The latest one . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered
Category: Security Bloggers
A man was arrested for drug dealing based on the IP address he used while querying the USPS package tracking website.
The ACLU’s Chris Soghoian explains (time 25:52-30:55) why the current debate over Section 215 of the Patriot Act is just a minor facet of a large and complex bulk collection program by the FBI and the NSA. There were 180 orders authorized last year by the FISA Court under Section 215 — 180 orders issued by this court. Only five of those orders relate to the telephony metadata program
This is interesting: The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense that they are under surveillance when in public and very few feel they have a great deal of control over the data that is collected about them and how it is used. Adding to earlier Pew Research reports that have documented low levels of trust in sectors that Americans associate with data collection and monitoring, the new findings show Americans also have exceedingly low levels of confidence in the privacy and security of the records that are maintained by a variety of institutions in the digital age.
Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically: The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography
Last month, I blogged about security researcher Chris Roberts being detained by the FBI after tweeting about avionics security while on a United flight: But to me, the fascinating part of this story is that a computer was monitoring the Twitter feed and understood the obscure references, alerted a person who figured out who wrote them, researched what flight he was on, and sent an FBI team to the Syracuse airport within a couple of hours. There’s some serious surveillance going on. We know a lot more of the back story from the FBI’s warrant application .
Vulnerabilities on the website only, not in airport security or in the avionics.