcare

industry, SSO and authentication management are almost always deployed together. The

combination is growing in popularity because, as shown by our research, it increases employee

productivity, reduces helpdesk calls, and strengthens security.

 

We surveyed a total of 404 individuals who work for healthcare organizations and who use SSO

technology. They work in private and public hospitals or integrated delivery healthcare systems.

Most of the respondents work in IT functions such as operations, data security, IT compliance,

quality assurance, network management, helpdesk operations and other key MIS functions. Of

the 404 participants in the study, 65 are customers of Imprivata OneSign.

 http://healthitsecurity.com/2013/09/03/white-paper-ponemon-institute-survey-results-how-single-sign-on-is-changing-healthcare-sso-vendor-comparison/

AHMC Healthcare reports 729,000-patient data breach

Posted by John Conley III on

About 729,000 patients’ data may have been compromised because two password-protected laptops with their data were stolen on October 12 from AHMC Healthcare Inc.’s administrative offices.

The Los Angeles Times reports that the breach affected patients under Medicare who received care at the six hospitals owned by AHMC Healthcare Inc. Affected AHMC patients were treated at Garfield Medical Center, Monterey Park Hospital, Greater El Monte Community Hospital, Whittier Hospital Medical Center, San Gabriel Valley Medical Center and Anaheim Regional Medical Center.

About 10 percent of Medicare patients had their Social Security numbers compromised, while the laptops also included patient names, Medicare/insurance identification numbers, diagnosis/procedure codes, and insurance/patient payments. The laptops had been guarded and gated by a security team with video surveillance, but the thieves broke into the office and stole the laptops.

AHMC Healthcare Inc. learned of the breach on October 14 and though it doesn’t believe that any information had been accessed inappropriately, it didn’t rule out the possibility of foul play with the data.

 

http://healthitsecurity.com/2013/10/22/ahmc-healthcare-reports-729000-patient-data-breach/

March against NSA surveillance in Washington DC

Posted by John Conley III on

At a rally in Washington Saturday, self-exiled whistleblower Edward Snowden described “a system of pervasive surveillance” operating against American citizens, and he urged technology and free rights activists to spread awareness of the spying violations in the name of reform.

Just last week, leaks linked to Snowden revealed that the NSA had allegedly eavesdropped on cell phone calls by German Chancellor Angela Merkel. This follows protests by other world leaders from Brazil, France, Spain, Italy, and as many 30 other countries – most of them US allies – who say NSA spying is a violation and could seriously impair their relationship with the US.

“Today, no telephone in America makes a call without leaving a record with the NSA. Today, no Internet transaction enters or leaves America without passing through the NSA’s hands. Our representatives in Congress tell us this is not surveillance. They’re wrong,” Snowden said. “Now it’s time for the government to learn from us.”

 http://www.csmonitor.com/USA/2013/1026/NSA-Washington-March-against-surveillance-and-a-call-from-Edward-Snowden-photos

The NSA Tracks Tor Users Entry and Exit Nodes Using Fake Google Ads

Posted by John Conley III on

The system that the NSA uses to locate and identify Tor users begins, at least sometimes, with the buying of ads on networks like Google’s AdSense.

“Just because you’re using Tor doesn’t mean that your browser isn’t storing cookies,” said Jeremiah Grossman, a colleague of Hansen’s who also specializes in browser vulnerabilities.

As Grossman described the procedure to CNET, the NSA is aware of Tor’s entry and exit nodes because of its Internet-wide surveillance.

 

“The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other Web users,” he wrote.

 

The NSA buys ads from ad display companies like Google and seeds them around Tor’s access points.

Not all Tor installations are created equal, added Hansen, who has an unusual pedigree in the browser vulnerability field because he’s also a veteran of the ValueClick ad network, which was later bought by DoubleClick, which subsequently was purchased by Google.

“It depends on whether you’re using Tor Button or Tor Browser,” he said. “The Tor Button tends to be more secure because as you jump in and out of the Tor Browser, it tracks cache and cookies.”

However, since the Tor Project now includes a patched version of Firefox, it recommends not using the Tor Button and only using the standard Tor Browser Bundle instead.

More secure than either, Hansen said, was to run Tor on a virtual machine so that cookies and cache are dumped when the machine is closed, and the kind of man-in-the-middle and man-on-the-side attacks described by Schneier are avoided.

“If you don’t take the critical steps to protect your privacy, you will be de-cloaked if you’re doing something interesting,” Hansen said.

 

http://news.cnet.com/8301-1009_3-57606178-83/nsa-tracks-google-ads-to-find-tor-users/

 

“The NSA then cookies that ad, so that every time you go to a site, the cookie identifies you. Even though your IP address changed [because of Tor], the cookies gave you away,” he said.

Adobe hacked, 3 million accounts compromised

Posted by John Conley III on

The massive attack exposes customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

Adobe announced on Thursday that it has been the target of a major security breach in which sensitive and personal data about millions of its customers have been put at risk.

Brad Arkin, senior director of security for Adobe products and services, explained in a blog post that the attack concerns both customer information and illegal access to source codes for “numerous Adobe products.”

A few examples include Adobe Acrobat, ColdFusion, and the ColdFusion Builder. However, as far as the source code is concerned, Adobe assured that there is no “increased risk to customers as a result of this incident.”

Adobe officials added that the investigation has not turned up any zero-day attacks either.

Unfortunately, the culprits have obtained access to a large swath of Adobe customer IDs and encrypted passwords.

 

http://news.cnet.com/8301-1009_3-57605962-83/adobe-hacked-3-million-accounts-compromised/?Privacy

Online Tor anonymizer network among NSA’s targets

Posted by John Conley III on

Top-secret national security documents disclosed to the Guardian by Edward Snowden show United States and British intelligence have long attempted to crack the Tor anonymizer network used by human rights workers, journalists, cybercriminals and others.

  On Friday, the Guardian published leaked documents attributed to  the former intelligence contractor revealing how the US National  Security Agency and Britain’s Government Communications  Headquarters, or GCHQ, have worked extensively towards  compromising the computers of people who browse the Internet with  Tor, a program that routes traffic through multiple nodes in an  effort to help mask the identities of its users.

  According to the Guardian’s James Ball, Bruce Schneier and Glenn  Greenwald, the NSA’s “current successes against Tor rely on  identifying users and then attacking vulnerable software on their  computer.”

  “While it seems that the NSA has not  compromised the core security of the Tor software or network, the  documents detail proof-of-concept attacks, including several  relying on the large-scale online surveillance systems  maintained by the NSA and GCHQ through internet cable  taps,” the writers add.

 

Read the rest at http://rt.com/usa/nsa-target-tor-network-739/ 

London School of Economics: Online piracy is not the scourge of the media industry

Posted by John Conley III on

Online piracy is not the scourge of the media industry, as proponents of a crackdown on copyright infringement claim, says a new study. Creative business is doing well, with those embracing the new realities of digital sharing even flourishing.

The study by the London School of Economics  says that claims by industry lobbyists of damage from piracy are  largely exaggerated. Meanwhile, policies aimed at curbing illegal  file sharing that that the likes of the British Phonographic  Industry (BPI) and the British Video Association are neither  efficient nor help the entertainment industry to boost its bottom  line. 

  The policy report suggests that attempts to stop digital sharing  and close sites like The Pirate Bay are going against the natural  development of creative communities and advise to review UK’s  attitude to copyright.

 

http://rt.com/news/piracy-damage-study-uk-726/

FBI Threatened Lavabi to Turn Over SSL Keys to ALL User Email Accounts

Posted by John Conley III on

Lavabit owner Ladar Levison told RT that he had no choice but to close his email service because the FBI, in pursuit of NSA whistleblower Edward Snowden, forced him into an ethical dilemma by demanding he hand over customers’ personal data.

RT: The FBI demanded you hand over encryption  codes to collect data from a specific account that is not named  in the documents. What was your initial response

Ladar Levison: That’s actually not correct. What they  demanded were the SSL keys that were protecting all the data  coming in and out of my network for all of my users, and that’s  what I had an issue with. I’ve said before that I took the stance  that I did not to try and protect a single person but because I  was concerned about the invasion and the sacrificing of  everyone’s privacy rights that were accessing my system. 

RT: We were led to believe that you had been  threatened to be charged with criminal content if you did not  comply. Do you feel those threats would have eventually become  reality if you didn’t follow suit? 

LL: Oh, I know they would. In fact they went on to  charge me $5,000 a day for every day that I didn’t turn over  those keys, which is why I was eventually forced to hand them  over. Given the difficult choice of remaining silent about what I  thought was a grave injustice or taking, like you said, the  lesser of two evils and shutting down the service. I just wasn’t  comfortable knowing that they were examining all the data that  was coming in and out of my network without any kind of  transparency or auditing by myself to ensure that they were only  collecting the information they were legally authorized to and  continuing to run the service with that knowledge. So I made the  only decision I felt was appropriate. In terms of being arrested,  I think the only reason they didn’t is because if they had the  system would have had nobody to maintain it. That’s one of the  advantages of being a small business owner, you wear many  hats. 

 

http://rt.com/usa/govt-implications-internet-control-lavabit-752/

Related articles

Internet Freedom Deteriorates

Posted by John Conley III on

Freedom on the Net 2013 is the fourth report in a series of comprehensive studies of internet freedom around the globe and covers developments in 60 countries that occurred between May 2012 and April 2013. Over 60 researchers, nearly all based in the countries they analyzed, contributed to the project by researching laws and practices relevant to the digital media, testing the accessibility of select websites, and interviewing a wide range of sources, among other research activities. This edition’s findings indicate that internet freedom worldwide is in decline, with 34 out of 60 countries assessed in the report experiencing a negative trajectory during the coverage period. Broad surveillance, new laws controlling web content, and growing arrests of social-media users drove this overall decline in internet freedom in the past year. Nonetheless, Freedom on the Net 2013 also found that activists are becoming more effective at raising awareness of emerging threats and, in several cases, have helped forestall new repressive measures.

In June 2013, revelations made by former contractor Edward Snowden about the U.S. government’s secret surveillance activities took center stage in the American and international media. As part of its antiterrorism effort, the U.S. National Security Agency (NSA) has been collecting communications data on Americans and foreigners on a much greater scale than previously thought. However, while the world’s attention is focused on Snowden and U.S. surveillance—prompting important discussions about the legitimacy and legality of such measures—disconcerting efforts to both monitor and censor internet activity have been taking place in other parts of the world with increased frequency and sophistication. In fact, global internet freedom has been in decline for the three consecutive years tracked by this project, and the threats are becoming more widespread.

Of particular concern are the proliferation of laws, regulations, and directives to restrict online speech; a dramatic increase in arrests of individuals for something they posted online; legal cases and intimidation against social-media users; and a rise in surveillance. In authoritarian states, these tools are often used to censor and punish users who engage in online speech that is deemed critical of the government, royalty, or the dominant religion. In some countries, even blogging about environmental pollution, posting a video of a cynical rap song, or tweeting about the town mayor’s poor parking could draw the police to a user’s door. Although democratic states generally do not target political speech, several have sought to implement disproportionate restrictions on content they perceive as harmful or illegal, such as pornography, hate speech, and pirated media.

http://www.freedomhouse.org/sites/default/files/resources/FOTN%202013_OVERVIEW%20ESSAY.pdf

Related articles