« | Home | Recent Comments | Categories | »

Meet ‘Tox’: Ransomware for the Rest of Us

Posted on June 1st, 2015 at 9:23 by John Sinteur in category: Security, Software

[Quote:]

Salient Points:

  • Tox is free. You just have to register on the site.
  • Tox is dependent on TOR and Bitcoin. That allows for some degree of anonymity.
  • The malware works as advertised.
  • Out of the gate, the standard of antimalware evasion is fairly high, meaning the malware’s targets would need additional controls in place (HIPS, whitelisting, sandboxing) to catch or prevent this.

Once you register for the product, you can create your malware in three simple steps.

  • Enter the ransom amount. (The site takes 20% of the ransom.)
  • Enter your “cause.”
  • Submit the captcha.

Write a comment

Comments:

  1. “What did you do at work today, daddy?”
    “I enabled ordinary people to be mugged and I get a cut!”
    “I want to be a nurse when I grow up daddy.”

Irate Congressman gives cops easy rule: “just follow the damn Constitution”

Posted on May 1st, 2015 at 10:41 by John Sinteur in category: Privacy, Security

[Quote:]

It’s a fundamental misunderstanding of the problem. Why do you think Apple and Google are doing this? It’s because the public is demanding it. People like me: privacy advocates. A public does not want an out-of-control surveillance state. It is the public that is asking for this. Apple and Google didn’t do this because they thought they would make less money. This is a private sector response to government overreach.

Then you make another statement that somehow these companies are not credible because they collect private data. Here’s the difference: Apple and Google don’t have coercive power. District attorneys do, the FBI does, the NSA does, and to me it’s very simple to draw a privacy balance when it comes to law enforcement and privacy: just follow the damn Constitution.

And because the NSA didn’t do that and other law enforcement agencies didn’t do that, you’re seeing a vast public reaction to this. Because the NSA, your colleagues, have essentially violated the Fourth Amendment rights of every American citizen for years by seizing all of our phone records, by collecting our Internet traffic, that is now spilling over to other aspects of law enforcement. And if you want to get this fixed, I suggest you write to NSA: the FBI should tell the NSA, stop violating our rights. And then maybe you might have much more of the public on the side of supporting what law enforcement is asking for.

Then let me just conclude by saying I do agree with law enforcement that we live in a dangerous world. And that’s why our founders put in the Constitution of the United States—that’s why they put in the Fourth Amendment. Because they understand that an Orwellian overreaching federal government is one of the most dangerous things that this world can have. I yield back.

Rep. Ted Lieu (D-CA)


Write a comment

Comments:

  1. When the trade towers were hit, the anger and fear that were generated translated into the Afghan war, which was justifiable, and the Iraq war, justified by lies that a fearful public swallowed. And the Patriot Act, which a fearful public swallowed. So, people may not have been thinking that what they were asking for was a surveillance state, but at that point they didn’t care. It was “save us, daddy”. I don’t know how much that has changed, but we got what we asked for. We. We The Shameful People.

  2. @John Dominingue: It gives me hope that you say that. Things can be changed. “There is a tide in the affairs of men…etc.”

Drug dealer: Cops leaned me over 18th floor balcony to get my password

Posted on April 29th, 2015 at 9:14 by John Sinteur in category: Security

[Quote:]

Cascioli says [Officer Thomas] Liciardello asked him a question: “Have you ever seen Training Day?”

When Cascioli said yes, Cascioli says Liciardello looked him in the eyes and said: “This is Training Day for f—ing real,” and then instructed officers Norman and Jeffrey Walker to take him to the balcony.

According to Cascioli and the indictment, Liciardello told them to “do whatever they had to do to get the password.”

Out on the balcony, Cascioli says officers Norman and Walker lifted him up by each arm and leaned him over the balcony railing.

relevant xkcd

 


Write a comment

curl | sudo bash

Posted on April 23rd, 2015 at 22:55 by John Sinteur in category: Security, Software

[Quote]:

System administration is in a sad state. It in a mess.

I’m not complaining about old-school sysadmins. They know how to keep systems running, manage update and upgrade paths.

This rant is about containers, prebuilt VMs, and the incredible mess they cause because their concept lacks notions of “trust” and “upgrades”.

Consider for example Hadoop. Nobody seems to know how to build Hadoop from scratch. It’s an incredible mess of dependencies, version requirements and build tools.

None of these “fancy” tools still builds by a traditional make command. Every tool has to come up with their own, incomptaible, and non-portable “method of the day” of building.

And since nobody is still able to compile things from scratch, everybody just downloads precompiled binaries from random websites. Often without any authentication or signature.


Write a comment

Comments:

  1. There, there. Worse things happen at sea.

Smart home hacking is easier than you think

Posted on April 23rd, 2015 at 7:33 by John Sinteur in category: Security

[Quote]:

Last March, a very satisfied user of the Honeywell Wi-Fi Thermostat left a product review on Amazon.com that shed some light on an unexpected benefit of the smart home — revenge.

The reviewer wrote that his wife had left him, and then moved her new lover into the home they once shared, which now featured the Honeywell Wi-Fi thermostat. The jilted ex-husband could still control the thermostat through the mobile app installed on his smartphone, so he used it to make the new couple’s lives a little less happily ever after


Write a comment

Comments:

  1. Great comment on the Amazon review: “Revenge is best served at whatever temperature you see fit”

  2. Sounds like she left him for a good reason, no?

JavaScript CPU cache snooper tells crooks EVERYTHING you do online

Posted on April 21st, 2015 at 11:52 by John Sinteur in category: Privacy, Security

[Quote]:

Four Columbia University boffins reckon they can spy on keystrokes and mouse clicks in a web browser tab by snooping on the PC’s processor caches.

The exploit is apparently effective against machines running a late-model Intel CPU, such as a Core i7, and a HTML5-happy browser – so perhaps about 80 percent of desktop machines.

Yossef Oren, Vasileios Kemerlis, Simha Sethumadhavan, and Angelos Keromytis came up with this side-channel attack, which can be performed by JavaScript served from a malicious web ad network. It works by studying the time it takes to access data stored in the last-level cache – the L3 cache shared by all cores in a PC – and matches it to user activity.

The research has prompted Google, Microsoft, Mozilla, and Apple to upgrade their browsers to smother the attack vector. Nothing has yet been released.

“In the meantime the best suggestion I have for end-users is: close all non-essential browser tabs when you’re doing something sensitive on your computer,” he says.


Write a comment

Schneier on Security: Metal Detectors at Sports Stadiums

Posted on April 18th, 2015 at 14:05 by John Sinteur in category: Do you feel safer yet?

[Quote]:

It’s an attitude I’ve seen before: “Something must be done. This is something. Therefore, we must do it.” Never mind if the something makes any sense or not.


Write a comment

Hacked French network exposed its own passwords during TV interview

Posted on April 10th, 2015 at 10:19 by John Sinteur in category: Security

Screen-Shot-2015-04-09-at-6.08.36-PM-640x362

[Quote]:

While French authorities continued investigating how the TV5Monde network had 11 of its stations’ signals interrupted the night before, one of its staffers proved just how likely a basic password theft might have led to the incident.

In an interview with French news program 13 Heures, TV5Monde reporter David Delos unwittingly revealed at least one password for the station’s social media presence. That’s because he was filmed in front of a staffer’s desk—which was smothered in sticky notes and taped index cards that were covered in account usernames and passwords.


Write a comment

Comments:

  1. Well, those hackers have baffling powers, grandma!

Is bank web site security really that hard?

Posted on April 1st, 2015 at 21:02 by John Sinteur in category: Security

Screen Shot 2015-04-01 at 14.58.58


Write a comment

Comments:

  1. (oh wait – translation.. top bar reads “your web browser is too old. A modern browser is safer, more secure and..”)

Leave Facebook if you don’t want to be spied on, warns EU

Posted on March 27th, 2015 at 21:31 by John Sinteur in category: Privacy, Security

[Quote]:

The European Commission has warned EU citizens that they should close their Facebook accounts if they want to keep information private from US security services, finding that current Safe Harbour legislation does not protect citizen’s data.

The comments were made by EC attorney Bernhard Schima in a case brought by privacy campaigner Maximilian Schrems, looking at whether the data of EU citizens should be considered safe if sent to the US in a post-Snowden revelation landscape.

“You might consider closing your Facebook account, if you have one,” Schima told attorney general Yves Bot in a hearing of the case at the European court of justice in Luxembourg.

When asked directly, the commission could not confirm to the court that the Safe Harbour rules provide adequate protection of EU citizens’ data as it currently stands.

[..]

Schrems maintains that companies operating inside the EU should not be allowed to transfer data to the US under Safe Harbour protections – which state that US data protection rules are adequate if information is passed by companies on a “self-certify” basis – because the US no longer qualifies for such a status.


Write a comment

Comments:

  1. I remember working for $LARGE_COMPANY where it was decided that all access, and all email encryption, email signatures, etc were to be done by personal X509 certificates.

    The Certificate Authority and key generation was done by an US company, and to get a new badge I had to sign something waving all kind of privacy rights specified in the Safe Harbour regulations referenced above.

    I refused on the grounds that I did not want the US government to be able to decrypt all the mail of $LARGE_COMPANY.

    That was unexpected, and their procedures didn’t account for this possibility. I was warned that I might lose access to email or buildings. I told them we’d cross that bridge when we’d get to it, but I left not long after.

Portland man: I was tortured in UAE for refusing to become an FBI informant

Posted on March 16th, 2015 at 20:15 by John Sinteur in category: Do you feel safer yet?

[Quote]:

The 36-year-old Eritrean-born American was finally back in Portland at the end of a five-year odyssey that began with a simple business trip but landed him in an Arab prison where he alleges he was tortured at the behest of US anti-terrorism officials because he refused to become an informant at his mosque in Oregon.

Fikre is suing the FBI, two of its agents and other American officials for allegedly putting him on the US’s no-fly list – a roster of suspected terrorists barred from taking commercial flights – to pressure him to collaborate. When that failed, the lawsuit said, the FBI had him arrested, interrogated and tortured for 106 days in the United Arab Emirates.

As shocking as the claims are, they are not the first to emanate from worshippers at Fikre’s mosque in Portland, where at least nine members have been barred from flying by the US authorities.

“The no-fly list gives the FBI an extrajudicial tool to coerce Muslims to become informants,” said Gadeir Abbas, a lawyer who represents other clients on the list. “There’s definitely a cluster of cases like this at the FBI’s Portland office.”

They include Jamal Tarhuni, a 58 year-old Portland businessman who travelled to Libya with a Christian charity, Medical Teams International, in 2012. He was blocked from flying back to the US and interrogated by an FBI agent who pressed him to sign a document waving his constitutional rights.

“The no-fly list is being used to intimidate and coerce people – not for protection, but instead for aggression,” said Tarhuni after getting back to Portland a month later. He was removed from the no-fly list in February after a federal lawsuit.

Another member of the mosque, Michael Migliore, chose to emigrate to live with his mother in Italy because he was placed on a no-fly list after refusing to answer FBI questions without a lawyer or become an informant. He had to take a train to New York and a ship to England. In the UK, he was detained under anti-terrorism legislation. Migliore said his British lawyer told him it was at the behest of US officials.


Write a comment

Philip Hammond: time to ‘move on’ from Snowden surveillance revelations

Posted on March 11th, 2015 at 11:40 by John Sinteur in category: Privacy, Security

[Quote]:

Britain needs to draw a line under the debate about mass surveillance by the intelligence agencies sooner rather than later to stop them getting distracted from their work, Philip Hammond, the foreign secretary, said on Tuesday.

The senior Conservative said his party would legislate early in the next parliament to give the security services extra powers and address legitimate public concerns about their oversight.

But he said the debate about privacy sparked by the American whistleblower Edward Snowden, whose revelations about mass surveillance by the agencies were published by the Guardian and others, “cannot be allowed to run on forever”.

Speaking at the Royal United Service Institute (Rusi), Hammond said: “We need to have it, address the issues arising from it and move on sooner rather than later if the agencies are not to become distracted from their task.

“The prime minister, home secretary and I are determined we should draw a line under the debate by legislating early in the next parliament to give our agencies clearly and transparently the powers they need and to ensure our oversight regime keeps pace with technological change and addresses the reasonable concerns of our citizens.”

Debate cannot be allowed to happen when we decide it can’t. Like whether or not we were at war with Eastasia. We were always allies with Eastasia, and we will not tolerate this argument to be dragged on forever.


Write a comment

Comments:

  1. Big Brother is watching YOU! Uncle George must be spinning in his grave, shaking his head, asking “Why are they 20+ years late?”… :sarcasm meter spinning at 110%:

CIA hacked iPhone, iPad and Mac security – Snowden documents reveal extent of privacy invasion

Posted on March 10th, 2015 at 16:47 by John Sinteur in category: Apple, Privacy, Security

[Quote]:

The CIA has spent almost a decade attempting to breach the security of Apple’s iPhone, iPad and Mac computers to allow them secretly plant malware on the devices. Apple announced on Monday, 9 March, that it had sold over 700 million iPhones since the first version was announced in 2007, giving some idea of the scope of the CIA tactics.

Revealed in documents released to The Intercept by Edward Snowden, the CIA’s efforts at undermining Apple’s encryption has been announced at an secret annual gathering known as the “Jamboree” which has been taking place since 2006, a year before the first iPhone was released.


Write a comment

Comments:

  1. Actually interesting bits:

    While the report details the efforts the CIA undertook to crack Apple’s security measures, it or the documents don’t say how successful the efforts were at undermining the security of iPhones, iPads and Macs.

    and

    the CIA also claims to have developed a poisoned version of Xcode, the software development tool used by app developers to create the apps sold through Apple’s hugely successful App Store. It is unclear how the CIA managed to get developers to use the poisoned version of Xcode, but it would have allowed the CIA install backdoors into any apps created using their version.

    and

    The CIA also looked to breach the security of Apple’s desktop platform, claiming they had successfully modified the OS X updater. If this is true it would allow the CIA to intercept the update mechanism on Apple’s Mac laptops and desktops to install a version of the updated Mac OS X with a keylogger installed.

Lindsey Graham: I’ve Never Sent an Email

Posted on March 9th, 2015 at 9:10 by John Sinteur in category: Privacy, Security

[Quote]:

He’s been a U.S. senator for 12 years, and was a Congressman for eight more before that, but South Carolina Republican Lindsey Graham says he has never sent an email.

In a discussion on NBC’s Meet the Press about the controversy surrounding Hillary Clinton’s use of a home-based email server while she was secretary of state, moderate Chuck Todd asked Graham, “Do you have a private e-mail address?”

Graham’s surprising answer: “I don’t email. No, you can have every email I’ve ever sent. I’ve never sent one.”

In a sane world, this would make him ineligible to be on the Privacy, Technology, and Law subcommittee.


Write a comment

Comments:

  1. Au contraire, you can’t get more secure than being not corrected, but it is likely to leave you in the singular position of being unusually ill informed about the casual day to day concerns of e-mail use.

  2. I bet he wonders why there’s such a fuss about luncheon meat.

Obama sharply criticizes China’s plans for new technology rules

Posted on March 4th, 2015 at 10:58 by John Sinteur in category: Privacy, Security

[Quote]:

President Barack Obama on Monday sharply criticized China’s plans for new rules on U.S. tech companies, urging Beijing to change the policy if it wants to do business with the United States and saying he had raised it with President Xi Jinping.

In an interview with Reuters, Obama said he was concerned about Beijing’s plans for a far-reaching counterterrorism law that would require technology firms to hand over encryption keys, the passcodes that help protect data, and install security “backdoors” in their systems to give Chinese authorities surveillance access.

“This is something that I’ve raised directly with President Xi,” Obama said. “We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States.”

But, of course, if American law enforcement wants the passwords, it’s OK. Here’s Obama last week:

[Quote]:

Obama: … the company says “sorry, we just can’t pull it. It’s so sealed and tight that even though the government has a legitimate request, technologically we cannot do it.”

Swisher: Is what they’re doing wrong?

Obama: No. I think they are properly responding to a market demand. All of us are really concerned about making sure our…

Swisher: So what are you going to do?

Obama: Well, what we’re going to try to do is see if there’s a way for us to narrow this gap. Ultimately, everybody — and certainly this is true for me and my family — we all want to know if we’re using a smartphone for transactions, sending messages, having private conversations, we don’t have a bunch of people compromising that process. There’s no scenario in which we don’t want really strong encryption.

The narrow question is going to be: if there is a proper request for — this isn’t bulk collection, this isn’t fishing expeditions by government — where there’s a situation in which we’re trying to get a specific case of a possible national security threat, is there a way of accessing it? If it turns out there’s not, then we’re really going to have to have a public debate. And, I think some in Silicon Valley would make the argument — which is a fair argument, and I get — that the harms done by having any kind of compromised encryption are far greater than…

Swisher: That’s an argument you used to make, you would have made. Has something changed?

Obama: No, I still make it. It’s just that I’m sympathetic to law enforcement…


Write a comment

Comments:

  1. Hey, if you don’t like it, you can always leave. Here’s a suggestion, make it in the USA. You already have the encryption keys.

We Now Know The NSA And GCHQ Have Subverted Most (All?) Of The Digital World: So Why Can’t We See Any Benefits?

Posted on February 28th, 2015 at 16:05 by John Sinteur in category: Security

[Quote]:

As Mike pointed out recently, thanks to Snowden (and possibly other sources), we now know the NSA, with some help from GCHQ, has subverted just about every kind of digital electronic device where it is useful to do so — the latest being hard drives and mobile phones. That’s profoundly shocking when you consider what most non-paranoid observers thought the situation was as recently as a couple of years ago. However, given that’s how things stand, there are a couple of interesting ramifications.

[..]

If the NSA and other parties do have ways of turning practically every digital electronic device into a system for spying on its users, that essentially means there is no criminal organization in the world — ranging from the so-called “terrorist” ones that are used to justify so much bad policy currently, to the “traditional” ones that represent the bulk of the real threat to society — that is not vulnerable to being infiltrated and subverted by government agencies.

And yet we don’t see this happen. Drug cartels thrive; people trafficking is surging; the smuggling of ivory and endangered animals is profitable as never before. Similarly, despite the constant and sophisticated monitoring of events across the Middle East, the rise of Islamic State evidently took the US and its allies completely by surprise. How is it that global criminality has not been brought to its knees, or that such massive geopolitical developments were not picked up well in advance — and nipped in the bud?


Write a comment

Comments:

  1. What I saw in 25 years in the pharmaceutical industry was implementation of much technology for no reason other than that it was there. I think the same applies here. It simply becomes a business proposition. How many drug tests and back ground checks actually derail employment? Very few I think, but somebody’s making a boatload of money off of them. Regarding surveillance tech, it certainly is used when it helps support the folks in power (as in monitoring and subverting legal protests). Our lawmakers certainly need to hold the agencies that invade our privacy to account for the supposed benefits they provide.

  2. Regarding the third paragraph: I don’t think the 1% really care about any of those things. Why would the government try to stop any of it? The worse crime is committed by congress, impersonation of someone that really give a rat’s ass.

  3. @chas: I think the elite do care. A lot, but they don’t want it stopped. They are the ones running the tax schemes and jurisdictional shopping to benefit their corporations. They are the ones hiding personal wealth in tax havens.

Under U.S. Pressure, PayPal Nukes Mega For Encrypting Files

Posted on February 27th, 2015 at 17:47 by John Sinteur in category: Security

[Quote]:

“MEGA has demonstrated that it is as compliant with its legal obligations as USA cloud storage services operated by Google, Microsoft, Apple, Dropbox, Box, Spideroak etc, but PayPal has advised that MEGA’s ‘unique encryption model’ presents an insurmountable difficulty,” Mega explains.


Write a comment

EFF unearths evidence of possible Superfish-style attacks in the wild

Posted on February 26th, 2015 at 16:49 by John Sinteur in category: Privacy, Security

[Quote]:

It’s starting to look like Superfish and other software containing the same HTTPS-breaking code library may have posed more than a merely theoretical danger to Internet users. For the first time, researchers have uncovered evidence suggesting the critical weakness may have been exploited against real people visiting real sites, including Gmail, Amazon, eBay, Twitter, and Gpg4Win.org, to name just a few.


Write a comment

Home Security

Posted on February 25th, 2015 at 22:06 by John Sinteur in category: Security

IPSNRmY


Write a comment

Comments:

  1. Question: if he calls 911 for a medical emergency, who responds? Do the agencies first fight a turf war; Do they all send in there swap teams who collide at the door? Does one these agency first throw a stun bomb through the window giving the poor chap a heart attack?

  2. What would happen if everyone did this? They’d have to monitor us all…

It’s time to break up the NSA – Bruce Schneier

Posted on February 25th, 2015 at 22:03 by John Sinteur in category: Security

[Quote]:

The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission — protecting the security of U.S. communications and eavesdropping on the communications of our enemies — has become unbalanced in the post-Cold War, all-terrorism-all-the-time era.


Write a comment

Samsung Smart TV: If you don’t mind, I’ll take one that’s a little more stupid

Posted on February 10th, 2015 at 14:32 by John Sinteur in category: Do you feel safer yet?

[Quote]:

Imagine if your television was listening to everything you said in front of it. Hold on, actually, this doesn’t need to be a thought experiment. Simply pop down to the shops and buy a Samsung Smart TV (from £280) and voilá, in your living room, nestled up against the wall, will sit a device that listens to all the conversation within earshot. And records it. And then sends it on to another company for analysis. Do you have a copy of 1984 to hand? Best get one…

[Quote]:

Worse still, this all happens even if you don’t turn voice recognition on, as Samsung says: “If you do not enable Voice Recognition, you will not be able to use interactive voice recognition features, although you may be able to control your TV using certain predefined voice commands. While Samsung will not collect your spoken word, Samsung may still collect associated texts and other usage data so that we can evaluate the performance of the feature and improve it.”

Samsung’s responded to widespread discussion of its privacy policy by insisting the data it collects is encrypted and cannot be accessed or used by unauthorised parties.

and THEY get to decide who is authorized!


Write a comment

Comments:

  1. oh, like i would have gotten that.

  2. What’s both amusing and annoying to me?

    I laughed at my friend when he covered up his laptop camera with black electrical tape.

    He says we live in an artificial environment with aliens doing experiments on us. I told him I didn’t believe in God. Perhaps he meant the Koreans.

  3. Aside from privacy issues, “Is encrypted” — right. At some point it needs to be decrypted and processed. But nothing to worry about, big companies have excellent security, what could possibly go wrong? Just ask Target, Home Depot, Sony………

Innocent frequent flier detained after run-in with TSA

Posted on February 7th, 2015 at 16:36 by John Sinteur in category: Do you feel safer yet?

[Quote]:

Apparently, working as a supervisor for the Transportation Security Administration at Philadelphia International Airport comes with a perk: You get to throw people in jail for no good reason and still keep your job.

If that’s not the case, why is Charles Kieser still employed by the TSA?


Write a comment

Feds operated yet another secret metadata database until 2013

Posted on January 21st, 2015 at 13:18 by John Sinteur in category: Do you feel safer yet?, Privacy

[Quote]:

In a new court filing, the Department of Justice revealed that it kept a secret database of telephone metadata—with one party in the United States and another abroad—that ended in 2013.

The three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use “administrative subpoenas” to obtain business records and other “tangible things.” The affidavit does not specify which countries records were included, but specifically does mention Iran.

This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013.

The criminal case involves an Iranian-American man named Shantia Hassanshahi, who is accused of violating the American trade embargo against Iran. His lawyer, Mir Saied Kashani, told Ars that the government has clearly abused its authority.

“They’ve converted this from a war on drugs to a war on privacy,” he said.


Write a comment

GCHQ captured emails of journalists from top international media

Posted on January 19th, 2015 at 22:47 by John Sinteur in category: Do you feel safer yet?

[Quote]:

GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals.

Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency.

The disclosure comes as the British government faces intense pressure to protect the confidential communications of reporters, MPs and lawyers from snooping.

Quis custodiet ipsos custodes?


Write a comment

Comments:

  1. Quis custodiet ipsos custodes? People like Snowden? He is my hero this year!

  2. As are the reporters and news organizations supporting his leaks. There should be a Nobel Prize for being Custodians of the Public Interest!

Surveillance Detection for Android Phones

Posted on January 15th, 2015 at 0:05 by John Sinteur in category: Security

[Quote]:

It’s called SnoopSnitch:

SnoopSnitch is an app for Android devices that analyses your mobile radio traffic to tell if someone is listening in on your phone conversations or tracking your location. Unlike standard antivirus apps, which are designed to combat software intrusions or steal personal info, SnoopSnitch picks up on things like fake mobile base stations or SS7 exploits. As such, it’s probably ideally suited to evading surveillance from local government agencies.

The app was written by German outfit Security Research Labs, and is available for free on the Play Store. Unfortunately, you’ll need a rooted Android device running a Qualcomm chipset to take advantage.

Download it here.


Write a comment

Comments:

  1. I love it that some people (me) complain about things, but other people actually do something useful!

WhatsApp and iMessage could be banned under new surveillance plans

Posted on January 12th, 2015 at 20:00 by John Sinteur in category: Do you feel safer yet?, Security

[Quote]:

David Cameron could block WhatsApp and Snapchat if he wins the next election, as part of his plans for new surveillance powers announced in the wake of the shootings in Paris.

The Prime Minister said today that he would stop the use of methods of communication that cannot be read by the security services even if they have a warrant. But that could include popular chat and social apps that encrypt their data, such as WhatsApp.

Apple’s iMessage and FaceTime also encrypt their data, and could fall under the ban along with other encrypted chat apps like Telegram.

The comments came as part of David Cameron’s pledge to revive the “snoopers’ charter” to help security services spy on internet communications today.

René (to the radio): Allo, allo! This is Nighthawk. Can you hear me? Can you hear me? Over.
Fanny (interrupts): Of course I can hear you.
René: Not you! Shut up!
Radio: Allo, allo! Pass your message.
René (To Edith): What is the code to tell them the British airmen have arrived?
Edith: “The little cupboard is full.”
Fanny : Ah? What is that?
René: The little cupboard is full!
Fanny (interrupts again): Oh no, no, no. I have not used it all the day!


Write a comment

Comments:

  1. Back to the old microdots under the postage stamps then?

Gogo Inflight Internet is intentionally issuing fake SSL certificates

Posted on January 5th, 2015 at 11:48 by John Sinteur in category: Security

[Quote]:

SSL/TLS is a protocol that exists to ensure there exists an avenue for secure communication over the Internet. Through the use of cryptography and certificate validation, SSL certificates make man-in-the-middle attacks (where a third party would be able monitor your internet traffic) difficult, so the transmission of things like credit card numbers and user account passwords becomes significantly safer. In this case, performing a man-in-the-middle attack would require the attacker to attack the SSL certificate first before being able to snoop on someone’s traffic.

For whatever reason, however, Gogo Inflight Internet seems to believe that they are justified in performing a man-in-the-middle attack on their users. Adrienne Porter Felt, an engineer that is a part of the Google Chrome security team, discovered while on a flight that she was being served SSL certificates from Gogo when she was requesting Google sites. Looking at the issuer of the certificate, rather than being issued by Google, it was being issued by Gogo.


Write a comment

When The FISA Court Rejects A Surveillance Request, The FBI Just Issues A National Security Letter Instead

Posted on December 31st, 2014 at 9:49 by John Sinteur in category: Do you feel safer yet?, Privacy, Security

[Quote]:

We considered the Section 215 request for [REDACTED] discussed earlier in this report at pages 33 to 34 to be a noteworthy item. In this case, the FISA Court had twice declined to approve a Section 215 application based on First Amendment Concerns. However, the FBI subsequently issued NSLs for information [REDACTED] even though the statute authorizing the NSLs contained the same First Amendment restriction as Section 215 and the ECs authorizing the NSLs relied on the same facts contained in the Section 215 applicants…


Write a comment

Police: 2-year-old shoots, kills mom in N. Idaho Wal-Mart

Posted on December 30th, 2014 at 22:59 by John Sinteur in category: Do you feel safer yet?

[Quote]:

A woman in her late 20s is dead after a 2-year-old boy got a hold of a loaded handgun in her purse and accidentally shot her inside a Wal-Mart store in Hayden, the Kootenai County Sheriff’s Office is reporting.The woman was shopping with four children, Lt. Stu Miller said today. The 2-year-old was riding in a shopping cart and pulled the gun from her purse and shot her, he said. Sheriff’s deputies assume the woman is the boy’s mother, but are still investigating, he said. It’s not clear whether all four children are related to her.

The country needs more guns. If the mother had two guns, she could of defended herself and justifiably shot the toddler in self defense.


Write a comment

Comments:

  1. And then there are those safety interlocks that require a ring or wristband to operate the gun…all kinds of technical solutions to a social problem.

    It’s pathological to require guns in a society, let alone in a supermarket, ffs.

Inside the NSA’s War on Internet Security

Posted on December 29th, 2014 at 9:09 by John Sinteur in category: Do you feel safer yet?, Security

[Quote]:

The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure. Although the documents are around two years old, experts consider it unlikely the agency’s digital spies have made much progress in cracking these technologies. “Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said in June 2013, after fleeing to Hong Kong.

NSA documents indicate they can get into SSH, along with IPSec and PPTP, but that PGP/GnuPG and OTR, as well as TrueCrypt are secure.


Write a comment


« Older Entries