Friday Squid Blogging: New Research in How Squids Change Color

Structural colors rely exclusively on the density and shape of the material rather than its chemical properties. The latest research from the UCSB team shows that specialized cells in the squid skin called iridocytes contain deep pleats or invaginations of the cell membrane extending deep into the body of the cell. This creates layers or lamellae that operate as a tunable Bragg reflector. Bragg reflectors are named after the British father and son team who more than a century ago discovered how periodic structures reflect light in a very regular and predicable manner.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Tags: squid

Posted on August 23, 2013 at 4:00 PM • 47 Comments

Comments

Slack • August 23, 2013 4:28 PM

Google, Gmail and Amazon all went offline for a spell in recent days. NASDAQ ceased trading for three hours owing to a ‘technical glitch’. Looks like a movie-plot demonstration of ability, does it not?

CallMeLateForSupper • August 23, 2013 4:38 PM

“The [school] district said the purpose of the RFID-chipped ID cards was to increase attendance.”

“If a student is not in his seat during morning roll call, the district doesn’t receive daily funding for that pupil because the school has no way of knowing for sure if the student is there.”

So, reading an RFID tag is a certain indicator that a particular human is present? What are these guys smoking?! I want some.

http://www.wired.com/threatlevel/2013/08/student-rfid-chip-flap/

kashmarek • August 23, 2013 6:39 PM

@ CallMeLateForSupper:

What it means is that the RFID tag is present. I will bet that after some amount of time, the school eventually show near 100% attendance for the RFID tags so as not to lose the state money. In fact, why would they want any students to show up at all? Just run the school copy of the RFID tags through the reader each day. How easy is that?

Godel • August 23, 2013 6:43 PM

@CallMeLateForSupper

The school doesn’t care if the kid is actually there or not. As long as their RFID card is there, the school gets paid for the time.

Godel • August 23, 2013 7:16 PM

File downloader program includes hidden DDos capabilities, says Eset.

“Starting with version 4.1.1.15, the main Orbit Downloader executable has apparently been communicating with the orbitdownloader.com site, silently downloading a DLL file and retrieving configuration data.

The DLL file includes a function called SendHTTP. And this, in turn, will download a list of targets – again from the orbitdownloader.com site – and carry out one of at least two possible attacks (SYN floods or regular TCP packets).”

http://www.softwarecrew.com/2013/08/orbit-downloader-includes-ddos-code-says-eset/

Roxanne • August 23, 2013 7:53 PM

We’re supposed to believe that squid developed that ability in their skin – something it takes a PhD to understand – without any kind of divine intervention? Really? And why don’t we have that, if we’re the deity’s favorite beings? 😉 /sarcasm

bcs • August 23, 2013 11:27 PM

Yet more flagrant abuse by the TSA, DHL, FBI, and other TLAs

http://varnull.adityamukerjee.net/post/59021412512/dont-fly-during-ramadan

Aspie • August 24, 2013 4:32 AM

When an NSA-compliant tech company gets paid to hand over user data it kind of undermines their we had no choice argument.

Clive Robinson • August 24, 2013 8:16 AM

OFF Topic :

Another news item on the German Gov saying “NO” to Win8,

http://mobile.techworld.com/news/security/3465259/is-windows-8-trojan-horse-for-nsa-german-government-thinks-so/

As I said in my post a few days ago on lastweeks squid page, the problem is the TPM 2.0 chip and how Win 8 works with it.

As this article notes the chip alows remote administration by unknown others that you can not stop from Win8 and for most users only realy stop it by not having Internet access. Worse the chip also stores all the keys for MS BitLocker. It also stops you running “unaproved” software that might disable the chip and this includes other OS’s like Linux.

However as the German Gov fears it gives MS thus the NSA et al unfettered access it also potentialy gives the Chinese access as well (as they load the chip first during mother board manufacture).

So it gives MS / Win haters more amunition to throw at Steve “Bonkers / Barmy” Ballmer’s back as he makes a rapid scuttling exit from MS (though it’s not clear if he Jumped, Fell or was Pushed on somebodies toe cap, or realised he could profit by a billion dollars on his failure),

http://m.newyorker.com/online/blogs/currency/2013/08/why-steve-ballmer-failed.html

Clive Robinson • August 24, 2013 8:45 AM

@ Aspie,

US law (unlike UK law) alows the telco or other service provider to “re-claim costs”.

The reason I suspect is in the UK not receiving payment gave service providers leverage to say NO, which might account for why the likes of GCHQ do “down stream” not “service provider property” splicing to slurp data.

Also I suspect the companies involved would not put their best resources into any such “business sub-unit” whilst charging between two and ten times top dollar pricing as is normal when technology and secrecy are involved (look at DoD overpayment etc and hundred dollar hammers etc).

Arguably if the likes of these companies are making the NSA pay through the nose till it makes them bleed till blind they are actually doing your privacy good because even though it appears NSA budgets are limitless they are not, thus the NSA has to make expenditure choices.

However there is a fine line between bleeding the NSA blind and causing them to consider other courses of action (as in the UK) which would give the NSA compleatly unrestricted access without a commercial organisation in the middle providing a degree of oversight…

Look at it this way part of the money paid by the NSA to these companies probably offsets legal fees incured by the companies with FISA and other court actions.

Whilst the “spoon you use to sup with the Devil” should be long, nobody ever said you should not have it made of solid gold at the Devil’s expense…

Idiotproof • August 24, 2013 9:09 AM

This is an totally bad idea, and huge waste of Money:

“University in Maryland to install bulletproof whiteboards

University of Maryland Eastern Shore is the first college to adopt the whiteboard that can stop bullets. The inventor says it will ‘buy you some extra time’ against shooters.”

latimes.com/nation/la-na-bulletproof-white-boards-20130818,0,33432.story

Petréa Mitchell • August 24, 2013 1:36 PM

Conviction reversed in a trial about allegedly funding terrorism:

The 9th U.S. Circuit Court of Appeals opinion accuses federal prosecutors of improperly influencing the outcome of Seda’s trial by concealing that they had paid a witness. The government also exceeded the scope of a search warrant and omitted facts that might have helped the defense, the court ruled.

“This is a tax fraud case that was transformed into a trial on terrorism,” Circuit Judge M. Margaret McKeown wrote in the panel’s 2-1 opinion.

Petréa Mitchell • August 24, 2013 1:39 PM

Senator Ron Wyden providing a preview of coming attractions:

In addition, Wyden, a member of the Senate Intelligence Committee, said after their appearance that the panel is close to releasing a report showing that contractors played a major role in the “interrogations and torture” of terrorism suspects.

When the report is declassified, Wyden added, “people are going to be struck by some of what happened when contractors were conducting interrogations and it will help our reform agenda.”

Will Sleator • August 24, 2013 2:55 PM

@Clive Robinson • August 24, 2013 8:16 AM

Another news item on the German Gov saying “NO” to Win8,

http://mobile.techworld.com/news/security/…

As I said in my post a few days ago on lastweeks squid page, the problem is the TPM 2.0 chip and how Win 8 works with it.

Well back in 2009 there were these articles about how NSA had helped Microsoft with Win 7 development…

But would anyone know if the protected Group Policy Client service has something to do with this as well? (In Win 7 you can disable the Group Policy Client service through the registry, but in Win 8 this does not seem possible.)

Grumpy Smiley • August 24, 2013 3:10 PM

The U.S. government’s efforts to determine which highly classified materials leaker Edward Snowden took from the National Security Agency have been frustrated by Snowden’s sophisticated efforts to cover his digital trail by deleting or bypassing electronic logs, government officials told The Associated Press. Such logs would have showed what information Snowden viewed or downloaded.

The government’s forensic investigation is wrestling with Snowden’s apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission, said the officials, who spoke on condition of anonymity because they weren’t authorized to discuss the sensitive developments publicly.

The disclosure undermines the Obama administration’s assurances to Congress and the public that the NSA surveillance programs can’t be abused because its spying systems are so aggressively monitored and audited for oversight purposes: If Snowden could defeat the NSA’s own tripwires and internal burglar alarms, how many other employees or contractors could do the same?

In July, nearly two months after Snowden’s earliest disclosures, NSA Director Keith Alexander declined to say whether he had a good idea of what Snowden had downloaded or how many NSA files Snowden had taken with him, noting an ongoing criminal investigation.

[…]

Snowden, a former U.S. intelligence contractor, was employed by Booz Allen Hamilton in Hawaii before leaking classified documents to the Guardian and The Washington Post. As a system administrator, Snowden had the ability to move around data and had access to thumb drives that would have allowed him to transfer information to computers outside the NSA’s secure system, Alexander has said.

In his job, Snowden purloined many files, including ones that detailed the U.S. government’s programs to collect the metadata of phone calls of U.S. citizens and copy Internet traffic as it enters and leaves the U.S., then routes it to the NSA for analysis.

Officials have said Snowden had access to many documents but didn’t know necessarily how the programs functioned. He dipped into compartmentalized files as systems administrator and took what he wanted. He managed to do so for months without getting caught. In May, he flew to Hong Kong and eventually made his way to Russia, where that government has granted him asylum.

Snowden Suspected of Covering Electronic Tracks
http://www.newsmax.com/Newsfront/NSA-Surveillance-Snowden/2013/08/24/id/522053

J. Livingstone Seagull • August 24, 2013 3:50 PM

this is the kind of issue we may get more of in the future…

LOVEINT: When NSA officers use their spying power on love interests
http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/24/loveint-when-nsa-officers-use-their-spying-power-on-love-interests/?tid=pm_business_pop

kashmarek • August 24, 2013 5:45 PM

LOVEINT…

Why am I not surprised? This same thing happened cameras went up all over the UK (and elsewhere) claiming they were necessary for crime, crowd, & traffic control as well as monitoring movements of people. The camera operators became voyeurs, mostly because they were bored.

The same is now already happening with the NSA (& other collected) data, where the (questionable) purpose is boring to the operators and they start doing things of unintended consequences. Wait ’till those love interests turn to political interests (due to boredom or orders from the top). They are likely to miss the real value of the data and waste their time (and our money) with figments of their imagination.

Alex • August 24, 2013 6:50 PM

@CallMeLateForSupper: We had something similar happen at one of my workplaces. They replaced the Detex access cards with proximity cards, and proceeded to put prox readers all over the place. All of us just tossed the prox cards in the middle of the conf room table and grabbed someone else’s random card. We’d do this every day at lunch. After awhile they stopped snooping on all of us as they couldn’t tell who was who.

@idiotproof: There’s idiots, then there’s the government. Have a product which is half-baked or doesn’t even remotely work or isn’t needed at all? No worries! Government will buy it from you, in spades.

Petréa Mitchell • August 24, 2013 7:06 PM

The LOVEINT source article says: “Most of the incidents, officials said, were self-reported.”

…meaning they weren’t known about until the offenders mentioned them, which means whatever system they have for catching misuse is crap, which means there’s probably plenty more they don’t know about.

AC2 • August 24, 2013 10:30 PM

NZ passes bill allowing domestic spying, possibly in light of the Kim Dotcom fiasco.

NZ PM “This is not, and never will be, about wholesale spying on New
Zealanders”

http://mobile.abc.net.au/news/2013-08-21/new-zealand-passes-spy-bill/4903500

AC2 • August 24, 2013 10:39 PM

Oh and NZ was already a member of the Five Eyes program so they are probably vacuuming up the stuff anyway.

“This bill won’t cost the taxpayer a single additional $!!”

name.withheld.for.obvious.reasons • August 25, 2013 6:05 AM

This is becoming impossible, the government is so far removed from the foundational laws that we can accelerate right pass assumption and go straight to “we do not have a legal government.” What is so wrong–the government had secretly ruled that the need for national security supersedes the rights of the people. If this is true, then why is there no clause in any section that says the executive or congress have the right to suspend the constitution in total? Quoting from the “April 2011 Submissions”:

“Further, it remains true that the collection is undertaken in circumstances in where there is a “high degree of probability that requiring a warrant would hinder the government’s ability to collect time-sensitive information and, thus, would impede the vital national security interests at stake.”

I haven’t found a single place in the United States of America’s Constitution were an any amendment reads as follows:

The [government/arses]/congress shall pass no law, unless of course the government has an interest that out weighs that of the citizenry or our job as government officials/toads would be made more difficult…

I will start the fire, everyone grap a pitch fork or an axe–seems Paul Revere has just given the signal–we’re going to DC.

Clive Robinson • August 25, 2013 6:54 AM

OFF Topic :

A few days ago I mentioned brain scans with respect to lie detectors, and how they and induced brain stimulation could be used to induce false results in lie detector traces.

I also mentioned that an Indian court had allowed brain scans as a lie detector test against all oposition that said it was not a sensible or scientifficaly valid approach.

Well…

A university in the Netherlands appears to have moved forward FMRI interpretation to the point where they can tell what letter a test subject is looking at,

http://www.ru.nl/english/general/news_agenda/news/@910991/computer-can-read/

No this does not mean they can read thoughts or will ever be able to, but it is still quite impressive work.

Figureitout • August 25, 2013 3:28 PM

Typing error causes Israeli company to lose 99% of it’s shareholder value in a few minutes. Yet another market failure that inspires confidence in the future.

http://www.timesofisrael.com/typing-error-sends-tel-aviv-stock-exchange-plummeting/

Neil in Chicago • August 25, 2013 4:19 PM

@Clive Robinson — Ballmer may be no prize, but he was put in an impossible situation. Chairman Bill chose a brilliant time to get out: he owned a market which was on the verge of becoming “mature”, just before the inflection point transitioning from explosive growth to only replacement sales.
I doubt even Chairman Bill prognosticated the smart phone (“the first second-generation personal computer”), but that was really the stake in the heart of Microsoft’s mightiness.
Back in the day, “IBM watching” was an actual profession. There was quite an uproar when their choke hold was broken, and now they’re still there, but who cares much? It’s been fascinating to watch Microsoft become irrelevant in a similar way (still there, still big, of no interest to futurologists), but remarkably quietly.

Dirk Praet • August 25, 2013 8:27 PM

@ name.withheld.for.obvious.reasons

I will start the fire, everyone grap a pitch fork or an axe–seems Paul Revere has just given the signal–we’re going to DC.

I would not recommend this course of action. Sedition under 18 USC § 2383 can land you up to 10 years in jail, not to mention that turning up with an axe in front of the White House will

most likely get you shot
give the usual suspects a good reason to ask for even more powers to combat domestic terrorism
give Keith Alexander a real instance of a terrorist plot his snooping was able to foil

Dirk Praet • August 25, 2013 8:35 PM

@ Clive, @ Neil in Chicago

Patrick Moorhead, principal analyst with Moor Insights & Strategy, argues that Ballmer was forced out by the M/S board of directors as a result of the $900M Surface RT debacle.

name.withheld.for.obvious.reasons • August 25, 2013 10:19 PM

@ Dirk Praet

Thanks Dirk? But all I said was I would start the fire. There is an alagory here, it tends to a philosophical statement. But I do agree, allow idiots to interpret what is less than obvious is asking for a whole lot of trouble, just look at how the arses in the Court have reinterpreted constitutional law. And, I didn’t know the Supreme Court had been replaced. What a fool am I?

Figureitout • August 25, 2013 11:35 PM

name.withheld.for.obvious.reasons
–Yes, but you know that this will bring continued surveillance on you if it isn’t already. The Supreme Court is full of a bunch of old fcks that need to die or give up their seat to individuals that can properly interpret the Constitution in the modern age. Congress is again a bunch of old fcks that need to die or fight beyond settling for their salary and full healthcare for them and their families.

Truth hurts; I certainly know there’s some uncomfortable truths for my life that if I accept means I should just (as I am slowly) sacrifice my life to science.

Clive Robinson • August 26, 2013 12:06 AM

@ Dirk, Neil,

What ever the reason for SB leaving MS we are probably not going to be given confirmation by either side due to the usuall contractual clauses.

I’ve read getting on for twenty opinion pieces in the last twenty four hours as to the why, but the only clear indicatore from all is “SB failed to return MS to it’s former glory” of dominant market position after adverse (but expected) DoJ and EU restrictive trade practice judgments.

To be fair though “the party was over” Billy Boy had left the building and I doubt there was enough polish in the world to remove the tarnish that the whole world could see clearly, the “sparkle” was definatly not comming back.

SB took all of that on when many others would not, he then went looking for new markets to dominate in, but it quickly went wrong. SB placed betts on the wrong horses and MS quickly went from a market leader to a market follower and a timid one at that.

The simple fact is MS rose to it’s dominant position on a series of marketing lies and underhand behaviour which Billy Boy had exhibited from the earliest days rocking back and forwards like a demented weeble.

Even if the underhanded behaviour partly laid bare by the courts had not struck MS low, then the fact that people had realy started to disbelive the marketing lies would have.

With the problematic and checkered life of ME then XP the writing was on the wall for the MS OS on IBM-PC hardware. SB’s canncer calls on Linux as a response caused many trade and consumer press to doubt SBs mental acuity and his rants screams and other dubious behaviour at press present events and major audiances did not help. Eventualy even what many saw as the last bastion of ever changing “file formats” for customer lockin on MS Office went “standard” as a last ditch effort and showed there were yet more significantly stormy times ahead.

Windows CE and Mobile were not successes and as one journalist pointed out “they [MS] cann’t even give it away”. Then there was Vista, at best not popular and mostly unwanted by the important business customers who had stuck with XP for quite sound business reasons.

But it was not just OSs that MS was getting wrong it failed to understand which way technology was moving.

With end users moving from desktops to Netbooks, then Smart Phones and now Pads it failed to make it’s mark and it’s lost the battle with BYOD managment mentality. But likewise with servers and the cloud, it’s still so far behind on “big data” requirments it’s given up a significant chunk of the business market and is slowly becoming irelevant in all but Office and Directory services. And does anybody remember the last organisation to bet the farm on directory serves? It was Novell and it’s once muched praised NetWare Directory Services, arguably much better than the MS offerings prior to Active Directory and some would argue still better but ask any IT geek under 35 and they probably won’t of heard of it or even know that Novell owns the Unix name…

Realisticaly for MS, Office is where the money is coming from, but many organisations don’t use the “Email” component nore the “Database” component because they get better performance/results from other sources. But untill very recently many organisations were looking seriously at “online” offerings from the likes of Google to make mobile / remote / colabarative working much easier to use not just technicaly but administratively as MS licensing has been and continues to be a nightmare to handle in large or non centralised organisations.

And of course just recently the Snowden revelations, but even prior to that big questions were begining to be asked about TPM2.0 and Windows 8 and the absolute control it gave MS and possibly the Far Eastern motherboard manufactures outsourcing production in China…

Under SB MS took so many changes in direction that the twisting and turning ended up looking like the throws of a monsterous beast in agony. MS had started to leave not just skin in the game but chunks of flesh close to it’s heart, and some are saying the wounds are mortal…

But SB made some other quite nasty mistakes, he got it in his head that the programers had become complacent and therfore lazy. He instituted his 2/7/1 rule on teams where a team was judged internaly against each member not how they had achived against other teams or their stated objectives. So everybody knew that even in the very best team 20% got praise and 10% got fired. Smart programers who’s options were safe got out or aranged to join teams where they were almost certain not to be below the top 50%. The result even more lack luster software that is worse than any supposed complacency could ever do. If you speak to Ex MS Staffers you will realise it was not complacency but a mixture of shell shock and no sense of direction from above. The shell shock in part caused by the fall in share value that made some staffers close to bankrupt due to IRS bills.

Well SB anounced a new change in direction to “devices and services” a little while ago and it will be performed by his successor. I remember HP making such a change in direction and it did not work to well for them.

Billy Boy famously said he did not expect MS to last for ever and currently it looks like it’s not going to last long enough for it to outlive it’s founders unlike IBM and AT&T…

Figureitout • August 26, 2013 1:09 AM

“When you run your own network,” Bonicioli explains, “nobody can shut it down.”

http://www.motherjones.com/politics/2013/08/mesh-internet-privacy-nsa-isp

Clive Robinson • August 26, 2013 8:26 AM

@ Figureitout,

Whilst MESH networks of many varieties will with a little planning work well it’s not going to work in WASP and Northan European nations because of the law, which is basicaly both for political control and taxation and the likes of the ITU back them up.

The start of the article mentions Greece, well for many years those islanders used illegal high end Medium Wave transmitters of between 10&100watts to chat to each other CB style.

Spanish fishermen are likewise natorious for using very high power HF CB systems that jam frequencies in France used for cordless phones over 100Km inland (I know because I developed one of the very few protocols and a multi-handset cordless phone system that actually worked reliably, but it never went into production because the market moved over to DECT).

In Spain and many other Southern European Nations the FM Broadcast band is a compleat mess due to lack of licencing legislation / enforcment and due to the desire for strong political control by the UK and preasure from various military suppliers the ITU called for the FM broadcast band (~88-108Mhz) in Europe to be closed down and handed over to the military by 2010. Whilst the civilians were to get the extreamly environmentaly unfriendly and heavily politicaly contoled DAB (your receiver can only play stations that are in the Matrix and that is heavily controled so no pirate radio). Ofcom in the UK are so desperate to get DAB accepted by UK they have manipulated competitions in Broadcast Industry technical Awards, and portrayed Pirates as a combination of Terrorists pushing drugs into children and funds raising and weapons dealing. All whilst threatening quite innocent suppliers with draconian laws that involve extensive prison sentances and excessive fines.

You can be sure that Governments who have “licencing powers” are using it as a “cash cow” the cellular radio spectrum “sell off” was a clear example of Governmental “fill your boots” practice.

In the UK I’m realy surprised they have not come up with an “ISM Band” tax, but currently they appear focused on stealing Amature Radio bandwidth to licence off under claims of “National Security” and whilst coming down quite heavily on Amatures who transgrees take little or no action against commercial “licence paying” organisations who transgress into Amature and ISM bands illegaly.

So I would expect any attempt to get MESH networks up that might impinge on the “cash flow” to be strongly surpressed in WASP and similar nations.

Clive Robinson • August 26, 2013 9:23 AM

OFF Topic :

Germanies Der Spiegel has comment to make on the apparent “British Complacency” over the Snowden / Miranda episodes,

http://www.spiegel.de/international/world/the-cozy-relationship-between-britain-and-its-intelligence-apparatus-a-917689.html

Sadly there is a germ of truth in it, and much of the UK has be described as “Alcohol swilling, fag puffing, couch potatoes with interest only in casual sex, games consoles, football, Soap Operas and faux Reality TV, domed to a premature and ignorant death before their healthier better educated parents” by various experts in the likes of the Dail Mail and other newspapers that get seen abroad.

The simple fact is UK youth and early middle aged people are politicaly disconnected for various reason that can be traced back over thirty years to the actions of Margret Thatcher. Every day we see more reason to think our politicos are either corrupt, on the fiddle, feathering their nests or being wined and dined by major tax evading Corporations such as Google, Starbucks, Microsoft, Vodaphone et al.

We know we can not walk down the street or go into a shop or use any kind of transport without being unfairly taxed, surveilled by CCTV or mobile phone or card usage. We also know from experiance this surveillance is being used to raise revenue because the Government can not raise taxes any further as they have given it away to major tax evading corps, banks and their other “chummy friends” and to try and “buy votes” as election time draws close. It’s been found that non private CCTV is most frequently used to place fines on people, it’s only in the case of very serious assult and capitol crimes that it’s used for evidentiary purposes in court.

There is a very real sentiment across all ages that it’s not worth voting because you’ll never get an honest politician into power in a way that will make a difference. The two main party colours are Red (Labour) and Blue (Conservative) and the difference between them is in reality so slight it might as well be nonexistant which is why you hear people talk about “Purple Politics” representing greed and indifference of the worst kind to the voters.

Almost daily we have Ministers, Police officers and Intel Services carrying out unlawful acts (of which detaining Miranda was one, destroying the Guardians hard drives another) and trying to use the flimsiest of pretexts to defend their actions knowing full well something else they do will take it off the front pages tomorow. Even when courts tell them they have acted unlawfully they just use another pretext and then change the law.

Few if any people when questioned have any respect for politicians, and even less think voting has any effect on them in the way of control.

One telling statistic about UK Politicos, they are four times more likely to go to jail for crimes than ordinary citizens. And the crimes they comit are mainly purjury and fraud related, which tells you how little respect they have of the laws they pass.

Petréa Mitchell • August 26, 2013 9:54 AM

Re: mesh networks… I was wondering when we would start seeing calls for reinventing UUCP.

I don’t see that it would stop spying– the NSA can set up its own nodes, and even in ye olde pre-mainstream days people would say, “Don’t put anything on the Internet you wouldn’t be comfortable seeing on the front page of the New York Times.” But building a system with no simple off switch is good argument for it.

Clive Robinson • August 26, 2013 10:29 AM

OFF Topic :

For those that might have an interest (and that should be all of you 😉 in what the British Intel organisations have done or are likely to do with Mr Miranda’s confiscated electronics have a read of,

http://www.zdnet.com/when-authorities-confiscate-your-electronics-the-fate-of-david-mirandas-computer-and-phone-7000019796/

However one thought occurs, Mr Miranda is a very very high profile case, the chances are quite a few specialists will want to look at his electronics (if he ever gets them back) to look and see what GCHQ / NSA have done to them because it will not be just the bragging rights at finding Spook Level Spyware at stake, it will also be an oportunity to decompile etc the code and publish it etc which will be of considerably more than academic interest.

Thus it’s highly possible they won’t install anything because the chances of Mr Miranda using it are –if he has any sense– very very low to non existant. Thus the Spooks are going to know the risk is far to high for any return they may get. Even if they highly encrypt any Spyware and hide it in odd places the probability is that the “celebraty status” of these devices will cause it to be found, in which case a load more adverse publicity will come forward which would at best be politicaly undisirable.

Then there is the possibility that Mr Miranda is actually running a counter espionage gig, after all he knew there were alternative much safer routes from Germany to Brazil that did not involve crossing or stoping in US/UK airspace. Therefor there is a possability that the confiscated devices are all honey-pot traps where all the encrypted data is compleatly faux but all the software and firmware is precisly known so any modifications will be quickly found.

Contrary to what many people think it does not take NSA / GCHQ abillities to clone / modify mobile phone SIMS in fact around one in six supports out of date specifications for backwards compatability and these out of date specifications have very weak security such as using 40bit equivalent DES keys or worse suffering a simple buffer overflow attack that provides the equivalent of a root shell by which the java byte code can be examined changed or modified…

Thus the UK authorities could find it’s their heads that are being messed with not the journalists

And to be honest personaly I think the UK authorities realy have messed up on this. They new fairly well in advance that Mr Miranda was doing a UK change over, so they had plenty of time to prepare. They held Mr Miranda for nine hours which is more than long enough to copy the entire contents of the devices and get them back to Mr Miranda, it was also probably long enough to change chips in the phone and possibly some of the mass storage devices as well.

Thus the whole episode smacks of Keystone Cops, what’s the betting that the UK’s MI5 (Home), MI6 (abroad) and GCHQ (communications) security services were not involved with this idiocy prior to it happening. That is it’s a bit of stupidity cooked up by the Met Police Service and the current Home Office Minister to show they are not impotent idiots where as in fact they’ve shown the exact opposit…

The Question • August 26, 2013 12:44 PM

@AC2 • August 24, 2013 10:39 PM

Oh and NZ was already a member of the Five Eyes program so they are probably vacuuming up the stuff anyway.

The purpose of the bill was just to legalize already-existing operations. Maybe they anticipated that those could get legally challenged in the near future.

Clive Robinson • August 26, 2013 1:58 PM

OFF Topic :

Who remembers the thread where Bruce mentioned the security issues with Tesla cars… Yup it got a little fraught.

Well it appears the Tesla S has “API Problems” which make it vulnerable to hackers…

You can read more from a man that owns one and thus probably knows first hand what the issues are 😉

http://broadcast.oreilly.com/2013/08/authentication-flaws-in-the-tesla-model-s-rest-api.html

Hey just don’t roast me I’m just the messenger 😉

Figureitout • August 27, 2013 12:07 AM

but currently they appear focused on stealing Amature Radio bandwidth to licence off under claims of “National Security” and whilst coming down quite heavily on Amatures who transgrees take little or no action against commercial “licence paying” organisations who transgress into Amature and ISM bands illegaly.
Clive Robinson
–Why can’t they just f*ck off and let us “Amatures” be? Seriously the vast majority of us don’t even encrypt our trans and we don’t use anything near the megawatts some gov’ts are allowed to use. Anytime I ask my dad about the “Ruskie Woodpecker” he gets very irritated, they completely ruined a useful band for worldwide comms for what he thinks was radar.

Goddamit what the hell is the solution? We’re fcked. Like I’m going to trust the cables leading to the “splicing center” and the entire internet is bugged. Stupid fcking politicos at the ITU, worthless; all of them. I hate you all. You can’t really stop some people from getting in your frequencies for reasons of hate.

Sorry for all my “expressive language”, but really I’m very angry.

Figureitout • August 27, 2013 1:39 AM

Semi-interesting article about HAARP and another one saying it’s not shutting down. More research facilities shutting down…

Bruce
–I really like your latest Forbes article. It’s funny you mentioned high schoolers getting disciplined for giving OTC pain relievers to each other; doing just that brought a state investigation on my mother who was a cardiac nurse at a major hospital (she would talk about opening up people’s chests like it’s nothing) and a very natural nurse in her personality. You would not believe the crap (literally) she put up w/ taking care of people’s family members that were about to die. In those situations the nurses cannot force schizophrenics to take their medicines by law so they deal w/ the fun aftermath. Well she quit that job so those poor people who are about to die and get taken care of by people in ways that may be classified as abuse or neglect by some. She also still to this day being her age was able to take care of my dad’s mom who is probably going to die soon, taking her to the restroom every hour all day long (yes at night) as my grandmother was struggling w/ a UTI.

I thought it was one of your best essays yet, and it didn’t need to be extremely long which would thus increase “the complexity” and run the risk that the point would not make it into the heads of people that need it the most.

Figureitout • August 27, 2013 2:53 AM

Clive Robinson
–I don’t know if you meant this or not (I typically assume you do and are 20 steps ahead of me) but this DECT standard you mentioned; keeps talking about “baby monitor” applications, which was a primary topic of a recent Bruce essay. Thus it makes you one of the suspects of hurling obscenities at this poor deaf child you monster 🙂

Steve Summit • August 27, 2013 9:51 AM

New article about an “epic social engineering hack”, in which a (willing, volunteer) victim has his Amazon, AOL, Apple, (etc.) accounts all utterly compromised.

http://www.cbsnews.com/8301-205_162-57600158/amazon-wish-list-is-gateway-to-epic-social-engineering-hack/

I was struck buy the fact that the “victim” had not been careless, had not done anything particularly wrong. The real hole seems to have been Amazon Customer Service. The article closes with a list of suggestions which don’t sound like they would have done much of anything to actually mitigate the attacks used.

paranoid • August 27, 2013 11:02 AM

@Slack • August 23, 2013 4:28 PM

Google, Gmail and Amazon all went offline for a spell in recent days.

Did Google and Amazon go offline at around the same time? Are they maybe on some higher level owned by the same entity?

Clive Robinson • August 28, 2013 2:16 PM

OFF Topic :

The ACLU is chalenging the legality of “metadata” gathering and Ed Felton has produced a very round and solid rebuttal to the “just metadata” argument put out by the NSA and Obama that it’s effectivly harmless,

http://arstechnica.com/tech-policy/2013/08/in-aclu-lawsuit-scientist-demolishes-nsa-its-just-metadata-excuse/

Figureitout • August 28, 2013 9:38 PM

Bruce
–You keep outdoing yourself w/ the Op-Eds; what a stern resounding yet civil (I can’t really contain my language in this area sometimes, there sometimes aren’t any other words to describe it) rejection of the surveillance state in your latest piece. The bit about subverting one’s own company, thus losing control over it, is the most damning and chilling indictment of this hell hole turning our world to an untrusting wasteful place as we encrypt w/ 4096 bit keys, throw compromised machines in landfills instead of recycle and have to turn on our tv’s when were taking a shower and turning own the ovens/toasters/microwaves/random lights to give the “internet of things” crap data not worth analyzing as it expands to physically encompass your physical being and entire life.

Figureitout • August 28, 2013 11:32 PM

Bruce Re: Schools cracking down on children
–Another politico thinks it’s a good idea for drones to escort little kiddies to school. Using that logic, why not escort them in humvees and soldiers w/ m16’s?

JL • August 29, 2013 1:14 AM

http://www.washingtonpost.com/opinions/the-new-paranoia-a-government-afraid-of-itself/2013/08/15/1f3db594-038a-11e3-a07f-49ddc7417125_story.html

This isn’t the first time an effort intended to protect national security has spiraled into something bigger, messier and more dangerous for individual liberty.

xy • August 29, 2013 1:46 PM

‘Zero knowledge’ may answer computer security question

(Phys.org) —In the age of the Internet, it’s getting harder and harder to keep secrets. When you type in your password, there’s no telling who might be watching it go by. New research at Cornell may offer a pathway to more secure communications.
…
“I think zero knowledge proofs are one of the most amazing notions in computer science,” Pass said. “What we have done is to combine it with another notion – that it’s easier to prove that a computation can be done correctly than it is to actually compute it.”

The result is a way to prove that you know something without saying out loud what it is you know. Instead of insecurely typing the password for your bank account, you just prove to the bank that you know the password. You could pass an exam by proving that you know the answer, without actually writing the answer down so the person sitting next to you can’t copy it.

http://phys.org/news/2013-08-knowledge.html

Schneier on Security

Friday Squid Blogging: New Research in How Squids Change Color

Comments

Leave a comment Cancel reply