Computer & Internet Security : Where and What Should I patch?

[enim]

Computer and Internet Security

Computer and Internet Security is the methods of securing computers and computer networks, from information data theft or destructions by unintended or unauthorized access.

Some Quotes...

“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”
– Kevin Mitnick

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”
– Bruce Schneier

Where and What Should I patch?
Where should I start?



What should I trust as damn 100% secure in followings?

Web Servers:
---------------
Root-Access-Vulnerability
Bugs in configuring the Web server.
Insecure CGI/PHP/ASP/JavaScripts.
Insesure Web Designs - HTML files containing dangerous server-side includes.
SQL Injection
Cross Site Scripting (XSS) - Data-Leaks between web-sites
Ad Hijackers - Web sites running nasty ads.
Escalade root-admin previledge.
De-Ciphering (SSL) Secure Sockets Layer Certificate - Time Consuming but possible.
Poorly Designed Protocols - responding to suspected security breaches.
Improper Session Handling
and,
so on...

Routers:
--------
Poor 802.11 security
Leaky & Hackable Routers
Network injection
Caffe Latte attack
Wireless WiFi Intrusion
Poor End-to-end encryption
Packet Sniffing
and,
so on...

Modems:
-------
Security flaw of Ethernet ADSL or Cable modem
Hardware already hacked
Connection Tapping
and,
so on...

Client PC:
-----------
Compromised Operating Systems
Compromised OS Kernels
Viruses, Trojans, Malwares, Key Loggers and so on...
Hackable Anti-Virus, Fire Walls, and Web Browsers
Browser Session Hijacking
Softwares with remote server connections.
Remote Access
and,
so on...

MORE ABOUT SMART MOBILE & PORTABLE DEVICES

Followings are some MAJOR hidden features of electronics toys:
1) Off Line Conversation Tapping
2) Live Call Tapping
3) SMS Messages & IM Tracking
4) E-mails Sniffing
5) Password Stealing
6) Remote Video Recording
7) Remote Pictures Capturing
8) Geo Location Tracking
9) Private Files Stealing
10) Touch Screen new devices might have built-in fingerprint sensor
and so on... too many to be discovered.

Malicious Firmware OS Updates & Downloaded Software Applications from mischievous & untrustworthy sources can lead anywhere.

Did I miss anything?
Of course yes, many things and everything about center block knows as ISP setup.
That's the secret, I guess.

To be a master of all,
How much long am I gonna take to dig everything to the root-level and fix all of them properly?
Where should I start?
-or-
Should I give up b'coz I have more other important priorities and things to do?

As I started with famous quotes, I will end with a quote too, opposed one from The BiG B's,
“The computer was born to create problems that did not exist before.”
– enim

================================================== ===========
Are you still thinking about Computer & Internet Security?
You must be joking, I guess.
-enim

[enim]

Someone here stated somewhere here that Firefox which was most popular browser is least secured browser now a days.
And here it comes for Internet Explorer as well.

Security Update for Internet Explorer (2965111)
Published: May 1, 2014

Version: 1.0

General Information
Executive Summary

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

Here Microsoft clearly stated that An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Microsoft is patching this for all Windows versions, including Windows XP.

As a user of a any particular software, it is damn hard for the user to judge and figure out vulnerabilities already bundled with software(s) he or she is using.

The peril of Internet Surfing is solely on surfer's account. Whom & What to trust is the biggest issue in the world of capitalism. Each and every time poor users are always getting sucked!


So, if you trust, you can go for all sort of online transactions disclosing your private & financial informations.

[enim]

Hackers attacked government, defense contractors and banks by exploiting a flaw in IE

May 2, 2014

According to internet security consultant FireEye, a group of hackers have apparently attacked several U.S. government agencies, defense contractors, energy companies and banks by exploiting the now well known security hole in Microsoft's Internet Explorer.

FireEye is the cybersecurity company that revealed the software bug last week. The company discovered that hackers took advantage of a software design flaw in the Internet Explorer Web browser to secretly take control of computers.

The cyber attack has been called "Operation Clandestine Fox," and affects all versions of Microsoft's IE Web browser. Microsoft has since issued a fix, but FireEye's announcement yesterday greatly underscores that there are already victims.

Hacker's are creaming someone's hard-earned money in a split of second.

Once again, I would like to repeat...
The peril of Internet Surfing is solely on surfer's account. Whom & What to trust is the biggest issue.
Just trust the money, nothing else!

[enim]

Heart Bleed is not yet over, and here it comes XSS now...

Yahoo! was among the first to annouce that website is patched for Heart Bleed.
And, Security saga continues...

May 20, 2014


Yahoo said this morning that it has patched a cross site scripting (XSS) security flaw in the commenting system it uses across most of its websites.

Yahoo supressed two attack vectors affecting a long list of services covering topics as diverse as shopping and sport two weeks after they were reported on May 2nd.

California web deveveloper and security researcher Behrouz Sadeghipour said that attackers could steal Yahoo users session cookies and tokens by injecting some code into the comment system.

According to recent security news, eBay and PayPal, both, are also hacked.

Further more Linux STABLE branch kernel which is released more than four years ago, has been patched for more than forty vulnerabilities just a few days ago.

And, still I am dreaming for Internet and Computer Security.
By the way, whenever I dream about Internet & Computer Security only thing that appears in my dream is a pot with thousands holes.
Just wake me up before you go... go..

[enim]

eBay Inc. To Ask eBay Users To Change Passwords

On Wednesday morning, eBay told its users to change their passwords. The online auction house and retailer announced in a press release that it had been hacked.

Hackers gained unauthorized access to a database that included eBay customers' names, home addresses, dates of birth and encrypted passwords. eBay said that financial information like credit card numbers were stored separately and were not compromised. Encouragingly, the company said it has seen no fraudulent activity as a result of the hack.

eBay Inc. To Ask eBay Users To Change Passwords

eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.

Paypal security breaches is still under BiG question, The breach data will never be released.

I hope, at least eBay & PayPal users computer might be STEALTH with all sort of protections like fire-wall, malware, antivirus, blah.. blah...blah...Ah!

Did I said without firewall, without antivirus with Hacked Kernel I am still surfing here on VH?
I already KISS - Kept It So Simple. So, you do not have to work hard.
With a message ALL IS YOURS what you can get. You are WEL-COME!
Now, I already did.

[enim]

Amazon hit by persistent XSS vulnerability

A security researcher who goes by the nickname "SeeMe" has reported a critical persistent cross-site scripting vulnerability affecting the America's largest online retailer Amazon.com.

Amazon.com persistent XSS bug mirror #1,#2
To reproduce the vulnerability, a Pro Merchant ($39.99) subscription is needed, otherwise you will not be able to list your own product to the Amazon catalog.

And, eBay is not fully recovered from password breach & got second hit by XSS that does not allow user to change the pass word beyond certain length.

As long as money comes-in anyways who cares if sellers and buyers are exposed to severe vulnerabilities? Ala, stupid sellers and buyers. Such site owner's get filthy rich on (bank) account of sellers and buyers.

[yoda313]

There's no such thing as 100% safe.

If you accept that then you can move on with your life.

So long as you're not responsible for fradulent credit card charges I just roll with it.

[usually_quiet]

enim needs to move off this topic. It is old news. We are all aware that hackers always seem to be able to find and exploit vulnerabilities in every system involving money.

[enim]

There's no such thing as 100% safe.

I liked that now you agree.

Where there is a computer, there has to be softwares.
Where there is a software, there has to be bugs.
Where there is a bug, there has to be vulnerabilities.
And, vulnerabilities are Hacker's paradise.

Breaking `128-bit Secure' Crypto

At the $128$-bit security level, they suggested that the new algorithms have no impact on the security of a genus one curve over ${\mathbb F}_{2^{1223}}$, and reduce the security of a genus two curve over ${\mathbb F}_{2^{367}}$ to $94.6$ bits. In this paper we propose a new field representation and efficient descent principles, which together demonstrate that the new techniques can be made practical at the 128-bit security level. In particular, we show that the aforementioned genus one curve offers only $59$ bits of security, and we report a total break of the genus two curve.

And, I think my password is safe enough.

As a matter of facts, No Lies...
My yahoo email account was hacked and hi-jacked.
Once I recovered successfully.
After successful recovery, account was hacked and hi-jacked twice.
Second time, I never bothered.
But, it definitely did - made me think twice, Did that particular email account was really ever belong to me?



Right from the beginning from step zero, The circled loop has been created that way and now it's very hard to escape.
Knowing Nothing & referring themselves a (security or software) GuRus.
Incomplete flawed standards and professors just concerned about their salaries produces dumb software engineers.
But, anyways it works and keeps up rolling.

grub -> regex_internal.c [Warning : Possible Memory leak]

and HERE WE ARE talking about Secure Boot where as GRUB & Kernels are leaky. It is just only matter of feeling so good, while we talk. As you know already that we are doing something on paper (wasting papers).

I do repeat the statement which I made earlier in my first post.

As I started with famous quotes, I will end with a quote too, opposed one from The BiG B's,
“The computer was born to create problems that did not EVEN existed before.”
– enim

[usually_quiet]

enim obviously had some reason for joining here other than a passionate interest in video. Whatever his agenda, I'm not interested. From now on he's on my ignore list.

[enim]

** just ignored **

[enim]

Living in between liking lies, it is tough to accept the truths and to face realities.

================================================== ============

The books convey 50% of knowledge by reading them, Other half you can get it by reading in between lines.
-enim

[aazerty]

Hi ,

@enim : I haven't understood all you said . I agree on the principle .

Whom to trust ? Even the bills are fake .

> ... Other half you can get it by reading in between lines.
Provided that there are no holes between them .

What a life !!!

Regards .

[enim]

@enim : I haven't understood all you said .

Never mind b'coz I do not understand either when it comes to security. I am still trying to understand what it does exactly means.
Some one here just told me it is more like false assurance - false positive.

When I discuss something about security to my sweet heart, after getting the best of the ears, I always get reply "Better You secure your SSA.<--"

[enim]

While tinkering with my own PC and looking/searching for further informations on internet, I reached this web-page, where as majority vulnerabilities listed are related to multi-media softwares.

Just have a look, other versions or other softwares might have some other flaws.
It might be informative to some.

[enim]

Study: 7 in 10 concerned about security of Internet-of-Things

... ... ...
Fortinet conducted a survey of consumers to find out what people think about the security and privacy concerns of the Internet-of-Things.

The survey, titled “Internet of Things: Connected Home,” was produced in partnership with GMI, a division of Lightspeed Research. More than 1,800 consumers between the ages of 20 and 50 who claim to be tech savvy participated in the survey, which was administered in 11 countries around the world, including the United States, Australia, China, Germany, India, and the United Kingdom.
... ... ...
... ... ...
... ... ...
A majority of respondents expressed fear over privacy and trust issues. Nearly 60 percent of those surveyed in the United States agreed with the statement, “Privacy is important to me, and I do not trust how this type of data may be used.”

When asked how they would feel if they discovered that an IoT connected home device was surreptitiously or anonymously gathering information about them and sharing it with others without their knowledge and consent, 67 percent of Americans answered, “Completely violated and extremely angry to the point where I would take action.”
... ... ...
... ... ...
... ... ...

Fortunately or Unfortunately or whatever, I fall into rest 3, but not in 7.
You can take what ever or all data you can get out of my computer, just leave hardware as my assets so that I can at least surf.

[racer-x]

Anyone that wants a fully internet connected home deserves everything that he has coming to him. I have a hard time believing that study. I can't imagine people being that ignorant, but hey, what do I know.......

[enim]

This is the original “Internet of Things: Connected Home” Press Release by Fortinet itself.

Original Press Release by Fortinet is really interesting to read, go-through & understand.

I do not have to reveal Who & What Fortinet is? I guess.

[enim]

The TRUTH about Google's eyes on your Nest – report

Thought your home was safe from corporate surveillance? Think again, because Internet of Stuff supremo Nest is set to share tons of your personal data with its mother company, Google.

As if Google didn't know enough about you, it seems set on enabling Gl*******s to carry out near-constant surveillance of their friends. Now even toasters, fridges and tellies could be keeping a watchful eye on citizens.


Nest Labs has admitted to the Wall Street Journal that some Google apps will now connect to Nest, sending back information about whether a person is in their house or not.

... ... ...
... ... ...

Without any doubts, With a highly effective body like CIA, FBI, NSA and so on...Google wanna know when does CIA, FBI, NSA officer take a break for leak and How long or Do they really shake?



WAKE UP & THINK!
If you folks are entrapped in some sort of (MTS) Monotonous Thinking Syndrome by any means,
it's time now WAKE UP & THINK!

[Dougster]

I thought I was awake. Maybe I need some more coffee.

[enim]

Do Mysterious Google Barges possess any national security threats? it adds up an another chapter to Security Bible.

And, Who knows if these barges are already hacked or not?


I really do not know that Suckermint gonna be a president of United States of America in future or not, but, definitely a president of Sucked-n-Hacked World by now.

[enim]

Suppose I buy a $$$$$ worth pop called Google Glass in a XYZ country, and later on XYZ country decides to pull-out a cable called Google from the main router for some security reasons. Will Google Glass still gonna work in XYZ country?

-or-

Should I save my $$$$$ for Intel Xeon Phi for a powerful processor?
=============================================
Down the road a cute little girl offered me two candies, one marked "Brand Name" and other was marked as "Features". I picked one marked as "Features", & thanked a cute little girl.

[enim]

Microsoft's general counsel calls on Congress to do more to protect users' private data

Congress needs to do more to protect private data of U.S. citizens from government surveillance and the misuse of technology by companies, a top Microsoft executive said Tuesday.

Congress has taken small steps to protect data from surveillance by the U.S. National Security Agency and other government agencies, but lawmakers need to go further, Microsoft’s Brad Smith said during a speech at the Brookings Institute. Lawmakers should also ensure that companies are accountable “to regulators, through regulation” for their privacy practices, Smith said.
... ... ...
... ... ...
... ... ...
The NSA should not be tapping into U.S. tech vendor’s networks without permission, Smith said, as has been reported based on Snowden’s leaks. “We knew what we were asked to do; we knew what we were being required to do,” he said. “We didn’t know what was being done without our knowledge.”

Interested readers may read whole article in-between-the-lines.

Do The Consumers have "Rights To Know" and should know what exactly is happening behind without their knowledge in all electronics & technical devices or the software they are buying and using?

Do The Consumers have to be innocent victims of spyware & root-kits already planted in hacked electronics chips or softwares at Manufacturer's end by the Tech Giants for corporate gains even on top of paying high price for devices and services, both?

[enim]

Google Loon Balloon Landing in New Zealand

Google Loon scares people in New Zealand
A Google Loon Wi-Fi balloon caused panic in New Zealand as a mishap took one down and caused people to call in the emergency services saying that a plane had crashed.

Before investigating any planes that had gone off the radar, authorities sent out a rescue helicopter to investigate the wreckage somewhere off the east coast of New Zealand’s South Island.

The company has been testing out its balloons for over a year, a milestone it has recently reached. These are set to create a network of balloons at high altitudes and offer those on the ground an Internet connection.

The purpose of this entire project is to provide Internet to those who don’t have access to this technology, most often due to the remote location they live in, where the infrastructure has yet to expand.

Google has been trying to learn how to control the balloons with the help of the winds, making them to up and down to maintain their spots. But things don’t always go as planned, as exemplified by this accident.

The company has reportedly confirmed that one of its balloons “landed” in the sea off New Zealand, but that’s mildly put. Perhaps a more accurate term is “crashed,” since the team was unable to keep the balloon in a single place and up in the air because of heavy winds in the area.

... ... ...
... ... ...
... ... ...

You also might have noticed that All North American Media Agencies including Yahoo! are really very busy with news (or a probably video capture) that Is Kim K wearing anything or not?.

[enim]

In continuation with my previous post#16


With one on above...
Why I feel everybody (Whole World) from outside is watching us within our own home?
Why I feel little less holes (windows) in my home with one on below as compared to above?

[enim]

NSA's first ever 'transparency' 'report'

The US Director of National Intelligence James Clapper has published the NSA's first "transparency report", revealing the number of "targets" spied on by the agency.

Its definition of the word transparency, however, makes the data somewhat hard to fathom.


"Within the Intelligence Community, the term 'target' has multiple meanings," the report [PDF], published today, notes.

"For example, 'target' could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws."

Applying this logic, the NSA, in 2013, issued just one order under Section 702 of FISA, but that allowed the surveillance of 89,138 targets – be they individuals, companies or nation states. It also issued 131 orders under FISA's tap and trace provisions, affecting 319 targets, and 1,767 FISA orders based on probable cause that were used against 1,144 targets.

Title five of FISA allows the intelligence agencies to search for business records, including the bulk collection of metadata from US mobile phone records. The NSA made 178 such searches, which affected 172 "individuals, entities, or foreign powers."

When going through vast piles of metadata, the NSA approved 423 search selectors and 248 people "known or presumed US persons" under the business records search procedures.

The report also covers the issuance of national security letters, which are subpoenas from the FBI that – pre-Snowden* and the rebellion by technology companies – recipients weren't allowed to mention they'd received.

Last year federal authorities issued 19,212 national security letters and 38,832 requests for information. That's a colossal amount of penmanship, and also slightly concerning, given the limited data we've had from firms like Google and Apple.

According to this officially 89,138 targets personal information like...

Telephone and E-mail Records: "Toll records," a historical record of calls made and received from land lines, cell phones, and other sources, of a specified phone number, as well as billing records associated with that number. E-mail records, including e-mail addresses and screen names associated with the requested account and the e-mail addresses and screen names who have contacted that account. Also includes billing records and methods of payment for each account.

Financial Records: Financial information, including open and closed checking and savings accounts, from banks, private bankers, credit unions, thrift institutions, brokers and dealers, investment bankers and companies, credit card companies, insurance companies, travel agencies, casinos, and others. For a full list, see 31 U.S.C. § 5312(2).
Credit Information: Full credit reports, names and addresses of all financial institutions at which the consumer has maintained an account, and identifying information of a consumer (limited to name, address, former addresses, and past and current employers).

is already been scanned.
Really GOD knows....
1) How many out of 89,138 are absolutely innocents and have nothing to do with CRIME?
It could be either me or you as well.
2) How much NSA Officials made under-table by selling such information in black market?
3) How many US Companies like GOOGLE followed same trail to steal private & confidential data?

With very high level of corruption GOOGLE remained successful and can dis-obey MPAA DMCA notices. Now GOOGLE wanna reach every single home in North America for stealing & spying.

It seems like White collar CRIME committed GLOBALLY under Leading from Behind Policy.

In the name of Globalization, These yuM yeF started F***King the whole GLOBE.

As roots of Computer & Internet Privacy getting deeper and deeper, Rest is left upon the readers of this post.

[enim]

NSA PRISM program taps in to user data of Apple, Google and others

Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.
... ... ...
... ... ...
... ... ...
The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.


The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

It also opens the possibility of communications made entirely within the US being collected without warrants.

Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.

The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.

Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.

It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Collectively, the companies cover the vast majority of online email, search, video and communications networks.

Who knows that How many servers The National Security Agency (NSA) has obtained direct access around the GLOBE?

It definitely raises “serious doubts” about each and every single US Technology Business Firm working as a NSA Agent around the GLOBE.

I am little bit or too late to know about NSA : PRISM

NSA Spying: Now It's Personal

Imagine that you watched a police officer in your neighborhood stop ten completely ordinary people every day just to take a look inside their vehicle or backpack. Now imagine that nine of those people are never even accused of a crime. They just happened to be in the wrong place at the wrong time. Even the most law-abiding person would eventually protest this treatment. In fact—they have.1

Now replace police officers with the NSA. The scenario above is what the NSA is doing with our communications, under cover of its twisted interpretation of Section 702 of the FISA Amendments Act. The Washington Post has revealed that "Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets." Additionally, “[n]early half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents.”

The thousands of pages of documents that provide that basis for the article are not raw content. Rather, as Barton Gellman, one of the authors of the article states in a follow up published several days later states: “Everything in the sample we analyzed had been evaluated by NSA analysts in Hawaii, pulled from the agency’s central repositories and minimized by hand after automated efforts to screen out U.S. identities.”

What that means is that if you’re on the Internet, you’re in the NSA’s neighborhood—whether you are in the U.S. or not. And like those who protest unjust policies like stop and frisk in their cities, you should be protesting this treatment.
... ... ...
... ... ...
... ... ...

Accuracy of NSA Spy Databank is very doubtful and questionable, if smart users have already spoofed identities. It will gonna create a BiG unsortable MeSS.

[enim]

The US government doesn't want you to know how the cops are tracking you

Thought the NSA was bad? Local police and the Obama administration are hoovering cellphone location data from inside your house, and a crackdown could lead to surveillance reform

All across America, from Florida to Colorado and back again, the country's increasingly militarized local police forces are using a secretive technology to vacuum up cellphone data from entire neighborhoods – including from people inside their own homes – almost always without a warrant. This week, numerous investigations by major news agencies revealed the US government is now taking unbelievable measures to make sure you never find out about it.
... ... ...
... ... ...
... ... ...
So-called International Mobile Subscriber Identity (IMSI) catchers – more often called their popular brand name, "Stingray" – have long been the talk of the civil liberties crowd, for the indiscriminate and invasive way these roving devices conduct surveillance. Essentially, Stingrays act as fake cellphone towers (usually mounted in a mobile police truck) that police can point toward any given area and force every phone in the area to connect to it. So even if you're not making a call, police can find out who you've been calling, and for how long, as well as your precise location.
... ... ...
... ... ...
... ... ...

Constitution - Latest Amended Version.
1.1
We the (WhiteMouse) People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America by f**king around the "FREEDOM OF EXPRESSION--SPEECH AND PRESS" and "PRIVACY" of People of the United States.
1.2
We the (WhiteMouse) People of the United States, in Order to provide the common defence,
will turn The People of the United States (each and every single US Citizen) into Spying Robots by means of Advance Technology & Electronics Toys. As We the (WhiteMouse) People absolutely have no clues about who is innocent and who is criminal.
1.3
US Citizens have absolute "NO RIGHT" to tell WhiteMouse People that "Just Look into a Mirror".

[enim]

EFF sues the NSA to disclose use of software security flaws

The Electronic Frontier Foundation, a prominent digital privacy rights group, has filed a lawsuit against the U.S. National Security Agency to get it to specify the extent to which it might exploit software security flaws.

The EFF said Tuesday it had filed a Freedom of Information Act lawsuit against the NSA and the Office of the Director of National Intelligence to gain access to documents showing how intelligence agencies choose whether to disclose software security flaws known as “zero days.” These early stage flaws are typically discovered by researchers but are not yet patched by developers or the company. A market has even sprung up around the flaws, in which governments will purchase the vulnerabilities to gain access to people’s computers, EFF said.

Not disclosing zero-day flaws jeopardizes people’s data and communications, the EFF has argued.

The suit comes amid concerns and accusations that government agencies, including but not limited to the NSA, may be exploiting these vulnerabilities for intelligence-gathering processes without the public’s awareness.
... ... ...
... ... ...
... ... ...

Just back from celebration party at Regular Beer Bar...
When I met FBI (FuNNY BuSiNeSS Investments) Agent Lo Toddlo in a regular beer bar today, Agent Lo Toddlo said (after couples of beers) "Why would you expect NSA should disclose zero-days flaws to public and enter into "NO PENNY" business? Ofcourse, they are making Billions by selling private data in bulk in the black market.

I was also drunk a little bit but still saluted FBI Agent Lo Toddlo.

While I saluted him I broke the beer glass marked as "TRUST" into pieces, A guy on next table O'mama said "Does not matter, I will try to glue it". I replied him "Glue it from behind so that nobody can see it" and left the bar.

[enim]

Obama orders US to draw up overseas target list for cyber-attacks

Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.

The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".

It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power".

The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.

The aim of the document was "to put in place tools and a framework to enable government to make decisions" on cyber actions, a senior administration official told the Guardian.
... ... ...
... ... ...
... ... ...

Game of Cyber Spying (War) is really getting interesting, Isn't it?

As WhiteMouse People & US Tech Giants joint all together act in bullying, market monopoly, spying, and breaching personal privacy without giving a Second Thought by generating a long trail of crimes, I am not doing anything wrong by putting together and placing into one Public Place, making Public Affairs known to The Public affected, in general all.
Why should I think twice?

By the of writing this, We have everything of our own brand that all we need.
Our World of computing does not need anything from US Tech Giants or outside.

I, as US Citizen, would like to repeat thread title from the very first #1 post once again...

Computer and Internet Security
Where and What Should I patch?
Where should I start?

It seems like everybody is really stunned & nobody has an answer.
Here is my answer:
No matter what it takes in order to defend and protect my family,
No matter what the price I will pay,
No matter what it takes to drive-out CROOKS in the neighborhood,
Even unto death I will follow,
No matter what it takes I will offer,
Everything I am I give to you,
I will give to you now,
Now, It is up to you.

“If you think technology can secure everything, then you don’t understand the power of the engineering. It is secured until breached.”
-enim