The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

TAG | security breaches

The Internet is on fire with discussions of the recent release of stolen nude photos of over 100 female celebrities. This is a massive invasion of their privacy, and it says something sad about our society that there is an active market for such pictures. While this particular attack was against the famous, most of […]

· · ·

“The Big Hack, or maybe not…” — The Social Network Station On Friday I was asked to come on The Social Network Show to talk about the fact and questions surrounding the theft of over 1 Billion passwords. Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

· ·

Tor just announced that they have detected and blocked an attack that may have allowed hidden services and possibly users to be de-anonymized. It looks like this may be connected to the recently canceled BlackHat talk on Tor vulnerabilities. One hopes so, otherwise the attack may have been more hostile than simple research. Tor is […]

· ·

Fake Google Digital Certificates Found & Confiscated On July 2, Google engineers discovered unauthorized certificates for Google domains in circulation. They had been issued by the National Informatics Center in India. They are a trusted sub-authority under the Indian Controller of Certifying Authorities (CCA). They in turn are part of the Microsoft Root Store of […]

· · · · ·

The recent Ebay password compromise is just the latest in a string of similar attacks. Each time we hear a call for people to change their passwords. Sometimes the attacked company will require password changes, but more often it is just a suggestion; a suggestion that a majority choose to ignore. Further exacerbating the problem […]

· ·

Heartbleed Bug Researchers recently announced the discovery of an incredibly dangerous bug in the OpenSSL encryption library. That library is used by about two thirds of websites, and many VPNs and other secure communications services. The problem is in a memory leak that allows an attacker to request heartbeat responses which will contain up to […]

· ·

Infosec Institute published an article showing in detail how application signing on Android devices can be defeated. This trick allows the attacker to modify a signed application without causing the application to fail its signature check. The attack works by exploiting a flaw in the way signed files in the .apk zip file are installed […]

· · · ·

Another from the “if the data exists, it will get compromised” file. This article from the Washington Post talks about an interesting case of counter surveillance hacking. In 2010, Google disclosed that Chinese hackers breached Google’s servers. What only recently came to light was that one of the things compromised was a database containing information about […]

· · · ·

Welcome to episode 7 of The Privacy Blog Podcast. In April’s episode, we’ll be looking at the blacklisting of SSL certificate authorities by Mozilla Firefox – Specifically, what this complex issue means and why Mozilla chose to start doing this. In more breaking online privacy news, I will be discussing the security implications of relying […]

· · · · · · · · · ·

It appears that China recently launched a poorly executed Man in the Middle (MITM) attack on GitHub. Greatfire.org has all the details. In short: GitHub.com is an https only website, so the only way to monitor it is to use a MITM attack to decrypt the contents of the communications. There is evidence that GitHub […]

· · · ·

Older posts >>