February 19, 2015

There were 2 posts published on February 19, 2015 (this is page 1 of 1).

The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle

NSA hacked SIM card manufacturer Gemalto and stole millions of encryption keys without the company’s knowledge. While I don’t particularly mind NSA targeting bad guys (that’s why we have NSA), I consider hacking the good guys to get the bad guys to be very poor form.

I am not surprised that this took place on Obama’s watch, either. His record is just as bad as George W. Bush’s. Perhaps worse.

The monitoring of the lawful communications of employees of major international corporations shows that such statements by Obama, other U.S. officials and British leaders — that they only intercept and monitor the communications of known or suspected criminals or terrorists — were untrue. “The NSA and GCHQ view the private communications of people who work for these companies as fair game,” says the ACLU’s Soghoian. “These people were specifically hunted and targeted by intelligence agencies, not because they did anything wrong, but because they could be used as a means to an end.”

via The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle.

Lenovo shipping laptops with pre-installed adware that kills HTTPS | CSO Online

Whoops. Lenovo shipped computers with adware that breaks ALL SSL on its laptops. Not only that, but the private key is also widely available, meaning anyone can spoof any website on an unsuspecting Lenovo owner’s computer. Major security fail!

Lenovo is in hot water after it was revealed on Wednesday that the company is shipping consumer laptops with Superfish Adware pre-installed. Security experts are alarmed, as the software performs Man-in-the-Middle attacks that compromises all SSL connections.

It’s a fact of life; PC manufacturers are paid to install software at the factory, and in many cases this is where their profit margin comes from. However, pre-installed software is mostly an annoyance for consumers. Yet, when this pre-installed software places their security at risk, it becomes a serious problem.

via Lenovo shipping laptops with pre-installed adware that kills HTTPS | CSO Online.

Update: More technical info here and here.