E-Learning-Inclusivo (Mashup)

Commotion is a free, open-source communication tool that uses wireless devices to create decentralized mesh networks. Commotion provides a way for you to share your Internet connection with the people around you, but it is not a replacement for your Internet connection. Read more about how Commotion works on our Frequently Asked Questions page.

An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.

It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.

As outlined in a new technical whitepaper from Symantec, Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage.  Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages.  Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=REGIN

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Warriorpride

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Quantum

- http://www.scoop.it/t/securite-pc-et-internet/?tag=cyberwar

- http://www.scoop.it/t/securite-pc-et-internet/?tag=NSA

- http://www.scoop.it/t/securite-pc-et-internet/?tag=TAO

- https://gustmees.wordpress.com/2012/05/21/visual-it-securitypart2-your-computer-as-a-possible-cyber-weapon/

• Apple is dishing out a lot of data behind our backs
• It’s a violation of the customer’s trust and privacy to bypass backup encryption
• There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
• Much of this data simply should never come off the phone, even during a backup.
• Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
• Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like 'lockdownd,' 'pcapd,' 'mobile.file_relay,' and 'house_arrest') that run in the background on over 600 million iOS devices.

Zdziarski's questions for Apple include:

• Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
• Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
• Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
• Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

... and his last slide (page 57 of the PDF) sums it up nicely: 

• Apple is dishing out a lot of data behind our backs
• It’s a violation of the customer’s trust and privacy to bypass backup encryption
• There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
• Much of this data simply should never come off the phone, even during a backup.
• Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
• Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

Germany's Der Spiegel published the new cache, which also shows the NSA struggled to fit all its surveillance data into Excel spreadsheets.

Learn more:

- http://www.scoop.it/t/securite-pc-et-internet/?tag=TOR

Dubbed “AirHopper” by the researchers at Cyber Security Labs at Ben Gurion University, the proof-of-concept technique allows hackers and spies to surreptitiously siphon passwords and other data from an infected computer using radio signals generated and transmitted by the computer and received by a mobile phone. The research was conducted by Mordechai Guri, Gabi Kedma, Assaf Kachlon, and overseen by their advisor Yuval Elovici.

The attack borrows in part from previous research showing how radio signals(.pdf) can be generated by a computer’s video card (.pdf). The researchers in Israel have developed malware that exploits this vulnerability by generating radio signals that can transmit modulated data that is then received and decoded by the FM radio receiver built into mobile phones. FM receivers come installed in many mobile phones as an emergency backup, in part, for receiving radio transmissions when the internet and cell networks are down. Using this function, however, attackers can turn a ubiquitous and seemingly innocuous device into an ingenious spy tool. Though a company or agency may think it has protected its air-gapped network by detaching it from the outside world, the mobile phones on employee desktops and in their pockets still provide attackers with a vector to reach classified and other sensitive data.