What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-08-15 12:23:59 | Someone seems to be trying to spy on VeraCrypt\'s security audit (lien direct) | At the start of this month OSTIF (the Open Source Technology Improvement Fund) announced that it had agreed a plan to get the open source disk encryption tool VeraCrypt independently audited. The audit, which would look for security holes and weaknesses in VeraCrypt's code, would be done in co-ordination with vulnerability researchers from QuarksLab. So far, so good. Especially as you may remember that VeraCrypt's predecessor, TrueCrypt, was mysteriously discontinued a couple of years back leading to all manner of conspiracy theories. Now, the bad news... OSTIF says that its confidential PGP-encrypted communications with QuarkLabs about the VeraCrypt security audit may be being mysteriously intercepted: We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders. Not only have the emails not arrived, but there is no trace of the emails in our “sent†folders. In the case of OSTIF, this is the Google Apps business version of Gmail where these sent emails have disappeared. This suggests that outside actors are attempting to listen in on and/or interfere with the audit process. We are setting up alternate means of encrypted communications in order to move forward with the audit project. If nation-states are interested in what we are doing we must be doing something right. Right? Let the speculation begin... | Guideline | ★★★★★ | |
|
2016-08-04 10:23:47 | Does dropping malicious USB sticks really work? Yes, worryingly well... (lien direct) |  Good samaritans and skinflints beware!Plugging in that USB stick you found lying around on the street outside your office could lead to a security breach.Read more in my article on the Tripwire State of Security blog. |
Guideline | ||
|
2016-08-02 07:55:29 | Advertisers could be tracking you via your battery status (lien direct) | A legitimate reason to poll your battery's status is to stop intensive operations from executing if you're running low on juice.But it's also open to exploitation by those who want to track your online activity, writes Lukasz Olejnik:The information provided by the Battery Status API is not always changing fast. In other words, they are static for a period of time; it may give rise to a short-lived identifier. At the same time, users sometimes clear standard web identifiers (such as cookies). But a web script could analyze identifiers provided by Battery Status API, which could then possibly even lead to recreation of other identifiers. A simple sketch follows.An example web script continuously monitors the status of identifiers and the information obtained from Battery API. At some point, the user clears (e.g.) all the identifying cookies. The monitoring web script suddenly sees a new user - with no cookie - so it sets new ones. But battery level analysis could provide hints that this new user is - in fact - not a new user, but the previously known one. The script's operator could then conclude and reason that those this is a single user, and resume with tracking. This is an example scenario of identifier recreation, also known as respawning.A recent study [PDF] reported that battery status is being monitored by some tracking scripts.It sounds like it would be a positive step if browsers stopped accessing such detailed information about our battery.Aside from tracking, there are other ways that battery information could be exploited.Uber, for instance, says that it knows customers are more likely to accept a much higher price to hire a cab when their battery is running low. | Guideline | Uber |
To see everything:
Our RSS (filtrered)
