security – Page 172

81% of Tor Users Can Be De-anonymized By Analysing Router Information

An anonymous reader writes A former researcher at Columbia University’s Network Security Lab has conducted research since 2008 indicating that traffic flow software included in network routers, notably Cisco’s ‘Netflow’ package, can be exploited to deanonymize 81.4% of Tor clients. Professor Sambuddho Chakravarty, currently researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology, uses a technique which injects a repeating traffic pattern into the TCP connection associated with an exit node, and then compares subsequent aberrations in network timing with the traffic flow records generated by Netflow (or equivalent packages from other router manufacturers) to individuate the ‘victim’ client. In laboratory conditions the success rate of this traffic analysis attack is 100%, with network noise and variations reducing efficiency to 81% in a live Tor environment. Chakravarty says: ‘it is not even essential to be a global adversary to launch such traffic analysis attacks. A powerful, yet non- global adversary could use traffic analysis methods [] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection.’ Read more of this story at Slashdot.

More:
81% of Tor Users Can Be De-anonymized By Analysing Router Information

An Applied Investigation Into Graphics Card Coil Whine

jones_supa writes We all are aware of various chirping and whining sounds that electronics can produce. Modern graphics cards often suffer from these kind of problems in form of coil whine. But how widespread is it really? Hardware Canucks put 50 new graphics cards side-by-side to compare them solely from the perspective of subjective acoustic disturbance. NVIDIA’s reference platforms tended to be quite well behaved, just like their board partners’ custom designs. The same can’t be said about AMD since their reference R9 290X and R9 290 should be avoided if you’re at all concerned about squealing or any other odd noise a GPU can make. However the custom Radeon-branded SKUs should usually be a safe choice. While the amount and intensity of coil whine largely seems to boil down to luck of the draw, at least most board partners are quite friendly regarding their return policies concerning it. Read more of this story at Slashdot.

See the article here:
An Applied Investigation Into Graphics Card Coil Whine

Researchers Forecast the Spread of Diseases Using Wikipedia

An anonymous reader writes Scientists from Los Alamos National Laboratory have used Wikipedia logs as a data source for forecasting disease spread. The team was able to successfully monitor influenza in the United States, Poland, Japan, and Thailand, dengue fever in Brazil and Thailand, and tuberculosis in China and Thailand. The team was also able to forecast all but one of these, tuberculosis in China, at least 28 days in advance. Read more of this story at Slashdot.

See the original post:
Researchers Forecast the Spread of Diseases Using Wikipedia

Why Are ISPs Removing Their Customers’ Email Encryption?

Recently, Verizon was caught tampering with its customer’s web requests to inject a tracking super-cookie . Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. Read more…

More:
Why Are ISPs Removing Their Customers’ Email Encryption?

Researchers Demonstrate Electrically Activated Micro-Muscles

mpicpp sends news of research at the University of Michigan in which a self-assembling chain of particles can be used as tiny, electrically-activated muscles. The team started with particles similar to those found in paint, with diameters of about a hundredth the width of a strand of hair. They stretched these particles into football shapes and coated one side of each football with gold. The gilded halves attracted one another in slightly salty water—ideally about half the salt concentration in the sports drink Powerade. The more salt in the water, the stronger the attraction. Left to their own devices, the particles formed short chains of overlapping pairs, averaging around 50 or 60 particles to a chain. When exposed to an alternating electric field, the chains seemed to add new particles indefinitely. But the real excitement was in the way that the chains stretched. … While the force generated by the fibers is about 1, 000 times weaker than human muscle tissue per unit area, it may be enough for microbots. Read more of this story at Slashdot.

More here:
Researchers Demonstrate Electrically Activated Micro-Muscles

Tor Project Mulls How Feds Took Down Hidden Websites

HughPickens.com writes: Jeremy Kirk writes at PC World that in the aftermath of U.S. and European law enforcement shutting down more than 400 websites (including Silk Road 2.0) which used technology that hides their true IP addresses, Tor users are asking: How did they locate the hidden services? “The first and most obvious explanation is that the operators of these hidden services failed to use adequate operational security, ” writes Andrew Lewman, the Tor project’s executive director. For example, there are reports of one of the websites being infiltrated by undercover agents and one affidavit states various operational security errors.” Another explanation is exploitation of common web bugs like SQL injections or RFIs (remote file inclusions). Many of those websites were likely quickly-coded e-shops with a big attack surface. Exploitable bugs in web applications are a common problem says Lewman adding that there are also ways to link transactions and deanonymize Bitcoin clients even if they use Tor. “Maybe the seized hidden services were running Bitcoin clients themselves and were victims of similar attacks.” However the number of takedowns and the fact that Tor relays were seized could also mean that the Tor network was attacked to reveal the location of those hidden services. “Over the past few years, researchers have discovered various attacks on the Tor network. We’ve implemented some defenses against these attacks (PDF), but these defenses do not solve all known issues and there may even be attacks unknown to us.” Another possible Tor attack vector could be the Guard Discovery attack. The guard node is the only node in the whole network that knows the actual IP address of the hidden service so if the attacker manages to compromise the guard node or somehow obtain access to it, she can launch a traffic confirmation attack to learn the identity of the hidden service. “We’ve been discussing various solutions to the guard discovery attack for the past many months but it’s not an easy problem to fix properly. Help and feedback on the proposed designs is appreciated.” According to Lewman, the task of hiding the location of low-latency web services is a very hard problem and we still don’t know how to do it correctly. It seems that there are various issues that none of the current anonymous publishing designs have really solved. “In a way, it’s even surprising that hidden services have survived so far. The attention they have received is minimal compared to their social value and compared to the size and determination of their adversaries.” Read more of this story at Slashdot.

Read the original:
Tor Project Mulls How Feds Took Down Hidden Websites

Mozilla Updates Firefox With Forget Button, DuckDuckGo Search, and Ads

Krystalo writes: In addition to the debut of the Firefox Developer Edition, Mozilla today announced new features for its main Firefox browser. The company is launching a new Forget button in Firefox to help keep your browsing history private, adding DuckDuckGo as a search option, and rolling out its directory tiles advertising experiment. Read more of this story at Slashdot.

Pitivi Video Editor Surpasses 50% Crowdfunding Goal, Releases Version 0.94

kxra writes With the latest developments, Pitivi is proving to truly be a promising libre video editor for GNU distributions as well as a serious contender for bringing libre video production up to par with its proprietary counterparts. Since launching a beautifully well-organized crowdfunding campaign (as covered here previously), the team has raised over half of their 35, 000 € goal to pay for full-time development and has entered “beta” status for version 1.0. They’ve released two versions, 0.94 (release notes) being the most recent, which have brought full MPEG-TS/AVCHD support, porting to Python 3, lots of UX improvements, and—of course—lots and lots of bug fixes. The next release (0.95) will run on top of Non Linear Engine, a refined and incredibly more robust backend Pitivi developers have produced to replace GNonLin and bring Pitivi closer to the rock-solid stability needed for the final 1.0 release. Read more of this story at Slashdot.

Continue reading here:
Pitivi Video Editor Surpasses 50% Crowdfunding Goal, Releases Version 0.94

Americans Rejoice At Lower Gas Prices

HughPickens.com writes Drivers across America are rejoicing at falling gasoline prices as pumps across the country dip below $3 a gallon. According to Sharon E. Burke while it’s nice to get the break at the gas pump and the economic benefits of an energy boom at home, the national security price of oil remains high and the United States should be doing everything it can to diversify global energy suppliers. Ultimately, the only way to solve our long term energy problem is to make a sustained, long-term investment in the alternatives to petroleum. But October saw a 52 percent jump in Jeep SUV sales and a 36 percent rise in Ram trucks while some hybrid and electric vehicle sales fell at the same time. “This is like putting a Big Mac in front of people who need to diet or watch their cholesterol, ” says Anthony Perl. “Some people might have the willpower to stick with their program, and some people will wait until their first heart attack before committing to a diet—but if we do that at a planetary scale it will be pretty traumatic.” Nicholas St. Fleur writes at The Atlantic that low oil prices may also undermine the message from the UN’s climate panel. The price drop comes after the UN declared earlier this week that fossil fuel emissions must drop to zero by the end of the century in order to keep global temperatures in check. “I don’t think people will see the urgency of dealing with fossil fuels today, ” says Perl. Falling oil prices may also deter businesses from switching to energy-saving technology, as a 2006 study in the Energy Journal suggested. Saving several pennies at the pump, Perl says, may tempt Americans away from actions that can lead to a sustainable, post-carbon future. Read more of this story at Slashdot.

British Spies Are Free To Target Lawyers and Journalists

Advocatus Diaboli writes British spies have been granted the authority to secretly eavesdrop on legally privileged attorney-client communications, according to newly released documents. On Thursday, a series of previously classified policies confirmed for the first time that the U.K.’s top surveillance agency Government Communications Headquarters has advised its employees: “You may in principle target the communications of lawyers.” The country’s other major security and intelligence agencies—MI5 and MI6—have adopted similar policies, the documents show. The guidelines also appear to permit surveillance of journalists and others deemed to work in “sensitive professions.” Read more of this story at Slashdot.

More here:
British Spies Are Free To Target Lawyers and Journalists

Ken May

Tag: security