TwitterFacebook

This Is Bad: Heartbleed Attack Targets VPN Service

Bad craziness
Technology • Views: 5,192
Image via snoopsmaus

Most of the coverage of the Heartbleed bug has focused on the security problems for websites, but there’s another avenue of attack now being exploited by hackers: the Virtual Private Network (VPN) systems used by many large and small businesses.

Security firm Mandiant reports that it is has observed a Heartbleed attack occurring “in the wild.” The attack targeted a Virtual Private Network service at an unnamed organization, gaining access to its internal corporate network — and it shows that hackers are finding the parts of the internet are least likely to have been updated to protect against Heartbleed.

The attack worked like this. When a user logs into a VPN service, it issues a “session token,” a temporary credential that is supposed to prove that a user has already been authenticated. By stealing the authentication token from the server’s memory, the attacker can impersonate the legitimate user and hijack her connection to the server, gaining access to the organization’s internal network.

This disastrous security hole in OpenSSL may have more effect on these kinds of semi-closed systems than on easily upgraded web servers, because the people who use VPNs and other types of networking applications and devices may not even realize they’re relying on the buggy versions of OpenSSL, and it may be difficult (or even impossible in some cases) to update the software.

But web servers are still a big problem as well; the Washington Post’s Brian Fung points out that we may be seeing some large scale disruptions of the Internet in the not too distant future: Heartbleed Is About to Get Worse, and It Will Slow the Internet to a Crawl.

Estimates of the severity of the bug’s damage have mounted almost daily since researchers announced the discovery of Heartbleed last week. What initially seemed like an inconvenient matter of changing passwords for protection now appears much more serious. New revelations suggest that skilled hackers can use the bug to create fake Web sites that mimic legitimate ones to trick consumers into handing over valuable personal information.

The sheer scale of the work required to fix this aspect of the bug — which makes it possible to steal the “security certificates” that verify that a Web site is authentic — could overwhelm the systems designed to keep the Internet trustworthy.

“Imagine if we found out all at once that all the doors everybody uses are all vulnerable — they can all get broken into,” said Jason Healey, a cybersecurity scholar at the Washington-based Atlantic Council. “The kinds of bad things it enables is largely limited only by the imagination of the bad guys.”

UPDATE at 4/18/14 6:22:46 pm

Please note! We got out in front of the rush to revoke/reissue our SSL certificates right away, the day the bug was announced, so Little Green Footballs is not vulnerable to the problem described in the Washington Post article.

Twitter Timeline: Greenwald Associate Trevor Timm vs. His 9/11 Truther Fans

Embarrassing yet funny
Weird • Views: 6,160

This is telling. Greenwald associate Trevor Timm compares people who think Edward Snowden works with Russia to 9/11 Truthers, and is immediately swarmed with outraged comments from his fans who are 9/11 Truthers.

Snowden’s Op-Ed: Desperately Spinning to Repair the Damage

“Through the Freedom of the Press Foundation”
World • Views: 6,758

Let’s face it — if Edward Snowden’s appearance at Vladimir Putin’s propaganda puppet show yesterday was supposed to improve his image in the US by showing him “questioning” Putin about mass surveillance, it was a miserable failure. Even many of Snowden’s stongest defenders were appalled at that display.

So it should come as no surprise that today, the axis of Snowden is spinning like crazy to try to undo some of that damage — and extend the propaganda opportunity by propping up Snowden as a false dissident. See: Vladimir Putin Must Be Called to Account on Surveillance Just Like Obama | Edward Snowden.

Yes, “just like Obama.” Snowden (or whoever actually wrote this — see below) apparently sees no difference between the two leaders at all.

Putin’s response was remarkably similar to Barack Obama’s initial, sweeping denials of the scope of the NSA’s domestic surveillance programs, before that position was later shown to be both untrue and indefensible.

Snowden’s point in this article is to boast about his bravery and the sacrifices he’s made, and call on Russian journalists to follow up on his ground-breaking work.

When this event comes around next year, I hope we’ll see more questions on surveillance programs and other controversial policies. But we don’t have to wait until then. For example, journalists might ask for clarification as to how millions of individuals’ communications are not being intercepted, analysed or stored, when, at least on a technical level, the systems that are in place must do precisely that in order to function. They might ask whether the social media companies reporting that they have received bulk collection requests from the Russian government are telling the truth.

Sure, Russian journalists might ask those questions. And they might also be murdered for asking those questions.

It should be pointed out, because Glenn Greenwald isn’t going to admit it, that there’s a disclaimer at the bottom of this piece revealing what’s really going on here:

Edward Snowden wrote for the Guardian through the Freedom of the Press Foundation

Who is the “Freedom of the Press Foundation?” Well, the Guardian doesn’t mention it for some reason, but it just happens to be a front group for, yes, you guessed it, the Mighty Glenn Greenwald. This is basically a press release, courtesy of Mother Russia, for the Snowden-Greenwald project.

And of course, today Greenwald praised the bravery and integrity of the piece he (at the very least) helped Snowden put together.

UPDATE at 4/18/14 12:55:34 pm

Greenwald associate Trevor Timm says the Snowden op-ed is “all his words.”

Also see:
The Lies Edward Snowden Tells

NPR Tiny Desk Concert: Tom Brosseau

North Dakota folk music
Music • Views: 10,842

YouTube

Some straight-up white people folk music, with a dry North Dakota edge to it, from Tom Brosseau, a true original.

Tom Brosseau possesses one of the most arresting voices in folk music today. Many people who hear him sing, without knowing his name or face, assume the voice belongs to a woman, as he hovers somewhere around the countertenor range, with an unusually pure tone.

The beauty of Brosseau’s voice is magnified in this Tiny Desk Concert by the spare accompaniment of two acoustic guitars. Brosseau is on rhythm, accompanied by Sean Watkins. Watkins, who also plays and sings with Nickel Creek, produced and plays on Brosseau’s new album, Grass Punks.

Brosseau is unabashedly sentimental and earnest. It informs his plainspoken story-songs, which find beauty and light in heartfelt themes of love and yearning. But Brosseau also possesses a wry sense of humor; you can hear as much in “Cradle Your Device,” a playful take-down of modern technology. The next song he performs, “Stuck on the Roof Again,” tells a true story about the octogenarian newspaper columnist Marilyn Hagerty, who got stuck on the roof of her home in Grand Forks, N.D., after a heavy snowstorm.

Brosseau closes his set with “Today Is a Bright New Day,” a wistful reflection on lost love and the belief that no matter our past disappointments or missteps, the future is full of hope and opportunity. —ROBIN HILTON

Set List

“Cradle Your Device”
“Stuck On The Roof Again”
“Today Is A Bright New Day”

Credits

Producers: Denise DeBelius, Robin Hilton; Audio Engineer: Kevin Wait; Videographers: Denise DeBelius, Gabriella Garcia-Pardo, Olivia Merrion; photo by Jim Tuttle/NPR

SPLC: Users of ‘Stormfront’ Web Forum Responsible for Many Deadly Hate Crimes, Mass Killings

From Southern Poverty Law Center
Terrorism • Views: 13,765

Nearly 100 people in the last five years have been murdered by active users of the leading racist website, Stormfront, according to a report released today by the SPLC’s Intelligence Project.

Registered Stormfront users have been disproportionately responsible for some of the most lethal hate crimes and mass killings since the web forum became the first hate site on the Internet in 1995, a month before the Oklahoma City bombing. The report found that hate killings by Stormfront members began to accelerate rapidly in early 2009, when Barack Obama took office as the nation’s first black president.

A similar racist web forum, Vanguard News Network (VNN), was used by neo-Nazi and former Klan leader Frazier Glenn Miller, who has been charged with the Sunday murder of three people he mistakenly believed were Jews in Overland Park, Kan. Miller, who apparently changed his last name in recent years to Cross, logged more than 12,000 posts on VNN, whose slogan is, “No Jews, Just Right.”

“Stormfront is the murder capital of the racist Internet,” said Heidi Beirich, report author and Intelligence Project director. “It has been a magnet for the deadly and deranged. And VNN is almost as bad.”

More: SPLC Report: Users of Leading White Supremacist Web Forum Responsible for Many Deadly Hate Crimes, Mass Killings

^ back to top ^

TwitterFacebook

Turn off all ads for a full year by subscribing!
For about 33 cents a day (per month) or 22 cents a day (per year), our subscription option turns off all advertisements at LGF!
Read more...

► LGF Headlines

  • Loading...

► Tweeted Articles

  • Loading...

► Tweeted Pages

  • Loading...

► Top 10 Comments

  • Loading...

► Bottom Comments

  • Loading...

► Recent Comments

  • Loading...

► Tools/Info

► Tag Cloud

► Contact

You must have Javascript enabled to use the contact form.
Your email:

Subject:

Message:


Messages may be published unless you request otherwise.
Tech Note:
Using the Contact Form
LGF Pages

This button leads to the main index of LGF Pages, our user-submitted articles. You can post your own LGF Pages simply by registering a free account with us.

Create a Page

This is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.

Last updated: 2014-03-07 2:19 pm PST

LGF User's Guide
Recent Pages
FemNaziBitch
Hobby Lobby Leaders Hope to Spread Bible Course to Thousands of Schools
The president of a company that is currently challenging Obamacare laws before the Supreme Court is also trying to bring a class about the Bible to thousands of schools. Earlier this week, Mustang Public Schools in Oklahoma voted to adopt a Bible course developed under the leadership of Hobby Lobby president Steve Green, according to The Washington Post. Those involved with the course ...

22 minutes ago
Views: 30 • Comments: 0
Tweets: 0 • Rating: 1
Randall Gross
Putin Decrements Our Peace Dividend: U.S. Ground Troops Being Deployed To Poland
If you were looking to the wind down of the Afghan war as creating a potential peace dividend, that's now unlikely due to Putin's nationalistic moves on the Ukraine. Poland and the United States will announce next week the deployment of U.S. ground forces to Poland as part of an expansion of NATO presence in Central and Eastern Europe in response to events in ...

4 hours, 28 minutes ago
Views: 107 • Comments: 0
Tweets: 3 • Rating: 0
palmerskiss
Denmark Shows the World How to Stop Mass Medicating Animals
COPENHAGAN, Denmark -- Michael Nielsen unlocks the door to his pig factory. He doffs his jacket, pants and muddy boots and zips on white coveralls. Then he steps into the maze-like complex housing several thousand pigs. From the birthing room -- where one enormous sow has just delivered 22 squirming piglets -- to the insemination stalls where the next generation is in the ...

15 hours, 39 minutes ago
Views: 95 • Comments: 0
Tweets: 0 • Rating: 0
MichaelJ
Live now - 2014 Rip Curl Pro Bells Beach - ASP World Tour
More: 2014 Rip Curl Pro Bells Beach - ASP Iconic Bells Beach in Victoria, Australia once again hosts the world's best surfers for the 41st running of the Bells Beach Contest. New feature in this broadcast: drone cam!

18 hours, 24 minutes ago
Views: 128 • Comments: 0
Tweets: 3 • Rating: 0
cycroft
Russ Campbell’s Blog: Fiscal Conservatism Seems Alive and Well in Ottawa: 8,900 Public Service Jobs to Be Cut
When Con­ser­v­a­tives un­der Stephen Harper took of­fice in 2006, I was dis­ap­pointed at how much they re­sem­bled their pre­de­ces­sors when it came to their pen­chant for in­creas­ing the size of gov­ern­ment. More: Russ Campbell's Blog: Fiscal Conservatism Seems Alive and Well in Ottawa: 8,900 Public Service Jobs to Be Cut

22 hours, 10 minutes ago
Views: 103 • Comments: 1
Tweets: 0 • Rating: 0
Skip Intro
Why the Temperature of the Yellow Sea Is a Big Deal, and Other Questions About the South Korean Ferry Disaster
The boat ran into trouble several dozen miles from Jindo, an island that sticks out of South Korea's southwestern corner like a little toe. Jindo is surrounded by a group of even smaller islands that are slightly farther afield from the mainland. The ferry was curving around those small islands at the time it issued a distress call. What caused the disaster? We ...

23 hours, 18 minutes ago
Views: 291 • Comments: 3
Tweets: 24 • Rating: 1
Idle Drifter
Calgary stabbings: How knife crime in Canada can cause ‘moral panic’
What Calgary police chief Rick Hanson called the "worst mass murder" in the city's history didn't end at the barrel of a gun. Instead, the 22-year-old suspect identified on Tuesday as Matthew de Grood is accused of entering the kitchen at a house party, taking "a large knife" and using it to fatally stab four men and one woman, all of whom were students ...

2 days, 10 hours ago
Views: 210 • Comments: 4
Tweets: 0 • Rating: 0
aagcobb
New York Electoral College: State Joins National Popular Vote Interstate Compact.
Ben Mathis-Lilley, Slate: New York Electoral College: State Joins National Popular Vote Interstate Compact. Instead of pushing for a Constitutional amendment, which would have to be ratified in 38 states, advocates ask individual state legislatures to pass an agreement: that they'll pledge all their presidential electors to the winner of the national popular vote as soon as enough other states pass the law to ...

2 days, 16 hours ago
Views: 219 • Comments: 7
Tweets: 0 • Rating: 2
Political Atheist
The Insane History of Rockets at Jet Propulsion Laboratories
The Rocket Boys In the late 1930s, a group of Caltech graduate students were booted off campus after blowing up (part of!) their building during a rocket test gone awry. Unwilling to give up on the joy of semi-controlled explosions, the students and a few of their friends headed into the San Gabriel Mountains. They picked a deserted gully -- Arroyo Seco -- ...

3 days, 13 hours ago
Views: 256 • Comments: 0
Tweets: 0 • Rating: 2
iossarian
Drug Companies Want Your Money
Two thematically-related stories on the BBC at the moment: UK drug company Glaxo 'paid bribes to Polish doctors' UK drug company GlaxoSmithKline is facing a criminal investigation in Poland for allegedly bribing doctors, BBC Panorama has discovered. Tamiflu: Millions wasted on flu drug, claims major report Hundreds of millions of pounds may have been wasted on a drug for flu that works no better ...

3 days, 19 hours ago
Views: 261 • Comments: 0
Tweets: 8 • Rating: 0
 Frank says:

Get smart and I'll f*ck you over, sayeth The Lord.