background propaganda

Yesterday, while many of us were grilling various meats and dreading the inevitable return to work, hackers posted what they claim are 1 million unique identifiers for iPads and iPhones. According to the hackers, the source of this information is a significantly larger database held by the FBI.

The pastebin post linking to the leaked information claims that during the second week of March, hackers were able to breach a notebook belonging to a FBI agent based out of New York City.

From the post:

“[D]uring the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.”

All iOS devices are associated with a UDID, intended to allow for easier tracking by developers and advertisers. Apple has come under fire in recent months after it was revealed that some third parties were receiving this tracking information without consent.

The hackers say they have always believed that such unique IDs being attached to phones “was a really bad idea,” that and that the “concept should be eradicated from any device on the market in the future.”

“[W]e have learnt it seems quite clear nobody pays attention if you just come and say ‘hey, FBI is using your device details and info and who the fuck knows what the hell are they experimenting with that’,” continues the post. “[W]ell sorry, but nobody will care. FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will forget the whole thing at amazing speed. so next option, we could have released mail and a very small extract of the data. some people would eventually pick up the issue but well, lets be honest, that will be ephemeral too.

“So without even being sure if the current choice will guarantee that people will pay attention to this fucking shouted ‘FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT’ well at least it seems our best bet, and even in this case we will probably see their damage control teams going hard lobbying media with bullshits to discredit this, but well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it. Also we think it’s the right moment to release this knowing that
Apple is looking for alternatives for those UDID currently and since a while blocked axx to it, but well, in this case it’s too late for those concerned owners on the list.”

SOURCE The Consumerist

The Pentagon says it may take legal action against an ex-US special forces member who has written a book about the raid that killed Osama Bin Laden.

SOURCE BBC News – Asia

The Electronic Frontier Foundation sued the government Thursday demanding a judge order the feds to release documents allegedly showing the National Security Agency unlawfully surveilled Americans’ e-mails and telephone calls.

Specifically the EFF wants the government to make public a secret court ruling that found that the feds had broken a 2008 wiretapping law that was intended to legalize President George W. Bush’s warrantless wiretapping program.

The public first learned of that ruling thanks to three damning statements U.S. Sen. Ron Wyden (D-Oregon) obtained national security clearance to make public. Wyden, a member of the Senate Intelligence Committee, presumably learned of the lawbreaking in briefings from the intelligence community.

The statements concerned alleged abuses of the FISA Amendments Act, a 2008 law that allows the government to conduct widespread e-mail and phone surveillance inside the United States, without probable-cause warrants, targeting people or groups “reasonably believed to be located outside the United States to acquire foreign intelligence information.” In other words, the government can collect all e-mails and phone calls from the United States to Lebanon, so long as the target is a suspected terrorist group in Lebanon. If the government collects e-mails that are sent by people believed to be American, the person’s identity is supposed to be given a pseudonym or “minimized.”

The government is required to get approval from a secret court known as the Foreign Intelligence Surveillance Court or FISC for both wide-net and targeted surveillance performed inside the United States.

Here are the statements Wyden was authorized to divulge:

• “A recent unclassified report noted that the [FISC] has repeatedly held that collection carried out pursuant to the FISA Section 702 minimization procedures used by the government is reasonable under the Fourth Amendment.”

• “It is also true that on at least one occasion the [FISC] held that some collection carried out pursuant to the Section 702 minimization procedures used by the government was unreasonable under the Fourth Amendment.”

• “I believe that the government’s implementation of Section 702 of FISA has sometimes circumvented the spirit of the law, and on at least one occasion the [FISC] has reached this same conclusion.”

In short, Wyden is trying to say that the NSA has found a way to collect a ton of information on Americans and sift through it in a way that he considers to be illegal. And, in at least one secret decision by a secret court, judges agree with him.

On July 26, the EFF sought documents under a Freedom of Information Act claim to support Wyden’s statements, including classified FISA court opinions, reports and any documents connected to congressional briefings about the topic. The government did not forward any documents, so the EFF sued in federal court in the District of Columbia.

Kathleen Turner, the legislative director at the Office of the Director of National Intelligence, told Wyden in a letter authorizing his statements that the FISA court’s opinions are classified.

She also told Wyden that “The government has remedied these concerns and the FISC has continued to approve the collection as consistent with the statute and reasonable under the Fourth Amendment.” (.pdf)

The FISA Amendments Act, expiring at year’s end, authorizes the government to electronically eavesdrop on Americans’ phone calls and e-mails without a probable-cause warrant so long as one of the parties to the communication is outside the United States. The communications may be intercepted “to acquire foreign intelligence information.”

The FISA Amendments Act, which the Obama administration said was its top intelligence priority, generally requires the Foreign Intelligence Surveillance Court to rubber-stamp terror-related electronic surveillance requests that ensnare Americans’ communications. The government does not have to identify the target or facility to be monitored. It can begin surveillance a week before making the request, and the surveillance can continue during the appeals process if, in a rare case, the secret FISA court rejects the surveillance application.

Committees in the House and Senate have agreed to reauthorize the act for up to five years. No floor votes have been taken.

SOURCE Threat Level

PS Vita‘s latest firmware update – 1.80 – may bring PSOne Classics with it, but it’s also secretly added a new “feature” that’s bound to make some Vita owners angry. PS Vita’s update to 1.80 locks memory cards to one PSN account, meaning that your days of using multiple PSN accounts on PS Vita are over. That is, unless you want to purchase a separate memory card for each of your accounts.

Of course, the problem with that is Sony‘s proprietary memory cards are pretty expensive, with a 4GB card costing around $20 at most places. Most PS Vita owners don’t use multiple PSN accounts on their Vitas, and in fairness, it’s already an ordeal to switch between PSN accounts on the handheld, but here’s the kicker: since Sony didn’t say anything about this lock down when 1.80 was released, a number of those who did use multiple PSN accounts are now locked out of some of their saves. That’s a pretty big problem, and it’s understandable why these gamers would be upset.

There is a way to transfer your saves, however, but it requires that you have multiple cards on hand. Folks on NeoGAF are pointing out that PS Vita owners can transfer their save data from one PSN account onto a PS3 and then move it to another memory card. It’s a hassle, but if you’re someone who frequently switches between regions when playing PS Vita, it’s a lot better than losing access to a portion of your content.

As for this move by Sony, it’s safe to say that it has a lot of gamers upset. Sony hasn’t made a statement on the outrage, and probably won’t, considering this stealth implementation. Sorry to say it, PS Vita gamers, but it looks Sony just took away your ability to switch between the different versions of the PlayStation Network. Were you someone who was using multiple PSN accounts on your PS Vita, or are you not affected by this particularly ugly bullet point of firmware update 1.80?

Seems like some hactivists have been working hard, 1 million accounsts were leaked over the weekend from some pretty serious sources by the group Team GhostShell – who are affiliated with Anonymous. It seems like these weren’t particularly complex or technically adept multi-layer attacks, they were carried out via the most common…

SOURCE Darknet – The Darkside

Hi everyone! A few weeks ago, we discussed a number of steps we’re taking to add an extra layer of security for Dropbox users. Today we’d like to announce the launch of two-step verification, a feature that will enhance the security of your Dropbox by requiring two levels of authentication: your password, and a security code that will either be texted to your mobile phone or generated by a mobile authenticator app (available for iOS, Android, Blackberry and Windows Phone 7).

Turning on two-step verification is simple: go to the new Security tab in your Dropbox account settings and enable two-step verification in the “Account sign in” section.

From there, just follow the steps to set up two-step verification. Detailed setup instructions are also available in our Help Center. On your desktop or mobile devices, you’ll only need the code the first time you sign in to Dropbox. On the web, you can also select the option to “Trust this computer” and you won’t need to re-enter a code again.

Two-step verification is one of several steps that we’re taking to enhance the security of your Dropbox. We’ve also created a way for you to view all active logins to your account on the Security tab, and we’re working on automated mechanisms to identify suspicious activity. If you have any questions about two-step verification or would like help getting started, please visit our help center or contact us anytime at support+security@dropbox.com.

SOURCE The Dropbox Blog

Even though it won’t be released for another month and a half, Microsoft’s (MSFT) upcoming Windows 8 operating system has already found itself at the center of a number of controversies. After being criticized for its Metro interface and lack of a Start button, Microsoft is now facing its most troubling accusation yet. According to programmer Nadim Kobeissi, Windows 8 automatically and immediately, through a new feature called SmartScreen, informs Microsoft about every app that is downloaded and installed on the operating system.

UPDATE: Microsoft’s response follows below.

Windows SmartScreen is supposedly meant to protect users from malicious programs by screening applications installed from the Internet and sending the information to Microsoft to ensure its safety. According to Kobeissi, however, “it may be possible to intercept SmartScreen’s communications to Microsoft and thus learn about every single application downloaded and installed by a target.”

The SmartScreen feature is turned on by default and when disabled, Windows will periodically pester users to re-enable it.

“We can confirm that we are not building a historical database of program and user IP data,” a Microsoft spokesperson said. “Like all online services, IP addresses are necessary to connect to our service, but we periodically delete them from our logs. As our privacy statements indicate, we take steps to protect our users’ privacy on the backend. We don’t use this data to identify, contact or target advertising to our users and we don’t share it with third parties.”

The company spokesperson added, “With respect to the claims of SSL security and data interception risk posed by the SSL2.0 protocol, by default Windows 8 will not use this protocol with our service. Windows SmartScreen does not use the SSL2.0 protocol”

SOURCE Boy Genius Report

Last week we found out about a new SMS security hole in the iPhone that could potentially leave users vulnerable to phishing attempts. To put it simply, this hole allows undesirable people to change the reply-to address on the texts they send you, making them appear to be legitimate and possibly convincing you to hand over some personal details. AdaptiveMobile has published a new report on the security hole, and while it may be scary for iPhone users, it appears that this flaw doesn’t affect devices running a different OS.

AdaptiveMobile’s Cathal McDaid attempted the exploit on Android, Symbian, Windows Mobile and BlackBerry devices and found that it worked on none of those. The reason for this is because most handsets step around the flaw by not showing the Reply-Address at all. McDaid warns that any devices which show the Reply-Address are less secure than those which don’t, so this problem isn’t necessarily exclusive to iPhone – it’s just that the majority of the devices tested don’t show the address in the first place.

After the vulnerability came to light, Apple made a statement to Engadget, instructing texters to use iMessage instead of SMS, as iMessage is more secure. “Apple takes security very seriously,” the statement reads. “When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”

Obviously, iMessage is an exclusive feature of iOS, so when communicating with other devices that aren’t an iPhone, SMS has to be used. It’s still a bit unsettling, but really, staying secure does fall on the shoulders of the users in this case. It kind of goes without saying that it isn’t a good idea to share personal information on your phone, and if you get a suspicious looking message, it’s probably a good idea to follow up before sending off information that could come back to haunt you (for instance, call your bank and check with it if you get a message claiming to be from it). It may not be the most desirable solution to these problems, but it’s a lot better than having personal information out in the open thanks to one bogus text.

Ever wonder who exactly is paying for and sponsoring that political campaign commercial that’s on your TV? Ad Hawk for Android does exactly that. Working somewhat like Shazam, it listens to the ad being played, then returns all of the information it can on the makers and supporters of the commercial. 

Being campaign time here in the US, it’s best to stay well-informed on who’s paying the big bucks to influence your vote. Check it out and let us know what you think. If you feel like talking politics in the comments, keep it civil.

Play Link

Here is more info on how it works:

Click here to view the embedded video.

SOURCE Droid Life

Home servers can be really handy for streaming media, securing public Wi-Fi, or sharing files between friends. But if you don’t have a spare computer lying around to turn into a server, free app Servers Ultimate can do it to an old Android phone. More »

SOURCE Lifehacker: Android