Categories
Intelwars

Friday Squid Blogging: Interview with a Squid Researcher

Interview with Mike Vecchione, Curator of Cephalopoda — now that’s a job title — at the Smithsonian Museum of National History.

One reason they’re so interesting is they are intelligent invertebrates. Almost everything that we think of as being intelligent — parrots, dolphins, etc. — are vertebrates, so their brains are built on the same basic structure. Whereas cephalopod brains have evolved from a ring of nerves around the esophagus. It’s a form of intelligence that’s completely independent from ours.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Share
Categories
academic papers business of security Courts Intelwars Risk Assessment risks

The Legal Risks of Security Research

Sunoo Park and Kendra Albert have published “A Researcher’s Guide to Some Legal Risks of Security Research.”

From a summary:

Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions (DMCA §1201), electronic privacy law (ECPA), and cryptography export controls, as well as broader legal areas such as contract and trade secret law.

Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance. Aimed at researchers, the public, and technology lawyers alike, its aims both to provide pragmatic guidance to those navigating today’s uncertain legal landscape, and to provoke public debate towards future reform.

Comprehensive, and well worth reading.

Share
Categories
Intelwars

Four Days before General Election, US Proceeds toward Fateful Choice between Freedom and Fascism; Vote Now by Any Available Means to Make Sure You Get on the World-Historical Scoreboard

United Front Against Austerity|Tax Wall Street Party American System Network|Thursday, October 29, 2020 Biden and Trump Campaign in Critical Swing State of Florida, Where Democrat Has Narrow Lead; Pandemic Ravages Upper Midwest, Posing Existential Threat to Trump’s Support in Wisconsin and Elsewhere After Atrocity Shooting of Black Citizen Walter Wallace Jr. by Philadelphia Cops, Protests […]

Share
Categories
Intelwars

Rogue Supreme Court in Overdrive to Micromanage Election Blatantly in Favor of Trump GOP; But 75 Million Americans Have Already Voted; Time to Vote in Person and Stop Relying on US Postal Service, Now Crippled by Sabotage of Trump and DeJoy; DC Federal Judge Emmet Sullivan Orders Rollback of DeJoy’s Ruinous Measures

United Front Against Austerity|Tax Wall Street Party American System Network|Wednesday, October 28, 2020 Tectonic Shifts Are Ongoing: CNN-SSRS Poll Released This Evening Poll Has Biden Ahead by 12% Nationwide Cook Report Now Classifies Texas as Toss-Up for President; Cook Sees GOP Loss of 5 to 8 Seats as Possible, Potentially Yielding Democratic Majority of 52-55 […]

Share
Categories
anonymity de-anonymization Intelwars vulnerabilities

Tracking Users on Waze

A security researcher discovered a wulnerability in Waze that breaks the anonymity of users:

I found out that I can visit Waze from any web browser at waze.com/livemap so I decided to check how are those driver icons implemented. What I found is that I can ask Waze API for data on a location by sending my latitude and longitude coordinates. Except the essential traffic information, Waze also sends me coordinates of other drivers who are nearby. What caught my eyes was that identification numbers (ID) associated with the icons were not changing over time. I decided to track one driver and after some time she really appeared in a different place on the same road.

The vulnerability has been fixed. More interesting is that the researcher was able to de-anonymize some of the Waze users, proving yet again that anonymity is hard when we’re all so different.

Share
Categories
Intelwars

Struggle to Turn Out the Vote and Get the Votes Counted Takes Center Stage; Will Federal Judges Become Toadies and Lackeys of Trump?

United Front Against Austerity|Tax Wall Street Party American System Network|Tuesday, October 27, 2020 Pre-Barrett Supreme Court Voted 5 to 3 That Wisconsin Cannot Count Mail-In Ballots Received after Election Day; Wisconsin Supreme Court and Federal District Court Had Established New Deadline Allowing Ballots To Be Received Six Days after Polls Close; Writing for Reactionary Majority, […]

Share
Categories
backdoors Intelwars national security policy NSA privacy Surveillance Terrorism

The NSA is Refusing to Disclose its Policy on Backdooring Commercial Products

Senator Ron Wyden asked, and the NSA didn’t answer:

The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others.

These so-called back doors enable the NSA and other agencies to scan large amounts of traffic without a warrant. Agency advocates say the practice has eased collection of vital intelligence in other countries, including interception of terrorist communications.

The agency developed new rules for such practices after the Snowden leaks in order to reduce the chances of exposure and compromise, three former intelligence officials told Reuters. But aides to Senator Ron Wyden, a leading Democrat on the Senate Intelligence Committee, say the NSA has stonewalled on providing even the gist of the new guidelines.

[…]

The agency declined to say how it had updated its policies on obtaining special access to commercial products. NSA officials said the agency has been rebuilding trust with the private sector through such measures as offering warnings about software flaws.

“At NSA, it’s common practice to constantly assess processes to identify and determine best practices,” said Anne Neuberger, who heads NSA’s year-old Cybersecurity Directorate. “We don’t share specific processes and procedures.”

Three former senior intelligence agency figures told Reuters that the NSA now requires that before a back door is sought, the agency must weigh the potential fallout and arrange for some kind of warning if the back door gets discovered and manipulated by adversaries.

The article goes on to talk about Juniper Networks equipment, which had the NSA-created DUAL_EC PRNG backdoor in its products. That backdoor was taken advantage of by an unnamed foreign adversary.

Juniper Networks got into hot water over Dual EC two years later. At the end of 2015, the maker of internet switches disclosed that it had detected malicious code in some firewall products. Researchers later determined that hackers had turned the firewalls into their own spy tool here by altering Juniper’s version of Dual EC.

Juniper said little about the incident. But the company acknowledged to security researcher Andy Isaacson in 2016 that it had installed Dual EC as part of a “customer requirement,” according to a previously undisclosed contemporaneous message seen by Reuters. Isaacson and other researchers believe that customer was a U.S. government agency, since only the U.S. is known to have insisted on Dual EC elsewhere.

Juniper has never identified the customer, and declined to comment for this story.

Likewise, the company never identified the hackers. But two people familiar with the case told Reuters that investigators concluded the Chinese government was behind it. They declined to detail the evidence they used.

Okay, lots of unsubstantiated claims and innuendo here. And Neuberger is right; the NSA shouldn’t share specific processes and procedures. But as long as this is a democratic country, the NSA has an obligation to disclose its general processes and procedures so we all know what they’re doing in our name. And if it’s still putting surveillance ahead of security.

Share
Categories
Guy Kawasaki's Podcast Guy Kawasaki's Remarkable People Podcast Intelwars Make Life Beautiful McGee and Co Netflix podcast Shea McGee Studio Mcgee Syd Mcgee

Shea and Syd McGee of Studio McGee and Netflix’s Dream Home Makeover

This episode’s guests, yes plural, are the delightful Syd and Shea McGee. They are the power couple behind Studio McGee and McGee & Co. With a vision that beautiful design can be approachable, Studio McGee has become one of the leading innovators in the interior design industry.

This is the first wife-husband interview on Remarkable People. While they are individually remarkable, together, they are unstoppable.

Their business includes a home design firm as well as a line of carefully curated products. They’ve also designed a line of merchandise sold at Target, co-authored a new book called Make Life Beautiful. And if that’s not enough, they’re starring in a new Netflix series called Dream Home Makeover.

All born from the idea of making life beautiful and blooming into a thriving business in just five years with a foundation on Instagram.

In this episode, you’ll learn about rocking Instagram, working together as a married couple, the grit and determination that’s necessary to make a business successful, and how I should redo the background in my home studio.

There’s even a marriage tip for Instagram couples.

This episode is brought to you by reMarkable, the paper tablet. It’s my favorite way to take notes, sign contracts, and save all the instruction manuals for all the gadgets I buy. Learn more at remarkable.com

I hope you enjoyed this podcast. Would you please consider leaving a short review on Apple Podcasts/iTunes? It takes less than sixty seconds. It really makes a difference in swaying new listeners and upcoming guests. I might read your review on my next episode!

Sign up for Guy’s weekly email at http://eepurl.com/gL7pvD

Find Syd and Shea’s book Make Life Beautiful and watch their Netflix show, Dream Home Makeover. And, of course, make sure to follow them on Instagram!

Connect with Guy on social media:

Twitter: twitter.com/guykawasaki

Instagram: instagram.com/guykawasaki

Facebook: facebook.com/guy

LinkedIn: www.linkedin.com/in/guykawasaki/

Read Guy’s books: https://guykawasaki.com/books/

Thank you for listening and sharing this episode with your community.

Photo credit: Lucy Call

The post Shea and Syd McGee of Studio McGee and Netflix’s Dream Home Makeover appeared first on Guy Kawasaki.

Share
Categories
Courts Intelwars redaction reverse-engineering

Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition

Slate magazine was able to cleverly read the Ghislaine Maxwell deposition and reverse-engineer many of the redacted names.

We’ve long known that redacting is hard in the modern age, but most of the failures to date have been a result of not realizing that covering digital text with a black bar doesn’t always remove the text from the underlying digital file. As far as I know, this reverse-engineering technique is new.

Share
Categories
Intelwars

Barrett Confirmed for Supreme Court by 52-48 Vote in Senate; Ultra-Reactionary Majority of Republican Legal Positivists Takes Shape on High Court; GOP Orgy of Rule Breaking Must Set Stage for Reform of Hijacked Court, Adding Justices; New Extremist Majority Is Designed to Enable a Trump November Coup and Resulting Dictatorship; Perversion of Judiciary Was Key Feature of Fascist Regimes Like Italy in 1920s and Germany in 1930s; Expect Atrocities against Constitution and General Welfare within Days!

United Front Against Austerity|Tax Wall Street Party American System Network|Monday, October 26, 2020 More Plans for Second Term Dictatorship: Trump Wants to Fire Esper of Pentagon, Wray of FBI, and Haspel of CIA; Replacements Are Guaranteed to Be Worse; Don Plans Purge of Federal Civil Service and Removal of Safeguards against Partisan Thuggery; Ronald Sanders, […]

Share
Categories
cell phones Intelwars Law Enforcement privacy Surveillance tracking

IMSI-Catchers from Canada

Gizmodo is reporting that Harris Corp. is no longer selling Stingray IMSI-catchers (and, presumably, its follow-on models Hailstorm and Crossbow) to local governments:

L3Harris Technologies, formerly known as the Harris Corporation, notified police agencies last year that it planned to discontinue sales of its surveillance boxes at the local level, according to government records. Additionally, the company would no longer offer access to software upgrades or replacement parts, effectively slapping an expiration date on boxes currently in use. Any advancements in cellular technology, such as the rollout of 5G networks in most major U.S. cities, would render them obsolete.

The article goes on to talk about replacement surveillance systems from the Canadian company Octasic.

Octasic’s Nyxcell V800 can target most modern phones while maintaining the ability to capture older GSM devices. Florida’s state police agency described the device, made for in-vehicle use, as capable of targeting eight frequency bands including GSM (2G), CDMA2000 (3G), and LTE (4G).

[…]

A 2018 patent assigned to Octasic claims that Nyxcell forces a connection with nearby mobile devices when its signal is stronger than the nearest legitimate cellular tower. Once connected, Nyxcell prompts devices to divulge information about its signal strength relative to nearby cell towers. These reported signal strengths (intra-frequency measurement reports) are then used to triangulate the position of a phone.

Octasic appears to lean heavily on the work of Indian engineers and scientists overseas. A self-published biography of the company notes that while the company is headquartered in Montreal, it has “R&D facilities in India,” as well as a “worldwide sales support network.” Nyxcell’s website, which is only a single page requesting contact information, does not mention Octasic by name. Gizmodo was, however, able to recover domain records identifying Octasic as the owner.

Share
Categories
Intelwars

Pennsylvania, Michigan, and Wisconsin at the Crossroads of World History as Struggle Enters Final Ten Days; Time to Vote Trump Out for the Sake of the Nation and of Humanity!

Are You Better Off Now? Manufacturing Jobs in These Three States Plus Ohio, North Carolina, and Minnesota Have Been Reduced by over 188,000 under Trump after Increasing by over 126,000 in Obama’s Second Term; Three Quarters of Americans Want Another Package of Economic Stimulus and Pandemic Relief Now, but 20 Senate GOP Ultra-Reactionaries Are Blocking […]

Share
Categories
Intelwars

Honest Government Ad | Q (Video)

* * * Please support I. U. PayPal: Donate in USD PayPal: Donate in EUR PayPal: Donate in GBP

Share
Categories
Intelwars

Biden and Trump Meet for Final Debate; Meeting May Mark Trump’s Swan Song; Falling Short of Their Pre-Debate Hype, Trump Surrogates Fail Again to Deliver the Hunter Biden Scandal Material They Have Been Touting; Trump’s Guest and Star Witness Tonight Is Disgruntled China Trade Veteran Bobulinsky, Who Claims to Have Been a Business Associate of Hunter

United Front Against Austerity|Tax Wall Street Party American System Network|Thursday, October 22, 2020 Result: So Far, Virtually No Exhibits or Documents Regarding the Alleged Corruption or Turpitude of the Bidens Are Available in the Public Domain; So Where’s the Beef? Trump’s Rage and Bluster Suggest Increasing Nervous Tension in Light of Pessimistic Polls; White House […]

Share
Categories
Intelwars Squid

Friday Squid Blogging: Squid-like Nebula

Pretty astronomical photo.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Share
Categories
cell phones Encryption Intelwars Law Enforcement Police Smartphones

New Report on Police Decryption Capabilities

There is a new report on police decryption capabilities: specifically, mobile device forensic tools (MDFTs). Short summary: it’s not just the FBI that can do it.

This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed.

Lots of details in the report. And in this news article:

At least 49 of the 50 largest U.S. police departments have the tools, according to the records, as do the police and sheriffs in small towns and counties across the country, including Buckeye, Ariz.; Shaker Heights, Ohio; and Walla Walla, Wash. And local law enforcement agencies that don’t have such tools can often send a locked phone to a state or federal crime lab that does.

[…]

The tools mostly come from Grayshift, an Atlanta company co-founded by a former Apple engineer, and Cellebrite, an Israeli unit of Japan’s Sun Corporation. Their flagship tools cost roughly $9,000 to $18,000, plus $3,500 to $15,000 in annual licensing fees, according to invoices obtained by Upturn.

Share
Categories
Intelwars

On Fox, Dana Perino Repeats Warning to Campaign Spokesman Murtaugh That Trump in Any Case Cannot Hope to Build Election Momentum Based on Totally Unsubstantiated Allegations against Hunter Biden; But Trump Keeps Trying Anyway

United Front Against Austerity|Tax Wall Street Party American System Network|Wednesday, October 21, 2020 A Distant Mirror: The Attempted Coup d’État of the Bankrupt Aristocrat Lucius Sergius Catiline in 63 BC; He Gathered a Base of Impoverished Veterans and Debt-Ridden Adventurers to Demolish the Roman Republic; The Plot Included a Camp for Armed Militia North of […]

Share
Categories
Intelwars

Brennan, Clapper, Hayden, Panetta and Other Intelligence Veterans Condemn New York Post’s Alleged Hunter Biden Email Revelations as Having “All the Classic Earmarks of a Russian Disinformation Operation” and Being “Consistent with Russian Objectives” of Creating Political Chaos in the US, Deepening Political Decisions, Undermining Biden Campaign, and Helping Trump Get Elected; Reports Surface of Months of Preparation for Current Phony Laptop Op; Key Role of Giuliani Points to Dirty Pro-Trump Faction of FBI; Where Finally Are Supposedly Incriminating Tapes?

United Front Against Austerity|Tax Wall Street Party American System Network|Tuesday, October 20, 2020 Would Be Dictator Is Losing It as Election Defeat Approaches: He Bluntly Orders Barr to Start Witch Hunt against Bidens; Still No Word about What Crime, If Any, Might Be Charged; Meadows Tells Federal Judge That Trump Tweets Have No Legal Standing, […]

Share
Categories
China hacking Intelwars NSA vulnerabilities

NSA Advisory on Chinese Government Hacking

The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers.

This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access (T1133) or for external web services (T1190), and should be prioritized for immediate patching.

Share
Categories
Ghana Global News Health Intelwars Politics Rockefeller Society

Ghana President Reads Elite Secret Covid Phase 1 2 and 3 Plans To Permanently Enslave The World – THE ENTIRE ROCKEFELLER EUGENICS COVID-19 PLAN EXPOSED (VIDEO)

Source – Rockefeller Foundation: Scenarios for the Future of Technologyand International Development (PDF) * * * Please support I. U. PayPal: Donate in USD PayPal: Donate in EUR PayPal: Donate in GBP  

Share
Categories
Intelwars

Clumsy Pro-Trump October Surprise Ploy via New York Post Slanders Falling Flat; NY Times Reports Fox News Refused to Serve as Vehicle for Unproven Stories about Mystery Laptop; NY Post Reporter Who Finally Wrote Story Allegedly Refused to Let His Name Be Used in Byline; Leading True Believer Is Notorious Stooge Ratcliffe of ONI

United Front Against Austerity|Tax Wall Street Party American System Network|Monday, October 19, 2020 Mark Thiessen of Fox News Warns Trump Camp That Hunter Biden’s Escapades Will Not Be Winning Issue in This Crisis; He Suggests That Trump’s Last Hope Might Be 14% of 2016 GOP Voters Who Imagine They Are Better Off Economically, but Don’t […]

Share
Categories
contests Cybersecurity Intelwars

Cybersecurity Visuals

The Hewlett Foundation just announced its top five ideas in its Cybersecurity Visuals Challenge. The problem Hewlett is trying to solve is the dearth of good visuals for cybersecurity. A Google Images Search demonstrates the problem: locks, fingerprints, hands on laptops, scary looking hackers in black hoodies. Hewlett wanted to go beyond those tropes.

I really liked the idea, but find the results underwhelming. It’s a hard problem.

Hewlett press release.

Share
Categories
academic papers cars Intelwars machine learning spoofing

Split-Second Phantom Images Fool Autopilots

Researchers are tricking autopilots by inserting split-second images into roadside billboards.

Researchers at Israel’s Ben Gurion University of the Negev … previously revealed that they could use split-second light projections on roads to successfully trick Tesla’s driver-assistance systems into automatically stopping without warning when its camera sees spoofed images of road signs or pedestrians. In new research, they’ve found they can pull off the same trick with just a few frames of a road sign injected on a billboard’s video. And they warn that if hackers hijacked an internet-connected billboard to carry out the trick, it could be used to cause traffic jams or even road accidents while leaving little evidence behind.

[…]

In this latest set of experiments, the researchers injected frames of a phantom stop sign on digital billboards, simulating what they describe as a scenario in which someone hacked into a roadside billboard to alter its video. They also upgraded to Tesla’s most recent version of Autopilot known as HW3. They found that they could again trick a Tesla or cause the same Mobileye device to give the driver mistaken alerts with just a few frames of altered video.

The researchers found that an image that appeared for 0.42 seconds would reliably trick the Tesla, while one that appeared for just an eighth of a second would fool the Mobileye device. They also experimented with finding spots in a video frame that would attract the least notice from a human eye, going so far as to develop their own algorithm for identifying key blocks of pixels in an image so that a half-second phantom road sign could be slipped into the “uninteresting” portions.

The paper:

Abstract: In this paper, we investigate “split-second phantom attacks,” a scientific gap that causes two commercial advanced driver-assistance systems (ADASs), Telsa Model X (HW 2.5 and HW 3) and Mobileye 630, to treat a depthless object that appears for a few milliseconds as a real obstacle/object. We discuss the challenge that split-second phantom attacks create for ADASs. We demonstrate how attackers can apply split-second phantom attacks remotely by embedding phantom road signs into an advertisement presented on a digital billboard which causes Tesla’s autopilot to suddenly stop the car in the middle of a road and Mobileye 630 to issue false notifications. We also demonstrate how attackers can use a projector in order to cause Tesla’s autopilot to apply the brakes in response to a phantom of a pedestrian that was projected on the road and Mobileye 630 to issue false notifications in response to a projected road sign. To counter this threat, we propose a countermeasure which can determine whether a detected object is a phantom or real using just the camera sensor. The countermeasure (GhostBusters) uses a “committee of experts” approach and combines the results obtained from four lightweight deep convolutional neural networks that assess the authenticity of an object based on the object’s light, context, surface, and depth. We demonstrate our countermeasure’s effectiveness (it obtains a TPR of 0.994 with an FPR of zero) and test its robustness to adversarial machine learning attacks.

Share
Categories
Intelwars

Twilight of Trump: Don Was Warned by US Intelligence and NSC Director That Scandal Materials Against Hunter Biden Dished Up by Bannon and Giuliani Were Likely Russian Intelligence Fabrications

First Time as Tragedy, Second Time as Farce: Crude Attempt by Trump Gang to Repeat the Hillary Clinton Email Scandal of 2016 Is Failing to Gain Traction, NY Post Exposé Going over Like Lead Balloon; Scant Interest for Umpteenth Warmed-Over Ukrainian Scandal as October Surprise Another 900,000 First-Time Jobless Claims; Widespread Immiseration Looms for Holiday […]

Share