The NSA‘s new spy center will see everything
Imagine a massive supercomputer in the desert, watched around the clock by armed guards, capable of intercepting and decrypting virtually every piece of information in the world. Sounds like science fiction doesn’t it? Well, according to Wired, the NSA is in the process of building just such a place, and they’ve madeleaps and bounds of progress at breaking the standard AES encryption algorithm that keeps your emails and other private information secure.
This new surveillance center is being constructed in the Utah desert, near a town called Bluffdale. When it’s finished, you’ll be able to fit five US Capitols inside, and most of that space will be occupied by supercomputers capable of storing more data than you can even imagine (you can imagine a lot, can’t you?). Your private emails, Google searches, receipts, travel information – pretty much ever scrap of data generated – will be stored here, while sophisticated software sifts through it in search of anything remotely suspicious.
More on this interesting story here: http://www.neowin.net/news/the-nsas-new-spy-center-will-see-everything
- Everybody’s a Target: NSA Building Largest Spy Center Ever (musicians4freedom.com)
- The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say) (wired.com)
- National Security Agency To Build Spy Center That Will Track All Electronic Communication (inquisitr.com)
- RT News – NSA Utah ‘Data Center’: Biggest-ever domestic spying lab? – RT (2012indyinfo.com)
- Firefox 11,
- Firefox 3.6.28,
- Firefox ESR 10.0.3,
- Thunderbird 11,
- Thunderbird 3.1.20,
- Thunderbird ESR 10.0.3, and
- SeaMonkey 2.8.
These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security restrictions, operate with escalated privileges, or perform a cross-site scripting attack.
Firefox users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/firefox.html
Thunderbird users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
Seamonkey users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
Safari: Closes 80 Security Holes with version 5.1.4
Apple has released version 5.1.4 of its Safari web browser for Windows and Mac OS X. According to the company, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs.
A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution.
The recent issue, where Google were accused of bypassing Safari’s privacy controls on cookies, also appears to have been addressed. Details of how Apple have fixed this though are not given. A bug in Safari’s Private Browsing mode that allowed page visits to be recorded in the browser history when the mode was active has been fixed.
On Windows systems, the browser update improves domain name validity checking in order to prevent attackers from using look-alike characters in a URL to visually spoof a legitimate domain and direct users to a malicious site – Mac OS X systems were not affected by this issue.
More can be found here: http://www.h-online.com/security/news/item/Safari-update-closes-security-holes-1470595.html
- Apple patches steaming heap of Safari bugs (go.theregister.com)
- Apple patches record number of Safari 5 bugs with monster update (infoworld.com)
- Apple releases Safari 5.1.4 update (applescoop.com)
- Apple Releases Safari 5.1.4 With Speed And Stability Improvements (cultofmac.com)
From SophosLabs: on March 6, 2012
The patch addresses two CVEs in Flash Player, CVE-2012-0768 and CVE-2012-0769, both reported to Adobe by Google researchers.
Chrome users should restart their browser as soon as possible as Google has automatically provided the fix in the latest Chrome update.
CVE-2012-0768 is a memory corruption vulnerability that could lead to remote code execution by exploiting a flaw in Matrix3D.
CVE-2012-0769 is an information disclosure vulnerability as a result of integer errors in Flash Player.
As always we recommend deploying these updates as soon as possible. While we do not have any evidence of these flaws being exploited in the wild, past patterns indicate it won’t be long.
- Adobe Patches Flash Player for Second Time in 20 Days (pcworld.com)
- Adobe patches Flash Player for second time in 20 days (infoworld.com)
- Google patches 14 Chrome bugs, pays record $47K in bounties and bonuses (macworld.com)
- Important BlackBerry Tablet OS Update: Includes Fix for Adobe Flash Player (blogs.blackberry.com)
The hack doesn’t require any extra software or root access.
The Smartphone Champ has revealed a simple hack that can provide access to all of the funds of a Google Wallet user — it’s far easier than a method of cracking the Google Wallet PIN that was revealed earlier this week.
“[The] hack doesn’t require extra software, root access, or any particular skills in general,” writes CNET News’ Lance Whitney. “Instead, all someone apparently has to do it clear the data for the Google Wallet app in the smartphone‘s application settings menu. The app is then reset and will prompt the person to enter a new pin number the next time it launches.”
“Since the Google Wallet information is linked to the device and not to the actual account, a person can then use the Google prepaid card already tied to the device to gain full access to the owner’s funds, explained The Smartphone Champ,” Whitney writes.
In response to the hack, a Google spokesman sent CNET the following statement:
“We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”
This latest Google Wallet hack follows an earlier hack reported by security blogging site Zvelo.
- Latest Google Wallet hack picks your pocket (news.cnet.com)
- Google Wallet Disables Prepaid Cards Following Security Fears (textually.org)
- Google Wallet’s PIN Verification Cracked (Again), No Root Access Required (androidpolice.com)