Sunday, November 29, 2015

The preferred encrypted communication tool of ISIS?
Joseph Cox reports:
Even if an app allows encrypted communication, there are often still ways to find out about the people using it. Bearing that in mind, a researcher has found that just about anyone can snoop on the activity of Telegram users, and potentially figure out who they are talking to, by using a third party piece of software.
[…]
Ola Flisbäck, a consultant at Sony Mobile Communications, posted the findings to Github on Saturday. To uncover the flaws, Flisbäck used a third party, command line interface (CLI) client for Telegram.
Read more on Motherboard.
[From the article:
He found that the “android app sends a notification to all contacts when it becomes or stops being the "foreground" app on the device.” In other words, whenever someone stops using Telegram—be that for typing or reading messages—that fact is sent to all of the user's contacts.
It's important to emphasise that this snooping is nothing to do with the actual content of a message. Telegram has a “Secret Chat” feature, where users can activate end-to-end encryption of their chats, meaning that their contents can't be read by anyone intercepting the messages.
Nevertheless, metadata can still reveal a substantial amount of information about a user. Indeed, the operational security expert known as The Grugq tweeted that this method could be used to “accurately guess who is talking to whom.”
Flisbäck wrote that “An 'attacker' will sometimes see the victim and another contact taking turns going active/inactive as they pass messages back and forth.”




Anything that catches the eye of my Computer Security students is valuable. Remember, you may not “use the Force” on your Finals.
How to be a tech security Jedi: 5 lessons from the original ‘Star Wars’ movies
… it dawned on me that there are tons of subtle parallels between information security (InfoSec) and the original Star Wars movies




Be sure to focus on this…
ODNI Announces Transition to New Telephone Metadata Program
by Sabrina I. Pacifici on Nov 28, 2015
News release: “Beginning Sunday, November 29, the government is prohibited from collecting telephone metadata records in bulk under Section 215, including of both U.S. and non-U.S. persons. And, while under the prior program NSA collected metadata in bulk and sought court approval for individual queries, the USA FREEDOM Act requires that the government must now base any application for telephone metadata records under FISA on a “specific selection term”—a term that specifically identifies a person, account, address, or personal device in a way that limits the scope of information sought to the greatest extent reasonably practicable. This further ensures that collection of information for intelligence purposes is appropriately focused and targeted, and is limited to information that telephone service providers have historically used for their internal billing and operational needs. Moreover, under the Act, the Government will report annually to Congress and to the public, among other things, the total number or orders issued under this authority and the number of targets of such orders. As previously stated, NSA analytic access to the historical metadata collected under Section 215 has ceased. However, NSA has requested limited access to historical Section 215 metadata until February 29, 2016, limited to technical personnel and solely for the purpose of verifying that the new targeted production mechanism authorized by the USA FREEDOM Act is working as intended. The FISC is currently considering this request…”


(Related) ...and not on this.
Emptywheel writes:
I Con the Record [Interesting and very deliberate typo for “IC on the Record” Bob] released two statements to mark the end of the Section 215 phone dragnet (which will take place at midnight tomorrow night): a statement and a “fact” sheet. They’re a curious mix of true statements, false statements, and probably false statements.
Here’s the true statement that USAF boosters aren’t retweeting (but which Jim Comey recently mentioned in congressional testimony):
Moreover, the overall volume of call detail records subject to query pursuant to court order is greater under USA FREEDOM Act.
Read more on Emptywheel.




The deepest wounds are self-inflicted.
How Europeans get Google to bury what other people say about them on Facebook
When people have the opportunity to erase personal information online, they often want to wipe out social media posts. That’s the big takeaway from new data released by Google on which search results about themselves European internet users were able to hide under the “right to be forgotten” policy.
The top site targeted was Facebook, followed by Profile Engine, a social account searching service. Google’s own social platforms, including Google Groups, YouTube and Google Plus, also make the top 10 — as do Twitter and a social-dating network called Badoo. Combined, the top 10 sites account for nine per cent of all removal requests, according to Google.
Google’s own data shows that content being “self-authored” is among the top reasons it turns down “right to be forgotten” removal requests. That suggests people aren’t going to have much luck getting search results about social media posts they wrote themselves removed. That makes sense because, in most cases, people should be able to remove those posts from the source on their own. The company does appear to make some exceptions for people whose online postings are hijacked by someone else.




Another step toward “thought police?” At least another burden for ISPs.
The German Supreme Court has today opened the door for ISP blockades of copyright infringing sites. In a landmark decision the court ruled that ISPs can be required to block websites if copyright holders fail to identify their operators or hosting providers. [How hard will they try? Bob]
… Blocking requests from both the music and movie sector are widespread around Europe, but until now Germany has been excluded.
… the case eventually ended up at the Supreme Court which ruled on the issue today.




Interesting. Useful for my Criminal Justice students?
Precision Local and State Government Search
by Sabrina I. Pacifici on Nov 28, 2015
“GovScan searches thousands of local government websites to bring you targeted, precision results.
Whether you are a government zoning official determining other city zoning regulations, a developer researching available land, or a concerned citizen investigating government issues, GovScan is here to help. Using search technology from Google, we give you a search engine that will only return results from city, county, state and other government websites.”




Always looking for new reasons to be sued?
Mp3.com Founder Launches Radio Search Service, Talks Copyright
… The serial entrepreneur is now working on several new ventures, one of which is called OnRadio. The service, introduced this week, indexes all the music playing on more than 100,000 online radio stations and allows users to search across that database and listen to any song. It also lets them share those songs through a variety of chat applications such as Snapchat and Twitter, using a unique URL.
“Because Google doesn’t index online radio streams, radio is invisible to searchers and radio companies are missing out on more than 100 million users per day,” Robertson said in a statement. “Our goal at OnRad.io is to make it one-click easy to find any song playing on the radio and to easily share those songs with friends.”
[From the website's About statement:
An OnRad.io URL is short and intuitive. Just append an artist or song or both with multiple words separated by periods to onrad.io/. Examples:
When an OnRad.io URL is clicked the most popular match will automatically play. On a desktop computer it will play in a browser window. If on a smartphone, the user will be asked to install the free OnRad.io app and then the song will play




Apparently Dilbert feels just like my students when it comes to group projects.


No comments: