Rat Bastards…

Friends, it seem the Feds have been caught with their hands in the privacy cookie jar again.  Wired Magazine is reporting the discovery of a piece of malware that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.  big_brotherThe FBI is considered the prime suspect as the exploit sends identifying information to an IP address in Reston, Virginia; just outside Washington, D.C.  A reverse engineer dissecting the exploit says that this is probably the first time the FBI’s “computer and internet protocol address verifier,” or CIPAV has been captured in the wild but has been around since 2002.  It seems that the malware was designed specifically to attack the Tor browser.  The payload for the Tor Browser Bundle malware is hidden in a variable called “magneto” and the heart of the malicious Javascript is a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.  But the Magneto code doesn’t download anything. It looks up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the user’s real IP address, and coded as a standard HTTP web request.  Rat Bastards.  Friends, make sure your VooDoo is patched or up-to-date, the Feds are restless.

XKeyscore?

Looks like Edward Snowden has leaked another little tidbit about the NSA’s domestic surveillance programs.  According to The Guardian, the NSA taps all you do online and XKeyscore is the program they use to do it.  This program essentially makes available everything you’ve ever done on the Internet – browsing history, searches, content of your emails, online chats, even your metadata – available without any prior authorization — no warrant, no court clearance, no signature on a dotted line. snowdenSome NSA flunky simply plugs in a private email address, and seconds later, your online history is no longer private.  That is more power than government should have over its own people.  XKeyscore is the second black mark on the NSA’s record in the past few weeks. The Guardian’s first story uncovered PRISM, a highly controversial surveillance program that reportedly allows the security agency to access the servers of major Internet organizations including Facebook, Google, Apple, Microsoft, Yahoo, YouTube and Skype, among others.  As I mentioned on a previous post, you should have no expectation of privacy when communicating digitally.  There are however, steps you can take to limit what is collected about you.  I’ve started using the Startpage search engine rather than Google.  StartPage combines the powerful search results of Google with the strong privacy features of Ixquick, the world’s most private search engine.  No IP addresses are stored, no personal data is gathered or passed on to third parties, and no identifying cookies are placed on your browser. Startpage also offers secure SSL encryption, a proxy option that allows anonymous web surfing, full third-party certification, and numerous other privacy features.  I recommend switching to Startpage immediately.  FYI, work continues on the Villainous VooDoo data encryption solution; stay tuned…

UPDATE – 08/21/13 – A new report by the Wall Street Journal says the NSA “has the capacity to reach roughly 75% of all U.S. Internet traffic.” And while the NSA is only supposed to “target” foreigners, the NSA sometimes “retains the written content of e-mails sent between citizens within the U.S.”

Privacy is something you have to make for yourself…

Whistleblower Edward Snowden claims that American & multinational telecom companies collaborate with the NSA.  Well Duh!  Of course!, do you really think the NSA needs to collaborate with anyone to read your email?  Let’s get real; you should have no expectation of privacy when communicating digitally.  Period.  There are steps you can take to secure your online presence and while some methods work better than others, I prefer Tor.  As for your data, any fully vetted public-key cryptosystem such as PGP (with an appropriate key length) should meet most peoples needs.  Most people.  For those of you looking to up your game in data encryption, the Villainous VooDoo has been hard at work on something.  Stay tuned…

UPDATE – 08/16/13 – It seems the NSA has been quite busy infringing on our privacy rights.  A newly leaked NSA audit documents 2,776 violations of privacy rules or court orders, mostly involving unauthorized collection of data on Americans or eavesdropping on foreign intelligence targets who entered the United States.  Watch what you say, big brother is listening…

UPDATE – 08/21/13 – A new report by the Wall Street Journal says the NSA relies on extensive collaboration with domestic telecommunications companies to get access to Internet traffic. “The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies.” Filtering occurs at more than a dozen “major Internet junctions.”

  • Ads