Due to a DNS problem with onmicrosoft.com, the glue tying domain names to Microsoft cloud services logins, these services were down. Long live the cloud!
http://www.theregister.co.uk/2013/11/14/office_365_cloudy_oopsie/
Bewustwording pakt de belangrijkste schakel in online veiligheid aan: de mens
Online gebeurt er veel. Bedrijven stellen steeds vaker web-based systemen ter beschikking aan medewerkers. Zo kunnen ze altijd en overal bij de gegevens en functionaliteiten die ze nodig hebben en vaak zelfs nog méér. Alles SaaS, Cloud en 2.0. Met goede reden; er hoeft minder specialistische infrastructuur onderhouden te worden. Verantwoordelijkheid wordt overgenomen door derde partijen. Maar is dat wel zo?
Personeels- en snel afschrijvende hardwarekosten worden vermeden. Particulieren maken veelvuldig gebruik van de internet giganten: Zoekmachines, social media en winkelen. De opkomst van betaalbaar mobiel internet, smartphones en tablets zorgen ervoor dat mensen steeds vaker online zijn. Ook dat er meer vervlochtenheid is tussen privé en werk: mensen willen graag bedrijfsemail op hun persoonlijke tablet lezen, of hun eigen PC of laptop gebruiken om met bedrijfsgegevens te werken. (BYOD)
Bewustwording noodzakelijk
Bedrijven kunnen zich niet alleen meer bezig houden met de beveiliging van hun eigen netwerk. Ook de beveiliging van apparatuur van de werknemer is belangrijk. Het surfgedrag van werknemers is – niet alleen thuis – veranderd. Overal wordt o.a. getweet en geFacebookt. Hierdoor wordt het potentieel voor onveilige situaties veel hoger. Er is veel minder controle over wat er gebeurt op een netwerk. Je firewall, virus- en malwarescanners kunnen in orde zijn, maar wat een werknemer mee van huis neemt is vaak onbeschermd. Het is duidelijk dat de mensen zelf bewust moeten zijn wat de risico’s op het internet zijn.
Jij bent het product geworden
De risico’s zijn niet gelimiteerd tot virussen en malware. Ons dagprogramma “privacy & security in één dag”, geeft duidelijk aan dat het geven van informatie aan Cloud providers verregaande consequenties heeft: je geeft hen namelijk vaak de mogelijkheid om te doen waar ze zin in hebben met de data die je ze geeft. Hieronder valt letterlijk alles wat je intypt of opslaat in hun systemen. Jij bent het product geworden. De informatie die jij geeft valt niet meer te verwijderen of te corrigeren. De consequenties zijn dus levenslang. Het is zeer moeilijk om deze gegevens te beschermen tegen hackers. Uiteraard zijn er mogelijkheden om deze risico’s sterk te verminderen. AlertOnline biedt hiertoe een goed begin: bedrijven en particulieren informeren dat het niet allemaal zo onschuldig is als het lijkt op het internet.
Vanaf welke leeftijd begint u met digitale voorlichting?
Bewustwording begint echter met het onderwijs. Vaak hoor ik dat de huidige jeugd de computergeneratie is, die er alles van snapt. Als ik jongeren met een computer om zie gaan, dan merk ik dat ook zij niets snappen van computers. Ze begrijpen hoe ze Instagram, Twitter en Word moeten gebruiken maar hebben geen idee hoe het allemaal werkt. Op school is computerles eigenlijk les in het gebruiken van bepaalde programma’s. Veiligheid, privacy maar ook vooral basis hardware theorie, databases en programmeren zouden vanaf de middelbare school verplichte kost moeten zijn (en zo mogelijk eerder). Alleen dan kan de jeugd begrijpen hoe bepaalde onveiligheden werken en logischerwijs zelf bedenken wat wel en niet kan op internet. Daarbij zouden ze in staat zijn om een belangrijke bijdrage te kunnen bieden aan onze maatschappij, die inmiddels bijna overal op IT middelen draait.
Open Source software de toekomst
Ook moet er meer aandacht zijn voor Open Source en het MKB. Uit deze hoek komt de meeste innovatie. Veelal hebben zij moeite om voet aan de grond te krijgen omdat er nog steeds een idée fixe bestaat dat deze groepen weinig stabiliteit kunnen bieden. Niets is minder waar. Open Source is veilig omdat iedereen in de code kan kijken en fouten er uit kan halen. Het is betrouwbaar omdat de meeste aanbieders meedoen aan de ontwikkeling ervan. Het is fijn omdat het omgeschreven kan worden naar precies de functionaliteiten die jij nodig hebt. Vooral belangrijk is dat je gemakkelijk van leverancier kunt wisselen omdat meerdere leveranciers bekend zijn met het product dat jij gebruikt en er support op kunnen leveren.
Bewustwording méér dan een checklist
Bewustwording is dus niet alleen een checklist met puntjes die je aan iedereen kan geven en af kan lopen. Het is een manier van denken aanleren, die niet alleen beveiliging maar ook consequenties van gedrag in de hand loopt. Het zorgt er voor dat je meer kan met de middelen die je hebt. Computers kunnen veel, maar het blijft de mens die er voor zorgt welke mogelijkheden er worden benut en op welke manier dit allemaal gaat
Robin Edgar
Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:
Encryption
No one else can read your instant messages.
Authentication
You are assured the correspondent is who you think it is.
Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However,during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
It plugs in to loads of xmpp clients out of the box
Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing:
Encryption
No one else can read your instant messages.
Authentication
You are assured the correspondent is who you think it is.
Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However,during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
It plugs in to loads of xmpp clients out of the box
Wickr is a free app that provides:
·military-grade encryption of text, picture, audio and video messages
·sender-based control over who can read messages, where and for how long
·best available privacy, anonymity and secure file shredding features
·security that is simple to use
https://www.mywickr.com/en/index.php
For both iphone and android
The CIA is not in the habit of discussing its clandestine operations, but the agency’s purpose is clear enough. As then-chief James Woolsey said in a 1994 speech to former intelligence operatives: “What we really exist for is stealing secrets.” Indeed, the agency declined to comment for this article, but over the course of more than 80 interviews, 25 people—including more than a dozen former agency officers—described the workings of a secret CIA unit that employed Groat and specialized in stealing codes, the most guarded secrets of any nation.
The CIA Burglar Who Went Rogue | History & Archaeology | Smithsonian Magazine.
Homomorphic encryption is where one party (Alice) encrypts data and passes it to another (Bob) with an encrypted key. This means that Bob can’t read the data, but can perform computations on it, and pass the encrypted results (which Bob can’t read) to Alice, so that she can decrypt it with her key. This is especially useful in the age of cloud computing, webservices, SaaS and private records.
Alice and Bob in Cipherspace » American Scientist.
The researchers realized that apparently identical graphics processors are actually different in subtle, unforgeable ways. A piece of software developed by the researchers is capable of discerning these fine differences. The order of magnitude of these differences is so minute, in fact, that manufacturing equipment is incapable of manipulating or replicating them. Thus, the fine-grained manufacturing differences can act as a sort of a key to reliably distinguish each of the processors from one another.
The implication of this discovery is that such differences can be used as PUFs to securely link the graphics cards, and by extension, the computers in which they reside and the persons using them, to specific online accounts.
Authentication Implications in Uniquely Identifiable Graphics Cards | threatpost.
Bojinov and colleagues designed a game lasting 30 to 45 minutes in which players intercept falling objects by pressing a key. The objects appear in one of six positions, each corresponding to a different key. Positions of objects were not always random. a hidden sequence of 30 successive positions was repeated over 100 times. Players made fewer errors when they encountered this sequence on successive rounds. This learning persisted when the players were tested two weeks later.
via Neuroscience joins cryptography.
Which basically means that anyone with an NFC reader can steal someone else’s bank data and use the information to purchase at online shops that don’t ask for CVC numbers (such as Amazon).
Incredible how badly secured this is.
Miljoenen NFC-bankpassen lekken data | Webwereld.
This runs as a java applet on your side and also analyses traffic on the university of Berkely servers, giving you a good view of connection problems from both inside and outside of your network. It takes a few minutes to run though.
It sends your personal information, can be commanded from remote servers and comes packaged with legal software in certain compromised Chinese Android marketplaces…
The Official Lookout Blog | Security Alert: Geinimi, Sophisticated New Android Trojan Found in Wild.
So basically the huge investment into backscatter porno scanners was a huge waste of money (as we all knew). The threat was (once again) thwarted through the use of good old fashioned investigative work.
Yemen Cargo Bombs Designed to Thwart DHS Detectors – Blog.
He’s also pissed off with all the technology being put into airports and the ignoring of human intelligence.
Marijn Ornstein, the manager of security policy at Schiphol airport in Amsterdam, said: “If you look at all the recent terrorist incidents, the bombs were detected because of human intelligence not because of screening … If even a fraction of what is spent on screening was invested in the intelligence services we would take a real step toward making air travel safer and more pleasant.
via EUobserver / Security chief criticises EU approach to air safety.
These liquid bans, x-ray scanners to ogle your naked arse as you walk through, all that – it’s nonsense!
The system is not open enough and basically only offers the illusion of extra security. Don’t do it say the government advisors.
Regeringsadviseur hekelt Nederland om vingerafdruk – UPDATE | Webwereld.
BLADE is a new Windows immunization system that prevents surreptitious drive-by download exploits from infecting vulnerable Windows hosts. BLADE is implemented as a series of kernel extensions, which interrupt the covert binary installation phase of current malware drive-by exploits.
Ie. it checks if you authorised the download and execution of a file.
via BLADE – Block All Drive-by Download Exploits.
The AIVD, the Dutch internal security police, have issued a warning that Dutch government and businesses are being spied on at an unprecedented rate, usually by trying to install trojans activated by email attachments. The spies are often foreign governments and China is being fingered specifically as a culprit.
AIVD: Nederland steeds vaker digitaal bespioneerd | Webwereld.
We now have approximately 4,000 in the Federal Air Marshals Service, yet they have made an average of just 4.2 arrests a year since 2001. This comes out to an average of about one arrest a year per 1,000 employees.Now, let me make that clear. Their thousands of employees are not making one arrest per year each. They are averaging slightly over four arrests each year by the entire agency. In other words, we are spending approximately $200 million per arrest. Let me repeat that: we are spending approximately $200 million per arrest.
Now if they could take a look at what the TSA is doing too!
Well, they have tested the full body scanner on TV and the guy carrying bomb parts wasn’t stopped. And it’s not like he tried really hard to hide them either – they weren’t particularly small bomb parts and the only cavity he used was his mouth.
Basically they’re just a huge invasion of privacy, an excuse to see you naked. They don’t work.
Schneier on Security: German TV on the Failure of Full-Body Scanners.
Don’t know if this will work in Europe, but in the US, a starter gun is considered a weapon. You simply declare you are carrying a weapon at baggage check in, they issue a little label you sign and they stick on the bag, and the bag doesn’t get rifled or checked, because the TSA most definitely doesn’t want to lose weaponry in the airline system.
Pack a Gun to Protect Valuables from Airline Theft or Loss – Security – Lifehacker.
It turns out that administering low-intensity shockwaves to the penis can help men with blood flow problems get over their difficulties getting a hard on. Viagra and Cialis help, but they need to keep taking the pills every time. This is a more permanent solution, because the shocks encourage the growth of new blood vessels from existing ones. It’s still a preliminary study, but it’s looking promising.
Shocking Treatment Helps Erectile Dysfunction | LiveScience.
Turns out that there is malware out there that downloads kiddie porn to your PC without you knowing – until the police pay you a friendly visit. Fortunately the download rate is something like 40 sites per minute, which is humanly impossible, but try explaining that away!
AP IMPACT: Framed for child porn — by a PC virus by AP: Yahoo! Tech.
the way radio signals vary in a wireless network can reveal the movement of people behind closed doors. Joey Wilson and Neal Patwari have developed a technique called variance-based radio tomographic imaging which processes the signals to reveal signs of movement. They’ve even tested the idea with a 34-node wireless network using the IEEE 802.15.4 wireless protocol
via Technology Review: Blogs: arXiv blog: Wireless network modded to see through walls.
We should all know by now that the fingerprint biometric is a bad one: not only can you duplicate it fairly easily using just gummy bears, or increase the risk of having your finger cut off for you, they also give too many false negatives; some people will never be able to use fingerprint scanners.
The problem here is that because they have to automate the fingerprinting process, you get a lower level of accuracy in the scans. No two prints by the same finger are ever exactly the same. This is corrected for by error correction codes, which adds information to the prints to allow the computer to correct for these disparities. If you can get to these codes, you can find out information about the original fingerprint and the amount of data loss that is expected. So searching through the error correction code database allows you to find a fingerprint that is similar to yours and has a large correction. This means you can become this other person fairly easily.
Vingerafdrukparanoia is terecht (opinie) | Webwereld.
Because we all know how safe centralised government databases are, the Dutch are now preparing to store all fingerprints the get. At first this will happen per region and later all the databases will be linked and centralised.
Dutch privacy organisations have protested at the EU, but they have declined the protest as the European courts feel other avenues had not been exhausted.
Europa wijst protest vingerafdrukdatabase af – UPDATE | Webwereld.