Featured ContentNote: We're able to pay for good user-contributed content
News 
According to documents obtained by CNET, the DEA is upset because the encryption used by Apple's iMessage foils their ability to snoop on those communications. Even with a warrant (increasingly seen as optional these days by law enforcement and intelligence agencies) and the fact that carriers let the NSA snoop on everything in real time, "it is impossible to intercept iMessages between two Apple devices." Well not entirely impossible; the memo notes that sometimes interception is possible, but it would require the government to conduct man in the middle attacks using spoofed cell towers, something the feds just got busted for using for years without properly informing Judges. Encryption isn't particularly hard, but as an ACLU analyst in the CNET piece points out, most companies and providers don't put any effort into it: Christopher Soghoian, a senior policy analyst at the American Civil Liberties Union, said yesterday that "Apple's service is not designed to be government-proof." "It's much much more difficult to intercept than a telephone call or a text message" that federal agents are used to, Soghoian says. "The government would need to perform an active man-in-the-middle attack... The real issue is why the phone companies in 2013 are still delivering an unencrypted audio and text service to users. It's disgraceful." The government has been pushing for years to have wiretap and privacy laws like CALEA changed to provide them with easier access to encrypted services like Gmail. 49 comments
Back in March of last year you might recall that the FCC announced they had cooked up a new voluntary "cybersecurity" program designed to shore up and unify ISP responses to botnets and other security threats. The plan essentially just urged ISPs to voluntary follow a code of practice for shoring up security measures versus botnets, attacks on the Domain Name System (DNS), and Internet route hijacking.  story continues..5 comments
Porn copyright troll Prenda Law has apparently run afoul of one very tough Judge. We've previously noted how Prenda has been trying to scare broadband users into settling with the company en masse after they've been tracked downloading copyrighted porn films. 12 comments
Iran, like Pakistan, in 2011 decided to make use of VPNs illegal, claiming the move was necessary for "security reasons" and to "stop militants" (easier spying is of course just coincidence). Reuters notes that the Iranian government have lately been clamping down harder on VPNs, hunting down and shuttering "illegal" VPNs. The country allows only official, surveillance-ready VPNs to operate. The clamp down comes as Iran prepares for its presidential election in June. Iran also filters or bans Facebook, Twitter, and YouTube significantly. 42 comments
If you live in the United States, you may be familiar with the common sentiment that you generally cannot take your favorite cellular enabled device (tablet, smartphone, Sony PlayStation Vita, etc.) and use it on any carrier you like. With GSM carriers, this is referred to as a SIM lock. story continues..40 comments
The Baltimore Sun (via Ars Technica) notes that Verizon contacted police after they noticed a Baltimore Deacon was quite happily storing his significant child pornography collection in the cloud. The Deacon apparently thought it was a great idea to store this content in his Verizon Online Backup and Sharing account; Verizon noticed the content and contacted the Center for Missing and Exploited Children, who in turn contacted law enforcement. 67-year-old William Steven Albaugh was released on $75,000 bond while the investigation continues. Aside from the obvious discussion on disgusting child porn, priests, and stupidity -- the incident raises some obvious questions about just how extensively Verizon monitors cloud content. 93 comments
Comcast has finally launched a security suite for smartphones and tablets after testing the service since 2009. According to a company press release, Xfinity customers can now download a free app called Constant Guard Mobile that will protect users from phishing attacks and fraudulent websites. The company also offers desktop users a version of Constant Guard made by Norton. Whether you really think you need your cable company to provide mobile device security, or whether you want yet another large company fiddling with your private data -- is of course up to the individual. We'd be interested in hearing Comcast user impressions of the app in the comment section below. 7 comments
DNSSEC is a flavor of security that allows both sites and providers to validate domain names to make sure they're correct and not tampered with, and is supposed to help combat things like DNS cache "poisoning" and phishing scams. While some ISPs like Comcast have made great efforts to get DNSSEC deployed, most ISPs and companies are lagging far behind. 7 comments
Verizon has been trying to justify their blocking of Google Wallet on Verizon phones, insisting the app is blocked because Google Wallet uses the "secure element" on devices to store a user's Google ID. In response to complaints filed with the FCC, Verizon insists the unending blockade has nothing to do with the fact Verizon (in conjunction with AT&T and T-Mobile) is working on their own competing mobile payment platform named Isis. 76 comments
We've noted repeatedly how privacy technology discussions often have a bizarre and amusing lack of context, the press getting borderline hysterical about every NebuAD or CarrierIQ scandal, while ignoring that carriers and the government buy, sell and trade all user information daily with only a fleeting regard for law. Time and time again we've seen folks come forward with evidence of carriers like AT&T, Sprint and Verizon simply dumping all live traffic in the government's lap in violation of law (which they simply change when they get caught). 79 comments
UK provider British Telecom is under fire for a website glitch that allows an individual to add services to a user account -- simply by providing a phone number and zip code. The vulnerability, spotted by The Register, was actually initially even worse: users who entered that information were easily able to acquire all the additional information of a primary account holder. British Telecom says they've fixed the latter issue -- but has refused to address the initial problem with their website. "One could easily make a nuisance of oneself ordering extra services for someone and BT would be happy to comply with those requests, it seems," notes the Register reader. "They should ask for the BT account number as well at the very least, since that is not something that people give out." 1 comment
A new security vulnerability has been found in Skype that allows anyone to change your password and take control of your Skype account. First posted to a Russian Internet forum several months ago, The Next Web says they've tested the five step hack and have confirmed that it works. 15 comments
story continues..45 comments
Add increased home thefts as another potential side-effect of utilities' efforts to deploy electricity meters with embedded Wi-Fi. We've already noted how these meters have a strong tendency to interfere with home routers and WISP equipment, but now concerns are being raised that they're too easy to hack, allowing people to easily determine when residents haven't been at home. Security researchers tell New Scientist that they were able to hack into most common Wi-Fi embedded utility meters using just $1,000 of gear from 500 meters away, letting them easily see who was -- or wasn't -- home. "I consider it an embarrassment that this kind of technology is deployed with no protection whatsoever," one researcher complains. 45 comments
Ars Technica has an interesting read on a new attack that has been exploiting vulnerabilities in multiple varieties of DSL modems, forcing users in Brazil to visit compromised websites in turn leading to the theft of financial information. Researchers say the attack is a "perfect storm" of incompetence courtesy of Brazilian regulators, ISPs and hardware vendors who failed to properly test and confirm modem security across more than six unnamed varieties of DSL modems. Kaspersky Lab Expert Fabio Assolini put it this way in a blog post: "This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems. This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months."
"The negligence of the manufacturers, the neglect of the ISPs and ignorance of the official government agencies create a 'perfect storm,' enabling cybercriminals to attack at will." The attack has infected more than 4.5 million DSL modems, according to Assolini. 18 comments
GoDaddy is not only apologizing profusely for this week's significant outage, but they're offering users one month service credits. Not only did the outage turn out the lights for thousands of GoDaddy DNS users, it forced the company to temporarily use the DNS servers of a competitor (Verisign) while they got users back online. 20 comments
Hacking group AntiSec has released a portion of what they're claiming is a list of 12 million Unique Device IDs, including (redacted by AntiSec) personal information such as user names, device names, notification tokens, cell phone numbers and addresses. More interesting perhaps is where the group claims they obtained this data from: a laptop belonging to New York FBI Special Agent Christopher K. story continues..59 comments
by Revcb Friday 31-Aug-2012 2 comments
by Revcb Thursday 30-Aug-2012 9 comments
According to a National Preparedness Group report released last fall, the nation's emergency networks still don't function as they should -- more than a decade after the attacks on the World Trade Center resulted in first responders being unable to communicate with one another. Efforts since then have stumbled over themselves, but Techdirt directs our attention to a new whitepaper that suggests using residential routers as part of a first responder network in an emergency. 75 comments
·more stories, story search, most popular ..
Recent news contributorsKarl Bode  , Van , newview
| 
