and even more metadata

How To Maintain Your Privacy In The New Australian Age Of Surveillance Although I do link to some articles at Lifehacker, they are not usually security related stories. Lifehacker aims a little lower than the readers here, and some of the comments will prove that. BUT, there are occasions when they punch out a great

How strong are Diceware passphrases?

The strength of a Diceword passphrase depends on how many words it contains. If you choose one word (out of a list of 7,776 words), an attacker has a one in 7,776 chance of guessing your word on the first try. To guess your word it will take an attacker at least one try, at

and more metadata

Australians will have two years of their metadata stored by phone and internet providers after the Abbott government’s controversial data retention laws passed parliament. The government believes the laws, which allow about 85 security and policing agencies to access two years of an individual’s metadata, are crucial to thwart terrorism attacks and prevent serious crime. Attorney-General

metadata

Phone metadata reveals what and who we’re interested in and what’s important to us, no matter how private. The first news story to break based on the Snowden documents described how the NSA collects the cell phone call records of every American. One government defence, and a sound bite repeated ever since, is that the

Full Disk Encryption

So what we really need is a simple encryption program that A) is user friendly and B) easy for IT to roll out to users. The less need for user education and training the better, especially when it comes to how it deals with the boot-up password. If it matters, many of these laptops are

OwnCloud: Fiddly but secure host-from-home

Unfortunately, in the post-Snowden world, we find ourselves forced to accept that using services like Dropbox or Google Drive means we’re sharing our documents not just with friends, family and co-workers, but also the NSA and GCHQ. For the privacy and security-conscious, SpiderOak trumps Dropbox, Google Drive and others by the simple fact that it

Hacking BIOS Chips

The ability to hack the BIOS chip at the heart of every computer is no longer reserved for the NSA and other three-letter agencies. Millions of machines contain basic BIOS vulnerabilities that let anyone with moderately sophisticated hacking skills compromise and control a system surreptitiously. The revelation comes two years after a catalogue of NSA spy

EMET 5.2

Microsoft has released version 5.2 of its Enhanced Mitigation Experience Toolkit – EMET – a free utility that can detect and block exploitation techniques that are commonly used to exploit memory corruption vulnerabilities.

iPhone PIN Is NOT Safe

We recently became aware of a device known as an IP Box that was being used in the phone repair markets to bruteforce the iOS screenlock. This obviously has huge security implications and naturally it was something we wanted to investigate and validate. For as little as £200 [AU$385]we were able to acquire one of

You are being watched

The metadata legislation is currently before the house, and when finalised, we can take a better look. Meanwhile, back in the “land of the free and home of the brave” (sic)… FBI To Install Tracking Malware On Computers Worldwide The rules for how the US Department of Justice tracks down criminals in the digital age

Bluewire

Bluewire is the easiest-to-use smartphone and VOIP call recorder. With simple Bluetooth connectivity, it’s the ONLY Bluetooth headset on the market that can record both sides of a smartphone or VoIP conversation and store the recordings securely on the headset itself. It will record whatever conversation is passing through the phone; so if you’ve already got a

Evolution Just Vanished

If Evolution’s owners did in fact steal their users’ funds stored on the site—a theory that’s still not confirmed—it’s not clear just how much they would have profited. But given the size of Evolution’s market, with nearly 20,000 drug product listings as well as thousands more items ranging from weapons to stolen credit cards, the

What’s Scarier

Forcibly taking down websites deemed to be supportive of terrorism, or criminalizing speech deemed to “advocate” terrorism, is a major trend in both Europe and the West generally. Last month in Brussels, the European Union’s counter-terrorism coordinator issued a memo proclaiming that “Europe is facing an unprecedented, diverse and serious terrorist threat,” and argued that increased

RAPTOR: Routing Attacks on Privacy in Tor

The Tor network is a widely used system for anonymous communication. However, Tor is known to be vulnerable to attackers who can observe traffic at both ends of the communication path. In this paper, we show that prior attacks are just the tip of the iceberg. We present a suite of new attacks, called Raptor,

Numbers That Keep Your Data Safe

Picture the simplest case: you’re logging into a secure, private service and it needs to be able to identify you. But it also needs to ensure that nobody could be impersonating you. So there, on the spot, it needs to be able to find a truly unique and unpredictable ID to assign to you. This