Information Security News
On Thursday afternoon, the Wall Street Journal published a report saying that the US Marshals Service (USMS) was using small, fixed-wing Cessnas equipped with so-called “dirtboxes”—receivers that act like cellphone towers—to gather data from citizens' phones below. The purpose of such collection is to target and spy on criminal suspects, but the data from any citizen's phone is collected by such devices.
Sources told the WSJ that USMS operated these planes from five major airports in the US and that the program had a flying range “covering most of the US population.” The devices on the planes can capture unique identifying information from “tens of thousands” of cellphones on the ground. Using that information, federal authorities can pinpoint a cellphone user's location from “within three meters or within a specific room in a building,” the WSJ said.
Individuals with knowledge of the matter told the news outlet that the plane flyovers were targeted at “fugitives and criminals” and that non-target phone data is “let go” as it is gathered. The dirtboxes are described as higher-grade Stingrays, which police use on the ground to collect International Mobile Subscriber Numbers (IMSI).
by Sean Gallagher
Disconnect, the public benefit corporation behind the eponymous online privacy tool and “malvertising” blocking service, released a new version of its virtual private networking and privacy protection service for iOS, Android, Windows, and Mac OS X this morning. Disconnect has offered versions of its service on these platforms in the past, but the latest edition is the first to bring an enhanced version of what the company first introduced on the privacy-oriented Blackphone to these other operating systems.
The service is available through Apple’s App Store and the company’s website (not the Google Play or Windows stores), and it adds filtering of cell provider “supercookies” and other common tracking data captured by websites and mobile applications. Disconnect has also inked a deal with Deutsche Telekom to offer its software and services as a promotional bundle to DT customers.
The new Disconnect app and service comes in free and premium versions. The free application simply provides the user with a visualized record of tracking performed by websites and mobile applications, showing what tracking cookies are used and whose cookies they are. It also shows any unsecured connections within sites using otherwise secure HTTPS connections.
FireEye CEO David DeWalt Offers InfoSec Rethink on Cyber Amid Changing ...
FireEye CEO David DeWalt has called on information security leaders to embrace threat intelligence as a new, alternative basis for their defense platforms and security strategies, GovInfo Security reported Wednesday. “It's a tough conversation, telling ...
Microsoft's Windows Phone emerged only partially scathed from this year's Mobile Pwn2Own hacking competition after a contestant failed to fully pierce its defenses.
A blog post from Hewlett-Packard, whose Zero Day Initiative organizes the contest, provided only sparse details. Nonetheless, the account appeared to show Windows phone largely surviving. An HP official wrote:
First, Nico Joly—who refined his competition entry on the very laptop he won at this spring’s Pwn2Own in Vancouver as part of the VUPEN team—was the sole competitor to take on Windows Phone (the Lumia 1520) this year, entering with an exploit aimed at the browser. He was successfully able to exfiltrate the cookie database; however, the sandbox held and he was unable to gain full control of the system.
No further details were immediately available. HP promised to provide more color about hacks throughout the two-day contest in the coming weeks, presumably after companies have released patches.
Digital rights advocates are doubling down on their criticism of a US-based ISP suspected of performing encryption downgrade attacks that caused customers' e-mail to remain in plaintext as it passed over the Internet.
The attacks, according to researchers, were carried out by AT&T subsidiary Cricket and prevented e-mail from being protected by STARTTLS, a technology that uses the secure sockets layer or transport layer security protocols to encrypt plaintext communications. The attacks worked by removing the STARTTLS flag that causes e-mail to be encrypted as it passes from the sending server to the receiving server. After the tampering came to light late last month it was reported by The Washington Post and TechDirt.
"It is important that ISPs immediately stop this unauthorized removal of their customers' security measures," wrote Electronic Frontier Foundation staff technologist Jacob Hoffman-Andrews in a blog post published Tuesday. "ISPs act as trusted gateways to the global Internet, and it is a violation of that trust to intercept or modify client traffic, regardless of what protocol their customers are using. It is a double violation when such modification disables security measures their customers use to protect themselves."