Hasta La Gadget!

The Defense Department has officially given the thumbs up to Apple devices running iOS 6 — paving the way for iPhones and iPads to become standard issue around the Pentagon. The move was hardly shocking. In fact, the Wall Street Journal had it on good authority weeks ago that the DoD was planning to give iOS its seal of approval. With Samsung devices running the Knox security suite and BlackBerry 10 already trickling into the hands of Pentagon employees, the decision sets the stage for a three-way bout for military market supremacy. And we’re sure the government drones can’t pick sides fast enough. After all, who wants to live under the tyranny of BlackBerry 7 any longer than necessary?

Filed under: Cellphones, Software, Mobile, Apple

Comments

Source: Bloomberg

Media companies of all sorts enjoy tips from readers and others, some of them being small snippets of information that are more or less without consequence, and with others putting the tipster’s job – or worse – at stake. As such, privacy and anonymity are of the utmost importance, and conventional messaging methods often fall short of providing it. Because of this, The New Yorker has implemented StrongBox.

Strongbox was created by Kevin Poulsen and the late Aaron Swartz, who committed suicide earlier this year after intense legal pressure following his JSTOR hacking debacle. It is an extension of DeadDrop, the code of which will be made open source and released for other companies and individuals to use. Unlike traditional methods for submitting tips and information, Strongbox aims to keep the tipster anonymous, and makes it so the recipient won’t be able to determine from where the information comes.

The Strongbox system is both fairly simple and quite involved, with several steps happening between the sharing of the tip and access of the information on the receiving end. Tipsters have to access Tor in order to upload a file or message (which are encrypted using PGP), and will receive a randomly generated alias. The files are then shuttled off to a server that is isolated from the recipient’s network and checked regularly by those with access.

If information has been received, the recipient downloads it via a VPN-connected laptop onto a flash drive, then decrypts the files on a secondary laptop running a live CD that is wiped with every restart using a second thumb drive containing the decryption keys. From there, the recipient can then return a message if desired via Strongbox, and the tipster can receive it by accessing the system using the randomly-generated alias that was assigned.

Poulsen talks about the project in his own write up, detailing how it was initiated and the work that went into it, mixed it with a personal perspective on the man himself and the weeks leading up to his untimely passing days after a launch date for the project had been set.

SOURCE: The New Yorker

The New Yorker unveils Strongbox for anonymous tip sharing is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Over the last several weeks the Syrian Electronic Army has made a nuisance of itself (again), serving as a sort of annoying prankster who is repeatedly ordered to go stand in the corner. The organization is reportedly responsible for quite a number of hacks, with The Onion having been one of its unlucky victims. The humor website pinpointed the source of its infiltration and has revealed precisely how it happened, adding in a few pieces of advice for other media outlets to help combat the attacks.

Last month, the Syrian Electronic Army claimed credit for a few different compromised accounts. On April 21, the organization said it was responsible for the hacking of several CBS Twitter accounts, and a week later it went after The Guardian’s Twitter accounts, sending out tweets in its own favor. It didn’t take long for another compromised account to surface, this time being E! Online’s Twitter account, where the hackers spread false information about singer Justin Bieber before proclaiming in another tweet that fans had been trolled.

Its latest target was The Onion, which was digitally infiltrated this past Monday by the SEA, something that was originally suspected to be a joke given the nature of the company. That notion was laid to rest on Wednesday when The Onion posted a series of screenshots and URLs detailing precisely how the organization compromised its Twitter account, revealing that the hack – as with previous ones – had been accomplished via a few different phishing methods.

The attack was initiated via emails sent to The Onion employees containing a link that, with a quick glance, appeared to be from The Washington Post on content about The Onion. When clicked, however, the link took the recipient to the URL “hackwordpresssite.com/theonion.php,” which then redirected again to one requesting Google App login information, after which point it took the victim full circle back to Gmail. Only a few employees received the emails, and at least one was fooled by it, resulting in the second phase of the attack.

Using the employee’s compromised email, the SEA sent messages to other The Onion employees early in the morning containing another link that again requested Google login information. Of those targeted, one of the individuals who fell for it had the login information for The Onion’s social media accounts, including Twitter.

The Onion notified employees of the breech and sent emails instructing workers to reset their passwords, unaware that one of their accounts was still compromised. Via that account, the SEA sent an email to all but those involved in the IT department with a link said to be a password-reset URL. A couple people fell for the second link, with both of their accounts then being used by the hackers to take control of The Onion’s Twitter account. Because of this, the company required all Google Apps passwords to be reset company wide, but not before posting a humorous jab at the SEA.

In summary, The Onion advises other media companies to avoid such attacks by taking such steps as employee education on phishing, isolating social media account logins, feeding tweets through a third-party application, and having access to all employees outside of corporate email accounts.

SOURCE: The Onion

The Onion pegs Syrian Electronic Army hacks on phishing schemes is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

While passwords are the way of the land on the internet, PayPal’s chief information security officer Michael Barrett says that passwords and PINs are obsolete and we need a new standard for security on computers and the internet. Barrett thinks that the next step is fingerprint scanners, which he believes will debut on smartphones at some point this year.

Speaking at the Interop IT conference, Barrett was quite positive that passwords will die sometime this year, even going as far as putting an image of a tombstone up on the screen that gave an “R.I.P.” to passwords. He says that passwords “are starting to fail us,” and that there are better, more secure ways to easily log into accounts in a secure manner.

On top of PayPal, Barrett is the president of the Fast IdentityOnline Alliance (FIDO), which is an organization that aims to change online authentication with an open standard that’s both secure and convenient to use. Barrett thinks that fingerprint scanners will be the wave of the future, and he even brought up rumors about the next iPhone coming equipped with a fingerprint scanner, as well as a handful of other new smartphones.

We can certainly see where Barrett is coming from. Passwords can be really easy to crack, especially if people use the same password for all of their accounts, which is inexcusable, but it makes sense, as many people don’t want to take the time to remember 20 different complex passwords. Two-factor authentication has been making the rounds, requiring users to log in using a password as well confirming their identity through a hardware device, but it’s inconvenient. Barrett thinks that biometrics is not only convenient, but also much more secure than passwords.

However, he noted that passwords simply won’t go away after biometrics are introduced. It’ll certainly take a while before a new standard can completely take over, especially considering that passwords have been the standard for so many years. So while we could see smartphones with integrated fingerprint scanners, it could be a few years before a new security standard takes over full-time.

VIA: Macworld

PayPal wants to get rid of passwords in favor of biometric security is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Apple faces a whole lot of inbound requests to unlock iPhone devices from law enforcement officials, according to a new report from CNET. Seized iPhones with a passcode lock are apparently secure enough to frustrate a lot of police agencies in the U.S., resulting in a wait list that Apple has put in place to help it deal with unlock requests from the authorities.

The waiting list was long enough that it resulted in a 7-week delay for a recent request by the ATF last summer, according to the CNET report. The good news for iPhone owners is that the ATF in that instance turned to Apple as a last resort, after trying to find a law enforcement body at either the local, state or federal level that had the capability to unlock the phone in-house for three months to no avail. The bad news is that an affidavit obtained by CNET, the decryptions seem to take place without necessarily requiring a customer’s knowledge, whereas with Google there’s a password reset involved that notifies a user via email of the unlock.

Apple can reportedly bypass the security lock to get access to data on a phone, download it to an external device and hand that over to the authorities, according to an ATF affidavit, which means that ultimately, the information on an iOS device isn’t 100 percent secure. But overall, repeated reports peg Apple devices as particularly resistant to prying eyes operating in law enforcement.

A previous report from CNET also identified iMessage as resilient in the face of outside surveillance attempts, especially compared to more common text communication methods like SMS. Combined, the reports suggest that Apple’s technology for its mobile devices is especially good at repelling unwanted advances, which is great for privacy buffs, though the policies around when and why Apple does share that information needs more fleshing out.

We’ve reached out to Apple to see if they have any official comment on the unlock queue from law enforcement and how they proceed with requests, and will update if we hear more.