The Mis-Adventures in Technology of an Old Dog Learning New Tricks…

Posts tagged ‘Electronic Frontier Foundation’

Courage Under Fire – Corynne McSherry: ‘Wikipedia, Reddit to shut down sites Wednesday to protest SOPA’

Wikipedia, the online encyclopedia and sixth most visited site in the world, will join websites like the content aggregator Reddit, to “go dark” on Wednesday in opposition to the Stop Online Piracy Act (SOPA), and its companion bill, the Protect IP Act (PIPA), which are currently being debated in Congress. “What these bills propose are new powers for the government — and also for private actors — to create effectively blacklists of sites that allegedly are engaging in some form of online infringement and then force service providers to block access to those sites,” says Corynne McSherry, Intellectual Property Director at the Electronic Frontier Foundation. “What we would have is a situation where the government and private actors could censor the net.” Chief technology officials in the Obama administration have expressed concern about any “legislation that … undermines the dynamic, innovative global Internet.” But the bill’s main backers, Hollywood movie studios and music publishers, want to stop the theft of their creative content and the bills have widespread bipartisan support. A vote on SOPA is on hold in the House now, as the Senate is still scheduled vote on PIPA next Tuesday.

Brazilian security researcher discovers how to “friend” anyone on Facebook within 24 hours

(ars technica) If there’s any doubt how social networks have presented hackers with a wealth of social engineering tools, a Brazilian security researcher recently demonstrated how he could “friend” even allegedly more wary Facebook users in less than 24 hours. At the Silver Bullet security conference in São Paulo, UOLDiveo chief security officer Nelson Novaes Neto showed how he leveraged LinkedIn, Amazon, and Facebook to convince a target—a Web security expert he called “SecGirl” using social engineering.

Novaes created a fraudulent Facebook account, “cloning” the identity of the manager of the target. He then sent friend requests to friends of friends of the manager from the cloned account—sending out 432 requests. In just one hour, 24 of those requests were accepted, even though 96 percent of them already had the legitimate account of the manager in their contact list. He moved on to 436 direct friends of the manager, using his connections from LinkedIn—getting acceptances from 14 of them in an hour. Seven hours into the experiment, his cloned account’s friend request was granted by SecGirl.

With the information obtained by friending someone, it’s possible, Neto said, to then take over a legitimate Facebook account using Facebook’s “Three Trusted Friends” password recovery feature. Through the password recovery tool, a hacker can change both the password and the contact e-mail address for an account. The hacker could then use that hacked account for social engineering attacks on other accounts.

In an interview with Brazil’s UOL Noticias, Neto said, “People have simply ignored the threat posed by adding a profile without checking if this profile is true. Social networks can be fantastic, but people make mistakes. Privacy is a matter of social responsibility.”

A Facebook spokesperson told Ars Technica by email that Neto’s approach is a clear violation of the company’s policies, and that Facebook encourages users to report any account they think may be using a false name. “When a person reports an account for this reason, we run an automated system against the reported account,” the spokesperson said. “If the system determines that the account is suspicious, we show a notice to the account owner the next time he or she logs in warning the person that impersonating someone is a violation of Facebook’s policies and may even be a violation of local law.” The warning also requires the user to confirm his or her identity “through one of several methods, including registering and confirming a mobile phone number,” the spokesperson said; if they fail to respond within a certain amount of time, the account is automatically disabled. Facebook’s spokesperson also said that “Trusted Friend” system includes safeguards that lower the probability a recently friended person would be chosen as one of the friends used for password recovery.

By  / ars technica

original article appears here

Newest WikiLeaks release are ‘spy files’ which show global surveillance industry

WikiLeaks founder Julian Assange launched the website’s new project Thursday, the publication of hundreds of files it claims shows a global industry that gives governments tools to spy on their citizens.

You’re being spied on! – Smartphone Spyware “CarrierIQ” what it is, why it’s there, and how to remove it

If you have a cell phone, chances are you have a smartphone.  You know the ones, with fancy screens and capabilities galore…….. Well, as a catch to having a phone capable of doing almost anything, there lurks buried inside of that phone, hidden applications that track and record everything you do, call behavior, history, etc.  Sounds creepy, but it’s true.  Most smart-phones carry a hidden app called CarrierIQ, which, for lack of a better expression, spies on the phones user or users.  This post is a cumination of articles and videos  from various sources explaining Carrier IQ, what it is, what it does, and how to remove it.

(HuffPost  ) A security researcher has posted a video detailing hidden software installed on smart phones that logs numerous details about users’ activities.

In a 17-minute video posted Monday on YouTube, Trevor Eckhart shows how the software – known as Carrier IQ – logs every text message, Google search and phone number typed on a wide variety of smart phones – including HTC, Blackberry, Nokia and others – and reports them to the mobile phone carrier.

The application, which is labeled on Eckhart’s HTC smartphone as “HTC IQ Agent,” also logs the URL of websites searched on the phone, even if the user intends to encrypt that data using a URL that begins with “HTTPS,” Eckhart said.

The software always runs when Android operating system is running and users are unable to stop it, Eckhart said in the video.

“Why is this not opt-in and why is it so hard to fully remove?” Eckhart wrote at the end of the video.

In a post about Carrier IQ on his website, Eckhart called the software a “rootkit,” a security term for software that runs in the background without a user’s knowledge and is commonly used in malicious software.

Eckhart’s video is the latest in a series of attacks between him and the company. Earlier this month, Carrier IQ sent a cease and desist letter to Eckhart claiming he violated copyright law by publishing Carrier IQ training manuals online. But after the Electronic Frontier Foundation, a digital rights group, came to Eckhart’s defense, the company backed off its legal threats.

The Electronic Frontier Foundation said the software that Eckhart has publicized “raises substantial privacy concerns” about software that “many consumers don’t know about.”

Carrier IQ could not immediately be reached for comment. But the company told Wired.com that its software is used for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”

On its website, Carrier IQ, founded in 2005, describes itself as “the world’s leading provider of Mobile Service Intelligence solutions.”

(Trevor Eckhart)More information about Carrier IQ. If youd like to talk about it, post below, tweet with #CIQ or if you have a board discussion about it post the URL here. I will be doing NO moderation.

While your out there thank the @EFF for letting me continue 🙂

Why are you looking at CarrierIQ for information and not HTC? Look at how many devices have Carrier IQ hidden. HTC is just including 3rd party software. They have privacy policies everywhere for their programs, this is not just an HTC/Android issue.

Visit http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/c… for more info.

Videos were shot with E4G/E3D, so dont complain about quality.. If you want a better shot of something let me know!

Video Contents:
Part 1 – Start – Device setup
Part 2 – 3:15 – Where we don’t see CIQ
Part 3 – 5:05 – Finding CIQ Application

Part 4 – 8:34 – Watching Carrier IQ Watch Us
8:39 – Keypresses
12:27 – Receiving a SMS Message
13:35 – Using Browser on WiFi

Part 5 – 15:45 – Carrier IQ on an out of service device
Part 6 – 16:49 – Conclusions

Go check out sassibob over at TweetFind too –http://blog.tweetfind.com/carrier-iq-occupycarriers.html

Carrier IQ Official Video

How To Remove Carrier IQ

This will show you how to remove CIQ on your Epic! Let me know what you think!

Remove CIQ:
http://forum.xda-developers.com/showthread.php?p=19213746

How to flash Stock Deodexed rom:
http://www.youtube.com/watch?v=of3TkXjqW5c

Blog:
http://qbking77.blogspot.com

Facebook:
http://www.facebook.com/pages/Qbking77/131887343581697

Twitter:
http://twitter.com/#!/qbking77

ACS Site:
http://ACSyndicate.net

Cyber Monday Smackdown – ICE Seizes 130 Domains

Example of a Domain Seizure notice

The Department of Justice and Immigration and Customs Enforcement has amped up their efforts taking down more than 130 websites, one of which comes from a domain name provider in Australia. It’s all part of Cyber Monday Crackdown, a program that went after counterfeit goods, and online piracy, right before the busiest online shopping day of the year.

(PC World) Cyber Monday hasn’t just been a busy day for online shoppers–it’s been a busy day for the U.S. Department of Homeland Security, as well.Over 150 websites were shut down today by federal authorities for selling or distributing counterfeit goods, such as pro sports jerseys, golf equipments, DVD sets, footwear, handbags, and sunglasses.The operation is the eighth in a series of raids called “Operation In Our Sites,” which is a cooperative effort of the U.S. Immigration and Custom Enforcement’s (ICE) Homeland Security Investigations, the National Intellectual Property Rights Coordination Center, the U.S. Department of Justice, and the FBI.

Federal agencies launched a similar raid on counterfeiters last Cyber Monday, closing down 82 websites.

The closed sites now display a notice that they have been closed for copyright infringement.

“For most, the holidays represent a season of good will and giving, but for these criminals, it’s the season to lure in unsuspecting holiday shoppers,” ICE Director John Morton said in a statement. “More and more Americans are doing their holiday shopping online, and they may not realize that purchasing counterfeit goods results in American jobs lost, American business profits stolen, and American consumers receiving substandard products.”

“The ramifications can be even greater because the illicit profits made from these types of illegal ventures often fuel other kinds of organized crime,” Morton added.

Since “Operation In Our Sites” was launched in June 2010, 350 domain names have been seized. Of these seizures, 116 have been forfeited and are now the property of the federal government.

After seizure, the websites become billboards for educating the public about counterfeiting. The IPR estimates that the counterfeiting sites have received 77 million individual page views since they were seized.

Operation In Our Sites has been criticized by online rights groups, such as the Electronic Frontier Foundation (EFF).

“Domain name seizers are blunt instruments that cause unacceptable collateral damage to free speech rights,” EFF Senior Staff Attorney Matt Zimmerman argues.

It’s not just counterfeiters that are preying on online shoppers, thought–according to spam fighter Cloudmark, a massive spam campaign has been launched, disguised as UPS notices. The spam looks like a notice from the United Parcel Service, and claims that individuals’ packages cannot be delivered on time.

“The ‘from’ address is faked so that it appears to come from the domain ups.com,” Angela Knoxwrites on Cloudmark’s blog. “Many of the images are copied from legitimate UPS emails and many of the links go to the legitimate UPS site.”

 

Fake UPS NoticeFake UPS Notice

These are not legitimate UPS notices, however, and so clicking the ‘Track your shipment now’ link will take you to a website that will deliver a virus.

Cloudmark advises customers to take the time to check the original shipping confirmation that comes directly from the online vendor where the purchase was made. If you must check UPS’s site, go directly to UPS and plug in your tracking number–don’t click on any links from emails.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

Tag Cloud

%d bloggers like this: