TCHunt, Search For TrueCrypt Volumes

TCHunt is a small portable application that can be used to find encrypted True Crypt volumes on the system. It has been specifically designed to demonstrate the possibility of finding True Crypt volumes even if they are not mounted and well disguised by the user. With True Crypt, it is possible to encrypt a partition of a hard drive, or a specific amount of storage space which is stored in a container file on a storage device.

These volumes can have sizes from 19 Kilobytes onwards and completely arbitrary file names and extensions. The program has been designed to show that it is possible to identify those True Crypt containers even if they are reasonable small and disguised by the user. It is more or less impossible to verify the existence of a True Crypt container without technical help unless the container itself is rather large or placed in a location where it can be easily identified. While it is possible to analyze each possible container file on a system, it would take a very long time to do so.

Source:
http://www.ghacks.net/2011/04/11/tchunt-search-for-truecrypt-volumes/

Posted in Privacy, Software | No Comments

State of Texas exposes data on 3.5 million people

Susan Combs, Comptroller for the state of Texas announced a massive data leak that resulted in 3.5 million peoples social security numbers, names, addresses and in some cases their birth date and drivers license number being exposed.

Unlike private companies who have had large releases of PII (Personally Identifiable Information) recently, the state of Texas is not providing credit monitoring or other services for the victims of their mistake. They are simply providing sage advice…

Source:
http://nakedsecurity.sophos.com/2011/04/12/state-of-texas-leaks-data-on-3-5-million-people/

Posted in Internet, Privacy | No Comments

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat

A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Source:
http://www.adobe.com/support/security/advisories/apsa11-02.html

Posted in Internet, Software | No Comments

Vulnerability in MHTML Could Allow Information Disclosure

Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability.

The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim’s Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.

Source:
http://www.microsoft.com/technet/security/advisory/2501696.mspx

Fix-It page:
http://support.microsoft.com/kb/2501696

Posted in Internet, Privacy, Security, Windows | No Comments

Facebook allows apps to access user’s address and mobile number

In a move sure to have privacy advocates up in arms, Facebook will now allow apps to access a user’s current address and mobile phone number.

The new ”feature” was quietly introduced in a blog post by Facebook platform developer relations employee Jeff Bowen late last Friday night. The Atlantic spotted the post, in which Mr Bowen outlined the new ”user_address” and ”user_mobile_phone” permissions which developers can now hook into.

”Please note that these permissions only provide access to a user’s address and mobile phone number, not their friend’s addresses or mobile phone numbers,” he said.

According to Nicholas Jackson, associate editor at The Atlantic, the blog post was quickly inundated by users angry at another perceived invasion of privacy from a company already infamous for its lackadaisical attitude to user privacy. Curiously, Mr Bowen’s post was updated early Saturday afternoon and as of 1AM EST today no comments were visible, though it was possible to add a comment.

Sophos senior technology consultant Graham Cluley wasted no time in labelling the change a ”new level of danger” for Facebook users.

Source:
http://www.neowin.net/news/facebook-allows-apps-to-access-users-address-and-mobile-number

Posted in Internet, Privacy | No Comments