Hacker-anarchists make Guy Fawkes design a best seller – swelling the coffers of the Hollywood studio it is battling
They call themselves "Anonymous", and they are the world's most famous group of hacker-anarchists. When they have left the glow of their computers to protest in public – against anti-piracy laws, perhaps, or the imprisonment of Julian Assange – they have taken, very wisely, to wearing masks. Since 2008, the mask of choice has been the eerie "Guy Fawkes" design made famous by the film of Alan Moore's graphic novel V for Vendetta.
In Moore's story, the mask is worn by a lone freedom fighter against government iniquity. Yet it is a measure of the allure of hacktivism that the real-life replica has now become one of the most popular masks worldwide. Its manufacturer, Rubies Costume Company, sells well over 100,000 every year, and the product is the best-selling mask on amazon.com, amazon.co.uk and amazon.de. In the words of one reviewer on the site, it is "very useful to hide your identity from the public while you go about your anonymous deeds".
Now, it is not nice to sneer – nor is it wise, when one's target is a rather touchy criminal collective. But there is a tasty irony about the fact that the V mask is itself a copyrighted product. Every time that Rubies sells one – for $6.49, £5.16 or €10.50 – a cut of the profit goes to Warner Bros, which made the film. That's Warners as in one of Hollywood's six big studios, a subsidiary of TimeWarner, and a member of, yes, the Motion Picture Association of America – Anonymous's adversary in the fight over online piracy. It just goes to show. The battle for copyright may be lost, but no one flouts the law of unintended consequences.
AnonymousHackingLeo Benedictusguardian.co.uk © Guardian News & Media Limited 2011 | Use of this content is subject to our Terms & Conditions | More Feeds

While Sabu and Topiary are firmly on the inside, the likes of The Jester and LulzSec Exposed are most certainly not
Inside
Sabu Apparent founder and leader of LulzSec, he is a long-time hacktivist associated with senior Anonymous members. Decides who can join the group and who should be targeted. Attempts by rivals to uncover details about his real-life identity suggest he is a 30-year-old IT consultant skilled in the Python programming language who has lived in New York. The timing of some his tweets – tweeting "goodnight all" at 0700 BST, or 0200 New York time – implies he is on the US's eastern seaboard.

Topiary Believed to be second-in-command, and the public face of LulzSec. An eloquent writer with a sharp turn of phrase, Topiary manages the main LulzSec Twitter account and has a hand in most of the group's rare public pronouncements. Well-known among hackers due to long links with senior Anonymous members. Chat logs taken over five days from May and June show Topiary to be oddly self-conscious – he said of a Wikipedia page about himself: "can we delete it somehow?" – and not beyond his own reproach: "Sabu and I got a bit carried away and gave LulzSec away a bit." Little is known about his identity, though he has been informally addressed as Daniel in leaked transcripts.

Kayla Thought to be the only senior female member of the hacking community, with lengthy involvement in the top command of Anonymous and, latterly, LulzSec. Apparently owns a powerful botnet used to take down targets. May have been instrumental in the attack in February on a US security firm, HBGary. In logs, referred to as LulzSec's "assassin/spy".

Storm Another senior hacker apparently controlling a large botnet of infected computers. Known for targeting rival hacker forums, and acting on Sabu's instruction. Appears to be a veteran in the world of taking down websites, privately disclosing this month in logs seen by the Guardian that his denial of service tool is "over 10 years old".
Joepie92/Joepie91
Fringe member who spends much of the time "idling" in the group's chatrooms rather than actively co-ordinating or supporting attacks. Helps identify rival hackers. Little is known about his real-life identity.

Neuron One of the most technically able members of LulzSec, Neuron builds tools for the group and is occasionally involved in distributed denial of service (DDoS) attacks. Little is known about Neuron's real-life identity, although his use of "aye" for "yes" suggests he is in or from the UK.

Tflow Credited with creating LulzSec's famous Friday song, a comical skit denouncing other hackers and warning its rivals. Tflow also appears to be involved in maintenance for the main LulzSec website, protecting it from incoming attacks. Claims to have been around since the start of LulzSec towards the end of May.
Outside
The Jester Emphatically not a member of LulzSec. A lone-wolf hacker, self-described as a "hacktivist for good". Believed to be ex-military, The Jester appears to have considerable firepower, which he principally employs against jihadist websites. A thorn in the side of the sprawling collectives Anonymous and, latterly, LulzSec for some time: publicly mocking their "childish" pursuits and threatening to expose key members by releasing their "Dox": documents and information that would identify them in real life. Most believe the Jester to be based in the US, a product of his military background. He also attacks what he calls "terrorists, sympathizers, fixers, facilitators, and other general bad guys". Brought down the WikiLeaks website in November, hours before it released the US diplomatic cables, with an enormous DDOS attack.

LulzSec Exposed Group of unknown size of self-described "web ninjas" who say they are unaffiliated to The Jester, but share his desire to out members of LulzSec. Claim to be angry on behalf of victims; English may not be their first language (or perhaps not that of the person(s) writing their blog. "We are not doing this for [the] sake of publicity or media attention," they say on their blog. "We just thought we could help and we did it."
LulzSecHackingComputingJosh Hallidayguardian.co.uk © Guardian News & Media Limited 2011 | Use of this content is subject to our Terms & Conditions | More Feeds

Chi gestisce un proprio spazio online sicuramente saprà quanto possa essere importante proteggere da eventuali attacchi di hacker il sito web oggetto dell’attenzione oltre a monitorarne link, contenuti e quant’altro in maniera costante.
Per eseguire al meglio tale tipo d’operazione e, sopratutto, in maniera estremamente pratica agendo direttamente e comodamente dal proprio desktop è possibile appellarsi all’impiego di Website Security Monitor.
La risorsa in questione altro non è che un software freeware e tutto dedicato agli OS Windows che, presentando una pratica interfaccia utente, tra l’altro visionabile dando uno sguardo allo screenshot, permette di controllare in maniera precisa e costante il proprio sito internet verificando quindi che, tra le varie pagine web che lo compongono, non vi siano errori, link non autorizzati, script, contenuti inappropriati ed annunci di Google dirottati.
(...)Continua a leggere Website Security Monitor, monitorare la sicurezza ed i contenuti del proprio sito web agendo dal desktop, su Geekissimo
Website Security Monitor, monitorare la sicurezza ed i contenuti del proprio sito web agendo dal desktop, pubblicato su Geekissimo il 17/06/2011
© Martina Oliva (Bugeisha) per Geekissimo, 2011. | Permalink | Commenta! | Aggiungi su del.icio.us Hai trovato interessante questo articolo? Leggi altri articoli correlati nelle categorie Freeware, Sicurezza, Siti Web, Software, Windows. Post tags: controllare sito, hacking, monitorare siti web, sicurezza siti web, software freeware, Windows

EMC issued a warning today that hackers have stolen information about its RSA SecurID two-factor authentication that could be used by cybercriminals to more easily breach customers' systems,

We’ll be giving a Blackhat talk on exploiting remote timing attacks. Our goal is to convince developers that this class of attack is exploitable and worth fixing. This article in Computer World gives a decent background.

The attack is very simple. You repeatedly send guesses about a secret value to the server, which rejects them as incorrect. However, if your first byte of the guess is correct, it takes a very slightly longer time to return the error. With many measurements and some filtering, you can distinguish this difference.

While any comparison against a secret is a potential target, we chose HMAC comparison for a few reasons. An HMAC is a message authenticator, similar to a digital signature. The primary difference is that the the verifying party must keep the true HMAC secret since it gives the attacker the correct authenticator for their forged message. HMACs are used in many protocols, including most web authentication frameworks such as OAuth and OpenID and HTTP session cookies.

Guessing the correct HMAC for an arbitrary message is game over for these authentication frameworks. The token grants access to resources or allows the attacker to assume a user’s identity on various websites.

This is not a new attack. Remote timing attacks on OpenSSL were shown to be practical in 2003. Further research in 2007 showed that differences as small as 20 microseconds over the Internet and 100 nanoseconds over the LAN could be distinguished with about 1000 samples.

We (and others) have been reporting these flaws for over a year and raising developer awareness. In 2009, we found a timing leak in Google Keyczar‘s HMAC verification that was quickly fixed. Coda Hale found a similar flaw in Java’s MessageDigest implementation. The OAuth group discussed his bug back then and some maintainers decided to fix it in their code too. But many didn’t.

A quick review of OAuth and OpenID implementations showed many had timing leaks that were potentially exploitable. Either developers knew about the bug and gave it a low priority or they weren’t aware of it. Either way, we thought some concrete research was needed to show exactly how easy or hard it was to exploit these flaws in various environments.

Exploiting timing attacks depends on extracting a timing difference from many samples by filtering out the effect of noise. If there is too much noise (the difference is too small), this attack may take too long to be practical. But an attacker who can control the environment to decrease noise (say, by blocking competing users of the server), accurately model the noise and thus filter it better, or just wait longer because their target is so valuable might be successful.

Our talk builds most closely on the Crosby 2007 paper mentioned above. We have tested many configurations to find how different variables influence an attacker. The most obvious analysis is how small a time delta can be distinguished for a given number of samples. This was performed from various vantage points (guest-to-guest VM, LAN, Internet) and for various languages (C, Python, Ruby, Java, etc.)

We applied various filtering methods to the samples to see how much unfiltered jitter remained. This would determine how small a difference could be distinguished. We added in other variables such as competing load, power management, and other factors.

The talk will have the full results. Both the proponents and skeptics should be surprised in some way. We have found some configurations that are almost certainly not exploitable and others that certainly are. If you’re the maintainer of a software package, don’t count on your users being safe from timing attacks because of your assumptions. Cryptographic software, especially open-source, is deployed in everything from slow embedded servers on up to multi-Ghz clusters.

Likewise, attackers often have a better vantage point than you’d first assume. With shared hosting providers and cloud computing, you have to assume attackers can locate themselves on the same host as their target. Even in a shared datacenter, you may assume the attacker has a LAN-equivalent vantage point.

Given that it is difficult to rule out timing attacks and the fix is so simple, we think it’s best to fix them proactively. The approach that is easiest to gain assurance is to use a constant-time compare function. (That post also gives reasons why other approaches don’t work or are too complicated to verify).

We hope our talk will give some concrete results so that more developers will take this flaw seriously. See you in Vegas!

Sono riuscito ad accaparrarmi una delle 10.000 copie di Panorama (prima testata in Italia a sperimentarla) dotate di Video In Print: un display sottile dotato di memoria capace di contenere 45 minuti di filmati, connettività USB  (per ricarica e aggiornamento contenuti e "cassa" audio prodotto da Americhip.

Ecco un video dimostrativo preso da Youtube.

Clicca qui per vedere il video incorporato.

Potevo lasciarlo lì intatto senza smontarlo per vedere cosa c'è dentro? Certo che no! Su flickr potete vedere alcune foto annotate.

COLLEGAMENTO USB
Collegandolo alla presa USB del mio Mac non succede nulla (a parte il caricamento): premendo i tasti 1, 2 e 3 in sequenza (prima combinazione da provare su qualsiasi dispositivo) il VIP viene montato come chiavetta USB (400 e rotti MB di capacità: da vuota 512 immagino: ci sarà di sicuro una partizione nascosta per il sistema operativo: utility disco non mostra nulla oltre la partizione con i video).

Il filmato introduttivo è un XVID (!) 320x240 con audio a 48kHz stereo, nella cartella VIDEO sono presenti altri 5 filmati della stessa qualità: rappresentano le scelte possibili (in questo caso spot Citroen). La riproduzione è fluida, l'audio ovviamente non eccelso e il caricamento davvero veloce per il tipo di dispositivo. Passano un paio di secondi tra il click sul lettore e la riproduzione del video: premendo di nuovo il pulsante il filmato va in pausa.

Nella cartella PLAYLIST immagino ci siano files che servono alla gestione del player. Tutta la chiavetta è "sprotetta": è possibile caricarci files, quindi. Unito al fatto che riproduca XVID rende il dispositivo davvero interessante...

E infatti... Ho trovato questo post che spiega come riprodurre files e un sito (creato da Americhip stessa) per convertire online filmati fino a 50MB. Per il resto vi basta caricare i vostri files all'interno della cartella VIDEO opportunamente rinominati. Probabilmente ho avuto culo, ma il primo filmato XVID a caso preso dal mio mac ha funzionato... Al massimo ricodificate

SMONTAGGIO
Ok, lo smontaggio non porta via molto tempo... Si tratta di carta in fin dei conti. Il poco hardware è disposto in maniera ordinata. Potete vedere la foto annotata su flickr.

CONCLUSIONI
Sarà questo il futuro della pubblicità su carta? Non lo so e sicuramente questi dispositivi ancora costicchiano per una diffusione su larga scala (Panorama vende un sacco di copie e solo 10000 ne erano dotate)... In attesa dell'epaper questa è comunque l'unica alternativa possibile (e brevettata)

Analysis suggests the hacker was in east coast of America and operated over a number of days, but much remains unknown
Figuring out who was behind the hack of the Climatic Research Unit (CRU) at the University of East Anglia requires some digital forensic skills – and an insight into the mindset of those who were trying to get at CRU's files at the time.
Analysis by the Guardian and digital forensics experts suggests that an outside hacker gained access to a server at the UEA which held backups of CRU emails and a collection of staff documents. It also suggests the access occurred over a period of days, if not weeks, and was carried out from a computer based on the east coast of north America.
The release of hacked emails and documents came just months after climate change sceptics had filed more than 50 freedom of information requests querying the CRU's refusal to release of raw data and program code during the summer.
Egged on by a group of sceptical bloggers, the requests almost all began with the words "I hereby make a EIR/FoI request in respect to any confidentiality agreements restricting transmission of CRUTEM data to non-academics involing the following countries." Others sought "a copy of any digital version of the CRUTEM station data set that has been sent from CRU to Peter Webster and/or any other person at Georgia Tech". All were refused under FoI exemptions because of commercial confidentiality.
Into that silence came the release of the archived "zip" file by someone with clear hacking skills: first they grabbed the files, then they broke into the RealClimate blog to upload the archive and prepare a draft post; then, when that was thwarted, they uploaded it to a Russian website, and posted links to it on climate sceptics' blogs using web servers located in Saudi Arabia and Turkey.
That sequence of events led Sir David King, the government's former chief scientist, to say that it must have been "carried out by a team of skilled professionals, either on behalf of a foreign government or at the behest of anti-climate change lobbyists in the United States". But he quickly backed away from that statement, admitting he had no inside information.
The Guardian's analysis shows that a small group of just four of the scientists from among the dozens employed at the CRU were targeted in the sifting of email. They are: Phil Jones, the head of the CRU; Professor Keith Briffa, who studied tree rings; Tim Osborn, who worked on climate modelling for modern and archaeological data; and Mike Hulme, director of the Tyndall Centre for Climate Change Research. All are either recipients or senders of all but 66 of the 1,073 emails, and almost all the rest are sent from mailing lists, such as the Met Office's "scenarios" listing, to which at least one of the four would certainly belong.
A few remaining emails are sent by, or to, other CRU staff – indicating that the hacker had access to a backup server holding CRU emails dating back to 1996. That it is a backup is confirmed by the presence of a duplicate sent to Osborn: separated by one second, both have the same document attached, but from different machines. That suggests that the UEA's system administrators had backed up emails from CRU staff's machines onto a server – and that the hacker got into it, and also at a set of documents held on the same machine.
Jones, Briffa, Osborn and Hulme had been the focus of sceptics' ire because their high-profile scientific papers had been used to back the IPCC's reports on global warming. At the same time they had declined to release either the data (citing commercial agreements with suppliers) or the computer code they had used to analyse that data and draw their conclusions, to the frustration of many outside academia who wanted to repeat – or discredit – the work.
Early speculation that the release of the emails and documents came from a one-off hack also appear to be wrong. Digital forensic analysis shows that the zipped archive of emails and documents was not produced on a single date. Instead it was created by copying the files over a number of weeks, with bursts on 30 September 2009, 10 October and 16 November. On the last date a folder of computer analysis code by Osborn was added to the package.
The digital forensics on the files indicate that they were created on a computer set at some times four hours behind GMT, and at others five hours behind – plants the hacker on the eastern seaboard of Canada or the US.
Then early on 17 November, RealClimate's blog was hacked, locking out legitimate administrators, and the hacker tried to create a blogpost claiming that global warming was a myth, and enclosing the emails and documents.
Gavin Schmidt, one of the RealClimate administrators, says that "my information is that it was a hack into [CRU's] backup mail server".
But who was the hacker, and what were they after? Jeff Condon, who runs the climate-sceptical Air Vent blog – which posted one of the links to the archive – told the Guardian that the content of the emails and documents actually points to someone who is not expert in the topic.
Referring to an email it includes from Tim Osborn which says "we usually stop the series in 1960", Condon says that: "The only interesting detail in that email was the data, but that's not what the person wrote. What that means to me is that whomever posted these emails doesn't have a terribly deep understanding of the issues in paleoclimate science. Although the emails themselves featured some scientists who do know the issues and had some very nice details in them.
"Therefore if it's an inside job, it's likely not by a paleo or climate grad student, definitely not by a scientist," Condon said, adding: "If it's an international conspiracy I would have guessed someone on the team would know the science better than that."
But how would an outside hacker get in? Although UEA has security in place, it has seen a number of accidental security breaches of the UEA system in the recent past. On one occasion a server was configured wrongly, so that anyone outside doing a search would "fall through" to directories of files. (UEA closed that hole after being alerted about it.) A misconfigured server could have left just the hole that a capable hacker with a determination to find the data being denied via FoI requests could have exploited. But they are not government-class skills.
So what was the hacker looking for, and how? Besides the clear targeting of the four scientists, it is obvious that this is not the entirety of the CRU's emails: there are none of the routine administrative messages about fire alarms, holiday reminders and so on. Therefore the emails have been filtered. One quick way to see into the hacker's mind is to use "concordance analysis" - examining what the common words or phrases are in the emails and documents. Though usually used in linguistics to compare translations or the frequency of words, concordance software can be used to demonstrate authorship of papers, by combining a "stoplist" of words to be ignored (such as "the" or "and") with a straight analysis of the frequency of words in the text.
Concordance analysis of the emails suggests that the hacker did some careful sifting. But working out precisely what is complicated by the fact that this is the wheat – not the chaff. For instance, the hacker has clearly removed standard words such as "holiday" – except where they appear in emails to or from Jones, Briffa, Osborn or Hulme. There's no other way to explain how such a comprehensive catalogue has so few emails about time off.
Instead, emails with the words "data", "climate", "paper", "research", "temperature" and "model" prevail, according to a concordance plot. That may have been precisely what the hacker was looking for – and the fact that he also ignited a controversy over techniques might have been a surprise to him as well as the rest of the world.
(Note 5 Feb 12:42GMT: the concordance analysis that was here has been moved to a separate file. We will also post a graphic of the analysis in due course.)
Hacked climate science emailsClimate changeClimate change scepticismHackingInternetCharles Arthurguardian.co.uk © Guardian News & Media Limited 2010 | Use of this content is subject to our Terms & Conditions | More Feeds