Security

EFF recently kicked off its second Tor Challenge, an initiative to strengthen the Tor network for online anonymity and improve one of the best free privacy tools in existence. The campaign—which launched with partners at the Freedom of the Press Foundation, the Tor Project, and the Free Software Foundation—is already off to a great start. In just the first few days, it's seen over 600 new or expanded Tor nodes—more than during the entire first Tor Challenge.

Sometimes things are serendipitous in the tech world. This past Friday, I received a Verizon Samsung Galaxy S5 to review for BetaNews. Yesterday, as part of my testing, I wanted to see how easily I could achieve root access. To my surprise, after many weeks on the market, root was still unachieved by anyone. I even learned that the xda community had raised $18,000 in pledges for whoever could achieve root for both the Verizon and AT&T variants.

A few days ago, we had the opportunity to deploy a rogue access point that would steal user credentials using a fake, captive web portal, and provide MITM’d Internet services via 3G. We needed reliability and scalability in our environment as there would potentially be a large amount of, erm….”participants” in this wireless network. We were pretty happy with the result and quickly realized that we had created a new “Kali Linux recipe”. Or in other words, we could create a custom, bootable wireless evil access point image, which could do all sorts of wondrous things.

Imagine a world of Windows computer security where the latest zero-day exploits that seek to gain access to your computer are rendered ineffective before they can be used against you.

That world doesn't exist yet, but it took a giant step closer to reality with Malwarebytes Anti-Exploit, a new Windows security program released Thursday. It's powered by exploit-blocking technology that Malwarebytes acquired last year when it bought ZeroVulnerabilityLabs.

Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system.

A large batch of stolen credit card numbers for sale on an underground forum may have come from a breach at P.F. Chang's China Bistro, a restaurant chain that said on Tuesday it is investigating.

Those selling the stolen data are claiming all of the card numbers are still valid, meaning the data is fairly fresh and that banks haven't yet canceled the accounts, said Alex Holden, CTO of Hold Security, a Wisconsin-based consultancy that monitors secret forums where stolen data is sold.

A flaw in the Zeus Trojan's admin panel leaves the C&C (command and control) server vulnerable to remote compromise. The flaw, which is located in an array function used by the malware's core code, fails to prevent malicious files from being uploaded.

Ironic isn't it?

During the 1920s and 1930s, a part of the U.S. public rooted for gun-toting, mythologized bank robbers like Bonnie and Clyde, John Dillinger, and Pretty Boy Floyd. But the fantasies were often tempered by reports of guards, police, and innocent bystanders injured and killed in the frequent shoot-outs.

The NSA is particularly pleased with the security features in Apple's iPhone which allows it to spy on people when they think it is switched off.

Edward Snowden said that the NSA can get into an iPhone, turn it on remotely if it's off and can they turn on apps?

In April 1851, Alfred C. Hobbs boarded the steamship Washington bound for Southampton, England. His official duty was to sell the New York City-based company Day and Newell's newest product – the parautopic lock – at a trade show – London's Great Exhibition. But Hobbs had something a bit more nefarious up his sleeve, or rather in the small trunk that accompanied him on the ship.