Sunday, August 02, 2015
I missed this interesting (if legal) FBI hack.
Feds bust through huge Tor-hidden child porn site using questionable malware
A newly unsealed FBI search warrant application illustrates yet another example of how the government deploys malware and uses sophisticated exploits in an attempt to bust up child pornography rings.
The 28-page FBI affidavit (text-only, possibly NSFW) was unsealed in a federal court in Brooklyn, New York earlier this month. It describes a North Carolina server hosting a Tor hidden service site. The setup was seized in February 2015, but law enforcement allowed it to run for two additional weeks as a way to monitor its nearly 215,000 users.
… Legal experts told Ars that there are significant questions about precisely how the unnamed Tor site was breached, exactly how its "Network Investigative Tool" (or NIT, i.e., malware) works, how many of the users were outside of the judicial district, and if the seized server contained other non-criminal content.
"This is another example of the FBI obtaining a warrant that they are not yet authorized to obtain or execute based on the lack of technical expertise of the judiciary," Ahmed Ghappour, a law professor at the University of California, Hastings, told Ars. Ghappour pointed to a proposed change to Rule 41 that is currently working its way through the judicial system. He has written at length about this potential upcoming modification to Rule 41.
An OpEd by people who should understand the issue. I would add that “selective” decryption works only if you know one or more of the parties communicating are already targets of interest.
Why the fear over ubiquitous data encryption is overblown
… In the wake of global controversy over government surveillance, a number of U.S. technology companies have developed and are offering their users what we call ubiquitous encryption — that is, end-to-end encryption of data with only the sender and intended recipient possessing decryption keys. With this technology, the plain text of messages is inaccessible to the companies offering the products or services as well as to the government, even with lawfully authorized access for public safety or law enforcement purposes.
The FBI director and the Justice Department have raised serious and legitimate concerns that ubiquitous encryption without a second decryption key in the hands of a third party would allow criminals to keep their communications secret, even when law enforcement officials have court-approved authorization to access those communications. There also are concerns about such encryption providing secure communications to national security intelligence targets such as terrorist organizations and nations operating counter to U.S. national security interests.
… We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.
First, such an encryption system would protect individual privacy and business information from exploitation at a much higher level than exists today. As a recent MIT paper explains, requiring duplicate keys introduces vulnerabilities in encryption that raise the risk of compromise and theft by bad actors.
… Second, a requirement that U.S. technology providers create a duplicate key will not prevent malicious actors from finding other technology providers who will furnish ubiquitous encryption.
… Finally, and most significantly, if the United States can demand that companies make available a duplicate key, other nations such as China will insist on the same. There will be no principled basis to resist that legal demand.
Windows 10 Hits Stride With 67 Million Installs And Counting
Microsoft's strategy to offer Windows 10 as a no-cost upgrade option to Windows 7 and Windows 8.1 users is paying off. Just one day after launch, the Redmond outfit announced that Windows 10 had found its way onto more than 14 million devices. By Friday morning, that number unofficially ballooned to 67 million devices.
Trivial for the Post Office, but would it open opportunities for wine/beer/whiskey of the month clubs? I would volunteer to be a beer scout!
Booze-by-mail bill would give USPS a better shot
… Rep. Jackie Speier, D-Hillsborough, this week introduced legislation that would overturn a pre-Prohibition restriction on shipping “spirituous, vinous, malted, fermented, or other intoxicating liquors” to consumers through the U.S. mail, allowing the postal service to better compete with rivals such as UPS and FedEx.
“It will give us the opportunity to do what our competitors are doing,” said Augustine Ruiz, a Bay Area Postal Service spokesperson. “We can use that revenue, and it will definitely raise our spirits, so to speak.”
While wineries, breweries and distilleries generally support the effort, the main winner would be the Postal Service, which has been in the red since 2007.
The one item every beer enthusiast should own
In case you’re unfamiliar with the term, a growler is an airtight vessel that’s used for transporting beer from one place to another without compromising its quality.
For my geeky students.
Now that Windows 10 is available for download, many of you might be planning to install Microsoft's new desktop operating system on your computer. There are plenty of reasons to install Windows, and different editions to choose from. You can automatically upgrade to Windows 10 or you can make a bootable disk to install Windows 10 on one or more computers in a hurry.
… Make sure that the USB or DVD (if rewritable) you pick to be your Windows 10 bootable media has no important data on it, because this process will format the drive, which means you will lose everything on it. Also make sure that the drive is of minimum 4GB capacity, as the process requires 3GB of space. With that in mind, here's is the list of steps you need to follow to make a bootable Windows 10 drive: