Miscellaneous Topics

[Husky]

Couldn't find Sumishi's thread on Big Brother type stuff - at least, not under a thread title of 'Big Brother'. So posting these here.





2 items via runningblind.com

(belongs to "Josh Goebel, the creator of Pastie, Invoicie, and Snag the Flag ..." which are sites offering web services)



1. runningblind.com/post/79561068470/critical-crypto-bug-leaves-linux-hundreds-of-apps-open

14 Mar 2014



arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.



The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher.

Ok… so OS X, iOS, and now Linux? I’m not usually a believer in conspiracies, but isn’t believing the NSA did it intentionally and maliciously better than believing that we’re idiots and did it to ourselves by accident?

2. runningblind.com/post/79068516804/yahoo-webcam-images-from-millions-of-users-intercepted

9 Mar 2014



Yahoo Webcam Images From Millions of Users Intercepted by GCHQ ?

Gruber: There’s no other way to describe this than Orwellian. Government agencies spying on and collecting images of innocent citizens. Outrageous.

For a long time even wanna-be-geeks have known that most email is not secure or private (being transmitted plain-text and all). It’s time we started to intrinsically know that about any and every non-encrypted service we access online.



If it’s not encrypted assume it’s pretty much public and that everyone is watching (or could be).



I agree with Gruber on how outrageous this is but as it becomes easier and easier to store and aggregate large amounts of data it shouldn’t surprise anyone that governments are doing this.