Staples probes potential theft of customer credit card data4

From the Cnet.com Article by    

A pattern of payment card fraud suggests that data was stolen from cash registers in the Northeast US, security reporter Brian Krebs reports.

Staples said late Monday that it is investigating a “potential issue” involving its customers’ credit card data in what could be the latest US retailer to fall victim to a payment card system security breach.

The office supply chain announced it was working with law enforcement officials after security reporter Brian Krebs reported that “multiple banks” had identified patterns of payment card fraud that suggested data had been stolen from several locations in the Northeastern US. The pattern suggests that Staples cash registers in a handful of locations were infected with data-stealing malware similar to that used in other security breaches that allows thieves to create counterfeit cards, Krebs wrote.

“We take the protection of customer information very seriously, and are working to resolve the situation,” Mark Cautela told Krebs. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”

Staples did not immediately respond to a request for additional comment.

It wasn’t immediately clear how many customers may be affected. The Framingham, Mass.-based chain has more than 1,800 stores nationwide, but Krebs said that it appears the theft is limited to a small subset of stores.

Data-stealing malware has become a popular tool of fraudsters in recent months. Home Depot revealed last month that 56 million customer credit cards were put at risk of theft as a result of a security breach that used custom-built malware to evade detection. A similar method was used late last year to expose the credit card data of 40 million Target customers and the personal information for an additional 70 million customers.

Since the Target hack, there has been an apparent uptick in security breaches at retail locations. Over the past few months, arts and crafts retail chain Michaels Stores, department store Neiman Marcus, and restaurant chain P.F. Chang’s all revealed they were victims of security breaches aimed at stealing customers’ credit card information.

PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park

 

Apple dumps SSL 3.0 for push notifications due to Poodle flaw

From the Cnet.com Article by    

Apple will switch to the TLS encryption standard after disclosure of vulnerability that could expose encrypted data.

Apple said Wednesday it will stop supporting the encryption standard Secure Sockets Layer 3.0 for its push notifications service in response to a vulnerability identified earlier this month in the aging protocol.

Apple announced on its developer site that it will switch on October 29 from SSL 3.0 to Transport Layer Security (TLS), SSL’s more modern, less vulnerable younger sibling. Disclosed earlier this month, the vulnerability — called Poodle — allows encrypted information to be exposed by an attacker with network access.

“Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected,” Apple said in its bulletin. “Providers that support both TLS and SSL 3.0 will not be affected and require no changes.”

To help developers test compatibility, Apple said it has already disabled SSL 3.0 in the development environment on its Provider Communication interface.

Poodle, which stands for Padding Oracle On Downgraded Legacy Encryption (PDF), is a problem because it’s used by both websites and Web browsers. Both must be reconfigured to prevent using SSL 3.0, and Poodle will remain a problem as long as SSL 3.0 is supported.

Once the most advanced form of Web encryption in use, the 15-year-old SSL 3.0 is used by few websites anymore, according to a study by the University of Michigan. However, Poodle still poses a threat because attackers can force browsers to downgrade to SSL 3.0.

Twitter already notified its users that it has disabled SSL 3.0 support, while Mozilla advised Firefox users to install a Mozilla security add-on that disables SSL 3.0. Along with Google and Mozilla, the University of Michigan researchers detailed how to disable SSL 3.0 for Internet Explorer.

Mozilla plans to disable SSL 3.0 in Firefox 34, the next version of the open-source browser. It’s currently in beta testing, with a release planned for the end of November. Mozilla has been testing the change in its Aurora version of Firefox, the precursor to the beta version, and so far, “There has been much less screaming about this than I anticipated,” said Mozilla’s Martin Thomson on Wednesday, discussing the change on Mozilla’s bug-tracker. Complaints would come from people who couldn’t use Web sites that required SSL 3.0.

CNET News staff writer Stephen Shankland contributed to this report.

 

 

Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City, Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City, Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City, Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City,

FBI director demands access to private cell phone data

From the cnet.com article ‘FBI director demands access to private cell phone data’ by  ()

To stop terrorists and other criminals, cell phones should have encryption backdoors to enable US government surveillance, argues FBI Director James Comey.

Cell phone encryption will prevent the federal government from stopping terrorists and child molesters unless the government is given special access, Federal Bureau of Investigation Director James Comey told a Washington, DC, think tank on Thursday.

Comey, who noted that “both real-time communication and stored data are increasingly encrypted,” said that the trend by service providers to encrypt their customer data could prevent the government from lawfully pursuing criminals.

“Justice may be denied, because of a locked phone or an encrypted hard drive,” Comey said in his prepared remarks at the Brookings Institute. He explained that while Communications Assistance for Law Enforcement Act (CALEA) from 1994 mandated that telephone companies build wiretapping backdoors into their equipment, no such law forces new communication companies to do the same.

However, he didn’t mention that CALEA was expanded from its original mandate to include broadband Internet and Voice over Internet Protocol (VoIP) systems like Skype in 2004.

Comey called out the default encryption in Apple’s iOS 8, and the optional Android encryption that will become the default for that operating system when Android 5.0 Lollipop is released next month, as blocking law enforcement from fully gathering evidence against suspects. He said that the solution was for tech firms to build “front-doors” on consumer cell phones and smartphones.

“We aren’t seeking a back-door approach,” Comey said, referring to a common term for encryption that has been intentionally weakened. “We want to use the front door, with clarity and transparency, and with clear guidance provided by law,” including court orders, he said.

The spying scandal that kicked off when former National Security Agency contractor Edward Snowden leaked classified surveillance documents has seen tech titans including Apple, Google, Yahoo, Microsoft and Facebook scramble to build tougher encryption into their products. Google’s Eric Schmidt warned that the spying will “break the Internet.”

The current fight over how to secure customer data isn’t the first time that tech firms and the US government have gone to war over encryption. In the 1990s, the “crypto wars” saw tech companies and industry advocates force the US government to repeal laws that deemed cryptography a weapon.

While evoking imagery of children at play and innocents exonerated of false accusations thanks to FBI investigations unencumbered by encryption, Comey derided concerns by the tech community that weakening encryption made devices more susceptible to cyber-criminal attacks.

He acknowledged that “adversaries will exploit any vulnerability they find,” but that those exploits introduced by a backdoor could be mitigated by “developing intercept solutions during the design phase,” he said.

Cryptography expert and University of Pennsylvania professor Matt Blaze disagreed with that assumption. Comey’s speech, he said on Twitter, “didn’t merely dismiss or minimize the technical risks of back doors, it completely ignored them.”

Christopher Soghoian, the American Civil Liberties Union’s principal technologist on its Speech, Privacy and Technology Project, said that Comey’s insistence on weakening encryption opens the data to “foreign governments and criminals,” he said, “whether you call it a ‘front door’ or a ‘back door.'”

Soghoian noted in a blog post from 2010 that CALEA explicitly protects the right of a telecommunications company to build encryption to which only the customer possesses the cryptographic keys.

Comey’s speech appears to want to change that. The FBI didn’t return a request for comment.

Google declined to comment specifically on Comey’s statements, but reiterated its support for encryption. “People previously used safes and combination locks to keep their information secure — now they use encryption. It’s why we have worked hard to provide this added security for our users,” a Google spokesperson said.

Apple didn’t respond to a request for comment.

Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City, Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City, Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City, Computer Repair Overland Park, Computer Repair Kansas City, PC Repair Overland Park, PC Repair Kansas City

Snapchat warns users outside apps ‘can’t be trusted’

From the Cnet.com Article by Seth Rosenblatt (@sethr)

Snapchat tells its more than 100 million users that some third-party apps pose a threat. But the photo-sharing service doesn’t address why outsiders were able to connect to Snapchat in the first place.

Snapchat cautioned its 100 million active users on Tuesday morning to stay away from any and all apps that claim to work with its messaging service.

Snapchat, which lets users share a photo or video that’s deleted soon after the recipient sees it, has been under fire since last week. A third party-service that connected to Snapchat and allowed “snap” recipients to back up the photos and videos sent to them was hacked. More than 13 gigabytes of data — most of them photos that Snapchat users had stored on the third-party site – were stolen and made public, including tens of thousands of sexually explicit images. The hack affected about 200,000 Snapchat users.

Snapchat blamed the third-party services for putting Snapchat users at risk in a new blog post today. “It takes time and a lot of resources to build an open and trustworthy third-party application ecosystem,” Snapchat wrote today. “That’s why we haven’t provided a public API to developers and why we prohibit access to the private API we use to provide our service.”

This is the second time since the breach was reported that Snapchat has said third-party Snapchat services were at fault, and that users assume multiple risks by using them. On Friday, Snapchat told CNET News in a statement that its users were “victimized” by using third-party Snapchat services, which often back up the photos and videos posted to Snapchat without the sender’s consent.

Snapchat told CNET News said that third-party use of its API is, “a practice that we expressly prohibit in our Terms of Use” because they “compromise our users’ security.”

At least two independent security experts think Snapchat, founded in 2011, bears at least part of the responsibility for the hack. It should have secured its API in the first place, said Chris Eng, vice president of research at computer-security research firm Veracode. Snapchat “absolutely could” have better security, he said.

“They are using Terms of Service instead of having strong security in place, Eng told CNET. “From a security perspective [that] has zero effectiveness…they are trying to do the absolute bare minimum without considering how effective it is.”

Patrick Wardle, director of research at security-intelligence firm Synack, said that part of the problem is that all APIs — including Snapchat’s — are designed to have services connect to them. If a third-party service knows how an API is built, all it needs are user login credentials to connect to the service.

“Whether or not the API is public or private, if users are providing their account information then hackers can still make use of the API to access user content,” Wardle said. End-to-end encryption, which is used to protect electronic messages from being spied on, would help Snapchat ensure not only user privacy but also limit API access, Wardle said.

Snapchat didn’t respond to a request for comment.

The stolen photos and videos were taken from an unauthorized third-party Snapchat service called Snapsaved, which backed up users’ “snaps.” Snapsaved was one of many unauthorized third-party Snapchat services, which shut down several months ago. Snapsaved said it was to blame for the hack in a Facebook post on Saturday. It said 500 megabytes of photos and videos had been stolen, not 13 gigabytes.

Complicating the hack is that at least one estimate says half of Snapchat’s users are teenagers between 13 and 17 years old, and many of the photos and videos are rumored to be sexually explicit. Snapchat isn’t saying how many of the photos were sexually explicit and neither is Snapsaved. But one user of the popular Internet community Reddit said that of the 13 gigabytes of stolen snaps, around 100 megabytes were of pornographic photos and videos. That still translates into tens of thousands of images.

Since its debut, Snapchat has become the third-most popular social media app in the US, behind Facebook and Facebook’s photo-sharing service Instagram, because of its ability to automatically delete messages. Facebook reportedly tried to buy the startup for $3 billion last year.

The Snapsaved hack follows September’s attack against Apple’s iCloud service, which targeted photos of celebrities, including actress Jennifer Lawrence, in sexually explicit situations. Lawrence told Vanity Fair that the iCloud hack isn’t “a scandal. It is a sex crime,” and attacked the sites that posted the stolen photos and called them “disgusting.”

CNET staff writer Ian Sherr contributed to this report.

Updated at 2:18 p.m. PT with comment from Patrick Wardle.

PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, PC Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Kansas City, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, Mac Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park, PC Repair Overland Park

 

 

Google exposes ‘Poodle’ flaw in Web encryption standard

An excerpt from the Cnet.com Article by Seth Rosenblatt ( @sethr)

Older Web technology continues to be dogged by revelations that show how insecure it is. A trio of Google security engineers proved that the encryption standard Secure Socket Layer can be circumvented thanks to a new vulnerability they dubbed “POODLE.”

POODLE is a new security hole in Secure Socket Layer (SSL) 3.0 that makes the 15-year-old protocol nearly impossible to use safely, said Google security engineers Bodo Möller, Krzysztof Kotowicz and Thai Duong in a new report published on Tuesday.

The vulnerability allows encrypted, ostensibly-secret information to be exposed by an attacker with network access. POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption (PDF), is a problem because it’s used by both websites and Web browsers. Both must be reconfigured to prevent using SSL 3.0, and POODLE will remain a problem as long as SSL 3.0 is supported.

While SSL 3.0 is no longer the most advanced form of Web encryption in use, Möller explained browsers and secure HTTP servers still need it in case they encounter errors in Transport Layer Security (TLS), SSL’s more modern, less vulnerable younger sibling.

The good news is that not much of the Web relies on SSL 3.0 anymore. A study by the University of Michigan shows that few sites rely on SSL 3.0 for anything. Less than 0.3 percent of communication between site and server depends on SSL 3.0, while 0.42 percent of the top 1 million domains on Alexa use it in even partially.

The reason that POODLE is a problem is that attackers can force your browser to downgrade to SSL 3.0.

If either browser or server runs into problems connecting with TLS, sites and browsers will often fall back to SSL. The problem is that attackers can force a connection failure which would force a site to use SSL 3.0, which would then expose it to hackers.

Because disabling SSL 3.0 outright causes compatibility problems for sites and servers, Möller recommended that administrators for both add support for TLS_FALLBACK_SCSV, a TLS protocol that blocks attackers from conning browsers into downgrading to not only SSL 3.0, but TLS 1.0 and 1.1 as well. It “may help prevent future attacks,” he wrote.

Möller said that Google Chrome and Google servers have supported this solution “since February,” which he said proves that it can be used without compatibility problems.

Robert Hansen, a browser specialist at the security firm White Hat Security, compared POODLE to another widespread vulnerability — Firesheep. Firesheep was a browser add-on that can grab unencrypted communications over the Web. While Firesheep could be defeated by using encryption, POODLE is a problem because the flaw lies with the encryption itself.

“[POODLE] is pretty bad,” Hansen told CNET, “But you have to keep in mind that it only affects a Man-In-The-Middle situation,” an attack where the hacker surreptitiously intercepts network traffic.

Legacy browsers are especially at risk, most notably Internet Explorer 6, which only supports SSL 3.0 and none of the encryption protocol that followed.

Hansen noted that there haven’t been any publicly-known attacks using POODLE yet, but he said it’s only a matter of time until there’s a tool to help hackers exploit POODLE.

“Once somebody creates a tool like Firesheep, then this gets more serious,” he said. “We possibly could see one by the end of the week.”

Research analyst Andrew Conway, who works for the Web and messaging security analysis firm CloudMark, highlighted the fact that an attack using POODLE would be “very difficult to implement.”

That, he said, makes it a bad exploit for your run-of-the-mill cybercriminal, but a potentially attractive one to “national security services” which could use it to spy on “high value targets.”

“The NSA, GCHQ and Russian and Chinese intelligence all have access to Internet traffic in and out of their countries, as well as the skills and resources to implement this attack,” Conway said. “I could imagine that it might be used against military and intelligence targets that use encrypted communications as a matter of course.”

Although Hansen didn’t specifically mention government surveillance, he did add that public Wi-Fi networks and Tor exit nodes could be likely spots to see POODLE exploits — which would fit with Conway’s analysis.

Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City

 

Russian hackers tap Windows flaw to hit NATO, Ukraine

From the Cnet.com Article by Charlie Osborne

Security firm iSight says the “Sandworm” team has targeted NATO, the European Union, Ukraine and industry through a previously unrecognized Windows zero-day exploit.

Russian hackers have exploited a bug in Microsoft’s Windows operating system in order to target computers used by NATO, the European Union, Ukraine and the telecommunications and energy sectors, according to security firm iSight.

In a blog post Tuesday, Dallas-based iSight, in collaboration with Microsoft, said the zero-day vulnerability impacts all supported versions of Microsoft Windows and Windows Server 2008 and 2012. The software giant is readying a patch for the CVE-2014-4114 vulnerability, used for the “Sandworm” cyberattack.

The automatic fix will be part of today’s Patch Tuesday release.

The exploit has been used as part of a five-year cyberespionage campaign, according to iSight. The hackers, dubbed the “Sandworm team” — based on coded references to the science fiction series ‘Dune” — have been monitored by iSight from late 2013 to the present day, although the campaign appears to have been in action since 2009. Spear phishing with malicious files attached is one of the favored methods of infiltrating computer systems, and other exploit methods include the use of BlackEnergy crimeware, as well as Microsoft’s Windows zero-day flaw.

The Windows CVE-2014-4114 vulnerability has been in use since August last year, mainly through weaponized PowerPoint documents.

iSight says that the team previously launched campaigns targeting the US and EU intelligence communities, military establishments, news organizations and defense contractors — as well as jihadists and rebels in Chechnya. However, focus has turned towards the Ukrainian conflict with Russia, energy industries and political issues concerning Russia based on evidence gleaned from phishing emails.

The cybersecurity experts do not know what data has been lifted throughout the Sandworm campaign, however, “the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree.”

The security team notified government agencies and private sector companies that have been targeted, and began working with Microsoft to patch the zero-day vulnerability, which allows the remote execution of arbitrary code. iSight says:

Although the vulnerability impacts all versions of Microsoft Windows — having the potential to impact an enormous user population — from our tracking it appears that its existence was little known and the exploitation was reserved to the Sandworm team.

By disclosing the security flaw on the eve of Patch Tuesday, iSight believes that the possibility of other hacking teams exploiting the zero-day vulnerability has been minimized.

 

 

Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park

 

US spying scandal will ‘break the Internet,’ says Google’s Schmidt

US government surveillance is destroying the digital economy, a roundtable of execs from Google, Microsoft, Facebook and other tech companies tell Sen. Ron Wyden

From the CNET.com Article by Seth Rosenblatt ( @sethr)

PALO ALTO, Calif. — The impact of US government surveillance on tech firms and the economy is going to get worse before it gets better, leaders at some of the biggest tech firms warned US Sen. Ron Wyden on Wednesday during a roundtable on the impact of US government surveillance on the digital economy.

The senior Democratic senator from Oregon took the floor at the Palo Alto High School gymnasium — where he played high school basketball well enough to earn a college scholarship for his court-side abilities more than 50 years ago — to discuss the economic impact and future risks of US government surveillance on technology firms.

Google Executive Chairman Eric Schmidt, who has been outspoken on the topic, pulled no punches with his assessment of how the spying scandal has and will continue to impact Google and other tech companies.

The impact is “severe and is getting worse,” Schmidt said. “We’re going to wind up breaking the Internet.”

Also on the panel with Schmidt was Microsoft General Counsel Brad Smith, another critic who became more outspoken of government surveillance after Edward Snowden leaked National Security Agency documents in 2013 that showed a much wider federal spying apparatus than previously believed.

“Just as people won’t put their money in a bank they won’t trust, people won’t use an Internet they won’t trust,” Smith said.

Panelist Ramsey Homsany, general counsel for online storage company Dropbox, said the trust between customers and businesses that is at the core of the Internet’s economic engine has begun to “rot it from the inside out.”

“The trust element is extremely insidious,” Homsany said. “It’s about personal emails, it’s about photos, it’s about plans, it’s about medical records.”

The documents leaked by Snowden indicate that the US government has been collecting a record of most calls made within the US, including the initiating and receiving phone numbers, and the length of the call; emails, Facebook posts and instant messages of an unspecified number of people; and the vast majority of unencrypted Internet traffic including searches and social media posts. Documents from Snowden show that the British equivalent of the NSA, the Government Communications Headquarters (GCHQ), has a similar program.

Trouble abroad

In prepared remarks to open the roundtable, Wyden noted that he warned back in 2011 that people were going to be stunned and angry when they found out how the US government had been “secretly applying its surveillance authority” to its citizens. What he wasn’t counting on was the international backlash.

Some of the international pushback is in response to data collection by tech companies, not the US government. Europe’s new and controversial “right to be forgotten” law, which says European citizens have a right to ask search engines to remove any results that might infringe on their privacy, is causing headaches for Google. Critics contend that Google policies placed data collection over privacy.

The tech execs on the panel were most upset and scared about international efforts to impose “data localization,” as Microsoft’s Smith put it, referring to a burgeoning efforts by countries to force companies to build data centers based within their borders.

The cost of building data centers in each country that a tech firm wants to do business in could wind up destroying US tech firms, Schmidt and Smith warned.

Schmidt called data localization a “national emergency.” Tech titans have yet to go in-depth as to the actual financial impact data localization has had on them, but in addition to the costs of having to build at least one separate data center for each country that demanded it, data localization could also subject the data to local laws in a way that tech firms worry would erode user trust — and their ability to trade on that trust — even further.

Smith noted that 96 percent of the world does not live in the US, and that the American tech economy depends on convincing them that American tech services are trustworthy. “Foreign data centers would compromise American [economic] growth” and leadership, he said.

Abroad, efforts are already underway to force international tech companies to be more respectful of their own national interests — efforts that could erode consumer trust further, said Wyden. German Chancellor Angela Merkel has said publicly that Germany is looking at European email service providers so that their messages “don’t have to go across the Atlantic.” The government of Brazil’s President Dilma Rousseff is considering forcing US tech firms to build data centers in Brazil, if they want to do business with Brazil.

The biggest indication of the decline of America’s ability to guide the Internet, according to Wyden, is that Chinese officials told the senator earlier this summer that they considered the Chinese theft of US tech trade secrets no different than US government surveillance of foreign governments and firms.

Rebuilding trust

Part of reclaiming leadership in the digital economy since the Snowden document leaks has been efforts by tech companies to encrypt user data to protect it. Facebook has used its leverage to help convince tech companies to implement tougher webmail encryption standards, while Google and Yahoo are seeking to push the envelope of how encryption can safeguard webmail.

Panelist Colin Stretch, general counsel for Facebook, called efforts to encrypt user data “a key business objective of all of us.”

“I’d be fundamentally surprised if anybody takes the foot off the pedal of building encryption into their products,” he said.

Wyden reiterated his stance that he is not opposed to all government surveillance: He supports Section 702 of the Foreign Intelligence Surveillance Act Amendments from 2008, which allows the director of National Intelligence and the US attorney general to team up to target non-US citizens located outside the US.

While Wyden and the panelists discussed the need to revise American laws as the first step to regain the trust of American citizens and international governments, they didn’t talk about what to do with the data that’s already been collected.

Wyden told CNET after the panel that he had no plans at the moment to address the data that the government has currently collected.

“I have to reflect on that,” he said, but added, “The cat’s out of the bag. I want to get policies right for the future.”

“There’s no question that Washington, DC, does overreach well,” quipped the senator.

Wyden concluded with a promise to make Congress take action to preserve the digital economy.

“The message here today is that there is a clear and present danger to the Internet economy,” he said. “The reality is that we can pass a good bipartisan bill by the end of the year.”

Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City

Twitter sues US government over user data-request gag rules

Social network says current government restrictions on transparency are preventing tech companies from being fully honest with the public.

From the cnet.com article by Seth Rosenblatt ( @sethr)

Twitter is suing the US government in federal court to loosen restrictions that prevent full disclosure of government demands for Twitter user data.

The suit, filed by the San Francisco-based social networking company in the US District Court of Northern California, says that US government prohibitions on sharing the nature of some of its demands for Twitter user data violate the First Amendment’s free speech clause (PDF). Twitter legal counsel Ben Lee said in a blog post that the firm believes that current government restrictions on transparency are preventing tech companies from being fully honest with the public.

“It’s our belief that we are entitled under the First Amendment to respond to our users’ concerns and to the statements of US government officials by providing information about the scope of US government surveillance — including what types of legal process have not been received,” Lee said. “We should be free to do this in a meaningful way, rather than in broad, inexact ranges.”

Lee said that currently government restrictions “prohibit and even criminalize” the company from discussing the mere number of Foreign Intelligence Surveillance Act and National Security Letter court orders its received — “even if that number is zero.” FISA and NSL court orders for user data play a key role in the government’s surveillance apparatus, as revealed in documents leaked by former NSA contractor Edward Snowden.

Before Snowden’s leaks to the media, most if not all companies couldn’t disclose that they’d received those court orders in the first place. Currently, Twitter and other tech firms can only disclose to the nearest thousand how many orders its has received.

Lee said that Twitter submitted a draft of its most recent Transparency Report to the Federal Bureau of Investigation and Department of Justice in an attempt to negotiate a deal without resorting to the courts. After “months of discussions,” however, the government refused to budge, he said.

The breakdown in talks appears to contradict a promise by President Obama that tech firms would be given a freer hand to report on government requests.

The Department of Justice did not return a request for comment.

The American Civil Liberties Union applauded Twitter’s lawsuit and encouraged other tech firms to follow suit.

“The Constitution doesn’t permit the government to impose so broad a prohibition on the publication of truthful speech about government conduct,” said ACLU deputy legal director Jameel Jaffer in a statement. “Technology companies have an obligation to protect their customers’ sensitive information against overbroad government surveillance, and to be candid with their customers about how their information is being used and shared.”

 

Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park

Critical USB Hack Goes Public; How Bad Is The Risk?

From the Newsy.com’s Matt Pitch

Because we just didn’t have enough tech security problems to worry about, computer science researchers have just published a potentially catastrophic security exploit. It’s ubiquitous, it’s nearly impossible to fix, and it’s all thanks to these little devices.

The problem first came to light several months ago, when a pair of researchers, Karsten Nohl and Jakob Lell, unveiled BadUSB, a way to transform common USB devices into malware-laden attack vectors which could hijack any computer they were attached to.

The firmware-based exploit involves altering the very nature of how a USB device communicates with a computer — which meant traditional malware detectors wouldn’t pick up on the attacks, and countering the threat would be nearly impossible. (Video via Vimeo / Offensive Security)

When they first revealed BadUSB, the hackers declined to reveal how they made the malware, citing security reasons. But another pair of researchers has now reverse-engineered the hack — and they’ve opened up their work to the public.

Adam Caudill and Brandon Wilson have made some of the code behind their version of BadUSB freely available on GitHub. The hackers say they’re publishing their work so the community can come up with a solution.

ADAM CAUDILL VIA YOUTUBE / ADRIAN CRENSHAW“If you’re going to say something, if you’re going to prove that there’s a flaw, you need to release the material so people can defend against it.”

But The Verge notes a fix is likely to require “a full update to the USB standard itself, which means years of insecurity. However the industry responds, we’re likely to be living with it for a long, long time.”

It’s also possible we’ve already been living with this problem: BadUSB looks a bit like COTTONMOUTH, a National Security Agency product revealed during the Snowden leaks which hijacks USB devices.

Now that the instructions for building BadUSB attacks are out in the wild, it’s possible malicious hackers could start building these types of attacks. So, should we freak out?

In a blog post, Caudill stated his release is just a harmless demo, and doesn’t contain anything that might enable malware. “The kind of people that have what it takes to do this, could do it regardless of our release. … I firmly believe that by releasing this code, the risk to the average user isn’t increased at all.”

And Mashable notes there are a few basic ways to guard against BadUSB attacks — for one thing, don’t let suspicious or untrusted USB sticks anywhere near your computer. It’s also possible to lock USB port use on Windows systems, or by using endpoint security software.

Boing Boing’s Cory Doctorow has a slightly more apocryphal bit of advice — apparently, someone with high-level connections to the U.S. intelligence community told Doctorow “the spooks he worked with would only trust USB thumb-drives from one vendor, a U.S.-based firm that had been vetted by American spies.”

So, y’know, if you can find that vendor, you should be safe from most black-hat USB attacks! Until then, it’s probably better to not put anything in your computer if you don’t know where it’s been.

Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City, Smarthome Overland Park, Home Automation Overland park, Smarthome Kansas City, Home Automation Kansas City

 

Protesters Are Using FireChat’s Mesh Networks To Organize in Hong Kong

From the Gizmodo.com Article by Kate Knibbs

Protesters in Hong Kong have started communicating via FireChat, an app that lets people send messages without cell reception.

Tens of thousands of protestors are gathering in Hong Kong’s financial district to protest changes to election policy that would let a mainland Chinese committee vet the city’s political candidates, and many use their phones to organize. There’s a live feed of the protest you can watch on YouTube:
(This is a live feed stream from Hong Kong so CMOKC can’t be responsible for content of the live video feed, Viewers Discretion Advised.)

College students spearheaded the initial meetup, and this protest is appropriately tech-savvy. In addition to mainstream social networks like Facebook and Twitter, Hong Kong’s activists are using iOS and Android app FireChat.

Activist Joshua Wong advised his fellow student protestors to download the app, which helped spread the word.

FireChat’s parent company Open Garden reports 100,000 new users from Hong Kong within 22 hours, and 33,000 users on the app at once. While that’s nothing for big networks like Twitter, FireChat is still a small, new, underused app. This surge in use highlights its value as a tool for political organizers.

FireChat helps people create what are known as “mesh networks.” These connections go between devices, using a phone’s hardware to link people in a daisy chain. Right now, FireChat can connect devices up to 200 feet apart. The geographic limit means the app is really only useful in crowds… but that’s exactly what the Occupy Central protests have drawn. Since the crowd is so dense, many people are able to create a large mesh network to spread updates.

Mesh networks are an especially resilient tool because there’s no easy way for a government to shut them down. They can’t just block cell reception or a site address. Mesh networks are like Voldemort after he split his soul into horcruxes (only not evil). Destroying one part won’t kill it unless you destroy each point of access; someone would have to turn off Bluetooth on every phone using FireChat to completely break the connection. This hard-to-break connection isn’t super important for casual chats, but during tense political showdowns, it could be a lifeline.

FireChat is not encrypted, which means anyone with the app can see all the public messages (it also doesn’t have a private chat function). So it’s a limited political tool. But with Instagram apparently blocked in mainland China as a result of this protest, the value of having an app that can resist government-imposed shutdowns is more obvious than ever.

Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Cell Phone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Iphone Repair Kansas City, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Cell Phone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park, Iphone Repair Overland Park,