01/26/2014: Edward Snowden chose Germany’s ARD to make his first television interview since he blew the whistle on NSA’s global dragnet and illegal surveillance. The 30-minute interview was made in strict secrecy in an unspecified location in Russia, where Snowden is currently living under temporary asylum.
I’m interested but I’m wondering what it’s going to cost.
Read more @ BlackPhone.ch.
The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.
…
The thief could potentially steal far more if the victim had activated an auto-replenish option, which would allow the app to repeatedly access the victim’s bank account to continually add more money to the Starbucks account. Brotman said that any request for more bank funds would trigger a message to the victim — he said it would probably be an email — which could alert the victim to the fraud. If the victim then contacted Starbucks, the account would be shut down.
Read the full article @ Computer World.
Two-factor authentication is one of the best things you can do to make sure your accounts don’t get hacked. We’ve talked about it a bit before, but here’s a list of all the popular services that offer it, and where you should go to turn it on right now.
Read the full list @ Lifehacker.
I have not tried this so I’m not actually recommending it. However, I’d love to give one a try for just $49. You wouldn’t post your home address just anywhere online. So why give it out to every website you visit? When you browse the Internet, every site you visit knows your IP address...
Read more →The folks at LastPass have a simple way to search the database of hacked passwords (and password hints) released by the recent Adobe hack. Please check, and change accordingly. (Mine was and I did.)
Read more →Digital Attack Map is a live data visualization of DDoS attacks around the globe, built through a collaboration between Google Ideas and Arbor Networks. The tool surfaces anonymous attack traffic data to let users explore historic trends and find reports of outages happening on a given day.
The article is a bit technical but the bottom line is this: There’s a giant back door in many D-Link Wifi routers!
In other words, if your browser’s user agent string is “xmlset_roodkcableoj28840ybtide” (no quotes), you can access the web interface without any authentication and view/change the device settings (a DI-524UP is shown, as I don’t have a DIR-100 and the DI-524UP uses the same firmware):
Based on the source code of the HTML pages and some Shodan search results, it can be reasonably concluded that the following D-Link devices are likely affected:
- DIR-100
- DIR-120
- DI-624S
- DI-524UP
- DI-604S
- DI-604UP
- DI-604+
- TM-G5240
Additionally, several Planex routers also appear to use the same firmware:
- BRL-04R
- BRL-04UR
- BRL-04CW
Read the full article @ /dev/ttyS0.
Bruce Schneier gives us a glimpse of the future of the internet, and shares some of the context we should keep in mind, and the insights we need to understand, as we prepare for it. Learn more about Bruce Schneier at https://www.schneier.com and TEDxCambridge at http://www.tedxcambridge.com.
Amy Goodman at Democracy Now interviewed Ladar Levison, founder/owner/operator of Lavabit, the security-focused email service Edward Snowden used to invite attendees to a Moscow press conference; the service was abruptly closed last week with an explanation pointing to US government interference. He joined the show from Washington DC with his lawyer, Jesse Binnall. Goodman...
Read more →