TOWR Security Brief: 12 Sept 2016

[et_pb_section admin_label=”section” transparent_background=”off” background_color=”#ffffff” allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”||0px|”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”off” custom_padding=”||0px|” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#bcbcbc” use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_letter_spacing=”2px” custom_margin=”||0px|” custom_padding=”||0px|”]

TOWR TECH & SECURITY

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” max_width=”660px” text_font=”PT Sans||||” text_font_size=”72″ text_text_color=”#1d1d1d” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”18px||80px|” text_line_height=”1.1em” text_font_size_last_edited=”on|desktop” text_font_size_tablet=”52″]

TOWR Security Brief: 12 September 2016

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section admin_label=”Section” fullwidth=”off” specialty=”off” transparent_background=”off” background_color=”#f7f7f4″ allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”0px|||”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/kit.jpeg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”off” sticky=”on” align=”center” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”-48px|||”] [/et_pb_image][et_pb_text admin_label=”Author” background_layout=”light” text_orientation=”center” text_font=”PT Sans||||” text_font_size=”18″ text_text_color=”#323232″ text_line_height=”1.4em” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”14px||0px|”]

Kit Perez

[/et_pb_text][et_pb_text admin_label=”Date” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”0px|||”]

08 August 2016

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Intro” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”24″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”40px||0px|” text_line_height=”1.4em” text_font_size_last_edited=”on|tablet”]

Welcome to this week’s TOWR Security Brief. The privacy/tech world is constantly changing, and it’s important that you stay informed because any one of those changes may affect how you need to conduct yourself on the internet. Our briefs are designed to give you a short overview of the pertinent news items over the last week, and let you know what you need to do about them.

[/et_pb_text][et_pb_text admin_label=”Topics” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

In this week’s brief:

  • The Killer USB stick, a flash drive that fries any computer it’s plugged into, is now on sale. You need one–for your own computer.
  • Tor Messenger 0.2.0b2 is out, so you’ll want to upgrade (or get it to begin with).
  • Speaking of Tor, we’ve got more information on how you can be identified on Tor if you’re not careful.
  • You know all those Bluetooth- and Wifi-enabled devices and appliances you thought were so cool at first? They’re spying on you. That’s their actual purpose.
  • Still think that people don’t get paid to be trolls, disrupting your social media conversations and forum threads or posting disinformation to color your opinion on an issue? Think again.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”3_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/09/USBkill.png” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][et_pb_column type=”1_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off” custom_css_main_element=”width:130px;”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|” max_width=”130px”]

You need this…for yourself.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||” max_width=”130px”]

Photograph by USBKill.com

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Point 1″ background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”46px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

You’ve got all kinds of data on your computer. Whatever you have on your computer is your business….until the feds make it their business. Should you find yourself in need of ditching the info on your computer at a moment’s notice, there’s a little something called USBKill that can help you out with that. It was a proof of concept but now it’s real.

The USB Kill collects power from the USB power lines (5V, 1 – 3A) until it reaches ~ -240V, upon which it discharges the stored voltage into the USB data lines.
This charge / discharge cycle is very rapid and happens multiple times per second.
The process of rapid discharging will continue while the device is plugged in, or the device can no longer discharge – that is, the circuit in the host machine is broken.

They’re $50, and you can get them here. (No, we’re not getting a kickback for that endorsement. We’re buying them too!)

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_font=”PT Serif||||” text_font_size=”32″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”16px||30px|” text_line_height=”1.3em” text_font_size_last_edited=”on|tablet” max_width=”900px”]

“USB Kill stick could be a boon for whistleblowers, journalists, activists…” – thehackernews.com

[/et_pb_text][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Tor Messenger is out with an updated version. You can get it here. One of the biggest changes is secure updating:

Moving forward, Tor Messenger will prompt you when a new release is available, automatically download the update over Tor, and apply it upon restart. Keeping Tor Messenger up-to-date should now be seamless, painless, and secure.

Nifty.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/09/shutterstock_445905166.jpg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|”]

Are Tor hidden services making you easier to catch?

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||”]

Photo by Shutterstock

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

At this point you’re probably using the Tor Browser, and you may or may not be using it to browse the Dark Web. Can you trust Tor’s Hidden Services DIrectories? Naked Security says no way.

In their presentation, Non-Hidden Hidden Services Considered Harmful, given at the recent Hack in the Box conference, Filippo Valsorda and George Tankersley showed that a critical component of the Dark Web, Tor’s Hidden Service Directories (HSDirs), could be turned against users.

Targeting HSDirs is so easy that the researchers suggest you should avoid the Dark Web if you really care about your anonymity.

Isn’t that fun?

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Point5″ background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

If that didn’t put a dent in your day, let’s talk about the Internet of Things, or IoT. Everything in our house is seemingly tied to wifi or Bluetooth now, it seems. From your smart fridge to your smart TV to your security cameras to the thermostat. Apps like IFFFT automate things even further (allowing you to set conditions and actions such as “If my phone leaves the house, turn the thermostat down to 60 degrees, and turn it back up when I am showing as 1 mile from home.”), moving data between apps and devices that normally wouldn’t talk.

One of the things we hammer home in the Basic Privacy class is that the more convenient something is, the less secure and/or safe it is. Robert Gore at Straight Line Logic rounds up a few articles that are so must-read that we’d forgive you if you went over there before finishing this security brief. You need to understand the nature of the IoT threat and what it means for you and your family. You may realize, after reading, that maybe you don’t need all those conveniences after all.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

And lastly, we have this gem. DIsinformation is not only a favorite tool of the Powers That Be and their lackeys, but it’s big business. Schneier has details.

But Aglaya had much more to offer, according to its brochure. For eight to 12 weeks campaigns costing €2,500 per day, the company promised to “pollute” internet search results and social networks like Facebook and Twitter “to manipulate current events.” For this service, which it labelled “Weaponized Information,” Aglaya offered “infiltration,” “ruse,” and “sting” operations to “discredit a target” such as an “individual or company.”

Schneier makes the salient point that some of the claims made could possibly be exaggerated, but the real point, as he reminds us, is that there are governments interested in these services, and willing to pay big money for them. Do you really think no one’s providing them?

That’s all for this week’s brief. Stay tuned tomorrow for a list of updated class offerings for the next 6 months!

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” custom_width_px=”980″ use_custom_gutter=”off” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding=”50px||0px|”][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2015/12/TOWR_LOGO_V2.png” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”off” sticky=”off” align=”center” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” custom_width_px=”980px” use_custom_gutter=”on” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” parallax_3=”off” parallax_method_3=”off” column_padding_mobile=”on” gutter_width=”2″ custom_padding=”30px|||” custom_padding_tablet=”6px|||” custom_padding_last_edited=”on|tablet”][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”68″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” use_border_color=”off” border_color=”#ffffff” border_style=”solid” header_font_size=”15″ saved_tabs=”all” global_module=”26311″] [/et_pb_blog][/et_pb_column][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”87″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” header_font_size=”15″ use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_blog][/et_pb_column][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”62″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” use_border_color=”off” border_color=”#ffffff” border_style=”solid” header_font_size=”15″] [/et_pb_blog][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][/et_pb_row][/et_pb_section]

TOWR Security Brief: 25 August 2016

Hi everyone,

Please accept our apologies for the delays on getting this brief out.  I’m filling in for Kit on this post, so the formatting might be a different than you’re used to.

In this week’s brief, we’re going to talk about:

  • Surveillance in Baltimore
  • NSA Word Games
  • 3DES and Blowfish vulnerabilities
  • Vulnerabilities in Juniper Firewalls

Baltimore:
https://t.co/Eq3iVAs2Lw

From Bloomberg, news of surveillance in Baltimore. Of particular interest is an airborne live feed surveillance system that can view an entire city.

“In 2006 he gave the military Angel Fire, a wide-area, live-feed surveillance system that could cast an unblinking eye on an entire city.

The system was built around an assembly of four to six commercially available industrial imaging cameras, synchronized and positioned at different angles, then attached to the bottom of a plane. As the plane flew, computers stabilized the images from the cameras, stitched them together and transmitted them to the ground at a rate of one per second. This produced a searchable, constantly updating photographic map that was stored on hard drives. His elevator pitch was irresistible: “Imagine Google Earth with TiVo capability.””

Remember that the next time you’re at a protest.


NSA Word Games:
https://www.eff.org/deeplinks/2016/08/nsa-word-games-mass-v-targeted-surveillance-under-section-702

The EFF recently published an article illustrating how the NSA torments language to downplay its surveillance of the American people.

“Since 2008, the NSA has seized tens of billions of Internet communications. It uses the Upstream and PRISM programs—which the government claims are authorized under Section 702 of the FISA Amendments Act—to collect hundreds of millions of those communications each year. The scope is breathtaking, including the ongoing seizure and searching of communications flowing through key Internet backbone junctures,[1]the searching of communications held by service providers like Google and Facebook, and, according to the government’s own investigators, the retention of significantly more than 250 million Internet communications per year.[2]

Yet somehow, the NSA and its defenders still try to pass 702 surveillance off as “targeted surveillance,” asserting that it is incorrect when EFF and many others call it “mass surveillance.”

Our answer: if “mass surveillance” includes the collection of the content of hundreds of millions of communications annually and the real-time search of billions more, then the PRISM and Upstream programs under Section 702 fully satisfy that definition. ”

That’s what, in statement analysis, is called a personal dictionary. Make sure when you’re speaking to someone that you know what they mean when they use a particular word or phrase.


3DES and Blowfish Vulnerabilies:
https://threatpost.com/new-collision-attacks-against-3des-blowfish-allow-for-cookie-decryption/120087/

Threat Post recently published an article regarding the possibility of older ciphers used to encrypt authentication cookies for the web being cracked.

“RC4 apparently is no longer the lone pariah among smaller cryptographic ciphers. Already broken and set for deprecation by the major browser and technology makers, RC4 could shortly have company in Triple-DES (3DES) and Blowfish. Researchers are set to present new attacks against 64-bit ciphers that allow for the recovery of authentication cookies from 3DES-protected traffic in HTTPS and the recovery of usernames and passwords from OpenVPN traffic, which is secured by default by Blowfish.”

Our advice is to always make sure your browser is up to date, use two-factor authentication where possible, and if privacy is really important use TAILS or Tor Browser.


Juniper Firewall Exploit:
http://www.scmagazine.com/juniper-confirms-leaked-nsa-exploits-affect-its-firewalls-no-patch-released-yet/article/518235/

Speaking of our friends at the NSA, security appliance manufacturer Juniper Networks just revealed that, unsurprisingly, they have a vunerability that could allow access to, well, pretty much anyone. How does your traffic flow across the internet? Who else is compromised and hasn’t publicized it yet?

That’s it for this briefing.  Stay tuned, we’ll have more coming soon.  Thanks for your feedback and input!

TOWR Security Brief: 15 August 2016

[et_pb_section admin_label=”section” transparent_background=”off” background_color=”#ffffff” allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”||0px|”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”off” custom_padding=”||0px|” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#bcbcbc” use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_letter_spacing=”2px” custom_margin=”||0px|” custom_padding=”||0px|”]

TOWR TECH & SECURITY

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” max_width=”660px” text_font=”PT Sans||||” text_font_size=”72″ text_text_color=”#1d1d1d” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”18px||80px|” text_line_height=”1.1em” text_font_size_last_edited=”on|desktop” text_font_size_tablet=”52″]

TOWR Security Brief: 15 August 2016

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section admin_label=”Section” fullwidth=”off” specialty=”off” transparent_background=”off” background_color=”#f7f7f4″ allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”0px|||”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/kit.jpeg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”off” sticky=”on” align=”center” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”-48px|||”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans||||” text_font_size=”18″ text_text_color=”#323232″ text_line_height=”1.4em” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”14px||0px|”]

Kit Perez

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”0px|||”]

15 August 2016

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”24″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”40px||0px|” text_line_height=”1.4em” text_font_size_last_edited=”on|tablet”]

The privacy/tech world is constantly changing, and it’s important that you stay informed because any one of those changes may affect how you need to conduct yourself on the internet. Our briefs are designed to give you a short overview of the pertinent news items over the last week, and let you know what you need to do about them.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

 

In this week’s brief:

  • Democrat data got leaked by the infamous “Guccifer” over the weekend. Hypocrisy alert: They’re mad. Have fun with it.
  • The White House is considering sanctions against Russia for the DNC hacks. God forbid they deal with what was IN the hack.
  • Ever heard of video jacking? We hadn’t either, but here’s why you need to know about it.
  • For those of you with air-gapped machines that don’t connect to the internet…you’re still not totally safe.
  • Microsoft accidentally leaked the key to its Secure Boot for Windows. This is why mandating back doors is a bad idea.
  • The researchers doing a security audit on Veracrypt are seeing evidence that their audit is being spied on.
  • If you still think no one cares about your passwords…there’s a whole market on the darknet just for them.

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”3_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/w704.png” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][et_pb_column type=”1_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off” custom_css_main_element=”width:130px;”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|” max_width=”130px”]

I’m sure you can think of a use for this data, right?

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||” max_width=”130px”]

Photograph by Shutterstock

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”46px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

The big story over the weekend was that the hacker Guccifer released a whole list of Democratic Congressional Campaign Committee member personal information.

The notorious hacker published several documents that include cell phone numbers, home addresses, official and personal e-mail addresses, names of staffers, and other personal information for the entire roster of Democratic representatives. The data dump also includes several memos from House Minority Leader Nancy Pelosi’s personal computer, detailing fundraisers and campaign overviews.

With absolutely no sense of irony, had this to say:

Really, Adam? Never? I remember when the names and addresses of gun owners got published and no one did a thing about it. At any rate, certainly we shouldn’t let a crisis go to waste (to take another point out of the Democrat playbook). Certainly there are those among us who could think of a use for this windfall of information.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_font=”PT Serif||||” text_font_size=”32″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”16px||30px|” text_line_height=”1.3em” text_font_size_last_edited=”on|tablet” max_width=”900px”]

 

“Who cares what evidence of criminal activity was in the DNC leaks? What matters is WHO DID IT.” — Democrats

 

[/et_pb_text][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Russians” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Speaking of leaks, the DNC leak–in which we all got vindicated for believing that the election machine is as corrupt as ever–was done by the Russians. That’s what the Dems want you to think, at least. The White House is “considering sanctions” for it. Maybe the administration will send some really pointed tweets.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/vidjackback-580×468.png” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|”]

 

Some of the equipment used in the “video jacking” demonstration at the DEF CON security conference last week in Las Vegas.

 

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||”]

Photo by Brian Markus

 

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”videojacking” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Ever heard of “video jacking?” It’s yet another way someone can take control of your device.  Here’s how it works:

Dubbed “video jacking” by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine splits the phone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in — including PINs, passwords, account numbers, emails, texts, pictures and videos.

Is your phone on the vulnerable list? You can find out here and here.

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/diskfiltration-640×358.jpg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|”]

“DiskFiltration” siphons data even when computers are disconnected from the Internet.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||”]

 

Photo from Cyber Security Labs.

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

One of the things that we have advised people to do if they’re working with highly secure or sensitive information is to use an “airgapped” machine in addition to your regular computer. This means not only do you not ever connect it to your home or work wi-fi, you’ve actually removed all possibility of it ever connecting to any wi-fi or internet connection because you’ve physically removed the capability. (For info on how to actually create that machine, check out our Paranoid PC series.)

In another episode of “mouse vs. mousetrap,” researchers have figured out a way to breach an airgapped machine. This isn’t news in and of itself, since it’s already been done. This is just the latest way to do it.

The method has been dubbed “DiskFiltration” by its creators because it uses acoustic signals emitted from the hard drive of the air-gapped computer being targeted. It works by manipulating the movements of the hard drive’s actuator, which is the mechanical arm that accesses specific parts of a disk platter so heads attached to the actuator can read or write data. By using so-called seek operations that move the actuator in very specific ways, it can generate sounds that transfer passwords, cryptographic keys, and other sensitive data stored on the computer to a nearby microphone.

Now, before you throw out your computers, or worse yet, give up on privacy and security because you think there’s no point and no hope, consider this:

  • This technique has a range of six feet. That’s it. This means, as long as you continue to be aware of your surroundings, and use best practices with ALL of your devices, you’re fine.
  • In order for this technique (and others like it) to work, the computer in question has to be infected with malware. Since an airgapped machine by default isn’t connected to the internet to get malware, it’d have to be infected in person by someone with access–another point in your favor.

Simply keep your airgapped machine away from devices with a microphone (including your own smartphone!) and you should be just fine.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Security experts have constantly warned about the government’s desire to have backdoors built into everything “just in case” they “need it.” Having the backdoor automatically means the encryption or security is pointless. as Microsoft just illustrated to everyone. They accidentally leaked the key protecting their UEFI Secure boot feature. So much for ‘secure boot’ and all.

(Keep in mind that the situation is more complex than just leaking a key, as you’ll see in the comments on the Schneier article. There are techie explanations for those wanting to understand the full extent. For the rest of us, however, it’s close enough.)

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Speaking of encryption and whatnot, researchers who are doing an independent audit of VeraCrypt are finding that someone (or someones, plural) are interested enough in their work that they’re spying on it. Graham Cluley writes:

Now, the bad news… OSTIF says that its confidential PGP-encrypted communications with QuarkLabs about the VeraCrypt security audit may be being mysteriously intercepted:

We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders. Not only have the emails not arrived, but there is no trace of the emails in our “sent” folders. In the case of OSTIF, this is the Google Apps business version of Gmail where these sent emails have disappeared.

This suggests that outside actors are attempting to listen in on and/or interfere with the audit process.

We are setting up alternate means of encrypted communications in order to move forward with the audit project.

If nation-states are interested in what we are doing we must be doing something right. Right?

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Our last item for today is this. No matter how much people get harped on about using secure passwords and not reusing the same ones on multiple sites, people still do it. Who could possibly want your Netflix password, right? Actually, you’d be surprised. There’s an entire market for logins on the dark net, where your logins for everything from Netflix to Paypal to Gmail are being bought and sold at a blinding rate.

The adversaries we have to worry about when we’re choosing our Twitter or eBay passwords are in it for the money and their approach isn’t so much cyber-fencing as carpet bombing – it’s untargeted and it doesn’t matter who gets hit because it’s “how many?” that matters.

Our accounts aren’t compromised one by one, they’re cracked en masse or exfiltrated in the millions and then bought and sold online.

[…]

While Paypal has, and still dominates … it is now possible to find Amazon, Uber, eBay, Netflix, Twitter, Dell and many more … Any account that can generate fraudsters money, or even help them receive a service for free, has a demand in the cyber underground.

…Uber, for example, are sought after by fraudsters simply because they provide “free taxi rides”. Demand for adult entertainment accounts is high due to interest for self ­consumption.

…eBay and Amazon are sought after … to steal money or credits from these accounts … Compromised dating site accounts are also often exploited for romance scams.

How much is your account worth?

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” custom_width_px=”980″ use_custom_gutter=”off” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding=”50px||0px|”][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2015/12/TOWR_LOGO_V2.png” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”off” sticky=”off” align=”center” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” custom_width_px=”980px” use_custom_gutter=”on” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” parallax_3=”off” parallax_method_3=”off” column_padding_mobile=”on” gutter_width=”2″ custom_padding=”30px|||” custom_padding_tablet=”6px|||” custom_padding_last_edited=”on|tablet”][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”68″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” use_border_color=”off” border_color=”#ffffff” border_style=”solid” header_font_size=”15″ saved_tabs=”all” global_module=”26311″] [/et_pb_blog][/et_pb_column][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”87″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” header_font_size=”15″ use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_blog][/et_pb_column][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”62″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” use_border_color=”off” border_color=”#ffffff” border_style=”solid” header_font_size=”15″] [/et_pb_blog][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][/et_pb_row][/et_pb_section]

Basic Privacy and Anonymity Part 2 Webinar, 31 August 2016

[et_pb_section admin_label=”Section” fullwidth=”off” specialty=”off”][et_pb_row admin_label=”Row” make_fullwidth=”on” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” gutter_width=”1″ padding_mobile=”off” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” padding_top_1=”8%” padding_right_1=”8%” padding_bottom_1=”10%” padding_left_1=”8%” padding_1_last_edited=”on|desktop” padding_1_tablet=”0%|5%|5%|5%”][et_pb_column type=”1_2″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#303030″ text_line_height=”1.5em” use_border_color=”off” border_color=”#ffffff” border_style=”solid” max_width_last_edited=”on|desktop” custom_margin_last_edited=”on|desktop” custom_margin_tablet=”10%||10%|10%” custom_margin_phone=”5%||5%|5%” text_font=”Source Sans Pro||||” header_font_size=”15px”]

Description

This class is geared to those who either need to learn the basics of privacy and anonymity, or who would like a refresher. Everyone has the right to conduct their affairs in private, and this Basic Privacy and Anonymity webinar class will show you how to start doing that. Whether you’re a total beginner who’s never heard of any of this, or someone who’s dabbled but doesn’t feel comfortable with it, or even if you do it all the time and just want to double check and make sure you’re doing it right, this class is for you.

 

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/063.jpg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”off” align=”right” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”off” custom_padding=”7.5%||7%|” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” max_width=”86%” text_font_size=”48″ text_text_color=”#303030″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_css_main_element=”font-weight:900;” text_font=”Source Sans Pro||||” text_line_height=”1.2em” text_font_size_phone=”36″ text_font_size_last_edited=”on|phone”]

These skills will help you protect not only you, but the people you talk to and work with.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

This is Part 2 of a two-session class. In this first session, we’ll cover the following:

  • Secure messaging – which ones are best for privacy?
  • Virtual Private Networks (VPN) – how to connect to the internet anonymously.
  • Bitcoin Basics – how to buy and sell cryptocurrency for anonymous purchases.
  • Best practices for online activities – how to evade digital surveillance and protect your metadata.

(Check out the agenda for Part 1 here.)

Both sessions will have a question and answer period as well. Sessions are limited to 25 people so everyone gets a chance to ask questions.

We recently offered this class in-person as a one-day event, and it was a huge success. We had so many requests from outside the Pacific Northwest for this kind of training that we have broken the class up into two sessions, two hours each, and are offering them as a live webinar. (It’ll also be available later as an archive.)

This is an overview class, meant to introduce you to the concepts of privacy and why they’re so critical to Three Percenters and patriots. It’ll also set you up for more advanced classes we will be giving this fall that deal with more advanced functions and operations. If any of the following statements have ever come out of your mouth….

  • I’m not doing anything illegal.
  • There’s no point in any of this; the government can see you no matter what you do.
  • Go ahead and let them look!
  • If you try to be private you’re just making yourself more of a target.

you need to be in this class. You will have your eyes opened.

You get access to BOTH sessions–a total of four hours of live instruction—for $25. That not only includes both webinar sessions live, but access to them later as well so you can go back over the material.

Session 2 is August 31, from 6:30-8:30PM Pacific time. You can reserve your place and get payment info by contacting us here.

Don’t miss your chance to learn how to protect yourself and your group.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

TOWR Security Brief – 08 August 2016

[et_pb_section admin_label=”section” transparent_background=”off” background_color=”#ffffff” allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”||0px|”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”off” custom_padding=”||0px|” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#bcbcbc” use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_letter_spacing=”2px” custom_margin=”||0px|” custom_padding=”||0px|”]

TOWR TECH & SECURITY

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” max_width=”660px” text_font=”PT Sans||||” text_font_size=”72″ text_text_color=”#1d1d1d” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”18px||80px|” text_line_height=”1.1em” text_font_size_last_edited=”on|desktop” text_font_size_tablet=”52″]

TOWR Security Brief: 08 August 2016

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section admin_label=”Section” fullwidth=”off” specialty=”off” transparent_background=”off” background_color=”#f7f7f4″ allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”0px|||”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/kit.jpeg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”off” sticky=”on” align=”center” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”-48px|||”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans||||” text_font_size=”18″ text_text_color=”#323232″ text_line_height=”1.4em” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”14px||0px|”]

Kit Perez

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”0px|||”]

08 August 2016

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”24″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”40px||0px|” text_line_height=”1.4em” text_font_size_last_edited=”on|tablet”]

Welcome to the first installment of TOWR Security Briefs. The privacy/tech world is constantly changing, and it’s important that you stay informed because any one of those changes may affect how you need to conduct yourself on the internet. Our briefs are designed to give you a short overview of the pertinent news items over the last week, and let you know what you need to do about them.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

In this week’s brief:

  • So-called “secure” messaging app Telegram was caught with a big data leak problem.
  • As we’ve mentioned, just using Tor isn’t enough. A federal judge has let slip some interesting info.
  • Android users aren’t safe either: Almost 900 MILLION users are affected by a new security hole found.
  • If that’s not enough, now your monitor can be hacked too.
  • All Delta flights got grounded this morning because of an IT problem. But sure, our infrastructure is safe.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”3_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/shutterstock_334629809.jpg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][et_pb_column type=”1_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off” custom_css_main_element=”width:130px;”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|” max_width=”130px”]

Telegram claims to be a secure messaging app, but there are a lot of issues—enough to pass on it completely.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||” max_width=”130px”]

Photograph by Shutterstock

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”46px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

So called secure messaging app Telegram ran into (another) snag last week, as it was discovered that the app leaks anything that’s pasted into it.

In the OS X version, text that was copied-and-pasted into the app was also written to the file /var/log/system.log, better known as the syslog, creating a sort of ad-hoc and unnoticed backup of any private conversations or notes.

The app’s founder replied on Twitter that “any app can read your clipboard,” but Telegram quickly released a patch to fix the leak. Even so, there are far better apps to use if you’re looking for secure communications (at least, as secure as you can get using digital means).

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_font=”PT Serif||||” text_font_size=”32″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”16px||30px|” text_line_height=”1.3em” text_font_size_last_edited=”on|tablet” max_width=”900px”]

“With all of Telegram’s problems thus far, it’s safe to say there are much better apps out there.”

[/et_pb_text][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

The Tor browser took a hit lately as well. Recently, Ovie Carroll, who is with the Cybercrime Laboratory of the Department of Justice, advised a roomful of about 100 federal judges to use Tor because of data leaks and security problems on the ‘regular’ internet. Before you nod sagely and point to your own Tor install, take note of the second half of this story. A federal judge in Tacoma, WA who was present at that event had this to say:

I was surprised to hear him urge the federal judges present, a hundred or so of them, that they should use the Tor network to protect their personal information on their computers, like work or home computers, against data breaches and the like.

I did not respond to that. I almost felt like saying, “That’s not a good way to protect stuff, because the FBI can go through that like eggshells.”

What would make him say that? Here’s where it gets shady. That particular federal judge is the same one who “suppressed the FBI’s evidence in a recent child abuse case – evidence that was acquired even though the defendants allegedly used Tor to “protect” themselves from being tracked down.” Part of the reason that there was a controversy about that evidence at all was because the FBI didn’t want to reveal their Network Investigative Technique (NIT) that was used, which would have exposed their method of getting around Tor’s anonymity to begin with.

Naked Security asks some pointed yet valid questions:

Did the FBI hack the child abuse website and implant its NIT in a fake video on that very site, and thereby reveal a list of IP numbers that could be used to establish probably cause for a bunch of search warrants?

Or did it exploit a general security hole in Tor itself, and therefore perhaps pick up accidental visitors during the investigation?

Those of who you are still claiming “but I’m not doing anything illegal” would do very well to remember this story, and the questions it raises. If you think the government is above such conduct, think again.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/android-thumb-150×150.jpeg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|”]

Over 900 million Android users are affected by the latest security hole in Qualcomm chips.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||”]

You do have a burner phone or five, right?

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

A new set of vulnerabilities affecting Android phones was revealed at this year’s DEFCON. Named Quadrooter, the vulnerabilities are in the microchip at the heart of the Android device, and would give unfettered, complete access to a target’s phone.

An attacker can exploit these vulnerabilities using a malicious app. Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing.

So far the phones affected include:

  • BlackBerry Priv
  • Blackphone 1 and Blackphone 2
  • Google Nexus 5X, Nexus 6 and Nexus 6P
  • HTC One, HTC M9 and HTC 10
  • LG G4, LG G5, and LG V10
  • New Moto X by Motorola
  • OnePlus One, OnePlus 2 and OnePlus 3
  • Samsung Galaxy S7 and Samsung S7 Edge
  • Sony Xperia Z Ultra

Check Point, the group responsible for discovering Quadrooter, has released a free scanner app to help Android users know if their personal devices are at risk.

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/Untitled-design.jpg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|”]

This is a monitor. This kind of monitor does not get hacked. Be like this monitor.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||”]

No, really.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

As if finding out that your phone has a new security hole in it isn’t bad enough, your monitor can also be hacked. In fact, this particular vulnerability also targets almost one billion devices.

if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor’s embedded computer, specifically its firmware…the computer that controls the menu to change brightness and other simple settings on the monitor. The hacker can then put an implant there programmed to wait…for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor…

[T]his could be used to both spy on you, but also show you stuff that’s actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable…

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

And one more item for those blissfully ignorant souls that think a massive power outage wouldn’t reduce American society to a bunch of feral animals… This morning Delta airlines experienced a fire in their data center, resulting in a loss of power that took down all flight operations and bookings. All flights were grounded for several hours.  If there’s anything that can drive a group of people to feral behavior, it’s a FUBAR situation at the airport.  Remember this story from Southwest a few weeks ago?

This is the second severe IT-induced travel disruption in recent weeks. On July 20, Southwest Airlines lost a router in its Dallas data center, which resulted in 2,300 flight cancellations. Southwest’s CEO Gary Kelly described that event as a “once-in-thousand-year flood.”

Think about the ripple effect from these incidents. These aren’t just people going on vacation or going to see Grandma (and even cancelling or grounding their flights causes financial hardship, issues with work, etc). These are business professionals, packages, documents, you name it. A disruption in U.S. air travel affects industries all over the world.

We included this story in this week’s brief to get you thinking. What if you were the one stranded someplace other than home due to a natural disaster or power grid attack? How would you get home? Could you get home? Do you have a plan in place for that scenario? Does your family know what to do if they’re in that situation? These types of scenarios are exactly why we train and prepare.

That’s it for this week. Feel free to discuss these stories in the comments!

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” custom_width_px=”980″ use_custom_gutter=”off” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding=”50px||0px|”][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2015/12/TOWR_LOGO_V2.png” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”off” sticky=”off” align=”center” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” custom_width_px=”980px” use_custom_gutter=”on” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” parallax_3=”off” parallax_method_3=”off” column_padding_mobile=”on” gutter_width=”2″ custom_padding=”30px|||” custom_padding_tablet=”6px|||” custom_padding_last_edited=”on|tablet”][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”68″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” use_border_color=”off” border_color=”#ffffff” border_style=”solid” header_font_size=”15″ saved_tabs=”all” global_module=”26311″] [/et_pb_blog][/et_pb_column][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”87″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” header_font_size=”15″ use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_blog][/et_pb_column][et_pb_column type=”1_3″][et_pb_blog admin_label=”Blog” fullwidth=”off” posts_number=”1″ include_categories=”62″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”on” show_date=”on” show_categories=”on” show_comments=”on” show_pagination=”on” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” use_border_color=”off” border_color=”#ffffff” border_style=”solid” header_font_size=”15″] [/et_pb_blog][/et_pb_column][/et_pb_row][/et_pb_section]