Schneier on Security: Domain-in-the-Middle Attacks
Bruce Schneier on the real world effectiveness of a very simple domain name based man in the middle attack.
Here is a Wired article on the same issue showing how it was used to steal 20 GB of email from a Fortune 500 company.
- Lance Cottrell
It looks like Microsoft got caught using “evercookie” or “supercookie” technologies to recreate tracking cookies even after users have tried to delete them from their browsers.
Sneaky tracking code (finally) purged from Microsoft sites • The Register
- Lance Cottrell
Amazon Customer’s Privacy Exposed
In theory, your Amazon wish list should allow people to buy you gifts, but should not reveal anything but the list of items you want.
Evidently, if you buy something for someone off their list, you can then see the delivery address in the order reports in your account.
Solution is to remove the delivery address from your list. Your friends and family would have to enter the delivery address manually, but one hopes that they already know it. A good description of the process is in the above linked article.
- Lance Cottrell
Vendor of Stolen Bank Cards Hacked — Krebs on Security
Brian Krebs has an interesting blog post on how all of the credit card information was stolen by a hacker from a website that sells stolen credit cards.
This is in the “don’t know whether to laugh or cry” department.
- Lance Cottrell
Back in February, British Prime Minister David Cameron gave a speech where he strongly opposed the censorship and crack down on protesters in Egypt.
For decades, some have argued that stability required highly controlling regimes, and that reform and openness would put that stability at risk. So, the argument went, countries like Britain faced a choice between our interests and our values. And to be honest, we should acknowledge that sometimes we have made such calculations in the past. But I say that is a false choice.
As recent events have confirmed, denying people their basic rights does not preserve stability, rather the reverse. Our interests lie in upholding our values – in insisting on the right to peaceful protest, in freedom of speech and the internet, in freedom of assembly and the rule of law. But these are not just our values, but the entitlement of people everywhere; of people in Tahrir Square as much as Trafalgar Square.
Now, with the riots in England he feels that restricting access to social media, and censoring free speech is necessary to maintain order.
Everyone watching these horrific actions will be struck by how they were organised via social media. Free flow of information can be used for good. But it can also be used for ill. And when people are using social media for violence we need to stop them. So we are working with the police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality. I have also asked the police if they need any other new powers. Police were facing a new circumstance where rioters were using the BlackBerry Messenger service, a closed network, to organise riots. We’ve got to examine that and work out how to get ahead of them.
It is easy to condemn censorship in others, but it seems expedient when one is trying to control one’s own population. When in power, the difference between justifiable actions and tyranny is largely a matter of “us” vs “them”. “We” are good and would not abuse this power while “they” use censorship to keep the boot of oppression on their people.
The trouble is, it is very hard to know when one has moved past the tipping point, and powerful self justification comes easily to intelligent leaders and their advisors. As has been said many times “no man is the villein of his own story”.
This is a Rubicon I hope the UK can hold back from crossing.
- Lance Cottrell
Licensed under a Creative Commons Attribution-No Derivative Works 3.0 License. 