Monthly Archives: July 2014

Leo Kelion writes on the BBC news website that the developers of Tor have disclosed that an attack on the network may have unmasked users for five months. The Tor Project said it believed that the infiltration had been carried out by two university researchers, who claimed at the start of July to have exploited “fundamental flaws” in Tor’s design that allowed them to unmask the so-called dark net’s users. The Tor project have given full details of the attack and the methods used in a security advisory notice on their website.  

Tor attack may have unmasked its users

Sean Gallagher writes on the arstechnica website that the Russian Ministry of Internal Affairs is offering a reward of 3.9 million rubles ($110,000) to any Russian citizen or company that can identify users of  the popular Tor network, which allows internet users to conceal their web browsing activities from much Government surveillance. Gallagher highlights that: Tor has been the constant target of intelligence agencies and other entities seeking to unmask anonymous Internet users. Documents leaked by former NSA contractor Edward Snowden showed that the NSA and GCHQ made multiple attempts to break Tor users’ anonymity. Malware exploiting a Firefox vulnerability was used to unmask users of “hidden services” on Tor last year and may have been part of an effort by the FBI to crack down on Freedom Host, a Tor server provider, as part of a child pornography case. The  Russian Ministry of Internal Affairs has previously sought to […]

Russia offers $110,000 to crack Tor

The United Nations News Centre highlights UN concerns about the increasing number of Government initiated mass surveillance programmes. It comes in the week that the UK Parliament approved the Data Retention and Investigatory Powers (Drip) bill, which makes communication companies store user data. Launching the report Navi Pillay , the  UN High Commissioner for Human Rights, said that: “The onus is on the State to demonstrate that such interference is neither arbitrary nor unlawful,” Ms. Pillay said, noting that article 17 of the International Covenant on Civil and Political Rights states that “no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation.” A copy of the report is available here: The Right to Privacy in the Digital Age

UN Concerned about Mass Surveillance Programmes

David Davis MP has written an article in the Daily Mail severely criticising the Government’s Data Retention and Investigatory Powers Bill (DRIP).  In the article he says that: “The Government has engineered a ‘theatrical emergency’ – in this case terrorism and hidden paedophile rings – to ram the Data Retention and Investigatory Powers Bill through Parliament without proper debate”. He is also critical of the way that the government has accepted the claims of the security without critical assessment of their validity and on the concessions the Government has made to with regards to scrutiny of the powers he said: “The Government has sprinkled some concessions throughout its announcement to sweeten the pill: an acknowledgement that the Regulation of Investigatory Powers Act is out of date; it will publish annual transparency reports; and a Privacy and Civil Liberties Oversight Board will try to balance our security requirements with our privacy […]

David Davis MP: This data law has nothing to do ...

Jane Wakefield writes on the BBC web site that Security Experts have been able to hack into smart network enabled LED light bulbs and switch them on and off remotely: Michael Jordon, research director at Context, explained how he was able to obtain the wi-fi username and password of the household the lights were connected to. “We bought some light bulbs and examined how they talked to each other and saw that one of the messages was about the username and password,” he told the BBC. “By posing as a new bulb joining the network we were able to get that information,” he added. “We were able to steal credentials for the wireless network, which in turn meant we could control the lights.” Although the vulnerability has now been fixed,  it does highlight the potential security and privacy issues associated with the “Internet of Things“.

Smart LED light bulbs Hacked