2013-06-15

2013-06-09

Drupal's 1 M user accounts breached!

Quote:  This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself.

Organziation - Data Leakage

Some disturbing statistics on employees using cloud-services to store/review organization's documents.

2013-06-07

NSA data snooping!

Unbelievable how much data these guys are spying on!

Did NSA manage to decrypt BlackBerry data as well? RIM has declined for now.

NSA Director talks about this program (named PRISM)

Was Microsoft providing vulnerabilities to NSA?

An upcoming app, which promises to defeat all these govt snooping. Already raised 100K in 36 hours!

How much does it cost the govt to eavesdrop on people? Substantial amount of money actually!

DNI Presenter a tool used by NSA to capture citizen's personal chats and messages!

FBI engaged hackers to deploy malware on Android phones.

XKeyscore – the Front End that Queries the NSA Databases

Update 10-Aug-2013:
NSA 'nicely' asks lavabit and SilentText to shut down. They were instrumental in providing end-to-end encrypted email services.

Update 17-Sep-2013:
Some open source tools to help non-NSA folks, achieve some similar reconnaissance.

Update 19-Sep-2013:
NSA purchased 0-days from Vupen (French security researchers)

Update 28-Sep-2013:
NSA even spied on Indian Embassy and UN

Update 29-Oct-2013:
Firefox launches "Lightbeem"

Update 10-Nov-2013:
Crowd sourcing project to audit TrueCrypt

Update 12-Nov-2013:
Charges against Snowden to be dropped ?!

Update 13-Nov-2013:
Google outraged over NSA's extent of spying on its data centres

Update 08-Dec-2013:
Tracking all Snowden documents

Update 22-Dec-2013:
NSA bribed [for $10m] RSA for keeping a bacdoor in their products!
Not surprisingly RSA declines it.

Update 18-Jan-2014:
Obama announces some reforms

Update 28-Jan14:
How Angry Birds helped NSA

Update 29-Jan-14:
Snowden nominated for Nobel

Update 22-Mar-14:
Google tightens HTTPS protection.

Update 08-May-14:
A few email exchanges between NSA and Google released. Doesn't say much, unlike the hype

Update 17-Oct-15:
How the NSA broke encryption (DH algo).

How secure are passwords?

Arstechnica plans to bruteforce 16K hashed passwords. A non-techie editor breaks 47% of them. One expert breaks 82% in one hour!!

2013-06-01

The World of Financial Trojans

A symantec's report  on trojans - I am sure it will be super biased by the business of the creator

Major US Weapons Compromised By Chinese Hackers

Quote:

"...[T]he cyber threat is serious and... the United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all their military and intelligence capabilities," the public version of the DSB report said. "This conclusion was developed upon several factors, including the success adversaries have had penetrating our networks..."

Two Factor Auth

More companies finally following Google's footsteps and enabling 2FA. Twitter ; Linkedin

Update 09-Aug-2013:
Twitter's state of the art 2FA app