Profile

Cover photo
Sean M
268,383 views
AboutPosts

Stream

Sean M

Shared publicly  - 
 
+AT&T​ - Hijacking your Browsing

Throwing security to the wind, +AT&T​ injects content into the HTTP sessions of its wifi hotspot users.

Potential fixes:
1) Avoid anything AT&T.
2) Avoid insecure connections, so use HTTPS and/or tunnel your traffic (VPN, proxy, etc).

Via +Adam Liss
 
+AT&T: The same company that cooperated with the NSA is now playing man-in-the-middle and manipulating your http connections to inject advertisements.
24 comments on original post
4
1
Maxx D's profile photo
Add a comment...

Sean M

Shared publicly  - 
 
Google Hangouts 4.0 Update

Material UI and streamlined interface. Looks promising.
 
The latest version of Hangouts on Android is rolling out today.
7 comments on original post
1
Add a comment...

Sean M

Shared publicly  - 
 
Emergency Firefox Patch, Active 0-day

Patch Firefox! 
Exploit found in the wild prompts emergency update, advisory to change passwords.
1
Add a comment...

Sean M

Shared publicly  - 
 
Privacy Badger!
 
The advertising industry is finding sneaky new ways to track you. Privacy Badger 1.0 is here to outsmart them...
Privacy Badger 1.0 – New Ways to Stop Sneaky Trackers EFF is excited to announce that today we are releasing version 1.0 of Privacy Badger for Chrome and Firefox.  Privacy Badger is a browser extension that automatically blocks hidden trackers that would otherwise spy on your browsing habits as you surf the Web.
19 comments on original post
2
Add a comment...

Sean M

Shared publicly  - 
 
Data Leakage over VPN/Proxy

Interesting server-side project that seems capable of discerning VPN traffic from normal traffic.
 
This is scary and very interesting. Detecting VPN (and its configuration!) and proxy users on the server side  http://witch.valdikss.org.ru/

More info https://medium.com/@ValdikSS/detecting-vpn-and-its-configuration-and-proxy-users-on-the-server-side-1bcc59742413

#Infosec   #Security   #Privacy  
3 comments on original post
1
Add a comment...

Sean M

Shared publicly  - 
 
Drive Wiping

An okay, basic explanation of what it means to wipe a dive.
 
At a recent press conference, U.S. Presidential candidate Hilary Clinton was asked if she wiped the drive that came out of her now infamous personal e-mail server. She responded: “What, like, with a cloth?”
Bob Covello explains exactly what happens when a hard drive stops working and how data recovery and destruction can be achieved.
View original post
1
Otto von Metzger's profile photoSean M's profile photoMaxx D's profile photo
4 comments
Maxx D
+
1
2
1
 
+Sean M That is often repeated (that some government spook can read your data), but has never been supported by even a single experiment, although there is now experimental data against it. Where is the evidence? When has even a single file name been recovered? If the government can recover gigabytes of data, surely someone has demonstrated recovery of a mere 10 bytes?

The original folklore can be traced back to Peter Gutmann (a computer science teacher who has no expertise in the recovery techniques he ponders) in 1996 in which he proposed an hypothesis, with no supporting experiment, about MFM/RLL encoded drives from the 1980s. His paper cited other studies, none of which actually supported the claims. Yes, he cited Magnetic Force Scanning Tunneling Microscopy (STM/MFM), but he doesn't actually know if they work and did actually do any experiment with it. In some cases, he cites recovery from drives that were never wiped, drives that only suffered the degradation of time.

In any case, someone actually tried:

It is common to see people quoting that data can be recovered if it has only been overwritten once, many times referencing that it actually takes up to ten, and even as many as 35 (referred to as the Gutmann scheme because of the 1996 Secure Deletion of Data from Magnetic and Solid-State Memory published paper by Peter Gutmann) passes to securely overwrite the previous data.

This study has demonstrated that correctly wiped data cannot reasonably be retrieved even if it is of a small size or found only over small parts of the hard drive. Not even with the use of a MFM or other known methods. The belief that a tool can be developed to retrieve gigabytes or terabytes of information from a wiped drive is in error.

https://digital-forensics.sans.org/blog/2009/01/15/overwriting-hard-drive-data/

Multipass disk overwrite and  the “DoD 5220-22-M standard 3-pass wipe” are, at best, urban legends. At worst, they are a waste of time and electricity.

Fortunately, several security researchers presented a paper [WRIG08] at the Fourth International Conference on Information Systems Security (ICISS 2008) that declares the “great wiping controversy” about how many passes of overwriting with various data values to be settled: their research demonstrates that a single overwrite using an arbitrary data value will render the original data irretrievable even if MFM and STM techniques are employed.

The researchers found that the probability of recovering a single bit from a previously used HDD was only slightly better than a coin toss, and that the probability of recovering more bits decreases exponentially so that it quickly becomes close to zero

Therefore, a single pass overwrite with any arbitrary value (randomly chosen or not) is sufficient to render the original HDD data effectively irretrievable.

http://webcache.googleusercontent.com/search?q=cache:http%3A%2F%2Fwww.infosecisland.com%2Fblogview%2F16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html

Another fact to ponder is the failure of anyone to read the "18 minute gap" Rosemary Woods created on the tape of Nixon discussing the Watergate break-in. In spite of the fact that the data density on an analog recorder of in the 1960s was approximately one million times less than current drive technology, and that audio recovery would not require a high degree of accuracy, not one phoneme has been recovered.

http://www.nber.org/sys-admin/overwritten-data-gutmann.html

NIST Guidelines for Media Sanitation NIST SP 800-88:

"For storage devices containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data."

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf 

"Advancing technology has created a situation that has altered previously held best practices regarding magnetic disk type storage media. Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."

http://skeptics.stackexchange.com/questions/13674/is-it-possible-to-recover-data-on-a-zeroed-hard-drive/13677#13677
Add a comment...

Sean M

Shared publicly  - 
 
LibreOffice 5.0 vs Microsoft Office 2013

Comparison of differences.
 
How does #LibreOffice 5 compare to MS Office 2013? Find out on our wiki: https://t.co/jgoiLY4mN5
Introduction. This page compares the features of LibreOffice 5.0.0 (download) and Microsoft Office 2013. It separates major and minor feature differences and also includes notes on LibreOffice extensions. The comparison highlights differences and therefore does not display any features which are ...
View original post
1
1
Jay Jinn's profile photo
Add a comment...

Sean M

Shared publicly  - 
 
iPhone Security Better than You Think

Apple has put together a solid device and ecosystem as long as it can resist government intervention.

If Apple capitulated to the government, this would compromise the end-to-end encryption that Apple users spend upon. Apple would do this by adding a government controlled public key to the list of keys to use for encrypting a message dealing with a targeted account, so that the government could decrypt the message (using their private key). The danger here, besides the obvious, is the lack of visibility for the user. A user has no way of knowing - verifying - which public keys are presented to their device for any given message.

In this case, I can say that I support any efforts by Apple to resist. 
1
Add a comment...

Sean M

Shared publicly  - 
 
Knock, Knock, King Neptune!

Hopefully he doesn't feel threatened and trident our vessel...
 
A team of 50 people spent three years developing the Echo Seeker.
10 comments on original post
1
Add a comment...

Sean M

Shared publicly  - 
 
Too soon? :-(

(via +Drew Bannister​)
 
The city of brotherly love apparently hates robots. 
5 comments on original post
4
Gianmario Scotti (Mario)'s profile photoSean M's profile photo
2 comments
Sean M
+
1
2
1
 
+Gianmario Scotti​, that requirement basically eliminates all of humanity. 
Add a comment...

Sean M

Shared publicly  - 
 
Opinions - Not All are Equal

Check yourself next time you claim an opinion. I know that I will be more discerning of my commentary.
 
"I have had so many conversations or email exchanges with students in the last few years wherein I anger them by indicating that simply saying, "This is my opinion" does not preclude a connected statement from being dead wrong. It still baffles me that some feel those four words somehow give them carte blanche to spout batshit oratory or prose."
You may think that something is "just your opinion", but often you're just wrong.
10 comments on original post
3
Add a comment...
Work
Occupation
IT Guy
Links
YouTube
Basic Information
Gender
Male