Tuesday, December 08, 2015

For any of my students who still think passwords are adequate security.
Password Cracking Tool Hashcat Goes Open Source
Hashcat, the popular password recovery utility advertised as the world’s fastest password cracker, has been released as open source.
The announcement was first made on December 4 on Twitter via an MD5 hash that read “hashcat open source” when cracked. Jens 'atom' Steube, the main Hashcat developer, later announced in a post on the official forum that the source code for both Hashcat, the CPU-based tool, and oclHashcat, the GPU-based version, has been released under the MIT license.
The source code for Hashcat and oclHashcat is available on GitHub. Bug fixes and new features can be submitted, but contributors must ensure that their code complies with a specified set of requirements.

For some reason I don't think this is the last we'll hear of the OPM breach.
Eric Yoder reports:
The last of the notices are set to go out this week to the more than 21 million people whose personal information was stolen in a cyber breach of government security clearance files, with about 1.5 million of those having signed up so far for identity and credit monitoring services.
Read more on Washington Post.

Perspective? Everyone want to teach kids to code, no one wants to teach ethics? None of the hackers arrested for the TalkTalk hack are over 21.
UK Police Campaign Targets Hackers as Young as 12
Britain's National Crime Agency on Tuesday launched a campaign to discourage youngsters from becoming hackers after it found the average age of suspects had plummeted to 17.
The NCA's #CyberChoices campaign targets parents of boys aged 12-15 who may be involved in cyber-crime without their knowledge.

Everyone knows, cars don't lie!
Hit-And-Run Suspect Busted After Her Car Calls The Police, Spurs Controversial Legal Ramifications
… Take the case of Cathy Bernstein, for example. The 57-year-old woman made an absolutely boneheaded play by rear-ending another vehicle and then fleeing the scene. Bernstein, perhaps thinking that she had gotten away with her act of recklessness, went about her business until she received a call from police dispatch.
How did police dispatch find out that Bernstein was even involved in an accident? Well, her Ford vehicle was equipped with an Emergency Assistance feature that alerts emergency personnel when it detects that the vehicle has been involved in a serious accident. In addition to alerting first responders about a serious accident, an onboard GPS module can pinpoint the exact time and location of the accident.
… Use of GPS technology in vehicles is already drawing criticism from privacy groups, as they feel that innocent citizens could have their personal information and driving habits wind up in the hands of law enforcement. In the case involving Cathy Bernstein, the good guys won, but some feel that automatically dialing law enforcement represents a violation of fourth amendment rights.

Surveillance Apps for the masses.
New software watches for license plates, turning you into Little Brother
We now live in a world where if you have an IP-enabled security camera, you can download some free, open-source software from GitHub and boom—you have a fully functional automated license plate reader (ALPR, or LPR).
… For the last six months, the two-man team behind OpenALPR has built this software and given it away for free, largely as a way to draw attention to their other paid services:

How would DNA testing be different from a test for pollen or mud from a crime scene? What basis would there be to seize clothing if it could not be examined for evidence?
Orin Kerr writes:
This summer, my co-counsel and I filed a cert petition in a pro bono case on behalf of a criminal defendant named Manuel Arzola. The case, Arzola v. Massachusetts, raises this question:
Whether a Fourth Amendment “search” occurs when government agents remove blood from a person’s lawfully-seized clothing and conduct a DNA test that generates a DNA identity profile.
Read more on The Volokh Conspiracy.

Please forgive me, I feel a rant coming on. The “easy” solution (ask any politician) is to ban encryption. Let's ignore the fact that ISIS (and others) are attracting followers via unencrypted social media. Apparently, we have no counter for “the gospel according to ISIS.” We don't even try to develop a counter argument. Instead we blame encryption – even when the evidence says encryption was not used.
Homeland chair moves to rein in 'dark' networks
The head of the House Homeland Security Committee is pushing a new initiative to deal with the proliferation of encrypted devices that critics say allow terrorists to communicate without detection.
The effort by Chairman Michael McCaul (R-Texas) will not force concessions on tech companies, he said Monday.
Instead, it would create “a national commission on security and technology challenges in the digital age,” which McCaul promised would be tasked with providing specific recommendations for dealing with an issue that has become a priority for law enforcement officials.
… “It is time for Congress to act because the White House has failed to bring all parties together — transparently — to find solutions.”
… McCaul initially claimed that the terrorists behind last month’s deadly attacks in Paris had the encrypted messaging application Telegram on their phones.
However, a staffer subsequently told The Hill that he “was providing a reference point to the types of encrypted messaging platforms that are available” and is not aware “of any specific app on the Paris attackers’ phones.”
Still, the staffer noted that intelligence officials have indicated that they believe the attackers communicated through encrypted channels.

(Related) There may be no evidence that this will help, but “we've got to do something!”
Andrew Griffin reports:
France is proposing that it will ban free public Wi-Fi and anonymised browsing because of the Paris attacks, according to leaked documents.
The French government is considering extending internet powers in a way that has only previously been done in Iran and China, according to the document seen by French newspaper Le Monde.
Read more on The Independent.

Perspective. Why you need a mobile App for your customers.
How We Shop Differently on Our Phones
… The researchers found that the average order size of low spenders (defined as shoppers whose total spending was less than the median in the first phase) increased after they adopted mobile shopping. They also placed more orders per year than they had using only a computer. Among high-spending mobile shoppers, the size of the order remained about the same. But, as with the low spenders, the frequency of their purchases steadily increased the more they used their mobile devices for shopping.

No comments: