Tag: security

EMP Aftermath

A what-if of the aftermath of a high power EMP blast in the stratosphere.

Suppose, one fine spring day, with no warning or evident cause, the power went out. After a while, when it didn’t come back on, you might try to telephone the power company, only to discover the phone completely dead. You pull out your mobile phone, and it too is kaput. Nothing happens at all when you try to turn it on. You get the battery powered radio you keep in the basement in case of storms, and it too is dead; you swap in the batteries from the flashlight (which works) but that doesn’t fix the radio. So, you decide to drive into town and see if anybody there knows what’s going on. The car doesn’t start. You set out on foot, only to discover when you get to the point along the lane where you can see the highway that it’s full of immobile vehicles with their drivers wandering around on foot as in a daze.

McCain Leak

Private information at bargain prices. It was a high-tech flub at the McCain-Palin campaign headquarters when Tisha Thompson bought a Blackberry device containing confidential campaign information.

ha. good thing those clowns were not elected. can you imagine technology policy by a bunch of ignoramuses that make such mistakes?

Spooks 2015

To respond effectively to the changing strategic landscape, we need structures, people and systems aligned to ensure a unified effort, ready to adapt with greater agility. As we adjust to new challenges and customers, we reaffirm our enduring mission: to provide objective and relevant support to help our customers achieve decision advantage.

how spooks see themselves in 2015. lots of talk about user generated content, open source intel, etc. yet at the same time they have these ridiculous seals.

Newark Surveillance

MA: You became mayor in July of 2006, you’re a couple of years in to your 4 year term. It sounds like right away when you became Mayor you started thinking about how surveillance could help some of the crime problems in your city. Can you talk about the Community Eye initiative, what it was when you started as Mayor, and what it’s become since then. CB: Sure, there was not really any kind of coordinated camera program what so ever. There may have been a few cameras out, but there was no monitoring, there was no substantive, strategic approach to using them. We realized right away that, one, from looking at other cities, and trying to learn from successes internationally to here in America, there was a lot of security leaders that talked about cameras as a positive thing. I knew we had to get more police on the streets. But we also had to find things that were force multipliers, ways of spreading out our police for in a way that gave us dramatically more coverage in preventing crime, reacting to crime, and adequately responding with emergency resources. So we began to explore the use of cameras, the first thing we did was use a local UEZ program, Urban Enterprise Zone to fund some cameras. Again, they were expensive, and I inherited a city that had a tremendous budget deficit. So I was trying to figure out ways to fund more cameras, we had already started a police foundation which was critical for helping with key technology advancements, from just getting computers into police cars, to other cutting edge things, they also funded our anonymous hotlines and tip lines for people who call in, and let the police know someone’s carrying an illegal gun and I know some information about a crime and get up to $2000 as a result of that. So we had a void, to try to meet my dream of having a huge wireless for cameras, and something else called gunshot detectors. Which means if a gun goes off in a zone, we’d be able to identify in seconds where the gun went off.

an update from the transparent society. wireless cameras and gunshot triangulators

Adeona

We tackle the problem of building privacy-preserving device-tracking systems — or private methods to assist in the recovery of lost or stolen Internet-connected mobile devices. The main goals of such systems are seemingly contradictory: to hide the device’s legitimately-visited locations from third-party services and other parties (location privacy) while simultaneously using those same services to help recover the device’s location(s) after it goes missing (device-tracking). We propose a system, named Adeona, that nevertheless meets both goals. It provides strong guarantees of location privacy while preserving the ability to efficiently track missing devices. We build a version of Adeona that uses OpenDHT as the third party service, resulting in an immediately deployable system that does not rely on any single trusted third party. We describe numerous extensions for the basic design that increase Adeona’s suitability for particular deployment environments.

covertly records and sends crypted comms. very cypherpunk

Insecure Banks

More than 75% of the bank Web sites surveyed had at least 1 design flaw that could make customers vulnerable to cyber thieves after their money or even their identity.

root cause: a belief that the web site is a cost center, while wasting money on countless branch offices. no wonder they can only afford incompetent web technology.
2013-11-06: if you thought banks encrypt the traffic on their international leased lines, well…
2014-01-11:

90% contained several non-SSL links throughout the application. This allows an attacker to intercept the traffic and inject arbitrary JavaScript/HTML code in an attempt to create a fake login prompt or similar scam.

50% of the apps are vulnerable to JavaScript injections via insecure UIWebView implementations. In some cases, the native iOS functionality was exposed, allowing actions such as sending SMS or emails from the victim’s device.

in the move from shitty websites to shitty “apps”, we’re going backwards several years as implementers have to relearn all security lessons. you probably don’t want to trust any “apps” from your financial institution.