Basically, they thrive in a high CO2 environment, because it doesn’t bother them and makes their prey weaker.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Ismar • June 14, 2019 6:22 PM
Analysis of the squid thriving with climate change is too short sighted as the increase in CO2 results in less pray available causing the feedback loop between predators and pray to decrease the squid numbers once again. On the other hand we also know that squids eat other squid even their own species so another dynamic may occur. Lastly, creatures like Blue Sharks and Sperm Whales may also benefit from the rise in squid numbers reducing the increase in the numbers in the first place
Sed Contra • June 14, 2019 7:53 PM
@Alejandro
track your location accurately from a range of inches
That’s why I set up an iOS shortcut/Siri command to shut Bluetooth and WiFi off, viz –
Siri, dive ! dive ! (while sounding an ooogah horn)
Nightmare • June 15, 2019 1:49 AM
Sleepy West Wakes Up
… the administration drive to counter Chinese influence at U.S. research institutions. The aim is to stanch China’s well-documented and costly theft of U.S. innovation and know-how.
Even something that is in the fundamental research space, that’s absolutely not classified, has an intrinsic value,” says Lawrence Tabak, principal deputy director of the NIH, explaining his approach. “This pre-patented material is the antecedent to creating intellectual property. In essence, what you’re doing is stealing other people’s ideas.”
As director of the Center for Public Health and Translational Genomics at the University of Texas MD Anderson Cancer Center Wu hasn’t been charged with stealing anyone’s ideas, but in effect she stood accused of secretly aiding and abetting cancer research in China, an un-American activity (funded by US taxpayer $$$) in today’s political climate. She’d spent 27 of her 56 years at MD Anderson in Huston.
A month after resigning, she left her husband and two kids in the U.S. and took a job as dean of a school of public health in Shanghai.
Does Chinese Communist Party Loyalty Comes Before Family?
Her actions prove the sleepy USA was ‘taken to the cleaners’ for many decades.
https://www.bloomberg.com/news/features/2019-06-13/the-u-s-is-purging-chinese-americans-from-top-cancer-research?srnd=businessweek-v2
Smelling Salts Anyone?
A Chinese-owned company is making circuit boards for the top-secret next generation F-35 warplanes flown by Britain and the United States, Sky News can reveal.
“We have been completely and utterly naive about the role of China and it is only now that people are beginning to WAKE UP,” said Sir Gerald Howarth, a former Tory defence minister.
Z.Lozinski • June 15, 2019 2:54 AM
@Alejandro,
The thing that concerns me about the proliferation of cameras in retail stores and banks is they provide a way to attack the chip-and-pin / EMV payment system. Position a camera so you can see payment terminals and you have access to a large percentage of the PINs entered. Combine with a skimmer and you are good for a magstripe fall-back attack. We do all remember the case where a UK retailer had to weigh all its payment terminals over the weekend to find the ones that had been compromised in the supply chain, don’t we?
Many years ago, a friend of mine was on a business trip with the head of one of the major ATM vendors. They stopped at a light, opposite an ATM, and the guy called out someone’s PIN as they entered it by watching the hand movements. OK, so it is a specialist skill, but we have learned that the wicked people specialise too.
Clive Robinson • June 15, 2019 4:41 AM
@ Z.Lozinski,
OK, so it is a specialist skill, but we have learned that the wicked people specialise too.
Yes I can remember @Bruce being surprised when I first mentioned photographing keys.
When I was young I did not need a camera I just memorized the pattern of leaver lock keys in my head and could cut them by hand with needle files. By 1976 I’d got a near compleat colection of Fire Brigade “FBx” keys. I then without knowing about “impressioning” reasoned it out for myself and got the rest of the FBx keys.
It was not for a decade or so untill chatting with an Ex-Convict turned security consultant that I found out that prisoners had learnt that trick years before which is why prison officers were taught to “shield their keys”.
Being or thinking “Hinky” as @Bruce describes it is a state of mind, you just look at a problem in a certain way and you see the holes. The thing is the more you do it the better it gets. I can not explain how the human mind does it, it just does. As I’ve mentioned before correctly designed hardware be it mechanical, electrical or electronic when drawn as blue prints, plans or circuit diagrams have a certain “beauty” to them when they are right. When you see something that looks even a little bit messy to down right ugly, you just know you are going to find to much complexity sloppy thinking or worse obvious errors. But more importantly from the security perspective that lack of “beauty” even just a little messy means there are probably vulnerabilities there.
I don’t know if the ability to see things that way is inate or not but most people either don’t have it or have not developed it whilst young.
Oh it also works in software. Most diagraming techniques if you take the time to learn how to use them effectively help show “bad code”. The fact this gets discoraged by various modern software development techniques –some of which are just bullying / humiliation / power rituals– might have something to do with the defect rates we see in modern code.
It also works for one off projects and similar, where you use the idea of “story boarding” or as was once called “Rich Pictures” thay don’t need to be works of art but they do help spot where things need to be done and importantly by when.
The visual cortext is –without meaning to make a pun– the biggest window into the brain, also perhaps more importantly it deals easily with multidimensional input. Maybe in some it is more developed and thus pictures enable us to see two or more dimensionaly problems that most only think of serialy.
As for being “wicked” in a lot of cases it’s more a state of mind than an actuality. Society makes up rules for good or bad usually at somebodies whim. These days often so that they can gain an advantage over others in the rent seeking game where winners get the scarcer and scarcer assets and loosers get to pay over more and more of their labour just to stay afloat.
Thus you have the ridiculous interpretation of some rules by the guard labour to some, and likewise non application of clear rules to others. More often these days however rules are designed to be of the sort where a crime is where somebody says it is. We call the broad in scope, but their actual intent is for arbitary punishment.
There is supposedly that distinction between having a “Public duty” (criminal) and “Private duty” (tort). Where rule bending happens, a lot these days, thus for similar actions some have their actions seen as criminal others as torts. The deciding factor appears to be “status” of the person.
In theory criminal activities get treated in a “Public way” that is by incarceration or community service. Whilst torts are treated in a “Private way” by the transfer of money. But we see the downgrading of crimes to fines with the rich and “entitled” buying their way out easily for a trivial percentage, whilst the poor and “unentitled” find their fines are set quite deliberatly beyond their means thus become crimes on non payment, and any assets they might have aquired get taken away from them to be sold frequently to the advantage of rent seekers.
So where do you see the real wicked minds?
It’s a question I find I ask myself more and more frequently these days…
Anders • June 15, 2019 5:03 AM
This is more or less security too…regarding our planet…
VinnyG • June 15, 2019 9:04 AM
@Alejandro re: BT surveillance – Easy enough to switch of BlueTooth in most phones. If it might be needed for some phone-based checkout activities (I use non eof that) easy enought to turn it back on for just the duration of that. If you use BT in your car and leave your phone powered on in the vehicle while you shop, you might want to consider disabling BT while you are away from it. I suspect there are potential attacks that could be attempted to surreptitiously access the phone under those circumstances. Can you state in general terms the location of the Walmart with check-out cameras, and whether it was cashier line or self-check-out? I sometimes purchase cash cards at WM for the purpose of making anonymous on-line transactions, so it is a slight concern.
@sed contra – As an inverterate cheapskate and smartphone skeptic, I don’t have anything nearly as soophisticated as an iPhone, I use a cheap BLU device over Ting with as much non-essential apps and settings crap stripped out as possible. It is, however, a no more than 3 second task to turn BT off or on. I rarely have any use for phonw WIFI, so that remains disabled…
Anders • June 15, 2019 10:19 AM
Any Radiohead fans here? 🙂
https://www.hackread.com/radiohead-from-ok-computer-hacked-refuses-to-pay-ransom/
ThirtyNine • June 15, 2019 11:14 AM
Google TV Forces Data-Mining and Targeted-Advertising
Spend $4,000 on an expensive Sony TV. Power-up for a nasty surprise as Sony will NOT allow owners to use their new TV without mandatory acceptance of Google’s deceptive and intrusive Terms of Service.
Do I need to agree to Google’s Terms of Service and Privacy Policy?
https://www.sony.co.uk/electronics/support/articles/00114157
Most newer Sony TVs use the Android TV smart-TV system, and during setup you’re asked to click Yes to agreements with three separate companies: Google, Sony, and an ACR provider called Samba TV.
Mandatory Forced Targeted Advertising
Google has pushed an update to some Sony TVs that run the Android Oreo update. This update adds a row of Google Sponsored Content in the second row of the home page. Unlike the existing sponsored content, this row cannot be removed.
https://www.rtings.com/tv/learn/ads-in-smart-tv#remove-sony-ads
These are desperate times indeed.
Whatever happened to opt-in and opt-out choice? Where is GDPR when you need it?
Sed Contra • June 15, 2019 11:32 AM
@ThirtyNine
TV
I was freed when I realized
TV = nothing to watch
cable TV = one thousand channels and nothing to watch
vas pup • June 15, 2019 11:43 AM
Fake video created and tuned by AI:
https://www.pbs.org/newshour/show/june-12-2019-pbs-newshour-full-episode
Starting at minute 40 to minute 51.
Very informative! For possible future vector of attack 2020 election – I guess.
Alejandro • June 15, 2019 12:59 PM
@Sed Contra
I have heard about innovative uses of the SIRI shortcut commands. However, according to the cited article:
“…last year, investigators at Quartz found that Google Android can track you using Bluetooth beacons even when you turn Bluetooth off in your phone.” Ouch!
Trying to get google out of your life is really hard. Harder than FB. I now use DuckDuckGo and Startpage for searches, but their maps are not up to snuff. Besides, google is everywhere.
@Z.Losinski
I have wondered why MS, Google, Amazon and the rest would NOT simply log all of our PIN numbers, passwords and so on just like they collect everything else. Certainly their privacy statements would allow it.
As for stores recording our pin numbers via loggers or cameras….why not? Who would stop them? All they need to say is “it’s for store security”. Case closed.
@VinnyG.
See above, there is a way to track you even if BT is turned off. Apparently, it’s done via other installed apps. Meanwhile, at least on my iPhone, when you switch off BT, it’s only good for 24 hours, then auto switches back to “on”. I’ve wondered about that sometimes. Why?
The cams at Walmart and Target are (at least) at the self serve checkout stand. When you slide your card, you can see yourself in a small monitor while doing the transaction. Thus, there is a video recording of every purchase. This is when I usually get an uncontrollable urge to scratch my nose with my middle finger.
If they have them, you WILL see them for sure.
BTW, the article notes,
“Most people aren’t aware they are being watched with beacons, but the “beacosystem” tracks millions of people every day. Beacons are placed at airports, malls, subways, buses, taxis, sporting arenas, gyms, hotels, hospitals, music festivals, cinemas and museums, and even on billboards.”
“They” are everywhere. Almost.
I’m thinking leave the phone in the car and off. Or maybe get one of those Faraday phone cases. Maybe, for father’s day!
Sed Contra • June 15, 2019 2:01 PM
@Alejandro
according to the cited article. … Quartz
Thanks! The Quartz article https://qz.com/1169760/phone-data/ doesn’t seem to reference iOS, but doubtless a salutary warning. Switches on devices are just ways to input parameters to software, which treats them as a merely a suggestion.
Confirming again the determined deviousness and unbounded contempt for persons displayed by these companies.
All this is killing the romance of computing!
Sherman Jay • June 15, 2019 2:07 PM
The Russian threat to u.s. elections is small compared to what u.s. voting machine companies are doing:
https://www.motherjones.com/politics/2019/06/a-researcher-found-a-bunch-of-north-carolina-voting-machine-passwords-online/
Most of the machines in the u.s. are crap: either ancient, or easily hackable, or not truly auditable.
And voter suppression, gerrymandering and vote tampering by certain ‘red-tinted’ corporate and government people is a huge factor in election fraud. Read about states like Georgia and N. Carolina in last election cycle.
@Alejandro
I made this comment to the NYT: Why not a constitutional amendment prohibiting collecting and correlating data about citizens by any means, electronic or otherwise, for commercial purposes of any kind?
Sherman Jay • June 15, 2019 2:23 PM
And,
https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html
Since the two major corrupt powers are playing these games with the power grid, who knows if I will get to finish this message if the power goes ou. . . . .
Alejandro • June 15, 2019 2:39 PM
@H
Re: “…constitutional amendment prohibiting collecting and correlating data…”
I am quite convinced Congress will never make an appropriate response to corporate mass surveillance; let alone pass a very difficult amendment to the Constitution. Pick a reason: incompetent, bought off, too stupid. They all seem to fit at various times.
We as the people cannot even mount a judicial challenge because so much of what they do is in secret, secretive or literally blocked by other laws.
The EU and a few state legislatures seem willing to sling a stone at Goliath. Let’s hope they slay the beast, soon.
In the meantime all we can do as individuals is:
Resist!
15 June 2019 00:00:00 • June 15, 2019 4:13 PM
@Sherman Jay
From your NYTimes link:
“U.S. Escalates Online Attacks on Russia’s Power Grid
WASHINGTON — The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said.
In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.
[…]
But now the American strategy has shifted more toward offense, officials say, with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before. It is intended partly as a warning, and partly to be poised to conduct cyberstrikes if a major conflict broke out between Washington and Moscow.
The commander of United States Cyber Command, Gen. Paul M. Nakasone, has been outspoken about the need to “defend forward” deep in an adversary’s networks to demonstrate that the United States will respond to the barrage of online attacks aimed at it.
[…]
But finding ways to calibrate those responses so that they deter attacks without inciting a dangerous escalation has been the source of constant debate.
Mr. Trump issued new authorities to Cyber Command last summer, in a still-classified document known as National Security Presidential Memoranda 13, giving General Nakasone far more leeway to conduct offensive online operations without receiving presidential approval.
But the action inside the Russian electric grid appears to have been conducted under little-noticed new legal authorities, slipped into the military authorization bill passed by Congress last summer. The measure approved the routine conduct of “clandestine military activity” in cyberspace, to “deter, safeguard or defend against attacks or malicious cyberactivities against the United States.”
Under the law, those actions can now be authorized by the defense secretary without special presidential approval.
“It has gotten far, far more aggressive over the past year,” one senior intelligence official said, speaking on the condition of anonymity but declining to discuss any specific classified programs. “We are doing things at a scale that we never contemplated a few years ago.””
15 June 2019 00:00:00 • June 15, 2019 4:56 PM
@Alejandro
“… there is a way to track you even if BT is turned off. Apparently, it’s done via other installed apps. Meanwhile, at least on my iPhone, when you switch off BT, it’s only good for 24 hours, then auto switches back to “on”. I’ve wondered about that sometimes.”
You might try turning off Wi-Fi or Bluetooth in Settings, not using swipe down diaganal with iOS. AFAIK Wi-Fi and Bluetooth will then stay off until you turn them back on in Settings. A long time ago, I think, Wael pointed out this change in iOS functionality with some iOS update.
from your OP:
“Even if you did know which companies have access to your beacon data, there’s no way to know what kind of data is collected through the app. It could be your micro-location, dwell time or foot traffic, but it can also include data from the app, such as your name, and your app data can be combined with other data sets compiled about you by data brokers. There is simply no transparency.
To protect yourself from beacons in the short term, you can delete any apps that may be spying on you — including apps from retailers — and shut off location services and Bluetooth where they are not needed. You can also follow The Times’s guide on how to stop apps from tracking your location. For Android users, the F-Droid app store hosts free and open-source apps that do not spy on users with hidden trackers.
Most of our concerns about privacy are tied to the online world, and can feel theoretical at times. But there is nothing theoretical about Bluetooth beacon technology that follows you into retail stores (and other venues) and tracks your movement down to the meter.”
links from your OP:
https://www.nytimes.com/2018/12/10/technology/prevent-location-data-sharing.html
https://qz.com/1169760/phone-data/
“When Off Means On
Google can still use Bluetooth to track your Android phone when Bluetooth is turned off”
SpaceLifeForm • June 15, 2019 4:57 PM
@Taz
In re Cellebrite
“Please disconnect AC and wait for the system to compute battery initialization”
(this, on a battery dead Cellebrite device)
Does that give you a clue as to how low level the backdoors are buried in silicon or not?
And, WTF is battery initialization anyway?
Smells of hidden battery (in the battery), along with flash, ram, all built in to the ‘battery’.
Same absolute attack built into your ‘smart’ phone.
Try pulling your battery on your phone (if possible), no charger, wait 12 hours.
Clock still close?
Keep going.
Eventually, the clock will reset.
SpaceLifeForm • June 15, 2019 5:23 PM
@all
Sorry, typo
s/compute/complete/
Not sure much difference.
lurker • June 15, 2019 8:57 PM
@ Sed Contra
Siri, dive ! dive ! (while sounding an ooogah horn)
I find it amusing to watch the puzzled looks on spectators anytime I need Bluetooth on, and have to dig thru the layers of Settings> > >
@ VinnyG
re: BT surveillance – Easy enough to switch of BlueTooth in most phones.
and probably easy enough for some app you haven’t been deep enough in Settings, to turn it back on. As the qz article says there are Settings> Location, or Settings> Security, or … but what about SomeRandom.app>Settings>GuessWhich>Allow me to turn on BT when I want. On my Android device I have Settings>Bluetooth>Visibility>Visible Only to Paired Devices… but I’m not sure if I understand what that does.
I recently got an OTA firmware update from the vendor which flushed out his perfectly workable basic browser, and gave me Chrome instead. I’ve been thru all the obvious Settings to clip its wings, but in spite of my locking down Location Services, whenever Chrome starts, it turns on stuff I’d turned off. I liked my iPod Touch, an iPhone without the phone, but Apple kept making it harder to put my own files on and off the device, so I jumped ship. Ggl/Android don’t care what I do with the device, so long as they know where and when I did it, with whom, and how much I paid…
Taz • June 15, 2019 9:08 PM
were able to extract an RSA 2048-bit signing key from an OpenSSH server using only user-level permissions. I
Taz • June 15, 2019 9:18 PM
@Alejandro
We must poison all their data. Just like taking a piss on it.
About as much fun as running up huge mail bills for these clowns who send you prepaid envelopes. You know damn well employees won’t take the initiative to get that postage back.
Will • June 16, 2019 7:53 AM
I’ve investigated user security for the new promiscuous/automatic connection Wi-Fi 6 and Hotspot 2.0 Internet Access Networks.
https://www.wi-fi.org/discover-wi-fi/passpoint
The first red-flag warning is the The Wi-fi.org allows Google eavesdropping for Google’s benefit.
https://www.wi-fi.org/discover-wi-fi/passpoint
Improved Wireless Connection Security
Hotspot Operators may provide Hotspot 2.0-based free, public, hotspot service. In this particular service, Hotspot Operators have the need to ensure hotspot users have accepted the terms and conditions governing their hotspot’s use, but are not interested in knowing (or do not wish to know/track) any particular user’s identity.
If the user accepts the terms and conditions, the OSU server issues a credential. Note that the SAME credential is issued to all users which have accepted the terms and conditions; therefore, the Hotspot Operator cannot track the identity of an individual user during the Hotspot 2.0 Access state.
Local Untrusted Network Privacy and Security
Most notably, there ZERO mention of user security within the local connected untrusted WLAN. That is, who is potentially data-mining packets before being sent-on to the Internet ISP (who is also performing deep-packet inspection).
With virtually zero hits, Internet searches have obviously been sanitized on this sensitive user-security subject[1]. But there was one:
‘The biggest problem is that WLAN authentication in such a scenario tells you nothing about the identity or security of… the WLAN. Users authenticate with their identity provider’s RADIUS servers, and the result is strong encryption in the air, but no guarantee of security on the wired network. They don’t get any information about the identity of the wired LAN that their bits are traversing, because the authentication is abstracted away from the network they are using. HS2.0 provides no identity verification of the network that users are actually using.’
https://framebyframewifi.net/category/hotspot-2-0/
Lets delve into an example using the ‘tech savvy’ City San Francisco Hotspot 2.0 [2]:
San Francisco Hotspot 2.0 Terms of Service and Privacy Policy:
‘Notwithstanding the foregoing, City of San Fransisco may record information about usage of Service, such as when and for how long the Service is used and the frequency and size of data transfers. City may also collect information about the geographic locations of the City Wi-Fi nodes through which users connect to the Service. The City will use this information for its own purposes only.’
This is actually a laughable embarrassing substandard Privacy Policy as it makes NO mention of partner Google performing data analytics and then using the tracking data for its own commercial purposes.
Since this is not a charity[3], citizen data is required to subsidize the building and maintaining of these towers.
The reality is Google is in competition with coming co-located 5g cellular networks.
But irregardless, it must generate income by selling location based advertising (for example San Francisco Park #23).
By design, the name Google isn’t Internet searchable here as the sole passing mention is buried at the end of the City’s PDF document.
11. Are there plans to expand the Free Public Hotspot 2.0 service beyond Market St.?
The Department of Technology is working with t he Department of Recreation and
Parks and GOOGLE to install Hotspot 2.0 service in n 31 neighborhood parks.
https://sfgov.org/sfc/terms-service
Is Google free to change the terms of service at will?
Predicted update: We take your privacy seriously… to serve you personalized ads. You must accept our terms to use this network. Coming soon to a City Park near you!
Solution
A VPN is even more so mandatory when using any public network
Danger Will Robinson
Wifi 6 is more about automatic connected convenience to unknown, untrusted networks
Unless the device owner is proactive and technically competent, it also greatly expands consumer eavesdropping, advertising insertion and tracking.
A security agencies playground: install Malware upon entry using the airports official network, then uninstall it at departure. No one will ever know
[1] In recent court testimony, Facebook would argue that there is no expectation of privacy for anyone using any quasi-public network. (I agree that they too will, without question data-mine over Hot-spot 2.0 connected WLAN).
[2] Like public libraries, city Parks customer service staff is totally unaware that Google is ‘running the show’ sight unseen
[3] Toronto’s Smart City advisory board quit over Google’s lack of transparency and deceptions. Is San Francisco any ‘smarter’?
Clive Robinson • June 16, 2019 9:20 AM
@ Will,
Behind all of this is the push not just by corporations but national governments towards de-anonymising people in every thing they say and do.
Back in the early days of what is now often called “Single Sign On” user convenience and ease of administration was pushed and pushed hard…
However it did not realy take off at the time for various reasons. Two of which were basically battles over who got the big slice of the online pie, and government systems were associated with the “Papers Please” of National ID cards through the back door and making “Police States” easier (think about the Chines “social credit rating” as an example).
Unfortunately too many people focused on the Government / Police State asspect than the Corporate / data minining / Police State aspect (via third party business records and NSL based “bulk collection” and later legislation).
So various major silicon valley Corps fought it out for the “single Sign On” title belt.
Thus anyone who considers using any kind of “Single Sign On” is playing into the hands of the data aggregators.
Perhaps it’s time our host @Bruce did an op-ed on the societal dangers of SSO systems and added a caution about their near equivalent of “Online Password Managers”.
15 June 2019 ...... • June 16, 2019 9:52 AM
https://www.npr.org/2019/06/13/732320853/hackers-demanding-ransoms-paralyze-city-computer-systems-in-the-u-s audio (37:41) & transcript
“As we become increasingly dependent on sprawling computer networks, we’re increasingly vulnerable to hackers who exploit weaknesses in them. A recent trend is cyberattacks on American cities. Last year, hackers in Dallas gained the ability to turn on tornado sirens at will. And for weeks, the city of Baltimore has struggled to revive computer systems paralyzed by hackers demanding money.
Our guest, New York Times cybersecurity correspondent Nicole Perlroth, says even more troubling is the fact that the Baltimore hackers used stolen cyberweapons originally developed by the U.S. National Security Agency. Perlroth has reported on the proliferation of cyberweapons used by countries against each other, by hackers against governments and corporations and by private security firms willing to give clients digital espionage capabilities for the right price. Perlroth has also reported on concerns about interference in the 2020 presidential campaign and evidence that voting technology may have been hacked in one swing state in the 2016 election. I spoke to her yesterday.
Nicole Perlroth, welcome to FRESH AIR. We’ve seen cases where cities have suffered cyberattacks. One of the best known as Baltimore. Let’s take that as an example. What happened?”
No One • June 16, 2019 10:30 AM
@ everyone
We are clearly moving towards a world in which everyone is collected upon constantly.
This does not bode well.
Who? • June 16, 2019 11:30 AM
RAMBleed
A new hardware vulnerability related to Rowhammer, but compromises confidentiality not integrity:
The Pull • June 16, 2019 11:44 AM
Masks Cash and Apps: How Hong Kongs Protesters Find Ways to Outwit the Surveilliance State
Alejandro • June 16, 2019 1:39 PM
@The Pull
I read the fascinating article outlining the lengths Hong Kong protesters take to hide themselves from their own surveillance state. Wisely so. It saddens me to realize Americans are being watched at least as closely by the corporate-police state here and for the most part could care less.
Truly it’s a world wide phenomenon for governments and corporations to track us simply because they can and there is no way and no one to stop them.
My experience has been individual resistance efforts are a losing game of whack-a-mole. Just when you think you got them beat in one place, they pop up with new nasty trick in another. And they lie a lot about it, too.
There are a lot of very smart people playing this game and the prizes are vast power and riches.
Doesn’t mean we should quit. Instead, we should try harder.
A90210 • June 16, 2019 3:56 PM
IIRC the Opera had a hard time keeping the audience’s attention, especially following Leonore Overture No. 3. I once knew a professor that would whistle parts of it.
https://www.youtube.com/watch?v=RpCNGTRvQVI
Beethoven: “Leonore” Overture No. 3 / Böhm Wiener Philharmoniker (1977 Movie Japan Live)
also Georg Solti conducting the Chicago Symphony Orchestra (Decca)
https://cso.org/uploadedFiles/1_Tickets_and_Events/Program_Notes/061510_ProgramNotes_Beethoven_LeonoreOverture3.pdf (pdf) program notes
65535 • June 17, 2019 2:25 AM
@ Alejandro
“…the article suggests a whole new wave of precise invasive tracking in public buildings has started, using cell tower data, GPS and now in store Bluetooth trackers that secretly communicate with your phone…”
Yes, it been honed to a fine art. You are being tracked and cataloged.
@ ThirtyNine
“Spend $4,000 on an expensive Sony TV. Power-up for a nasty surprise as Sony will NOT allow owners to use their new TV without mandatory acceptance of Google’s deceptive and intrusive Terms of Service.”
Yep, that is Sony for you. They scam you six ways to Sunday. I recall Sony cleverly widely spreading on of the largest ATP via music CDs. When Sony and Giggle team up it is a witches brew.
@ Sed Contra
“I was freed when I realized… cable TV = one thousand channels and nothing to watch”
That is my experience also. Once, I realized I was watch a litany of misery and death on the evening news – only move to more useless hour long info-mercials, I just quit watching TV. It has been over 5 year of zero TV watching… or freedom. I am happier for it.
@ Clive Robinson
“Yes I can remember @Bruce being surprised when I first mentioned photographing keys [key stroke recording]…”
I agree, it is probably done all the time… cough with credit card skimming in mind. The only quick semi-solution I can think of is covering the key pad with your hand [The Brian Krebs trick].
@ all posters on the blue tooth tracks via cell phones trick – it has come up on this blog before.
I and my better half have found a blunt but fairly effective method of stopping all radio signals. It is Clive Robinson’s suggestion of a Faraday cage.
My better half with nimble fingers has found that very thick tin foil wrapped around a cell phone can work stop radio signals.
She wraps the heavy metal foil around it sort of coffin shape. She cuts the case in half and uses an odd folding process to form a lip on the upper half. The bottom case slides on. Next, the upper case with the lip overlapping the bottom case seems to stop most if not all of the radio signals – including the microwave or higher spectrum. She puts it in her clutch or purse and is able to open and close the case is seconds flat.
When the tin foil coffin is damaged she just makes a new one. It is not too expensive cost wise
The second benefit is some cell phones can turn on the browser and use a lot of wifi bandwidth – increasing bills while not watching said cell phone carefully.
That is a billing scam. Putting a halt to the radio signal can help on the metered bandwidth use side of things.
She also requires the neighbor’s kids to put their cell phone is thick metal cooking pot. This works to block RF signals. This helps stops the camera pranks by those kids.
I am not sure how hard on the cell phone battery it is. But, taxing the batter is of little consequence for more privacy. It somewhat like the RF bags they sell on E-bay.
@ SpaceLifeForm
“You assume those radios are really off.”
Very good observation.
I believe that various parts of a cell phone can be flipped on by TLAs, LE, or big corporate stores. It is hard to prove – but makes sense with the “collect it all” mentality of the TLAs in the USA.
I really don’t think anybody should trust turning off the BT a some apps and actually expect the BT connection turn off. That also goes for the cell phone to cell tower connection.
Threads on the RF blocking idea:
“…Clive R. talks extensively about air- gapped computers, and the ways to defeat such defenses. I have even tried to bring the faraday cage down to the local apartment or home by using metal pots to contain kids cell phones. It harder than expected. Here is a set of post regarding using a house pot as a faraday cage. Some cooking pots work and others don’t work. See set of links below…”-65535
https://www.schneier.com/blog/archives/2015/03/now_corporate_d.html#c6690815
[and]
“…I find my “no cell phone” at this house policy helpful. Things are more peaceful. There is not that aggravating twinge when some kid’s cell phone loudly rings. The irritation is now moved to his parents house…”-65535
https://www.schneier.com/blog/archives/2015/03/survey_of_ameri.html#c6692568
Bruce Schneier • June 17, 2019 5:27 AM
I just deleted 13 comments, mostly about Middle East politics and policy. Come on, people, I know you know better. (Clive, I’m looking at you….)
Maxwell's Daemon • June 17, 2019 6:07 AM
Obviously wouldn’t work for most anyone else but my simple expedient vis-a-vis is simply not to have a phone at all. Even the VA has become reconciled to sending a letter or, as I put it: “Send me an email, I might get back to you.” There is absolutely nothing in this world that requires a drop everything, this needs immediate attention.
RE: Television. I’ve dropped it here as well.
Lastly, war with Iran. Anyone sane who has bothered to examine the terrain, logistics required, and sociological/anthropological dimensions of Iranian society with respect to an invasion knows that you don’t even want to consider going there. Ever. Even the Soviets at their worst (most powerful) took a look at it well before Afghanistan and told their leadership that such an invasion would be sheer insanity and they were literally next door neighbors.
MarkH • June 17, 2019 10:22 AM
Here’s a fun story … about a not funny subject.
https://bgr.com/2019/06/17/genius-vs-google-lyrics-results-on-search-copied-from-lyrics-site/
Genius (a song lyrics site) used simple watermarking to prove that Google is stealing their work.
MarkH • June 17, 2019 7:05 PM
Some months ago on a squid post, we discussed the possibility that the U.S. Supreme Court might prevent states from effectively duplicating federal prosecutions.
Whether such double prosecutions are constitutional was the question put before the Court by U.S. v. Gamble.
Today, for good and for ill, the Court ruled 7-2 that yes, such “double jeopardy” may continue. The dissenters were Ginsburg and Gorsuch.
Here’s a Slate article by a law reporter who’s obviously dissatisfied by the outcome.
For those concerned about rule of law, this decision just might mean that the U.S. President’s ability to obstruct justice using his pardon power could be rather less, than it would have been with an opposite ruling.
CallMLateForSupper • June 18, 2019 1:29 PM
@Clive
The Sanctions Committee met to render judgement on your most recent indiscretion. They found @Bruce’s charge to be credible. Accordingly, your were sentenced to 50 (fifty) lashes about the head and fin with an over-cooked noodle. The offense being aggravated in nature, the aforementioned punishment is to be accompanied by heckling supplied by the full cast of Monty Python.
May &Diety have mercy on your epidermis.
A90210 • June 18, 2019 2:39 PM
@Ismar
I never saw the movie Syriana based, in part, on Baer’s book . IIRC the book See No Evil reconstructed the US Embassy bombing in Lebanon in great detail and in my opinion is a good read.
IIRC I read a novel, too, by Robert Baer a long time ago. Based on his Wikipedia page he appears to have one novel Blow the House Down. That may have been it. IIRC it was a gripping page turner until the end when it fell apart, IMO, perhaps because of trying to resolve too many good threads. It’s about ten years since I read it and still recommend it, if you don’t care about endings.
IIRC there was a scene where the FBI had to follow a suspect into Harlem, or the like, on short notice. Realizing their race, shoes, Ohio State sweatshirts, etc, would blow their cover they rapidly got the CIA involved …
A90210 • June 18, 2019 2:50 PM
From the text below: ” In chilling detail, Ostrovsky asserts that the Mossad refused to share critical knowledge of a planned suicide mission in Beirut, leading to the death of hundreds of U.S. Marines and French troops.”
https://www.amazon.com/Way-Deception-Making-Mossad-officer/dp/0971759502
The # 1 New York Times best seller the Israeli foreign intelligence agency The Mossad tried to ban. The making of a Mossad officer is the true story of an officer in Israel’s most secret agency. The first time the Mossad came calling, they wanted Victor Ostrovsky for their assassination unit, the kidon. He turned them down. The next time, he agreed to enter the grueling three-year training program to become a katsa, or intelligence case officer, for the legendary Israeli spy organization. By Way of Deception is the explosive chronicle of his experiences in the Mossad, and of two decades of their frightening and often ruthless covert activities around the world. Penetrating far deeper than the bestselling Every Spy a Prince, it is an insider’s account of Mossad tactics and exploits. In chilling detail, Ostrovsky asserts that the Mossad refused to share critical knowledge of a planned suicide mission in Beirut, leading to the death of hundreds of U.S. Marines and French troops. He tells how they tracked Yasser Arafat by recruiting his driver and bodyguard; how they withheld information on the whereabouts of American hostages, paving the way for the Iran-Contra scandal; and how their intervention into secret UN negotiations led to the sudden resignation of ambassador Andrew Young and the downfall of his career. By Way of Deception describes the shocking scope and depth of the Mossad’s influence, disclosing how Jewish communities in the U.S., Europe, and South America are armed and trained by the organization in secret ?self-defense? units, and how Mossad agents facilitate the drug trade in order to pay the enormous costs of its far-flung, clandestine operation. And it portrays a network that has grown dangerously out of control, as internal squabbles have led to the escape of terrorists and the pursuit of ?policies? completely at odds with the interests of the state of Israel. This document is possibly the most important and controversial book of its kind since Spycatcher.
Clive Robinson • June 18, 2019 2:53 PM
@ CallMLateForSupper,
is to be accompanied by heckling supplied by the full cast of Monty Python.
Two good things,
1, I’m not a lumberjack,
2, I don’t go into town on Wednesdays.
As for wet noodles, hmm with or without soy sauce?
vas pup • June 18, 2019 2:59 PM
Hacker conference speaker axed over abortion views:
https://www.bbc.com/news/technology-48662816
“Jennifer Granick, legal counsel for the American Civil Liberties Union, asked what other views would disqualify someone from speaking at the conference.
In a tweet, she asked: “Should Black Hat now ask potential speakers for their views on abortion, or is it fine so long as we don’t know?”
I just see this as Thought Police of new age when function of TP is going now to non-government field.
That conference is NOT about abortion or even technology used during abortion or/and pregnancy.
I just want to remind all vivid example out of the world history when professionalism/expertise was overridden by demographics. In Nazi Germany Hitler and his regime ousted many prominent German scientists in nuclear physics just because of their Jewish ancestry. They could make atomic bomb for Germany, but substantially helped to create it for US.
If somebody decided that some features (demographics, political views, you name it)unrelated to the critical IT security craft/expertise are more important, then I am afraid we are going to repeat bitter experience (see above) in the cyber war.
In critical fields like this we cannot afford political correctness to such extreme to jeopardize national security.
By the way, I don’t share extreme views on abortion neither from right nor from left. Both sides views have own merits on the subject but when push to extreme lose them.
Rachel • June 18, 2019 3:01 PM
Some discussions highlighting the fugazi snafu aka Facebook digital currency Nacho Libre
https://twitter.com/TheStalwart/status/1140907901156020224
The white paper (As I said, these links highlight the…)
https://libra.org/en-US/white-paper/#the-libra-blockchain
Facebook’s new global currency is a totally insane idea. It’s like a private global International Monetary Fund run by techbros, except it needs reserves so it’ll need a giant bailout during a crisis.
— Matt Stoller (@matthewstoller)
Clive thankyou for your thoughtful enquiry. Grateful for your input as ever. How is the legal process, which I seem to recall was anti-trust oriented?
A90210 • June 18, 2019 3:16 PM
https://www.rollingstone.com/music/music-country/willie-nelson-new-album-ride-me-back-home-827502/
“Willie Nelson Details His New Album ‘Ride Me Back Home’
Days before his 86th birthday, the ever-prolific Nelson takes us inside ‘Ride Me Back Home,’ which mixes darkly funny originals with surprise covers
Let me play some of it for you,” said Willie Nelson on a recent afternoon at his Texas home. The singer was talking about his new album, Ride Me Back Home, which he announced today, just three days shy of his 86th birthday. The move proves that Nelson is as prolific as ever; just six months ago, he released his Grammy-winning Frank Sinatra tribute album My Way. …”
A90210 • June 18, 2019 3:19 PM
https://www.wsj.com/articles/black-cube-the-bumbling-spies-of-the-private-mossad-11560793198
“In 2017, a private investigator masquerading as an adviser to a wealthy Indian businessman blundered trying to dig up dirt on an outspoken Russia critic. An undercover operative unsuccessfully tried to prod a former Canadian judge to disparage Jews in the same year. Last year, agents were exposed engineering a smear effort against financier George Soros.
The would-be secret agents all worked for Black Cube, a private Israeli investigative firm often referred to in press reports as a “private Mossad.” …
VinnyG • June 18, 2019 3:52 PM
Hmmm. I see the blatant (and probably bogus, possibly malicious) business solicitation from Luke Williams remains up. Because it is security-related :?>
Alejandro • June 18, 2019 4:10 PM
@Rachel
In a way, Facebook digital currency is a brilliant move.
What better way to get even more highly private and personal data from suckers? If FB is running the wallet they will have access to bank account numbers, social security numbers, real phone numbers, real names and who knows what that banks have on us, which they “share” ….profusely.
And of course, there will always be an opportunity to make everyone’s $crypto bank balance simply disappear…oops!… with the only required response being…”gee, we are really sorry”.
Worthy of a world class criminal mastermind in my view.
I don’t much care for Mr. Z or his crew, but they sure are smart.
Josh • June 18, 2019 7:04 PM
@Clive Robinson wrote, “Behind all of this is the push not just by corporations but national governments towards de-anonymising people in every thing they say and do.
Back in the early days of what is now often called “Single Sign On” user convenience and ease of administration was pushed and pushed hard…”
The single-sign on had not gone away in any way shape or form.
It simply got moved down the stack a notch to the OS layer. Desktop Operating Systems like Windows and apparently Ubunutu are laden with online unique identifier mechanisms not unsimilar to that of third-party SSO. They are clever disguised and shared in what is known as “advertising identifier.” The Mobile OSes already do this from a long time ago, as mobile identification is harder to obfuscate.
To make things worse, my crystal ball tells me the telcos are in, again, for some very nefarious dealings when it comes to personal identification.
Josh • June 18, 2019 7:10 PM
@Alejandro wrote, “What better way to get even more highly private and personal data from suckers? If FB is running the wallet they will have access to bank account numbers, social security numbers, real phone numbers, real names and who knows what that banks have on us, which they “share” ….profusely.”
You should be aware that even foreign governments have access this these information too. This was covered in the various previous anti laundering bills pushed thru during the Obama era. Think of it this way, any foreign government can effectively “impersonate” an american citizen with the data our government made available to them thru various forms of compliance acts. This present a bigger security threat not quite on the level of terrorism but very close. Thus, sometimes I think perhaps my government really does not care about citizenry security.
Rachel • June 18, 2019 11:22 PM
A90210
I consistently embarrass myself with my posts here. But, what’s the story with the Willie Nelson + other music posts? It’s not even pretending to be related to anything-the spam is more relevant.
Alejandro
RE: NWO currency
It’s said the best way to rob a bank is to own one. It’s a whole new level of absurdity, unprecedented. Of course, all the standard claims about ‘third parties control it’ ‘no facebook information attached’ etc. It may well become a useful litmus test for integrity or morons. Watch out for those celebrating it the loudest
name.withheld.for.obvious.reasons • June 19, 2019 2:49 AM
If not already explored, I believe there is an alignment–not political or social–but one of the “transactional space”. It is the winner-take-all belief by both western and eastern cultural respecting the control and management of the “WeChat” or “USChat” systems. Rhetoric is couched in political terms but it is simply the nation-state that succeeds in defining the transactional nature of human experience. We are all being boiled down, welcome to the frog overlord.
CallMeLateForSupper • June 19, 2019 10:02 AM
@Clive
“As for wet noodles, hmm with or without soy sauce?”
That was not revealed, but I would guess that you take your lashes cold and sodium-free. Judging from the fact that “bidness” cuts costs to – and through – the bone, there will be no sauce and the noodle will be virtual.
Sherman Jay • June 19, 2019 11:42 AM
Regarding the numerous comments above regarding security of personal communication and info please see:
Published on Wednesday, June 19, 2019 by Common Dreams
Critics Lament as 126 House Democrats Join Forces With GOP to Hand Trump ‘Terrifying’ Mass Domestic Spying Powers
“The Democrats who voted against this common sense amendment just threw immigrants, LGBTQ folks, activists, journalists, and political dissidents under the bus by voting to rubberstamp the Trump administration’s Orwellian domestic spying capabilities.”
And, I think we all agree it is not just those groups, we are all being spied upon by abusive government and abusive corporations.
We don’t need to take advantage of the Special Sale on heavy-duty foil for lining our hats!
Who? • June 20, 2019 7:30 AM
Workstations without Intel Management Engine
I had been looking at the new set of workstations offered by Dell, like the Precision 3431. They are now selling a small-form factor workstation with an interesting management choice: no out-of-band management (ok, nothing new here, they have been selling these machines for years) and no Intel Management Engine (ME).
Now if they sell processors without speculative execution… I am not a big fan of patching speculative execution to make it “safe.”
These machines look HAP-ready.
A90210 • June 20, 2019 3:36 PM
@Rachel
“what’s the story with the Willie Nelson + other music posts? It’s not even pretending to be related to anything-the spam is more relevant.”
You have a point. Ride Me Back Home, however, starts
“We rode into battle, barebacked and saddled. You took the wound in your side. You pulled the sleds, and you pulled the wagons. You gave them somewhere to hide. Now they don’t need you, and there’s no one to feed you. And there’s fences where you used to roam. …”
A90210 • June 20, 2019 3:56 PM
@Rachel, Alejandro
Regarding Facebook’s Libra currency:
https://www.democracynow.org/2019/6/19/big_techs_war_for_your_wallet
“In a move that could reshape the world’s financial system, Facebook has unveiled plans to launch a new global digital currency called Libra. Facebook announced its plans on Tuesday after secretly working on the cryptocurrency for more than a year. It will launch Libra next year in partnership with other large companies including Visa, Mastercard, PayPal and Uber. Facebook said it wants to create “a simple global currency and infrastructure that empowers billions of people.” The plan has already come under fierce criticism from financial regulators and lawmakers. Democratic Senator Sherrod Brown tweeted, “Facebook is already too big and too powerful, and it has used that power to exploit users’ data without protecting their privacy. We cannot allow Facebook to run a risky new cryptocurrency out of a Swiss bank account without oversight.” We speak with David Dayen, the executive editor of The American Prospect. He recently wrote a piece for The New Republic headlined “The Final Battle in Big Tech’s War to Dominate Your World.” …”
https://newrepublic.com/article/153515/final-battle-big-techs-war-dominate-world
A90210 • June 20, 2019 4:13 PM
@Sherman Jay
More on the Lofgren-Amash Amendment, which was voted down.
“The Lofgren-Amash amendment would require the government to acknowledge the protections in the law and to explicitly promise not to engage in “about collection,” the practice of collecting communications that merely mention a foreign intelligence target. About collection has been one of the most controversial aspects of Section 702 surveillance, and although the government ended this practice in 2017, it has consisted claimed the right to restart it.
With a big fight looming later this year on whether Congress should renew another controversial national security law, Section 215 of the Patriot Act, we encourage the House of Representatives to vote Yes on the Lofgren-Amash Amendment to take a step toward reining in Section 702.”
The Pull • June 20, 2019 6:19 PM
The New York Times: U.S. Escalates Online Attacks on Russia’s Power Grid.
https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html
Whole nest of problems here, but I can see why they did this (and told the press).
If anyone is aware of this, Russia has done the same thing.
So, you see the possibility of US and Russia shutting down power plants and other energy infrastructure in a tit for tat campaign.
Nm the problem of bugs in the code, theft of attack tools for repurposing, or legitimate problems blamed erroneously on an attack.
Anyway, wanted to get ya’lls opinion on this.
The Pull • June 20, 2019 6:29 PM
@Alejandro
I think HK and China have a more serious problem then what we have in the states, right now. But the future is looking bleak.
A lot of serious political instability here and a near worship of police state principles. (The extreme rate per pop here of incarceration is at the world’s highest. Mostly effects the poor. Very few liberal tendencies in these and other issues among the ruling population. Hard hearted, cold hearted folks, and a lot of them. And worship of the State is considered a high virtue. Give it a disaster or a few decades, and the future is looking grim.)
gordo • June 20, 2019 7:30 PM
@The Pull,
Whole nest of problems here . . .
Predicted, more or less, well over 20 years ago. . .
WARRIOR IN THE AGE OF INTELLIGENT MACHINES
The Pentagon’s resident visionary, Andrew Marshall, talks to Peter Schwartz about why everything you know about war is wrong.
PETER SCHWARTZ, Magazine | WIRED, 04.01.95
Marshall:
Information and communications technologies will change how conventional battles are conducted. Instead of bombing factories, the aim may now be to penetrate information networks. As more and more of the economy of any given country is embodied in its information systems, that country will be more vulnerable to disruption.
[. . .]
Schwartz:
Until now, all the wars we have fought essentially have been nation against nation. But the opponents in this new kind of conflict are probably less likely to be nation states.
Marshall:
Probably. There may well be an increase in guerrilla warfare because new technologies may increase our vulnerability to it. We are living in the equivalent of the early 1920s, when tanks, airplanes, and later radar and radio were new, and people weren’t sure what they were or how to use them. We have only preliminary ideas about how today’s technology is going to change warfare. But it will. In the old world, if I wanted to attack something physical, there was one way to get there. You could put guards and guns around it, you could protect it. But a database – or a control system – usually has multiple pathways, unpredictable routes to it, and seems intrinsically impossible to protect. That’s why most efforts at computer security have been defeated.
https://www.wired.com/1995/04/pentagon/
Whether a Rubicon gets crossed remains to be seen. Let’s hope it stays that way.
The Pull • June 20, 2019 8:42 PM
@gordo
Thanks, nice find. 1995…
Whether a Rubicon gets crossed remains to be seen. Let’s hope it stays that way.
Yeah…
2020 looks like it will be interesting, at the least.
My sense is that US mil and intel is on this, and maybe even have the gloves off. And Russia probably won’t back down, may even escalate well beyond their 2016 successes.
Rachel • June 21, 2019 1:27 AM
I know many here appreciate what they find to be your intelligent commentary on this blog. So, I’m just curious – what successes by Russia are you referring to, above?
Rachel • June 21, 2019 1:35 AM
A90210
I don’t understand. Your song however wins no points for commencing with an outright contradiction in the first line. I’m also too polite to comment on your taste
Facebooks impending currency.
Excellent and thorough analysis by Lambert Strether of Naked Capitalism. Be sure to read the reader comments for more links and critical arguments. Mr Schneier, as I am sure you’ve already pegged the matter as one worthy of you attention, I feel you’ll appreciate adding this link to your trove. The pieces centres on the issue of trust. User trust, Technical Trust and Regulatory Trust. ‘Epic Fail’ as Mr Robinsons son would say.
The Pull • June 21, 2019 9:49 AM
@Rachel
I know many here appreciate what they find to be your intelligent commentary on this blog. So, I’m just curious – what successes by Russia are you referring to, above?
Flattery will get you everywhere. 🙂
I have a very strong background, though unless someone knows me or has heard of me, I am otherwise a nobody security researcher.
I would recommend Season 7 of Homeland, CIA clearly had very significant input on it. And, it deals with exactly this sort of circumstance.
This is a potentially loaded question of yours, as so much of what Russia has been doing is deniable. Then, there is what is seen, reported, and what is unseen. I certainly take confidence in the released reports from US Intelligence on the matter. And presume they have intelligence backing those reports, such as moles and technical intelligence, which did not make it into the public versions.
Largely, however, I am working from the news, and having studied Russian intelligence considerably (there happens to be a huge amount of open source material due to the downfall of the Czarist regime, Soviet regime, memoirs, declassified works, and so on.. mitrokihn archives were a significant contribution…): having done so, my opinion is pretty much anything which has appeared to be Russia, is Russia. In these past few tumultuous years.
Though not directly attributed, I think probably Russia even used the stolen NSA tools to hack the city of Baltimore, simply as a power game played against the NSA. To demoralize them.
I do use the word “success” here with some irony. I disagree that many of their methods are actually useful, even if they have proven to be potent.
Stirring up the already heavily polarized masses here brought considerable blowback. But, the value of Trump over Clinton for Russia was a significant win, and their efforts there did aid him. Problem was, their hand was seen, their MO and motives are well known, and he almost surely would have won anyway.
Overall, it severely damaged relations between the US and Russia, which was unnecessary and counterproductive. At least, in mil and intelligence circles. Which matters.
Now, we are having a showdown, with the full, mature force of US military and intelligence gaming up for a war of sorts in 2020… with the very real possibility of significant cyber strikes in retaliation.
For what gain?
Mix Iran heating up, in the mix, and Russia siding with shia while US sides with sunni, and things can get very confusing fast.
Donovan Atlantis. To fit the squid, deep underwater theme. 🙂
https://www.youtube.com/watch?v=9AUEjzVQwKo
On your question about music videos, we probably pass secret messages through our music selections. It is an effective way to send a message that can generally only be understood by certain parties, and no one else. For a wide variety of reasons. Mostly fun.
GeorgyporgyTheDeadPeasant • June 21, 2019 9:58 AM
@Z.Lozinski • June 15, 2019 2:54 AM
“@Alejandro,
The thing that concerns me about the proliferation of cameras in retail stores and banks is they provide a way to attack the chip-and-pin / EMV payment system. Position a camera so you can see payment terminals and you have access to a large percentage of the PINs entered.”
In general always a good practice to cover the terminal with a hand. I always do this – having memorized the keypad to “feel in” the PIN, pun intended.
Alyer Babtu • June 21, 2019 10:01 AM
@Rachel
music posts ?
My take – music and computer computation are cousins descending from mathematics. To me awareness of this relation is helpful. The formal order in one by analogy inspires search for order in the other. The more one develops one’s appreciation of musical beauty, the more one deepens one’s sensitivity to beauty in programming, and vice versa.
TheFodderofPeasantPolicyRiches • June 21, 2019 10:25 AM
@65535 :
“My better half with nimble fingers has found that very thick tin foil wrapped around a cell phone can work stop radio signals.”
Your other half needs to keep the foil on the phone when she’s using it. I’m baffled by a press that attributes cell phone tower radiation with massive brain destroying powers, while the power density rule on relatively low powered tower transmitters (50 – 500 watts, but usually closer to the low value) – clearly reveals that a cell phone on a person’s head projects a higher density than one could receive from the tower without climbing it.
New Ransomware • June 21, 2019 2:36 PM
New Form of Ransomware
Is being blaimed for an attack that has crippled the largest forensics agency contracting to UK Police forces,
https://www.bbc.co.uk/news/uk-48721511
Whilst the fact yet another organisation has been hit by Ransomware, is not exactly news, the fact it appears to be a new variety of Ransomware is. As is the fact the organisation it hit is a major supplier of “Computer Forensics” to not just the UK but other nations.
Thus there may be more to this attack than just extortion, and by a new player.
gordo • June 21, 2019 5:36 PM
@The Pull,
I do use the word “success” here with some irony.
Speaking of irony . . .
Loopholes Allow Foreign Adversaries to Legally Interfere in U.S. Elections
by Fred Wertheimer, May 28, 2019
The United States has long prohibited foreign governments – and other foreign nationals, including individuals and corporations – from being involved in U.S. elections.
It turns out, however, that there are major loopholes in this prohibition that allowed Russia to legally spend money in connection with the 2016 presidential election. These loopholes must be closed. [emphasis in original]
. . . and that’s to say nothing about “dark money”.
The Pull • June 21, 2019 8:26 PM
@gordo
Wow, excellent write up. Disturbing piece. Thank you, gordo.
Wonder when more nations will realize these loopholes and go all out in advertising campaigns for their favorite American candidate. Looks like absolutely zilch to stop Russia, too.
Rachel • June 22, 2019 3:02 AM
The Pull
I have a very strong background
Most respectfully, this is quite a meaning-less description. If colourful. I do recall your sharing of biographical details here and there however.
I would recommend Season 7 of Homeland
It’s most, most unfortunate the aforementioned series was ever devised, and even more unfortunate it received attention – let alone recommendation. Your suggested reason why it’s worth spending time on is the reason all non-US citizens find it so disgusting, Season 1 forward. Why willingly subject oneself to such?
On your question about music videos, we probably pass secret messages > through our music selections.
Or, you probably don’t. Who knows? Either way, William Nelson doesn’t get a pass anywhere. And, after investing a small amount of time considering the scenario, it strikes me that Mr Nelson has never ridden into battle bareback. If he did, he would choose the saddle (inexplicably on hand, simultaneously )
Indeed,historically this blog has been a staging area for communicating in code. It’s invariably in a format others can either participate in, enjoy as a spectator, or knowingly pass over as an unintended recipient. Sharing music videos on the other hand may as well be sourdough recipes or how to skin your own mocassins. Arguably it adds to the noise and if it is indeed a covert channel as you suggest, there are many other more appropriate – and more innocuous and more public – places to do so. It also requires clicking on an largely unidentifiable link, which is not the most intelligent way of sharing a code with someone.
As to your Russia obsession. Speaking on behalf of Europeans
1. We are more bored by US political fabrications than you could possibly conceive
2. We don’t believe ‘your’ conjecture
3. We like proof, here. Where’s your proof?
4. The USG has done more harm to itself, and to its own citizens, since forever, (history books etc) than Russia could ever possibly do. You’re a smart human being. Why isn’t this your obsession instead?
5. I’m generalising
Alyer Babtu
Nicely said. Thank you.
The Pull • June 24, 2019 2:12 PM
@Rachel
Music videos, or other outside content can contain words people want to say.
In regards to the Russian disinformation & hacking operations in various nations, there is ample evidence which can be found via google in these regards.
Russia is irrelevant, except how they operate in these theaters. They do operate, and they operate extensively, and mostly, well.
Disinformation/information programs, & hacking – often the two working in conjunction with each other – are here to stay.
A lot of what has been done, previously, has been amateurs and rogues. Nation states are finally really starting to play a role now.
Historically, information/disinformation programs and traditional forms of information gathering have gone together. But, hacking and the internet changes the entire game and makes it much more explosive.
Nations have been slow to adapt.
George • June 25, 2019 3:57 AM
@The Pull wrote, “In regards to the Russian disinformation & hacking operations in various nations, there is ample evidence which can be found via google in these regards.”
There’s also ample evidence of US of A meddling in foreign elections which can be found via google but somehow that is considered “off-topic” by some circles in this blog. 😉
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Alejandro • June 14, 2019 5:44 PM
In Stores, Secret Surveillance Tracks Your Every Move
https://www.nytimes.com/interactive/2019/06/14/opinion/bluetooth-wireless-tracking-privacy.html
While in the store …”Bluetooth beacons…. track your location accurately from a range of inches to about 50 meters. They use little energy, and they work well indoors. That has made them popular among companies that want precise tracking inside a store.”
Basically, the article suggests a whole new wave of precise invasive tracking in public buildings has started, using cell tower data, GPS and now in store Bluetooth trackers that secretly communicate with your phone.
My personal electronic goals have been to cut Google out of my life as much as possible, but also basically leave the phone off and in the car when shopping at any of the big box stores.
On a more personal basis, it was only recently I noticed cameras video taping my checkout at Target and Walmart which has prompted me to flip the finger to the camera. I see that might create an issue for one reason or another. I am trying to restrain myself. Sometimes.
I hope more and more states start fighting for our electronic security and privacy. I think it’s pretty safe to assume Congress is a lost cause on those issues (and much more).