This is gonna be good......seeing what the justice dept and the fbi has been up to. I think it will be the biggest scandal in our history.

 

"Real I.D." on steroids sneaked into a 400 page congressional bill.
http://thefreethoughtproject.com/national-id-hr4760-biometrics/

 

"Real I.D." on steroids sneaked into a 400 page congressional bill.
http://thefreethoughtproject.com/national-id-hr4760-biometrics/

I think I would recommend not reading anything from that source anymore. They claim that HR-4760 requires everyone to carry a National ID card, that it will be illegal for anyone to hold a job in the U.S. that doesn't have this card, and require all employers to purchase scanners for this card.

That is completely at odds with the text of the bill, which states very explicitly:

Limitation on use of the verification system and any related systems

(A) No national identification card

Nothing in this section shall be construed to authorize, directly or indirectly, the issuance or use of national identification cards or the establishment of a national identification card.

In fact, I can't tell any difference between the list of documents that can be used now for establishing employment eligibility and what is in the bill, nor any difference between the employment verification system that is described in that bill and the one that is already in place since authorized in 1996 and upon which this one is patterned after. Both systems are voluntary. This one is simply under the Department of Homeland Security. Why we need a second system is anyone's guess (government loves duplication).

 

https://boingboing.net/2018/01/24/honest-liars.html

Honesty is over-rated.

 

Privacy and secrecy lost.
https://www.theguardian.com/world/2...p-gives-away-location-of-secret-us-army-bases

However, over the weekend military analysts noticed that the map is also detailed enough that it potentially gives away extremely sensitive information about a subset of Strava users: military personnel on active service.

Nathan Ruser, an analyst with the Institute for United Conflict Analysts, first noted the lapse. The heatmap “looks very pretty” he wrote, but is “not amazing for Op-Sec” – short for operational security. “US Bases are clearly identifiable and mappable.”

“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous,” Ruser added, highlighting one particular track that “looks like it logs a regular jogging route.”

 

Use this plate.

That is so ingenious.

You should get a patent on it, however I don't believe practical jokes can be patented.

 

That is so ingenious.

You should get a patent on it, however I don't believe practical jokes can be patented.

You can patent almost anything, and this one actually meets the requirements for both novelty and utility. Might also be something you could copyright.

Making money off your creativity is an entirely different matter.

 

https://www.sciencenews.org/article/smartphones-data-collection-security-privacy

A more recent application used a whole fleet of smartphone sensors — including the gyroscope, accelerometer, light sensor and magnetism-measuring magnetometer — to guess PINs. The app analyzed a phone’s movement and how, during typing, the user’s finger blocked the light sensor. When tested on a pool of 50 PIN numbers, the app could discern keystrokes with 99.5 percent accuracy, the researchers reported on the Cryptology ePrint Archive in December

 

http://money.cnn.com/2018/02/14/technology/huawei-intelligence-chiefs/index.html

"It provides the capacity to maliciously modify or steal information," Wray said. "And it provides the capacity to conduct undetected espionage."

Huawei has not made strides in the U.S. market in large part because ofgovernment concerns that the Chinese government can use its smartphones and other products for intelligence gathering.

 

https://www.sciencenews.org/article/smartphones-data-collection-security-privacy

A pretty clever side-channel attack.

Modern crypto is so good that attacks against the algorithm are seldom successful. Usually what cracks do show up can be eliminated long before the attacks exploiting the vulnerabilities are developed to a point of being a credible threat. Most successful attacks are against implementation or are some form of social engineering attack.

 

A pretty clever side-channel attack.

Modern crypto is so good that attacks against the algorithm are seldom successful. Usually what cracks do show up can be eliminated long before the attacks exploiting the vulnerabilities are developed to a point of being a credible threat. Most successful attacks are against implementation or are some form of social engineering attack.

It's amazing today how much information can be synthesized from an RF signal from side-channels. We could tell the type and possible unit down to a specific platform from a received RF signal using its unique signature long ago.

 

It's amazing today how much information can be synthesized from an RF signal from side-channels. We could tell the type and possible unit down to a specific platform from a received RF signal using its unique signature long ago.

What surprised me when I first heard about it was how Morse Code operators (actually, intercept operators) got so that they could quickly distinguish the sender by their "first" -- the slight variations in how they sent Morse.

But after a little reflection it wasn't too surprising. Most humans can easily tell the difference between to speakers, even when their accents and voice characteristics are fairly close. I had a friend when I was young that was big time into ham radio and he could send and receive at over 80 words/min. He was teaching a Novice class that I was taking and of course I was struggling to distinguish dits from dahs and building them up to construct letters was a deliberate and time-consuming process. So the thought of doing that at 80 wpm flabbergasted me. But he said that as you get better you first hear letters instead of dits and dahs (I got to that point) but then you start hearing words and finally you simply hear a conversation. Makes sense -- and it's the same for sign language or just trying to learn a foreign language.

 

https://torrentfreak.com/flight-sim-company-embeds-malware-to-steal-pirates-passwords-180219/

In a nutshell, FlightSimLabs installed a password dumper onto ALL users’ machines, whether they were pirates or not, but then only activated the password-stealing module when it determined that specific ‘pirate’ serial numbers had been used which matched those on FlightSimLabs’ servers.

 

https://securityledger.com/2018/02/new-lobbying-group-fights-right-repair-laws/

He said the group thinks such measures are dangerous, citing the “power of connected products and devices” and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves.
...
Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety.

Bogus, like there is any real security and privacy in most of the IoT devices being sold.

 

https://securityledger.com/2018/02/new-lobbying-group-fights-right-repair-laws/


Bogus, like there is any real security and privacy in most of the IoT devices being sold.

Right... these SOBs only care about their profits, and don't give a tiny rat's ass about their customer's privacy or vulnerability ...

 

What surprised me when I first heard about it was how Morse Code operators (actually, intercept operators) got so that they could quickly distinguish the sender by their "first" -- the slight variations in how they sent Morse.

I think you meant “fist”. Damn autocorrect I suppose. Sigh

 

I think you meant “fist”. Damn autocorrect I suppose. Sigh

I'm sure that's what he means but most of our equipment signatures were not from human operators.
http://www.navy-radio.com/manuals/10787/10787-01.pdf

 

I definitely meant "fist" -- and I was only talking about WWII Morse intercepts, not later electronic signatures. The general concept is the same though. Every operator -- be it human or machine -- behaves slightly differently in repeatable and consistent ways. If we can detect and identify the patterns, then we can tag intercepts with the operator which, by itself, can reveal a wealth of information.

 

https://arstechnica.com/information...ificates-axed-after-ceo-e-mails-private-keys/

When Rowley asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security.

Generally speaking, private keys for TLS certificates should never be archived by resellers, and, even in the rare cases where such storage is permissible, they should be tightly safeguarded. A CEO being able to attach the keys for 23,000 certificates to an email raises troubling concerns that those types of best practices weren't followed. (There's no indication the email was encrypted, either, although neither Trustico nor DigiCert provided that detail when responding to questions.)

 

My picture say's It all ,freedom from all ,disconnected

from all. The right attitude from the beginning.