Educational CyberPlayGround ®

Security Whistle Blowers Newspaper Sites.

Julian Assange warned users against direct-to-newspaper leak sites, and criticized the Guardian's and New York Times' handling of confidential information.

Do not trust The Wall Street Journal whistleblower SafeHouse link.

Do not trust The Wall Street Journal whistleblower SafeHouse link.

  • WSJ Terms of Service still gives the site leeway to betray the identity of users who don't use their own separate anonymity software or go through a formal “confidentiality request” process.
  • There is no Secure Socket Layer (SSL) encryption between you and the WSJ computer. http://wsjsafehouse.com, is not encrypted.
  • IT ONLY LINKS to the encrypted HTTPS version of the site.
  • It doesn't use a mechanism called Strict Transport Security to switch from the insecure to the encrypted connection.
  • This Allows Man In The Middle Attacks
    Any hacker called a "man in-the-middle" on the user's network can use a tool like SSL Strip to make it appear that he or she has entered the encrypted version of the site when in fact the traffic is unprotected.
  • SafeHouse's SSL server also allows users to connect with many forms of encryption that lack what cryptographers call “perfect forward secrecy,” a mechanism based on using temporary keys that can't decrypt past messages.
  • Anyone who takes their server or breaks into it could decrypt all their previous traffic.
  • Where the source hasn't made that special request for anonymity: "We reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process," The FBI or CIA or POLICE can ask WSJ to turn it over to them and they will !!!
  • Law enforcement subpoenas information from a reporter The Journal's parent company Dow Jones only promises to safeguard that source's anonymity “while remaining in compliance with all applicable laws. The choice will be left to Dow Jones whether to give up its source or violate the subpoena.

The submission page on SafeHouse simply states that "You can be anonymous by not providing your name and contact information on this page," with no mention of the site's legal or technical vulnerabilities. @ioerror Jacob Appelbaum, a developer for the Tor anonymity network calls that anonymity claim a "blatant lie." [source] http://blogs.forbes.com/andygreenberg/2011/05/05/researchers-say-wsjs-wikileaks-copycat-is-full-of-holes/

Tags: Security - Wifi - Man In The Middle - Alpha Networks - Packet sniffing, injection - Wifi Hacking - Backtrack - Virtual Box - wireless , wlan , security , authentication , SSL , MITM , Burpsuite , airodump , airreplay , megaprimer , 802.11

Wireless LAN Security

The basics of wireless LAN, security problems, how to exploit them and best practices for securing wireless installations.