SecurityFlakes2 04/2013
Posted by Anonymous on Fri 12th Apr 2013 10:06
raw | new post


** News Links for April 2013 @ https://securityflakes2.wordpress.com

1. Spanish Linux users launch legal challenge to Microsoftâ€™s secure boot
2. Wikipedia editor allegedly forced by French intelligence to delete â€œclassifiedâ€ entry
3. Microsoft EMET 3.5 Tech Preview
4. Why Bitcoin scares banks and governments
5. The ATF Wants â€˜Massiveâ€™ Online Database to Find Out Who Your Friends Are
6. Social Engineering Framework - not a news story, a database of information!
7. Microsoft Creative Director 'Doesn't Get' Always-On DRM Concerns
   + Microsoft Game Director Adam Orth Resigns Following Xbox Comments
8. Interspecies telepathy: human thoughts make rat move
9. Price Increases for U.S. Military Gear Dwarf Most Nationsâ€™ Defense Budgets
10. Research Article - Human Breath Analysis May Support the Existence of Individual Metabolic Phenotypes
11. British Library To Archive One Billion UK Websites
12. Silent Circle - The Baffling Patronage of Silent Circle & More
13. Lasers capture 3D images from a kilometre away
14. Advanced Persistent Threats get more advanced, persistent and threatening
15. 5 Linksys router vulnerabilities (so that consumers may be aware of the risks)
    + Anatomy of an exploit - Linksys router remote password change hole
16. Has your Hewlett-Packard ScanJet printer just tried to infect your PC with malware?
17. Google Uses Reputation To Detect Malicious Downloads
18. Gag the Whistleblower: 6 States That Might Criminalize Taping Animal Cruelty
19. Unpatched Remote Access Tools: Your Gift To Attackers
20. Is Gapz the most complex bootkit yet?
21. Infographic: Packers Landscape
22. StackExchange's Reverse Engineering beta
23. Berkeley researchers replace passwords with passthoughts by reading your mind
24. Cubans Evade Censorship By Exchanging Flash Drives (Sneakernet)
    + The Cuban Memory Stick Underground
25. Pentagon to Build Robots With â€˜Realâ€™ Brains
26. Data broker Acxiom to reveal what it knows about you
27. High-tech burglary suspect nabbed after secret camera found
28. No honeypot? Don't bother calling yourself a security pro
    Deploy one of these honeypots and you'll soon find out who's attacking you
    and devise a strong defense to fight back.
29. Rootkit coders beware: Malwarebytes is in hot pursuit (Windows related)
30. Now Your iPhone Can Read Fingerprints, Scan Irises and ID Your Face
31. Justice Dept. to Congress: We want greater email, Facebook, Twitter snooping powers
32. Yes, the FBI and CIA can read your email. Here's how
33. Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight
34. Government Fights for Use of Spy Tool That Spoofs Cell Towers

- Non-Security Related Posts -

35!. How Google GLASS works [INFOGRAPHIC]
36!. Stunning photos of super-dense Hong Kong apartments look like Borg cubes
37!. Tiny Chiplets: a New Level of Micro Manufacturing
38!. Researchers create 3Gbps LiFi network with LED bulbs
    + Micro-LED LiFi: Where every light source in the world is also TV, and provides
      gigabit internet access
39!. The PC inside your phone: A guide to the system-on-a-chip
40!. Where No Search Engine Has Gone Before Google has a single towering obsession:
    It wants to build the Star Trek computer.

###

1. Spanish Linux users launch legal challenge to Microsoftâ€™s secure boot

@ http://www.infosecurity-magazine.com/view/31499/spanish-linux-users-launch-legal-challenge-to-microsofts-secure-boot/
@ http://h-online.com/-1830714
@ http://www.h-online.com/security/news/item/Secure-Boot-complaint-filed-against-Microsoft-1830714.html
@@ http://www.infosecurity-magazine.com/view/24199/rsa-2012-malware-gets-the-boot-in-windows-8-notes-charney
@@ http://www.reuters.com/article/2013/03/26/us-microsoft-eu-idUSBRE92P0E120130326
@@ http://www.h-online.com/open/news/item/Secure-Boot-complaint-filed-against-Microsoft-1830714.html
@@ http://www.europarl.europa.eu/sides/getAllAnswers.do?reference=E-2013-000162&language=EN
@@ http://www.hispalinux.es/node/758
@@@ http://www.nbcnews.com/id/51329950/ns/business-us_business/t/exclusive-open-software-group-files-complaint-eu-against-microsoft/
@@@ http://newyork.newsday.com/business/technology/microsoft-target-of-hispalinux-open-source-software-users-in-complaint-to-eu-1.4909950
@@@ http://www.mobilenapps.com/articles/8058/20130327/linux-users-file-complaint-against-microsoft-over-secure-boot-windows.htm
@@@ http://rcpmag.com/articles/2013/04/01/spanish-complaint-windows-8-secure-boot.aspx
@@@ http://www.eitb.com/en/news/technology/detail/1297786/hispalinux-microsoft--hispalinux-files-complaint-microsoft/

###

2. Wikipedia editor allegedly forced by French intelligence to delete â€œclassifiedâ€ entry

A military compound becomes a lesson in obscurity on the Internet.

@ http://arstechnica.com/tech-policy/2013/04/wikipedia-editor-allegedly-forced-by-french-intelligence-to-delete-classified-entry/
@ http://boingboing.net/2013/04/07/french-spies-demand-removal-of.html
@ http://yro.slashdot.org/story/13/04/06/139216/french-intelligence-agency-forces-removal-of-wikipedia-entry
@ http://yro.slashdot.org/story/13/04/08/0532235/why-french-govts-attempt-to-censor-wikipedia-matters
@ http://intelnews.org/2013/04/09/01-1233/

###

3. Microsoft EMET 3.5 Tech Preview

@ http://dedoimedo.com/computers/windows-emet-v3-5-tp.html
@ https://www.microsoft.com/en-us/download/details.aspx?id=30424

###

4. Why Bitcoin scares banks and governments

Bitcoin offers an alternative to the conventional, state-sanctioned banking system. Maybe that's why powerful institutions are so wary of it

@ http://www.guardian.co.uk/technology/2013/apr/07/bitcoin-scares-banks-governments
@ http://www.bloomberg.com/news/2013-04-05/bitcoin-really-is-an-existential-threat-to-the-modern-liberal-state.html
@@ http://www.newyorker.com/online/blogs/elements/2013/04/the-future-of-bitcoin.html
@@ http://www.schneier.com/blog/archives/2013/04/bitcoins_in_the.html

###

5. The ATF Wants â€˜Massiveâ€™ Online Database to Find Out Who Your Friends Are

@ http://www.wired.com/dangerroom/2013/04/atf-database/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Top+Stories%29
@ http://yro.slashdot.org/story/13/04/05/2322220/the-atf-wants-to-know-who-your-friends-are
@ http://www.wired.com/dangerroom/2013/04/atf-database/?cid=6928234
@@ https://www.fbo.gov/index?s=opportunity&mode=form&tab=core&id=974186e6ff5bfc7bfed500f5d51af352&_cview=0

###

6. Social Engineering Framework - not a news story, a database of information!

@ http://www.social-engineer.org/framework/Social_Engineering_Framework

###

7. Microsoft Creative Director 'Doesn't Get' Always-On DRM Concerns

@ http://yro.slashdot.org/story/13/04/05/1246233/microsoft-creative-director-doesnt-get-always-on-drm-concerns
@ http://www.osnews.com/story/26925/Microsoft_ridicules_concerns_over_always-on_for_next_Xbox

+ Microsoft Game Director Adam Orth Resigns Following Xbox Comments

@ http://games.slashdot.org/story/13/04/11/1233217/microsoft-game-director-adam-orth-resigns-following-xbox-comments

###

8. Interspecies telepathy: human thoughts make rat move

@ http://www.newscientist.com/article/dn23343-interspecies-telepathy-human-thoughts-make-rat-move.html
@@ http://www.newscientist.com/article/dn23221-first-mindreading-implant-gives-rats-telepathic-power.html

###

9. Price Increases for U.S. Military Gear Dwarf Most Nationsâ€™ Defense Budgets

@ http://www.wired.com/dangerroom/2013/04/military-cost-increases/

###

10. Research Article - Human Breath Analysis May Support the Existence of Individual Metabolic Phenotypes

@ http://www.plosone.org/article/info%3Adoi%2F10.1371%2Fjournal.pone.0059909

###

11. British Library To Archive One Billion UK Websites

@ http://news.slashdot.org/story/13/04/07/0156222/british-library-to-archive-one-billion-uk-websites
@ http://www.ibtimes.co.uk/articles/453908/20130405/british-library-archive-uk-web-news-publications.htm

###

12. Silent Circle - The Baffling Patronage of Silent Circle & More

"PGP Creator Phil Zimmerman has a new business, Silent Circle [silentcircle.com], that does proper encryption for voice and SMS on mobile devices.â€

Before you place your trust in this, consider:

Silent Circle Dangerous to Cryptography Software Development
http://log.nadim.cc/?p=89

The Baffling Patronage of Silent Circle
http://log.nadim.cc/?p=102

And, amusingly enough:

Is Silent Circle Open Source Yet?
http://issilentcircleopensourceyet.com/

Page Result as of 04/08/2013:

No.
Silent Circle have only released incomplete source code[1], but have been telling press and activists that all source code has been released and openly reviewed.

[1] https://github.com/SilentCircle

You say, â€œCreator of PGP Has Already Fixed Thisâ€ I would disagree at this time.

@ http://www.theregister.co.uk/2013/04/06/silent_circle_private_email_expansion/

Don't buy into this (unless it becomes open source). Stick with TrueCrypt and GPG (GnuPG), both of which are free and
open source.

###

13. Lasers capture 3D images from a kilometre away

@ http://www.theregister.co.uk/2013/04/05/laser_3d_distance_imaging/
@ http://www.engadget.com/2013/04/09/long-range-laser-scanner/
@ http://www.hw.ac.uk/news-events/news/new-camera-system-creates-high-resolution-3-d-11809.htm
@ http://www.extremetech.com/extreme/152922-superconducting-camera-can-snap-3d-photos-from-1100-yards

###

14. Advanced Persistent Threats get more advanced, persistent and threatening

@ http://www.theregister.co.uk/2013/04/04/apt_trends_fireeye/
@ https://www.networkworld.com/news/2013/040813-apt-attackers-getting-more-evasive-268500.html
@@ http://www.csoonline.com/article/706130/apt-attackers-are-increasingly-using-booby-trapped-rtf-documents-experts-say

###

15. 5 Linksys router vulnerabilities (so that consumers may be aware of the risks) 03/05/2013

@ https://superevr.com/blog/wp-content/uploads/2013/04/linksys_vulns.txt
@ https://superevr.com/blog/2013/dont-use-linksys-routers/

+ Anatomy of an exploit - Linksys router remote password change hole

@ http://nakedsecurity.sophos.com/2013/04/11/anatomy-of-an-exploit-linksys-router-remote-password-change-hole/

###

16. Has your Hewlett-Packard ScanJet printer just tried to infect your PC with malware?

@ http://nakedsecurity.sophos.com/2013/04/04/has-your-hewlett-packard-scanjet-printer-just-tried-to-infect-your-pc-with-malware/

###

17. Google Uses Reputation To Detect Malicious Downloads

@ http://www.darkreading.com/security-monitoring/167901086/security/client-security/240152413/google-uses-reputation-to-detect-malicious-downloads.html
@ http://tech.slashdot.org/story/13/04/08/1151223/google-uses-reputation-to-detect-malicious-downloads

###

18. Gag the Whistleblower: 6 States That Might Criminalize Taping Animal Cruelty

@ http://www.alternet.org/activism/gag-whistleblower-6-states-might-criminalize-taping-animal-cruelty?paging=off

###

19. Unpatched Remote Access Tools: Your Gift To Attackers

@ https://www.informationweek.com/security/vulnerabilities/unpatched-remote-access-tools-your-gift/240151523

###

20. Is Gapz the most complex bootkit yet?

@ http://www.welivesecurity.com/2013/04/08/is-gapz-the-most-complex-bootkit-yet/

###

21. Infographic: Packers Landscape

Packers are most commonly used for compression, code obfuscation, and malware anti-reversing.  While not always malicious, packers are often a clue to look a little deeper into a particular binary.  Ange Albertini did a marvelous job of representing the (known) universe of executable packers in this infographic.

@ http://i2.wp.com/forensicmethods.com/wp-content/uploads/2013/04/Packers_Landscape_sm.jpg?resize=575%2C414
@ http://forensicmethods.com/executablepackers
@ [PDF] http://corkami.googlecode.com/files/packers.pdf

###

22. StackExchange's Reverse Engineering beta

@ http://reverseengineering.stackexchange.com/

###

23. Berkeley researchers replace passwords with passthoughts by reading your mind

@ http://www.extremetech.com/computing/152827-berkeley-researchers-authenticate-your-identity-with-just-your-brainwaves-replace-passwords-with-passthoughts
@ http://www.ischool.berkeley.edu/newsandevents/news/20130403brainwaveauthentication

###

24. Cubans Evade Censorship By Exchanging Flash Drives (Sneakernet)

@ http://politics.slashdot.org/story/13/03/19/2351234/cubans-evade-censorship-by-exchanging-flash-drives
@ http://www.mcclatchydc.com/2013/03/09/185347/cubans-evade-censorship-by-exchanging.html
@@ https://en.wikipedia.org/wiki/Sneakernet
@@ https://en.wikipedia.org/wiki/USB_dead_drop
@@ https://en.wikipedia.org/wiki/Data_Mule

EARLIER STORY:

The Cuban Memory Stick Underground

@ http://yro.slashdot.org/story/08/03/06/1717242/the-cuban-memory-stick-underground

###

25. Pentagon to Build Robots With â€˜Realâ€™ Brains

@ http://www.infowars.com/pentagon-to-build-robots-with-real-brains/

###

26. Data broker Acxiom to reveal what it knows about you

@ http://news.cnet.com/8301-1009_3-57578897-83/data-broker-acxiom-to-reveal-what-it-knows-about-you/
@ http://www.ft.com/intl/cms/s/0/e1c48f9a-a1c2-11e2-ad0c-00144feabdc0.html
@@ http://ftc.gov/opa/2012/12/databrokers.shtm
@@ http://ftc.gov/os/2012/03/120326privacyreport.pdf
@@@ http://www.zdnet.com/global-consumer-data-broker-plans-to-reveal-your-data-7000013828/

###

27. High-tech burglary suspect nabbed after secret camera found

@ http://www.wfaa.com/news/crime/High-tech-burglary-suspect-nabbed-after-secret-camera-found-201167711.html
@@ http://www.kens5.com/news/texas-news/High-tech-burglary-suspect-nabbed-after-secret-camera-found-201328311.html
@@ http://www.khou.com/news/crime/201368031.html

###

28. No honeypot? Don't bother calling yourself a security pro
    Deploy one of these honeypots and you'll soon find out who's attacking you
    and devise a strong defense to fight back.

@ https://www.infoworld.com/d/security/no-honeypot-dont-bother-calling-yourself-security-pro-216038
@@ https://honeynet.org/
@@ https://honeynet.org/project
@@ https://honeynet.org/papers

###

29. Rootkit coders beware: Malwarebytes is in hot pursuit (Windows related)

@ http://www.techrepublic.com/blog/security/rootkit-coders-beware-malwarebytes-is-in-hot-pursuit/9207
@ http://www.malwarebytes.org/
@ http://www.malwarebytes.org/products/chameleon/
@ http://blog.malwarebytes.org/news/2012/11/meet-malwarebytes-anti-rootkit/
@@@ http://www.techrepublic.com/blog/10things/10-things-you-should-know-about-rootkits/416
@@@ http://www.techrepublic.com/blog/networking/malware-scanners-mbam-is-best-of-breed/797

###

30. Now Your iPhone Can Read Fingerprints, Scan Irises and ID Your Face

@ http://www.wired.com/dangerroom/2013/04/iphone-biometrics/
@@@ http://www.wired.com/dangerroom/2013/02/biometric-smartphone/
@@@ http://www.wired.com/dangerroom/2010/08/military-prison-builds-big-afghan-biometric-database/
@@@ http://www.engadget.com/2012/05/28/precise-biometrics-tactivo-for-iphone-and-ipad-locks-data-by-fingerprint-and-smart-card/
@@@ http://www.wired.com/dangerroom/2011/10/begun-these-army-phone-wars-have/
@@@ http://www.wired.com/dangerroom/2013/01/biometrics/

###

31. Justice Dept. to Congress: We want greater email, Facebook, Twitter snooping powers

@ http://www.zdnet.com/justice-dept-to-congress-we-want-greater-email-facebook-twitter-snooping-powers-7000012786/

###

32. Yes, the FBI and CIA can read your email. Here's how

@ http://www.zdnet.com/yes-the-fbi-and-cia-can-read-your-email-heres-how-7000007319/

###

33. Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight

@ http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/all/

###

34. Government Fights for Use of Spy Tool That Spoofs Cell Towers

@ http://www.wired.com/threatlevel/2013/03/gov-fights-stingray-case/all/

------------------------------

- Non-Security Related Posts -

35!. How Google GLASS works [INFOGRAPHIC]

@ http://glass-apps.org/how-google-glass-works

---

36!. Stunning photos of super-dense Hong Kong apartments look like Borg cubes

@ http://io9.com/stunning-photos-of-super-dense-hong-kong-apartments-loo-471306214

---

37!. Tiny Chiplets: a New Level of Micro Manufacturing

@ http://hardware.slashdot.org/story/13/04/09/2156231/tiny-chiplets-a-new-level-of-micro-manufacturing

---

38!. Researchers create 3Gbps LiFi network with LED bulbs
    + Micro-LED LiFi: Where every light source in the world is also TV, and provides
      gigabit internet access

@ http://www.extremetech.com/computing/152740-researchers-create-3gbps-lifi-network-with-led-bulbs
@@ http://www.extremetech.com/extreme/147339-micro-led-lifi-where-every-light-source-in-the-world-is-also-tv-and-provides-gigabit-internet-access

---

39!. The PC inside your phone: A guide to the system-on-a-chip

@ http://arstechnica.com/gadgets/2013/04/the-pc-inside-your-phone-a-guide-to-the-system-on-a-chip/
---

40!. Where No Search Engine Has Gone Before Google has a single towering obsession:
    It wants to build the Star Trek computer.

@ http://www.slate.com/articles/technology/technology/2013/04/google_has_a_single_towering_obsession_it_wants_to_build_the_star_trek_computer.single.html

___

This document was a post for: SecurityFlakes2 @ https://securityflakes2.wordpress.com

This document is being archived at the following locations:

http://pastebin.calculate-linux.org/en/show/5391
http://crunchbanglinux.org/pastebin/2042
http://paste.ubuntu.com/5700808/
https://paste.debian.net/249048/
http://paste.kde.org/722840/
___
EOF