A Very Nice Analysis of the Lockheed Martin Network Breach
Here is a really nice analysis of the recent security breach at Lockheed Martin. The short version is that is looks like their SecureID tokens got duplicated. This is almost certainly related to the...
View ArticleStolen Credit Card website hacked
Vendor of Stolen Bank Cards Hacked — Krebs on Security Brian Krebs has an interesting blog post on how all of the credit card information was stolen by a hacker from a website that sells stolen credit...
View ArticleSchneier on Security: Domain-in-the-Middle Attacks
Schneier on Security: Domain-in-the-Middle Attacks Bruce Schneier on the real world effectiveness of a very simple domain name based man in the middle attack. Here is a Wired article on the same issue...
View ArticlePrivacy, logging policies, and trackrecord
There has been a lot of attention recently to the arrest of an alleged LulzSec hacker after his anonymity was compromised by the anonymity service he was using, HideMyAss.com. Some articles on the...
View Article“Private” YouTube videos expose thumbnail images
Thanks to a PrivacyBlog reader for pointing me to this article: Blackhat SEO – Esrun » Youtube privacy failure It looks like it is easy to find thumbnail images from YouTube videos that have been...
View ArticleThe iOS UDID leak
Forbs is reporting that Anonymous and Antisec have dropped a file with a million Unique Device ID (UDID) numbers for Apple iOS devices. They claim to have acquired an additional 11 million records...
View ArticleAnonymous / Antisec lied about iOS UDID leak?
NBC News is reporting that the iOS UDIDs leaked last week were actually stolen from Blue Toad publishing company. Comparing the leaked data with Blue Toad’s data showed 98% correlation which makes them...
View ArticleChina launches MITM attack on GitHub
It appears that China recently launched a poorly executed Man in the Middle (MITM) attack on GitHub. Greatfire.org has all the details. In short: GitHub.com is an https only website, so the only way to...
View ArticleThe Privacy Blog Podcast – Ep.7: Blacklisted SSL Certificates, Social Media...
Welcome to episode 7 of The Privacy Blog Podcast. In April’s episode, we’ll be looking at the blacklisting of SSL certificate authorities by Mozilla Firefox – Specifically, what this complex issue...
View ArticleHacking for counter surveillance
Another from the “if the data exists, it will get compromised” file. This article from the Washington Post talks about an interesting case of counter surveillance hacking. In 2010, Google disclosed...
View ArticleEasy bypass to Android App signing discovered
Infosec Institute published an article showing in detail how application signing on Android devices can be defeated. This trick allows the attacker to modify a signed application without causing the...
View ArticleClik here to view.
Most websites may already be completely pwned by the Heartbleed Bug
Image from heartbleed.com Heartbleed Bug Researchers recently announced the discovery of an incredibly dangerous bug in the OpenSSL encryption library. That library is used by about two thirds of...
View ArticleClik here to view.
The one thing you need to do about password breaches
The recent Ebay password compromise is just the latest in a string of similar attacks. Each time we hear a call for people to change their passwords. Sometimes the attacked company will require...
View ArticleClik here to view.
More proof that the web security model is totaly broken
Fake Google Digital Certificates Found & Confiscated On July 2, Google engineers discovered unauthorized certificates for Google domains in circulation. They had been issued by the National...
View ArticleClik here to view.
Attack on Tor may have exposed hidden services and more.
Tor just announced that they have detected and blocked an attack that may have allowed hidden services and possibly users to be de-anonymized. It looks like this may be connected to the recently...
View ArticleClik here to view.
“The Big Hack, or maybe not…”— The Social Network Station
“The Big Hack, or maybe not…” — The Social Network Station On Friday I was asked to come on The Social Network Show to talk about the fact and questions surrounding the theft of over 1 Billion...
View ArticleClik here to view.
A tale of bad passwords and nude photos.
The Internet is on fire with discussions of the recent release of stolen nude photos of over 100 female celebrities. This is a massive invasion of their privacy, and it says something sad about our...
View ArticleChina launches MITM attack on GitHub
It appears that China recently launched a poorly executed Man in the Middle (MITM) attack on GitHub. Greatfire.org has all the details. In short: GitHub.com is an https only website, so the only way to...
View ArticleThe Privacy Blog Podcast – Ep.7: Blacklisted SSL Certificates, Social Media...
Welcome to episode 7 of The Privacy Blog Podcast. In April’s episode, we’ll be looking at the blacklisting of SSL certificate authorities by Mozilla Firefox – Specifically, what this complex issue...
View ArticleHacking for counter surveillance
Another from the “if the data exists, it will get compromised” file. This article from the Washington Post talks about an interesting case of counter surveillance hacking. In 2010, Google disclosed...
View Article
