(credit: Shadow Brokers ) In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency. In a recently published blog post, the group calling itself Shadow Brokers claims the leaked set of exploits were obtained after members hacked Equation Group (the post has since been removed from Tumblr). Last year, Kaspersky Lab researchers described Equation Group as one of the world’s most advanced hacking groups , with ties to both the Stuxnet and Flame espionage malware platforms. The compressed data accompanying the Shadow Broker post is slightly bigger than 256 megabytes and purports to contain a series of hacking tools dating back to 2010. While it wasn’t immediately possible for outsiders to prove the posted data—mostly batch scripts and poorly coded python scripts—belonged to Equation Group, there was little doubt the data have origins with some advanced hacking group. Not fully fake “These files are not fully fake for sure,” Bencsáth Boldizsár, a researcher with Hungary-based CrySyS who is widely credited with discovering Flame, told Ars in an e-mail. “Most likely they are part of the NSA toolset, judging just by the volume and peeps into the samples. At first glance it is sound that these are important attack related files, and yes, the first guess would be Equation Group.” Read 6 remaining paragraphs | Comments
Read More:
Group claims to hack NSA-tied hackers, posts exploits as proof
John McAfee, American computer programmer and contributing editor of Business Insider, explains how the NSA’s back door has given every U.S. secret to its enemies. He begins by mentioning the importance of software, specifically meta- software, which contains a high level set of principles designed to help a nation survive in a cyberwar. Such software must not contain any back doors under any circumstances, otherwise it can and may very likely allow perceived enemies of the U.S. to have access to top-secret information. For example, the Chinese used the NSA’s back door to hack the Defense Department last year and steal 5.6 million fingerprints of critical personnel. “Whatever gains the NSA has made through the use of their back door, it cannot possibly counterbalance the harm done to our nation by everyone else’s use of that same back door.” McAfee believes the U.S. has failed to grasp the subtle implications of technology and, as a result, is 20 years behind the Chinese, and by association, the Russians as well. Read more of this story at Slashdot. 
BitTorrent has released a new version of its Sync peer-to-peer app, and its biggest feature is the encrypted folder. Any data you keep in one will be encrypted, whether you choose to place it on cloud storage or on a networked storage device (NAS). Plus, your files are always encrypted while they’re being transferred. When you create one of these folders , you get three types of keys. The Read-Write key allows peers to access and modify its contents, the Read-Only key gives peers the power to access and decrypt the files, while the Encrypted key only allows peers to receive the files — they won’t be able to decrypt them. For instance, you can provide your clients with a Read-Write key to allow them to modify the documents you’re working on. But, you can give vendors Read Only keys to show them what you have to offer. If you want to make a backup, say on a cloud service, you can make a folder that uses only an Encrypted key to be extra safe. Besides the security feature, the latest version of Sync also gives it the ability to run as a service on Windows, as well as to move data to and from an SD card used by Android 5 devices and newer. Finally, if you’re on Linux, the update will allow you to only download files you’re missing instead of replicating whole folders. Source: BitTorrent Sync (1) , (2) 
msm1267 writes: Juniper Networks has removed the backdoored Dual_EC DRBG algorithm from its ScreenOS operating system, but new developments show Juniper deployed Dual_EC long after it was known to be backdoored. Stephen Checkoway, assistant professor of computer science at the University of Illinois at Chicago, said that he and a number of crypto experts looked at dozens of versions of Juniper’s NetScreen firewalls and learned that ANSI X9.31 was used exclusively until ScreenOS 6.2 when Juniper added Dual_EC. It also changed the size of the nonce used with ANSI X9.31 from 20 bytes to 32 bytes for Dual_EC, giving an attacker the necessary output to predict the PRNG output. ‘And at the same time, Juniper introduced what was just a bizarre bug that caused the ANSI generator to never be used and instead just use the output of Dual_EC. They made all of these changes in the same version update.’ Read more of this story at Slashdot. 
An anonymous reader writes: Israeli startup Rayzone created a device that can hack any smartphone that has its WiFi connection open. The device can steal passwords, files, contact lists, photos, and various others. Called InterApp, the device is dumb-proof (comes with a shiny admin panel), works on hundreds of devices at the same time, and leaves no forensics traces behind after the hack. The company says it will only sell it to law enforcement agency. Read more of this story at Slashdot. 
An anonymous reader writes: Back in September, members of Google’s Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt’s code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have “far-reaching access to the system, ” with which they could do far worse things than exploit an obscure vulnerability. The auditors say, “It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure.” For other uses, the software “does what it’s designed for, ” despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail. Read more of this story at Slashdot.