# threatpost.com

# Reddit netsec

# Krebs On Security

  • Stealthy, Razor Thin ATM Insert Skimmers Thu, 21 Aug 2014 19:59:37 +0000
    An increasing number of ATM skimmers targeting banks and consumers appear to be of the razor-thin insert variety. These card-skimming devices are made to fit snugly and invisibly inside the throat of the card acceptance slot. Here's a look at a stealthy new model of insert skimmer pulled from a cash machine in southern Europe just this past week.
  • Counterfeit U.S. Cash Floods Crime Forums Wed, 20 Aug 2014 18:28:57 +0000
    One can find almost anything for sale online, particularly in some of the darker corners of the Web and on the myriad cybercrime forums. These sites sell everything from credit cards to identities and stolen merchandise, but until very recently, one illicit good I had never seen for sale on the forums was counterfeit U.S. currency.
  • Lorem Ipsum: Of Good & Evil, Google & China Mon, 18 Aug 2014 04:25:34 +0000
    Imagine discovering a secret language spoken only online by a knowledgeable and learned few. Over a period of weeks, as you begin to tease out the meaning of this curious tongue and ponder its purpose, the language appears to shift in subtle but fantastic ways, remaking itself daily before your eyes. And just when you are poised to share your findings with the rest of the world, the entire thing vanishes.This fairly describes my roller coaster experience of curiosity, wonder and disappointment over the past few weeks, as I've worked alongside security researchers in an effort to understand how "lorem ipsum" -- common placeholder text on countless Web sites -- could be transformed into so many apparently geopolitical and startlingly modern phrases when translated from Latin to English using Google Translate.

# Bruce Schneier's blog

  • Friday Squid Blogging: Squid Boats Illuminate Bangkok from Space Fri, 22 Aug 2014 16:49:42 -0500
    Really: To attract the phytoplankton, fishermen suspend green lights from their boats to illuminate the sea. When the squid chase after their dinner, they're drawn closer to the surface, making it easier for fishermen to net them. Squid boats often carry up to 100 of these green lamps, which generate hundreds of kilowatts of electricity--making them visible, it appears, even...
  • Chapter 137 of My Surreal Life Fri, 22 Aug 2014 14:04:57 -0500
    Someone wrote Sherlock-Schneier fan fiction. Not slash, thank heavens. (And no, that's not an invitation.)...
  • The Onion on Passwords Fri, 22 Aug 2014 12:20:07 -0500
  • Disguising Exfiltrated Data Thu, 21 Aug 2014 06:08:00 -0500
    There's an interesting article on a data exfiltration technique. What was unique about the attackers was how they disguised traffic between the malware and command-and-control servers using Google Developers and the public Domain Name System (DNS) service of Hurricane Electric, based in Fremont, Calif. In both cases, the services were used as a kind of switching station to redirect traffic...
  • US Air Force is Focusing on Cyber Deception Wed, 20 Aug 2014 05:08:54 -0500
    The US Air Force is focusing on cyber deception next year: Background: Deception is a deliberate act to conceal activity on our networks, create uncertainty and confusion against the adversary's efforts to establish situational awareness and to influence and misdirect adversary perceptions and decision processes. Military deception is defined as "those actions executed to deliberately mislead adversary decision makers as...
  • The Security of al Qaeda Encryption Software Tue, 19 Aug 2014 06:11:06 -0500
    The web intelligence firm Recorded Future has posted two stories about how al Qaeda is using new encryption software in response to the Snowden disclosures. NPR picked up the story a week later. Former NSA Chief Council Stewart Baker uses this as evidence that Snowden has harmed America. Glenn Greenwald calls this "CIA talking points" and shows that al Qaeda...
  • QUANTUM Technology Sold by Cyberweapons Arms Manufacturers Mon, 18 Aug 2014 11:14:31 -0500
    Last October, I broke the story about the NSA's top secret program to inject packets into the Internet backbone: QUANTUM. Specifically, I wrote about how QUANTUMINSERT injects packets into existing Internet connections to redirect a user to an NSA web server codenamed FOXACID to infect the user's computer. Since then, we've learned a lot more about how QUANTUM works, and...
  • NSA/GCHQ/CSEC Infecting Innocent Computers Worldwide Mon, 18 Aug 2014 05:45:40 -0500
    There's a new story on the c't magazin website about a 5-Eyes program to infect computers around the world for use as launching pads for attacks. These are not target computers; these are innocent third parties. The article actually talks about several government programs. HACIENDA is a GCHQ program to port-scan entire countries, looking for vulnerable computers to attack. According...
  • Friday Squid Blogging: Te Papa Museum Gets a Second Colossal Squid Fri, 15 Aug 2014 16:33:36 -0500
    That's two more than I have. They're hoping it's a male. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Reverse-Engineering NSA Malware Fri, 15 Aug 2014 06:27:33 -0500
    Interesting articles reverse-engineering DEITYBOUNCE and BULLDOZER....

# WIRED Threat Level

  • Your Anonymous Posts to Secret Aren’t Anonymous After All Fri, 22 Aug 2014 10:30:45 GMT
    White hat hacker Ben Caudill is halfway through his sandwich when he casually reaches over to his iPhone, swipes the screen a few times, then holds it up to me. “Is that you?” he asks. It is, but nobody was supposed to know. He’s showing me one of my posts to Secret, the popular anonymous […]

  • How Hackers Could Mess With 911 Systems and Put You at Risk Thu, 21 Aug 2014 10:30:30 GMT
    The female caller was frantic. Why, she asked 911 dispatchers, hadn’t paramedics arrived to her home? She’d already called once to say her husband was writhing on the floor in pain. “Hurry up!,” she’d pleaded, as she gave the operator her address. And then she hung up and waited for help to arrive, but it […]

  • Researchers Easily Slipped Weapons Past TSA’s X-Ray Body Scanners Wed, 20 Aug 2014 13:00:56 GMT
    Additionally, they found that they could infect the scanner with malware---most practically for an attacker by picking the lock on the scanner's cabinet and physically installing the malware on the PC inside.

  • This Android Shield Could Encrypt Apps So Invisibly You Forget It’s There Tue, 19 Aug 2014 10:30:52 GMT
    In the post-Snowden era, everyone wants to make encryption easier. Now, one group of researchers has created a tool intended to make it invisible. A team from Georgia Tech has designed software that acts as an overlay on Android smartphones’ communication apps—like Gmail or Whatsapp—and mimics the apps’ user interfaces. When users type, the text […]

  • How to Save the Net: A CDC for Cybercrime Tue, 19 Aug 2014 10:30:50 GMT
    Forming an agency whose core mission is cybersecurity research and information sharing would help change the nature of the game.
  • How to Save the Net: Keep It Open Tue, 19 Aug 2014 10:30:44 GMT
    We have a unique opportunity to redesign the Internet's governance by enshrining the openness principle and the concept that all stakeholders should participate in policy development.
  • How to Save the Net: Build a Backup Tue, 19 Aug 2014 10:30:43 GMT
    As more vital services are dependent on the Internet, we must make a back-up to avoid chaos.
  • How to Save the Net: Take Ownership Tue, 19 Aug 2014 10:30:24 GMT
    We need to do more to develop and empower digital citizens.
  • How to Save the Net: Break Up the NSA Tue, 19 Aug 2014 10:30:20 GMT
    The NSA has too many missions: a military mission dedicated to network attacks and political espionage, a law enforcement mission focused on individual bad actors across the globe, and a defensive mission devoted to protecting the nation's information infrastructure.
  • How to Save the Net: Don’t Give In to Big ISPs Tue, 19 Aug 2014 10:30:12 GMT
    The next Netflix won't stand a chance if the largest US Internet service providers are allowed to merge or demand extra fees from content companies trying to reach their subscribers.

# exploit-db.com

# Securiteam