The preferred encrypted communication tool of
ISIS?
Joseph Cox reports:
Even if an app allows encrypted communication, there are often still ways to find out about the people using it. Bearing that in mind, a researcher has found that just about anyone can snoop on the activity of Telegram users, and potentially figure out who they are talking to, by using a third party piece of software.
[…]
Ola Flisbäck, a consultant at Sony Mobile Communications, posted the findings to Github on Saturday. To uncover the flaws, Flisbäck used a third party, command line interface (CLI) client for Telegram.
Read more on Motherboard.
[From
the article:
He found that the “android app sends a
notification to all contacts when it becomes or stops being the
"foreground" app on the device.” In other words,
whenever someone stops using Telegram—be that for typing or reading
messages—that fact is sent to all of the user's contacts.
It's important to emphasise that this snooping is
nothing to do with the actual content of a message. Telegram has a
“Secret
Chat” feature, where users can activate end-to-end encryption
of their chats, meaning that their contents can't be read by anyone
intercepting the messages.
Nevertheless, metadata can still reveal a
substantial amount of information about a user. Indeed, the
operational security expert known as The Grugq tweeted
that this method could be used to “accurately guess who is
talking to whom.”
Flisbäck wrote that “An 'attacker' will
sometimes see the victim and another contact taking turns going
active/inactive as they pass messages back and forth.”
Anything that catches the eye of my Computer
Security students is valuable. Remember, you may not “use the
Force” on your Finals.
How to be a
tech security Jedi: 5 lessons from the original ‘Star Wars’
movies
… it dawned on me that there are tons of
subtle parallels between information security (InfoSec) and the
original Star Wars movies
Be sure to focus on this…
ODNI
Announces Transition to New Telephone Metadata Program
by Sabrina
I. Pacifici on Nov 28, 2015
News
release: “Beginning Sunday, November 29, the government is
prohibited from collecting telephone metadata records in bulk under
Section 215, including of both U.S. and non-U.S. persons. And, while
under the prior program NSA collected metadata in bulk and sought
court approval for individual queries, the USA FREEDOM Act requires
that the government must now base any application for telephone
metadata records under FISA on a “specific selection term”—a
term that specifically identifies a person, account, address, or
personal device in a way that limits the scope of information sought
to the greatest extent reasonably practicable. This further ensures
that collection of information for intelligence purposes is
appropriately focused and targeted, and is limited to information
that telephone service providers have historically used for their
internal billing and operational needs. Moreover, under the Act, the
Government will report annually to Congress and to the public, among
other things, the total number or orders issued under this authority
and the number of targets of such orders. As previously stated, NSA
analytic access to the historical metadata collected under Section
215 has ceased. However, NSA has requested limited access to
historical Section 215 metadata until February 29, 2016, limited to
technical personnel and solely for the purpose of verifying that the
new targeted production mechanism authorized by the USA FREEDOM Act
is working as intended. The FISC is currently considering this
request…”
(Related) ...and not on this.
Emptywheel writes:
I Con the Record [Interesting and very deliberate typo for “IC on the Record” Bob] released two statements to mark the end of the Section 215 phone dragnet (which will take place at midnight tomorrow night): a statement and a “fact” sheet. They’re a curious mix of true statements, false statements, and probably false statements.
Here’s the true statement that USAF boosters aren’t retweeting (but which Jim Comey recently mentioned in congressional testimony):
Moreover, the overall volume of call detail records subject to query pursuant to court order is greater under USA FREEDOM Act.
Read more on Emptywheel.
The deepest wounds are self-inflicted.
How
Europeans get Google to bury what other people say about them on
Facebook
When people have the opportunity to erase personal
information online, they often want to wipe out social media posts.
That’s the big takeaway from new data released by Google on which
search results about themselves European internet users were able to
hide under the “right to be forgotten” policy.
The top site targeted was Facebook, followed by
Profile Engine, a social account searching service. Google’s own
social platforms, including Google Groups, YouTube and Google Plus,
also make the top 10 — as do Twitter and a social-dating network
called Badoo. Combined, the top 10 sites account for nine per cent
of all removal requests, according to Google.
… Google’s
own data shows that content being “self-authored” is among the
top reasons it turns down “right to be forgotten” removal
requests. That suggests people aren’t going to have
much luck getting search results about social media posts they wrote
themselves removed. That makes sense because, in most cases, people
should be able to remove those posts from the source on their own.
The company does appear to make some exceptions for people whose
online postings are hijacked by someone else.
Another step toward “thought police?” At
least another burden for ISPs.
The German Supreme Court has today opened the door
for ISP blockades of copyright infringing sites. In a landmark
decision the court ruled that ISPs can be required to block websites
if copyright holders fail
to identify their operators or hosting providers. [How
hard will they try? Bob]
… Blocking requests from both the music and
movie sector are widespread around Europe, but until now Germany
has been excluded.
… the case eventually ended up at the Supreme
Court which ruled
on the issue today.
Interesting. Useful for my Criminal Justice
students?
Precision
Local and State Government Search
by Sabrina
I. Pacifici on Nov 28, 2015
“GovScan
searches thousands of local government websites to bring you
targeted, precision results.
Whether you are a government zoning official
determining other city zoning regulations, a developer researching
available land, or a concerned citizen investigating government
issues, GovScan is here to help. Using search technology from
Google, we give you a
search engine that will only return results from city, county, state
and other government websites.”
Always looking for new reasons to be sued?
Mp3.com
Founder Launches Radio Search Service, Talks Copyright
… The serial entrepreneur is now working on
several new ventures, one of which is called OnRadio. The service,
introduced
this week, indexes all the music playing on more than 100,000
online radio stations and allows users to search across that database
and listen to any song. It also lets them share those songs through
a variety of chat applications such as Snapchat and Twitter, using a
unique URL.
“Because Google doesn’t index online radio
streams, radio is invisible to searchers and radio companies are
missing out on more than 100 million users per day,” Robertson said
in a statement. “Our goal at OnRad.io is to make it
one-click easy to find any song playing on the radio and to easily
share those songs with friends.”
[From
the website's About statement:
An OnRad.io URL is short and intuitive. Just
append an artist or song or both with multiple words separated by
periods to onrad.io/. Examples:
When an OnRad.io URL is clicked the most popular
match will automatically play. On a desktop computer it will play in
a browser window. If on a smartphone, the user will be asked to
install the free OnRad.io app and then the song will play
Apparently Dilbert feels just like my students
when it comes to group projects.
No comments:
Post a Comment