Since Carrier IQ grabs all the data,
all my Ethical Hackers need to do is record (log) what Carrier IQ
looks at.
"Security
researchers who have investigated the inner workings of the Carrier
IQ software and its capabilities say the application has some
powerful, and potentially worrisome capabilities, but as it's
currently deployed by carriers it
doesn't have the ability to record SMS messages, phone calls or
keystrokes. However, the researchers note there
is still potential for abuse of the information that's being
gathered, whether by the carriers themselves or third parties who
can access the data legitimately or through a compromise of a device.
Jon Oberheide, a security researcher who has done a lot of work on
Android devices, also analyzed several versions of the Carrier IQ
software and found the software has the
ability to record some information, but that doesn't mean it's
actually doing so. [“That
doesn't mean...” isn't a clear denial, is it. Bob]
That part is up to each individual carrier. However, he says the
ability to collect such data is a dangerous thing. 'There is a lot
of capability to collect sensitive data, which is dangerous in any
scenario,' Oberheide said in an interview. 'It's up to the carriers
to use the software as they choose, but you could sort of put some
blame on Carrier IQ. But they put it on the carriers.'"
For those who don't want to trust in
the good will of Carrier IQ or carriers themselves, here
are a
couple ways to get it off your phone.
[From the Comments:
Carrier IQ has admitted that it records
URLs of every web site you visit on your mobile device, and sends it
to the carrier. So there is another subpoena target for the
authorities. Even your ISP doesn't necessarily get that information.
Why should your carrier?
There is “Ad Supported” than there
is “Ad Attack!”
"In a post to the Nmap Hackers
list Nmap author Fyodor accuses Download.com of wrapping
a trojan installer (as detected by various
AV applications when submitted to VirusTotal) around software
including Nmap and VLC Media Player. The C|Net installer bundles a
toolbar, changes browser settings, and, potentially, performs other
shenanigans — all under the logo of the application the user
thought they might have been downloading. Apparently, this
isn't the first time they have done this, either."
Is this a French problem or are all
Nuclear Plants defended by Swiss cheese? Strange that I can't find
pictures of the banners... You would think they would want to
document their success.
"Greenpeace activists secretly
entered a French nuclear site before dawn and draped
a banner reading 'Hey' and 'Easy' on its reactor containment
building, to expose the vulnerability of atomic sites in the
country. Greenpeace said the break-in aimed to show that an ongoing
review of safety measures, ordered by French authorities after a
tsunami ravaged Japan's Fukushima Dai-ichi nuclear plant earlier this
year, was focused too narrowly on possible natural disasters, and not
human factors."
Suspicions confirmed... Perhaps we are
well defended against a 9/11 type attack. But are we ignoring the
potential for other types of attack?
Insider:
$56 Billion Later, Airport Security Is Junk
The Department of Homeland Security has
spent billions since 9/11 trying to keep dangerous people and
dangerous explosives off airplanes, and treating us all air travelers
like potential terrorists in the process. But according to a former
security adviser to a leading airline, the terrorists have changed
the game — and the government hasn’t yet caught on.
… In the new issue of the CTC
Sentinel, a wonky security newsletter published by West Point’s
Combating Terrorism Center, Brandt all but indicts his former
industry and its government protectors. “Government
regulators suffer from a lack of imagination in anticipating and
mitigating emergent and existing threats” to air travel, he
writes.
A brief Brief...
December 05, 2011
Governmental
Tracking of Cell Phones and Vehicles: The Confluence of Privacy,
Technology, and Law
CRS - Governmental
Tracking of Cell Phones and Vehicles: The Confluence of Privacy,
Technology, and Law. Richard M. Thompson, Law Clerk, December 1,
2011
- "Legislation has been introduced in the 112th Congress that proposes to update, clarify, or, in some instances, strengthen the privacy interests protected under the law and give law enforcement a clearer framework for obtaining crucial crime-fighting information. In particular, Senator Ron Wyden and Representative Jason Chaffetz introduced identical legislation, S. 1212 and H.R. 2168, entitled the Geolocational Privacy and Surveillance Act, or GPS bill, which would make it unlawful for a service provider to disclose or law enforcement to intercept or use a person’s location unless they obtained a warrant based upon probable cause or one of the limited exceptions applies. Senator Patrick J. Leahy has introduced the Electronic Communications Privacy Act Amendment Act of 2011 (S. 1011), which not only includes a warrant requirement for geolocation information, but also overhauls and updates other provisions of federal electronic surveillance law... This report will briefly survey Fourth Amendment law as it pertains to the government’s tracking programs. It will then summarize federal electronic surveillance statutes and the case law surrounding cell phone location tracking. Next, the report will describe the GPS-vehicle tracking cases and review the pending Supreme Court GPS tracking case, United States v. Jones. Finally, the report will summarize the geolocation and electronic surveillance legislation introduced in the 112th Congress."
We've been looking for an Artificial
Intelligence instructor for some time. Now we are considering
building one from online tools...
7
Amazing Websites To See The Latest In Artificial Intelligence
Programming
For my Ethical Hackers who would like
to call some people over and over and over and over and over... Also
Group Calling and soon Video Calls.
Vox.io:
A Simple Way To Make Voice Calls From Your Web Browser
Vox.io is a handy VoIP client which
relies completely on your browser, on any flash-based
device and helps you make calls to your friends and
family. But before that, you must sign up for a free account and
validate your phone number and email.
… The recipient will receive the
call from the number you have registered with Vox.io.
… It’s free to call other Vox.io
users but if you want to make any international calls, you must buy
Vox.io credit. You can check out Vox.io call rates here.
For my Math students
Google
adds graphing calculator to search
Students and lovers of all things math
need merely to type in a function to the Google search bar, and the
tool will render an interactive graph, Google explained today in a
company
blog announcing the new tool.
"You can zoom in and out and pan
across the plane to explore the function in more detail. You can
also draw multiple functions by separating them with commas,"
Google engineer Adi Avidor wrote.
No one will ever need this...
How
To Fix Errors and Format USB Flash Drives
No comments:
Post a Comment