Tuesday, September 30, 2014

Assange reply to Google

 Assange added that Google and the NSA have been cosy since 2002 and that if that agency says "jump", Google jumps.

Thursday, September 25, 2014

GNU bash bug in Mac OS X and Linux could be 'bigger than Heartbleed'

The bash bug, as implied by its name, is a vulnerability that allows unscrupulous users to take control of Bourne Again Shell (bash), the software used to control the Unix command prompt on some Unix-like systems. This means that systems running Mac OS X and Linux are all potentially susceptible.
Current bash versions use an environment
variable named by the function name, and a function definition
starting with “() {” in the variable value to propagate function
definitions through the environment.  The vulnerability occurs because
bash does not stop after processing the function definition; it
continues to parse and execute shell commands following the function
Dubbed "Shell Shock", the bug was found by the 38 year-old Frenchman on the morning of September 12. It was disclosed this week so it could be patched. It was a bug that lurked in software found on hundreds of millions of devices for 21 years, leaving them vulnerable to hackers, who may have known of its existence.
Commenting on the flaw, Professor Alan Woodward from the University of Surrey said, "What many do not realise is that over 50 percent of active web sites run on a web server called Apache which runs on Unix, and hence is potentially vulnerable.
A test on Mac OS X 10.9.4 ("Mavericks") by Ars showed that it also has a vulnerable version of Bash. Apple has not yet patched Bash, though it just issued an update to "command line tools."

"Analysing the malware sample in a sandbox, we saw that the malware has conducted a massive scan on the United States Department of Defence Internet Protocol address range on port 23 TCP or Telnet for brute force attack purposes,"
99% BAD HARDWARE WEEK: Who would believe this ?

But even with all the current patches applied, you can still do this: Cookie: () { echo "Hello world"; } ...and witness a callable function dubbed HTTP_COOKIE() materialize in the context of subshells spawned by Apache; of course, the name will be always prefixed with HTTP_*, so it's unlikely to clash with anything or be called by incident - but intuitively, it's a pretty scary outcome.
In the same vein, doing this will also have an unexpected result:

The Google Empire Strikes Back

"The fact of the matter is, Julian is very paranoid about things. Google never collaborated with the NSA and in fact, we've fought very hard against what they did... We have taken all of our data, all of our exchanges... we fully encrypted them so no one can get them, especially the government."
 99% BAD HARDWARE WEEK: Yes, Google  fought hard against what NSA did WITHOUT ENCRYPTION in Android ! Only now encryption is mandatory. When billion Google users gave all their metadata to SOMEONE ?? Google never heard of only paranoid surives ?

Wednesday, September 24, 2014

Assange: Google should be of concern to people all over the world

 On September 15, 2014, Wikileaks-founder Julian Assange told the Italian newspaper L'Espresso that he now wants to warn against Google: "They believe they are doing good, but they are now aligned with US foreign policy. This means that Google can intervene on behalf of US interests, for example, it can end up compromising the privacy of billions of people, it can use its advertising power for propaganda". 
Google has massive technical capabilities for user data retention, metadata collection, telecommunications monitoring, localization, mapping and imaging, all which could allow it to act as an intelligence agency. The main difference is that Google has a different goal (commercial) than an intelligence agency, but this also makes that Google gathers far more data than an intelligence agency is legally allowed to do.

How long is user data kept on Google's servers? What kind of user data is shared with law enforcement agencies or intelligence services around the world? How does Google prevent its employees to access their users personal data or location? How is the data you gave Google secured against hackers or from intelligence services malicious attacks?

Monday, September 22, 2014

Where's the Silicon in Silicon Valley?


This page is powered by Blogger. Isn't yours?