Hacking and Anonymous surfing

An article posted yesterday on CNET has Internet users bashing the FBI up one side – and down the other. Many are screaming about “Big Brother”, and civil rights. Others are proclaiming that they are going to leave the Internet completely, which I honestly don’t see happening. Seriously, folks… you’d be able to totally give up your online life?

According to the article, the FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes. If logs of Web sites visited began to be kept, they would be available only to local, state, and federal police with legal authorization such as a subpoena or search warrant.

It’s unclear what, exactly, the FBI wants to keep track of. The possibilities include requiring an Internet provider to log the Internet protocol (IP) address of a Web site visited, a domain name, a host name, or an actual website URL. While the first three categories could be logged without doing deep packet inspection, the fourth category would require it. That could run up against opposition in Congress.

Waking up to someone asking you for help because their password has been hacked is an unpleasant experience. But such calls are becoming commonplace, not because hackers are becoming smarter (well they are), but because people are stupid enough to keep their passwords simple.

A recently released report from Imperva (http://tinyurl.com/iepasswords) highlights that the most common password used by people is 123456. Moreover, 30 per cent of people use passwords under or equal to six characters, only 60 per cent of them use alpha-numerics and nearly half use slang words, consecutive digits and so on. That’s why I have decided to share with you the six golden rules of a good password.

You see it all the time on Facebook: A friend moving on up in FarmVille. Another friend trying to expand his posse in Mafia Wars. Everyone thinks of them as harmless third-party applications, free from the crooks and cooks of cyberspace. Unfortunately, that’s not the case.

The sad fact is that these applications are susceptible to malware pushers and those looking to steal your personal information. It’s not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming. And the more you expose yourself, the bigger the target you become.

The dangers of these games were part of a larger talk on social networking dangers at the 2010 ShmooCon security conference. Indeed, social networkers are in danger from all corners, be it from malicious Twitter bots you think is a celebrity following you or that hot model who friended you on Facebook, hoping you wouldn’t notice that she’s nothing more than a phishing hook.

The website Tata Consultancy Services, India’s largest software vendor, has been hacked. The hacker has posted a “For Sale” message on the site, which is written in both French and English. Ironically, the company produces security systems software.

The hack is believed to be a DNS hijack, which is similar to the breach that Twitter succumbed to last year. TechCrunch was also recently hacked earlier this year.

A benchmark report for an unreleased Apple MacBook Pro sporting Intel’s upcoming dual-core 2.66GHz Core i7 mobile processor was published online this week, suggesting a refresh to the professional notebook line may be imminent.

The Geekbench report, which can be seen in its entirety here, was submitted on February 4th and subsequently spotted by a MacRumors forum member. It lists the model as a MacBook Pro 6,1 — a previously unused MacBook Pro identifier — running an unreleased build of Mac OS X 10.6.2 labeled 10C3067.

More specifically, the chip that registered inside the unreleased MacBook Pro is the Core i7 M 620, which represents the highest-performance chip announced as part of Intel’s new Arrandale mobile offerings last month.

When Apple introduced iPhone OS 3.0, it attempted to beef up the security of over-the-air enterprise management of iPhones by adding support for Cisco Systems’ Simple Certificate Enrollment Protocol (SCEP). However, a flaw in the implementation of the standard could allow hackers to offer mobile configuration files that appear to be from a legitimate source, but may otherwise set your iPhone to access malicious servers.

Ars spoke with a mobile security expert who discovered the problem (who asked to remain anonymous because he did not have approval to talk about the issue). He told Ars that the issue is one of trust: “Who would you trust to change your iPhone configuration over the air? Your carrier? Your company? Your IT security admin?” he asked. Apple uses SCEP as a way for the iPhone to check in with a certificate server to verify that a mobileconfig file has been signed by a trusted source, but flaws in the set-up on the iPhone mean that the process doesn’t always work as intended.

Apple on Friday evening equipped developers with yet another build of its upcoming maintenance and security update for Mac OS X 10.6 Snow Leopard that includes few changes from an earlier build distributed two weeks ago.

People familiar with the matter say Mac OS X 10.6.3 build 10D548 was distributed alongside an enhancement and focus list nearly identical to build 10D538, which made its way to a small subset of developers last month, as AppleInsider exclusively reported.

The only distinguishable change noted in documentation, those people say, was a request by the Mac maker for its developers to add iCal and printing functions to their evaluation efforts, alongside AirPort, QuickTime and graphics drivers. A prior emphasis on VoiceOver was reportedly not extended to build 10D548.

The company once known for its “don’t be evil” motto is now in bed with the spy agency known for the mass surveillance of American citizens.

The National Security Agency is widely understood to have the government’s biggest and smartest collection of geeks — the guys that are more skilled at network warfare than just about anyone on the planet. So, in a sense, it’s only natural that Google would turn to the NSA after the company was hit by an ultrasophisticated hack attack. After all, the military has basically done the same thing, putting the NSA in charge of its new “Cyber Command.” The Department of Homeland Security is leaning heavily on the NSA to secure .gov networks.

But there’s a problem. The NSA and its predecessors also have a long history of spying on huge numbers of people, both at home and abroad. During the Cold War, the agency worked with companies like Western Union to intercept and read millions of telegrams. During the war on terror years, the NSA teamed up with the telecommunications companies to eavesdrop on customers’ phone calls and internet traffic right from the telcos’ switching stations. And even after the agency pledged to clean up its act — and was given wide new latitude to spy on whom they liked – the NSA was still caught “overcollecting” on U.S. citizens. According to The New York Times, the agency even “tried to wiretap a member of Congress without a warrant.”

In the wake of iiNet’s recent court win, Minister for Broadband, Communications and the Digital Economy Stephen Conroy has said that he wants the film and internet industries to sit down and try and work out a code of conduct to prevent pirating of copyrighted works rather than working towards legislation changes.

“I would hope to encourage the [internet service providers] and the movie industries to sit down and try and come up with a code of conduct and let’s see where that goes before we start leaping off down that path,” he told the ABC’s Hungry Beast program on Friday.

“I think that a mature approach by both the movie industry and the internet industry sitting down, having a conversation, and coming up with a code of practice is the absolute preferable outcome. The problem is at the moment in Australia there is no agreement, there is no discussion, there is no dialogue and people resorted to court,” he said.

As the players, coaches and halftime performers — not to mention the Lombardi Trophy — make their way to Miami’s Sun Life Stadium for the Super Bowl on Sunday, Jerry Hunter and company will be keeping a close eye on them.

The Super Bowl has contracted with Hunter’s US Fleet Tracking to use its real-time GPS tracking system, which uses satellite technology that can “ping” a vehicle’s location every few seconds.

The Web-based mapping system will be just one of the high-tech gadgets used Sunday to make sure the party for 74,000 people runs smoothly. “You think you and your wife have a struggle throwing a dinner party with 30 guests — making sure everything is where it’s supposed to be at the right time?” he said. “Imagine the Super Bowl.”