Top10VPN, for example, recently took a closer look at 150 VPN apps being offered in the Android marketplace and found that 90% of them violated consumer privacy in some fashion, either by the inclusion of DNS leaks, a failure to adequately secure and store user data, or by embedding malware:
"Simon Migliano, the head of this research, reports that at over 38 VPN apps tested positive for DNS leaks, exposing private data to hundreds of insecure links. Also, over 27 VPN apps were flagged as potential sources of malware when tested by VirusTotal.
Apart from this, the research also found intrusive permissions in over 99 apps. These permissions included user location, device information, use of the microphone, camera access and more."
https://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/, posted 30 Oct by peter in communication email privacy security
"To be honest, the spooks love PGP," Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. "It's really chatty and it gives them a lot of metadata and communication records. PGP is the NSA's friend."
E-mail was once the pillar of the Internet as a truly distributed, standards-based and non-centralized means to communication with people across the planet. Today, an increasing number of services people rely on are losing federation and interoperability by companies who need to keep people engaged on their for-profit services. Much of the Internetâs communication is moving to these walled gardens, leaving those who want to run their own services in an increasingly hostile communication landscape.
NTT Docomo on Monday announced its Japan Welcome SIM TM series will introduce Plan 0 to allow overseas visitors in Japan to access the Internet for free via the Docomo mobile network, from Tuesday. The free service will initially be available in Hokkaido and Niigata prefectures, after which other areas will be added sequentially.
https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum, posted Oct '17 by peter in communication networking security
The fact that any CA can issue a certificate for any domain name is commonly cited as the weakest aspect of the PKI ecosystem. Although CAs want to do the right thing, there are no technical controls that prevent them from doing whatever they chose to do. That’s why we say that the PKI ecosystem is a weak as the weakest link. With hundreds of CAs, there are potentially many weak links.
CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames. It operates via a new DNS resource record (RR) called CAA (type 257). Owners can restrict certificate issuance by specifying zero or more CAs; if a CA is allowed to issue a certificate, their own hostname will be in the DNS record. For example, this is what someone’s CAA configuration could be (in the zone file):example.org. CAA 128 issue "letsencrypt.org"
Enligt Bahnhofs anonyma källor föreslår utredningen att datalagringen på flera sätt ska utökas. Dessutom ska internetoperatörerna tvingas bygga om sina system i syfte att underlätta övervakningen. En normalstor operatör kommer enligt inofficiella beräkningar att behöva lagra 300 Terabyte mer än idag, till en kostnad av hundratals miljoner kronor.
blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/, posted 2016 by peter in communication networking security
The PCI Council says you must remove completely support for SSL 3.0 and TLS 1.0. In short: servers and clients should disable SSL and then preferably transition everything to TLS 1.2.
However, TLS 1.1 can be acceptable if configured properly. The Council points to a NISTpublication that tells you how to do this configuration.
Wifatch’s code does not ship any payloads used for malicious activities, such as carrying out DDoS attacks, in fact all the hardcoded routines seem to have been implemented in order to harden compromised devices. We’ve been monitoring Wifatch’s peer-to-peer network for a number of months and have yet to observe any malicious actions being carried out through it.
The cards, aptly named Prepaid SIM for Japan, can be purchased along with smartphones, mobile routers and smartphone accessories at the vending machines, the Tokyo-based telecommunications firm said.
The airport will have two such machines, for Terminal 1 and Terminal 2, with only credit cards accepted for added ease.
NTT Communications said the SIM cards are priced at ¥3,450 for one week and ¥4,950 for two weeks. Both types offer a maximum download speed of 150 megabytes per second and 50 Mbps as an upload speed. If the data amount exceeds 100 MB a day, the network speed will slow down.
Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN.
Hyperfox is capable of forging SSL certificates on the fly using a root CA certificate and its corresponding key (both provided by the user). If the target machine recognizes the root CA as trusted, then HTTPs traffic can be succesfully intercepted and recorded.