TwitterFacebook

This Is Bad: Heartbleed Attack Targets VPN Service

Bad craziness
Technology • Views: 1,041
Image via snoopsmaus

Most of the coverage of the Heartbleed bug has focused on the security problems for websites, but there’s another avenue of attack now being exploited by hackers: the Virtual Private Network (VPN) systems used by many large and small businesses.

Security firm Mandiant reports that it is has observed a Heartbleed attack occurring “in the wild.” The attack targeted a Virtual Private Network service at an unnamed organization, gaining access to its internal corporate network — and it shows that hackers are finding the parts of the internet are least likely to have been updated to protect against Heartbleed.

The attack worked like this. When a user logs into a VPN service, it issues a “session token,” a temporary credential that is supposed to prove that a user has already been authenticated. By stealing the authentication token from the server’s memory, the attacker can impersonate the legitimate user and hijack her connection to the server, gaining access to the organization’s internal network.

This disastrous security hole in OpenSSL may have more effect on these kinds of semi-closed systems than on easily upgraded web servers, because the people who use VPNs and other types of networking applications and devices may not even realize they’re relying on the buggy versions of OpenSSL, and it may be difficult (or even impossible in some cases) to update the software.

But web servers are still a big problem as well; the Washington Post’s Brian Fung points out that we may be seeing some large scale disruptions of the Internet in the not too distant future: Heartbleed Is About to Get Worse, and It Will Slow the Internet to a Crawl.

Estimates of the severity of the bug’s damage have mounted almost daily since researchers announced the discovery of Heartbleed last week. What initially seemed like an inconvenient matter of changing passwords for protection now appears much more serious. New revelations suggest that skilled hackers can use the bug to create fake Web sites that mimic legitimate ones to trick consumers into handing over valuable personal information.

The sheer scale of the work required to fix this aspect of the bug — which makes it possible to steal the “security certificates” that verify that a Web site is authentic — could overwhelm the systems designed to keep the Internet trustworthy.

“Imagine if we found out all at once that all the doors everybody uses are all vulnerable — they can all get broken into,” said Jason Healey, a cybersecurity scholar at the Washington-based Atlantic Council. “The kinds of bad things it enables is largely limited only by the imagination of the bad guys.”

Twitter Timeline: Greenwald Associate Trevor Timm vs. His 9/11 Truther Fans

Embarrassing yet funny
Weird • Views: 2,814

This is telling. Greenwald associate Trevor Timm compares people who think Edward Snowden works with Russia to 9/11 Truthers, and is immediately swarmed with outraged comments from his fans who are 9/11 Truthers.

Snowden’s Op-Ed: Desperately Spinning to Repair the Damage

“Through the Freedom of the Press Foundation”
World • Views: 3,361

Let’s face it — if Edward Snowden’s appearance at Vladimir Putin’s propaganda puppet show yesterday was supposed to improve his image in the US by showing him “questioning” Putin about mass surveillance, it was a miserable failure. Even many of Snowden’s stongest defenders were appalled at that display.

So it should come as no surprise that today, the axis of Snowden is spinning like crazy to try to undo some of that damage — and extend the propaganda opportunity by propping up Snowden as a false dissident. See: Vladimir Putin Must Be Called to Account on Surveillance Just Like Obama | Edward Snowden.

Yes, “just like Obama.” Snowden (or whoever actually wrote this — see below) apparently sees no difference between the two leaders at all.

Putin’s response was remarkably similar to Barack Obama’s initial, sweeping denials of the scope of the NSA’s domestic surveillance programs, before that position was later shown to be both untrue and indefensible.

Snowden’s point in this article is to boast about his bravery and the sacrifices he’s made, and call on Russian journalists to follow up on his ground-breaking work.

When this event comes around next year, I hope we’ll see more questions on surveillance programs and other controversial policies. But we don’t have to wait until then. For example, journalists might ask for clarification as to how millions of individuals’ communications are not being intercepted, analysed or stored, when, at least on a technical level, the systems that are in place must do precisely that in order to function. They might ask whether the social media companies reporting that they have received bulk collection requests from the Russian government are telling the truth.

Sure, Russian journalists might ask those questions. And they might also be murdered for asking those questions.

It should be pointed out, because Glenn Greenwald isn’t going to admit it, that there’s a disclaimer at the bottom of this piece revealing what’s really going on here:

Edward Snowden wrote for the Guardian through the Freedom of the Press Foundation

Who is the “Freedom of the Press Foundation?” Well, the Guardian doesn’t mention it for some reason, but it just happens to be a front group for, yes, you guessed it, the Mighty Glenn Greenwald. This is basically a press release, courtesy of Mother Russia, for the Snowden-Greenwald project.

And of course, today Greenwald praised the bravery and integrity of the piece he (at the very least) helped Snowden put together.

UPDATE at 4/18/14 12:55:34 pm

Greenwald associate Trevor Timm says the Snowden op-ed is “all his words.”

Also see:
The Lies Edward Snowden Tells

NPR Tiny Desk Concert: Tom Brosseau

North Dakota folk music
Music • Views: 7,768

YouTube

Some straight-up white people folk music, with a dry North Dakota edge to it, from Tom Brosseau, a true original.

Tom Brosseau possesses one of the most arresting voices in folk music today. Many people who hear him sing, without knowing his name or face, assume the voice belongs to a woman, as he hovers somewhere around the countertenor range, with an unusually pure tone.

The beauty of Brosseau’s voice is magnified in this Tiny Desk Concert by the spare accompaniment of two acoustic guitars. Brosseau is on rhythm, accompanied by Sean Watkins. Watkins, who also plays and sings with Nickel Creek, produced and plays on Brosseau’s new album, Grass Punks.

Brosseau is unabashedly sentimental and earnest. It informs his plainspoken story-songs, which find beauty and light in heartfelt themes of love and yearning. But Brosseau also possesses a wry sense of humor; you can hear as much in “Cradle Your Device,” a playful take-down of modern technology. The next song he performs, “Stuck on the Roof Again,” tells a true story about the octogenarian newspaper columnist Marilyn Hagerty, who got stuck on the roof of her home in Grand Forks, N.D., after a heavy snowstorm.

Brosseau closes his set with “Today Is a Bright New Day,” a wistful reflection on lost love and the belief that no matter our past disappointments or missteps, the future is full of hope and opportunity. —ROBIN HILTON

Set List

“Cradle Your Device”
“Stuck On The Roof Again”
“Today Is A Bright New Day”

Credits

Producers: Denise DeBelius, Robin Hilton; Audio Engineer: Kevin Wait; Videographers: Denise DeBelius, Gabriella Garcia-Pardo, Olivia Merrion; photo by Jim Tuttle/NPR

SPLC: Users of ‘Stormfront’ Web Forum Responsible for Many Deadly Hate Crimes, Mass Killings

From Southern Poverty Law Center
Terrorism • Views: 10,607

Nearly 100 people in the last five years have been murdered by active users of the leading racist website, Stormfront, according to a report released today by the SPLC’s Intelligence Project.

Registered Stormfront users have been disproportionately responsible for some of the most lethal hate crimes and mass killings since the web forum became the first hate site on the Internet in 1995, a month before the Oklahoma City bombing. The report found that hate killings by Stormfront members began to accelerate rapidly in early 2009, when Barack Obama took office as the nation’s first black president.

A similar racist web forum, Vanguard News Network (VNN), was used by neo-Nazi and former Klan leader Frazier Glenn Miller, who has been charged with the Sunday murder of three people he mistakenly believed were Jews in Overland Park, Kan. Miller, who apparently changed his last name in recent years to Cross, logged more than 12,000 posts on VNN, whose slogan is, “No Jews, Just Right.”

“Stormfront is the murder capital of the racist Internet,” said Heidi Beirich, report author and Intelligence Project director. “It has been a magnet for the deadly and deranged. And VNN is almost as bad.”

More: SPLC Report: Users of Leading White Supremacist Web Forum Responsible for Many Deadly Hate Crimes, Mass Killings

^ back to top ^

TwitterFacebook

Turn off all ads for a full year by subscribing!
For about 33 cents a day (per month) or 22 cents a day (per year), our subscription option turns off all advertisements at LGF!
Read more...

► LGF Headlines

  • Loading...

► Tweeted Articles

  • Loading...

► Tweeted Pages

  • Loading...

► Top 10 Comments

  • Loading...

► Bottom Comments

  • Loading...

► Recent Comments

  • Loading...

► Tools/Info

► Tag Cloud

► Contact

You must have Javascript enabled to use the contact form.
Your email:

Subject:

Message:


Messages may be published unless you request otherwise.
Tech Note:
Using the Contact Form
LGF Pages

This button leads to the main index of LGF Pages, our user-submitted articles. You can post your own LGF Pages simply by registering a free account with us.

Create a Page

This is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.

Last updated: 2014-03-07 2:19 pm PST

LGF User's Guide
Recent Pages
Randall Gross
Fraternity Closes Chapter Following Vandalism of Statue
The chapter that might secretly want to wear pointy hoods to their toga parties... In the pre-dawn hours of Feb. 16, vandals placed a noose around the neck of the statue and draped over its face a pre-2003 Georgia state flag with a Confederate battle emblem. Three freshmen fraternity members from Georgia, whose names haven't been released, were accused in the incident. They were ...

1 hour, 3 minutes ago
Views: 52 • Comments: 0
Tweets: 0 • Rating: 0
MichaelJ
Live now - 2014 Rip Curl Pro Bells Beach - ASP World Tour
More: 2014 Rip Curl Pro Bells Beach - ASP Iconic Bells Beach in Victoria, Australia once again hosts the world's best surfers for the 41st running of the Bells Beach Contest. New feature in this broadcast: drone cam!

2 hours, 12 minutes ago
Views: 76 • Comments: 0
Tweets: 2 • Rating: 0
palmerskiss
Atheists, Mormon Scholars Talk Religion
A little debate never hurt nobody: Two groups came together Wednesday night to create understanding between groups commonly seen at odds. Two professors of history of The Church of Jesus Christ of Latter-day Saints sat on a panel with two atheist experts for a discussion to dispel misconceptions and seek understanding. A debate seeks a winner, where discussions seek understanding, explained panel moderator Paul ...

2 hours, 13 minutes ago
Views: 53 • Comments: 2
Tweets: 0 • Rating: 1
cycroft
Russ Campbell’s Blog: Fiscal Conservatism Seems Alive and Well in Ottawa: 8,900 Public Service Jobs to Be Cut
When Con­ser­v­a­tives un­der Stephen Harper took of­fice in 2006, I was dis­ap­pointed at how much they re­sem­bled their pre­de­ces­sors when it came to their pen­chant for in­creas­ing the size of gov­ern­ment. More: Russ Campbell's Blog: Fiscal Conservatism Seems Alive and Well in Ottawa: 8,900 Public Service Jobs to Be Cut

5 hours, 58 minutes ago
Views: 74 • Comments: 0
Tweets: 0 • Rating: 0
Skip Intro
Why the Temperature of the Yellow Sea Is a Big Deal, and Other Questions About the South Korean Ferry Disaster
The boat ran into trouble several dozen miles from Jindo, an island that sticks out of South Korea's southwestern corner like a little toe. Jindo is surrounded by a group of even smaller islands that are slightly farther afield from the mainland. The ferry was curving around those small islands at the time it issued a distress call. What caused the disaster? We ...

7 hours, 6 minutes ago
Views: 182 • Comments: 2
Tweets: 20 • Rating: 0
FemNaziBitch
Bystander Effect, or Why This Week Has Been Really Scary
And if you have a friend or loved one who's survived an assault, here's a short list of things you should and shouldn't do to help out. Because if I've learned anything over the past few days, it's that watching someone you care for go through something like this can make you feel unbelievably helpless. But, in spite of that feeling, there are ...

10 hours, 46 minutes ago
Views: 153 • Comments: 1
Tweets: 1 • Rating: 0
Idle Drifter
Calgary stabbings: How knife crime in Canada can cause ‘moral panic’
What Calgary police chief Rick Hanson called the "worst mass murder" in the city's history didn't end at the barrel of a gun. Instead, the 22-year-old suspect identified on Tuesday as Matthew de Grood is accused of entering the kitchen at a house party, taking "a large knife" and using it to fatally stab four men and one woman, all of whom were students ...

1 day, 17 hours ago
Views: 181 • Comments: 4
Tweets: 0 • Rating: 0
aagcobb
New York Electoral College: State Joins National Popular Vote Interstate Compact.
Ben Mathis-Lilley, Slate: New York Electoral College: State Joins National Popular Vote Interstate Compact. Instead of pushing for a Constitutional amendment, which would have to be ratified in 38 states, advocates ask individual state legislatures to pass an agreement: that they'll pledge all their presidential electors to the winner of the national popular vote as soon as enough other states pass the law to ...

2 days ago
Views: 195 • Comments: 7
Tweets: 0 • Rating: 1
Political Atheist
The Insane History of Rockets at Jet Propulsion Laboratories
The Rocket Boys In the late 1930s, a group of Caltech graduate students were booted off campus after blowing up (part of!) their building during a rocket test gone awry. Unwilling to give up on the joy of semi-controlled explosions, the students and a few of their friends headed into the San Gabriel Mountains. They picked a deserted gully -- Arroyo Seco -- ...

2 days, 21 hours ago
Views: 230 • Comments: 0
Tweets: 0 • Rating: 2
iossarian
Drug Companies Want Your Money
Two thematically-related stories on the BBC at the moment: UK drug company Glaxo 'paid bribes to Polish doctors' UK drug company GlaxoSmithKline is facing a criminal investigation in Poland for allegedly bribing doctors, BBC Panorama has discovered. Tamiflu: Millions wasted on flu drug, claims major report Hundreds of millions of pounds may have been wasted on a drug for flu that works no better ...

3 days, 3 hours ago
Views: 247 • Comments: 0
Tweets: 8 • Rating: 0
 Frank says:

Let's just admit that public education is mediocre at best.