Using throw
away phones is far simpler than coordinating encryption keys for
these guys. (Think: Occam's razor.)
Burner
phones, not encryption, kept Paris terrorists off the authorities’
radar
New details
of the Paris attacks carried out last November reveal that it was the
consistent use of prepaid burner phones, not encryption, that helped
keep the terrorists off the radar of the intelligence services.
As an article in The New York Times
reports: "the three teams in Paris were comparatively
disciplined. They used only new phones that they would then discard,
including several activated minutes before the attacks, or phones
seized from their victims."
The article goes on to give more details of how
some
phones were used only very briefly in the hours leading up to the
attacks. For example: "Security camera footage showed Bilal
Hadfi, the youngest of the assailants, as he paced outside the
stadium, talking on a cellphone. The phone was activated less than
an hour before he detonated his vest." The information come
from a 55-page report compiled by the French antiterrorism police for
France’s Interior Ministry.
This Times
has the facts. Question: Can Apple sue to make the FBI release the
security flaw they are using? (So they can patch it)
U.S. Says
It May Not Need Apple’s Help to Unlock iPhone
In a new
court filing, the government said an outside party had demonstrated a
way for the F.B.I. to possibly unlock the phone used by the gunman,
Syed Rizwan Farook.
… While the Justice Department must test this
method, if it works “it should eliminate the need for the
assistance from Apple,” it said in its filing. The Justice
Department added that it would file a status report by April 5 on its
progress.
… Late on Monday, Judge
Sheri N. Pym, the federal magistrate judge in the United States
District Court for the Central District of California who was set to
hold the hearing, agreed to grant the Justice Department’s motion
to postpone the hearing.
The emergence of a potential third-party method to
open the iPhone was a surprise, as the government said more than a
dozen times in court filings that it could open the phone only with
Apple’s help. The F.B.I. director, James B. Comey Jr., also
reiterated that point several times during a hearing before Congress
on March 1.
(Related) ...and from the other coast,
speculation.
Five
theories why the FBI postponed a major hearing in case against Apple
… The general public and cybersecurity experts
have been throwing ideas the FBI's way for several weeks, and experts
said it's unlikely that someone devised a new technical workaround at
the last moment. Could there be more to the 11th-hour postponement
than the Justice Department is saying?
Here are some theories.
The
FBI is giving the ACLU's method a try -- at last.
The
FBI is bluffing because it needs more time -- or wants the case to
die down.
The
NSA stepped in.
Apple
tipped off the FBI.
John
McAfee, or someone like him, cracked the iPhone.
(Related)
A logical approach?
A Coherent
Middle Ground in the Apple-FBI All Writs Act Dispute?
(Related)
Maybe not
(Related)
This is where the world is moving. Will the FBI subpoena everyone?
Google,
Microsoft, Yahoo, Other Tech Titans Unite For Proper Email Encryption
Of course
they do!
How
Self-Driving Cars Will Threaten Privacy
I would
have considered this “classified” if for no other reason to
protect the Google executive from retaliation. Now, let's consider
the legal issues involved when a company tried to overthrow a
government.
Clinton
email reveals: Google sought overthrow of Syria's Assad
Google in
2012 sought to help insurgents overthrow Syrian President Bashar
Assad, according to State Department emails receiving fresh scrutiny
this week.
Messages between former secretary of state Hillary
Clinton's team and one of the company's executives detailed the plan
for Google to get involved in the region.
… "Please keep this very close hold and
let me know if there is anything [else] you think we need to account
for or think about before we launch. We believe this can have an
important impact," Cohen concluded.
The message
was addressed to deputy secretary of state Bill Burns; Alec Ross, a
senior Clinton advisor; and Clinton's deputy chief of staff, Jake
Sullivan. Sullivan
subsequently forwarded Cohen's proposal to Clinton, describing it as
"a pretty cool idea." [Not sure I would categorize it as
“cool” Bob]
And here I
thought the purpose of prepaid cards was to avoid connecting me to my
purchases.
Agencies
Release Guidance to Issuing Banks on Applying Customer ID Program
Requirements to Holders of Prepaid Cards
by Sabrina
I. Pacifici on Mar 21, 2016
“Federal
financial institution regulatory agencies today issued guidance
clarifying the applicability of the Customer Identification Program
(CIP) rule to prepaid cards issued by banks. The guidance applies to
banks, savings associations, credit unions, and U.S. branches and
agencies of foreign banks (collectively “banks”). The guidance
clarifies that a bank’s CIP should apply to the holders of certain
prepaid cards issued by the institution as well as holders of such
prepaid cards purchased under arrangements with third-party program
managers that sell, distribute, promote, or market the prepaid cards
on the bank’s behalf. The guidance describes when, in accordance
with the CIP rule, the bank should obtain information sufficient to
reasonably verify the identity of the cardholder, including at a
minimum, obtaining the name, date of birth, address, and
identification number, such as the Taxpayer Identification Number of
the cardholder. Agencies issuing the guidance include the Federal
Deposit Insurance Corporation, Federal Reserve Board, National Credit
Union Administration, Office of the Comptroller of the Currency, and
Financial Crimes Enforcement Network.”
For my
Ethical Hacking students.
New
Pluralsight course: Ethical Hacking, Denial of Service
They'll have to remake that Nick Cage movie, now
it's “Gone in 60 nanoseconds!”
Radio
Attack Lets Hackers Steal 24 Different Car Models
For years, car owners with keyless entry systems
have reported thieves approaching their vehicles with mysterious
devices and effortlessly opening them in seconds. After having his
Prius burgled repeatedly outside his Los Angeles home, the New
York Times‘ former tech columnist Nick Bilton came to the
conclusion that the thieves
must be amplifying the signal from the key fob in the house to
trick his car’s keyless entry system into thinking the key was in
the thieves’ hand. He eventually resorted to keeping his keys in
the freezer.
Now a group of German vehicle security researchers
has released new findings about the extent of that wireless key hack,
and their work ought to convince hundreds of thousands of drivers to
keep their car keys next to their Pudding Pops. The Munich-based
automobile club ADAC late last week made public a study it had
performed on dozens of cars to test a radio “amplification attack”
that silently extends the range of unwitting drivers’ wireless key
fobs to open cars and even start their ignitions, as first
reported by the German business magazine WirtschaftsWoche.
The ADAC researchers say that 24 different vehicles from 19
different manufacturers were all vulnerable, allowing them to not
only reliably unlock the target vehicles but also immediately drive
them away.
I thought for a second this would make a great
disciplinary tool, but then the “cruel and unusual” elements
sprang to mind.
You Can Now
Run Windows 98 in Any Browser Without Plug-Ins
… A few weeks ago, we showed you where you can
run
Windows 95 in your browser with no extra software. Now it’s
Windows 98’s turn; you can run it entirely on Copy.sh’s
Windows 98 page. Feel free to check out Minesweeper, listen to
those classic Windows sounds, or try to connect to dial-up just to
relive the old days.
No comments:
Post a Comment