digest – Page 64 – Tech Today w/ Ken May

Cisco switches to weaker hashing scheme, passwords cracked wide open

Password cracking experts have reversed a secret cryptographic formula recently added to Cisco devices. Ironically, the encryption type 4 algorithm leaves users considerably more susceptible to password cracking than an older alternative, even though the new routine was intended to enhance protections already in place. It turns out that Cisco’s new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt. The revelation came as a shock to many security experts because the technique requires little time and computing resources. As a result, relatively inexpensive computers used by crackers can try a dizzying number of guesses when attempting to guess the corresponding plain-text password. For instance, a system outfitted with two AMD Radeon 6990 graphics cards that run a soon-to-be-released version of the Hashcat password cracking program can cycle through more than 2.8 billion candidate passwords each second. By contrast, the type 5 algorithm the new scheme was intended to replace used 1,000 iterations of the MD5 hash function. The large number of repetitions forces cracking programs to work more slowly and makes the process more costly to attackers. Even more important, the older function added randomly generated cryptographic “salt” to each password, preventing crackers from tackling large numbers of hashes at once. Read 7 remaining paragraphs | Comments

Continue reading here:
Cisco switches to weaker hashing scheme, passwords cracked wide open

911 tech pinpoints people in buildings—but could disrupt wireless ISPs

NextNav’s enhanced 911 technology locates people within buildings—but may interfere with millions of existing devices. NextNav Cell phones replacing landlines are making it difficult to accurately locate people who call 911 from inside buildings. If a person having a heart attack on the 30th floor of a giant building can call for help but is unable to speak their location, actually finding that person from cell phone and GPS location data is a challenge for emergency responders. Thus, new technologies are being built to accurately locate people inside buildings. But a system that is perhaps the leading candidate for enhanced 911 geolocation is also controversial because it uses the same wireless frequencies as wireless Internet Service Providers, smart meters, toll readers like EZ-Pass, baby monitors, and various other devices. NextNav , the company that makes the technology, is seeking permission from the Federal Communications Commission to start commercial operations. More than a dozen businesses and industry groups oppose NextNav (which holds FCC licenses through a subsidiary called Progeny), saying the 911 technology will wipe out devices and services used by millions of Americans. Read 37 remaining paragraphs | Comments

Read this article:
911 tech pinpoints people in buildings—but could disrupt wireless ISPs

For first time, US military says it would use offensive cyberweapons

For the first time ever, the Obama administration has publicly admitted to developing offensive cyberweapons that could be aimed at foreign nations during wartime. According to an article published Tuesday night by The New York Times , that admission came from General Keith Alexander, the chief of the military’s newly created Cyber Command. He said officials are establishing 13 teams of programmers and computer experts who would focus on offensive capabilities. Previously, Alexander publicly emphasized defensive strategies in electronic warfare to the almost complete exclusion of offense. “I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee on Tuesday. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.” Read 3 remaining paragraphs | Comments

Excerpt from:
For first time, US military says it would use offensive cyberweapons

ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more

The front page of exposed.su. Identity thieves have posted social security numbers, credit information, and other sensitive data belonging to more than a dozen politicians and celebrities. It’s a list that includes Vice President Joe Biden, FBI Director Robert Mueller, former Secretary of State Hillary Clinton, rapper Jay Z, and actor and director Mel Gibson. The website, exposed.su, surfaced on Monday with birth dates, telephone numbers, home addresses, and in some cases credit reports for a handful of politicians and celebrities. Throughout the past 24 hours the site has published details on additional individuals. Social security numbers for Mueller, Jay-Z, and Gibson appeared to be valid, the Associated Press reported . Los Angeles Police Chief Charlie Beck, whose information was also posted on the site, hasn’t challenged the accuracy, either. Still, other journalists wrote that phone numbers purportedly belonging to former California Governor Arnold Schwarzenegger and actor Ashton Kutcher reportedly went to a movie production company and a New York-based accounting firm respectively. The site included the image of a gaunt young woman with black circles around her eyes and an index finger in front of her lips. It was headed by a quote from the Showtime TV series Dexter , in which the title character says, “If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve.” The site included an embarrassing or humorous photo related to each individual whose information was disclosed. The act of publicly documenting the private details of people is known as “doxxing,” and it came into vogue a few years ago with the growing visibility of the Anonymous hacking collective. Read 2 remaining paragraphs | Comments

Read the original post:
ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more

Mac malware that infected Facebook bypassed OS X Gatekeeper protection

Researchers have identified the Mac malware that infected employees of Apple, Facebook, and Twitter, and say it may have been used to compromise machines in other US organizations, including auto manufacturers, government agencies, and a leading candy maker, according to a published report. Pintsized.A is a new family of Mac malware that uses an exploit to bypass Gatekeeper, an OS X protection that allows end users to tightly control which sources are permitted to install apps , according to an article published Monday by The Security Ledger. Mac antivirus provider Intego says the trojan masquerades on infected machines as Linux printing software known as cupsd, although it runs from a different location than the legitimate title. It’s unclear exactly how the malware gets around Gatekeeper. Once installed, Pintsized establishes a reverse shell to a command and control server controlled by the attackers. It uses a modified version of the OpenSSH utility to encrypt traffic, a measure that can help it remain undetected on infected networks. One of the domain names that hosted such a server was corp-aapl.com. It caught the attention of members of Facebook’s security team, tipping them off that there was an infected machine inside their network . When they later took control of the domain, they discovered multiple other companies were also compromised by the same attackers. Around the same time, Apple , Twitter , and Microsoft were also hit with attacks that meet the same pattern. Read 1 remaining paragraphs | Comments

Link:
Mac malware that infected Facebook bypassed OS X Gatekeeper protection

Meet the men who spy on women through their webcams

Aurich Lawson / Thinkstock “See! That shit keeps popping up on my fucking computer!” says a blond woman as she leans back on a couch, bottle-feeding a baby on her lap. The woman is visible from thousands of miles away on a hacker’s computer. The hacker has infected her machine with a remote administration tool (RAT) that gives him access to the woman’s screen, to her webcam, to her files, to her microphone. He watches her and the baby through a small control window open on his Windows PC, then he decides to have a little fun. He enters a series of shock and pornographic websites and watches them appear on the woman’s computer. The woman is startled. “Did it scare you?” she asks someone off camera. A young man steps into the webcam frame. “Yes,” he says. Both stare at the computer in horrified fascination. A picture of old naked men appears in their Web browser, then vanishes as a McAfee security product blocks a “dangerous site.” Read 65 remaining paragraphs | Comments

More:
Meet the men who spy on women through their webcams

Porn trolling mastermind is the world’s most evasive witness

Stefan Schlautmann On Wednesday we wrote about the elaborate chart defense attorney Morgan Pietz created to help Judge Otis Wright keep track of the many organizations associated with porn copyright trolling firm Prenda law, all of which seem to be run by the same half-dozen people. Pietz has now released a transcript of a remarkable deposition he took of Paul Hansmeier, who along with John Steele is widely regarded as the brains behind Prenda’s litigation campaign. Officially, a Prenda-linked shell company called “AF Holdings” is suing Pietz’s client for infringing copyright by downloading a pornographic film from BitTorrent. But in recent weeks, the focus of the litigation has shifted to alleged misconduct by Prenda, including whether the firm stole the identity of Minnesota resident Alan Cooper to use as an officer of AF Holdings. Judge Wright has scheduled a Monday hearing to get to the bottom of the allegations. Last month, we covered a filing by Prenda attorney Brett Gibbs, who insisted that all the important decisions had been made by “senior members of the law firms” connected to Prenda. Gibbs later identified these individuals as Hansmeier and Steele. Read 18 remaining paragraphs | Comments

Continue Reading:
Porn trolling mastermind is the world’s most evasive witness

Microsoft comes to its senses, allows Office 2013 to move PCs

In a substantial regression from the terms offered for Office 2010, the original Office 2013 license died with your PC . You couldn’t install a retail copy of Office on a new PC, even if you removed it from the old one. But after much public outcry, Microsoft has relented . The Office 2013 terms and conditions are being updated so that transfers are allowed. You’ll be allowed one transfer every 90 days unless the transfers are due to hardware failures. (In that case they can be made immediately.) The change is effective immediately, but it will take some time before it trickles out to the activation servers. If you’re transferring Office 2013 to a different PC and activation fails, you’ll have to call customer support. Microsoft insists that the support people know the score and will be able to activate you manually. Read on Ars Technica | Comments

Visit site:
Microsoft comes to its senses, allows Office 2013 to move PCs

Newly spotted miles-wide comet bearing down on Mars

A comet spotted earlier this year may pass close enough for Mars to feel the rock’s hot breath down its neck, according to new reports that surfaced Monday and Tuesday. The comet, named C/2013 A1, may pass within a few tens of thousands of miles of Mars’ center, with a remote chance that the miles-wide comet will collide with the planet. C/2013 A1 “Siding Spring,” a comet between 5 and 30 miles wide, was spotted January 3 by astronomer Robert H. McNaught. Researchers were able to look back in the image history of the Catalina Sky Survey in Arizona and spot signs of the comet as early as December 8, 2012. NASA states that other archives have traced sightings back to October 4, 2012. According to scientists at NASA’s Near-Earth Object Program Office , Siding Spring originates from the Oort Cloud of our Solar System and has been journeying to this point for more than a million years. In less than two years, around October 19, 2014, the comet will pass very close to Mars. Read 2 remaining paragraphs | Comments

See the original article here:
Newly spotted miles-wide comet bearing down on Mars

Trigger word: e-mail monitoring gets easy in Office 365, Exchange

I’m in ur email, watching ur filez. Diana Dee Sophia Exchange 2013 and Office 365 include a new feature that can peek into e-mail messages and enclosed documents, then flag them, forward them, or block them entirely based on what it finds. This sort of data loss prevention technology has become increasingly common in corporate mail systems. But its inclusion as a feature in Office 365’s cloud service makes it a lot more accessible to organizations that haven’t had the budget or expertise to monitor the e-mail lives of their employees. As we showed in our review of the new Office server platforms , the data loss prevention feature of Microsoft’s new messaging platforms can detect things like credit card numbers, social security numbers, and other content that has no business travelling by e-mail. Because of how simple it is to configure rules for Microsoft’s DLP and security features, administrators will also have the power to do other sorts of snooping into what’s coming and going from users’ mailboxes. Unfortunately, depending on the mix of mail servers in your organization—or which Exchange instances you happen to hit in the O365 Azure cloud—they may not work all the time. And they won’t help defeat someone determined to steal data via e-mail. Read 9 remaining paragraphs | Comments