Skip navigation
Help

Bruce Schneier

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

The National Security Agency and its UK counterpart have made repeated and determined attempts to identify people using the Tor anonymity service, but the fundamental security remains intact, as top-secret documents published on Friday revealed.

The classified memos and training manuals—which were leaked by former NSA contractor Edward Snowden and reported by The Guardian, show that the NSA and the UK-based Government Communications Headquarters (GCHQ) are able to bypass Tor protections, but only against select targets and often with considerable effort. Indeed, one presentation slide grudgingly hailed Tor as "the king of high-secure, low-latency Internet anonymity." Another, titled "Tor Stinks," lamented: "We will never be able to de-anonymize all Tor users all the time."

An article published separately by The Washington Post also based on documents provided by Snowden concurred.

"There is no evidence that the NSA is capable of unmasking Tor traffic routinely on a global scale," the report said. "But for almost seven years, it has been trying."

0
Your rating: None

A more honest “Like” button. Image: Webmonkey.

Social sharing buttons — Facebook “Like” buttons and their ilk — are ubiquitous, but that doesn’t mean they’re a good idea.

Designers tend to hate them, calling them “Nascar” buttons since the can make your site look at little bit like a Nascar racing car — every available inch of car covered in advertising. Others think the buttons make you look desperate — please, please like/pin/tweet me — but there’s a much more serious problem with putting Facebook “Like” buttons or Pinterest “Pin It” buttons on your site: your visitors’ privacy.

When you load up your site with a host of sharing buttons you’re — unwittingly perhaps — enabling those companies to track your visitors, whether they use the buttons and their accompanying social networks or not.

There is, however, a slick solution available for those who’d like to offer visitors sharing buttons without allowing their site to be a vector for Facebook tracking. Security expert (and Wired contributor) Bruce Schneier recently switched his blog over to use Social Share Privacy, a jQuery plugin that allows you to add social buttons to your site, but keeps them disabled until visitors actively choose to share something.

With Social Share Privacy buttons are disabled by default. A user needs to first click to enable them, then click to use them. So there is a second (very small) step compared to what the typical buttons offer. In exchange for the minor inconvenience of a second click, your users won’t be tracked without their knowledge and consent. There’s even an option in the preferences to permanently enable the buttons for repeat visitors so they only need to jump through the click-twice hoop once.

The original Social Share Privacy plugin was created by the German website Heise Online, though what Schneier installed is Mathias Panzenböck’s fork, available on GitHub. The fork adds support for quite a few more services and is extensible if there’s something else you’d like to add.

0
Your rating: None



As Bruce Schneier spent the past decade watching the growing rash of phishers, malware attacks, and identity theft, a new Internet threat has emerged that poses even greater risks, the security expert said.

Unlike the security risks posed by criminals, the threat from government regulation and data hoarders such as Apple and Google are more insidious because they threaten to alter the fabric of the Internet itself. They're also different from traditional Internet threats because the perpetrators are shielded in a cloak of legitimacy. As a result, many people don't recognize that their personal information or fortunes are more susceptible to these new forces than they ever were to the Russian Business Network or other Internet gangsters.

Read the rest of this article...

Read the comments on this post

0
Your rating: None

Sparrowvsrevolution writes "At the Shmoocon security conference, researcher Brendan O'Connor plans to present the F-BOMB, or Falling or Ballistically-launched Object that Makes Backdoors. Built from just the disassembled hardware in a commercially-available PogoPlug mini-computer, a few tiny antennae, eight gigabytes of flash memory and some 3D-printed plastic casing, the F-BOMB serves as 3.5"-by-4"-by-1" spy computer. With a contract from DARPA, O'Connor has designed the cheap gadgets to be spy nodes, ready to be dropped from a drone, plugged inconspicuously into a wall socket, (one model impersonates a carbon monoxide detector) thrown over a barrier, or otherwise put into irretrievable positions to quietly collect data and send it back to the owner over any available Wi-Fi network. O'Connor built his prototypes with gear that added up to just $46 each, so sacrificing one for a single use is affordable."



Read more of this story at Slashdot.

0
Your rating: None