Friday Squid Blogging: Squid Eyeballs
Details on how a squid’s eye corrects for underwater distortion:
Spherical lenses, like the squids’, usually can’t focus the incoming light to one point as it passes through the curved surface, which causes an unclear image. The only way to correct this is by bending each ray of light differently as it falls on each location of the lens’s surface. S-crystallin, the main protein in squid lenses, evolved the ability to do this by behaving as patchy colloids—small molecules that have spots of molecular glue that they use to stick together in clusters.
Research paper.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Ben A. • August 11, 2017 4:26 PM
Ad blocking is under attack
An ad server was unblocked by all ad blockers due to a DMCA request against GitHub
If you use EasyList – add this back!
||functionalclam.com^$third-party
https://blog.adguard.com/en/ad-blocking-is-under-attack/
https://blog.getadmiral.com/dmca-easylist-adblock-copyright-access-control-admiral-10-things-to-know/
https://github.com/easylist/easylist/commit/a4d380ad1a3b33a0fab679a1a8c5a791321622b3
Why I Was Fired by Google
He blames the companys ‘ideological echo chamber’
Original article on Imgur for non-WSJ susbcribers
https://www.wsj.com/articles/why-i-was-fired-by-google-1502481290
https://i.imgur.com/bUlGqM6.jpg
Good Lord: Former UK spy boss backs crypto
“A former boss at UK domestic spy arm MI5 has cautioned against a crackdown on encrypted messaging apps.
https://www.theregister.co.uk/2017/08/11/ex_mi5_backs_crypto/
Attacking encrypted USB keys the hard(ware) way
Note: it’s a 16.5 MB PDF
https://cdn.elie.net/talks/analyzing-secure-usb-the-hardware-way-slides.pdf
Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read
http://googleprojectzero.blogspot.com/2017/08/windows-exploitation-tricks-arbitrary.html
How the NSA tracks you – 59 minute video
‘Bill Binney talks about his experiences as Technical Director at the NSA where he had a 34 yr career.’
https://media.ccc.de/v/SHA2017-402-how_the_nsa_tracks_you
vTZ: Virtualizing ARM TrustZone
“Unfortunately, TrustZone is not designed to be virtualizable as there is only one TEE provided by the hardware, which prevents it from being securely shared by multiple virtual machines (VMs).”
http://ipads.se.sjtu.edu.cn/lib/exe/fetch.php?media=publications:vtz.pdf
Re-identifying folks from anonymised data will be a crime in the UK
“The government says “intentionally or recklessly re-identifying individuals from anonymised or pseudonymised data” will be an offence. Those who knowingly handle or process such data will also be committing a crime, it adds.”
https://www.theregister.co.uk/2017/08/07/data_protection_bill_draft/
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/635900/2017-08-07_DP_Bill_-_Statement_of_Intent.pdf
Hotspot Shield VPN injects adverts and JavaScript into browsers
https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf
Palantir developed a surveillance network using police data and then locked in customers
“If these bills pass, they could level the playing field between the company and the public, giving citizens more of the visibility into Palantir’s operations that the company already has into their own lives.”
https://www.wired.com/story/how-peter-thiels-secretive-data-company-pushed-into-policing/
Salesforce “red team” members present tool at Defcon, get fired
“Those two speakers, who presented under their Twitter handles, were Josh “FuzzyNop” Schwartz, Salesforce’s director of offensive security, and John Cramb, a senior offensive security engineer.”
https://arstechnica.com/gadgets/2017/08/salesforce-fires-two-security-team-members-for-presenting-at-defcon/
Kaspersky axes antitrust complaints against Microsoft after Windows giant vows to play nice
AV vendors will: get additional time to test their software for any compatibility issues before new Windows releases, be able to use their own alerts and notifications for product renewal and there will be a persistent notification about product expiration until a choice between renewal or picking another solution is made (instead of an ignorable notification).
https://www.theregister.co.uk/2017/08/10/kaspersky_drops_antitrust_complaint_against_microsoft/
https://www.kaspersky.com/blog/microsoft-addresses-concerns/17942/
https://blogs.windows.com/windowsexperience/2017/08/09/evolving-windows-approach-av-thanks-partner-feedback/#ZgZZaEheOesUHPUY.97
Beware of Security by Press Release
“At issue are claims made by Denver-based security company DirectDefense, which published a report this week warning that Cb Response — a suite of security tools sold by competitor Carbon Black (formerly Bit9) — was leaking potentially sensitive and proprietary data from customers who use its product.”
https://krebsonsecurity.com/2017/08/beware-of-security-by-press-release/
Apple refuses to enable iPhone emergency settings that could save countless lives
“…Apple keeps ignoring requests to enable a feature called Advanced Mobile Location (AML) in iOS. Enabling AML would give emergency services extremely accurate locations of emergency calls made from iPhones…
https://thenextweb.com/apple/2017/08/10/apple-refuses-enable-iphone-settings-save-countless-lives/
Non-Profit Organizations can get Tutanota encrypted email for free
They don’t offer IMAP or DKIM (for custom domains) which is a deal breaker for most organizations
https://tutanota.com/blog/posts/secure-email-for-non-profit
The MSRC 2017 list of “Top 100” security researchers
https://blogs.technet.microsoft.com/msrc/2017/08/07/the-msrc-2017-list-of-top-100-security-researchers/
Preserving the Right to Cognitive Liberty
“A new type of brain-imaging technology could expose — even change — our private thoughts”
https://www.scientificamerican.com/article/preserving-the-right-to-cognitive-liberty/