Spy Files By Wikileaks Said Government Using Malware For Surveillance

The latest round of documents published by Wikileaks offers a rare glimpse into the world of surveillance products. The collection—which Wikileaks calls the Spy Files—includes confidential brochures and slide presentations that companies use to market intrusive surveillance tools to governments and law enforcement agencies. The documents published by Wikileaks include 287 files that describe products from 160 companies. The group says that these files are only the first set of a larger collection and that more will be published in the future. The project is being carried out in collaboration with activist groups such as Privacy International and press organizations such as the Bureau of Investigative Journalism and the Washington Post.

"[The surveillance industry] is, in practice, unregulated. Intelligence agencies, military forces, and police authorities are able to silently, and on mass, and [sic] secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers," wrote Wikileaks in its report.

 "In the last ten years systems for indiscriminate, mass surveillance have become the norm."

Surveillance products revealed in the Spy Files cover a wide range of different communication technologies. Many are designed to circumvent standard privacy and security safeguards in mainstream consumer technology products so that they can collect as much data as possible. Some are even deliberately programmed to operate like malware.

The software will capture the content of encrypted communications—including instant messaging conversations, e-mails, and the user's Web activity—and will relay the data to the party conducting surveillance. The software also includes key logging, remote file access, and has the ability to capture screenshots. The company cites "zero day exploits" and "social engineering" in a bulleted list of ways that its remote forensic software can be installed on the computer of a surveillance target.

For More Information Click Here

SQL Injection Vulnerability, More Than 4000 Websites Under Risk

DNS service provider OpenDNS announced a preview release of a new open source tool named DNSCrypt to enhance internet security. DNSCrypt encrypts all DNS traffic between a user's system and a DNS server. The tool is currently only available for the Mac, with a Windows version promised, and only works with OpenDNS's own DNS service. Normally, DNS information is exchanged between client and server as plain text which makes it vulnerable to snooping or modification and man-in-the-middle attacks. By encrypting the exchange, OpenDNS hopes to make the "last mile" of DNS requests more secure.

 

In the Press Release David Ulevitch Founder/CEO of OpenDNS Said:-

"Today we unveil DNSCrypt, a new security tool we’ve developed that has been on our minds for a long time. It has a simple but important function: encrypt all DNS traffic between you and OpenDNS. Nothing else like it exists, and we have very high expectations for the positive impact it can have on the Internet security and privacy of millions of people around the world.

DNS is a critical part of the Internet’s infrastructure, and though a good deal of attention has been paid to improving its security in recent years with DNSSEC, an important part has been overlooked. It’s what’s often referred to as the “last mile,” or the connection between you and your ISP or your DNS provider, if you use a DNS service like OpenDNS. It’s in this “last mile” that bad things are most likely to happen — snooping, tampering, or even hijacking traffic. Anyone who knows what they’re doing can eavesdrop on your Internet activity and see exactly which domains you are resolving, and in many cases, what websites you’re visiting.

It happens all the time on insecure networks at coffee shops, and even residences. Some ISPs have even been accused of spying on their customers’ activity. What’s worse, the “last mile” is ripe for man-in-the-middle attacks, where an intermediary injects themselves into your traffic path masquerading as your intended destination, but all the while, being able to see and modify your traffic. This leaves little confidence for the Internet user.

DNSCrypt changes this and has the potential to completely revolutionize Internet security. DNS has, unfortunately, always had some inherent weaknesses because it’s transported in plain text. DNSSEC has never attempted to address that (crazy, I know). Encrypting all DNS traffic means a fundamental change to the security of the system on the whole and a strong improvement. It’s not the only solution, and there’s still an important place for verification and validation of domains like DNSSEC provides, but it’s a very strong first step."

For More Info & To Download DNSCrypt Click Here