Information Security News
The city of London has asked a marketing company to stop using street-side trash bins to track the unique hardware identifier of every Wi-Fi-enabled smartphone that passes by, according to a published report.
The request by London officials came a few days after Ars and other publications reported the deployment of bins outfitted with technology to collect the unique media access control (MAC) address of every Wi-Fi enabled device that came within range. In press releases, the company boasted that the cans, which included LCD advertising screens, "provide an unparalleled insight into the past behavior of unique devices"—and hence of the people who carry them around.
The company, known as Renew, has suspended all trials of the program following a request by London officials, according to an article published Monday by the BBC. The BBC quoted a spokesman for the City of London Corporation as saying, "Irrespective of what's technically possible, anything that happens like this on the streets needs to be done carefully, with the backing of an informed public." Meanwhile, Renew's CEO maintained that the bins were mere "glorified people-counters in the street" and that his company held no personal information about the people carrying the mobile devices being tracked.
The hacking team suspected of infiltrating New York Times computers for four months has resurfaced with new attack tools after months of lying low, security researchers said.
The group, commonly known as APT 12, has for years engaged in a series of computer intrusions designed to obtain sensitive information from government agencies, military contractors, journalists, and others. According to a blog post published Monday by research firm FireEye, the gang went silent after the exposure of the four-month hacking campaign, which the NYT said was in response to a story critical of the family of Chinese prime minister Wen Jiabao.
Now the group is back, this time attacking an unidentified "organization involved in shaping economic policy," Monday's report said. In addition to hitting a new target, the group also used an updated hacking tool from the Backdoor.APT.Aumlib and Backdoor.APT.Ixeshe malware families.
by Lee Hutchinson
Bitcoin.org released a security advisory over the weekend warning the Bitcoin community that any Bitcoin wallet generated on any Android device is insecure and open to theft. The insecurity appears to stem from a flaw in the Android Java SecureRandom class, which under certain circumstances can produce numbers that aren't truly nondeterministic. This can allow an attacker to work out a victim's cryptographic private key. Private keys are used to sign Bitcoin transactions; if an attacker has a victim's private key, the attacker can execute Bitcoin transactions as if he were that person.
So far, it appears that the vulnerability has been used to steal at least 55 BTC (approximately $5,720 as of this morning).
To conduct a Bitcoin transaction, a user transfers BTC from his address to the intended recipient's address; when this happens, the sender attaches the recipient's cryptographic public key to the end of that bitcoin's record (its "blockchain") and signs that addition with his own cryptographic private key. This addition is broadcast out across the Bitcoin network, and other users verify the transaction and are rewarded for their verification work with new bitcoins (this verification work, also called "mining," is currently the predominant method of Bitcoin creation). Bitcoin users can generate as many Bitcoin addresses as they like, and in fact users are encouraged to generate lots and lots of addresses to increase their anonymity—up to and including generating a brand-new address for every single transaction they'd like to make.
Posted by InfoSec News on Aug 12http://www.koreaherald.com/view.php?ud=20130811000294
Posted by InfoSec News on Aug 12http://www.businessweek.com/articles/2013-08-09/a-travel-hack-mystery-how-can-you-redeem-stolen-airline-miles
Posted by InfoSec News on Aug 12http://tampatribune.com/macdill-intruder-arrested-inside-colorado-army-base-20130808/
Posted by InfoSec News on Aug 12http://www.theguardian.com/commentisfree/2013/aug/10/lavabit-closure-cloud-computing-edward-snowden