Monday, July 28, 2014
Saturday, July 26, 2014
Internet Explorer Vulnerabilities Increase 100%
Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities. Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.
Dropbox Head Responds To Snowden Claims About Privacy
When asked for its response to Edward Snowden's claims that "Dropbox is hostile to privacy", Dropbox told The INQUIRER that users concerned about privacy should add their own encryption. The firm warned however that if users do, not all of the service's features will work. Head of Product at Dropbox for Business Ilya Fushman says: "We have data encrypted on our servers. We think of encryption beyond that as a users choice. If you look at our third-party developer ecosystem you'll find many client-side encryption apps....It's hard to do things like rich document rendering if they're client-side encrypted. Search is also difficult, we can't index the content of files. Finally, we need users to understand that if they use client-side encryption and lose the password, we can't then help them recover those files."
Friday, July 25, 2014
Wednesday, July 23, 2014
Update your web browser to Mozilla Firefox 31 to patch 11 security bugs
Update your web browser to Mozilla Firefox 31 to patch 11 security bugs
Mozilla Firefox recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities discovered in its browser could be exploited by attackers and leverage them to "run attacker code and install software, requiring no user interaction beyond normal browsing".
The three major vulnerabilities are as follows:
- MFSA 2014-59 - The second critical flaw discovered in the browser, reported by Mozilla community member James Kitchener, refers to a use-after-free vulnerability when handling DirectWrite font. The vulnerability could be exploited by an attacker to crash Firefox due to an error in the way it handles font resources and tables, when rendering MathML content with specific fonts. However exploiting this flaw would be possible only on Windows platform, it does not affect OS X or Linux systems.
- MFSA 2014-56 - This vulnerability refers to miscellaneous memory safety hazards, identified by Mozilla developers, that affected Mozilla version 30. Mozilla fixed several memory safety bugs in its browser engine used in Firefox and other Mozilla-based products in order to safeguard its customers.
“Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla wrote.
OTHER SECURITY VULNERABILITIES
Mozilla also addresses two high rated vulnerabilities that cause a potential danger, as they could be used by an attacker to fetch users’ personal and sensitive information from other websites they visit or inject malicious code into those websites to infect users.
Moreover, the security issues fixed in the latest revision of Firefox mostly refer to use-after-free vulnerabilities, in Web Audio, with the FireOnStateChange event and when manipulating certificates in the trusted cache.
Also, to provide more security to its customers, the company has announced a protection mechanism against malicious downloads in its latest build. The feature relies on the Safe Browsing API from Google and leverages application reputation information to detect malware in file downloads.
The protection mechanism consists in verifying the metadata, such as download URL, SHA-256 hash, details about the certificate, belonging to the item requested by the user, and comparing it to a given block list.
Based on a local list of files and remote one, the verification of the metadata is carried out. If a match is found the file is not saved to disk. On the other hand, when files are signed, they are matched from a given whitelist, and the binary is marked as trusted and as a result of it, the remote check is no longer performed.
Additionally, a new SSL/TLS certificate verification is now available on Firefox latest build 31 that uses a more powerful and easier to maintain “mozilla::pkix” library. No doubt this change would go unnoticed by the regular user, but it would protect its users from the compatibility issues arose for websites that do not use an authorized certificate accepted in the Mozilla CA Program.
Update your Mozilla Firefox and Thunderbird as soon as possible. Stay Safe! Stay Secure!
Edward Snowden: 'If I end up in chains in Guantánamo I can live with that'The 31-year-old former US National Security Agency (NSA) contractor Edward Snowden has warned that during surveillance, among other things, NSA system administrators also intercepted and routinely passed the nude photos of people in "sexually compromising" situations among other NSA employees.
In a video interview, NSA whistleblower speaks with the Guardian editor-in-chief Alan Rusbridger and reporter Ewen MacAskill in Moscow, which was then published by the Guardian on Thursday.
WOOOH!! ATTRACTIVE NUDIE PICS - PASS IT ON TO BILL TOO
"You've got young enlisted guys, 18 to 22 years old. They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records," he said in the video interview.
"During the course of their daily work they stumble upon something that is completely unrelated to their work in any sort of necessary sense – for example, an intimate nude photo of someone of in a sexually compromising situation, but they're extremely attractive. So what they do? They turn around in their chair and show their co-worker."
“The co-worker says: ‘Hey that's great. Send that to Bill down the way.’ And then Bill sends it to George and George sends it to Tom. And sooner or later this person's whole life has been seen by all of these other people. It's never reported.”
When Guardian's Alan Rusbridger asked Snowden, “You saw instances of that happening?”
Snowden responded positively saying, “Yeah.”
“It's routine enough, depending on the company that you keep, it could be more or less frequent," Snowden says. "These are seen as the fringe benefits of surveillance positions."
NO COMEBACK OF THOSE PICS
The person’s whose private life has been exposed never know about it, because the internal auditing procedures at the NSA are incredibly weak that there is no comeback of those intercepted naked photos.
“The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream from the intended recipient and given to the government without any specific authorization without any specific need is itself a violation of your rights,” he added and questioned, “Why is that in a government database?”
DROPBOX - HOSTILE TO PRIVACY
Edward Snowden said cloud storage service Dropbox is "hostile to privacy," and called for more companies to offer services that prevent government snooping.
Snowden spread light on the cloud storage provider company, Spideroak, which offers greater protection to its users. The only fact behind it is that the company stores all the users data for backups, but in an encrypted form. So, its employees do not have access to the encrypted user data. Also if the government ask for user data, the company cannot hand over any meaningful or decrypted content.
Snowden calls Dropbox, a "PRISM wannabe." He asserted that the cloud storage Dropbox has recently appointed former US Secretary of State Condoleezza Rice to its board of directors, who Snowden said is “hostile to privacy” and described her as "the most anti-privacy official you can imagine."
Accountants, lawyers, and doctors should all level up their skills, Snowden said, and journalists in particular should be aware that a single slip up could compromise their sources.
I COULD LIVE IN U.S. PRISON -- SNOWDEN
Snowden addressed a number of things, noting that if he ended up in US prison facility at Guantánamo Bay, Cuba, he could “live with” that. He again dismissed any claim that he was or is a Russian spy or agent, describing those allegations “bullshit.”
"I'm not going to presume to know what a jury would think, or to say what they should or should not think. But I think it's fair to say that there are reasonable and enduring questions about the extent of these surveillance programs, how they should be applied and that should be the focus of any trial," he said.
The NSA’s spokesperson said such activity wouldn’t be tolerated, but didn’t explicitly deny the Snowden’s claim.
“NSA is a professional foreign-intelligence organization with a highly trained workforce, including brave and dedicated men and women from our armed forces,” said spokesperson Vanee Vines by email. “As we have said before, the agency has zero tolerance for willful violations of the agency’s authorities or professional standards, and would respond as appropriate to any credible allegations of misconduct.”