WhatsApp leaks Telephone numbers, conversations
It’s easy to eavesdrop on people using the popular mobile messenger WhatsApp. The application sends user names, telephone numbers and even complete instant messages unencrypted over the internet. Adversaries can intercept this information by using a simple network sniffer like the popular Wireshark.
A reader of the Dutch IDG publication Webwereld discovered this vulnerability. He was able to intercept all unencrypted traffic on a network and Webwereld was able to reproduce his findings. At first sight, it looks like WhatsApp is using an SSL secured HTTPS connection to their servers. But this can be falsified on closer inspection. Although all usernames, telephone numbers and all instant messages are transferred via port 443, which is reserved for encrypted traffic, they are sent to WhatsApp’s servers in plain text.
Because of this it’s easy to ascertain private information by using a man-in-the-middle attack. The attack can only be carried out when a smartphone using WhatsApp is connected to an unsecured wireless network, like for instance WiFi hotspots offered at train stations or airports.
Adversaries could also setup a wifi access point with a common SSID of an unencrypted wireless network. This is know as an evil twin network. If the malicious user forwards the requests of the app to the internet, it’s even easier to capture private information. People using only trusted or secured WiFi networks are probably less vulnerable to this attack.
In a statement, WhatsApp says that it “strongly believes in network freedom and privacy” of their users. The company is studying this issue closely but does not wish to comment at this time.
To the discoverer of the vulnerability the company tells a different story. In this comment, WhatsApp states it trusts on 3G and WiFi to protect the traffic. “We do not save or store address book data or your conversations, so there is nothing to encrypt,” a spokeswoman said.
Cisco Accused Of Helping Chinese Police Track Dissidents
Networking equipment maker Cisco and its top executives were sued last week in San Jose, Calif., for allegedly providing censorship and surveillance technology to China in violation of the Alien Torts Statute.
The Alien Torts Statute allows individuals to file claims in U.S. courts over violations of the law of nations or a U.S. treaty. It has become a tool by which victims of torture seek redress for human rights abuses, particularly those alleged to have occurred outside the U.S.
The lawsuit was filed on behalf of Chinese practitioners of Falun Gong, a religious group that faces ongoing persecution by Chinese authorities. In addition to Cisco, the complaint names CEO John Chambers, and two Cisco China executives, as well as other unspecified defendants.
The complaint charges that Cisco “designed, supplied, and helped maintain a censorship and surveillance network known as the Golden Shield in collaboration with Chinese Community Party and Chinese Public Security officials, knowing and intending that it would be utilized [by authorities] to eavesdrop, tap, and intercept communications, identify and track Plaintiffs as Falun Gong members for the specific purpose of subjecting them to gross human rights abuses.”
Cisco disputes these claims. “There is no basis for these allegations against Cisco, and we intend to vigorously defend against them,” a company spokesperson said in an email statement. “Cisco does not operate networks in China or elsewhere, nor does Cisco customize our products in any way that would facilitate censorship or repression. Cisco builds equipment to global standards which facilitate free exchange of information, and we sell the same equipment in China that we sell in other nations worldwide in strict compliance with U.S. government regulations.”
China has proven to be a problematic market for many foreign companies, particularly those in the U.S. In 2005, a Chinese court sentenced Chinese journalist Shi Tao to 10 years in prison for revealing state secrets. Yahoo provided Chinese authorities with critical evidence about Shi Tao’s email communication. The incident prompted a widespread outcry against Yahoo and tarnished the company’s reputation. Two years later, Yahoo offered financial support to the families of Shi Tao and Wang Xiaoning, another jailed dissident, and then-CEO Jerry Yang delivered a public apology to Shi Tao’s mother at a Congressional hearing.
Google in 2006 acknowledged how difficult it was to provide adequate service to users in China, but insisted the compromises it had to make to do business there would lead to a more open China in the years ahead. Then in early 2010, the company changed course and severely curtailed its operations in China, citing “a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google” and attempts to hack into the Gmail accounts of Chinese human rights activists.
This is not the first time Cisco has had to justify its business with in China. Cisco was among several Internet companies that testified on Feb. 15, 2006, before a U.S. House of Representatives International Relations subcommittee on the issue of censorship in China. During the hearing, Mark Chandler, Cisco’s SVP and general counsel, defended his company, asserting, “Cisco does not customize, or develop specialized or unique filtering capabilities, in order to enable different regimes to block access to information.”
Yet the company’s claim that it merely provides neutral technology without being aware of how its products will be used was rebutted two months later in a hearing before the same subcommittee on April 19, 2006, when author Ethan Gutmann cited Cisco brochures from the Shanghai Gold Shield trade show in December 2002 as evidence of the company’s effort to cater to the needs of police authorities.
“Newly translated documents explicitly show Cisco was training the Chinese police in surveillance techniques as early as 2001,” Gutmann claimed.
The lawsuit cites internal Cisco marketing material as part of its evidence, but those documents aren’t public yet and there is no way of knowing if they are the same material cited by Gutmann in his testimony. If such marketing material exists and gets introduced as evidence, it’s likely to play a central role in determining the outcome of the lawsuit.
Article source: http://www.informationweek.com/news/government/policy/229625490?cid=RSSfeed_IWK_All
KPMG exec sentenced for insider trading
A former KPMG senior manager caught insider trading has been ordered to undertake community service for two years.
In the NSW Supreme Court on Friday, Justice Peter Hall sentenced Andrew Dalzell to two years’ imprisonment, to be served by way of ‘an intensive correction order’.
Under the order, the 49-year-old unemployed Randwick man is required to undertake a minimum of 32 hours of community service a month.
He had pleaded guilty to one charge of insider trading, relating to his purchase of 40,000 shares in the printing company Promentum Limited in November 2006.
At the time, the KPMG senior manager was part of a team advising Promentum about a proposal to acquire another printing company, MacMillan Group.
Dalzell paid $52,369 for the shares, but two weeks later when the offence was detected, he resigned from his job and sold the shares at a loss of about $3000.
The judge said the insider trading was at the lower end of seriousness for such offences and did not involve a ‘gross abuse’ of highly confidential information.
Dalzell told the judge that a confidential report to which he had access played only a part in his decision to buy the shares.
Over the years, he had followed printing companies and the report was only a ‘stage-one pitch document’, he said.
In saying he had not recognised he was acting in a criminal way, Dalzell noted he bought the shares in his own ‘unusual’ name and used his usual broker.
But Justice Hall concluded he must have known what he did was ‘wrong and an abuse of trust’, although he may not have been mindful of the serious criminality of his acts.
He said Dalzell’s purchase had the potential to make him substantial profits.
The judge also referred to the need for general deterrence in sentencing, as insider trading had the capacity to undermine the integrity of the market and diminish public confidence.
Article source: http://bigpondnews.com/articles/National/2011/05/20/KPMG_exec_sentenced_for_insider_trading_615457.html
China linked to Taiwan espionage cases
The Irish Times – Saturday, May 21, 2011
CLIFFORD COONAN in Beijing
CHINA WAS linked to two very different cases of espionage yesterday as military prosecutors in Taiwan indicted a general on charges of providing military secrets to China, and a US navy sailor pleaded guilty to trying to sell classified documents to someone he believed was a Chinese intelligence officer.
Maj Gen Lo Hsien-che has been in detention since January and the case has transfixed Taiwan, as it is one of the most serious security breaches in modern Taiwanese history. Military prosecutors said they will seek a sentence of life in prison.
China considers breakaway Taiwan a renegade province, an inviolable part of its territory since Chiang Kai-shek’s Kuomintang lost the civil war with chairman Mao Zedong’s Communists and fled across the Strait of Taiwan in 1949. Both Taiwan and China regularly spy on each other.
Mr Lo “hurt the national interest and national security, and is a big blow to the reputation and morale of the army”, the military said in a statement.
Mr Lo wanted to sell the documents to the Chinese because he believed they would pay the most for them.
He is accused of collecting information related to United States arms sales, passing on military intelligence, spying and taking bribes. He leaked information about an integrated command, communications and control network that Taiwan is establishing with US infrastructure. Mr Lo is the highest-ranking member of the military to spy for China in half a century.
US petty officer 2nd class Bryan Minkyu Martin (22) faces a maximum sentence of life in prison after he pleaded guilty to four counts of attempted espionage.
At his court martial, the intelligence specialist who was stationed at Fort Bragg in North Carolina at the time, preparing for a deployment to Afghanistan, said he accepted $11,500 (€8,100) from an undercover FBI agent known to him only as “Mr Lee” in exchange for information, documents, photographs and images that were classified as secret or top secret.
The documents involved naval operations and intelligence assessments related to military operations in Afghanistan and Iraq. Authorities say the documents were delivered to the agent in November and December.
Mr Martin said he had spoken to the undercover agent by telephone, but had never seen him until their first meeting in a hotel lobby, saying he identified the mysterious “Mr Lee” because he was reading a Chinese newspaper.
Article source: http://rss.feedsportal.com/c/851/f/10846/s/150a0c94/l/0L0Sirishtimes0N0Cnewspaper0Cworld0C20A110C0A5210C1224297465770A0Bhtml/story01.htm
Are your co-workers killing you?
LEON GETTLER OPINION:
You may deal with all types at work, but those irritating co-workers who drive you crazy might even be killing you.
According to this Israeli study, your chances of surviving is higher if you work with people you actually like, while the risk of premature death is reduced for people who report high levels of social support at their job.
The study also had some bad news for women in management roles.
According to the researchers, higher levels of control and decision making that come with working as a manager actually increased the risk of early death for women.
With men, it went the other way, but one assumes much of that fits in with the pressures of having to work with people who are not that supportive lower down the food chain.
Here’s a list of some of the most annoying habits our co-workers may demonstrate.
It includes flogging stuff for their children like lollies and chocolates, brown-nosers who are forever sucking up to the boss, people who fill the office with the stench from lunches eaten at the desk, loud mouths who broadcast their conversations all over the office, and the ones who have annoying mobile phone ring tones (especially those that leave their phones sitting on their desk while they’re off doing something else).
Those who smelled like ash trays and the people with annoying nervous habits like forever clicking their pens also got a mention.
According to HR reporter, other annoying habits include sloppy work, gossiping or engaging in office politics, missing deadlines, being constantly late, and presenting others’ ideas as your own.
Then there are the ones who keep interrupting conversations, who eavesdrop when you’re talking to someone or who suddenly have too much work to do when there is a crisis and everyone has to pitch in.
Add to that, the know it all, the attention seeker, the microwave monopolisers, and the people who talk your ear off.
Then there are the ones who spend all their time updating their status on Facebook or tweeting some inanity. And don’t forget those who yell across cubicles and the people who keep coming in to work when they’re sick, spreading their disease.
This is a long list, and office relationships seem to be under more strain than ever before as open plan offices become the norm and people put in longer hours.
So how do we deal with these problems? Some experts suggest talking it through or, if that fails, putting on a set of headphones to drown it out. You might also ask your boss for help, or establish some sort of paper trail.
Wallace Immen at Canada’s Globe and Mail, recommends being patient and only raising it as an issue if the problem persists, choosing your words carefully (“you mightn’t be aware of this but….”), or asking for a desk relocation. He says you shouldn’t hold grudges, assume its a deliberate, or raise it with them when you are angry.
– BusinessDay.com.au
Article source: http://www.stuff.co.nz/timaru-herald/business/5053831/Are-your-co-workers-killing-you