- Comms
- Law
- Medic
- News
- Opinion
- Threat Watch
- Training
- Warrior Tools
- Accessories
- Ammo
- Body Armor
- Books
- Clothing
- Commo
- Gear
- Handguns
- Holsters
- Knives
- Long Guns
- ACC
- Accuracy International
- Barrett
- Benelli
- Beretta
- Blaser
- Bushmaster
- Custom
- CZ
- Desert Tactical Arms
- DPMS
- FN
- Forums
- HK
- IWI
- Kel-Tec Long Guns
- LaRue
- LWRC
- McMillan
- Mosin Nagant
- Mossberg
- Para
- Remington
- Rock River Arms
- Ruger Long Guns
- Sabre Defense
- Sako
- SIG Sauer
- SKS
- Smith & Wesson Long Guns
- Springfield
- Styer
- Weatherby
- Wilson Combat
- Winchester
- Magazines
- Maintenance
- Navigation
- Optics
- Sights
- Tech
- Warriors
Posts Tagged COMSEC
Google Accidentally Transmits Self-Destruct Code to Army of Chrome Browsers
Posted by Gary in Comms, Threat Watch on 11/Dec/2012 12:33
From: Wired Enterprise
Google’s Gmail service went down for about 20 minutes on Monday. That was annoying, but not exactly unprecedented. These sorts of outages happen all the time. What was strange is that the Gmail outage coincided with widespread reports that Google’s Chrome browser was also crashing.
Late Monday, Google engineer Tim Steele confirmed what developers had been suspecting. The crashes were affecting Chrome users who were using another Google web service known as Sync, and that Sync and other Google services — presumably Gmail too — were clobbered Monday when Google misconfigured its load-balancing servers.
FBI: Smartphone Malware Safety Tips
Posted by Brian in Comms, News, Threat Watch on 13/Oct/2012 03:28
Internet Crime Complaint Center (IC3) | Smartphone Malware Safety Tips
The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims.
Mozilla’s New Universal Login
Mozilla has developed a competing login framework that they claim is more secure than Facebook’s or Google’s design.
Ironkey S200 Flash Drive Review
From: Healthy Passwords
Ironkey S200 Flash Drive Review from 2011.
The security industry has long considered Ironkey to be “the†premiere flash drive. We wondered how user-friendly Ironkey would be for non-technical users, so we decided to evaluate the drive from a non-technical perspective.
Ironkey Features
- Military-grade Hardware Encryption.
- Waterproof.
- Support for Windows, Mac OS X, and Linux.
- Portable Application Support (Apps living and running only on flash drive).
- Identity Manager for Password Management. (Windows Only)
- Verisign Identity Protection Built into Identity Manager. (Windows Only)
- Secure Sessions Service to encrypt browser traffic. (Windows Only)
- Self-Destruct after 10 consecutive invalid password attempts (just erases flash).
- Online management account to backup Identity Manager records. (Windows Only)
- Optional ability to reset hardware password online.
The iPhone Has Passed a Key Security Threshold
From: Technology Review
At the heart of Apple’s security architecture is the Advanced Encryption Standard algorithm (AES), a data-scrambling system published in 1998 and adopted as a U.S. government standard in 2001. After more than a decade of exhaustive analysis, AES is widely regarded as unbreakable. The algorithm is so strong that no computer imaginable for the foreseeable future—even a quantum computer—would be able to crack a truly random 256-bit AES key. The National Security Agency has approved AES-256 for storing top-secret data.
Google Approves an App that Steals All Your Data
Posted by Gary in Comms, News, Threat Watch on 7/Aug/2012 22:43
From: MIT
Google’s automated “Bouncer” for apps, which should prevent harmful mobile software from appearing in the company’s app store, appears to have serious blind spots. The system repeatedly scanned but let pass an app that stealthily steals personal data such as photos and contacts, reported two researchers from computer security company Trustwave at the Black Hat security conference in Las Vegas yesterday.
Nicolas Percoco and Sean Schulte are members of Trustwave’s “ethical hacking” research group, known as SpiderLabs, and they created the app to probe Google’s ability to vet the software uploaded to its app store. The pair said the results shows that Google needs to improve both its app-scanning system and its Android operating system.
4th Amendment Under Attack Yet Again
This stuff is serious. Maybe most of the “People” protected by the Constitution do not have enough imagination to see how terribly wrong this is going to go for all of us, and I mean ALL of us. Well, I can imagine it because I’ve worked for governments, I know what they are capable of, and I promise you it will not be good. To quote Bogey, “maybe not today, maybe not tomorrow, but soon, and for the rest of your life”, if you can call existence in a police state a life. Think this is hyperbole? We’ll see.
I know first hand that getting warrants can be a pain in the ass, but too bad, its our job to defend and protect the constitution, not whine about how hard it is to do our jobs and still abide by the “current” law, or to look for shortcuts and ways to get around the only document that stands between freedom and totalitarianism.
But don’t worry, I’m clearly over reacting because if I wasn’t, those vigilant watchdogs of the Fourth Estate would surely mention the trampling of our fundamental freedoms in their newspapers, websites and TV news shows, wouldn’t they?
Here is the latest assault on our freedoms from the EFF
DOJ Official: Any Privacy Protection is Too Much Privacy Protection for Cell Phone Tracking
Jason Weinstein, a deputy assistant attorney general in the Department of Justice’s criminal division, told a panel at the Congressional Internet Caucus Advisory Committee’s “State of the Mobile Net” conference yesterday that requiring a search warrant to obtain location tracking information from cell phones  would “cripple” prosecutors and law enforcement officials. We couldn’t disagree more.
For years, we’ve been arguing that cell phone location data should only be accessible to law enforcement with a search warrant. After all, as web enabled smart phones become more prevalent, this location data reveals an incredibly revealing portrait of your every move. As we’ve waged this legal battle, the government has naturally disagreed with us, claiming that the Stored Communications Act authorizes the disclosure of cell phone location data with a lesser showing than the probable cause requirement demanded by a search warrant. Read the rest of this entry »
Everyone Has Been Hacked. Now What?
Posted by Gary in Comms, Threat Watch on 6/May/2012 17:03
From; Threat Level
On Apr. 7, 2011, five days before Microsoft patched a critical zero-day vulnerability in Internet Explorer that had been publicly disclosed three months earlier on a security mailing list, unknown attackers launched a spear-phishing attack against workers at the Oak Ridge National Laboratory in Tennessee. More
Oak Ridge National Laboratory
Mobile users more vulnerable to phishing scams
2011 story from: Fierce CIO
Security vendor: Mobile users more vulnerable to phishing scams
January 10, 2011 — 12:18am ET | By Caron Carlson
It’s not as though we need more reminders of the security risks mobile devices pose to the enterprise, but according to security vendor Trusteer, mobile users are three times more likely to be the victim of phishing scams than desktop users.
According to Trusteer’s research, based on a review of log files of a number of web servers hosting phishing sites, when mobile users access phishing sites, they are three times more likely to hand over their login data. Why are mobile users so gullible? One possibility is that it is more difficult to detect a phishing site on a mobile device, the company suggests.
Part of the vulnerability for mobile users is simply that they are always connected and inclined to read their email as it arrives, writes Trusteer CEO Mickey Boodaei, in a post on his company’s blog. “The first couple of hours in a phishing attack are critical. After that many attacks are blocked by phishing filters or taken down,” he writes. “Hence mobile users are more likely to be hit by Phishing just because they’re ‘always on.'”
NSA Creates Secure Call System
Technology Review reports that the NSA has devised a system in which phones with the Android software are able to make encrypted phone calls.
Let’s hope that this tech trickles down to the consumer market.
Web Links Could Compromise Your Smartphone
Technology Review reports that if you have a smartphone that runs a version of Android, be careful about the links you click:
A chilling demonstration to a small, packed room at the RSA security conference today showed how clicking a single bad Web link while using a phone running Google’s Android operating system could give an attacker full remote control of your phone.
Forced Hard Drive Decryption Is Unconstitutional, Appeals Court Rules
From: Threat Level
Forcing a criminal suspect to decrypt hard drives so their contents can be used by prosecutors is a breach of the Fifth Amendment right against compelled self-incrimination, a federal appeals court ruled Thursday.
It was the nation’s first appellate court to issue such a finding. And the outcome comes a day after a different federal appeals court refused to entertain an appeal from another defendant ordered by a lower federal court to decrypt a hard drive by month’s end.
Thursday’s decision by the 11th U.S. Circuit Court of Appeals said that an encrypted hard drive is akin to a combination to a safe, and is off limits, because compelling the unlocking of either of them is the equivalent of forcing testimony.
LAPD Bails on Google Apps Because of Security & Privacy Concerns
Posted by Gary in Comms, News, Threat Watch on 16/Dec/2011 14:23
From: Cloudline
Microsoft’s Office 365 isn’t the only cloud service losing high-profile customers to security and privacy concerns. Google got a dose of the same medicine on Wednesday, with the LA Timesreporting that the LAPD is now backing out of its contract with Google so it can stick with its on-premises Novell platform for e-mail.
The LAPD and the city attorney’s office ultimately decided, some two years after deciding to move their e-mail systems to the cloud in order to save costs, that no cloud computing solution is really compatible with the federal security guidelines that the departments are required to follow.
“It will be difficult for law enforcement to move to a cloud solution until the [security requirements] and cloud are more in line with each other,†LAPD’s CIO told the LA Times.
The Cyber Security Industrial Complex
Posted by Gary in Comms, News, Threat Watch on 10/Dec/2011 14:07
From: MIT
A claim by Wikileaks that documents it released last week provide evidence of a “secret new industry” of mass surveillance was as breathless as previous pronouncements from Julian Assange’s organization. But the material does provide a stark reminder that our online activities are easily snooped upon, and suggests that governments or police around the world can easily go shopping for tools to capture whatever information they want from us.
The take-home for ordinary computer users is that the privacy and security safeguards they use—including passwords and even encryption tools—present only minor obstacles to what one researcher calls the “cyber security industrial complex.”
“There is no true privacy in any computing systems against determined government-level surveillance,” says Radu Sion, a computer scientist at Stony Brook University who directs its Network Security and Applied Cryptography Laboratory. He says that as computing systems become more complex, and reliant on components from many different suppliers, the number of vulnerabilities that can be exploited by attackers and surveillance tools will grow.