Source: How The NSA Can Read Your Emails
Si vous faites un peu de forensics, Bstrings devrait vous intéresser. Cet outil en ligne de commande pour Windows permet de chercher dans des dumps (texte) ou des binaires, des chaines de caractère “intéressantes” comme des URLs, des n° de série, des emails, des adresses IP ou MAC, des chemins d’accès, des numéros de cartes > Lire la suite
The Palinopsia Bug
Is your VirtualBox reading your E-Mail? Reconstruction of FrameBuffers from VRAM
This document describes a method of reading and displaying previously used framebuffers from a variety of popular graphics cards. In all 4 tested laptops the content of the VRAM was not erased upon reboot. It is also possible to show that the content of the host VRAM can be accessed from a VirtualBox guest, thereby leaking possibly confidential information from a trusted host into an untrusted guest machine.
via The Palinopsia Bug.
What is priv8? This is a Firefox addon that uses part of the security model of Firefox OS to create sandboxed tabs. Each sandbox is a completely separated world: it doesn t share COOKIEs, storage, and a lots of other stuff with the rest of Firefox, but just with other tabs from the same sandbox. Each sandbox has a NAME and a color, therefore it will be always easy to identify which tab is sandboxed. Also, these sandboxes are permanent! So, when you OPEN one of them the second time, maybe after a restart, that sandbox will still have the same COOKIEs, same storage, etc – as you left the previous time. You can also switch between sandboxes using the cONTEXT menu for the tab. Here an example: with priv8 you can read your gmail webmail in a tab, and another gmail webmail in another tab at the same time. Still, you can be logged in on Facebook in a tab and not in the others. This is nice! Moreover, if you are a web developer and you want to test a website using multiple accounts, priv8 gives you the opportunity to have each account in a sandboxed tab. Much easier then have multiple profiles or login and logout manung>ally every time! Is it stable? I don t know : It works but more test must be done. Help needed! Known issues: window.OPEN doesn t work from a sandbox and e10s is not supported yet. Priv8 is released under Mozilla Public License.
HughPickens.com writes: It’s common knowledge the NSA collects plenty of data on suspected terrorists as well as ordinary citizens, but the agency also has algorithms in place to filter out information that doesn’t need to be collected or stored for further analysis, such as spam emails. Now Alice Truong reports that during operations in Afghanistan after 9/11, the U.S. was able to analyze laptops formerly owned by Taliban members. According to NSA officer Michael Wertheimer, they discovered an email written in English found on the computers contained a purposely spammy subject line: "CONSOLIDATE YOUR DEBT."
According to Wertheimer, the email was sent to and from nondescript addresses that were later confirmed to belong to combatants. "It is surely the case that the sender and receiver attempted to avoid allied collection of this operational message by triggering presumed "spam" filters (PDF)." From a surveillance perspective, Wertheimer writes that this highlights the importance of filtering algorithms. Implementing them makes parsing huge amounts of data easier, but it also presents opportunities for someone with a secret to figure out what type of information is being tossed out and exploit the loophole.
En matière de cryptographie, elle entraîna la création d’un Centre Technique d’Assistance (ou CTA) visant à permettre aux services de renseignement d’essayer de décrypter les mails chiffrés qu’ils auraient interceptés. La LSQ considéra par ailleurs l’utilisation de logiciels de chiffrement comme une circonstance aggravante, la loi prévoyant en effet de punir de trois ans d’emprisonnement et de 45 000 euros d’amende “le fait, pour quiconque ayant connaissance de la convention secrète de déchiffrement d’un moyen de cryptologie susceptible d’avoir été utilisé pour préparer, faciliter ou commettre un crime ou un délit, de refuser de remettre ladite convention aux autorités judiciaires ou de la mettre en oeuvre, sur les réquisitions de ces autorités”.