Digital Privacy Happenings (August 4 week)

Happenings

It was a busy week in privacy, we’ve got all the buzzwords lined up: liberation tech, malware, security advisory, cryptocurrency, data leaks, questionable surveillance, man in the middle, mass surveillance and more! Are you going to miss this set of privacy happenings?

So let’s get on with this.

Ghostery, the privacy extension, wants to go full browser

One of the main fuels of the internet is ads, ads everywhere. Ads means there are a lot of trackers “following” you online to better understand which ads to show you based on what you like. Creepy or really handy? If you’re going for creepy, you’re not alone! Ghostery is a browser extension that helps you deal (i.e. block) with trackers and improves your privacy while surfing the web. They will be releasing a browser with a deep focus on privacy.

Note that this will a browser focused on privacy, not anonymity.

Man in the Middle anybody?

I’m known for being a pain when it comes to SSL and certificate pinning, which when developing applications with certain frameworks (cough JavaScript cough) is quite hard to accomplish properly.

But you know, don’t worry, because the CA certificate system is not so bad… right? It does work at least in some cases, it’s hard to exploit… right? Well, not on Android.

And while we are at it, leaving the door open to man in the middle attacks on cellphones is so mainstream, lets attack the freaking internet infrastructure instead!

And sometimes you don’t even have to worry about SSL, like Instagram when they developed their iOS client.

But even when you do use SSL and you do check the certificate chain right, other things can go wrong.

Signal, the RedPhone compatible encrypted calls application

That’s right, if you’re an iPhone owner and you saw with envy all your friends using RedPhone for encrypted calls, envy no more! Signal is here!

Senior society engineering opening in Singapore!

Singapore is out of options to lead its society to harmony, so the only “reasonable” path of action is to surveil all the things and hope for the best.

New attack on Tor

Tor is a really dynamic system, it has its issues, but it also has its responsive set of developers fixing and patching. Recently, an interesting attack that might be related to a pulled talk at BlackHat was explained in a security advisory in the Tor Project’s official blog.

Long story short, if you’re running a relay please update to the latest version of tor.

Stellar, the new cryptocurrency, like Bitcoin but not quite

Stellar was released, a decentralized protocol for sending and receiving money in any pair of currencies. It’s like an IP layer for money, as Stripe describes it.

If you’re still scratching your head with this idea of cryptocurrencies, you may find this post enlightening, or at least plain amusing.

BadUSB, when that little cute thumbdrive goes rogue

Researchers from SRLabs didn’t think remotely hacking your SIM was enough, so they wanted to see how much harm you can do by just plugging a USB device in a computer. And it turns out, there are a lot of interesting things you can do.

Mozilla Developer Network password database leaked

It seems that a database sanitation process within Mozilla failed, one thing led to another, and voila! everybody has to change their passwords.

On that blog post they mention the passwords were encrypted, which makes me wonder what kind of schemes they are using for password management. Unless the post author doesn’t really know what she’s talking about and they are actually hashing their passwords.

Google’s taking a peek in your emails, but only in the name of security

Whenever talking about anonymity, networks like Tor, or any other method that helps conceal the identity of a user, one of the most common arguments against it is child pornography.

Nobody wants child pornography to exist, but banning anonymity systems because of it is like making knives illegal because they can be used to commit murder.

Regardless, Google’s position in privacy and this kind of matter turns out to be clear as water, since they tipped the police off about a man holding explicit images of a child.

I’m glad that people involved in this sort of matter end up behind bars, but who’s the judge of what kind of information raises a red flag on Google or any other company?

And in case your paranoid levels were low, read on

Do you remember those researchers that a while ago wondered what would happen if they listened to the CPU? Well, don’t let them touch your computer!

It seems these researchers are running bets on each other in the form of “I bet you $100 that you can’t steal my private key by just touching my computer” because… well, they managed to do it.

I wonder when will they extract RSA keys by training dogs to sniff them.

Not paranoid yet? Well, this ought to do it then. That’s right! Researchers managed to capture vibrations in a freaking potato chip bag and a plant and recover everything you’ve just said!

Do yourself a favor and go watch (and hear) what they can do.

These are just a few of the reasons I’ve got trust issues :)

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s