For my Ethical Hackers. I told you
word would leak out. Remember, we're only “gathering data for
academic purposes.”
"Using a Samsung Galaxy SIII —
one of the most popular smartphones available in Canada — and a
free app downloaded from the Google Play store, CBC was able to read
information such as a card number, expiry date and cardholder name
simply holding the smartphone over a debit or credit card. And it
could be done through wallets, pockets and purses. ... Although the
NFC antennas in current smartphones need to be very close to a card
in order to work — no farther than 10 cm — that could change with
the next generation of Android smartphones. Legary said the Samsung
Galaxy S4, set to go on sale this spring, might have a much more
capable NFC antenna, which could not only read
credit cards from a greater distance, but could
also be able to read the chips embedded in
enhanced driving licenses and passports."
[If I can read it, I can clone it. Bob]
Should I say,“I've never seen that
encrypted file before in my life” or “That's a file my lawyer
asked me to keep for him.”
Here’s
a Good Reason to Encrypt Your Data
… The issue is front and center as
a federal magistrate is refusing to order a Wisconsin computer
scientist to decrypt his data that the authorities seized from
kiddie-porn suspect Jeffrey Feldman. The reason is simple: The Fifth
Amendment right against compelled self-incrimination protects even
those suspected of unsavory crimes, according to U.S. Magistrate
William Callahan Jr. of Wisconsin, who wrote:
This is a close
call, but I conclude that Feldman’s act of production, which would
necessarily require his using a password of some type to decrypt the
storage device, would be tantamount to telling the government
something it does not already know with ‘reasonably
particularity’—namely, that Feldman has personal access to and
control over the encrypted storage devices. Accordingly, in my
opinion, Fifth Amendment protection is available to Feldman. Stated
another way, ordering Feldman to decrypt the storage devices would be
in violation of his Fifth
Amendment right against compelled self-incrimination. (.pdf)
… Federal prosecutors did not
immediately respond for comment, but said in court
papers they have spent months trying to decrypt the data.
“The FBI is performing admirable in
the digital arms race between those seeking to hide evidence of their
wrongdoing through encryption and law enforcement officers seeking to
uncover that evidence; but the expense in time and
resources in investigating cases like this one is beginning to
inhibit the provision of justice,” [“It would be lots cheaper if
you allowed us to beat it out of him.” Bob] the
government said
(.pdf) in seeking the magistrate to compel the suspect to unlock the
data.
Must be a new agent. All the movies
and TV shows tell us the when cops need a warrant someone will say
either “Judge X owes me a favor” or “Try Judge Y, he's a
pushover.”
Cyrus Farivar reports:
A federal
magistrate judge has denied
(PDF) a request from the FBI to install sophisticated surveillance
software to track someone suspected of attempting to conduct a
“sizeable wire transfer from [John Doe’s] local bank [in Texas]
to a foreign bank account.”
Back in March
2013, the FBI asked the judge to grant a month-long “Rule
41 search and seizure warrant” of a suspect’s
computer “at premises unknown” as a way to find out more about
this possible violations of “federal bank fraud, identity theft and
computer security laws.”
In an
unusually-public order published
this week, Judge Stephen Smith slapped down the
FBI on the grounds that the warrant request was overbroad and too
invasive.
Read more on Ars
Technica.
Judge Smith recently commented on his
case load for federal requests vs. his colleagues. One might think
that federal prosecutors and law enforcement are avoiding him as he
tends to set higher standards for approving warrants or requests.
This latest opinion may be another case in point.
(On the other hand)
Declan McCullagh reports:
Senior Obama
administration officials have secretly authorized the interception of
communications carried on portions of networks operated by AT&T
and other Internet service providers, a practice that might otherwise
be illegal under federal wiretapping laws.
The secret legal
authorization from the Justice Department originally applied to a
cybersecurity pilot project in which the military monitored defense
contractors’ Internet links. Since then, however, the program has
been expanded by President Obama to cover all critical infrastructure
sectors including energy, healthcare, and finance starting June 12.
Read more on CNET.
Do you think this might be “Coming
soon to a TSA agent near you!”
"Israeli security officials at
Ben Gurion airport are legally
allowed to demand access to tourists' email accounts and
deny them entry if they refuse, the country's top
legal official said on Wednesday. Details of the policy were laid
out by Attorney General Yehuda Weinstein in a written response to the
Association for Civil Rights in Israel (ACRI), the group said in a
statement. 'In a response dated April 24, 2013, the attorney
general's office confirmed this practice,' ACRI said, quoting
sections of the document which said it was only done in exceptional
cases where 'relevant suspicious signs' were evident and only done
with the tourist's 'consent'. 'Allowing security agents to take such
invasive measures at their own discretion and on the basis of such
flimsy "consent" is not befitting of a democracy,'
commented Lila Margalit from ACRI."
I think I need a Glossary for all these
government programs.
April 24, 2013
DHS
Releases Revises Privacy Impact Assessment on Internet Monitoring
Program
EPIC: "The Department of Homeland
Security has released a Privacy
Impact Assessment for Einstein
3 - Accelerated. Einstein 3 is a government cybersecurity
program that monitors Internet traffic. The monitoring includes
scanning email destined for .gov networks for malicious attachments
and URLs. According to DHS, the basis of the government’s authority
to perform the monitoring is National
Security Presidential Directive 54. EPIC is
pursuing FOIA litigation to force the government to release the
Directive to the public. For more information, see EPIC
v. NSA - Cybersecurity Authority."
(Related)
April 24, 2013
EPIC
FOIA Request Reveals Details About Government Cybersecurity Program
EPIC: "New documents obtained by
EPIC in a Freedom
of Information Act lawsuit reveal that the
Department of Defense advised
private industry on how to best circumvent federal wiretap law. The
documents
concern a collaboration between the Defense Department, the
Department of Homeland Security, and private companies to allow
government monitoring of private Internet networks. Though the
program initially only applied to defense contractors, an Executive
Order issued by the Obama administration
earlier this year expanded it to include other "critical
infrastructure" industries. The documents obtained by EPIC also
cited
NSPD 54 as one source of authority for the program. NSPD 54 is a
presidential directive issued under President Bush that EPIC is
pursuing
in separate FOIA litigation. For more information, see EPIC:
EPIC v. DHS (Defense Contractor Monitoring),
and EPIC:
EPIC v. NSA - Cybersecurity Authority."
Of course they will. (And probably
many other “skies.”) That allows us to withdraw without actually
withdrawing from a country declaired “ready to defend itself”
that we have determined isn't actually ready to defend itself. Makes
perfect sense!
After
U.S. Troops Leave, Armed Drones Will Patrol Afghanistan’s Skies
Completely unrelated. “Ah man,
They're trying to take away my God given right to use my .22 armed
drone to wipe out the prarie dogs in my horse pasture!”
"A DC Area Drone User Group has
posted an
open letter in response to recent comments by Eric
Schmidt about banning drones from private use. The closing
section reads: 'Personally owned flying robots today have the power
to change the balance of power between individuals and large
bureaucracies in much the same way the Internet did in the past. And
just as the military researchers who developed GPS for guiding
munitions could never have imagined their technology would be used in
the future to help people conduct health surveys in the world's
poorest countries or help people find dates in the world's richest,
there is a whole world of socially positive and banal applications
for drones that are yet to be discovered. We should embrace this
chance that technology provides instead of strangling these
opportunities in their infancy. Our hope is that you and the rest of
Google's leadership will embrace this pro-technology agenda in the
future rather than seeking to stifle it. We would welcome the
opportunity to speak further with you about this topic.'"
Associated Press reports that Facebook
has won a round in court against a German data protection regulator
who was trying to block Facebook from requiring real name
registration:
Schleswig-Holstein
state’s data protection office had argued that the ban on fake
names breaches German privacy laws and European rules designed to
protect free speech online.
But a state
appeals court has confirmed a lower tribunal’s ruling
that German privacy laws don’t apply to Facebook because the social
networking site has its European headquarters in Ireland,
where privacy rules are less stringent.
Read more on Washington
Post.
It takes the government 281 pages to
say what NPR's “The Car Guys” summarized in a single bumper
sticker: “Honk if you love Jesus, Text if you want to meet him”
Same old Question: How does the phone know you are the driver and not
a passenger?
How
Federal Distracted-Driving Guidelines Will Shape Your Next Phone
… The guidelines – and they’re
just that, suggestions, not requirements – are laid out in
a 281-page
report by the National Highway Traffic Safety Administration
(.PDF) and the Department of Transportation, which under the
direction of outgoing transportation secretary Ray LaHood have made
distracted driving a pet cause.
… The main thrust of the
recommendations is limiting the amount of time the driver takes his
eyes off the road or hands off the wheel, with a
maximum of two seconds for each input and total of 12 seconds to
complete a task. NHTSA wants automakers to disable
certain functions of a car’s built-in infotainment systems whenever
the vehicle is in motion.
Specifically, NHTSA wants automakers to
nix the ability to enter text for messaging and internet browsing,
disable any kind of video functionality (think Skype, FaceTime and
watching the latest Lady Gaga video) and prevent text-based
information from being displayed, including web pages, social media
content, emails and text messages.
“Hey, it's your law. I'm just
following it.” Now we can expect them to write a version of the
law that 'gets medieval.'
"Aereo's court battles are far
from over, to be sure, but the ruling
earlier this month that the TV streaming service doesn't violate
copyright laws must have the folks at music streaming service Pandora
shaking their heads, wondering why they're still paying
royalties that currently consume more than half
their revenues. The implications of Aereo's business model are
far-reaching and may ultimately 'be resolved by Congress, just as it
did when cable first came on the scene, by passing legislation to
redefine
a public performance,' writes broadcast industry attorney David
Oxenford."
For a Risk Assessment class.
April 24, 2013
TRAC
- Domestic Terror Cases Outnumbering International Two-to-One in FY
2013
"During February 2013, there were
16 new federal criminal prosecutions for terrorism and national
internal security offenses, according to the latest available data
from the Justice Department. So far during fiscal year 2013 (which
began October 2012), a total of 83 such cases have been filed. These
criminal prosecutions have been brought in a surprisingly large
number of federal districts from all regions of the country. And at
this point, domestic terrorism cases outnumber international
terrorism by a factor of two-to-one. For more details, including
district rankings, see the report here."
For those time when you can't
waterboard? I seems to remember a whole library full of ways to spot
lies from body language, but changes in word choice is well
documented also. I wonder if we could explan on this?
… Below are some of those ways to
figure out whether or not someone is pulling the virtual wool over
your eyes. Are the determining factors perfect? No. Neither are lie
detector results. Nevertheless, they are a good start if you have a
quick mind and generally know people fairly well.
Abnormal Changes
In Syntax
Negation
Varying Response
Times During IM
Status Updates
Simply Don’t Line Up
For my Math students. Look at the
difference between “Upper Level” workers and “Lower Level”
workers and tell me how much Math you need to move up.
Here's
How Little Math Americans Actually Use at Work
… As it turns out, less than a
quarter of U.S. workers report using math any more complicated than
basic fractions and percentages during the course of their jobs. The
graphs below are based on survey data compiled by Northeastern
University sociologist Michael
Handel. Handel surveyed about 2,300 workers first from 2004
through 2006, then again between 2007 and 2009. The catchall
category of "any more advanced" math includes algebra
through calculus.
No comments:
Post a Comment