From Wired: US Predator and Reaper drones infected with keylogger virus.

Marc's Security Ramblings

Exclusive: Computer Virus Hits U.S. Drone Fleet
By Noah Shachtman, Wired Magazine.
October 7, 2011

US Predator and Reaper drones infected with keylogger virus.

A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger…

View original post 788 altre parole

Smartphone Botnet’s Arrive.

Marc's Security Ramblings

For some time now we have been predicting that the next evolution in smartphone malware will be for this type of malware to move closer to parity with traditional desktop malware. This has now been confirmed by Trend Micro who have found a varient of Malware – ANDROIDOS_ANDROIDSERVERBOT.A apparently originating from China that masquerades as an e-book reader app. Once on an infected device this malware uses an internet Blog site as its Command and Control server, joining infected devices into an army of zombie smartphones:

Permissions requested by ANDROIDOS_ANSERVERBOT.A

“From our analysis, we found that this malware has two hardcoded C&C servers to which it connects in order to receive commands and to deliver payloads. The first server is just like the usual remote site to which the malware posts information to and gets commands from. The second C&C server, however, caught our attention more. This is a blog site with encrypted content…

View original post 108 altre parole

The Cost of Surveillance

Ashkan Soltani

actual numbers Graph showing the difference in hourly cost between various location tracking techniques.

The Yale Law Journal Online (YLJO) just published an article that I co-authored with Kevin Bankston (first workshopped at the Privacy Law Scholars Conference last year) entitled “Tiny Constables and the Cost of Surveillance: Making Cents Out of United States v. Jones.” In it, we discuss the drastic reduction in the cost of tracking an individual’s location and show how technology has greatly reduced the barriers to performing surveillance. We estimate the hourly cost of location tracking techniques used in landmark Supreme Court cases JonesKaro, and Knotts and use the opinions issued in those cases to propose an objective metric: if the cost of the surveillance using the new technique is an order of magnitude (ten times) less than the cost of the surveillance without using the new technique, then the new technique violates a reasonable expectation of privacy. For example…

View original post 304 altre parole

Facebook discovers email providers are using unique plugin for encryption; urges others to follow suit

Gigaom

If you are ambivalent about using STARTTLS — an extension that’s used to upgrade an insecure network connection between mail providers to an encrypted one — for your email encryption purposes, Facebook thinks you should give it a shot, as detailed in a Facebook blog post Tuesday.

The post by Facebook mail integrity engineer Michael Adkins details how Adkins conducted a short study to see whether or not mail providers are actively using STARTTLS. Adkins and Facebook were under the impression that the capability was not widely deployed throughout the industry.

To conduct the study, Adkins and his team analyzed a day’s worth of the company’s notification email logs, which contained data pertaining to “several billion emails to several million domains.” The majority of that data dealt with account-related notifications, like registration confirmations.

The Facebook team kept tabs on each SMTP server — the internet standard for sending emails —…

View original post 162 altre parole