The head of a prominent human rights groups has warned that increased state involvement in cyberspace, including surveillance, censorship, propaganda campaigns and offensive cyber operations threatens the future of the Internet as much as endemic problems like cyber crime – part of a growing “dark side” to cyberspace. Writing in the Penn State Journal of Law and International Affairs, Ronald Deibert, Director of Citizen Lab and Canada Centre for Global Security Studies said that threats to human rights and individual liberties come from a variety of states – from authoritarian regimes, to Latin American narco-states to liberal democracies in the West, as governments increasingly leverage the power of the Internet to monitor citizens’ behavior and impose limits on free expression. Citizen Lab, part of the Munk School of Global Affairs at the University of Toronto, has played a key role in high-profile investigations of cyber espionage including the now-infamous Ghost Net attacks on […]
Recent Posts
Update: New 25 GPU Monster Devours Passwords In Seconds
Editor’s note: I’ve updated the article with some new (and in some cases) clarifying detail from Jeremi. I’ve left changes in where they were made. The biggest changes: 1) an updated link to slides 2) clarifying that VCL refers to Virtual OpenCL and 3) that the quote regarding 14char passwords falling in 6 minutes was for LM encrypted – not NTLM encrypted passwords. Long (8 char) NTLM passwords would take much longer…around 5.5 hours. 😉 – Paul There needs to be some kind of Moore’s law analog to capture the tremendous advances in the speed of password cracking operations. Just within the last five years, there’s been an explosion in innovation in this ancient art, as researchers have realized that they can harness specialized silicon and cloud based computing pools to quickly and efficiently break passwords. A presentation at the Passwords^12 Conference in Oslo, Norway (slides available here – PDF), has […]
Bluetooth-Sniffing Highway Traffic Monitors Vulnerable to MITM Attack
A system that monitors traffic patterns by pinging Bluetooth devices carried within passing automobiles is vulnerable to man in the middle attacks that could allow a remote attacker to steal data or remotely control or disable systems used to monitor freeways across the U.S., according to an alert from the Department of Homeland Security’s Industrial Control System Computer Emergency Readiness Team (ICS-CERT). ICS-CERT issued an advisory on Friday for customers who use Bluetooth-based traffic systems from the firm Post Oak Traffic Systems. Post Oak’s AWAM Bluetooth Reader Traffic Systems do not properly generate authentication keys used to secure communications. That could allow an attacker to calculate the private key used by the AWAM reader, then use those to impersonate the device, siphoning off administrative credentials that would give them direct access to the traffic monitoring system, DHS warned. Post Oak’s Anonymous Wireless Address Matching (AWAM) devices are installed at the […]
Web Attacks Target Foreign Exchange, Payment Processing Sites
A currency trading web site was compromised and used to serve malicious java applications to unwitting visitors, according to researchers at the security firm Websense- part of what might be a larger trend. Websense said in a blog post on Wednesday that the site tradingforex.com, which is used by foreign currency traders, was infected with a malicious Java applet that, when installed, key logging and screen capture software. Tradingforex.com (@Tradingforexxx) is a Cyprus-based online trading web site. It allows individuals to trade on the global foreign exchange market (or Forex). Users can trade everything from foreign currencies to precious metals, commodities and other financial instruments. According to an investigation by Websense researcher Gianluca Giuliani, the site was pushing a back door program to visitors using a malicious Java plugin to exploit known Java vulnerabilities on the victims’ computers. Further investigation by Websense and Giuliani revealed that the malware being pushed […]
Uncle Sam Wants To Stop Healthcare Fraud, But Smart Cards Are No Panacea
Medical fraud is a huge issue in the U.S. Depending on whose numbers you use, fraud stemming from false medical claims and reimbursements range from $65 billion a year (a figure generated by the Centers for Medicare and Medicaid Studies) to more than ten times that: $750 billion a year (according to the Institute for Medicine). To stem the losses, government and law enforcement have been cracking down on fraud. In October, for example, the U.S. Attorney General Eric Holder and Health and Human Services Secretary Kathleen Sebelius announced charges against 91 individuals believed to be behind a huge, interstate Medicare fraud scheme responsible for some $430 million in false billing charges. Increasingly, though, the U.S. government is turning to technology to help it identify and root out fraud within the system for medical reimbursements. Chief among the ideas under consideration is a beefed up system for identifying health consumers […]
