Press "Enter" to skip to content

Posts published in “Security”

When the Police Can Brick Your Phone

By Christine Hall on August 16, 2014 |

Hardware, Mobile and Security

“Tyranny. Pure and simple. If it is software, somebody will find a way to hack it. If it is hardware, ‘old’ smartphones will be worth their weight in platinum.”

My friend Ross from Toronto made this comment with a link he posted on Facebook to The Free Thought Project’s article on a new about-to-be law in California. The law mandates a kill switch on all new smartphones, allowing the owner of a stolen phone to disable it until it’s recovered. The bill, CA SB 962, now only needs the expected signature of governor Jerry Brown to become law. In July, a similar law went into effect in Minnesota.

Organized using smartphones.
Photo by Jonas Naimark – Licensed under Creative Commons Attribution 3.0
On the surface, a law with the purpose of protecting expensive smartphones from theft might seem to be a no-brainer good thing. Just render the device inoperable, while activating a homing program to locate it. Presto! In no time at all the phone is back in the hands of its rightful owner and made operable again. Supporters also hope the kill switch becomes a deterrent that greatly reduces the number of phone thefts.

Continue readingWhen the Police Can Brick Your Phone
USB Ports Are No Longer Your Friend (If They Ever Were)USB exploit

USB Ports Are No Longer Your Friend (If They Ever Were)

By Christine Hall on August 9, 2014 |

Hardware, News and Security

Just because the good guys have discovered a new security risk doesn’t mean the bad guys haven’t known about it forever. The risk is only new to us. It’s actually been there for a long time, maybe forever. Who knows how long everyone from the black hats in Moscow to the NSA in bucolic Maryland have been taking advantage of what appears to us to be a “new” exploit?

The USB security hole recently unveiled by Berlin based Security Research Labs (SRL) seems to be of those that’s been around “forever.”

USB exploit infecting Linux
A slide used by Security Research Labs at the Black Hat USA security conference explaining how a USB device can be infected by a Windows computer in order to gain root access on Linux.
(click to enlarge)
While it shouldn’t be news to anybody that caution should be exercised when using USB devices, the new exploit would seem to indicate that even the most draconian security measures, short of doing away with USB devices entirely, might not be enough. The recently revealed problem has to do with the USB controller chip found in most, if not all, USB devices. The chip basically identifies the device type to the computer.

The trouble is, most of these chips are relatively easy to reprogram.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingUSB Ports Are No Longer Your Friend (If They Ever Were)

China Says ‘No’ to Windows 8

By Christine Hall on May 21, 2014 |

Business, News, Operating Systems, Politics and Security

Reuters reported yesterday that the Chinese government has banned the use of Windows 8 on Chinese government computers. According to the official Xinhua news agency, the ban is being put in place by the Central Government Procurement Center primarily over security concerns now that Microsoft has ended support for XP, which is thought to be the most widely used operating system within China. This news has led Forbes to speculate that this may prompt Redmond to continue to support the OS within the People’s Republic.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingChina Says ‘No’ to Windows 8

eBay Hacked – Will Ask Users to Change Passwords

By Christine Hall on May 21, 2014 |

Internet, News and Security

eBay announced this morning that they’ve been hacked and that “encrypted passwords and other non-financial data” have been compromised. They’re expected to begin notifying their customer base later today, which will include a suggestion for users to change their passwords. The company says that PayPal, an eBay subsidiary, uses its own servers and was not affected by the attack.

According to CNET, the first public news of the compromise came by way of a cryptic blog posting by PayPal:

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingeBay Hacked – Will Ask Users to Change Passwords

Galaxy Backdoor, RIT Offers Open Source Minor & More…

By FOSS Force on March 15, 2014 |

Business, Internet, Mobile, News, Politics and Security

FOSS Week in Review

Java is the target for half of all exploits

We’ve been saying for a couple of years now that Java isn’t safe and have been urging everyone who will listen to disable Java in the browser. As we’ve been saying this, comments to our articles on Java security have filled with folks wagging a finger and “reminding” us that Java is only a threat in the browser, that otherwise Java is safe.

That is wrong. The only time Java is safe is when it’s in a cup. According to an article published on IT World, researchers say that Java is now responsible for fully half of the exploits discovered in December.

Continue readingGalaxy Backdoor, RIT Offers Open Source Minor & More…

Ubuntu Keeps MySQL, Why XP Won’t Go Away & More…

By FOSS Force on March 7, 2014 |

Distros, Internet, Media, News, Politics, Security and Software

FOSS Week in Review

Cops tracking phones sans warrants

Tallahassee PoliceIt appears that the police in Tallahassee, Florida have been busy tracking folks by their cell phones without bothering to show up before a judge and ask for a warrant. Why would they violate the constitutional rights of their citizens this way? Evidently because they were using technology on loan and had signed a non-disclosure agreement.

According to Wired, this information came to light in an appeal of a sexual battery case dating back to 2008 in which a suspect was tracked using the technology to locate a phone that had been stolen from the victim. The police have admitted using the device 200 times, with no judge or warrant involved, since 2010. In a blog post made Monday, the ACLU said the device is “likely a Stingray made by the Florida-based Harris Corporation.” Evidently, the ACLU has long suspected that Harris has been loaning the devices to Florida police departments.

Continue readingUbuntu Keeps MySQL, Why XP Won’t Go Away & More…
Redmond FUDs FOSS While Forking Android & More…

Redmond FUDs FOSS While Forking Android & More…

By FOSS Force on March 1, 2014 |

Distros, Internet, Mobile, News, Politics and Security

FOSS Week in Review

Botnet steals bitcoins

We figure that any currency that can’t be safely tucked into a mattress isn’t secure, so we haven’t been too quick to jump on the bitcoin bandwagon. Needless to say, we weren’t surprised on Monday when Reuters reported that there’s a botnet on the loose with the aim of stealing the virtual currency.

According to the Chicago based security firm Trustwave, hundreds of thousands of computers have been infected with “Pony” malware to form a botnet going after bitcoin and other virtual currencies. So far, at least 85 virtual wallets have been stolen.

Continue readingRedmond FUDs FOSS While Forking Android & More…
Russia’s Olympic Spying, Comcast Weds Time Warner & More…Boris and Natasha

Russia’s Olympic Spying, Comcast Weds Time Warner & More…

By FOSS Force on February 15, 2014 |

Business, Internet, News, Politics and Security

FOSS Week in Review

The day we fought back

Tuesday, February 11th, The Day We Fight Back, has come and gone. Whether the event was a success, failure or fell somewhere in between depends on whom you read.

Surprisingly, the biggest naysayer was probably the New York Times, which started an article. “The Day the Internet Didn’t Fight Back,” with the line, “So much for mass protest.” It appears as if the Times’ metric for this judgement was the lack of participation by some sites which took part in the online SOPA protest a couple of years back.

Continue readingRussia’s Olympic Spying, Comcast Weds Time Warner & More…

Brute Force Attacks on WordPress Sites Underway

By Christine Hall on February 10, 2014 |

Internet, News and Security

At about 1 p.m. this afternoon the security company behind the WordFence plugin for WordPress issued a security advisory via email informing users of their plugin that WordPress sites are currently under a brute force attack.

“As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date. The real-time attack map on www.wordfence.com became so busy that we’ve had to throttle the amount of traffic we show down to 4% of actual traffic.

“A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.”

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingBrute Force Attacks on WordPress Sites Underway
Latest Articles