The Main Suspect Blamed For The Jennifer Lawrence Nude Leak Says He Is Innocent

September 1, 2014 in Security News by News Bot

http://s3-ec.buzzfed.com/static/2014-09/1/10/enhanced/webdr02/enhanced-buzz-31539-1409582425-29.jpg

Bryan Hamade, a 27-year-old from Georgia, told BuzzFeed his scheme to make some easy bitcoins backfired and that now he’s being harassed by 4chan users.

As the online hunt for the persons responsible for yesterday’s massive celebrity nude photo leak continues, some Redditors and security researchers have pointed to Bryan Hamade, a 27-year-old from Lawrenceville, Georgia, as the culprit.

Apple ‘actively investigating’ iCloud link to celeb photo leak

September 1, 2014 in Security News by News Bot

http://en.wikipedia.org/wiki/Apple_Inc.

Apple said Monday it is "actively investigating" whether a security breach at its iCloud service was responsible for the leak of several private, nude images of celebrities, including actress Jennifer Lawrence.

"We take user privacy very seriously and are actively investigating this report," Apple spokeswoman Natalie Kerris told Recode. CNET has contacted Apple for comment and will update this report when we learn more.

Tox, a Skype Replacement Built On ‘Privacy First’

September 1, 2014 in Security News by News Bot

http://www.wired.com/wp-content/uploads/2014/09/Unknown-660x572.png

The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program.

When whistleblower Edward Snowden revealed that full extent of the NSA’s activities last year, members of the site’s tech forum started talking about the need for a more secure alternative to Skype. Soon, they’d opened a chat room to discuss the project and created an account on the code hosting and collaboration site GitHub and began uploading code.

AnandTech founder leaves site, joins Apple

September 1, 2014 in Security News by News Bot

http://recodetech.files.wordpress.com/2014/08/anand.png?w=630

Anand Lal Shimpi, the editor and publisher of the well-regarded AnandTech site, is going to work at Apple.

An Apple rep confirmed that the company was hiring Shimpi, but wouldn’t provide any other details.

Last night, via a post on the site he founded in 1997, Shimpi said he was “officially retiring from the tech publishing world,” but didn’t say what he was doing next. “I won’t stay idle forever. There are a bunch of challenges out there :)”, he wrote.

What Jennifer Lawrence can teach you about cloud security

September 1, 2014 in Security News by News Bot

http://cdn.arstechnica.net/wp-content/uploads/2014/09/640px-Jennifer_Lawrence_2_2013-640x810.jpg

By now, you have probably heard about the digital exposure, so to speak, of nude photos of as many as 100 celebrities, taken from their Apple iCloud backups and posted to the “b” forum on 4Chan. Over the last day, an alleged perpetrator has been exposed by redditors, although the man has declared his innocence. The mainstream media have leapt on the story and have gotten reactions from affected celebrities including Oscar winner Jennifer Lawrence and model Kate Upton.

Fun With Funny Money

September 1, 2014 in Security News by News Bot

Readers or “fans” of this blog have sent some pretty crazy stuff to my front door over the past few years, including a gram of heroin, a giant bag of feces, an enormous cross-shaped funeral arrangement, and a heavily armed police force. Last week, someone sent me a far less menacing package: an envelope full of cash. Granted, all of the cash turned out to be counterfeit money, but hey it’s the thought that counts, right?

Counterfeit $100s and $50s

Counterfeit $100s and $50s

This latest “donation” to Krebs On Security arrived via USPS Priority Mail, just days after I’d written about counterfeit cash sold online by a shadowy figure known only as “MrMouse.” These counterfeits had previously been offered on “dark web” — sites only accessible using special software such as Tor — but I wrote about MrMouse’s funny money because he’d started selling it openly on Reddit, as well as on a half-dozen hacker forums that are quite reachable on the regular Internet.

Sure enough, the package contained the minimum order that MrMouse allows: $500, split up into four fake $100s and two phony $50 bills — all with different serial numbers. I have no idea who sent the bogus bills; perhaps it was MrMouse himself, hoping I’d write a review of his offering. After all, since my story about his service was picked up by multiple media outlets, he’s changed his sales thread on several crime forums to read, “As seen on KrebsOnSecurity, Business Insider and Ars Technica…”

Anyhow, it’s not every day that I get a firsthand look at counterfeit cash, so for better for worse, I decided it would be a shame not to write about it. Since I was preparing to turn the entire package over to the local cops, I was careful to handle the cash sparingly and only with gloves. At first glance, the cash does look and feel like the real thing. Closer inspection, however, reveals that these bills are fakes.

In the video below, I run the fake bills through two basic tests designed to determine the authenticity of U.S. currency: The counterfeit pen test, and ultraviolet light. As we’ll see in the video, the $50 bills shipped in this package sort of failed the pen test (the fake $100 more or less passed). However, both the $50s and $100s completely flopped on the ultraviolet test. It’s too bad more businesses don’t check bills with a cheapo ultraviolet light: the pen test apparently can be defeated easily (by using acid-free paper or by bleaching real bills and using them as a starting point).

Let’s check out the bogus Benjamins. In the image below, we can see a pretty big difference in the watermarks on both bills. The legitimate $100 bill — shown at the bottom of the picture — has a very defined image of Benjamin Franklin as a watermark. In contrast, the fake $100 up top has a much less detailed watermark. Still, without comparing the fake and the real $100 side by side, this deficiency probably would be difficult to spot for the untrained eye.

The fake $100 (above) has a much less defined Ben Franklin as a watermark.

The fake $100 (top) has a much less defined Ben Franklin for a watermark. The color difference between these two bills is negligible, but the legitimate $100 appears darker here because it was closer to  the light source behind the bills when this photo was taken.

Granted, hardly any merchants are going to put a customer’s cash under a microscope before deciding whether to accept it as legal tender, but I wanted to have a look because I wasn’t sure when I’d have the opportunity to do so again. One security feature of the $20s, $50s and $100s is the use of “color shifting” ink, which makes the denomination noted in the lower right corner of the bill appear to shift in color from green to black when the bill is tilted at different angles. The fake cash pictured here does a so-so job mimicking that color-shifting feature, but upon closer inspection using a cheap $50 Celestron handheld digital microscope, we can see distinct differences.

Again, using a microscope to inspect cash for counterfeits is impractical for regular businesses in detecting bogus bills, but it nevertheless reveals interesting dissimilarities  between real and fake money. Most of those differences come down to the definition and clarity of markings and lettering. For instance, embedded in the bottom of the portraits of U.S. Presidents Grant and Franklin on the $50 and $100 bills, respectively, is the same message in super-fine print: “The United States of America.” As we can see in the video below, that message also is present in the counterfeits, but it’s quite a bit less clear in the funny money.

In some cases, entire areas of the real bills are completely absent in the counterfeits. Take a close look at the area of the $50 just to the left of Gen. Grant’s ear and you will see a blob of text that repeats the phrase “USA FIFTY” several times. The image on the left shows a closeup of the legitimate $50, while the snapshot on the right reveals how the phony bill completely lacks this feature.

fiftynifty

50missing

Similarly, the “100″ in the lower left hand corner of the $100 bill is filled in with the words “USA 100,” as we can see in the close-up of a real $100, pictured below left. Magnification of the same area on the phony $100 note (right) shows that this area is filled with nothing more than dots.

real100left

fake100left

Like most counterfeit currency, these bills look and feel fairly real on casual inspection, but they’d quickly be revealed as fakes to anyone with a $9 ultraviolet pen light or a simple magnifying glass.

If someone sticks you with a counterfeit bill, don’t try and pass it off on someone else; the penalties for passing counterfeit currency with intent to defraud are severe (steep fines and up to 15 years in prison). Instead, contact your local police department or the nearest U.S. Secret Service field office and hand it over to them.