WASHINGTON (AP) — A developing Senate plan that would bolster the government's ability to regulate the computer security of companies that run critical industries is drawing strong opposition from businesses that say it goes too far and security experts who believe it should have even more teeth.

Read more ...

The British media has been inundated with news of student protests erupting after the government voted to treble tuition fees for new students starting in the 2012 academic year. Though all media from around the world have focused also on the Wikileaks scandal, which continues to put pressure on governments and their efforts around the world.The two can overlap.

The problem is that most students and political activists of my age are unaware of this mechanism of airing our disdain.

A distributed denial-of-service attack is when hundreds or thousands of people at one time use an application to target their own broadband bandwidth to pummel a certain server, often a web server hosting a website, to overload it with information causing it to shut down. In practice, you download a small application, follow the instructions made available by means of viral marketing spreading and you ping; you ping until your heart’s content. 

I am neither condoning nor supporting the use of denial-of-service attacks, but one has to wonder whether the evolution and the speed of the Web has placed certain priorities higher than others when resorting to means of protest. In a recent poll undertaken by the Between the Lines bloggers, though results are still coming in and polls are yet to change, at the time of publication most do not believe denial-of-service attacks are a legitimate form of protest.

I think the readers are wrong. So let’s just run through some basic pro’s and con’s to see if you can be persuaded otherwise: Reasons for:In some places, protesting is illegal without a court order or police authorization;  It takes less people to actually ‘protest’ depending on the size of the target you are hitting;Street protests are often not listened to: politicians though accountable to the electorate often do as their party whips decide;Street protests do sometimes turn into violence, bringing the entire protest into disrepute.When operated virally, they are incredibly easy to organise and are ’simpler’, essentially.Reasons against:It’s may be illegal in your country;In some cases it’s too easy to perform a DDoS attack against a small victim, and the numbers do not justify the wider feeling;Street protests give a greater accurate portrayal of the angeragainst a particular issue;Websites are often very resilient and can be up again as soon as the denial-of-service attack stops.A lot of students don’t have very fast broadband, and communal living makes bandwidth hungry students angry.Whether or not you consider it to be a legitimate form of protest, suited for the twenty-first century, it still makes one hell of a noise.

 

By Zack Whittaker

http://www.zdnet.com/blog/igeneration/for-and-against-ddos-attacks-as-a-legitimate-form-of-protest/7167?tag=nl.e539

 

 

It seems like every time Facebook amends its privacy policy, the web is up in arms. The truth is, Facebook’s well publicized privacy fight is nothing compared to the vulnerability of all unsecured HTTP sites — that includes Facebook, Twitter and many of the web’s most popular destinations.

Developer Eric Butler has exposed the soft underbelly of the web with his new Firefox extension, Firesheep, which will let you essentially eavesdrop on any open Wi-Fi network and capture users’ cookies.

As Butler explains in his post, “As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and open sesame, you will be able to log into that user’s site with their credentials.

One word: wow.

 

It’s not hard to comprehend the far-reaching ramifications of this tool. Anytime you’re using an open Wi-Fi connection, anyone can swiftly access some of your most private, personal information and correspondence (i.e. direct messages, Facebook mail/chat)— at the click of a button. And you will have no idea.

This is how it works. If a site is not secure, it keeps track of you through a cookie (more formally referenced as a session) which contains identifying information for that website. The tool effectively grabs these cookies and lets you masquerade as the user.

 

Apparently many social network sites are not secured, beyond the big two, Foursquare, Gowalla are also vulnerable. Moreover, to give you a sense of Firesheep’s scope, the extension is built to identify cookies from Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facebook, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, Twitter, WordPress, Yahoo, Yelp. And that’s just the default setting— anyone can write their own plugins, according to the post.

Within an hour of Butler’s post appearing on Hacker News, Firesheep was downloaded more than 1,000 times and evidence of usage has already popped up on Twitter in fantastic fashion. (Disclaimer: At the time of this post, I was not in a public setting and could not fully exploit the extension, however several users have reported success.)

<see URL for full story with images relating to attack>

 

http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/

The annual National Cybersecurity Awareness Month festivities started Monday, and a new public messaging campaign highlights this year's event.

The campaign, called "Stop. Think. Connect." aims to empower citizens to make choices that contribute to the overall security of the internet, according to White House proclamation issued Friday.

Read more ...

BBC NEWS - Google did not grab "significant" personal details when collecting data from wi-fi networks, according to the UK's Information Commissioner Office (ICO).

The finding came after the body reviewed some of the data Google scooped up from unsecured networks.

Google said the data was "mistakenly" gathered while logging wi-fi hotspots to help with location-based services. The ICO said it would closely monitor other global investigations.

Read more ...