| story continues..
A blog post at Symantec
this week is turning heads after the team uncovered a new, previously undetected piece of malware that has been used for years to spy on government operations. Dubbed "Regin," Symatec states that the construction of the malware "displays a degree of technical competence rarely seen," resulting in the malware remaining largely undetected since it arrived on the scene back in 2008. The malware functioned until 2011, then resurfaced in reconstituted form sometime in 2013.
Symantec notes that the highly sophisticated nature of the malware means it was was likely crafted by a government or intelligence service, and was then used to target businesses, telecom backbones, governments, and individuals using a variety of infection vectors. Notes Symantec:
Regin’s developers put considerable effort into making it highly inconspicuous. Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyze the payloads after it decrypted sample files.
Over the years we've seen a number of ISPs
and even hotels
run into user backlash and PR problems when they've decided to use deep packet inspection and ad injection to force their ads into user content. Many users don't like any ISP hijacking of site code, much less advertising injection -- especially if users aren't being told the system is being used.
Popular Science serves up an interesting read
about the discovery of fake "towers" that are being used to surreptitiously intercept cell phone traffic. ESD America offers a product they call the GSMK Cryptophone 500, which is essentially a Galaxy S III running modified hardware and a modified, more-secure version of Android -- which the company states purges 468 vulnerabilities from the traditional Android build.
By now I'm sure you've all heard the various horror stories about how your web browsing activities are being spied upon and stored. This has included government agencies, web site trackers, and possibly even your ISP. story continues..
A report over at ProPublica
breathlessly proclaims this week that there's a new advertising and tracking system that's "virtually impossible to block." The technology, being developed by a company called AddThis
, utilizes something called "canvas fingerprinting." Canvas fingerprinting, first discussed in a 2012 paper by Keaton Mowery and Hovav Shacham
(pdf), uses your computer's unique graphics rendering capabilities (graphics card, browser, driver variant) to track your movements across the Internet --without storing any data locally.
Reliability of canvas fingerprinting has been somewhat iffy; especially on wireless networks (where device hardware and software is far more uniform), and large scale Internet use is far off if it happens at all.
In a blog post
, OpenDNS CEO David Ulevitch notes that the company will no longer be embedding ads in their redirection page (which pops up when you misstype or enter a nonexistent URL). One reason was the ads didn't gel with security (Comcast had to shut down their own redirection ads years ago
because they don't play nice with DNSSEC upgrades).
Add Google, Facebook, Microsoft, Amazon, DropBox, Yahoo and about 145 other companies to the list of voices that aren't particularly impressed with FCC boss Tom Wheeler's half-hearted effort to protect network neutrality. In a letter
(pdf) the companies express concerns that Wheeler's approach effectively signs off on the kinds of gatekeeper, pay-to-play efforts incumbents like AT&T have been dreaming about for years
Those of you who use Google Voice to dodge your cell carrier's voicemail services (like myself) may want to take note: 9 to 5 Google notes
that Google appears to be preparing to "kill" Google Voice and integrate most of that application's functionality into Google Hangouts. If you've watched Google integrate Google+ Messenger, Talk, Messaging and Voice into just Voice and Hangouts, this shouldn't be too much of a surprise. It seems safe to assume that most of your Google Voice settings (including your phone number) would remain intact during any such transition -- which the website suggests is still "months out."
by amungus 12:18PM Thursday Mar 13 2014 story continues..
Since the demise
of the free LogMeIn service, you might have lost access to your home PC. Fortunately, with the right router, and a little bit of time, you can gain free access to your home machines very easily with OpenVPN.
A malicious worm has been detected on roughly 1,000 different Linksys branded routers, according to a statement from SANS ISC
. According to the report, "TheMoon" worm takes advantage of a CGI script within the administration interface of multiple Linksys’ E-Series router models. An exploit writer has published a proof of concept exploit
, also noting that some older Wireless-N access points and routers may also be impacted. "The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled," Linksys says. "Linksys ships these products with the Remote Management Access feature turned off by default."
Google today announced that they're embedding data compression by default in their latest mobile Chrome update. According to a company blog post
, the compression is disabled by default, but when enabled promises bandwidth consumption savings of up to 50%.
We recently noted how the UK's effort to force ISPs to filter porn by default wasn't working very well, with simple chrome proxy extensions
allowing porn hunters to easily bypass the filters. Worse perhaps is the fact that the filters aren't even really working, not only failing to filter a significant number of major porn sites, but accidentally filtering sexual education and rape support websites
Blogger Peter Hansteen has since put the filters through their paces, and found they're filtering a number of technology and civil liberty websites as well
...checking a semi-random collection of mainly fairly mainstream and some rather obscure tech URLs shows that far from focusing on its stated main objective, keeping innocent children away from online porn, the UK Internet filter shuts the UK's children out of a number of valuable IT resources, was well as several important civil liberties resources...if this is the true face of Parental Controls, I for one would take using controls like these as a sufficient indicator that the parents in question are in fact not qualified to do their parenting without proper supervision.
The filtered websites aren't exactly obscure, either, including Slashdot, Ars Technica, and the EFF. The broken filters come at the cost of higher rates for UK broadband users, as ISPs pass on the filter costs to users. The UK government continues to be rather tone deaf to the entire pile of dysfunction, suggesting they'd like to take things further by censoring websites that promote "extremist" views.
dropped a bit of a bombshell on Friday with a report claiming that security firm RSA was paid $10 million by the NSA to incorporate a deliberately flawed encryption algorithm into products, then promote those products knowing they weren't truly secure. RSA, now a subsidiary of computer storage giant EMC Corp, only started warning their customers about the weakened encryption after the Snowden revelations.
"RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," the company claimed in a statement. "Decisions about the features and functionality of RSA products are our own."Update
: RSA has posted another non-denial denial of sorts, here
As noted yesterday
, the British government is moving forward with its effort to impose Internet filters, willfully-oblivious to the facts that such filters usually don't work, often filter legit content, are usually easily bypassed by those looking for porn, and lead down a slippery slope toward greater filters. Not too surprisingly then, the BBC reports
that UK ISP filters have been failing to filter many major porn websites, but have been filtering user access to sex ed websites, rape support websites, and porn addiction websites. That doesn't seem much of a concern for British Prime Minister David Cameron, who is also interested in forcing ISPs to filter out government-determined "extremism"-linked websites and content
Broadband Reports readers are already familiar with ICSI Netalyzr
, a free network measurement and diagnostic tool developed at the International Computer Science Institute
at Berkeley. Netalyzr's a "two-mouse click" network tester that runs in your web browser as a Java applet.
by whamel 02:33PM Thursday Sep 26 2013
Broadband delivers everything at the touch of a key or click of a mouse. Broadband delivers healthcare, security, education, entertainment. story continues..
RIAA boss Cary Sherman yesterday spoke before a House Judiciary Subcommittee to push for additional anti-piracy countermeasures, including requiring that Google implement filters into their Chrome browser. Sherman's testimony
(pdf) starts off by praising the new ISP copyright alert system, though noting it's a work in progress with no evidence it's doing much of anything:
The CAS is still in the initial implementation stages and proper metrics are being determined.
If you've got something you'd like to write about or review that is suitable for the home page, please contact us story continues..
When I first heard about Chromecast, I was skeptical on whether I would end up buying one. I have always been annoyed and aggravating by streaming solutions for TVs.
In response to the growing number of countries that have forced ISPs to ban access to The Pirate Bay, the website has launched their own Pirate Browser
, which uses the Tor network to skirt government censorship. "It's a simple one-click browser that circumvents censorship and blockades and makes the site instantly available and accessible," the Pirate Bay explains in a blog post
. "No bundled ad-ware, toolbars or other crap, just a Pre-configured Firefox browser." The browser is currently Windows only, though the folks behind the website say that Mac and Linux versions will be offered soon.
·more stories, story search, most popular ..
Recent news contributors