Reddit member info was compromised in June this year. Two data-sets were accessed: the first from 2007 containing account details and all public and private posts between 2005 and May 2007; and the second included logs and databases linked to Reddit’s daily digest emails, which was accessed between 3 and 17 June this year. The data includes usernames and email addresses linked to those accounts.
Reddit they are contacting members who may have been affected. But the way these stories go, it will be revealed soon that everyone’s data has been leaked, so all Reddit members should probably reset their passwords.
And if you are one of the millions of people who re-use user-names and passwords over multiple sites, you’d better change your login info on all accounts. This time do it properly, with a password manager. Better late than never, eh!
The Reddit system was compromised through former employee accounts which were “protected” with SMS-based two-factor authentication.
SMS-based two-factor authentication is more secure than using a password alone. But it is relatively easy to break through. For instance, an attacker can transfer a phone number by supplying an address, last 4 digits of a social security number and perhaps a credit card – exactly the type of data that is widely available on the dark web thanks to large database breaches like Equifax.
Google has a new logo and updating its image – but under the surface it’s still that pre-2010 half-evil censor
Eight years after Google pulled out of the censored Chinese internet, they’re back. It’s been reported that the company is working on a mobile search app that would block certain search terms and allow it to reenter the Chinese market.
Google has engaged in the China-controlled internet space before: but in 2010 it pulled out, citing censorship and hacking as reasons. It didn’t pull out completely – it still offered a number of apps to Chinese users, including Google Translate and Files Go, and the company has offices in Beijing, Shenzhen and Shanghai – But the largest of its services – search, email, and the Play app store – are all unavailable in the country.
Google co-founder Sergey Brin told the Guardian in 2010 that his opposition to enabling censorship was motivated to his being born in Soviet Russia. “It touches me more than other people having been born in a country that was totalitarian and having seen that for the first few years of my life,” he said as Google exited the Chinese market after 4 years of cooperating with the authorities.
But now they’re back, working on a mobile search app that would block certain search terms and black-listed material. The app is being designed for Android devices.
According to tech-based news site The Information, Google is also working on a censored news-aggregation app too. The news app would take its lead from popular algorithmically-curated apps such as Bytedance’s Toutiao – released for the Western market as “TopBuzz” – that eschew human editors in favour of personalised, highly viral content.
Patrick Poon, China Researcher at Amnesty International, called Google’s return to censorship “a gross attack on freedom of information and internet freedom.”
In putting profits before human rights, he said, Google would be setting a chilling precedent and handing the Chinese government a victory.
This is important because many computer users will set a search site as their homepage and even find content by entering key-words into the url bar of their browser. Because of Google’s ubiquity, it is frequently set as default search engine on browsers, meaning that millions of users will find that their experience of the internet is that delivered through the lens of Google. If that lens is smudged or cracked by censorship, all these users’ internet experience is skewed. So it is essential to highlight the fact that Google is not the neutral, trustworthy agent that many users think it to be.
GreatFire, an organisation that monitors internet censorship and enables circumvention of the “Great Firewall of China”, said the move “could be the final nail in the Chinese internet freedom coffin” and that “the ensuing crackdown on freedom of speech will be felt around the globe.”
Part 3 of an occasional series of videos about the Darkweb, hidden services, anonymity… all the good stuff that we need, and need to know about!
Excellent Defcon presentation by Adrian Crenshaw detailing how some Tor users got caught. TL;DR: it’s all down to faulty OpSec. Be careful all the time, use your common sense, and all well be well. So long as there aren’t 0days in Tor Browser that the Man knows about and the devs don’t…
But this isn’t too long to watch. So watch it! Even if you don’t use the darknet it is hugely informative and entertaining. And if you do use Tor or otherwise have an interest in anonymity (which means you!), it is doubly informative and entertaining… in fact it is essential for everyone to watch. So watch it!
Today Apple is closing a security loophole in iPhones and other iOS devices that enabled law enforcement to hack into criminals’ devices, inculding one of the San Bernadino killers.
They have introduced “Restricted USB Mode”, which will stop hackers from extracting data through an iPhone’s lightning port an hour after being locked. It is believed that this is how the FBI were able to read data from the iPhone belonging to a gunman involved in the shootings in San Bernadino.
Apple says this is part of their usual security reviews, and is not aimed at thwarting law enforcement but is to protect users from criminals.
The GreyKey device that hacks into locked iPhones via its Lightning port
This will protect iPhones from the iPhone hacking tool GreyKey.
The new default settings will have a feature Apple call a “USB restricted mode” which has been present in developer betas for both iOS 12 and iOS 11.4.1. With this feature, all communication through a Lightning port to USB connection will be blocked on unlocked and dormant devices.
US law enforcement uses a tool called a GrayKey, which is a small box with two Lightning cables that can unlock password encryptions on iPhones and extract data from iPhones. The Restricted USB Mode will cut off the GreyKey’s access.
The GreyKey device reveals a locked iPhone’s passcode in as little as 30 seconds
Of course the cops believe this is aimed firmly at law enforcement, and will result in criminals and terrorists getting away with serious crimes.
“I think that privacy protections are on a collision course with responsible law enforcement actions to conduct legitimate investigations,” said Ronald Hosko, a former assistant director of the FBI who is now president of the Law Enforcement Legal Defense Fund, which raises money to defend officers accused of misconduct. “Terrorists or other criminal organizations will do something that’s heinous, in a way that is blocked from lawful law enforcement view. They will to some extent get away with it. We will lose lives, we will lose infrastructure in a big way, and then we will be having a different conversation.”
Aaron Swartz was a computer programmer, writer, political organiser, hacker, and hacktivist of note. Amongst other accomplishments he founded Watchdog.net, “the good government site with teeth,” to aggregate and visualize data about politicians, was a co-founder of the Progressive Change Campaign Committee and Demand Progress; with Virgil Griffith he worked on Tor2web, an early (2008) HTTP proxy for Tor-hidden services and with Kevin Poulsen he created Dead Drop (now known as “Secure Drop”), a mechanism allowing whistleblowers to send files to the media anonymously. He was prosecuted for making the data in JSTOR, a digital repository of academic journal articles, available to users for free. He refused a plea bargain that would have seen him serve 6 months in a low-security prison, preferring to make the authorities justify the prosecution. He faced a possible 50 years of imprisonment and $1 million in fines, for pursuing the hacker belief that all information wants to be free. Swartz committed suicide on January 11, 2013. After his death, federal prosecutors dropped the charges. [Thanks to Wikipedia.org for the above.] He was a champion for freedom, in the best hacker tradition, and nine years ago he wrote the following manifesto.
Guerilla Open Access Manifesto
Information is power. But like all power, there are those who want to keep it for
themselves. The world’s entire scientific and cultural heritage, published over centuries
in books and journals, is increasingly being digitized and locked up by a handful of
private corporations. Want to read the papers featuring the most famous results of the
sciences? You’ll need to send enormous amounts to publishers like Reed Elsevier.
There are those struggling to change this. The Open Access Movement has fought
valiantly to ensure that scientists do not sign their copyrights away but instead ensure
their work is published on the Internet, under terms that allow anyone to access it. But
even under the best scenarios, their work will only apply to things published in the future.
Everything up until now will have been lost.
That is too high a price to pay. Forcing academics to pay money to read the work of their
colleagues? Scanning entire libraries but only allowing the folks at Google to read them?
Providing scientific articles to those at elite universities in the First World, but not to
children in the Global South? It’s outrageous and unacceptable.
“I agree,” many say, “but what can we do? The companies hold the copyrights, they
make enormous amounts of money by charging for access, and it’s perfectly legal —
there’s nothing we can do to stop them.” But there is something we can, something that’s
already being done: we can fight back.
Those with access to these resources — students, librarians, scientists — you have been
given a privilege. You get to feed at this banquet of knowledge while the rest of the world
is locked out. But you need not — indeed, morally, you cannot — keep this privilege for
yourselves. You have a duty to share it with the world. And you have: trading passwords
with colleagues, filling download requests for friends.
Meanwhile, those who have been locked out are not standing idly by. You have been
sneaking through holes and climbing over fences, liberating the information locked up by
the publishers and sharing them with your friends.
But all of this action goes on in the dark, hidden underground. It’s called stealing or
piracy, as if sharing a wealth of knowledge were the moral equivalent of plundering a
ship and murdering its crew. But sharing isn’t immoral — it’s a moral imperative. Only
those blinded by greed would refuse to let a friend make a copy.
Large corporations, of course, are blinded by greed. The laws under which they operate
require it — their shareholders would revolt at anything less. And the politicians they
have bought off back them, passing laws giving them the exclusive power to decide who
can make copies.
There is no justice in following unjust laws. It’s time to come into the light and, in the
grand tradition of civil disobedience, declare our opposition to this private theft of public
culture.
We need to take information, wherever it is stored, make our copies and share them with
the world. We need to take stuff that’s out of copyright and add it to the archive. We need
to buy secret databases and put them on the Web. We need to download scientific
journals and upload them to file sharing networks. We need to fight for Guerilla Open
Access.
With enough of us, around the world, we’ll not just send a strong message opposing the
privatization of knowledge — we’ll make it a thing of the past. Will you join us?
Hacking and phreaking have had a few set-backs over the past decae or so. But things never really change, only the methods needed to achieve those things. Blue boxes and the POTS have been made difficult to utilize, but now there are voice mail systems to break into, even after all the furore about reporters ‘hacking’ celebs’ voice mail accounts; you can listen to other people’s messages, even make phone calls on poorly configured voice mail systems (do a bit of googling about hacking into VMS) – I’m spreading news, not giving tutorials, and anyway I have not the first idea how to do anything illegal! – and you shouldn’t do anything illegal either, I’d never encourage anyone to break the law 🙂
So that’s phreaking still alive and kicking, just in a different form to what older phreaks might recognize. And “hacking”/cracking still lives and kicks too!!! It’s still possible to carry out SQL injection – link (though more companies are getting wise to the tricks and closing the loopholes), malicious websites that put nasties into your computer while you’re browsing asian porn or whatever are thriving, and if you want to be a “proper” hacker who knows how this stuff works under the hood and maybe wants to write your own tools, there are books like Violent Python (pdf download link) out there that can explain some of the nuts and bolts (shh, you didn’t get that link from me!). Amazon says of Violent Python
[It] shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker’s tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artefacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.
High praise indeed. especially when you consider that they’re charging £17 to £18 for the book.
For a more gentle and possibly more fun way to learn Python is at Invent Your Own Computer Games With Python (but if you’d rather just have a pdf of their book to read offline it can be gotten here – the book is available under Creative Commons so you don’t need to be antsy about that download at least). A lot of hackers sneer at “script kiddies” who know nothing about programming and who rely on ready-made tools. So fuck em, right? Learn Python – a simple yet powerrul language.
And then there’s the sneaky practice of snatching random strangers’ (or indeed targeted targets’) data off the air when they’re using the net in coffee shops etc. It’s becoming more difficult as people become aware of the danger (for instance if I’m out and about I use https and a VPS) but there are still a lot of possible targets sending bank or card details, or other sensitive info over the air – look here and here for tips and tricks.
So, phreaking and hacking isn’t dead – it’s just grown up a bit. As long as the hacker is also prepared to grow and change, all will be well for the infonauts of the future.
Abby Sciuto is the hacker of the future (and of the present). I’d love to spend a day/night – KAF-POW! – in her NCIS lab!!
This really pisses me off. The Guardian were pro-whistleblowing when it came to Wikileaks – probably because the Guardian found those leaks ethically sound. But when the whistleblowing/leaking is in aid of a cause not close to the newspaper’s heart – like the leaked emails at the University of East Anglia that seemingly expose evidence-tampering by scientists who believe in man-made climate change – suddenly the Guardian wants to assemble a posse or lynchmob to track down the whistleblower and deliver him to Scotland Yard.
I’ve been a Guardian reader for 20 years, and usually I find its campaigns to be defensible even if I don’t particularly believe in them. But this whistleblower/leak/”hacker” hunt leaves a bad taste in my mouth.
Get your act together, Guardian… or you’ll lose another once-loyal reader.
is an Internet meme originating 2003 on the imageboard 4chan, representing the concept of many on-line community users simultaneously existing as an anarchic, digitized global brain.[1] It is also generally considered to be a blanket term for members of certain Internet subcultures, a way to refer to the actions of people in an environment where their actual identities are not known.
Anonymous is not a hacker group in the sense you’d usually expect: there’s no organization, no hierarchy, no agreed agenda. Anyone with the required know-how and/or tools can do some cyber-vandalism or cut-and-paste someone’s email, then say it was done by Anonymous.
So who is Anonymous? Everyone. No one. Me. You. Anyone. Please bear that in mind next time you see a report that “Anonymous” did something.
_gos=’c4.gostats.com’;_goa=354450;
_got=2;_goi=2;_goz=0;_gol=’Free hit counter’;_GoStatsRun(); Free hit counter
Emmanuel Goldstein, aka Eric Corley, editor of the hacker magazine 2600 and presenter of the weekly podcast and New York WBAI radio show “Off The Hook”, said on this week’s show that he thought the DDOS attacks being aimed at anti-Wikileaks organizations like Amazon by so-called members of the pseudo-group “Anonymous” are bad, counterproductive and basically a hypocritical way to protest against censorship. What I understand from his argument is that he thinks censoring the censors is just as bad as Wikileak’s opponents attacking the messenger instead of the message.
Thing is, Emmanuel is wrong wrong wrong. I see the widespread use of tools like LOIC (the “Low Orbit Ion Cannon” program) to mess with companies like Amazon, Mastercard, PayPal and others who’ve decided to stop doing business with Wikileaks, as similar to the flash protests which saw massive chain stores like Top Shop in the UK being forced to close because the stores were suddenly filled with hundreds of students and other victims of government cuts who think the owners of these stores, like Sir Philip Green the billionaire owner of Top Shop cynically avoids paying tax by being officially “domiciled” in some tax haven country, while he advises the government to make massive cuts in public spending. The flash protests at billionaire tax dodgers’ businesses, and the denial of service attacks on companies who’ve been unmasked as agents of US foreign policy, are the new way of getting our voices heard. In 1968, workers and students in Paris protested together against their government’s obscene policies, and direct action in other countries forced change; now, in the age of the internet, these new forms of protest are being tried, to see if they can bring about the social change that the whole world urgently needs.
To be honest, I’m a little worried that something has been done to Emmanuel by Wikileaks’ Swedish governmental enemies. During the show he told us a story about a shopkeeper whose CCTV system caught images of the Stockholm suicide bomber – and he actually said that CCTV is good because it can film these kinds of events. The bombing was a tragedy, obviously; but Emmanuel would usually recognize that any good resulting from CCTV is just a by-product of our Orwellian 1984-like surveillance culture. It’s pretty ironic that Emmanuel took his name from the character Emmanuel Goldstein in the novel 1984 – a mysterious, manufactured bogeyman created to justify Big Brother’s totalitarian control of society.
“Off the Hook” is usually a great show, and I’d normally recommend it to anyone with at least a couple of brain cells to rub together. But if Big Brother really has done a number on Emmanuel Goldstein… yikes, where did I put my tin-foil hat?!!!
_gos=’c4.gostats.com’;_goa=354450;
_got=2;_goi=2;_goz=0;_gol=’Free hit counter’;_GoStatsRun(); Free hit counter
On 3 December, we reported that you could no longer reach the Wikileaks site by using the wikileaks.org URL. Well, that is no longer the case: aim your browser at “http://wikileaks.org” and you get rerouted to http://mirror.wikileaks.info/ – one of the many, many mirrors that sprouted after the USA’s clumsy efforts to limit free speech. Not a major victory by any means. But a victory nevertheless.
In other (Wikileaks/Assange-related) news: Julian Assange is still in prison even though he was granted bail yesterday. The Swedish prosecutors have appealed against the bail ruling, claiming that he would pose a major flight risk. I’m not sure how the Swedes think he’ll flee: Assange’s face must be one of the best known in border security circles, plus they have his passport… but as things stand, he must remain in HMP Wandsworth for at leat another couple of days while this judicial circus runs its course.
This case is highlighting the problems with the new European arrest warrant system. Usually, it is only possible to extradite someone if the crime he’s accused of is also a crime in the country he’s “hiding” in. As far as I can tell, Assange’s alleged crimes are not illegal in Britain (what the Swedes call “rape” and “sexual molestation” are very different to the UK’s definitions – I believe one of the charges relates to Assange refusing to use a condom; the complainant admits that the sex was consensual, so how in hell can this be called a crime? He didn’t force her to have unprotected sex).
Anyway, a blog like this one is not really a good place to discuss the intricacies of Swedish law. But what I will say is this: Sweden has got very accommodating rendition agreements with the USA. If Assange is extradited to Sweden, it won’t be long before he ends up in America. And if you look at what politicians are saying about Assange it’s pretty clear he won’t receive a free trial and he’ll end up on a slab.
But do these people really believe that Assange is Wikileaks? The leaks will continue, regardless of his fate. All that will happen is that Assange’s colleagues will improve their security and anonymity. Killing (or imprisoning) Assange will not kill Wikileaks. And all politicians need to beware: if they treat Assange like a piece of shit, the leaks will become more and more damaging to the so-called “liberal” European “democracies” who are currently baying for his blood. So watch out, fools: the day of reckoning is nearly upon us… and you.
UPDATE: I just noticed this, a page that lists the very many sites that are mirroring Wikileaks in an attempt to stop the authorities ever again closing them down. Well, when I say “stop”, I actually mean “make it very difficult”. The USA has already demonstrated the length of its reach. But when Wikileaks is mirrored in a huge number of countries, some of whom dislike America intensely, the job of censorship becomes much more difficult.
There’s also info on the page about how you too can mirror Wikileaks on your web server. I say go for it! I think it’s about time that the USA learned what “democracy” actually means: rule by the people for the people; not rule by a bunch of rich geezers on behalf of their billionaire buddies. Or is my dictionary out of date?
_gos=’c4.gostats.com’;_goa=354450;
_got=2;_goi=2;_goz=0;_gol=’Free hit counter’;_GoStatsRun(); Free hit counter
Posted by Martin X 
I HATE HATE!!! 