Category Archives: Security

portscanner-for-windows-7-matrix

Shhh… German Paper Reveals GCHQ’s Hacienda Program for Internet Colonization

The German news site Heise Online revealed late last week that British intelligence agency GCHQ has a “Hacienda” program to search for vulnerable systems across 27 countries that could be compromised by the British agency and its spy-counterparts in other countries, including the US, Canada, Australia and New Zealand.

Hacienda

The GCHQ reportedly used port scanning, which hackers used to find systems they can potentially penetrate, as a “standard tool” against the entire nations it targeted.

“It should also be noted that the ability to port-scan an entire country is hardly wild fantasy; in 2013, a port scanner called Zmap was implemented that can scan the entire IPv4 address space in less than one hour using a single PC,” according to Heise.

“The list of targeted services includes ubiquitous public services such as HTTP and FTP, as well as common administrative protocols such as SSH (Secure SHell protocol – used for remote access to systems) and SNMP (Simple Network Management Protocol – used for network administration).”

Hacienda27countries

The same argument holds for those who still harbor the self-comforting thought of being “nobody”, “just an ordinary law-abiding citizen”, “small potato”, etc and thus not a surveillance target: it may not be you that they are interested but the people you “know”, “work with”, “chat with”, “befriend with”, “live with”, etc.

“Using this logic, every device is a target for colonization, as each successfully exploited target is theoretically useful as a means to infiltrating another possible target” and “Firewalls are unlikely to offer sufficient protection”, said the Heise report.

Message+in+a+bottle

Shhh… New Secure NSA-Proof Chat & Messaging Solutions like Bleep and Tox

If you are looking for Skype-alternatives because you are concerned with reports of its security issues – given Skype’s alleged “background” problems and refusal to reveal its encryption method – then take comfort that there are a host of options available you’ll be spoiled with choices.

Most recently BitTorrent, best associated with making the peer-to-peer (P2P) software that allows users to download the same file from multiple sources simultaneously, has announced the launch of a pre-alpha version of its secure chat and voice-message service called BitTorrent Bleep.

Bleep

In order to counter mass surveillance and eavesdropping, Bleep enables users to make calls and send messages over the Internet without using any central server to direct traffic. What BitTorrent did was to apply the same P2P technology used for decentralized file sharing to Bleep so there is no way one could track and peep at the conversations. In essence, Bleep is a decentralized communication platform specifically designed to protect user metadata and anonymity.

And in short, every messages a user sent out is just a “Bleep” to the recipients. Sounds good? The only problem for now is that Bleep is currently limited to Windows 7 or 8 users, although there will be support for more operating systems later.

On the other hand, there is also TOX, a Free and Open Source Software (FOSS – ie. one can verify its code, unlike Skype) initiative and secure alternative to an all-in-one communication platform that guarantees full privacy and secure message delivery.

TOX

Tox takes pride in being a configuration-free P2P Skype replacement.

“Configuration-free means that the user will simply have to open the program and without any account configuration will be capable of adding people to his or her’s friends list and start conversing with them,” according to the TOX homepage.

And finally, here’s a list of ten other Skype alternatives to explore.

2Snowden-Bolshoi

Shhh… NSA Missed Snowden’s Clues

The NSA had all along claimed Snowden stole 1.7 million files but Snowden told WIRED in an exclusive interview that there were apparently much more as the agency somehow missed his “digital bread crumbs“.

“I figured they would have a hard time,” Snowden said of his evidence trail. “I didn’t figure they would be completely incapable.”

Shhh… What’s this Google’s “Project Zero”?

Several reports have surfaced the last 24 hours about Google’s “Project Zero”, essentially the online search giant’s very own in-house super-geeks team of security researchers and hackers now devoted to finding security flaws in non-Google, third-party software “across the internet”, especially zero-day flaws (newly discovered bugs) – also known as “zero-day” vulnerabilities, those hackable bugs that are exploited by criminals, state-sponsored hackers and intelligence agencies.

Now the question is, is this a Google PR stunt? Read this and that articles and decide for yourself.

Shhh… GCHQ’s Hacking Tools Leaked

The latest Snowden revelations include a leaked document that lists the cyber-spy tools and techniques used by the American NSA’s UK counterpart GCHQ, according to a BBC News report.

More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.

Europe’s Ruling on Google: Much Ado About Nothing

Europe’s Ruling on Google: Much Ado About Nothing

Forget-me-not

“More than once, I’ve wished my real life had a delete key.” – Harlan Coben, American novelist.

If that sounds familiar, it has now become a reality but with reasons for concern – it has been two months since the controversial European “right to be forgotten” ruling. The irony is that nothing has actually changed fundamentally despite all the subsequent hoo-hah.

Let’s not forget the internet was originally designed to exchange raw data between researchers and scientists. Any attempt to manually and selectively remove the contents, successful or otherwise, is like playing God – much worse when Google decides what to delete.

I have listed an example to illustrate the lessons to be learned and price to be paid – of a somewhat similar attempt and the implications on the society at large.

You can find the entire column here.

Post-Snowden, the US Reaps a Security Whirlwind

Post-Snowden, the US Reaps a Security Whirlwind

From China with Love

It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.

There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.

Snowden said his biggest fear is that nothing would change following his bold decision a year ago.

You can find the entire column here.

Shhh… Microsoft, the NSA & You

End of Wins XP is No Dawn for Wins 8

Don’t be fooled into upgrading to Wins 8 after Microsoft recently ended support for the popular Wins XP OS. High time to switch to Linux instead – as I did 3 years ago.

Read this nicely written piece on those long held conspiracy theories about Microsoft and the NSA.

Do You Need the World’s Most Secure Email?

Do You Need the World’s Most Secure Email?

Or is Privacy Even Possible?

Is privacy and a secure email on your wish list? How does the “most secure email program” sound to you? Or rather, is that still possible in this post-Snowden era? How about a completely secure search engine?

Find out more from my latest column here and there.

Shhh… Heartbleed Check & Fix

The open source OpenSSL project revealed Monday a serious security vulnerability known as the “Heartbleed” bug that is used by two-third of the web to encrypt data, ie. to protect usernames, passwords and any sensitive information on secure websites. Yahoo is said to be the most exposed to Heartbleed but the company said it has fixed the core vulnerability on its main sites. There are several things you would need to do to check for Heartbleed bug and protect yourself from it, apart from changing your passwords. And according to the Tor project, staying away from the internet entirely for several days might be a good idea.

Check these YouTube video clips for more information – and find out how to fix it on Ubuntu Linux.

When Chaos Trumps Security

When Chaos Trumps Security

Lapse in Taipei a Lesson for Hong Kong

It doesn’t take much for unfolding events to break down security, especially if security forces aren’t well trained to handle unexpected situations. The continuing standoff between the Taiwan government and protesters over the lack of transparency during the negotiations of a cross-Strait services pact between Taipei and Beijing has stolen global headlines and illustrates that scenario.

Scores of university students stormed the legislative chamber in Taipei on March 18, leading to the continued unrest that has been dubbed the “Sunflower Movement”. That was followed by 100,000 people who gathered for a sit-in protest outside the Presidential Office Building earlier this month.

Contentious issues aside, the entire episode – with memorable scenes of students fending off the raiding police by piling entrances and exits with furniture and riot police using batons and water cannons on them – prompted the nagging question: Was security at the government buildings in Taipei so lax and easily penetrable? Definitely, from my personal experience.

Please find the entire column here.