Friday, April 01, 2016

Another swing of the pendulum.
The use of a Stingray/Hailstorm device to track a cell phone is a search under the Fourth Amendment. The Nondisclosure Agreement is essentially unconstitutional because of the state’s argument they don’t have to disclose what they were doing. The court also finds the third party doctrine inapplicable. State v. Andrews, 2016 Md. App. LEXIS 33 (March 30, 2016)
Read more about the opinion on
[From the article:
We observe that such an extensive prohibition on disclosure of information to the court—from special order and/or warrant application through appellate review—prevents the court from exercising its fundamental duties under the Constitution. To undertake the Fourth Amendment analysis and ascertain “the reasonableness in all the circumstances of the particular governmental invasion of a citizen’s personal security,” Terry v. Ohio, 392 U.S. 1, 19 (1968), it is self-evident that the court must understand why and how the search is to be conducted.

Beware of amateurs offering security advice.
CNBC's Password Security Lesson Fails Spectacularly
CNBC earlier this week published a piece with the goal of helping users strengthen their password security, but the attempt backfired badly.
An interactive tool provided to help readers detect the strength of their passwords was to blame.
Readers were asked to enter potential passwords into a field, and see how long it would take the system to crack them. They were told that adding capital letters, numbers and symbols would help strengthen a password, and they were assured that no passwords were being stored.
Google security engineer Adrienne Porter Felt raised the alarm shortly after the piece was published.
The site was not encrypted, she said.
Data apparently was sent in the clear to a Google spreadsheet.
CNBC has since taken down the piece. It did not respond to our request to provide further details.
… The data was shared to more than 30 third parties – advertisers and analytics providers – that pulled data from CNBC's site, Soltani said.

For my Ethical Hacking students, because to secure cameras you have to know every point of vulnerability.
How to Make Your Wireless Security Cameras Untouchable to Hackers

(Related) I've been looking for fun projects!
Researchers Can Now Register to Hack The Pentagon
Starting today, interested security researchers can now officially register to test their hacking skills against the DoD.
The initiative, run through a partnership with bug bounty platform provider HackerOne, is the first of its kind in the history of the federal government.
San Francisco-based HackerOne offers a software-as-a-service platform that provides the technology and automation to help organizations run their own vulnerability management and bug bounty programs.
The Hack the Pentagon bug bounty pilot will start on Monday, April 18 and end by Thursday, May 12.

It is what you don't say.
Reddit deletes surveillance 'warrant canary' in transparency report
Social networking forum reddit on Thursday removed a section from its site used to tacitly inform users it had never received a certain type of U.S. government surveillance request, suggesting the platform is now being asked to hand over customer data under a secretive law enforcement authority.
Reddit deleted a paragraph found in its transparency report known as a “warrant canary” to signal to users that it had not been subject to so-called national security letters, which are used by the FBI to conduct electronic surveillance without the need for court approval.

That will teach them to advocate privacy! Perhaps if they created an “internet service provider” non-profit they would have been exempt?
Seattle police raid home of privacy activists who maintain Tor anonymity network node
Police in the US are continuing to raid the homes of people who operate exit nodes for the Tor anonymity network, most recently searching the condo belonging to a pair of outspoken privacy activists in Seattle.
On 30 March, Seattle Privacy Coalition cofounders Jan Bultmann and David Robinson were woken up at 6.15am at their condominium by a team of six detectives from the Seattle Police Department with a search warrant looking for child pornography, according to Seattle's alternative weekly newspaper The Stranger.
The married couple were made to sit outside the apartment while the police searched their property and examined their electronic equipment. In the end, police acknowledged that no child pornography was found, so Bultmann and Robinson were not arrested, and none of their assets were seized.
Nevertheless, the experience left the couple shaken and upset, particularly since many "hints and comments [were] made about our cars, our jobs, our histories... revealing that we were thoroughly researched".
… Researchers at King's College London recently found in a new study that 57% of all the websites hidden on the Dark Web are actively facilitating criminal activity such as the sale of drugs, illicit finance and extreme pornography.
And unfortunately, because some bad people use Tor to encrypt their traffic and disguise their activities on the Dark Web, when US law enforcement trace the IP address of said user, it will reflect the IP address of the exit node that Tor randomly assigns to the user, meaning the police think that whoever operates the node is the perpetrator of the crime.

(Related) Another perspective. Is this specific to certain companies?
CloudFlare: 94 percent of the Tor traffic we see is “per se malicious”
More than ever, websites are blocking users of the anonymizing Tor network or degrading the services they receive. Data published today by Web security company CloudFlare suggests why that is.
In a company blog post entitled "The Trouble with Tor," CloudFlare CEO Matthew Prince says that 94 percent of the requests the company sees coming across the Tor network are "per se malicious."
… The study on Tor published last month shows some of the limits already being placed on Tor users. Wikipedia, for instance, allows them to read but not edit articles. Google allows home page access but increasingly presents CAPTCHAs or block pages to Tor searchers. Bank of America won't allow a login from Tor.

Sometimes free speech makes you uncomfortable. But if you block it, how will you know who to laugh at? Launches Inaugural Report
by Sabrina I. Pacifici on Mar 31, 2016
Via EFF: “We’re proud to announce today’s release of’s first report looking at how content is regulated by social media companies.—a joint project of EFF and Visualizing Impact (VI) that won the 2014 Knight News Challenge—seeks to encourage social media companies to operate with greater transparency and accountability toward their users as they make decisions that regulate speech.”

“We help our customers by giving them sub-standard quality.”
FCC in agreement: Agency can't regulate Netflix
… Last week, it was revealed that Netflix slows the download speed of its streaming video over mobile networks such as Verizon and AT&T. The company said it has taken this action, which degrades video quality, for at least five years in order to help customers stay below their monthly data caps imposed by wireless providers.
Observers have said the Netflix's decision not to inform its customers could possibly violate Federal Trade Commission rules.
But nearly all the FCC commissioners are in agreement that Netflix is outside the scope of their own agency. GOP Commissioner Michael O'Rielly gave a speech on the subject earlier this week. And Commissioner Ajit Pai said the same Thursday.
… The regulations are meant to protect customers and Web companies like Netflix that create content. Because of that, the rules only apply to Internet service providers like Comcast or Verizon that haul Internet traffic between users.

Are we nearing a tipping point?
This Startup Aims to Lead the Drone Takeover at the World's Biggest Companies
… San Francisco-based Airware announced today that it has raised $30 million in a series C funding round led by prestigious venture capital firm Next World Capital and the 20-year CEO of software giant Cisco, John Chambers. Elite venture capital firms Andreessen Horowitz and Kleiner Perkins Caufield & Byers are also participating in the round, according to a statement released by Airware today.
The commercial drone industry is poised to throw many markets into transition,” says Chambers in the written statement. In addition to investing in Airware, Chambers says he has agreed to take a seat on Airware's board.
… That’s the motivation behind Airware’s suite of services for big businesses. The startup helps big businesses walks enterprise-size companies through every step of the process, starting with applying for regulatory approval all the way through analyzing and reporting data collected from commercial drones.

Starts the same day as my next Computer Security class.
Cybersecurity and You: Issues in Higher Education and Beyond
by Sabrina I. Pacifici on Mar 31, 2016
“The University of Maryland, Baltimore Thurgood Marshall Law Library, Health Sciences and Human Services Library, and Center for Information Technology Services have organized a cybersecurity conference that is free and open to the public. You can find details, RSVP, and a link to watch the livestream here:

If I can get my students a job, maybe they'll go away!
5 Top Resume Builder Sites to Create Your Resume Online

No comments: