- Threat Watch
- Warrior Tools
- Body Armor
- Long Guns
- Accuracy International
- Desert Tactical Arms
- Kel-Tec Long Guns
- Mosin Nagant
- Rock River Arms
- Ruger Long Guns
- Sabre Defense
- SIG Sauer
- Smith & Wesson Long Guns
- Wilson Combat
Posts Tagged COMSEC
From: Threat Level
Hackers Who Breached Google in 2010 Accessed Company’s Surveillance Database
…The database contained years’ worth of information on law enforcement surveillance surveillance orders issued by judges around the country. The hackers were hoping to discover if law enforcement agents were investigating undercover Chinese intelligence operatives who were working out of the U.S.
Wired’s Danger Room has some tips for journalists to protect their identity from subpoenas like the one involving the AP.
We now live in a world where public servants informing the public about government behavior or wrongdoing must practice the tradecraft of drug dealers and spies. Otherwise, these informants could get caught in the web of administrations that view George Orwell’s 1984 as an operations manual.
Is It Illegal To Unlock a Phone? The Situation is Better – and Worse – Than You Think
Legal protection for people who unlock their mobile phones to use them on other networks expired last weekend. According to the claims of major U.S. wireless carriers, unlocking a phone bought after January 26 without your carrier’s permission violates the Digital Millennium Copyright Act (“DMCA”) whether the phone is under contract or not. In a way, this is not as bad as it sounds. In other ways, it’s even worse.
From: Danger Room
In the late ’80s and early ’90s, Phil Zimmermann was a Colorado peacenik with a half-written program that he swore would one day let people exchange messages without Big Brother peering inside. The problem was, with a freelance job and two kids, Zimmermann could never quite find the time to finish the damn code — until Joe Biden came along.
From: Wired Enterprise
Google’s Gmail service went down for about 20 minutes on Monday. That was annoying, but not exactly unprecedented. These sorts of outages happen all the time. What was strange is that the Gmail outage coincided with widespread reports that Google’s Chrome browser was also crashing.
Late Monday, Google engineer Tim Steele confirmed what developers had been suspecting. The crashes were affecting Chrome users who were using another Google web service known as Sync, and that Sync and other Google services — presumably Gmail too — were clobbered Monday when Google misconfigured its load-balancing servers.
The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims.
From: Healthy Passwords
Ironkey S200 Flash Drive Review from 2011.
The security industry has long considered Ironkey to be “the” premiere flash drive. We wondered how user-friendly Ironkey would be for non-technical users, so we decided to evaluate the drive from a non-technical perspective.
- Military-grade Hardware Encryption.
- Support for Windows, Mac OS X, and Linux.
- Portable Application Support (Apps living and running only on flash drive).
- Identity Manager for Password Management. (Windows Only)
- Verisign Identity Protection Built into Identity Manager. (Windows Only)
- Secure Sessions Service to encrypt browser traffic. (Windows Only)
- Self-Destruct after 10 consecutive invalid password attempts (just erases flash).
- Online management account to backup Identity Manager records. (Windows Only)
- Optional ability to reset hardware password online.
From: Technology Review
At the heart of Apple’s security architecture is the Advanced Encryption Standard algorithm (AES), a data-scrambling system published in 1998 and adopted as a U.S. government standard in 2001. After more than a decade of exhaustive analysis, AES is widely regarded as unbreakable. The algorithm is so strong that no computer imaginable for the foreseeable future—even a quantum computer—would be able to crack a truly random 256-bit AES key. The National Security Agency has approved AES-256 for storing top-secret data.
Google’s automated “Bouncer” for apps, which should prevent harmful mobile software from appearing in the company’s app store, appears to have serious blind spots. The system repeatedly scanned but let pass an app that stealthily steals personal data such as photos and contacts, reported two researchers from computer security company Trustwave at the Black Hat security conference in Las Vegas yesterday.
Nicolas Percoco and Sean Schulte are members of Trustwave’s “ethical hacking” research group, known as SpiderLabs, and they created the app to probe Google’s ability to vet the software uploaded to its app store. The pair said the results shows that Google needs to improve both its app-scanning system and its Android operating system.
This stuff is serious. Maybe most of the “People” protected by the Constitution do not have enough imagination to see how terribly wrong this is going to go for all of us, and I mean ALL of us. Well, I can imagine it because I’ve worked for governments, I know what they are capable of, and I promise you it will not be good. To quote Bogey, “maybe not today, maybe not tomorrow, but soon, and for the rest of your life”, if you can call existence in a police state a life. Think this is hyperbole? We’ll see.
I know first hand that getting warrants can be a pain in the ass, but too bad, its our job to defend and protect the constitution, not whine about how hard it is to do our jobs and still abide by the “current” law, or to look for shortcuts and ways to get around the only document that stands between freedom and totalitarianism.
But don’t worry, I’m clearly over reacting because if I wasn’t, those vigilant watchdogs of the Fourth Estate would surely mention the trampling of our fundamental freedoms in their newspapers, websites and TV news shows, wouldn’t they?
Here is the latest assault on our freedoms from the EFF
DOJ Official: Any Privacy Protection is Too Much Privacy Protection for Cell Phone Tracking
Jason Weinstein, a deputy assistant attorney general in the Department of Justice’s criminal division, told a panel at the Congressional Internet Caucus Advisory Committee’s ”State of the Mobile Net” conference yesterday that requiring a search warrant to obtain location tracking information from cell phones would “cripple” prosecutors and law enforcement officials. We couldn’t disagree more.
For years, we’ve been arguing that cell phone location data should only be accessible to law enforcement with a search warrant. After all, as web enabled smart phones become more prevalent, this location data reveals an incredibly revealing portrait of your every move. As we’ve waged this legal battle, the government has naturally disagreed with us, claiming that the Stored Communications Act authorizes the disclosure of cell phone location data with a lesser showing than the probable cause requirement demanded by a search warrant. Read the rest of this entry »
From; Threat Level
On Apr. 7, 2011, five days before Microsoft patched a critical zero-day vulnerability in Internet Explorer that had been publicly disclosed three months earlier on a security mailing list, unknown attackers launched a spear-phishing attack against workers at the Oak Ridge National Laboratory in Tennessee. More
2011 story from: Fierce CIO
Security vendor: Mobile users more vulnerable to phishing scams
January 10, 2011 — 12:18am ET | By Caron Carlson
It’s not as though we need more reminders of the security risks mobile devices pose to the enterprise, but according to security vendor Trusteer, mobile users are three times more likely to be the victim of phishing scams than desktop users.
According to Trusteer’s research, based on a review of log files of a number of web servers hosting phishing sites, when mobile users access phishing sites, they are three times more likely to hand over their login data. Why are mobile users so gullible? One possibility is that it is more difficult to detect a phishing site on a mobile device, the company suggests.
Part of the vulnerability for mobile users is simply that they are always connected and inclined to read their email as it arrives, writes Trusteer CEO Mickey Boodaei, in a post on his company’s blog. “The first couple of hours in a phishing attack are critical. After that many attacks are blocked by phishing filters or taken down,” he writes. “Hence mobile users are more likely to be hit by Phishing just because they’re ‘always on.’”