Another
swing of the pendulum.
The use of a Stingray/Hailstorm device to track a cell phone is a search under the Fourth Amendment. The Nondisclosure Agreement is essentially unconstitutional because of the state’s argument they don’t have to disclose what they were doing. The court also finds the third party doctrine inapplicable. State v. Andrews, 2016 Md. App. LEXIS 33 (March 30, 2016)
Read more about the opinion on
FourthAmendment.com.
[From
the article:
We observe that such an extensive prohibition on
disclosure of information to the court—from special order and/or
warrant application through appellate review—prevents the court
from exercising its fundamental duties under the Constitution. To
undertake the Fourth Amendment analysis and ascertain “the
reasonableness in all the circumstances of the particular
governmental invasion of a citizen’s personal security,” Terry v.
Ohio, 392 U.S. 1, 19 (1968), it is self-evident that the court must
understand why and how the search is to be conducted.
Beware of
amateurs offering security advice.
CNBC's
Password Security Lesson Fails Spectacularly
CNBC
earlier this week published
a piece with the goal of helping users strengthen their password
security, but the attempt backfired badly.
An interactive tool provided to help readers
detect the strength of their passwords was to blame.
Readers were asked to enter potential passwords
into a field, and see how long it would take the system to crack
them. They were told that adding capital letters, numbers and
symbols would help strengthen a password, and they were assured that
no passwords were being stored.
Google security engineer Adrienne Porter Felt
raised the alarm shortly after the piece was published.
The site was not encrypted, she said.
Data apparently was sent in the clear to a Google
spreadsheet.
CNBC has since taken down the piece. It did not
respond to our request to provide further details.
… The data was shared to more than 30 third
parties – advertisers and analytics providers – that pulled data
from CNBC's site, Soltani said.
For my Ethical Hacking students, because to secure
cameras you have to know every point of vulnerability.
How to Make
Your Wireless Security Cameras Untouchable to Hackers
(Related) I've been looking for fun projects!
Researchers
Can Now Register to Hack The Pentagon
Starting
today, interested security researchers can now officially register to
test their hacking skills against the DoD.
The
initiative, run through a partnership with bug bounty platform
provider HackerOne, is the first of its kind in the history of the
federal government.
San
Francisco-based HackerOne offers a software-as-a-service platform
that provides the technology and automation to help organizations run
their own vulnerability management and bug bounty programs.
The
Hack the Pentagon bug bounty pilot will start on Monday, April 18 and
end by Thursday, May 12.
It is what you don't say.
Reddit
deletes surveillance 'warrant canary' in transparency report
Social networking forum
reddit on Thursday removed a section from its site used to tacitly
inform users it had never received a certain type of U.S. government
surveillance request, suggesting the platform is now being asked to
hand over customer data under a secretive law enforcement authority.
Reddit deleted a
paragraph found in its transparency report known as a “warrant
canary” to signal to users that it had not been subject to
so-called national security letters, which are used by the FBI to
conduct electronic surveillance without the need for court approval.
That will teach them to advocate privacy! Perhaps
if they created an “internet service provider” non-profit they
would have been exempt?
Seattle
police raid home of privacy activists who maintain Tor anonymity
network node
Police in the US are continuing to raid the homes
of people who operate exit nodes for the Tor anonymity network, most
recently searching the condo belonging to a pair of outspoken privacy
activists in Seattle.
On 30 March, Seattle Privacy Coalition cofounders
Jan Bultmann and David Robinson were woken up at 6.15am at their
condominium by a team of six detectives from the Seattle Police
Department with a search warrant looking for child pornography,
according to Seattle's alternative weekly newspaper The
Stranger.
The married couple were made to sit outside the
apartment while the police searched their property and examined their
electronic equipment. In the end, police acknowledged that no child
pornography was found, so Bultmann and Robinson were not arrested,
and none of their assets were seized.
Nevertheless, the experience left the couple
shaken and upset, particularly since many "hints and comments
[were] made about our cars, our jobs, our histories... revealing that
we were thoroughly researched".
… Researchers at King's College London
recently found in
a new study that 57% of all the websites hidden on the Dark Web
are actively facilitating criminal activity such as the sale of
drugs, illicit finance and extreme pornography.
And unfortunately, because some bad people use Tor
to encrypt their traffic and disguise their activities on the Dark
Web, when US law
enforcement trace the IP address of said user, it will reflect the IP
address of the exit node that Tor randomly assigns to the user,
meaning the police think that whoever operates the node is the
perpetrator of the crime.
(Related) Another perspective. Is this specific
to certain companies?
http://arstechnica.com/tech-policy/2016/03/new-data-suggests-94-percent-of-tor-traffic-is-malicious/
CloudFlare:
94 percent of the Tor traffic we see is “per se malicious”
More than ever, websites are blocking
users of the anonymizing Tor network or degrading the services
they receive. Data published today by Web security company
CloudFlare suggests why that is.
In a company blog
post entitled "The Trouble with Tor," CloudFlare CEO
Matthew Prince says that 94 percent of the requests the company sees
coming across the Tor network are "per se malicious."
… The study
on Tor published last month shows some of the limits already
being placed on Tor users. Wikipedia, for instance, allows them to
read but not edit articles. Google allows home page access but
increasingly presents CAPTCHAs or block pages to Tor searchers. Bank
of America won't allow a login from Tor.
Sometimes free speech makes you uncomfortable.
But if you block it, how will you know who to laugh at?
Onlinecensorship.org
Launches Inaugural Report
by Sabrina
I. Pacifici on Mar 31, 2016
Via EFF: “We’re proud to announce today’s
release of Onlinecensorship.org’s
first report looking at how content is regulated by social media
companies. Onlinecensorship.org—a joint project of EFF and
Visualizing
Impact (VI) that won the 2014 Knight News Challenge—seeks to
encourage social media companies to operate with greater transparency
and accountability toward their users as they make decisions that
regulate speech.”
“We help our customers by giving them
sub-standard quality.”
FCC in
agreement: Agency can't regulate Netflix
… Last week, it
was revealed that Netflix slows the download speed of
its streaming video over mobile networks such as Verizon and AT&T.
The company said it has taken this action, which degrades video
quality, for at least five years in order to help customers stay
below their monthly data caps imposed by wireless providers.
Observers have said the Netflix's decision not to
inform its customers could possibly violate Federal Trade Commission
rules.
But nearly all the FCC commissioners are in
agreement that Netflix is outside the scope of their own agency. GOP
Commissioner Michael O'Rielly gave a
speech on the subject earlier this week. And
Commissioner Ajit Pai said the same Thursday.
… The regulations are meant to protect
customers and Web companies like Netflix that create content.
Because of that, the rules
only apply to Internet service providers like Comcast or
Verizon that haul Internet traffic between users.
Are we nearing a tipping point?
This
Startup Aims to Lead the Drone Takeover at the World's Biggest
Companies
… San Francisco-based Airware announced today
that it has raised $30 million in a series C funding round led by
prestigious venture capital firm Next
World Capital and the 20-year CEO of software giant Cisco, John
Chambers. Elite venture capital firms Andreessen Horowitz and
Kleiner Perkins Caufield & Byers are also participating in the
round, according to a statement
released by Airware today.
“The
commercial drone industry is poised to throw many markets into
transition,” says Chambers in the written statement. In
addition to investing in Airware, Chambers says he has agreed to take
a seat on Airware's board.
… That’s the motivation behind Airware’s
suite of
services for big businesses. The startup helps big businesses
walks enterprise-size companies through every step of the process,
starting
with applying for regulatory approval all the way through analyzing
and reporting data collected from commercial drones.
Starts the same day as my next Computer Security
class.
Cybersecurity
and You: Issues in Higher Education and Beyond
by Sabrina
I. Pacifici on Mar 31, 2016
“The University of Maryland, Baltimore Thurgood
Marshall Law Library, Health Sciences and Human Services Library, and
Center for Information Technology Services have organized a
cybersecurity conference that is free and open to the public. You
can find details, RSVP, and a link to watch the livestream here:
http://www.hshsl.umaryland.edu/cybersecurity.cfm.
If I can
get my students a job, maybe they'll go away!
5 Top
Resume Builder Sites to Create Your Resume Online
No comments:
Post a Comment