of 172 page(s)
Study: no evidence of Heartbleed attacks before bug was exposed
by Nicole Perlroth
April 18, 2014
Ever since the Heartbleed bug was exposed last week, the question everyone has been asking is: Did anyone exploit it before a Google researcher first discovered it?
The worry is that in the two years since the bug was accidentally incorporated into OpenSSL - a crucial piece of free security software used by governments and companies like the FBI and Google - attackers could have exploited Heartbleed to take sensitive information like passwords and the virtual keys used to decipher any scrambled information stored on a web server. What's more, they could have done so without leaving evidence detectable by the normal methods used to track who has gained access to a server.
Heartbleed First Attacks Identified
by Jill Scharr
April 15, 2014
The Canadian tax agency and a U.K. parenting website are the first confirmed instances of Heartbleed exploits, experts say.
It's Heartbleed's first blood: two cyber-break-ins have been identified. One attack was at the Canadian tax agency and the other at a U.K. parenting website, which were allegedly accomplished using the Heartbleed bug, a flaw in a type of online encryption. The two cases appear to be unrelated, but in both instances snoops seemingly used the now-infamous flaw in OpenSSL, an online encryption software, to access the sites' databases. In at least one of the breaches the hackers stole hundreds of users' personal information.
Heartbleed bug exploited to steal taxpayer data
by Dan Goodin
April 14, 2014
Over six hours, tax IDs plucked from servers run by the Canada Revenue agency.
Underscoring the severity of the Heartbleed bug affecting huge swaths of the Internet, hackers exploited the vulnerability to steal taxpayer data for at least 900 Canadian citizens and an unknown number of businesses, officials in that country warned Monday morning. Canada Revenue Agency (CRA) officials said they removed public access to online tax services last Tuesday, a day after the catastrophic defect in the widely used OpenSSL cryptography library surfaced. But by then it was too late. Hackers casing online CRA services were nonetheless able to exploit the OpenSSL flaw, which makes it possible to pluck private encryption keys, passwords, and other sundry sensitive data out of the private computer memory of servers running vulnerable versions of the open-source library.
NSA Knew About Heartbleed, Did Nothing, Sources Say
by Jill Scharr
April 11, 2014
Did the NSA know about the Heartbleed bug for the past two years? Two anonymous sources told Bloomberg News the agency did.
Did the National Security Agency (NSA) know about the Heartbleed Internet security flaw for the past two years? That's what two anonymous sources told Bloomberg News reporter Michael Riley. The NSA not only said nothing about the serious bug that compromised the OpenSSL encryption library used by millions of websites, but it also used the bug to gather intelligence, Riley's sources told him. If the NSA did know about Heartbleed, it could have used the bug to get data from any Internet-facing server using a vulnerable version of OpenSSL since the flaw was accidentally implemented in January 2012. Such data would include usernames, passwords, encryption keys, search history, private messages and more.
5-year-old Ocean Beach exposes Microsoft Xbox vulnerability
by Michael Chen
April 3, 2014
An Ocean Beach boy is in the spotlight after he discovered a back door in to one of the most popular gaming systems in the world.
When 5-year-old Kristoffer Von Hassel is playing his Xbox, his feet don't touch the ground. But something he did has made the smartest guys at Microsoft pay attention. "I was like yea!" said Kristoffer. Just after Christmas, Kristoffer's parents noticed he was logging into his father's Xbox Live account and playing games he wasn't supposed to be.
Internet Activist Recovers Deleted Video of Police Assault, This is How We Win!
March 3, 2014
The power of the internet knows no bounds. It is our most powerful weapon against corruption and has helped to shed light on the ones that wish to remain in the darkness.
The story below is another wonderful example of how the internet is helping to exonerate the innocent whilst bringing justice to the corrupt. A man was assaulted by police and his video of the incident confiscated. He was then jailed for 10 days after false charges were brought against him. A year later he received his phone back only to find that the files had been corrupted and the video unplayable. He reached out to the internet, and the internet answered. One of the files was repaired by a reddit user, which shows the assault on video. He explains what happens in the story below.
Microsoft, Facebook, Google and Yahoo release US surveillance requests
by Spencer Ackerman and Dominic Rushe
February 3, 2014
Limited disclosure, part of transparency deal made last month, shows tech giants turn over data from tens of thousands of accounts
Tens of thousands of accounts associated with customers of Microsoft, Google, Facebook and Yahoo have their data turned over to US government authorities every six months as the result of secret court orders, the tech giants disclosed for the first time on Monday. As part of a transparency deal reached last week with the Justice Department, four of the tech firms that participate in the National Security Agency's Prism effort, which collects largely overseas internet communications, released more information about the volume of data the US demands they provide than they have ever previously been permitted to disclose. But the terms of the deal prevent the companies from itemising the collection, beyond bands of thousands of data requests served on them by a secret surveillance court. The companies must also delay by six months disclosing information on the most recent requests - terms the Justice Department negotiated to end a transparency lawsuit before the so-called Fisa court that was brought by the companies.
If You Used This Secure Webmail Site, the FBI Has Your Inbox
by Kevin Poulsen
January 27, 2014
While investigating a hosting company known for sheltering child porn last year the FBI incidentally seized the entire e-mail database of a popular anonymous webmail service called TorMail.
Now the FBI is tapping that vast trove of e-mail in unrelated investigations. The bureau's data windfall, seized from a company called Freedom Hosting, surfaced in court papers last week when prosecutors indicted a Florida man for allegedly selling counterfeit credit cards online. The filings show the FBI built its case in part by executing a search warrant on a Gmail account used by the counterfeiters, where they found that orders for forged cards were being sent to a TorMail e-mail account: "firstname.lastname@example.org." Acting on that lead in September, the FBI obtained a search warrant for the TorMail account, and then accessed it from the bureau's own copy of "data and information from the TorMail e-mail server, including the content of TorMail e-mail accounts," according to the complaint (.pdf) sworn out by U.S. Postal Inspector Eric Malecki.
DNS poisoning slams web traffic from millions in China into the wrong hole
by John Leyden
January 21, 2014
ISP blames unspecified attack for morning outage
A widespread DNS outage hit China on Tuesday, leaving millions of surfers adrift. DNS issues in China between 7am and 9am GMT left millions of domains inaccessible. Two-thirds of China's DNS (Domain Name System) infrastructure was blighted by the incident, which stemmed from a cache poisoning attack. Chinese netizens were left unable to visit websites or use social media and instant messaging services as a result of the screw-up, the Hong Kong-based South China Morning Post reports.
Selling a Google Chrome Extension is Easy but Monetizing is Tricky
January 18, 2014
When Google decided the pull the plug on Google Reader, I quickly made the switch to Feedly since it was (and still is) the best alternative to Google's RSS Reader.
The one important piece that Feedly did not offer was a Chrome extension that would let users subscribe to RSS feeds on any web page with a click. Since the extension was something that I needed for my own workflow, I wrote one (writing a Chrome extension is easy) and also published it to Google Chrome store. The last time I checked my Chrome developer dashboard, the extension had gained 30000+ users on Chrome.
Help keep this page up-to-date. Submit a Virus Information News link for inclusion on this page.