Archive for May, 2014

Remote Kill Switches are a Bad Idea

Thursday, May 29th, 2014

GuillotineRecently I’ve been hearing about government support for remote kill switches, say in automobiles for law enforcement use, or in cell phones for when they’re stolen. And my first thought is always that some hacker is going to find a way to trigger the switch and cause all kinds of problems.

Apparently the hackers had the same thought. The linked article covers a situation where stolen iCloud credentials were used to lock out iPhones via the “Find My iPhone” anti-theft feature.

Link: http://time.com/…
(via Kim Komando)

Test Your Website for the Heartbleed Vulnerability

Wednesday, May 7th, 2014

Computer SecurityAstute Chad’s News readers will have already heard about the Heartbleed vulnerability, but it’s something we all need to be aware of. Fortunately, xkcd has the best explanation I’ve seen to date. If you manage or own a website that uses SSL certificates for secure HTTPS connections, the linked page will check to see if your site is vulnerable.

You can also use it to verify websites that you visit, to make sure they aren’t open to Heartbleed attacks. Major sites have already patched their systems and installed new SSL certificates, so I’m thinking the real concern is the smaller e-commerce sites. (Note: If you use this tool to verify a site, do it before you open the site in your browser.)

Link: http://safeweb.norton.com/…
(via Kim Komando)

Tor Anonymity Can Be Compromised, Given Time and Resources

Tuesday, May 6th, 2014

Computer SecurityHere at Chad’s News, we’ve previously mentioned Tor, a network used for anonymous communication on the internet. Volunteers host Tor servers, and a user’s internet traffic is routed through those servers, thus disguising the actual location of the sender. (NOTE: Never, ever, ever host a Tor server on a computer that you wouldn’t want confiscated by law enforcement.) Tor has been touted as a great method for political dissidents, whistle-blowers, and others to confidentially send information via the internet without being identified. Of course, it’s also used for illegal traffic.

The linked article discusses a paper [PDF] (Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, lead author Aaron Johnson of the US Naval Research Laboratory) that comes to some startling conclusions about Tor anonymity. If someone uses Tor regularly, an adversary with significant resources (e.g., a government) has a high chance (80% to 95%) of successfully tracing that user over a period of 3 to 6 months.

Link: http://www.theregister.co.uk/…
(via Kim Komando)