Inside Citizen Lab, the “Hacker Hothouse” protecting you from Big Brother

Citizen Lab / Aurich Lawson

It was May of 2012 at a security conference in Calgary, Alberta, when professor Ron Deibert heard a former high-ranking official suggest he should be prosecuted.

This wasn't too surprising. In Deibert's world, these kinds of things occasionally get whispered through the grapevine, always second-hand. But this time he was sitting on a panel with John Adams, the former chief of the Communications Security Establishment Canada (CSEC), the National Security Agency's little-known northern ally. Afterward, he recalls, the former spy chief approached and casually remarked that there were people in government who wanted Deibert arrested—and that he was one of them.

Adams was referring to Citizen Lab, the watchdog group Deibert founded over a decade ago at the University of Toronto that's now orbited by a globe-spanning network of hackers, lawyers, and human rights advocates. From exposing the espionage ring that hacked the Dalai Lama to uncovering the commercial spyware being sold to repressive regimes, Citizen Lab has played a pioneering role in combing the Internet to illuminate covert landscapes of global surveillance and censorship. At the same time, it's also taken the role of an ambassador, connecting the Internet's various stakeholders from governments to security engineers and civil rights activists.

Read 41 remaining paragraphs | Comments

Active attack on Tor network tried to decloak users for five months

Officials with the Tor privacy service have uncovered an attack that may have revealed identifying information or other clues of people operating or accessing anonymous websites and other services over a five-month span beginning in February.

The campaign exploited a previously unknown vulnerability in the Tor protocol to carry out two classes of attack that together may have been enough to uncloak people using Tor Hidden Services, an advisory published Wednesday warned. Tor officials said the characteristics of the attack resembled those discussed by a team of Carnegie Mellon University researchers who recently canceled a presentation at next week's Black Hat security conference on a low-cost way to deanonymize Tor users. But the officials also speculated that an intelligence agency from a global adversary might have been able to capitalize on the exploit.

Either way, users who operated or accessed hidden services from early February through July 4 should assume they are affected. Tor hidden services are popular among political dissidents who want to host websites or other online services anonymously so their real IP address can't be discovered by repressive governments. Hidden services are also favored by many illegal services, including the Silk Road online drug emporium that was shut down earlier this year. Tor officials have released a software update designed to prevent the technique from working in the future. Hidden service operators should also consider changing the location of their services. Tor officials went on to say:

Read 5 remaining paragraphs | Comments

XSSYA – Cross Site Scripting (XSS) Scanner Tool

XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation Tool, it’s written in Python and works by executing an encoded payload to bypass Web Application Firewalls (WAF) which is the first method request and response. If the website/app responds 200 it attempts to use “Method 2″ which searches for the payload...

Read the full post at darknet.org.uk