SoylentNews is people
SoylentNews
A federal judge for the Eastern District of Virginia has ruled that the user of any computer that connects to the Internet should not have an expectation of privacy because computer security is ineffectual at stopping hackers.
"Hacking is much more prevalent now than it was even nine years ago, and the rise of computer hacking via the Internet has changed the public's reasonable expectations of privacy," the judge wrote. "Now, it seems unreasonable to think that a computer connected to the Web is immune from invasion. Indeed, the opposite holds true: In today's digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked."
The judge argued that the FBI did not even need the original warrant to use the NIT [Network Investigative technique/Toolkit] against visitors to PlayPen, a hidden service on the Tor network that acted as a hub for child exploitation.
(Score: 1) by kurenai.tsubasa on Saturday July 02 2016, @05:38PM
instructs the browser to do something in a certain way that reveals public IP address outside of TOR
This part is concerning. From a technical standpoint, how are they inspecting the computer's network interfaces, and how should I patch my browser so that it isn't affected? The article mentioned MAC address, which I understand may be used when generating a UUID [wikipedia.org]. I haven't dug into any UUID generation libraries—fairly certain version 1 isn't used widely—, but version 3 and 5 both mention using a DN which may contain the username that article says was retrieved. Version 5 uses SHA-1, which could be brute forced if I'm not mistaken. (Version 3 is MD5 so all bets are off.)
I'm pretty such just about every library hands out version 4 UUIDs. Those wouldn't disclose either MAC address or username/DN.
Here's a discussion about generating version 4 UUIDs in JavaScript. [stackoverflow.com] I'm trying to remember if Flash ActionScript had UUID generation (ugh, can't believe I still have a project written in Flex, made it just a couple years before HTML5 was ready). Looks like mx.utils.UIDUtil [adobe.com] would be the suspect. It generates version 4 UUIDs, but I'm wondering if UIDUtil.getUID(someObject) might return a vulnerable version. Meh, no way I'm bothering with setting up a Flex environment on the home computer to give it a test, will need to wait until Tuesday to see on the work machine.
Anyway, I'd have trouble finding a problem with firing off nmap -A. I would hate to think that this constitutes “hacking.” On the other hand, if Flash is the vulnerability, I guess ¯\_(ツ)_/¯. I still wouldn't tend to think it's hacking unless it's exploiting a browser bug. Wonder if we'll ever know for sure?