Snowden's Christmas message about Privacy of ordinary person

 Snowden's Christmas message about Privacy of ordinary person

Edward Snowden, the National Security Agency whistleblower, delivered a video message on Christmas Day via UK's Channel 4 with a simple theme: "privacy matters."

"A child born today will grow up with no conception of privacy at all. They'll never know what it means to have a private moment to themselves -- an unrecorded, unanalyzed thought," Snowden said in the 1-minute, 43-second message. "And that's a problem because privacy matters. Privacy is what allows us to determine who we are and who we want to be."

          Must watch this video if you care about your privacy

Snowden referenced George Orwell's "1984" and noted the book's dystopian visions of microphones, video cameras, and televisions that watch people "are nothing compared to what we have available today. We have sensors in our pockets that track us everywhere we go." 

 He also used the message as an appeal to people everywhere to rally against widespread surveillance.

"The conversation occurring today will determine the amount of trust we can place both in the technology that surrounds us and the government that regulates it. Together, we can find a better balance," he said. "End mass surveillance. And remind the government that if it really wants to know how we feel, asking is always cheaper than spying."

UK's Channel 4 chose Snowden for its annual alternative message and response to Queen Elizabeth's annual Christmas address.

Snowden has temporary asylum in Russia following his leaks earlier this year about the National Security Agency's extensive electronic surveillance programs. The US Justice Department's charges against him include violations of the Espionage Act. 

Team- Hack4friends

Read More

MacBook Webcams can be used to covertly spy on people -- With proof

MacBook Webcams can be used to covertly spy on people -- With proof

Imagine going about your daily life and then one day receiving photos of yourself from inside your home. Sound spooky? Well, this really happened to a woman named Cassidy Wolf, according to the Washington Post. And, to make matters worse, she was nude in the photos.

How did this happen?
Apparently, there's a way for hackers to spy on people via their iSight Webcams in older Apple MacBooks. Typically, when the camera is on a little light is also set off. But, in a newly discovered workaround, this light can be deactivated -- meaning unsuspecting victims have no clue they're being watched.
The Washington Post revealed this new research by Johns Hopkins computer scientist Stephen Checkoway, which shows how people can be spied on with MacBooks and iMacs released before 2008. Using proof-of-concept software, called Remote Administration Tool or RAT, Checkoway was able to reprogram the iSight camera's micro-controller chip so that the light doesn't turn on.

While it could be feasible to do this trick on newer Apple computers or laptops by other brands, it hasn't yet been proven possible.
In the case of Wolf, who was Miss Teen USA, the person spying on her was her high school classmate Jared Abrahams. The FBI was able to nab Abrahams, who pleaded guilty to extortion in October.
In another report by the Washington Post, the former assistant director of the FBI's Operational Technology Division Marcus Thomas said the FBI has been activating computer cameras without turning on the warning lights for years.

This is not the first time someone has been remotely spied on with a Webcam, but it is the first known time that it's been done without the warning light being triggered.

Team Hack4friends

Read More

Google upgraded its web security certificate to 2048-bit encryption

Google upgraded its web security certificate to 2048-bit encryption

Never again are you going to get a Google Web site whose security certificate is protected with comparatively weak 1,024-bit encryption.

The Net giant has secured all its certificates with 2,048-bit RSA encryption keys or better, Google security engineer Dan Dulay said in a blog post Monday. Certificates are used to set up encrypted communications between a Web server and Web browser.

That means two things. First, traffic will be harder to decrypt since 1,024-bit keys aren't in use at Google anymore. Second, retiring the 1,024-bit keys means the computing industry can retire the technology altogether by declaring such keys untrustworthy.

Click to enlarge this image

Google has been aggressively moving to stronger encryption because of U.S. government surveillance by the National Security Agency. According to documents leaked by former NSA contractor Edward Snowden, the agency gathered bulk data off Internet taps, including unencrypted data sent between company data centers on its own network, and actively worked to undermine encryption.

Google said it beat its internal end-of-year deadline for the 2,048-bit move. It's also moved to encrypt its internal data transfer between data centers, a move that Yahoo also is making.

In other words, the Net's technology giants are working actively to make surveillance, authorized or not, significantly harder.

"Worry in Silicon Valley/Puget Sound: furor over NSA will cost billions cuz foreign customers fear US companies can't guarantee security," tweeted Strobe Talbott, president of analyst firm Brookings Institution, referring to the geographic regions where tech powers such as Google, Facebook, Yahoo, Microsoft, Twitter, Apple, LinkedIn, and Amazon are located.

There's a lot of work to be done yet, though.Google also supports a standard called "forward secrecy," which uses different keys for different sessions so that decrypting a single message doesn't mean previous messages can likewise be decrypted using the same key. But many other Net giants don't support forward secrecy -- though that's changing, too.

Source -Online media

Team Hack4friends

If you little like our posts/article then share them with your friends and other people to spread our voice throughout the world.

Read More

Optical fibres are under NSA snooping -- Privacy is going to smash down

Optical fibres are under NSA snooping -- Privacy is going to smash down

In October, a report surfaced that the US National Security Agency secretly accessed data from tech giants like Google and Yahoo, by way of intercepting the unencrypted traffic flowing between each company's data centers.

Specifically, it's believed the NSA tapped into the fiber-optic cables that connect those data centers. The New York Times reported Tuesday that these cables, which aren't owned by the Internet companies, are easy targets for interception. The largest such fiber-optic cable provider -- an under the radar Denver-based firm called Level 3 -- may have had something to do with the government's infiltration tactics. "Fingers have been pointed" at Level 3, reported the Times, citing three unnamed sources.

Level 3, which provides both Google and Yahoo with cables, was specifically mentioned in the Times report. Other companies that own fiber-optic cables include Verizon Communications, the BT Group, and the Vodafone Group.

To be sure, it's not yet known if Level 3 was a willing participant. When asked if the company gave US or foreign government agencies access to Google and Yahoo's data, Level 3 gave the Times an indirect response: "It is our policy and our practice to comply with laws in every country where we operate, and to provide government agencies access to customer data only when we are compelled to do so by the laws in the country where the data is located."

Tapping fiber-optic cables is just a modern spin on an old spy game. As early as the days of the telegraph, spies have set up shop near communications companies. Since then, the government has tapped other kinds of traffic, from long-distance phone to satellite.

News broke of the NSA and British counterpart GCHQ's efforts at intercepting data center traffic when The Washington Post reported details of a project called MUSCULAR. Both Google andYahoo have taken steps to encrypt the information that moves between its data farms. The Post's was only the latest in over half a year of surveillance revelations, since former NSA contractor Edward Snowden first leaked details of the government agency's activity.

In the wake of those revelations, tech companies have been quick to maintain their innocence in the situation. Last week, in a blog post announcing Yahoo's attempt to catch up on encryption,Yahoo CEO Marissa Mayer said, "I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever."

If you little like our posts then please share them with your friends to spread our voice throughout the people world.

Your One Share can make better the life of people

Read More

Security holes found in D-Link Routers - Security Researchers

A new spate of vulnerabilities have been found in a D-Link router, a security researcher said Monday.
The D-Link 2760N, also known as the D-Link DSL-2760U-BN, is susceptible to several cross-site scripting (XSS) bugs through its Web interface, reported ThreatPost. 

Liad Mizrachi, the researcher who discovered the bugs, said he notified D-Link about the bugs in August, September, and October, but D-Link did not respond.
The report follows a more serious backdoor bug found in the following D-Link routers: DIR-100, DIR-120, DI-524UP, DI-604S, DI-604UP, DI-604+, DI-624S, and the TM-G5240. D-Link told ThreatPost in October that it was working on a patch to the backdoor bug.
Jacob Holcomb, a security researcher who uncovered widespread vulnerabilities in popular routers earlier this year, told media that he wasn't surprised by the backdoor bug, and wished that manufacturers would do more to fix security problems when found in embedded devices such as cameras and routers.
"Code written for these devices continues to provide inadequate security for today's digital society, and manufacturers should be held accountable for the implementation of code that intentionally circumvents security," he said.
D-Link told media that the router is not sold in the US and that the company is working on a solution that will be published on their support site when it's ready. D-Link did not offer a timeline for when that might be, though. 

Source - Online Media 

Team- Hack4friends
  

Read More

Major Tech. Companies planning to fend off NSA hakcing

The National Security Agency (NSA) might soon have a harder time accessing user data.
Google, Yahoo, Microsoft, Apple, and a other prominent technology companies are investing heavily in stronger, 2048-bit encryption that some say, won't be easily overcome for more than a decade, due to computing power constraints.

Google is one of the leaders in the effort, announcing in July that it would encrypt its user data with 2048-bit encryption. According to Bloomberg, which spoke with several other companies that are investing in new encryption, Yahoo confirmed to the publication that it will add 2048-bit encryption to its Mail by January. Facebook also plans to move to 2048-bit encryption. Facebook confirmed to Bloomberg that it also plans to roll out "perfect forward secrecy," a feature that would prevent snoopers from accessing user data even if they can access the company's security codes.

Microsoft and Apple are also reportedly ramping up their data-security efforts.
The technology companies' renewed interest in data security and encryption comes after several reports have suggested that the NSA has been accessing their data and using it for spying purposes. Those firms have gone on the record saying they comply with legal requests where appropriate, but are doing everything they can to keep user data safe. The investment in 2048-bit encryption follows that.
Still, encryption is just one small piece of a broader puzzle the technology companies have yet to solve. The NSA has the ability to overcome a wide array of security protocols. Last month, in fact, James Clapper, the director of national intelligence, said that the US employs "every intelligence tool available" to cull data from national security threats. Whether those efforts are applied to technology company servers has been debated, though leaks from Edward Snowden and others have suggested they are.
Even so, the improved encryption efforts could lengthen the time at which it takes the NSA and other spying agencies around the world to access user information. And that's at least something.

 Source : cnet news

Read More