Puppet MastersS

Display

Hackers break SSL encryption used by millions of sites

Beware of BEAST decrypting secret PayPal cookies

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.

At the Ekoparty security conference in Buenos Aires later this week, researchers Thai Duong and Juliano Rizzo plan to demonstrate proof-of-concept code called BEAST, which is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts. The exploit works even against sites that use HSTS, or HTTP Strict Transport Security, which prevents certain pages from loading unless they're protected by SSL.

The demo will decrypt an authentication cookie used to access a PayPal account, Duong said.

Laptop

Japan: biggest defence contractor hit by hackers

Submarine plant, missile factory among targets

Japan's biggest defence contractor, Mitsubishi Heavy Industries, has become the victim of a malware-based hack attack.

The firm said that the attack resulted in the infection of 10 of its sites across Japan, including its submarine manufacturing plant in Kobe and a facility in Nagoya which makes engine parts for missiles. In total 45 network servers and 38 PCs became infected with eight strains of malware, including Trojan horse programs, the Daily Yomiuri reports.

News of the security breaches emerged over the weekend. Mitsubishi said the circumstances of the intrusions - first detected in mid-August - are under investigation, with a report due by the end of the month. In the mean time the firm is playing down suggestions that the malware may have been used to successfully extract industrial secrets via compromised systems.

Laptop

Google offers opt-out from Wi-Fi router location database

Never offered an opt-in, though

Google has given the owners of Wi-Fi routers around the world the right to opt out of a registry that the search giant uses to locate mobile phone users.

Currently Google uses location data tied to the unique codes of residential Wi-Fi routers to help triangulate the location of mobile devices.

Google made the change voluntarily, but it's likely it was a pre-emptive move before the search giant was forced to do so by European courts. Google has been embroiled in a legal challenge to the practice from privacy regulators in Germany.

The privacy fight waged by the German government will have benefits globally as Google extends the opt-out offer to people around the world.

The main benefit to Google of tracking the location of phone owners is to allow the company to deliver location-specific adverts. Where Wi-Fi router information is not available, it may use the device's GPS or the signatures of cellphone towers to locate a device.

The opt-out system should be in place by this autumn.

Red Flag

DuPont's Herbicide Goes Rogue

Image
© Common Dreams
The company's landscaping weed-killer turned out to be a tree-killer.

In the corporate world's tortured language, workers are no longer fired. They just experience an "employment adjustment." But the most twisted euphemism I've heard in a long time comes from DuPont: "We are investigating the reports of these unfavorable tree symptoms," the pesticide maker recently stated.

How unfavorable? Finito, flat-lined, the tree is dead. Not just one tree, but hundreds of thousands all across the country are suffering the final "symptom."

Arrow Down

S&P Downgrades Italy; Euro, Futures Tumble

arrow

As usual, a corrupt and pathetic Moody's continues to boldly not go where everyone else has gone before. Luckily, S&P, which had the balls to cut the US, has just done so to Europe's next domino, by downgrading Italy from A+ to A, outlook negative. Then again, this was pretty much telegraphed 100% earlier today as noted in "Italy Expected To Cut Growth Forecasts Further." Anyway, those incompetents from Moody's are next.

Full report:

Italy Unsolicited Ratings Lowered To 'A/A-1' On Weaker Growth Prospects, Uncertain Policy Environment; Outlook Negative

Overview
  • Italy's net general government debt is the highest among 'A' rated sovereigns. We have revised our projections of Italy's net general government debt and now expect it to peak later and at a higher level than we previously anticipated.
  • In our view, Italy's economic growth prospects are weakening and we expect that Italy's fragile governing coalition and policy differences within parliament will continue to limit the government's ability to respond decisively to domestic and external macroeconomic challenges.
  • In our view, weaker economic growth performance will likely limit the effectiveness of Italy's revenue-led fiscal consolidation program.
  • We have revised our base-case medium-term projections of real GDP growth to an annual average of 0.7% between 2011 to 2014, compared with our previous projection of 1.3% (see "Credit FAQ: Why We Revised The Outlook On Italy To Negative," published May 23, 2011). As part of our ratings analysis, we have also prepared upside and downside macroeconomic scenarios that could drive our future rating actions on Italy.
  • We are lowering our long- and short-term unsolicited sovereign credit ratings on Italy to 'A/A-1' from 'A+/A-1+'.
  • The negative outlook reflects our view of additional downside risks to public finances related to the trajectory of Italy's real and nominal GDP growth, and implementation risks of the government's fiscal consolidation program.

Star of David

Jewish groups worried by Vatican gesture

Bishop Williamson
© ReutersBishop Williamson. 'Promoting anti-Semitism and anti-Judaism'
More than 40 years of progress in Catholic-Jewish relations may be called into question by attempt to reach out to group of breakaway traditionalist Catholics, including Holocaust-denying bishop.

Some Jewish groups voiced concern Friday that the Vatican might be calling into question more than 40 years of progress in Catholic-Jewish relations by reaching out to a group of breakaway traditionalist Catholics that includes a Holocaust-denying bishop. The Vatican has been working for years to bring the breakaway Society of St. Pius X back into its fold, and this week told its members they must accept some core church teachings if they want to be fully reintegrated into the church.

But the Holy See said some expressions contained in documents from the Second Vatican Council could be left open for "legitimate discussion."

The 1962-65 Vatican II meetings brought modernizing reforms to the Catholic Church, including outreach to Jews and introduction of the Mass in the vernacular rather than Latin. The Swiss-based Society of St. Pius X was formed in 1969, opposed to many of Vatican II's reforms. The Vatican refused to say which core teachings the society must accept to be reintegrated, and which elements of Vatican II documents could be left open for discussion. A key Vatican II document, Nostra Aetate, revolutionized the Catholic Church's relations with Jews by declaring that Christ's death couldn't be attributed to Jews as a whole. Other Vatican II teachings to which the society objects concern religious freedom and ecumenical relations.

Card - VISA

BA Faces โ‚ฌ50m Bill for Carbon Emissions

BA tail
© Bloomberg
British Airways faces a bill of nearly โ‚ฌ50m, the highest of any airline, when carriers around the world are brought into the European Union's carbon emissions trading scheme next year, a new study estimates.

But BA and other large European carriers will face a relatively smaller burden than their rivals in the US and China, because they should get an average of 81 per cent of the carbon allowances needed under the scheme for free. The Chinese and American carriers will only get an average of up to 64 per cent, says the report by Thomson Reuters Point Carbon, the energy research firm.

Bad Guys

The Future of Greece Rests on a Phone Call

Greek protest
© Orestis Panagiotou/EPAFurther Greek austerity measures could lead to a repeat of the civil unrest of summer 2011.
'Make-or-break' conversation between finance minister, EU and IMF will determine next measures to prevent default

Europe's debt crisis has intensified after Greece's embattled government said the country's financial future would rest on a make-or-break conference call with EU and IMF officials on Monday.

Signalling that the 20-month saga had reached crunch point, Athens' finance minister prepared the austerity-weary nation for further belt-tightening, saying the time had come for "decisive" action to avoid a Greek default.

"There is great volatility in the markets," Evangelos Venizelos said after emerging from crisis cabinet talks. "If we want to avoid default, to stabilise the situation, to remain in the eurozone ... we must take big strategic decisions.

Arrow Down

Europe Digs Ever Deeper Debt Hole

Greek protest
© AFPA protester sets fire to copies of Euro banknotes outside the Bank of Greece headquarters during a global day of action 'against the dictatorship of markets' in Athens
Europe is digging an ever-deeper hole as it vows to resolve the eurozone crisis, experts said on Sunday as Greece readies for a pivotal week of international debt diplomacy.

"The otherwise fractious European Union leaders have united in their criticism of the markets, the IMF and now (US Treasury Secretary) Tim Geithner -- for being honest about the scale of problems facing the eurozone," Sony Kapoor, head of the Re-define think tank, told AFP.

En route to New York and a frantic week at International Monetary Fund, World Bank and G20 gatherings, he said "kill the messenger seems to be the new strategy" for an EU "plagued by parochialism, pettiness and procrastination."

Bad Guys

The Dangerously Deranged Ethics of Biotech Agriculture

Image
© layogamagazine.com
My unease about genetically engineered crops and animals dates back to the beginning. I had immediate concerns in the late 1980s and early 90s as I began to learn about the technology and associated marketplace machinations. Over the following decades as more and more facts emerged my concerns deepened.

Then just a couple of weeks ago my misgivings were rudely provoked to the forefront when I read an op-ed column by Nina Federoff, published in The New York Times. Her column amounted to a fact-deficient apologia for the GMO industry, and an exhortation to charge heedlessly forward with genetically engineered food. For me, and for millions of other people, this is a massively deranged and dangerous proposition.

So many factors are coming to a head now. Widespread famine, a global land grab, soaring food prices, a horde of profit-mad speculators, drought on the scale of the Dust Bowl, a host of other wildly wobbling environmental events, and a huge, well-organized, well-funded propaganda push by corporate industrial agriculture to claim that the only sensible way forward is with genetic engineering and its allied cauldron of petrochemical-based herbicides, fungicides, and pesticides. But it's not the only way forward. It is, instead, a profoundly perilous pathway encouraged by what I regard as dangerously deranged ethics.