Yes, more from The Guaridan’s Glenn Greenwald:
Revealed: The NSA’s powerful tool for cataloguing global surveillance data, including figures on US collection. Boundless Informant, a mission outlined in four slides and read the NSA’s frequently asked questions documentThe leaks continue. The United States’ global war also has gone cyber, as revealed in The Guardian’s latest piece on the NSA’s program called Boundless Informant. It categorizes “the voluminous amount” of online and telephone information they receive from each country in the world.
Incremental isn’t the word for these stories. More like flood.
Good news for Burger King: After many months of people asking for it, Twitter finally offers two-step verification for its users. “Of course, even with this new security option turned on, it’s still important for you to use a strong password and follow the rest of our advice for keeping your account secure,” the company emphasizes.
Why are these people wearing ponchos? Simple. Because they couldn’t bring umbrellas with them. During today’s Kentucky Derby event, officials bumped up security, preventing thousands of attendees from bringing in backpacks, large purses, and despite the rain forecast, umbrellas. The tightened security comes weeks after the Boston Marathon bombing caused an unprecedented security crackdown in the city of Boston. (photo by Charlie Riedel/Associated Press)
Hey shortformblog, you’re mostly wrong.
Because Twitter cannot prevent the type of attack which has caused so many brands to loose their twitter account - malware (specifically keyloggers) logs the users credentials when they log into twitter.com, which the attacker then uses to make a perfectly “legitimate” login at a later time.
How do you prevent this as a user, given that its the #1 vector of attack for these big name brand hijackings? Use a computer that you know isn’t infected with MalWare. How do you ensure that a computer doesn’t have any malware? Never connect it to the internet (or if you do connect, only use twitter.com, and not browsing or emailing).
Does this make sense for the average user? Not at all. Does it make sense for a global brand or news agency who want to avoid what happened to AP? Easily. The $1200 hypothetical laptop is far cheaper than the damage to a brand from a high publicity hijacking.
The reason that I say “mostly” is that twitter could prevent this by using Google Authenticator or some other form of two-factor authentication. This would be unneeded for a normal user, but would allow big brands to add the extra security. I suspect that Twitter is probably working on this right now, and that this announcement is just until it is deployed.
You realize these accounts are used by multiple users and organizations as large as AP use third-party apps, right? And that numerous people use that single account, right? And that social media pretty much only works because you can share links? This solution is not realistic. It’s a band-aid solution until Twitter gets its stuff together.
The problem here is that large brands have been asking for that two-factor solution for at least two years (Facebook launched it two years ago, and Google has had it for years), and now, Twitter is feeling some serious pain because they only hired someone to work on the two-factor thing within the past six months.
They can’t block such attacks because they haven’t built out their system to deal with them.
If Twitter was serious about protecting its users, it would have been working on this solution before it got to this point, especially considering the seriousness of the problems being raised and the size of the brands it was courting. But instead, they’re playing catch-up. The best solution to bad security is being proactive.
The hypothetical dedicated laptop is not the problem. The fact that the hypothetical dedicated laptop was required in the first place is the problem.
“1234” unsurprisingly leads the pack, followed closely by “1111”. Check the top 20 and make sure you’re not using any of them. And then yell at your bank for making you remember all sorts of random passwords but still using a 4-digit PIN.
We know one person who isn’t happy about this revelation.
» Wait a sec … the FBI had them? Well, funny story about that. Back in March, the group says they gained access to a computer owned by an FBI official. Just by chance, they found a file on the agent’s desktop titled “NCFTA_iOS_devices_intel.csv” — a long list of 12 million UDID identifiers for iOS devices, along with a number of other pieces of personal info. AntiSec released just 1 million of the UDID numbers (which you can analyze here to see if you were nailed), but it’s worth keeping in mind that the odds may not be super-high of getting hit. There are 410 million iOS devices on the market, as of July. The problem for many is that the FBI reportedly had this info in the first place. What did they need it for, and why was it sitting on some dude’s desktop?
UPDATE: The FBI says that there is “no evidence” they had a file like the one described above.
Follow ShortFormBlog • Find us on Twitter & Facebook
New tech site “Terms of Service; Didn’t Read” wants to expose what they call “the biggest lie on the Web.” To put it simply, nobody actually reads the Terms of Service. They just say they do. And in the case of some services, such as TwitPic (above), this is pretty evil. Did you know they can sell your photos to a news wire without paying you? Scary, right?
twentysomethingfloater says: in the words of ed love, “C’MON SON”. Those pws were basic, ya’ll gotta step your game up some degrees. I mean, ya’ll a pretty big deal, of course people are gonna try to hit you.
» SFB says: We had secure passwords. Matt was making a joke. We worked very hard to prevent this from happening after the first round — to the point of removing app access from the backend — and apparently that wasn’t enough. We’ll work harder to ensure security in the future. — Ernie @ SFB
Malte Spitz’s presentation, ”Your Phone Company Is Watching”, explores just how much can be extrapolated from the information collected by his cell phone carrier as a result of the EU’s Data Retention Directive. Working with ZEIT Online, Spitz used 35,830 lines of data to create a downloadable, interactive map chronicling his daily life during a six month period. “If you have access to this information, you can see what society is doing,” says Spitz, adding, “If you have access to this information you can control your society.” source
In her last days, my mother occasionally became confused....
”The reporter...
I can’t add much to what’s already been (and will be) ...
One of the perks of being an early employee...
Over the last 90 days, the Digg...
#FMMDI (at 30 Rockefeller Plaza)
» Trying to learn from St. Paul: In 2008, the Republican National Convention was held in St. Paul, Minn., where protesters often got violent and police confrontations were common. No one was seriously injured, but many were arrested (including journalists). Because St. Paul was one of the smallest cities to host a national political convention, its security and enforcement was slightly unprepared. Tampa is taking no chances this year. ”We’ve extensively studied St. Paul,” said Tampa City Attorney Jim Shimberg. “We’ve had meetings with folks in St. Paul, to find out what went well and what went wrong.”
Follow ShortFormBlog • Find us on Twitter & Facebook
» It hasn’t been a great summer for cyber-security, particularly when you consider how many well-known companies keep getting caught with lackluster security in place. So, how many more of these stories do you think it will take before major corporations quit storing user data in plain-text format?
Follow ShortFormBlog • Find us on Twitter & Facebook
The Department of Defense announced today that Ibrahim al Qosi was transferred from the detention facility at Naval Station Guantanamo Bay, Cuba, to Sudan.
In July 2010, al Qosi pleaded guilty in a military commission to both conspiracy and providing material support for terrorism, as defined by the Military Commissions Act. He was sentenced to 14 years confinement for his crimes. In exchange for cooperating with prosecutors as required by the terms of his pre-trial agreement, the Convening Authority for Military Commissions suspended all but two years of that sentence, starting from July 7, 2010, the date of his plea. The United States government has returned al Qosi to Sudan at the conclusion of the unsuspended portion of his sentence.
The United States coordinated with the government of Sudan regarding appropriate security and humane treatment measures. In accordance with statutory reporting requirements, the administration informed Congress of its intent to transfer al Qosi to Sudan.
Documents related to al Qosi’s military commission proceedings are available on the Office of Military Commissions website at: http://www.mc.mil/ .
Today, 168 detainees remain at the detention center in Guantanamo Bay.
Ibrahim al Qosi was a former cook for al-Qaeda.
» Illinois resident Katie Szpyrka, represented by Edelson McGuire, filed the suit nearly two weeks after the passwords first hit the web. Szpyrka claims that the ease with which hackers accessed user information constitutes a violation of promises that LinkedIn made to consumers. LinkedIn disputes Szpyrka’s claim, and intends to fight the suit in court. “No member account has been breached as a result of the incident,” said LinkedIn spokeswoman Erin O’Harra, adding, “We have no reason to believe that any LinkedIn member has been injured.”
Follow ShortFormBlog • Find us on Twitter & Facebook
Copyright 2009-2013 Ernie Smith • Ask us stuff! • E-mail us • Follow us on Twitter • Follow us on Facebook
