« | Home | Recent Comments | Categories | »

Obama sharply criticizes China’s plans for new technology rules

Posted on March 4th, 2015 at 10:58 by John Sinteur in category: Privacy, Security

[Quote]:

President Barack Obama on Monday sharply criticized China’s plans for new rules on U.S. tech companies, urging Beijing to change the policy if it wants to do business with the United States and saying he had raised it with President Xi Jinping.

In an interview with Reuters, Obama said he was concerned about Beijing’s plans for a far-reaching counterterrorism law that would require technology firms to hand over encryption keys, the passcodes that help protect data, and install security “backdoors” in their systems to give Chinese authorities surveillance access.

“This is something that I’ve raised directly with President Xi,” Obama said. “We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States.”

But, of course, if American law enforcement wants the passwords, it’s OK. Here’s Obama last week:

[Quote]:

Obama: … the company says “sorry, we just can’t pull it. It’s so sealed and tight that even though the government has a legitimate request, technologically we cannot do it.”

Swisher: Is what they’re doing wrong?

Obama: No. I think they are properly responding to a market demand. All of us are really concerned about making sure our…

Swisher: So what are you going to do?

Obama: Well, what we’re going to try to do is see if there’s a way for us to narrow this gap. Ultimately, everybody — and certainly this is true for me and my family — we all want to know if we’re using a smartphone for transactions, sending messages, having private conversations, we don’t have a bunch of people compromising that process. There’s no scenario in which we don’t want really strong encryption.

The narrow question is going to be: if there is a proper request for — this isn’t bulk collection, this isn’t fishing expeditions by government — where there’s a situation in which we’re trying to get a specific case of a possible national security threat, is there a way of accessing it? If it turns out there’s not, then we’re really going to have to have a public debate. And, I think some in Silicon Valley would make the argument — which is a fair argument, and I get — that the harms done by having any kind of compromised encryption are far greater than…

Swisher: That’s an argument you used to make, you would have made. Has something changed?

Obama: No, I still make it. It’s just that I’m sympathetic to law enforcement…


Write a comment

Comments:

  1. Hey, if you don’t like it, you can always leave. Here’s a suggestion, make it in the USA. You already have the encryption keys.

We Now Know The NSA And GCHQ Have Subverted Most (All?) Of The Digital World: So Why Can’t We See Any Benefits?

Posted on February 28th, 2015 at 16:05 by John Sinteur in category: Security

[Quote]:

As Mike pointed out recently, thanks to Snowden (and possibly other sources), we now know the NSA, with some help from GCHQ, has subverted just about every kind of digital electronic device where it is useful to do so — the latest being hard drives and mobile phones. That’s profoundly shocking when you consider what most non-paranoid observers thought the situation was as recently as a couple of years ago. However, given that’s how things stand, there are a couple of interesting ramifications.

[..]

If the NSA and other parties do have ways of turning practically every digital electronic device into a system for spying on its users, that essentially means there is no criminal organization in the world — ranging from the so-called “terrorist” ones that are used to justify so much bad policy currently, to the “traditional” ones that represent the bulk of the real threat to society — that is not vulnerable to being infiltrated and subverted by government agencies.

And yet we don’t see this happen. Drug cartels thrive; people trafficking is surging; the smuggling of ivory and endangered animals is profitable as never before. Similarly, despite the constant and sophisticated monitoring of events across the Middle East, the rise of Islamic State evidently took the US and its allies completely by surprise. How is it that global criminality has not been brought to its knees, or that such massive geopolitical developments were not picked up well in advance — and nipped in the bud?


Write a comment

Comments:

  1. What I saw in 25 years in the pharmaceutical industry was implementation of much technology for no reason other than that it was there. I think the same applies here. It simply becomes a business proposition. How many drug tests and back ground checks actually derail employment? Very few I think, but somebody’s making a boatload of money off of them. Regarding surveillance tech, it certainly is used when it helps support the folks in power (as in monitoring and subverting legal protests). Our lawmakers certainly need to hold the agencies that invade our privacy to account for the supposed benefits they provide.

  2. Regarding the third paragraph: I don’t think the 1% really care about any of those things. Why would the government try to stop any of it? The worse crime is committed by congress, impersonation of someone that really give a rat’s ass.

  3. @chas: I think the elite do care. A lot, but they don’t want it stopped. They are the ones running the tax schemes and jurisdictional shopping to benefit their corporations. They are the ones hiding personal wealth in tax havens.

Under U.S. Pressure, PayPal Nukes Mega For Encrypting Files

Posted on February 27th, 2015 at 17:47 by John Sinteur in category: Security

[Quote]:

“MEGA has demonstrated that it is as compliant with its legal obligations as USA cloud storage services operated by Google, Microsoft, Apple, Dropbox, Box, Spideroak etc, but PayPal has advised that MEGA’s ‘unique encryption model’ presents an insurmountable difficulty,” Mega explains.


Write a comment

EFF unearths evidence of possible Superfish-style attacks in the wild

Posted on February 26th, 2015 at 16:49 by John Sinteur in category: Privacy, Security

[Quote]:

It’s starting to look like Superfish and other software containing the same HTTPS-breaking code library may have posed more than a merely theoretical danger to Internet users. For the first time, researchers have uncovered evidence suggesting the critical weakness may have been exploited against real people visiting real sites, including Gmail, Amazon, eBay, Twitter, and Gpg4Win.org, to name just a few.


Write a comment

Home Security

Posted on February 25th, 2015 at 22:06 by John Sinteur in category: Security

IPSNRmY


Write a comment

Comments:

  1. Question: if he calls 911 for a medical emergency, who responds? Do the agencies first fight a turf war; Do they all send in there swap teams who collide at the door? Does one these agency first throw a stun bomb through the window giving the poor chap a heart attack?

  2. What would happen if everyone did this? They’d have to monitor us all…

It’s time to break up the NSA – Bruce Schneier

Posted on February 25th, 2015 at 22:03 by John Sinteur in category: Security

[Quote]:

The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission — protecting the security of U.S. communications and eavesdropping on the communications of our enemies — has become unbalanced in the post-Cold War, all-terrorism-all-the-time era.


Write a comment

Samsung Smart TV: If you don’t mind, I’ll take one that’s a little more stupid

Posted on February 10th, 2015 at 14:32 by John Sinteur in category: Do you feel safer yet?

[Quote]:

Imagine if your television was listening to everything you said in front of it. Hold on, actually, this doesn’t need to be a thought experiment. Simply pop down to the shops and buy a Samsung Smart TV (from £280) and voilá, in your living room, nestled up against the wall, will sit a device that listens to all the conversation within earshot. And records it. And then sends it on to another company for analysis. Do you have a copy of 1984 to hand? Best get one…

[Quote]:

Worse still, this all happens even if you don’t turn voice recognition on, as Samsung says: “If you do not enable Voice Recognition, you will not be able to use interactive voice recognition features, although you may be able to control your TV using certain predefined voice commands. While Samsung will not collect your spoken word, Samsung may still collect associated texts and other usage data so that we can evaluate the performance of the feature and improve it.”

Samsung’s responded to widespread discussion of its privacy policy by insisting the data it collects is encrypted and cannot be accessed or used by unauthorised parties.

and THEY get to decide who is authorized!


Write a comment

Comments:

  1. oh, like i would have gotten that.

  2. What’s both amusing and annoying to me?

    I laughed at my friend when he covered up his laptop camera with black electrical tape.

    He says we live in an artificial environment with aliens doing experiments on us. I told him I didn’t believe in God. Perhaps he meant the Koreans.

  3. Aside from privacy issues, “Is encrypted” — right. At some point it needs to be decrypted and processed. But nothing to worry about, big companies have excellent security, what could possibly go wrong? Just ask Target, Home Depot, Sony………

Innocent frequent flier detained after run-in with TSA

Posted on February 7th, 2015 at 16:36 by John Sinteur in category: Do you feel safer yet?

[Quote]:

Apparently, working as a supervisor for the Transportation Security Administration at Philadelphia International Airport comes with a perk: You get to throw people in jail for no good reason and still keep your job.

If that’s not the case, why is Charles Kieser still employed by the TSA?


Write a comment

Feds operated yet another secret metadata database until 2013

Posted on January 21st, 2015 at 13:18 by John Sinteur in category: Do you feel safer yet?, Privacy

[Quote]:

In a new court filing, the Department of Justice revealed that it kept a secret database of telephone metadata—with one party in the United States and another abroad—that ended in 2013.

The three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use “administrative subpoenas” to obtain business records and other “tangible things.” The affidavit does not specify which countries records were included, but specifically does mention Iran.

This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013.

The criminal case involves an Iranian-American man named Shantia Hassanshahi, who is accused of violating the American trade embargo against Iran. His lawyer, Mir Saied Kashani, told Ars that the government has clearly abused its authority.

“They’ve converted this from a war on drugs to a war on privacy,” he said.


Write a comment

GCHQ captured emails of journalists from top international media

Posted on January 19th, 2015 at 22:47 by John Sinteur in category: Do you feel safer yet?

[Quote]:

GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals.

Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency.

The disclosure comes as the British government faces intense pressure to protect the confidential communications of reporters, MPs and lawyers from snooping.

Quis custodiet ipsos custodes?


Write a comment

Comments:

  1. Quis custodiet ipsos custodes? People like Snowden? He is my hero this year!

  2. As are the reporters and news organizations supporting his leaks. There should be a Nobel Prize for being Custodians of the Public Interest!

Surveillance Detection for Android Phones

Posted on January 15th, 2015 at 0:05 by John Sinteur in category: Security

[Quote]:

It’s called SnoopSnitch:

SnoopSnitch is an app for Android devices that analyses your mobile radio traffic to tell if someone is listening in on your phone conversations or tracking your location. Unlike standard antivirus apps, which are designed to combat software intrusions or steal personal info, SnoopSnitch picks up on things like fake mobile base stations or SS7 exploits. As such, it’s probably ideally suited to evading surveillance from local government agencies.

The app was written by German outfit Security Research Labs, and is available for free on the Play Store. Unfortunately, you’ll need a rooted Android device running a Qualcomm chipset to take advantage.

Download it here.


Write a comment

Comments:

  1. I love it that some people (me) complain about things, but other people actually do something useful!

WhatsApp and iMessage could be banned under new surveillance plans

Posted on January 12th, 2015 at 20:00 by John Sinteur in category: Do you feel safer yet?, Security

[Quote]:

David Cameron could block WhatsApp and Snapchat if he wins the next election, as part of his plans for new surveillance powers announced in the wake of the shootings in Paris.

The Prime Minister said today that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant. But that could include popular chat and social apps that encrypt their data, such as WhatsApp.

Apple’s iMessage and FaceTime also encrypt their data, and could fall under the ban along with other encrypted chat apps like Telegram.

The comments came as part of David Cameron’s pledge to revive the “snoopers’ charter” to help security services spy on internet communications today.

René (to the radio): Allo, allo! This is Nighthawk. Can you hear me? Can you hear me? Over.
Fanny (interrupts): Of course I can hear you.
René: Not you! Shut up!
Radio: Allo, allo! Pass your message.
René (To Edith): What is the code to tell them the British airmen have arrived?
Edith: “The little cupboard is full.”
Fanny : Ah? What is that?
René: The little cupboard is full!
Fanny (interrupts again): Oh no, no, no. I have not used it all the day!


Write a comment

Comments:

  1. Back to the old microdots under the postage stamps then?

Gogo Inflight Internet is intentionally issuing fake SSL certificates

Posted on January 5th, 2015 at 11:48 by John Sinteur in category: Security

[Quote]:

SSL/TLS is a protocol that exists to ensure there exists an avenue for secure communication over the Internet. Through the use of cryptography and certificate validation, SSL certificates make man-in-the-middle attacks (where a third party would be able monitor your internet traffic) difficult, so the transmission of things like credit card numbers and user account passwords becomes significantly safer. In this case, performing a man-in-the-middle attack would require the attacker to attack the SSL certificate first before being able to snoop on someone’s traffic.

For whatever reason, however, Gogo Inflight Internet seems to believe that they are justified in performing a man-in-the-middle attack on their users. Adrienne Porter Felt, an engineer that is a part of the Google Chrome security team, discovered while on a flight that she was being served SSL certificates from Gogo when she was requesting Google sites. Looking at the issuer of the certificate, rather than being issued by Google, it was being issued by Gogo.


Write a comment

When The FISA Court Rejects A Surveillance Request, The FBI Just Issues A National Security Letter Instead

Posted on December 31st, 2014 at 9:49 by John Sinteur in category: Do you feel safer yet?, Privacy, Security

[Quote]:

We considered the Section 215 request for [REDACTED] discussed earlier in this report at pages 33 to 34 to be a noteworthy item. In this case, the FISA Court had twice declined to approve a Section 215 application based on First Amendment Concerns. However, the FBI subsequently issued NSLs for information [REDACTED] even though the statute authorizing the NSLs contained the same First Amendment restriction as Section 215 and the ECs authorizing the NSLs relied on the same facts contained in the Section 215 applicants…


Write a comment

Police: 2-year-old shoots, kills mom in N. Idaho Wal-Mart

Posted on December 30th, 2014 at 22:59 by John Sinteur in category: Do you feel safer yet?

[Quote]:

A woman in her late 20s is dead after a 2-year-old boy got a hold of a loaded handgun in her purse and accidentally shot her inside a Wal-Mart store in Hayden, the Kootenai County Sheriff’s Office is reporting.The woman was shopping with four children, Lt. Stu Miller said today. The 2-year-old was riding in a shopping cart and pulled the gun from her purse and shot her, he said. Sheriff’s deputies assume the woman is the boy’s mother, but are still investigating, he said. It’s not clear whether all four children are related to her.

The country needs more guns. If the mother had two guns, she could of defended herself and justifiably shot the toddler in self defense.


Write a comment

Comments:

  1. And then there are those safety interlocks that require a ring or wristband to operate the gun…all kinds of technical solutions to a social problem.

    It’s pathological to require guns in a society, let alone in a supermarket, ffs.

Inside the NSA’s War on Internet Security

Posted on December 29th, 2014 at 9:09 by John Sinteur in category: Do you feel safer yet?, Security

[Quote]:

The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure. Although the documents are around two years old, experts consider it unlikely the agency’s digital spies have made much progress in cracking these technologies. “Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said in June 2013, after fleeing to Hong Kong.

NSA documents indicate they can get into SSH, along with IPSec and PPTP, but that PGP/GnuPG and OTR, as well as TrueCrypt are secure.


Write a comment

German researchers discover a flaw that could let anyone listen to your cell calls.

Posted on December 19th, 2014 at 15:46 by John Sinteur in category: Do you feel safer yet?, Privacy, Security

[Quote]:

German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available.

The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.


Write a comment

Comments:

  1. SS7 is a published protocol – it’s not really complicated although there’s a lot of it. There is a protocol conversion once mobile calls get into the “real” network, so it’s not a cause for mass panic. The data they’re concerned with is “just” signalling data.

    Presumably if you can make a device spoof a mobile phones’ data interchange to a tower you can find out roughly where any mobile phone is without setting up a call (part of the signalling protocol). And presumably listening in on mobile calls or getting/sending text messages is simple as long as you are in range of the phone or a tower.

    It’s probably of limited surveillance use unless you are able to spoof the law enforcement inter-office intercept protocol, when you can have masses of calls automatically recorded or forwarded wherever; but that’s under local central office control and unlikely.

    As for hacking call forwarding for a double hop, you can’t forward a call to a number that is already forwarded to you, and you couldn’t pick up outbound calls without being in range, so something is not quite right about that explanation.

Congress Just Passed Legislation Ramping Up Mass Surveillance to Super-Steroid Levels

Posted on December 15th, 2014 at 11:44 by John Sinteur in category: Do you feel safer yet?, Privacy

[Quote]:

When I learned that the Intelligence Authorization Act for FY 2015 was being rushed to the floor for a vote—with little debate and only a voice vote expected (i.e., simply declared “passed” with almost nobody in the room)—I asked my legislative staff to quickly review the bill for unusual language. What they discovered is one of the most egregious sections of law I’ve encountered during my time as a representative: It grants the executive branch virtually unlimited access to the communications of every American.


Write a comment

FBI Agents Pose as Repairmen to Bypass Warrant Process

Posted on November 26th, 2014 at 22:54 by John Sinteur in category: Do you feel safer yet?

[Quote]:

The next time you call for assistance because the internet service in your home is not working, the “technician” who comes to your door may actually be an undercover government agent. He will have secretly disconnected the service, knowing that you will naturally call for help and — when he shows up at your door, impersonating a technician — let him in. He will walk through each room of your house, claiming to diagnose the problem. Actually, he will be videotaping everything (and everyone) inside. He will have no reason to suspect you have broken the law, much less probable cause to obtain a search warrant. But that makes no difference, because by letting him in, you will have “consented” to an intrusive search of your home.


Write a comment

The CIA and Homeland Security want to delete almost all their emails

Posted on November 26th, 2014 at 22:28 by John Sinteur in category: Security

[Quote]:

Usually, deleting emails is a no-fanfare, one-click affair — but not when you’re the Central Intelligence Agency or the Department of Homeland Security. Both agencies have recently submitted proposals to the National Archives and Records Administration that outline their plans to delete years’ worth of emails, which the Archives has already tentatively approved. The CIA apparently turned one in to comply with the administration’s directive, ordering federal agencies to conjure up viable plans to better manage government emails by 2016. If approved, all the correspondences of every person to ever be employed by the CIA will be flushed down the digital toilet three years after they leave. All messages older than seven years old will also be nuked, and only the digital missives of 22 top officials will be preserved — something which several senators do not want to happen.

If They Are Not Doing Anything Wrong, Why Are They Worried?


Write a comment

DOJ Tells Apple Kids Will Die Because of Their Encryption Stand

Posted on November 21st, 2014 at 18:40 by John Sinteur in category: Apple, Security

[Quote]:

This week the Wall Street Journal reported that Department of Justice officials recently met with Google and Apple, and basically told them that their decision to empower consumers would result in the death of children:
quote:

The No. 2 official at the Justice Department delivered a blunt message last month to Apple Inc. executives: New encryption technology that renders locked iPhones impervious to law enforcement would lead to tragedy. A child would die, he said, because police wouldn’t be able to scour a suspect’s phone, according to people who attended the meeting.

The Journal reports that Apple wasn’t moved by the DOJ’s argument, and found the “dead-child scenario” to be “inflammatory.”


Write a comment

Comments:

  1. “Think of the children!” has got to be the penultimate refuge of the scoundrel.

ISPs Removing Their Customers’ Email Encryption

Posted on November 14th, 2014 at 11:13 by John Sinteur in category: Privacy, Security

[Quote]:

Recently, Verizon was caught tampering with its customer’s web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1

By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco’s PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.


Write a comment

A creepy website is streaming from 73,000 cameras; some in the bedroom

Posted on November 7th, 2014 at 15:46 by John Sinteur in category: Privacy, Security

[Quote]:

A strange looking website is letting anyone in the world stream from more than 73,000 IP cameras whose respective owners have not yet changed their default passwords. Whether or not this website is highlighting an important security problem as they are claiming to do, this appears to be a serious breach of privacy.

Insecam has access to more than 73,000 cameras all around the globe which includes more than 11,000 cameras in the United States, 6500 in Republic of Korea and almost 5000 in China. Even though the website states that it is trying to emphasize on an important security issue, it is clearly profiting from advertisements as well.


Write a comment

FBI Director Angry At Homebuilders For Putting Up Walls That Hide Any Crimes Therein

Posted on September 27th, 2014 at 9:36 by John Sinteur in category: Boo hoo poor you, Privacy, Security

[Quote]:

On Thursday, FBI boss James Comey displayed not only a weak understanding of privacy and encryption, but also what the phrase “above the law” means, in slamming Apple and Google for making encryption a default:


“I am a huge believer in the rule of law, but I am also a believer that no one in this country is above the law,” Comey told reporters at FBI headquarters in Washington. “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law.”

[….]

“There will come a day — well it comes every day in this business — when it will matter a great, great deal to the lives of people of all kinds that we be able to with judicial authorization gain access to a kidnapper’s or a terrorist or a criminal’s device. I just want to make sure we have a good conversation in this country before that day comes. I’d hate to have people look at me and say, ‘Well how come you can’t save this kid,’ ‘how come you can’t do this thing.'”

First of all, nothing in what either Apple or Google is doing puts anyone “above the law.” It just says that those companies are better protecting the privacy of their users. There are lots of things that make law enforcement’s job harder that also better protect everyone’s privacy. That includes walls. If only there were no walls, it would be much easier to spot crimes being committed. And I’m sure some crimes happen behind walls that make it difficult for the FBI to track down what happened. But we don’t see James Comey claiming that homebuilders are allowing people to be “above the law” by building houses with walls.


Write a comment

The Shellshock Bug In About Four Minutes

Posted on September 26th, 2014 at 14:27 by John Sinteur in category: Security, Software


Write a comment

Comments:

  1. Very cogently put. And from the window you can see New Oxford Street, the video seems to have been shot from 78 New Oxford Street, according to Google street view.
    Sorry my attention drifted to the Sally shop in Fairgate House.

The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud

Posted on September 3rd, 2014 at 10:18 by John Sinteur in category: Apple, Do you feel safer yet?, Privacy, Security

[Quote]:

As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack victims’ iCloud passwords to Apple, whose security flaws may have made that cracking exploit possible in the first place. But one step in the hackers’ sext-stealing playbook has been ignored—a piece of software designed to let cops and spies siphon data from iPhones, but is instead being used by pervy criminals themselves.

On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum.

[..]

The fact that Apple isn’t complicit in law enforcement’s use of Elcomsoft’s for surveillance doesn’t make the tool any less dangerous, argues Matt Blaze, a computer science professor at the University of Pennsylvania and frequent critic of government spying methods. “What this demonstrates is that even without explicit backdoors, law enforcement has powerful tools that might not always stay inside law enforcement,” he says. “You have to ask if you trust law enforcement. But even if you do trust law enforcement, you have to ask whether other people will get access to these tools, and how they’ll use them.”


Write a comment

Apple Issues Media Advisory Related to Celebrity Photo Theft

Posted on September 3rd, 2014 at 0:11 by John Sinteur in category: Apple, Privacy, Security

[Quote]:

Apple issued a media advisory related to recent celebrity photo theft, saying the accounts were compromised by a very targeted attack on users names, password and security questions and was not related to any breach of Apple’s systems, including iCloud.

Over the weekend a number of nude celebrity photos appeared online. Jennifer Lawrence, Kate Upton, Lea Michele, Victoria Justice and Kirsten Dunst all had their photos comprised, among others.

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website athttp://support.apple.com/kb/ht4232.

If you are a celebrity, it’s more likely that people know the name of your first pet, or your mothers maiden name…


Write a comment

Comments:

  1. Right John, it is why I advise people to make up random letters and numbers for those all too frequently used security questions. Also, never use the same answer twice.

Android security mystery – ‘fake’ cellphone towers found in U.S.

Posted on September 2nd, 2014 at 11:15 by John Sinteur in category: Security

[Quote]:

Seventeen mysterious cellphone towers have been found in America which look like ordinary towers, and can only be identified by a heavily customized handset built for Android security – but have a much more malicious purpose, according to Popular Science.

The fake ‘towers’ – computers which wirelessly attack cellphones via the “baseband” chips built to allow them to communicate with their networks, can eavesdrop and even install spyware, ESD claims. They are a known technology – but the surprise is that they are in active use.

The towers were found by users of the CryptoPhone 500, one of several ultra-secure handsets that have come to market in the last couple of years, after an executive noticed his handset was “leaking” data regularly.

Hmmmm….

No.

And here’s why:

“What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases.” says Goldsmith. “Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.”

If you think a foreign agent can deploy one IMSI catcher (let alone 17) near a military base I’ve got some swamp land to sell you. And the US government itself doesn’t need them, they already have access.

So, this is likely just a story to boost sales of those cryptphones.


Write a comment

Militarized Schooling? “Newtown Was A Nuclear Bomb That Changed Everything”

Posted on August 28th, 2014 at 14:25 by John Sinteur in category: Do you feel safer yet?

[Quote]:

Returning students at Hillsborough County Public Schools in Tampa, Fla. found 20 new armed officers in the elementary schools in the first year of a plan costing about $1 million.

The school board also approved security training for employees, the hiring of a safety consultant and more measures to control school access, such as fencing and buzzers.

Meanwhile, all 16 schools in the Coeur d’Alene, Idaho, public school district have been enclosed in security fencing and each school limits visitors to a single entry point, officials said. This September, for the first time, two police officers will patrol elementary schools, at a cost of roughly $68,000 from the district’s state funding.

…officials continue to allow four anonymous employees to carry firearms on school property. Bulletproof glass and panic buttons have been installed, and officials held schoolwide assemblies for security training.

Because, clearly, the solution to “too many weapons in society” is “more weapons!”


Write a comment

Comments:

  1. In cold war terms, this was known as “Mutually Assured Destruction”, or more simply, just plain MAD… :rolleyes:

  2. Changed “everything”? Hardly – especially no change in any real control of access to weapons.

  3. I’d say it was incremental not a massive change. Everyone thinks Hell is over a cliff but you can get there on a broad, easy road, according to the old preachers…

Entirety Of Man’s Personal Data Protected By Reference To Third Season Of ‘The West Wing’

Posted on August 26th, 2014 at 17:21 by John Sinteur in category: Privacy, Security

[Quote]:

Online sources confirmed Wednesday that every piece of 34-year-old Mark O’Connell’s personal data is currently protected by a reference to the third season of long-running NBC political drama The West Wing. Reports indicate that the reference, derived from the name of a guest character in an early-season episode of the Aaron Sorkin drama that went off the air in 2006, is, at present, all that stands in the way of strangers gaining total access to intimate details of the automotive insurance agent’s personal, professional, and financial life. In particular, sources noted that the security of everything from O’Connell’s banking and credit card accounts, to proprietary documents from his work, to his social media profiles, to all of his email correspondence, rests solely on the wry nod to a scene during the Emmy-nominated episode “On The Day Before,” in which the White House staff hosts a dinner for several Nobel laureates while President Bartlet works to veto an estate tax bill. Those close to the situation, however, noted that some of O’Connell’s most sensitive information is safeguarded by a secondary layer of protection in the form of a security question about his favorite character from Sports Night.


Write a comment

Comments:

  1. I know that episode. Wonder if I could get all of his goodies.


« Older Entries