If
there are security measures that can frustrate the NSA's best
efforts, would you implement them? “Major problems” is not the
same as “impossible,” but would the NSA spend much time or effort
trying to read my communications with my bank?
Documents
leaked by Edward Snowden show that the National Security Agency,
despite its seemingly best efforts, is unable to crack certain types
of cyber defenses.
The
German newspaper Der
Spiegel uncovered among the former contractor’s document
trove new details about the extent of the spy agency’s ability to
crack online encryption, which defenders of the agency say is
necessary to monitor
potential terrorists’ communications. [True
if you define “monitor” as read as easily as if they sent you a
copy. Bob]
…
According to one Snowden document, as of 2012, agents had “major”
problems tracking users on the Tor network, which encrypts
and relays data all around the Web. The Off-the-Record (OTR)
protocol for encrypting instant messages also caused significant
problems for the agency, as did the Pretty Good Privacy (PGP) email
encryption program, which is decades old and relatively common among
security proponents.
Looks
like this isn't as resolved as the FBI would hope.
A
Bunch Of New Evidence In The Sony Hack Is Pointing Away From North
Korea
New
evidence emerging in the Sony Pictures cyberattack suggests that the
hackers may have been far closer to home than North Korea.
News
broke Monday that a security firm working with the FBI has come
up with a list of six people who may have been closely involved with
the hack. One of the individuals investigated by the firm also
happens to be a disgruntled former Sony employee.
…
Security
Ledger reports that Norse investigated a Sony employee known only
as "Lena," viewing messages that she posted on social media
and group chats. She worked at Sony for over a decade, performing an
IT role with a "very technical background."
…
A former federal prosecutor has also cast doubt on the FBI's
assertion that North Korea was involved with the Sony hack. Mark
Rasch of Rasch Technology and Cyberlaw says the claim that North
Korea was behind the hack is "doubtful" and that the
attack seemed to be carried out by someone with close knowledge of
how Hollywood works, leaking only data that was embarrassing to Sony
executives.
Many
security researchers have been doubtful over the FBI's assertion
since the agency announced
on Dec. 19 that it was blaming North Korea for the Sony hack.
The official US government position is that hackers affiliated with
North Korea carried out the attack in retaliation for Sony's
releasing the movie "The Interview."
Maury
Nichols (one of the few people who admits they read my blog)
sent me this article.
What
Is Wrong With 'Legal Malware'?
Can
malware, malicious by definition, ever be a good thing?
Surprisingly, there are law enforcement agencies that would answer
yes. There are a growing number of hacking techniques involving
malware deployed by governments around the world. Effectively they
are using criminal tools, which they claim is a legitimate means to
the ultimate, legitimate end – fighting crime, even going so far as
deeming their use legal. I disagree. And I think it is a worrying
trend generally – one that needs to be nipped in the bud.
My
colleague, security-researcher Costin Raiu, just recently published a
report
summarizing his research findings over the years plus predictions for
the future in the murky world of sophisticated advanced
persistent threat (APT) cyberattacks.
…
Based on the reasons I give above, I think it is fair to say that
terms like ‘legitimate malware’ or ‘offensive security’ are
oxymoronic and disturbingly dystopian, reminiscent of Orwell’s ‘war
is peace’ and ‘freedom is slavery’.
(Related)
Convergence (the 'hot sheet' and mug shots?) Eventually police will
have a Swiss Army Knife type of system. Need a particular tool?
Just pull out a new blade.
TheNewspaper.com reports:
The leading suppler of automated license plate reader technology in
the US (ALPR, also known as ANPR in Europe) is expanding its
offerings to law enforcement. Vehicle owners have already had their
movements tracked by the company Vigilant Solutions, which boasts 2
billion entries in its nationwide database, with 70 million
additional license plate photographs being added each month. Now
passengers can also be tracked if they hitch a ride with a friend and
are photographed by a camera aimed at the front of the car.
The Livermore, California-based firm recently announced expanded
integration of facial recognition technology into its offerings.
[…]
Only a handful of states
have laws in place to regulate automated license plate reader
technology.
Read
more on TheNewspaper.com.
(Related)
If we gather information on you, deliberately or not, it's an
ongoing investigation and we don't have to release the information.
John
Ruch reports:
The Boston
Police Department embodies the Surveillance Age’s chilling twin
principles: more power to spy on law-abiding citizens, and less
accountability for doing it. That’s what we at the Jamaica
Plain Gazette and Mission
Hill Gazette have learned as our attempts to investigate police
spying abuses are stymied by the department’s flouting of state
public records laws.
Read
more on the New
England First Amendment Coalition.
I'd
like to know how they got this past the Board of Directors. Are they
relying on “forgiveness?”
The
FBI Is Investigating Whether US Banks Are Launching Cyberattacks Of
Their Own
…
Bloomberg
is reporting that the FBI is investigating whether US financial
institutions have started fighting back against hackers.
…
It's
reported that JPMorgan Chase proposed to the FBI that the bank
work from offshore locations to disable the servers used to launch
denial of service attacks against its website. But attendees of the
meeting dismissed the idea over concerns of its legality.
Despite
ruling out the proposed hack, Bloomberg reports that US investigators
found that a third party had carried out the attack after all. Now
the FBI is investigating whether US companies broke the law in
ordering the hack against the Iranian servers.
Sony
Pictures, the movie studio targeted by hackers, allegedly
used Amazon Web Services to try to disrupt people downloading the
files leaked as part of the hack.
(Related)
Interesting article.
Since
the alleged North Korean cyber operation against Sony in late
November, it has become de rigeur to engage in “enemy at
the gate” rhetoric. Referring to “how the Internet and cyber
operates,” even President Obama described
the situation as “sort of the Wild West,” adding “part of the
problem is you’ve got weak States that can engage in these kinds of
attacks, you’ve got non-State actors that can do enormous damage.”
Such a dire portrayal of the current state of cyber affairs on the
part of a world leader not known for hyperbole deserves serious
attention.
An
interesting use of “Big Data” Will all such uses attract
lawsuits?
Skiplagged
finds cheap one-way fares by surfacing weird airline pricing
strategies, like pricing a NY-SFO-Lake Tahoe flight cheaper than an
NY-SFO flight, so you book all the way through to Tahoe, debark at
SFO, and walk away from the final leg.
Of
course, it only works if you fly without luggage. But given that the
airlines' entire business strategy is to hoard information about
their pricing and operations from their customers, in the hopes of
tricking them into paying more for the same flight than the person in
the next seat, it's hard to work up any sympathy for the industry
when the tables are turned on them.
Skiplagged
doesn't sell plane tickets, they don't even sell information. All
they do is document the pricing strategies of the airlines.
In the view of United and Orbitz, this is illegal -- they're suing
the service (run by a 22 year old New Yorker named Aktarer Zaman),
calling it "unfair competition."
Zaman said he knew a lawsuit was inevitable but he points out that
there’s nothing illegal about his web site.
He also said he has made no profit via the website and that all he’s
done is help travelers get the best prices by exposing an
“inefficiency,” in airline prices that insiders have known about
for decades.
For
my students. We've got a lot to read, so pick a tool that works for
you!
5
Best PDF & Ebook Readers For Windows
For
my Ethical Hackers.
What
Is The OBD-II Port And What Is It Used For?
…
OBD-II is a sort of computer which monitors emissions, mileage,
speed, and other useful data. OBD-II is connected to the Check
Engine light, which illuminates when the system detects a
problem.
…
Traditionally, hand held scan tools are hooked up, allowing the
average vehicle owner to read DTC’s. However, a reference for the
code numbers is still needed. You can find such a reference in
various handbooks and websites, such as OBD-Codes.
Some
modern scan tools can be connected to a Windows
desktop or laptop, like ScanTool’s
OBDLink SX USB Adapter on Amazon for $29.95, which allows you to
turn your laptop into a very detailed scan tool.
No comments:
Post a Comment