Openness and disclosure may be the only remedy against operations like the “Shady RAT”

Posted by & filed under Hacks, Security News.

McAfee recently disclosed the result of five years of investigation of a threat actor that have compromised 72 targeted organizations. While the sheer number and time span of the attacks, not to mention the compromised parties’ identities (for instance, the United Nations was hacked) are enough to raise an eyebrow or two, two paragraphs in the article particularly caught my… Read more »

Norwegian newspaper claims full access to all Wikileaks cables

Posted by & filed under Security News.

Update: Aftenposten now publishes all documents that are used to write related news articles in a RSS feed here: http://www.aftenposten.no/eksport/rss-1_0/?seksjon=spesial_wikileaksdokumenter&utvalg=siste The Norwegian newspaper “Aftenposten” claims, according to several sources [Norwegian, in english here] that it has access to all the Wikileaks cables. This would effectively mean that the carefully planned drips of information to selected newspapers… Read more »

Backdoor in OpenBSD IPSEC stack?

Posted by & filed under Secure Development, Security News.

Wow, if this is even remotely true, it’s quite spectacular: Theo de Raadt,  has made public an email sent to him by Gregory Perry, who worked on the OpenBSD crypto framework a decade ago. The claim is that the FBI paid contractors to insert backdoors into OpenBSD’s IPSEC stack, a stack that has been re-used… Read more »

Haystack snake oil

Posted by & filed under Security News.

The touted anti-censorship software Haystack that were supposed to keep Iranians safe from their government seems to have been brewed on purified snake oil: Several researchers has the last couple of days teared the security in the Haystack software apart, and from the looks of it, it wasn’t a challenge at all.