Friday Squid Blogging: Climate Change Could be Good for Squid

Basically, they thrive in a high CO2 environment, because it doesn't bother them and makes their prey weaker.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on June 14, 2019 at 4:41 PM • 57 Comments

Comments

AlejandroJune 14, 2019 5:44 PM

In Stores, Secret Surveillance Tracks Your Every Move

https://www.nytimes.com/interactive/2019/06/14/opinion/bluetooth-wireless-tracking-privacy.html

While in the store ..."Bluetooth beacons.... track your location accurately from a range of inches to about 50 meters. They use little energy, and they work well indoors. That has made them popular among companies that want precise tracking inside a store."

Basically, the article suggests a whole new wave of precise invasive tracking in public buildings has started, using cell tower data, GPS and now in store Bluetooth trackers that secretly communicate with your phone.


My personal electronic goals have been to cut Google out of my life as much as possible, but also basically leave the phone off and in the car when shopping at any of the big box stores.

On a more personal basis, it was only recently I noticed cameras video taping my checkout at Target and Walmart which has prompted me to flip the finger to the camera. I see that might create an issue for one reason or another. I am trying to restrain myself. Sometimes.

I hope more and more states start fighting for our electronic security and privacy. I think it's pretty safe to assume Congress is a lost cause on those issues (and much more).

IsmarJune 14, 2019 6:22 PM

Analysis of the squid thriving with climate change is too short sighted as the increase in CO2 results in less pray available causing the feedback loop between predators and pray to decrease the squid numbers once again. On the other hand we also know that squids eat other squid even their own species so another dynamic may occur. Lastly, creatures like Blue Sharks and Sperm Whales may also benefit from the rise in squid numbers reducing the increase in the numbers in the first place

Sed Contra June 14, 2019 7:53 PM

@Alejandro

track your location accurately from a range of inches

That’s why I set up an iOS shortcut/Siri command to shut Bluetooth and WiFi off, viz -

Siri, dive ! dive ! (while sounding an ooogah horn)

Experience China First Our In Driving

Sleepy West Wakes Up
… the administration drive to counter Chinese influence at U.S. research institutions. The aim is to stanch China’s well-documented and costly theft of U.S. innovation and know-how.

Even something that is in the fundamental research space, that’s absolutely not classified, has an intrinsic value,” says Lawrence Tabak, principal deputy director of the NIH, explaining his approach. “This pre-patented material is the antecedent to creating intellectual property. In essence, what you’re doing is stealing other people’s ideas.”

As director of the Center for Public Health and Translational Genomics at the University of Texas MD Anderson Cancer Center Wu hasn’t been charged with stealing anyone’s ideas, but in effect she stood accused of secretly aiding and abetting cancer research in China, an un-American activity (funded by US taxpayer $$$) in today’s political climate. She’d spent 27 of her 56 years at MD Anderson in Huston.

A month after resigning, she left her husband and two kids in the U.S. and took a job as dean of a school of public health in Shanghai.
Does Chinese Communist Party Loyalty Comes Before Family?

Her actions prove the sleepy USA was ‘taken to the cleaners’ for many decades.
https://www.bloomberg.com/news/features/2019-06-13/the-u-s-is-purging-chinese-americans-from-top-cancer-research?srnd=businessweek-v2

Smelling Salts Anyone?
A Chinese-owned company is making circuit boards for the top-secret next generation F-35 warplanes flown by Britain and the United States, Sky News can reveal.
"We have been completely and utterly naive about the role of China and it is only now that people are beginning to WAKE UP," said Sir Gerald Howarth, a former Tory defence minister.

https://news.sky.com/story/f-35-jets-chinese-owned-company-making-parts-for-top-secret-uk-us-fighters-11741889

Z.LozinskiJune 15, 2019 2:54 AM

@Alejandro,

The thing that concerns me about the proliferation of cameras in retail stores and banks is they provide a way to attack the chip-and-pin / EMV payment system. Position a camera so you can see payment terminals and you have access to a large percentage of the PINs entered. Combine with a skimmer and you are good for a magstripe fall-back attack. We do all remember the case where a UK retailer had to weigh all its payment terminals over the weekend to find the ones that had been compromised in the supply chain, don't we?

Many years ago, a friend of mine was on a business trip with the head of one of the major ATM vendors. They stopped at a light, opposite an ATM, and the guy called out someone's PIN as they entered it by watching the hand movements. OK, so it is a specialist skill, but we have learned that the wicked people specialise too.

Clive RobinsonJune 15, 2019 4:41 AM

@ Z.Lozinski,

OK, so it is a specialist skill, but we have learned that the wicked people specialise too.

Yes I can remember @Bruce being surprised when I first mentioned photographing keys.

When I was young I did not need a camera I just memorized the pattern of leaver lock keys in my head and could cut them by hand with needle files. By 1976 I'd got a near compleat colection of Fire Brigade "FBx" keys. I then without knowing about "impressioning" reasoned it out for myself and got the rest of the FBx keys.

It was not for a decade or so untill chatting with an Ex-Convict turned security consultant that I found out that prisoners had learnt that trick years before which is why prison officers were taught to "shield their keys".

Being or thinking "Hinky" as @Bruce describes it is a state of mind, you just look at a problem in a certain way and you see the holes. The thing is the more you do it the better it gets. I can not explain how the human mind does it, it just does. As I've mentioned before correctly designed hardware be it mechanical, electrical or electronic when drawn as blue prints, plans or circuit diagrams have a certain "beauty" to them when they are right. When you see something that looks even a little bit messy to down right ugly, you just know you are going to find to much complexity sloppy thinking or worse obvious errors. But more importantly from the security perspective that lack of "beauty" even just a little messy means there are probably vulnerabilities there.

Tag Card Inside Plastickeytag com Printing Key Plastic - I don't know if the ability to see things that way is inate or not but most people either don't have it or have not developed it whilst young.

Oh it also works in software. Most diagraming techniques if you take the time to learn how to use them effectively help show "bad code". The fact this gets discoraged by various modern software development techniques --some of which are just bullying / humiliation / power rituals-- might have something to do with the defect rates we see in modern code.

It also works for one off projects and similar, where you use the idea of "story boarding" or as was once called "Rich Pictures" thay don't need to be works of art but they do help spot where things need to be done and importantly by when.

The visual cortext is --without meaning to make a pun-- the biggest window into the brain, also perhaps more importantly it deals easily with multidimensional input. Maybe in some it is more developed and thus pictures enable us to see two or more dimensionaly problems that most only think of serialy.

As for being "wicked" in a lot of cases it's more a state of mind than an actuality. Society makes up rules for good or bad usually at somebodies whim. These days often so that they can gain an advantage over others in the rent seeking game where winners get the scarcer and scarcer assets and loosers get to pay over more and more of their labour just to stay afloat.

Thus you have the ridiculous interpretation of some rules by the guard labour to some, and likewise non application of clear rules to others. More often these days however rules are designed to be of the sort where a crime is where somebody says it is. We call the broad in scope, but their actual intent is for arbitary punishment.

York King Of - New Fakes

There is supposedly that distinction between having a "Public duty" (criminal) and "Private duty" (tort). Where rule bending happens, a lot these days, thus for similar actions some have their actions seen as criminal others as torts. The deciding factor appears to be "status" of the person.

In theory criminal activities get treated in a "Public way" that is by incarceration or community service. Whilst torts are treated in a "Private way" by the transfer of money. But we see the downgrading of crimes to fines with the rich and "entitled" buying their way out easily for a trivial percentage, whilst the poor and "unentitled" find their fines are set quite deliberatly beyond their means thus become crimes on non payment, and any assets they might have aquired get taken away from them to be sold frequently to the advantage of rent seekers.

So where do you see the real wicked minds?

It's a question I find I ask myself more and more frequently these days...

VinnyGJune 15, 2019 9:04 AM

@Alejandro re: BT surveillance - Easy enough to switch of BlueTooth in most phones. If it might be needed for some phone-based checkout activities (I use non eof that) easy enought to turn it back on for just the duration of that. If you use BT in your car and leave your phone powered on in the vehicle while you shop, you might want to consider disabling BT while you are away from it. I suspect there are potential attacks that could be attempted to surreptitiously access the phone under those circumstances. Can you state in general terms the location of the Walmart with check-out cameras, and whether it was cashier line or self-check-out? I sometimes purchase cash cards at WM for the purpose of making anonymous on-line transactions, so it is a slight concern.
@sed contra - As an inverterate cheapskate and smartphone skeptic, I don't have anything nearly as soophisticated as an iPhone, I use a cheap BLU device over Ting with as much non-essential apps and settings crap stripped out as possible. It is, however, a no more than 3 second task to turn BT off or on. I rarely have any use for phonw WIFI, so that remains disabled...

Tag Card Inside Plastickeytag com Printing Key Plastic - ThirtyNineJune 15, 2019 11:14 AM

Google TV Forces Data-Mining and Targeted-Advertising

Spend $4,000 on an expensive Sony TV. Power-up for a nasty surprise as Sony will NOT allow owners to use their new TV without mandatory acceptance of Google’s deceptive and intrusive Terms of Service.

Do I need to agree to Google's Terms of Service and Privacy Policy?
https://www.sony.co.uk/electronics/support/articles/00114157

Most newer Sony TVs use the Android TV smart-TV system, and during setup you’re asked to click Yes to agreements with three separate companies: Google, Sony, and an ACR provider called Samba TV.

Mandatory Forced Targeted Advertising
Google has pushed an update to some Sony TVs that run the Android Oreo update. This update adds a row of Google Sponsored Content in the second row of the home page. Unlike the existing sponsored content, this row cannot be removed.
https://www.rtings.com/tv/learn/ads-in-smart-tv#remove-sony-ads

These are desperate times indeed.
Whatever happened to opt-in and opt-out choice? Where is GDPR when you need it?

Sed Contra June 15, 2019 11:32 AM

@ThirtyNine

TV

I was freed when I realized

TV = nothing to watch
cable TV = one thousand channels and nothing to watch

AlejandroJune 15, 2019 12:59 PM

@Sed Contra

I have heard about innovative uses of the SIRI shortcut commands. However, according to the cited article:

"...last year, investigators at Quartz found that Google Android can track you using Bluetooth beacons even when you turn Bluetooth off in your phone." Ouch!

Trying to get google out of your life is really hard. Harder than FB. I now use DuckDuckGo and Startpage for searches, but their maps are not up to snuff. Besides, google is everywhere.

@Z.Losinski

I have wondered why MS, Google, Amazon and the rest would NOT simply log all of our PIN numbers, passwords and so on just like they collect everything else. Certainly their privacy statements would allow it.

As for stores recording our pin numbers via loggers or cameras....why not? Who would stop them? All they need to say is "it's for store security". Case closed.

@VinnyG.

See above, there is a way to track you even if BT is turned off. Apparently, it's done via other installed apps. Meanwhile, at least on my iPhone, when you switch off BT, it's only good for 24 hours, then auto switches back to "on". I've wondered about that sometimes. Why?

The cams at Walmart and Target are (at least) at the self serve checkout stand. When you slide your card, you can see yourself in a small monitor while doing the transaction. Thus, there is a video recording of every purchase. This is when I usually get an uncontrollable urge to scratch my nose with my middle finger.

If they have them, you WILL see them for sure.

BTW, the article notes,

"Most people aren’t aware they are being watched with beacons, but the “beacosystem” tracks millions of people every day. Beacons are placed at airports, malls, subways, buses, taxis, sporting arenas, gyms, hotels, hospitals, music festivals, cinemas and museums, and even on billboards."

"They" are everywhere. Almost.

I'm thinking leave the phone in the car and off. Or maybe get one of those Faraday phone cases. Maybe, for father's day!

Sed Contra June 15, 2019 2:01 PM

@Alejandro

according to the cited article. ... Quartz

Thanks! The Quartz article https://qz.com/1169760/phone-data/ doesn’t seem to reference iOS, but doubtless a salutary warning. Switches on devices are just ways to input parameters to software, which treats them as a merely a suggestion.

Confirming again the determined deviousness and unbounded contempt for persons displayed by these companies.

All this is killing the romance of computing!

Sherman JayJune 15, 2019 2:07 PM

The Russian threat to u.s. elections is small compared to what u.s. voting machine companies are doing:
Tag Card Inside Plastickeytag com Printing Key Plastic -
https://www.motherjones.com/politics/2019/06/a-researcher-found-a-bunch-of-north-carolina-voting-machine-passwords-online/

Most of the machines in the u.s. are crap: either ancient, or easily hackable, or not truly auditable.

And voter suppression, gerrymandering and vote tampering by certain 'red-tinted' corporate and government people is a huge factor in election fraud. Read about states like Georgia and N. Carolina in last election cycle.

HJune 15, 2019 2:21 PM

@Alejandro
I made this comment to the NYT: Why not a constitutional amendment prohibiting collecting and correlating data about citizens by any means, electronic or otherwise, for commercial purposes of any kind?

AlejandroJune 15, 2019 2:39 PM

@H

Re: "...constitutional amendment prohibiting collecting and correlating data..."

I am quite convinced Congress will never make an appropriate response to corporate mass surveillance; let alone pass a very difficult amendment to the Constitution. Pick a reason: incompetent, bought off, too stupid. They all seem to fit at various times.

We as the people cannot even mount a judicial challenge because so much of what they do is in secret, secretive or literally blocked by other laws.

The EU and a few state legislatures seem willing to sling a stone at Goliath. Let's hope they slay the beast, soon.

In the meantime all we can do as individuals is:

Resist!

About 여자 Group i-dle Lagu Judul Foto 2018 Fakta All Kpop Member Anggota K-pop Label Dan Terbaru g Intermezzo profil Girl - Squad 아이들 Jumlah Tanggal Negara Nama Asal Media Debut And

@Sed Contra

You assume those radios are really off.

15 June 2019 00:00:00June 15, 2019 4:13 PM

@Sherman Jay

From your NYTimes link:

"U.S. Escalates Online Attacks on Russia’s Power Grid

WASHINGTON — The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said.

In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.

[...]

Tag Card Inside Plastickeytag com Printing Key Plastic - But now the American strategy has shifted more toward offense, officials say, with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before. It is intended partly as a warning, and partly to be poised to conduct cyberstrikes if a major conflict broke out between Washington and Moscow.

The commander of United States Cyber Command, Gen. Paul M. Nakasone, has been outspoken about the need to “defend forward” deep in an adversary’s networks to demonstrate that the United States will respond to the barrage of online attacks aimed at it.

[...]

But finding ways to calibrate those responses so that they deter attacks without inciting a dangerous escalation has been the source of constant debate.

Mr. Trump issued new authorities to Cyber Command last summer, in a still-classified document known as National Security Presidential Memoranda 13, giving General Nakasone far more leeway to conduct offensive online operations without receiving presidential approval.

But the action inside the Russian electric grid appears to have been conducted under little-noticed new legal authorities, slipped into the military authorization bill passed by Congress last summer. The measure approved the routine conduct of “clandestine military activity” in cyberspace, to “deter, safeguard or defend against attacks or malicious cyberactivities against the United States.”

Under the law, those actions can now be authorized by the defense secretary without special presidential approval.

“It has gotten far, far more aggressive over the past year,” one senior intelligence official said, speaking on the condition of anonymity but declining to discuss any specific classified programs. “We are doing things at a scale that we never contemplated a few years ago.”"

15 June 2019 00:00:00June 15, 2019 4:56 PM

@Alejandro

"... there is a way to track you even if BT is turned off. Apparently, it's done via other installed apps. Meanwhile, at least on my iPhone, when you switch off BT, it's only good for 24 hours, then auto switches back to "on". I've wondered about that sometimes."

You might try turning off Wi-Fi or Bluetooth in Settings, not using swipe down diaganal with iOS. AFAIK Wi-Fi and Bluetooth will then stay off until you turn them back on in Settings. A long time ago, I think, Wael pointed out this change in iOS functionality with some iOS update.

from your OP:

"Even if you did know which companies have access to your beacon data, there’s no way to know what kind of data is collected through the app. It could be your micro-location, dwell time or foot traffic, but it can also include data from the app, such as your name, and your app data can be combined with other data sets compiled about you by data brokers. There is simply no transparency.

To protect yourself from beacons in the short term, you can delete any apps that may be spying on you — including apps from retailers — and shut off location services and Bluetooth where they are not needed. You can also follow The Times’s guide on how to stop apps from tracking your location. For Android users, the F-Droid app store hosts free and open-source apps that do not spy on users with hidden trackers.

Most of our concerns about privacy are tied to the online world, and can feel theoretical at times. But there is nothing theoretical about Bluetooth beacon technology that follows you into retail stores (and other venues) and tracks your movement down to the meter."

links from your OP:

https://www.nytimes.com/2018/12/10/technology/prevent-location-data-sharing.html

https://qz.com/1169760/phone-data/
"When Off Means On
Google can still use Bluetooth to track your Android phone when Bluetooth is turned off"

Virtual Maker Drivers - Card License Texas Fake Id

SpaceLifeFormJune 15, 2019 4:57 PM

@Taz

In re Cellebrite

"Please disconnect AC and wait for the system to compute battery initialization"

Id Card Fake Maker Alabama

(this, on a battery dead Cellebrite device)

Does that give you a clue as to how low level the backdoors are buried in silicon or not?

And, WTF is battery initialization anyway?

Smells of hidden battery (in the battery), along with flash, ram, all built in to the 'battery'.

Same absolute attack built into your 'smart' phone.

Try pulling your battery on your phone (if possible), no charger, wait 12 hours.

Clock still close?


Keep going.

Eventually, the clock will reset.

When At The Fake Id Works Sound - With Gifs Clubs Coub

@all

Sorry, typo

s/compute/complete/

- New Consulting Neighbours Passport Scan

Not sure much difference.

lurkerJune 15, 2019 8:57 PM

@ Sed Contra

Siri, dive ! dive ! (while sounding an ooogah horn)

Tag Card Inside Plastickeytag com Printing Key Plastic -
I find it amusing to watch the puzzled looks on spectators anytime I need Bluetooth on, and have to dig thru the layers of Settings> > >

@ VinnyG

re: BT surveillance - Easy enough to switch of BlueTooth in most phones.

and probably easy enough for some app you haven't been deep enough in Settings, to turn it back on. As the qz article says there are Settings> Location, or Settings> Security, or ... but what about SomeRandom.app>Settings>GuessWhich>Allow me to turn on BT when I want. On my Android device I have Settings>Bluetooth>Visibility>Visible Only to Paired Devices... but I'm not sure if I understand what that does.

I recently got an OTA firmware update from the vendor which flushed out his perfectly workable basic browser, and gave me Chrome instead. I've been thru all the obvious Settings to clip its wings, but in spite of my locking down Location Services, whenever Chrome starts, it turns on stuff I'd turned off. I liked my iPod Touch, an iPhone without the phone, but Apple kept making it harder to put my own files on and off the device, so I jumped ship. Ggl/Android don't care what I do with the device, so long as they know where and when I did it, with whom, and how much I paid...

TazJune 15, 2019 9:08 PM


https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/


were able to extract an RSA 2048-bit signing key from an OpenSSH server using only user-level permissions. I

TazJune 15, 2019 9:18 PM

@Alejandro


We must poison all their data. Just like taking a piss on it.

About as much fun as running up huge mail bills for these clowns who send you prepaid envelopes. You know damn well employees won't take the initiative to get that postage back.

AndersJune 16, 2019 4:49 AM

https://theintercept.com/2019/06/12/darkmatter-uae-hack-intercept/

WillJune 16, 2019 7:53 AM


I’ve investigated user security for the new promiscuous/automatic connection Wi-Fi 6 and Hotspot 2.0 Internet Access Networks.
https://www.wi-fi.org/discover-wi-fi/passpoint

The first red-flag warning is the The Wi-fi.org allows Google eavesdropping for Google’s benefit.
https://www.wi-fi.org/discover-wi-fi/passpoint

Improved Wireless Connection Security
Hotspot Operators may provide Hotspot 2.0-based free, public, hotspot service. In this particular service, Hotspot Operators have the need to ensure hotspot users have accepted the terms and conditions governing their hotspot’s use, but are not interested in knowing (or do not wish to know/track) any particular user’s identity.
If the user accepts the terms and conditions, the OSU server issues a credential. Note that the SAME credential is issued to all users which have accepted the terms and conditions; therefore, the Hotspot Operator cannot track the identity of an individual user during the Hotspot 2.0 Access state.

Local Untrusted Network Privacy and Security
Most notably, there ZERO mention of user security within the local connected untrusted WLAN. That is, who is potentially data-mining packets before being sent-on to the Internet ISP (who is also performing deep-packet inspection).

With virtually zero hits, Internet searches have obviously been sanitized on this sensitive user-security subject[1]. But there was one:
‘The biggest problem is that WLAN authentication in such a scenario tells you nothing about the identity or security of… the WLAN. Users authenticate with their identity provider’s RADIUS servers, and the result is strong encryption in the air, but no guarantee of security on the wired network. They don’t get any information about the identity of the wired LAN that their bits are traversing, because the authentication is abstracted away from the network they are using. HS2.0 provides no identity verification of the network that users are actually using.’
https://framebyframewifi.net/category/hotspot-2-0/

Lets delve into an example using the ‘tech savvy’ City San Francisco Hotspot 2.0 [2]:
San Francisco Hotspot 2.0 Terms of Service and Privacy Policy:
‘Notwithstanding the foregoing, City of San Fransisco may record information about usage of Service, such as when and for how long the Service is used and the frequency and size of data transfers. City may also collect information about the geographic locations of the City Wi-Fi nodes through which users connect to the Service. The City will use this information for its own purposes only.’

This is actually a laughable embarrassing substandard Privacy Policy as it makes NO mention of partner Google performing data analytics and then using the tracking data for its own commercial purposes.
Since this is not a charity[3], citizen data is required to subsidize the building and maintaining of these towers.
The reality is Google is in competition with coming co-located 5g cellular networks.
But irregardless, it must generate income by selling location based advertising (for example San Francisco Park #23).

By design, the name Google isn’t Internet searchable here as the sole passing mention is buried at the end of the City’s PDF document.
11. Are there plans to expand the Free Public Hotspot 2.0 service beyond Market St.?
Tag Card Inside Plastickeytag com Printing Key Plastic -
The Department of Technology is working with t he Department of Recreation and
Parks and GOOGLE to install Hotspot 2.0 service in n 31 neighborhood parks.
https://sfgov.org/sfc/terms-service

Is Google free to change the terms of service at will?
Predicted update: We take your privacy seriously… to serve you personalized ads. You must accept our terms to use this network. Coming soon to a City Park near you!

Solution
A VPN is even more so mandatory when using any public network

Danger Will Robinson
Wifi 6 is more about automatic connected convenience to unknown, untrusted networks
Tag Card Inside Plastickeytag com Printing Key Plastic -
Unless the device owner is proactive and technically competent, it also greatly expands consumer eavesdropping, advertising insertion and tracking.
A security agencies playground: install Malware upon entry using the airports official network, then uninstall it at departure. No one will ever know

[1] In recent court testimony, Facebook would argue that there is no expectation of privacy for anyone using any quasi-public network. (I agree that they too will, without question data-mine over Hot-spot 2.0 connected WLAN).
[2] Like public libraries, city Parks customer service staff is totally unaware that Google is ‘running the show’ sight unseen
[3] Toronto’s Smart City advisory board quit over Google’s lack of transparency and deceptions. Is San Francisco any 'smarter'?

Clive RobinsonJune 16, 2019 9:20 AM

@ Will,

Behind all of this is the push not just by corporations but national governments towards de-anonymising people in every thing they say and do.

Back in the early days of what is now often called "Single Sign On" user convenience and ease of administration was pushed and pushed hard...

However it did not realy take off at the time for various reasons. Two of which were basically battles over who got the big slice of the online pie, and government systems were associated with the "Papers Please" of National ID cards through the back door and making "Police States" easier (think about the Chines "social credit rating" as an example).

Unfortunately too many people focused on the Government / Police State asspect than the Corporate / data minining / Police State aspect (via third party business records and NSL based "bulk collection" and later legislation).

" To Apply Sign t Join Facebook Conference Twitter Up In Https Jose Our Developer Ca Is Annual San On koqsg6rsum… co Stream Or Open Https f8 Registration At xjhx7pq74l" co t Attend At Us

So various major silicon valley Corps fought it out for the "single Sign On" title belt.

Thus anyone who considers using any kind of "Single Sign On" is playing into the hands of the data aggregators.

Perhaps it's time our host @Bruce did an op-ed on the societal dangers of SSO systems and added a caution about their near equivalent of "Online Password Managers".

15 June 2019 ......June 16, 2019 9:52 AM

https://www.npr.org/2019/06/13/732320853/hackers-demanding-ransoms-paralyze-city-computer-systems-in-the-u-s audio (37:41) & transcript

"As we become increasingly dependent on sprawling computer networks, we're increasingly vulnerable to hackers who exploit weaknesses in them. A recent trend is cyberattacks on American cities. Last year, hackers in Dallas gained the ability to turn on tornado sirens at will. And for weeks, the city of Baltimore has struggled to revive computer systems paralyzed by hackers demanding money.

Our guest, New York Times cybersecurity correspondent Nicole Perlroth, says even more troubling is the fact that the Baltimore hackers used stolen cyberweapons originally developed by the U.S. National Security Agency. Perlroth has reported on the proliferation of cyberweapons used by countries against each other, by hackers against governments and corporations and by private security firms willing to give clients digital espionage capabilities for the right price. Perlroth has also reported on concerns about interference in the 2020 presidential campaign and evidence that voting technology may have been hacked in one swing state in the 2016 election. I spoke to her yesterday.

Nicole Perlroth, welcome to FRESH AIR. We've seen cases where cities have suffered cyberattacks. One of the best known as Baltimore. Let's take that as an example. What happened?"

No OneJune 16, 2019 10:30 AM

@ everyone

We are clearly moving towards a world in which everyone is collected upon constantly.

This does not bode well.

Who?June 16, 2019 11:30 AM

RAMBleed

A new hardware vulnerability related to Rowhammer, but compromises confidentiality not integrity:

https://rambleed.com/

The PullJune 16, 2019 11:44 AM


Masks Cash and Apps: How Hong Kongs Protesters Find Ways to Outwit the Surveilliance State

https://www.washingtonpost.com/world/asia_pacific/masks-cash-and-apps-how-hong-kongs-protesters-find-ways-to-outwit-the-surveillance-state/2019/06/15/8229169c-8ea0-11e9-b6f4-033356502dce_story.html?utm_term=.55e5ca0923f7

License - Drivers Lostberry Blacklight

@The Pull

I read the fascinating article outlining the lengths Hong Kong protesters take to hide themselves from their own surveillance state. Wisely so. It saddens me to realize Americans are being watched at least as closely by the corporate-police state here and for the most part could care less.

Truly it's a world wide phenomenon for governments and corporations to track us simply because they can and there is no way and no one to stop them.

My experience has been individual resistance efforts are a losing game of whack-a-mole. Just when you think you got them beat in one place, they pop up with new nasty trick in another. And they lie a lot about it, too.

There are a lot of very smart people playing this game and the prizes are vast power and riches.

Doesn't mean we should quit. Instead, we should try harder.


A90210June 16, 2019 3:56 PM

IIRC the Opera had a hard time keeping the audience's attention, especially following Leonore Overture No. 3. I once knew a professor that would whistle parts of it.

https://www.youtube.com/watch?v=RpCNGTRvQVI
Beethoven: "Leonore" Overture No. 3 / Böhm Wiener Philharmoniker (1977 Movie Japan Live)

also Georg Solti conducting the Chicago Symphony Orchestra (Decca)

https://cso.org/uploadedFiles/1_Tickets_and_Events/Program_Notes/061510_ProgramNotes_Beethoven_LeonoreOverture3.pdf (pdf) program notes

65535June 17, 2019 2:25 AM

@ Alejandro

"...the article suggests a whole new wave of precise invasive tracking in public buildings has started, using cell tower data, GPS and now in store Bluetooth trackers that secretly communicate with your phone..."

Yes, it been honed to a fine art. You are being tracked and cataloged.

@ ThirtyNine

"Spend $4,000 on an expensive Sony TV. Power-up for a nasty surprise as Sony will NOT allow owners to use their new TV without mandatory acceptance of Google’s deceptive and intrusive Terms of Service."

Yep, that is Sony for you. They scam you six ways to Sunday. I recall Sony cleverly widely spreading on of the largest ATP via music CDs. When Sony and Giggle team up it is a witches brew.

@ Sed Contra

"I was freed when I realized... cable TV = one thousand channels and nothing to watch"

That is my experience also. Once, I realized I was watch a litany of misery and death on the evening news - only move to more useless hour long info-mercials, I just quit watching TV. It has been over 5 year of zero TV watching... or freedom. I am happier for it.

@ Clive Robinson

"Yes I can remember @Bruce being surprised when I first mentioned photographing keys [key stroke recording]..."

I agree, it is probably done all the time... cough with credit card skimming in mind. The only quick semi-solution I can think of is covering the key pad with your hand [The Brian Krebs trick].

@ all posters on the blue tooth tracks via cell phones trick - it has come up on this blog before.

Tag Card Inside Plastickeytag com Printing Key Plastic - I and my better half have found a blunt but fairly effective method of stopping all radio signals. It is Clive Robinson's suggestion of a Faraday cage.

My better half with nimble fingers has found that very thick tin foil wrapped around a cell phone can work stop radio signals.

She wraps the heavy metal foil around it sort of coffin shape. She cuts the case in half and uses an odd folding process to form a lip on the upper half. The bottom case slides on. Next, the upper case with the lip overlapping the bottom case seems to stop most if not all of the radio signals - including the microwave or higher spectrum. She puts it in her clutch or purse and is able to open and close the case is seconds flat.

When the tin foil coffin is damaged she just makes a new one. It is not too expensive cost wise

The second benefit is some cell phones can turn on the browser and use a lot of wifi bandwidth - increasing bills while not watching said cell phone carefully.

That is a billing scam. Putting a halt to the radio signal can help on the metered bandwidth use side of things.

She also requires the neighbor's kids to put their cell phone is thick metal cooking pot. This works to block RF signals. This helps stops the camera pranks by those kids.

I am not sure how hard on the cell phone battery it is. But, taxing the batter is of little consequence for more privacy. It somewhat like the RF bags they sell on E-bay.

@ SpaceLifeForm

"You assume those radios are really off."

Very good observation.

I believe that various parts of a cell phone can be flipped on by TLAs, LE, or big corporate stores. It is hard to prove - but makes sense with the "collect it all" mentality of the TLAs in the USA.

I really don't think anybody should trust turning off the BT a some apps and actually expect the BT connection turn off. That also goes for the cell phone to cell tower connection.

Threads on the RF blocking idea:

"...Clive R. talks extensively about air- gapped computers, and the ways to defeat such defenses. I have even tried to bring the faraday cage down to the local apartment or home by using metal pots to contain kids cell phones. It harder than expected. Here is a set of post regarding using a house pot as a faraday cage. Some cooking pots work and others don’t work. See set of links below..."-65535

https://www.schneier.com/blog/archives/2015/03/now_corporate_d.html#c6690815

25 Id Card unit Id Office Rs Rectangular 15180790562 Pvc Technologies Ducis

[and]

"...I find my “no cell phone” at this house policy helpful. Things are more peaceful. There is not that aggravating twinge when some kid’s cell phone loudly rings. The irritation is now moved to his parents house..."-65535

https://www.schneier.com/blog/archives/2015/03/survey_of_ameri.html#c6692568

Bruce SchneierJune 17, 2019 5:27 AM

I just deleted 13 comments, mostly about Middle East politics and policy. Come on, people, I know you know better. (Clive, I'm looking at you....)

Maxwell's DaemonJune 17, 2019 6:07 AM

Obviously wouldn't work for most anyone else but my simple expedient vis-a-vis is simply not to have a phone at all. Even the VA has become reconciled to sending a letter or, as I put it: "Send me an email, I might get back to you." There is absolutely nothing in this world that requires a drop everything, this needs immediate attention.

RE: Television. I've dropped it here as well.

Lastly, war with Iran. Anyone sane who has bothered to examine the terrain, logistics required, and sociological/anthropological dimensions of Iranian society with respect to an invasion knows that you don't even want to consider going there. Ever. Even the Soviets at their worst (most powerful) took a look at it well before Afghanistan and told their leadership that such an invasion would be sheer insanity and they were literally next door neighbors.

Luke WilliamJune 17, 2019 8:36 AM

When people say hackers are not reliable i laugh at them...!! However, if we are to be honest with ourselves, we all know these things are not as easy as they appear to be on screen. I had a tough time trying to gain access into my partner's phone myself doing a lot of researching that included reading all hack, spy related articles i came across . I even tried a few of the spy software & Apps i came across too but all failed me. I only succeeded after i saw a few referrals to a particular person called Netsky. So i decided to contact him and that was how and when i found all the solution i had been looking for, he helped me gain access to my partner's phone using just her phone number & without her knowledge. I have been monitoring her phone (calls, messages, chats &all) for a few days now. One of the most amazing things was the fact he was also able to help me get back all our old &deleted conversations (WhatsApp), (which sadly makes me realize how much things have changed from the honeymoon phase up till now). I feel so powerful having total access to her phone without her knowing this but it's also helping me to trust her, at lease no signs of her slipping so far lol. His work are legit and he also offer other services such as changing your financial situation, spy emails, hack bank accounts(world bank inclusive), bank transfer, PayPal transfer, money gram and western union)
Contact : netskyattack at gmail. com
Text : +1 (773) 451-5210
I just thought sharing here to help other people that may need this kind of service!! He save my life literally, at least i owe him publicity.

MarkHJune 17, 2019 10:22 AM

Here's a fun story ... about a not funny subject.

https://bgr.com/2019/06/17/genius-vs-google-lyrics-results-on-search-copied-from-lyrics-site/

Genius (a song lyrics site) used simple watermarking to prove that Google is stealing their work.

EvilKiruJune 17, 2019 11:15 AM

@Moderator: Luke William • June 17, 2019 8:36 AM is yet more spamvertising.

VinnyGJune 17, 2019 3:27 PM

Tag Card Inside Plastickeytag com Printing Key Plastic - @moderator: Whilst deleting posts concerning Middle East political shenannigans (having no effect on on the security of the typical citizen of a Western civilization? - debatable imo,) you might want to ax the blatant advertisement as well...

MarkHJune 17, 2019 7:05 PM

Some months ago on a squid post, we discussed the possibility that the U.S. Supreme Court might prevent states from effectively duplicating federal prosecutions.

Whether such double prosecutions are constitutional was the question put before the Court by U.S. v. Gamble.

Today, for good and for ill, the Court ruled 7-2 that yes, such "double jeopardy" may continue. The dissenters were Ginsburg and Gorsuch.

Here's a Slate article by a law reporter who's obviously dissatisfied by the outcome.

For those concerned about rule of law, this decision just might mean that the U.S. President's ability to obstruct justice using his pardon power could be rather less, than it would have been with an opposite ruling.

CallMLateForSupperJune 18, 2019 1:29 PM

Tag Card Inside Plastickeytag com Printing Key Plastic - @Clive

The Sanctions Committee met to render judgement on your most recent indiscretion. They found @Bruce's charge to be credible. Accordingly, your were sentenced to 50 (fifty) lashes about the head and fin with an over-cooked noodle. The offense being aggravated in nature, the aforementioned punishment is to be accompanied by heckling supplied by the full cast of Monty Python.

May &Diety have mercy on your epidermis.

In Company Heart Premium Sticker all-weather California Vinyl norcal Sticker –

@Ismar

I never saw the movie Syriana based, in part, on Baer's book . IIRC the book See No Evil reconstructed the US Embassy bombing in Lebanon in great detail and in my opinion is a good read.

IIRC I read a novel, too, by Robert Baer a long time ago. Based on his Wikipedia page he appears to have one novel Blow the House Down. That may have been it. IIRC it was a gripping page turner until the end when it fell apart, IMO, perhaps because of trying to resolve too many good threads. It's about ten years since I read it and still recommend it, if you don't care about endings.

IIRC there was a scene where the FBI had to follow a suspect into Harlem, or the like, on short notice. Realizing their race, shoes, Ohio State sweatshirts, etc, would blow their cover they rapidly got the CIA involved ...

A90210June 18, 2019 2:50 PM

From the text below: " In chilling detail, Ostrovsky asserts that the Mossad refused to share critical knowledge of a planned suicide mission in Beirut, leading to the death of hundreds of U.S. Marines and French troops."

https://www.amazon.com/Way-Deception-Making-Mossad-officer/dp/0971759502

The # 1 New York Times best seller the Israeli foreign intelligence agency The Mossad tried to ban. The making of a Mossad officer is the true story of an officer in Israel's most secret agency. The first time the Mossad came calling, they wanted Victor Ostrovsky for their assassination unit, the kidon. He turned them down. The next time, he agreed to enter the grueling three-year training program to become a katsa, or intelligence case officer, for the legendary Israeli spy organization. By Way of Deception is the explosive chronicle of his experiences in the Mossad, and of two decades of their frightening and often ruthless covert activities around the world. Penetrating far deeper than the bestselling Every Spy a Prince, it is an insider's account of Mossad tactics and exploits. In chilling detail, Ostrovsky asserts that the Mossad refused to share critical knowledge of a planned suicide mission in Beirut, leading to the death of hundreds of U.S. Marines and French troops. He tells how they tracked Yasser Arafat by recruiting his driver and bodyguard; how they withheld information on the whereabouts of American hostages, paving the way for the Iran-Contra scandal; and how their intervention into secret UN negotiations led to the sudden resignation of ambassador Andrew Young and the downfall of his career. By Way of Deception describes the shocking scope and depth of the Mossad's influence, disclosing how Jewish communities in the U.S., Europe, and South America are armed and trained by the organization in secret ?self-defense? units, and how Mossad agents facilitate the drug trade in order to pay the enormous costs of its far-flung, clandestine operation. And it portrays a network that has grown dangerously out of control, as internal squabbles have led to the escape of terrorists and the pursuit of ?policies? completely at odds with the interests of the state of Israel. This document is possibly the most important and controversial book of its kind since Spycatcher.

Clive RobinsonJune 18, 2019 2:53 PM

@ CallMLateForSupper,

is to be accompanied by heckling supplied by the full cast of Monty Python.

Two good things,

1, I'm not a lumberjack,
2, I don't go into town on Wednesdays.

As for wet noodles, hmm with or without soy sauce?

vas pupJune 18, 2019 2:59 PM

Hacker conference speaker axed over abortion views:
https://www.bbc.com/news/technology-48662816

"Jennifer Granick, legal counsel for the American Civil Liberties Union, asked what other views would disqualify someone from speaking at the conference.

In a tweet, she asked: "Should Black Hat now ask potential speakers for their views on abortion, or is it fine so long as we don't know?"

I just see this as Thought Police of new age when function of TP is going now to non-government field.

That conference is NOT about abortion or even technology used during abortion or/and pregnancy.

I just want to remind all vivid example out of the world history when professionalism/expertise was overridden by demographics. In Nazi Germany Hitler and his regime ousted many prominent German scientists in nuclear physics just because of their Jewish ancestry. They could make atomic bomb for Germany, but substantially helped to create it for US.
If somebody decided that some features (demographics, political views, you name it)unrelated to the critical IT security craft/expertise are more important, then I am afraid we are going to repeat bitter experience (see above) in the cyber war.
In critical fields like this we cannot afford political correctness to such extreme to jeopardize national security.

By the way, I don't share extreme views on abortion neither from right nor from left. Both sides views have own merits on the subject but when push to extreme lose them.

RachelJune 18, 2019 3:01 PM

Some discussions highlighting the fugazi snafu aka Facebook digital currency Nacho Libre

https://twitter.com/TheStalwart/status/1140907901156020224

The white paper (As I said, these links highlight the...)

https://libra.org/en-US/white-paper/#the-libra-blockchain


Facebook's new global currency is a *totally insane idea.* It's like a private global International Monetary Fund run by techbros, except it needs reserves so it'll need a giant bailout during a crisis.
— Matt Stoller (@matthewstoller)


Clive thankyou for your thoughtful enquiry. Grateful for your input as ever. How is the legal process, which I seem to recall was anti-trust oriented?
Pvc 1679783073 Badge Id Rs Visual Id Basic Technologies piece Rectangular 35 Card

A90210June 18, 2019 3:16 PM

https://www.npr.org/2019/06/18/733402928/willie-nelsons-voice-and-spirit-remain-strong-on-ride-me-back-home

https://www.rollingstone.com/music/music-country/willie-nelson-new-album-ride-me-back-home-827502/

"Willie Nelson Details His New Album ‘Ride Me Back Home’

Days before his 86th birthday, the ever-prolific Nelson takes us inside ‘Ride Me Back Home,’ which mixes darkly funny originals with surprise covers

Let me play some of it for you,” said Willie Nelson on a recent afternoon at his Texas home. The singer was talking about his new album, Ride Me Back Home, which he announced today, just three days shy of his 86th birthday. The move proves that Nelson is as prolific as ever; just six months ago, he released his Grammy-winning Frank Sinatra tribute album My Way. ..."

A90210June 18, 2019 3:19 PM

https://www.wsj.com/articles/black-cube-the-bumbling-spies-of-the-private-mossad-11560793198

"In 2017, a private investigator masquerading as an adviser to a wealthy Indian businessman blundered trying to dig up dirt on an outspoken Russia critic. An undercover operative unsuccessfully tried to prod a former Canadian judge to disparage Jews in the same year. Last year, agents were exposed engineering a smear effort against financier George Soros.

The would-be secret agents all worked for Black Cube, a private Israeli investigative firm often referred to in press reports as a “private Mossad.” ...

VinnyGJune 18, 2019 3:52 PM

Hmmm. I see the blatant (and probably bogus, possibly malicious) business solicitation from Luke Williams remains up. Because it is security-related :?>

AlejandroJune 18, 2019 4:10 PM

@Rachel

In a way, Facebook digital currency is a brilliant move.

What better way to get even more highly private and personal data from suckers? If FB is running the wallet they will have access to bank account numbers, social security numbers, real phone numbers, real names and who knows what that banks have on us, which they "share" ....profusely.


And of course, there will always be an opportunity to make everyone's $crypto bank balance simply disappear...oops!... with the only required response being..."gee, we are really sorry".

Worthy of a world class criminal mastermind in my view.

I don't much care for Mr. Z or his crew, but they sure are smart.

JoshJune 18, 2019 7:04 PM

@Clive Robinson wrote, "Behind all of this is the push not just by corporations but national governments towards de-anonymising people in every thing they say and do.

Back in the early days of what is now often called "Single Sign On" user convenience and ease of administration was pushed and pushed hard..."

The single-sign on had not gone away in any way shape or form.

It simply got moved down the stack a notch to the OS layer. Desktop Operating Systems like Windows and apparently Ubunutu are laden with online unique identifier mechanisms not unsimilar to that of third-party SSO. They are clever disguised and shared in what is known as "advertising identifier." The Mobile OSes already do this from a long time ago, as mobile identification is harder to obfuscate.

To make things worse, my crystal ball tells me the telcos are in, again, for some very nefarious dealings when it comes to personal identification.

JoshJune 18, 2019 7:10 PM

@Alejandro wrote, "What better way to get even more highly private and personal data from suckers? If FB is running the wallet they will have access to bank account numbers, social security numbers, real phone numbers, real names and who knows what that banks have on us, which they "share" ....profusely."

You should be aware that even foreign governments have access this these information too. This was covered in the various previous anti laundering bills pushed thru during the Obama era. Think of it this way, any foreign government can effectively "impersonate" an american citizen with the data our government made available to them thru various forms of compliance acts. This present a bigger security threat not quite on the level of terrorism but very close. Thus, sometimes I think perhaps my government really does not care about citizenry security.

RachelJune 18, 2019 11:22 PM

A90210

I consistently embarrass myself with my posts here. But, what's the story with the Willie Nelson + other music posts? It's not even pretending to be related to anything-the spam is more relevant.

Alejandro
RE: NWO currency
It's said the best way to rob a bank is to own one. It's a whole new level of absurdity, unprecedented. Of course, all the standard claims about 'third parties control it' 'no facebook information attached' etc. It may well become a useful litmus test for integrity or morons. Watch out for those celebrating it the loudest

Subscribe to comments on this entry

Leave a comment

Allowed HTML:

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Security.

Tag Card Inside Plastickeytag com Printing Key Plastic - With Tag Card Inside Plastickeytag com Printing Key Plastic - With
CR80 with an inside key tag is the most economical choice to make for your membership, loyalty or customer rewards program. A plastic printing industry leader since 1994, we print custom plastic...Plastic Key Tag Printing - Card With Inside Key Tag - PlasticKeyTag.com