«
Expand/Collapse
151 items tagged "china"
Related tags:
hacks [+],
cyber [+],
darknet [+],
censorship [+],
tor event [+],
saudi arabia [+],
news [+],
iran [+],
bugtraq [+],
attack [+],
tunisia [+],
syria [+],
network [+],
authors [+],
anonymity [+],
vulnerability [+],
u.s. [+],
time [+],
security [+],
malware [+],
hackers [+],
hack [+],
government [+],
xcon [+],
vulnerabilities [+],
virus [+],
vietnam [+],
txt [+],
sql [+],
security tradeoffs [+],
security response [+],
sebastian wolfgarten [+],
roger [+],
response [+],
pujiang [+],
project [+],
ncnipc [+],
military [+],
major [+],
jens ohlig [+],
ios software [+],
internet censorship in china [+],
information [+],
great [+],
government level [+],
freedom [+],
firewall [+],
espionage [+],
dingledine [+],
development [+],
cyber attack [+],
cisco security [+],
cisco psirt [+],
cisco ios [+],
circumventing internet censorship [+],
call for papers [+],
beijing china [+],
beijing [+],
android [+],
Software [+],
Hardware [+],
General [+],
zombie virus [+],
zombie [+],
xfocus [+],
worm [+],
world [+],
workshop proposals [+],
workshop [+],
website [+],
web [+],
warfare [+],
video [+],
united states [+],
technical cyber security alert [+],
targeted [+],
target [+],
stefan zehl [+],
software correctness [+],
social computing [+],
sidesteps [+],
shut [+],
sensors [+],
risk [+],
report [+],
privacy event [+],
principles of mathematics [+],
phishing scams [+],
papers [+],
nicholas [+],
microcontroller development [+],
microcontroller [+],
melissa j. dark [+],
legal [+],
laser [+],
key [+],
ket [+],
jacob appelbaum [+],
iranian elections [+],
international proportions [+],
infecting [+],
india [+],
https [+],
hit [+],
heralds [+],
handshake [+],
hacker [+],
hacked [+],
hackaday [+],
gmail [+],
game [+],
france [+],
foreign [+],
europe [+],
email [+],
dpi [+],
device [+],
dalian china [+],
dalian [+],
cyber security alert [+],
cyber attacks [+],
cutter [+],
crypto [+],
cpscom [+],
company [+],
claims [+],
circumvention [+],
chinese [+],
call [+],
bluecoat [+],
aurora [+],
apple shifts [+],
apple [+],
anonymous [+],
activity [+],
Issues [+],
zte [+],
year [+],
yahoo [+],
wunderkind [+],
working in china [+],
wordpress [+],
will [+],
while [+],
websites [+],
weapons [+],
water painting [+],
water [+],
warning [+],
war [+],
w co [+],
val smith [+],
users [+],
usa [+],
ufo [+],
tube [+],
trojan [+],
tricycle [+],
transmitter [+],
training [+],
traces [+],
tops [+],
top [+],
tool [+],
tibetan activists [+],
the netherlands [+],
than china [+],
technical nature [+],
takedown [+],
taiwan [+],
tags [+],
swaggsec [+],
svofski [+],
suspicion [+],
suspected [+],
surge [+],
stuxnet [+],
study [+],
still [+],
stephen hobley [+],
stealth techniques [+],
statistics [+],
sql injection [+],
spy [+],
spotlight [+],
spook [+],
spies [+],
spectrum design [+],
spammers [+],
space labs [+],
sophos [+],
something [+],
software firm [+],
soft [+],
smartphone [+],
slithers [+],
single board computers [+],
sighting [+],
sichuan province [+],
sichuan [+],
shoes [+],
shift [+],
server [+],
segment [+],
seeks [+],
security experts [+],
search freedom [+],
script kiddies [+],
scorns [+],
scandal [+],
scammers [+],
scam [+],
s. commission [+],
russia [+],
run [+],
rsa [+],
roots [+],
rioters [+],
richard clarke [+],
rgb [+],
response capabilities [+],
relax [+],
reinforces [+],
regulator [+],
regulation [+],
reg hosted [+],
readiness [+],
raspberry [+],
radio [+],
quadcopter [+],
pwned [+],
pullout [+],
ps2 controller [+],
programmer [+],
probes [+],
pro [+],
premium sms [+],
premium rate numbers [+],
pov [+],
pop [+],
poll [+],
political agenda [+],
political [+],
policy [+],
policing [+],
police [+],
pinpoint [+],
phone [+],
phishing [+],
phillip torrone [+],
peru [+],
percent [+],
pays [+],
parliament [+],
overlord [+],
outdoor displays [+],
ottawa [+],
org [+],
order [+],
operators [+],
open proxies [+],
open [+],
online [+],
oil firms [+],
oil [+],
offline [+],
nsa [+],
nixie tube [+],
nixie [+],
nicholas hanna [+],
new [+],
nets [+],
natural choice [+],
nasty piece [+],
mobile market [+],
misc [+],
minneapolis [+],
ministry of commerce [+],
ministry [+],
military weapons [+],
media artist [+],
may [+],
mature [+],
matter [+],
mathieu [+],
mass [+],
market [+],
mantle [+],
mandarin chinese [+],
mandarin [+],
mame machine [+],
mame [+],
machine [+],
lowering [+],
lot [+],
london riots [+],
london [+],
locks [+],
living in china [+],
list [+],
lifted [+],
led [+],
leaked [+],
laser tube [+],
laser cutters [+],
laser cutter [+],
koobface [+],
kocher [+],
kits [+],
japanese parliament [+],
japanese market [+],
japanese [+],
israel [+],
ip addresses [+],
iowa computer [+],
iowa [+],
internet users [+],
internet role [+],
internet freedom [+],
internet crackdown [+],
internet controls [+],
intelligence report [+],
intelligence [+],
intel [+],
insecure [+],
infosec world [+],
infections [+],
industry [+],
indian government [+],
hotmail exploit [+],
hotmail [+],
holiday in china [+],
hoisting [+],
hits [+],
hijacks [+],
hardcore [+],
hamilton [+],
hacktivist [+],
hacking [+],
hacker training [+],
gun smuggling [+],
grows [+],
grow [+],
google hacks [+],
global [+],
gadget world [+],
fraud [+],
for [+],
firm [+],
fire [+],
fingered [+],
fined [+],
financial times [+],
filtering [+],
fear [+],
facing [+],
essential minerals [+],
enforced [+],
electronics markets [+],
e mail [+],
e bay [+],
drive clock [+],
dozen [+],
dock [+],
disrupts [+],
disrupting [+],
displaying [+],
dirty dozen [+],
dirty [+],
directed [+],
defense [+],
defends [+],
decision [+],
ddos [+],
data breach [+],
dalai lama [+],
cyberterrorism [+],
cybercrooks [+],
cybercrime [+],
cyber warfare [+],
cyber war [+],
cyber thief [+],
cyber terrorism [+],
crims [+],
criminal gangs [+],
crimewave [+],
creator [+],
crackdown [+],
covering china [+],
covering [+],
counterfeit [+],
convicted [+],
controller [+],
continue [+],
congo [+],
conficker [+],
confessed [+],
condemns [+],
computer [+],
compromise [+],
complains [+],
commerce [+],
combat [+],
colin ames [+],
code [+],
clock [+],
client [+],
clamp [+],
chomping at the bit [+],
chinese schools [+],
chinese hackers [+],
chinese government [+],
china world [+],
china telecom [+],
china talks [+],
china run [+],
china row [+],
china reports [+],
china orders [+],
china mobile [+],
china ministry of commerce [+],
china issues [+],
china automotive [+],
china attacks [+],
china arrests [+],
china arms embargo [+],
cheap hardware [+],
charlie [+],
chaos communication camp [+],
change [+],
cfp [+],
certain [+],
censorship of the internet [+],
censors [+],
cathodes [+],
carl [+],
car chargers [+],
car charger [+],
car [+],
cant block [+],
calligraphy [+],
cable [+],
bust [+],
businessweek [+],
breach [+],
brazil [+],
botnet [+],
boeng [+],
board [+],
bo xilai [+],
blueprints [+],
blue [+],
bloomberg [+],
blogs [+],
block [+],
blames [+],
biggest [+],
behind [+],
beefier [+],
back [+],
avr programmer [+],
avr [+],
autocad [+],
author [+],
audio [+],
atmega8 [+],
arrests [+],
army [+],
arduino [+],
anti virus [+],
anthony lai [+],
and [+],
analysis [+],
analog sticks [+],
amateurs [+],
alien invasion [+],
agenda [+],
after [+],
admits [+],
accuses [+],
accused [+],
access [+],
accelerates [+],
able [+],
Hackerspaces [+],
ExploitsVulnerabilities [+],
Community [+],
123 reg [+],
google [+],
chaos communication congress [+],
internet [+],
read [+],
tor [+],
roger dingledine [+]
-
-
![Permalink for '[Paper] Responsibility for the Harm and Risk of Software Security Flaws'](/themes/lilina/web//media/mark_off.gif.pagespeed.ce.FiDKaoEBZK.gif)
6:45
»
SecDocs
Authors:
Cassio Goldschmidt Tags:
vulnerability Event:
Black Hat DC 2011 Abstract: Who is responsible for the harm and risk of security flaws? The advent of worldwide networks such as the internet made software security (or the lack of software security) became a problem of international proportions. There are no mathematical/statistical risk models available today to assess networked systems with interdependent failures. Without this tool, decision-makers are bound to overinvest in activities that don’t generate the desired return on investment or under invest on mitigations, risking dreadful consequences. Experience suggests that no party is solely responsible for the harm and risk of software security flaws but a model of partial responsibility can only emerge once the duties and motivations of all parties are examine and understood. State of the art practices in software development won’t guarantee products free of flaws. The infinite principles of mathematics are not properly implemented in modern computer hardware without having to truncate numbers and calculations. Many of the most common operating systems, network protocols and programming languages used today were first conceived without the basic principles of security in mind. Compromises are made to maintain compatibility of newer versions of these systems with previous versions. Evolving software inherits all flaws and risks that are present in this layered and interdependent solution. Lastly, there are no formal ways to prove software correctness using neither mathematics nor definitive authority to assert the absence of vulnerabilities. The slightest coding error can lead to a fatal flaw. Without a doubt, vulnerabilities in software applications will continue to be part of our daily lives for years to come. Decisions made by adopters such as whether to install a patch, upgrade a system or employed insecure configurations create externalities that have implications on the security of other systems. Proper cyber hygiene and education are vital to stop the proliferation of computer worms, viruses and botnets. Furthermore, end users, corporations and large governments directly influence software vendors’ decisions to invest on security by voting with their money every time software is purchased or pirated. Security researchers largely influence the overall state of software security depending on the approach taken to disclose findings. While many believe full disclosure practices helped the software industry to advance security in the past, several of the most devastating computer worms were created by borrowing from information detailed by researcher’s full disclosure. Both incentives and penalties were created for security researchers: a number of stories of vendors suing security researchers are available in the press. Some countries enacted laws banning the use and development of “hacking tools”. At the same time, companies such as iDefense promoted the creation of a market for security vulnerabilities providing rewards that are larger than a year’s worth of salary for a software practitioner in countries such as China and India. Effective policy and standards can serve as leverage to fix the problem either by providing incentives or penalties. Attempts such PCI created a perverse incentive that diverted decision makers’ goals to compliance instead of security. Stiff mandates and ineffective laws have been observed internationally. Given the fast pace of the industry, laws to combat software vulnerabilities may become obsolete before they are enacted. Alternatively, the government can use its own buying power to encourage adoption of good security standards. One example of this is the Federal Desktop Core Configuration (FDCC). The proposed presentation is based on the research done by Cassio Goldschmidt, Sr. Manager at Symantec Corporation; Melissa J. Dark, Professor & Assistant Dean Department of Computer and Information Technology Purdue University and Hina Chaudhry, PhD. Candidate at Purdue University and is reflection of the role of each player involved in the software lifecycle and the incentives (and disincentives) they have to perform the task, the network effects of their actions and the results on the state of software security.
-
6:45
»
SecDocs
Authors:
Cassio Goldschmidt Tags:
vulnerability Event:
Black Hat DC 2011 Abstract: Who is responsible for the harm and risk of security flaws? The advent of worldwide networks such as the internet made software security (or the lack of software security) became a problem of international proportions. There are no mathematical/statistical risk models available today to assess networked systems with interdependent failures. Without this tool, decision-makers are bound to overinvest in activities that don’t generate the desired return on investment or under invest on mitigations, risking dreadful consequences. Experience suggests that no party is solely responsible for the harm and risk of software security flaws but a model of partial responsibility can only emerge once the duties and motivations of all parties are examine and understood. State of the art practices in software development won’t guarantee products free of flaws. The infinite principles of mathematics are not properly implemented in modern computer hardware without having to truncate numbers and calculations. Many of the most common operating systems, network protocols and programming languages used today were first conceived without the basic principles of security in mind. Compromises are made to maintain compatibility of newer versions of these systems with previous versions. Evolving software inherits all flaws and risks that are present in this layered and interdependent solution. Lastly, there are no formal ways to prove software correctness using neither mathematics nor definitive authority to assert the absence of vulnerabilities. The slightest coding error can lead to a fatal flaw. Without a doubt, vulnerabilities in software applications will continue to be part of our daily lives for years to come. Decisions made by adopters such as whether to install a patch, upgrade a system or employed insecure configurations create externalities that have implications on the security of other systems. Proper cyber hygiene and education are vital to stop the proliferation of computer worms, viruses and botnets. Furthermore, end users, corporations and large governments directly influence software vendors’ decisions to invest on security by voting with their money every time software is purchased or pirated. Security researchers largely influence the overall state of software security depending on the approach taken to disclose findings. While many believe full disclosure practices helped the software industry to advance security in the past, several of the most devastating computer worms were created by borrowing from information detailed by researcher’s full disclosure. Both incentives and penalties were created for security researchers: a number of stories of vendors suing security researchers are available in the press. Some countries enacted laws banning the use and development of “hacking tools”. At the same time, companies such as iDefense promoted the creation of a market for security vulnerabilities providing rewards that are larger than a year’s worth of salary for a software practitioner in countries such as China and India. Effective policy and standards can serve as leverage to fix the problem either by providing incentives or penalties. Attempts such PCI created a perverse incentive that diverted decision makers’ goals to compliance instead of security. Stiff mandates and ineffective laws have been observed internationally. Given the fast pace of the industry, laws to combat software vulnerabilities may become obsolete before they are enacted. Alternatively, the government can use its own buying power to encourage adoption of good security standards. One example of this is the Federal Desktop Core Configuration (FDCC). The proposed presentation is based on the research done by Cassio Goldschmidt, Sr. Manager at Symantec Corporation; Melissa J. Dark, Professor & Assistant Dean Department of Computer and Information Technology Purdue University and Hina Chaudhry, PhD. Candidate at Purdue University and is reflection of the role of each player involved in the software lifecycle and the incentives (and disincentives) they have to perform the task, the network effects of their actions and the results on the state of software security.
-
-
21:51
»
SecDocs
Authors:
Jens Ohlig Tags:
privacy Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A look at the technical, political and cultural backgound of the Great Firewall of China. Practical tips for travellers to China on how to circumvent censorship and ideas on how Chinese cyber-culture may be different. The most populous country in the world, the People's Republic of China, is both an exciting and emerging cyber-society as well as a nation with harsh restrictions imposed by the government. Crackdowns against dissidents are prevalent and censorship of online content is ubiquitous. In this presentation, we shall try to give a general survey on Internet censorship in the "Middle Kingdom". Using data gathered by independant NGOs such as Amnesty International, we'll look at the human rights situation with a focus on Freedom of Speech, Freedom of the Press, and Internet Freedom. On a more technical side, we'll see how the "Great Firewall of China" is implemented. Finally, we'll discuss means of circumventing Internet censorship using methods found in the literature (proxies, onion routing) and through our own research.
-
21:51
»
SecDocs
Authors:
Jens Ohlig Tags:
privacy Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A look at the technical, political and cultural backgound of the Great Firewall of China. Practical tips for travellers to China on how to circumvent censorship and ideas on how Chinese cyber-culture may be different. The most populous country in the world, the People's Republic of China, is both an exciting and emerging cyber-society as well as a nation with harsh restrictions imposed by the government. Crackdowns against dissidents are prevalent and censorship of online content is ubiquitous. In this presentation, we shall try to give a general survey on Internet censorship in the "Middle Kingdom". Using data gathered by independant NGOs such as Amnesty International, we'll look at the human rights situation with a focus on Freedom of Speech, Freedom of the Press, and Internet Freedom. On a more technical side, we'll see how the "Great Firewall of China" is implemented. Finally, we'll discuss means of circumventing Internet censorship using methods found in the literature (proxies, onion routing) and through our own research.
-
21:51
»
SecDocs
Authors:
Jens Ohlig Tags:
privacy Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: A look at the technical, political and cultural backgound of the Great Firewall of China. Practical tips for travellers to China on how to circumvent censorship and ideas on how Chinese cyber-culture may be different. The most populous country in the world, the People's Republic of China, is both an exciting and emerging cyber-society as well as a nation with harsh restrictions imposed by the government. Crackdowns against dissidents are prevalent and censorship of online content is ubiquitous. In this presentation, we shall try to give a general survey on Internet censorship in the "Middle Kingdom". Using data gathered by independant NGOs such as Amnesty International, we'll look at the human rights situation with a focus on Freedom of Speech, Freedom of the Press, and Internet Freedom. On a more technical side, we'll see how the "Great Firewall of China" is implemented. Finally, we'll discuss means of circumventing Internet censorship using methods found in the literature (proxies, onion routing) and through our own research.
-
-
10:10
»
Hack a Day
The Nixie tube, a neon-filled tube with a series of 10 cathodes shaped like numerals, is a classic display for any build wanting a unique, vintage, or steampunk aesthetic. We shouldn’t be surprised a factory in China is now turning out Arduino-compatable Nixie modules (English translation, but don’t get your hopes up), but there it is. [...]
-
-
21:43
»
SecDocs
Authors:
Sebastian Wolfgarten Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk analyzes large-scale, countrywide Internet content filtering from a technical point of view and investigates the current situation in the People’s Republic of China. Additionally it discusses techniques to effectively defeat censorship and based on various tests conducted by the author, comments on their applicability in the Chinese part of the Internet. Nowadays the Internet has become an essential element of the world’s media landscape and our everyday lives. Thus for many people sending and receiving emails, chatting with friends, researching information or even purchasing goods online is almost as common as watching TV or listening to the radio. Interestingly without being further challenged it is generally taken for granted in the Western world that based on human rights, constitutions, legal systems and moral values, access to the Internet is provided freely, unlimited and most importantly unfiltered. But in reality the situation for millions of users world-wide is completely different: "Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information" [1]. In an attempt to create virtual frontiers in cyberspace countries such as China, Vietnam, Tunisia, Iran, Saudi Arabia and Syria [1] have installed a multiplicity of technical and non-technical controls to censor the Internet and prevent their citizens from accessing or publishing information the government regards as illegal. Therewith these countries are denying essential human rights to their citizens and specifically violate article 19 of the Universal Declaration of Human Rights which states that "everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers" [2]. In order to gain a further understanding of the functionality and the extent of such censorship, this talk investigates large-scale, countrywide Internet content filtering from a technical point of view. Therefore at first it discusses various means of filtering a government might enforce to perform censoring. Next it investigates the current situation of Internet filtering in the People's Republic of China and presents the implications for Chinese users by providing concrete examples. Finally this presentation particularly highlights techniques to circumvent Internet censorship focusing on practical and easy to use solutions that are applicable in China.
-
21:43
»
SecDocs
Authors:
Sebastian Wolfgarten Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk analyzes large-scale, countrywide Internet content filtering from a technical point of view and investigates the current situation in the People’s Republic of China. Additionally it discusses techniques to effectively defeat censorship and based on various tests conducted by the author, comments on their applicability in the Chinese part of the Internet. Nowadays the Internet has become an essential element of the world’s media landscape and our everyday lives. Thus for many people sending and receiving emails, chatting with friends, researching information or even purchasing goods online is almost as common as watching TV or listening to the radio. Interestingly without being further challenged it is generally taken for granted in the Western world that based on human rights, constitutions, legal systems and moral values, access to the Internet is provided freely, unlimited and most importantly unfiltered. But in reality the situation for millions of users world-wide is completely different: "Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information" [1]. In an attempt to create virtual frontiers in cyberspace countries such as China, Vietnam, Tunisia, Iran, Saudi Arabia and Syria [1] have installed a multiplicity of technical and non-technical controls to censor the Internet and prevent their citizens from accessing or publishing information the government regards as illegal. Therewith these countries are denying essential human rights to their citizens and specifically violate article 19 of the Universal Declaration of Human Rights which states that "everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers" [2]. In order to gain a further understanding of the functionality and the extent of such censorship, this talk investigates large-scale, countrywide Internet content filtering from a technical point of view. Therefore at first it discusses various means of filtering a government might enforce to perform censoring. Next it investigates the current situation of Internet filtering in the People's Republic of China and presents the implications for Chinese users by providing concrete examples. Finally this presentation particularly highlights techniques to circumvent Internet censorship focusing on practical and easy to use solutions that are applicable in China.
-
21:43
»
SecDocs
Authors:
Sebastian Wolfgarten Tags:
privacy Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk analyzes large-scale, countrywide Internet content filtering from a technical point of view and investigates the current situation in the People’s Republic of China. Additionally it discusses techniques to effectively defeat censorship and based on various tests conducted by the author, comments on their applicability in the Chinese part of the Internet. Nowadays the Internet has become an essential element of the world’s media landscape and our everyday lives. Thus for many people sending and receiving emails, chatting with friends, researching information or even purchasing goods online is almost as common as watching TV or listening to the radio. Interestingly without being further challenged it is generally taken for granted in the Western world that based on human rights, constitutions, legal systems and moral values, access to the Internet is provided freely, unlimited and most importantly unfiltered. But in reality the situation for millions of users world-wide is completely different: "Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information" [1]. In an attempt to create virtual frontiers in cyberspace countries such as China, Vietnam, Tunisia, Iran, Saudi Arabia and Syria [1] have installed a multiplicity of technical and non-technical controls to censor the Internet and prevent their citizens from accessing or publishing information the government regards as illegal. Therewith these countries are denying essential human rights to their citizens and specifically violate article 19 of the Universal Declaration of Human Rights which states that "everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers" [2]. In order to gain a further understanding of the functionality and the extent of such censorship, this talk investigates large-scale, countrywide Internet content filtering from a technical point of view. Therefore at first it discusses various means of filtering a government might enforce to perform censoring. Next it investigates the current situation of Internet filtering in the People's Republic of China and presents the implications for Chinese users by providing concrete examples. Finally this presentation particularly highlights techniques to circumvent Internet censorship focusing on practical and easy to use solutions that are applicable in China.
-
11:01
»
Hack a Day
As an engineer at Spectrum Design in Minneapolis, [Carl] works with clients to get their product out to the masses. When designing a new USB-powered device, one client thought it would be a great idea to include a USB car charger with the device. The client promptly ordered a few thousand car chargers from China and everything [...]
-
-
15:14
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Websites like Wikipedia and Blogspot are increasingly being blocked by government-level firewalls around the world. Although many people use the Tor anonymity network to get around this censorship, the current Tor network is not designed to withstand a government-level censor. In this talk we describe a design for providing access to the Tor network that is harder to block.
-
15:02
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Websites like Wikipedia and Blogspot are increasingly being blocked by government-level firewalls around the world. Although many people use the Tor anonymity network to get around this censorship, the current Tor network is not designed to withstand a government-level censor. In this talk we describe a design for providing access to the Tor network that is harder to block.
-
15:00
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: Websites like Wikipedia and Blogspot are increasingly being blocked by government-level firewalls around the world. Although many people use the Tor anonymity network to get around this censorship, the current Tor network is not designed to withstand a government-level censor. In this talk we describe a design for providing access to the Tor network that is harder to block.
-
-
6:10
»
Hack a Day
After [Pyrofer] built a quadcopter, he purchased a cheap 6-channel transmitter made in China. Unfortunately, that transmitter was terrible so he took an old PS2 controller and built his own. For his build, [Pyrofer] broke out the analog sticks and wired them to an AVR housed in the handle of the controller. The AVR sent [...]
-
-
21:44
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: Come talk with Roger Dingledine, Tor project leader, about some of the challenges in the anonymity world. How do we get enough users? How do we get enough servers? How does public perception impact the level of anonymity a system can provide? How should we be interacting with law enforcement? How can we patch Wikipedia so it no longer needs to fear anonymous users -- or can we do it without changing Wikipedia at all? Can we protect Tor users who want to keep running their active content plugins? When are we going to see well-documented and well-analyzed LiveCD, USB, virtual machine, and wireless router images for easier and safer deployment? Should Tor switch to transporting IP packets, or should it continue to work at the TCP layer? How do we scale the directory system while handling heterogeneous and unreliable nodes, and without sacrificing security? Are three-hop paths really still better than two hops? What are the performance/legal/security tradeoffs of caching content at the exit nodes? Are padding and traffic shaping still bad ideas? Why aren't more people using hidden services and censorship-resistant publishing? Is everybody comfortable with having corporate and government users on the same network? How's it going with China and Saudi Arabia? What development projects does The Tor Project need your help with? Roger will give you his best answers for some of these topics and more, but you are encouraged to bring your own questions too.
-
21:44
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: Come talk with Roger Dingledine, Tor project leader, about some of the challenges in the anonymity world. How do we get enough users? How do we get enough servers? How does public perception impact the level of anonymity a system can provide? How should we be interacting with law enforcement? How can we patch Wikipedia so it no longer needs to fear anonymous users -- or can we do it without changing Wikipedia at all? Can we protect Tor users who want to keep running their active content plugins? When are we going to see well-documented and well-analyzed LiveCD, USB, virtual machine, and wireless router images for easier and safer deployment? Should Tor switch to transporting IP packets, or should it continue to work at the TCP layer? How do we scale the directory system while handling heterogeneous and unreliable nodes, and without sacrificing security? Are three-hop paths really still better than two hops? What are the performance/legal/security tradeoffs of caching content at the exit nodes? Are padding and traffic shaping still bad ideas? Why aren't more people using hidden services and censorship-resistant publishing? Is everybody comfortable with having corporate and government users on the same network? How's it going with China and Saudi Arabia? What development projects does The Tor Project need your help with? Roger will give you his best answers for some of these topics and more, but you are encouraged to bring your own questions too.
-
21:44
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: Come talk with Roger Dingledine, Tor project leader, about some of the challenges in the anonymity world. How do we get enough users? How do we get enough servers? How does public perception impact the level of anonymity a system can provide? How should we be interacting with law enforcement? How can we patch Wikipedia so it no longer needs to fear anonymous users -- or can we do it without changing Wikipedia at all? Can we protect Tor users who want to keep running their active content plugins? When are we going to see well-documented and well-analyzed LiveCD, USB, virtual machine, and wireless router images for easier and safer deployment? Should Tor switch to transporting IP packets, or should it continue to work at the TCP layer? How do we scale the directory system while handling heterogeneous and unreliable nodes, and without sacrificing security? Are three-hop paths really still better than two hops? What are the performance/legal/security tradeoffs of caching content at the exit nodes? Are padding and traffic shaping still bad ideas? Why aren't more people using hidden services and censorship-resistant publishing? Is everybody comfortable with having corporate and government users on the same network? How's it going with China and Saudi Arabia? What development projects does The Tor Project need your help with? Roger will give you his best answers for some of these topics and more, but you are encouraged to bring your own questions too.
-
-
14:01
»
Hack a Day
The folks at Null Space Labs bought a 40W CO2 laser tube in order to build their own laser cutter. Unfortunately nobody really wants to build a laser cutter; they just want to play with a laser cutter. So they ended up biting the bullet and ordering a $4000 model from China. That’s it hovering in [...]
-
-
15:22
»
SecDocs
Tags:
phone Event:
Chaos Communication Camp 2011 Abstract: The most ubiquitous device on the planet is arguably the mobile phone. Tragically, it is also a device built under some of the worst living and working conditions in the world. This is the story of a mission - To build the world's first ethical phone. The most ubiquitous device on the planet is arguably the mobile phone. We use them, we need them, we get new ones every few years. Our old phones are either in a drawer, a landfill, or in the hands of those people in places like China and Brazil where old electronics are broken down or repurposed. Meanwhile in many parts of one of the most troubled nations in the world, the minerals that make are new phones are being mined under some very questionable circumstances. From some of the worst labor conditions in the world comes the cobalt and other essential minerals that will one day be your iphone. -- Is this how it simply has to be? -- A group in the Netherlands has embarked on an ambitious, risky, and little known quest - To build the world's first ethical phone. Are where did they start? In the Congo of course...
-
-
9:01
»
Hack a Day
The Raspberry Pi was launched nearly a month ago, but these wonderful cheap single-board computers are still on their way from China to the workbenches of hackers and builders around the globe. Although they haven’t shipped yet, plenty of people are chomping at the bit to do something useful with the Raspi. [Nicholas] figured he [...]
-
-
22:30
»
SecDocs
Authors:
Jacob Appelbaum Roger Dingledine Tags:
Tor privacy Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Iran blocked Tor handshakes using Deep Packet Inspection (DPI) in January 2011 and September 2011. Bluecoat tested out a Tor handshake filter in Syria in June 2011. China has been harvesting and blocking IP addresses for both public Tor relays and private Tor bridges for years. Roger Dingledine and Jacob Appelbaum will talk about how exactly these governments are doing the blocking, both in terms of what signatures they filter in Tor (and how we've gotten around the blocking in each case), and what technologies they use to deploy the filters -- including the use of Western technology to operate the surveillance and censorship infrastructure in Tunisia (Smartfilter), Syria (Bluecoat), and other countries. We'll cover what we've learned about the mindset of the censor operators (who in many cases don't want to block Tor because they use it!), and how we can measure and track the wide-scale censorship in these countries. Last, we'll explain Tor's development plans to get ahead of the address harvesting and handshake DPI arms races.
-
-
22:40
»
SecDocs
Authors:
Jacob Appelbaum Roger Dingledine Tags:
Tor privacy Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Iran blocked Tor handshakes using Deep Packet Inspection (DPI) in January 2011 and September 2011. Bluecoat tested out a Tor handshake filter in Syria in June 2011. China has been harvesting and blocking IP addresses for both public Tor relays and private Tor bridges for years. Roger Dingledine and Jacob Appelbaum will talk about how exactly these governments are doing the blocking, both in terms of what signatures they filter in Tor (and how we've gotten around the blocking in each case), and what technologies they use to deploy the filters -- including the use of Western technology to operate the surveillance and censorship infrastructure in Tunisia (Smartfilter), Syria (Bluecoat), and other countries. We'll cover what we've learned about the mindset of the censor operators (who in many cases don't want to block Tor because they use it!), and how we can measure and track the wide-scale censorship in these countries. Last, we'll explain Tor's development plans to get ahead of the address harvesting and handshake DPI arms races.
-
-
21:38
»
SecDocs
Authors:
Stefan Zehl Tags:
hardware hacking microcontroller Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Now you've got that r0ket thing. What to do with it? If you have a r0ket, bring it to our talk! We will try to play a game of pong with every participant. You need the l0dable r_game to join the fun :) As we won't be using cryptokeys, you'll need the new 28c3 firmware so the l0dable will run and everything else works. For CCCamp 2011 we designed r0ket with team r0ket. Besides being a shiny electronic name tag, the r0ket is an easy to use full featured microcontroller development board. 3000 r0kets were given to the participants, to be creative. At Camp we already told you about the journey to getting everything ready. In r0ket++ we will tell you what happened since camp and what we learned from moving the whole production of r0ket to China. You will get more information about writing your own software for r0ket. And finally you will find out, what your r0ket does at 28c3: Besides using r0ket as a rem0te, you can participate in an openBeacon based tracking.
-
21:38
»
SecDocs
Authors:
Stefan Zehl Tags:
hardware hacking microcontroller Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Now you've got that r0ket thing. What to do with it? If you have a r0ket, bring it to our talk! We will try to play a game of pong with every participant. You need the l0dable r_game to join the fun :) As we won't be using cryptokeys, you'll need the new 28c3 firmware so the l0dable will run and everything else works. For CCCamp 2011 we designed r0ket with team r0ket. Besides being a shiny electronic name tag, the r0ket is an easy to use full featured microcontroller development board. 3000 r0kets were given to the participants, to be creative. At Camp we already told you about the journey to getting everything ready. In r0ket++ we will tell you what happened since camp and what we learned from moving the whole production of r0ket to China. You will get more information about writing your own software for r0ket. And finally you will find out, what your r0ket does at 28c3: Besides using r0ket as a rem0te, you can participate in an openBeacon based tracking.
-
-
14:01
»
Hack a Day
Boeng and the US military found some systems on new P-8 Posiedons to be defective. The culprit: counterfeit electronics. These are scrap parts from 80s-90s electronics that have been re-branded and sold to the government as new. Many of the parts have been linked to dealers in China, but the Chinese government feels no need [...]
-
-
11:52
»
SecDocs
Authors:
Anthony Lai Colin Ames Val Smith Tags:
exploiting Event:
Black Hat USA 2010 Abstract: China has become a major player in the security community in recent years. From numerous news articles regarding government, military and commercial spying, to high profile cases such as the recent attack on Google, the tools, research and hacking groups coming out of China are are high on everyone's radar. This talk will provide an analysis of the Chinese hacking community, including its capabilities, goals, and cultural differences as well as similarities. A deep technical analysis and reverse engineering of prominent Chinese tools and techniques will be provided as well. We will highlight specifics such as binary obfuscators, encryption, and specific stealth techniques in order to round out an, up til now, spotty picture about this formidible member of the security community.
-
-
8:01
»
Hack a Day
Many westerners visiting or living in China may observe the art of “water calligraphy” and some may even try to imitate it. However, media artist [Nicholas Hanna] decided to take a totally new approach and make his own water painting machine. Someone less creative would have devised some imitation of a human, but [Nicholas] decided [...]
-
-
7:01
»
Hack a Day
[jethomson] sent in a build he’s been working on that turns an inexpensive AVR programmer into a development board. The build is based on the very affordable USBasp programmer that’s based on an ATmega8. With hundreds of these boards available from China for less than a Hamilton, we’re wondering how soon it will be before [...]
-
-
7:01
»
Hack a Day
Hackaday reader [svofski] sent in a fantastic looking hard drive-based POV clock (Google Translation) created by a maker in the Sichuan province of China. The clock, like the one [svofski] built, relies on LEDs placed behind the spinning platter to create the POV effect. Quite a few carefully placed cuts have been made to the platter, [...]
-
-
10:18
»
Hack a Day
A while ago when he was working in China, [Phillip Torrone] started learning Mandarin Chinese in order to help him communicate more efficiently with his peers. Unfortunately, once he returned to the US, he slowly started forgetting most of what he had learned. He recently wrote a piece over at Make: explaining why he’s attempting [...]
-
-
4:04
»
Hack a Day
[Mathieu] was on holiday in China and picked up some fun toys while perusing the numerous electronics markets there. The most interesting things he discovered were a pair of RGB LED matrices. They came in two different flavors, one made for indoor and one for outdoor displays, sporting a 64×32 and 32×16 resolution, respectively. If [...]
-
-
15:22
»
Packet Storm Security Advisories
Cisco Security Response - Cisco PSIRT is actively working with NCNIPC (China) to further understand the details of what is reported in the bugtraq postings. At this stage Cisco PSIRT cannot confirm the existence of any new vulnerabilities in Cisco IOS Software based on the information that is currently available.
-
15:22
»
Packet Storm Security Recent Files
Cisco Security Response - Cisco PSIRT is actively working with NCNIPC (China) to further understand the details of what is reported in the bugtraq postings. At this stage Cisco PSIRT cannot confirm the existence of any new vulnerabilities in Cisco IOS Software based on the information that is currently available.
-
15:22
»
Packet Storm Security Misc. Files
Cisco Security Response - Cisco PSIRT is actively working with NCNIPC (China) to further understand the details of what is reported in the bugtraq postings. At this stage Cisco PSIRT cannot confirm the existence of any new vulnerabilities in Cisco IOS Software based on the information that is currently available.
-
-
11:03
»
Packet Storm Security Recent Files
CPSCom 2011 Call For Workshop Proposals - The 4th IEEE International Conference on Cyber, Physical, and Social Computing will be held in Dalian, China, on October 19th, 2011.
-
11:03
»
Packet Storm Security Misc. Files
CPSCom 2011 Call For Workshop Proposals - The 4th IEEE International Conference on Cyber, Physical, and Social Computing will be held in Dalian, China, on October 19th, 2011.
-
-
8:47
»
Hack a Day
We here at Hackaday have been pining over these cheap laser cutters on the e-bay. They are, however, just outside of the price range to make them worth ponying up for. [Stephen Hobley] however seems to have taken one for the team in his three part series, and is allowing us to live vicariously through [...]
-
-
23:06
»
Sophos security news
Q1 2010 statistics show China dramatically disappears from list of worse spam-relaying nations for the first time.
-
-
0:00
»
Packet Storm Security Recent Files
Technical Cyber Security Alert 2010-55A - Malicious activity detected in mid-December targeted at least 20 organizations representing multiple industries including chemical, finance, information technology, and media. Investigation into this activity revealed that third parties routinely accessed the personal email accounts of dozens of users based in the United States, China, and Europe. Further analysis revealed these users were victims of previous phishing scams through which threat actors successfully gained access to their email accounts.
-
-
23:00
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2010-55A - Malicious activity detected in mid-December targeted at least 20 organizations representing multiple industries including chemical, finance, information technology, and media. Investigation into this activity revealed that third parties routinely accessed the personal email accounts of dozens of users based in the United States, China, and Europe. Further analysis revealed these users were victims of previous phishing scams through which threat actors successfully gained access to their email accounts.
-
-
2:00
»
darkc0de
China shuts down training website for hackers
-
-
21:06
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor privacy Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: Tor was originally designed as a civil liberties tool for people in the West. But if governments can block connections *to* the Tor network, who cares that it provides great anonymity? A few years ago we started adapting Tor to be more robust in countries like China. We streamlined its network communications to look more like ordinary SSL, and we introduced "bridge relays" that are harder for an attacker to find and block than Tor's public relays. In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.
-
21:06
»
SecDocs
Authors:
Roger Dingledine Tags:
Tor privacy Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: Tor was originally designed as a civil liberties tool for people in the West. But if governments can block connections *to* the Tor network, who cares that it provides great anonymity? A few years ago we started adapting Tor to be more robust in countries like China. We streamlined its network communications to look more like ordinary SSL, and we introduced "bridge relays" that are harder for an attacker to find and block than Tor's public relays. In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping – and harming – the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we thought would work), I'll talk about how the arms race actually seems to be going in practice.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution