Monthly Archives: September 2015



2
The creepy extent to which folk at GCHQ have been monitoring and spying on all web users has been revealed in leaked documents on operation ‘Karma Police’. The documents published by The Intercept demonstrate that the UK government’s listening service GCHQ was building a “web browsing profile for every visible user on the internet”. James Baker NO2ID Campaigns Manager said: “Sensitive meta data can be used to build up a profile of the websites you visit. If you’ve ever sought marriage guidance, googled medical conditions or viewed pornography then chances are this programme will have used that information to build up a profile about you. “This is out of control surveillance which demonstrates that ,more than ever, we need independent judicial oversight of government surveillance powers.” These surveillance powers are a typical example of a database state, which is the term we use to describe the tendency of governments to […]

GCHQ surveillance powers – less ‘Karma Police’ and more ’Creep’


The BBC news website reports that More than 11 million passwords stolen in the Ashley Madison website hack have been decoded by a password cracking group. Initially, it was thought that the hacked passwords were unbreakable because hashing with bcrypt had been employed which effectively scrambles the password.  However, an amateur password cracking group called Cynosure Prime has discovered that the site had at some point changed the way passwords were stored, which reduced the strength of the bcrypt protection.  As a result the group have been able to crack 11 million passwords scrambled since the changes were made. Exactly, why Ashley Madison changed the way passwords were stored is not known, but it is speculated that it was done to make accessing the site easier. In a previous Newsblog post it has been highlighted that it is often the case that the reputational and financial impact on companies from […]

Flaws found in Ashley Madison password protection



2
Last month we learnt that government officials were planning a digital ‘vault’. Entirely unlike the National Identity Register the ‘vault’ would store people’s addresses, phone numbers, tax details, where they are registered to vote, driving records and benefit claims, as well as information about their mortgages, pensions and bank accounts. The scheme would be voluntary, although probably in about the same way as agreeing to a credit check is voluntary e.g. not if you ever want a financial service again. An on-line poll hosted by the Telegraph says that 82% of people wouldn’t sign up to such a service.  Of course we all know on-line polls are not really that representative of public opinion, but it isn’t surprising that people might have some issue with all their financial details being stored in a single place. Even those in the ‘nothing to hide’ camp who don’t grasp the dangers of surveillance will have […]

Telegraph poll – 82% of people wouldn’t sign up ...


Anna Hodgekiss reports on the Mail Online that a sexual health clinic in London’s Soho has revealed the names of up to 780 HIV positive patients in an e-mail error. The error involved patients who had signed up to the Clinic’s Option E service when a monthly newsletter was sent out. It appears to have occurred when the newsletter was sent out using an open group circulation list rather than as a blind copy. The clinic tried to recall the message using Microsoft Outlook’s recall function and then sent another e-mail apologising for the error and asking recipients to delete the message. Comment from the Newsblog Editor: A mistake like this is easy to make on an e-mail client like Microsoft’s Outlook, where an e-mail list can easily be mistakenly copied into the wrong field and sent out as a CC (carbon copy) to all recipients, rather than as a […]

Hundreds of HIV-positive patients have their identities revealed in e-mail ...