The FBI has updated their Most Wanted cyber felons list, offering US$4.2m in bounties. The mastermind of the Zeus trojan; a car scamming screwball; an identity thief; a malvertiser, and a keylogger monger: nail these five net crims to the wall and the FBI will pay you US$4.2 million. And, as in every other field of endeavour,
One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of
At the upcoming DefCon hacker conference in Las Vegas next month, Caudill plans to unveil ProxyHam, a “hardware proxy” designed to use a radio connection to add a physical layer of obfuscation to an internet user’s location. His open-source device, which he built for $200, connects to Wi-Fi and relays a user’s Internet connection over
A team of five researchers from universities in London and Rome have identified that 14 of the top commercial virtual private networks in the world leak IP data. Despite being a known issue, our experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage. The reasons for these failings are diverse,
Adrián Lamo (threat analyst and top 10 hacker) on password management – With the latest LastPass and 1Password break-ins and exploits, what’s the best way to manage a host of passwords while still being accessible securely from any computer with Internet access? Paywalls may be a necessary cost to entry to ensure the resources for
More than 20 “intrusive” fake mobile phone towers that eavesdrop on public conversations have been found active in the UK, the first time the technology has been detected in the country. The IMSI catchers, also known as Stingrays, have been found to be operating in London, but the Metropolitan Police have refused to say who
One way to keep your “computer” safe is to keep it separate from your workstation. What is your favorite software for making multiboot USB Flash Drives? I have heard of SARDU, YUMI, XBoot, Grub4DOS, etc. What are the PRO’s and CON’s of each? Easiest to use? Most Flexible? I got YUMI to boot after having
Test results of android security at AV-Test. During May 2015 we evaluated 25 mobile security products for Android using their default settings. We always used the most current version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on malware detection and
As we all know there are ways that your real IP can be leaked when using tor (JavasScript, Flash, Malware and software errors). In this tutorial I’m going to show how to create a fairly secure tor environment using VMWare, which will prevent any IP leaks. The environment can be used for general browsing and
The malware known as ZeuS and its rogue creator have been at the cutting edge of cyber-crime for nearly a decade. This is the story of a nasty piece of code, and the hunt for its creator.
Thanks to the latest advances in computer vision, we now have machines that can pick you out of a line-up. But what if your face is hidden from view? Modern face-recognition algorithms are so good they’ve already found their way into social networks, shops and even churches. An experimental algorithm out of Facebook’s artificial intelligence
The Secrecy of the Snowden Documents Do countries like China and Russia have copies of the Snowden documents? I believe the answer is certainly yes, but that it’s almost certainly not Snowden’s fault. Snowden has claimed that he gave nothing to China while he was in Hong Kong, and brought nothing to Russia. He has
Finally, we’re releasing the first installable ISO for Qubes 3.0, the Release Candidate 1 (3.0-rc1)! Compared to Qubes R2, which we released last year, Qubes OS 3.0 brings major improvements in two distinct areas: •It implements the new hypervisor-abstracted architecture (which we call: HAL), and introduces a load of new features: Xen 4.4, new qrexec,
We demonstrate the extraction of secret decryption keys from laptop computers, by non-intrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered;
I’ve been a long-time user of KeePass. I inspected its 2.x .NET source code today and quickly noticed the following issues which I find quite concerning… read the “questionable security” post at Hacker News.