Recent Comments


Note: new comments may take a few minutes to appear on this page.

January 22, 2020 5:08 AM

janu on Blockchain and Trust:

Goodness! Such an astounding and supportive post this is. I outrageously cherish it. It's so great thus amazing. I am simply flabbergasted. I trust that you keep on doing your work like this later on moreover. source

January 22, 2020 3:57 AM

1z0-1047 on Side-Channel Attack against Electronic Locks:

Marks4sure.net 1z0-1047 dumps are a great resource for preparation. The Dumps PDF is also easy, reliable and pretty convenient for revisions. Also, they follow the exact same pattern as the 1z0-1047 certification exam.

January 22, 2020 3:53 AM

Jake Atkins on Identifying Programmers by Their Coding Style:

Yes, in fact, you can understand a lot about a work based on the writing style it has been written with. When I was writing examples of descriptive essays and uploaded my works to our database, they could always be distinguished from others. So, I agree that there are some cons, as plagiarism can always be detected, which is good. I think that earlier there were problems with identifying the uniqueness of the code, and now there will be progress in this direction.

January 22, 2020 3:45 AM

Curious on Brazil Charges Glenn Greenwald with Cybercrimes :

Typos strike again (sigh, I even used the preview button). In the last paragraph, I meant to write:

Seems to me that they maybe don't really know if they want to prosecute about there being a cracking of a password for an encrypted file, or if there was one or more login attempts to access or read documents behind a login/password wall.

January 22, 2020 3:42 AM

Curious on Brazil Charges Glenn Greenwald with Cybercrimes :

Re. that DoJ article. The article states:

"(...)to assist Manning in cracking a password stored on U.S. Department of Defense computers connected to the Secret Internet Protocol Network (SIPRNet), a U.S. government network used for classified documents and communications.

How does it make sense to argue that somebody is "cracking a password stored"? Seems very clumsy, the way this is phrased. How does it make sense to talk about a 'password' being 'stored'?

Can somebody tell me, what do they mean by writing that?

Could the DoJ be fishing, or...

Read More →

January 22, 2020 3:41 AM

1z0-1042 on New Research into Russian Malware:

Marks4sure 1z0-1042 dumps are a great resource for preparation. The Dumps PDF is also easy, reliable and pretty convenient for revisions. Also, they follow the exact same pattern as the 1z0-1042 certification exam.

January 22, 2020 3:34 AM

Clive Robinson on Clearview AI and Facial Recognition:

@ Lurker,

...could this put a heavy boot into selfies?

You would think so but...

The UK's Met Police, have found social media to be a very good way to gather evidence about criminals.

Apparently criminals frequently post "selfies" of themselves and their friends either in the "criminal act" or "with the proceads"...

Back a decade or two ago criminals used to "big it up" down the pub not on social media by "flapping their gums" and some snitch / grass / confidential informant or under cover cop would pass it back to detectives. So...

Read More →

January 22, 2020 3:30 AM

Who? on SIM Hijacking:

@ Rachel

Passwords or tokens are one thing. But, remember the advice from the unix mainframe days. Don't let anyone know your username.

In fact, this one is the reason sometimes email servers allowing local access to them map email aliases to real usernames instead of using the last ones as the public-facing email addresses.

On a more serious side, I know for sure a lot of users on our network have usernames that are clearly stronger than their passwords. No joking. I have identified at least four of them.

January 22, 2020 2:59 AM

Curious on Friday Squid Blogging: Giant Squid Genome Analyzed:

Re. Glenn Greenwald & The Intercept

Strange, I thought I had last night actually posted this link below. It is an older 'The Intercept' article from August 2019.

("Brazil Supreme Court Minister rules to protect press freedom for Glenn Greenwald and The Intercept")
https://theintercept.com/2019/08/08/brazil-supreme-court-glenn-greenwald/

"Minister Mendes’s ruling is only preliminary, but the full court may take months or years to take on the case, so Mendes’s ruling may...

Read More →

January 22, 2020 2:52 AM

Clive Robinson on Brazil Charges Glenn Greenwald with Cybercrimes :

@ Bruce,

With regards Julian Assange, his treatment by the UK authorities is most definately not improving.

He is being held in a high security prison under what might be described as "Special Administrive Measures" whilst the UK Prosecution being clearly driven by "legal experts" from the US Embassy (with gun toting body guards causing issues) with the courts permision make the case against Assange way more complex than it has any reason to be.

The thing about it is that the Prison has effectively denied Assange the basic right to communicate with his legal team,...

Read More →

January 22, 2020 2:28 AM

Clive Robinson on Friday Squid Blogging: Giant Squid Genome Analyzed:

@ SpaceLifeForm,

If people go to the link you gave and scroll to the bottom, it has a warning that suggests you save the page as a PDF.

When you see the two entities mentioned on the warning, you'll know why I said,

    ... it should give you some "background" on what is going on in Brazil, which may well be heading our way in the very near future...

In the UK it is now abundantly clear that the Editor of "The Guardian" has somehow become compromised by the UK security services, and that they and some of the "staff writers" there are on a mission to discredit...

Read More →

January 21, 2020 9:45 PM

65535 on Brazil Charges Glenn Greenwald with Cybercrimes :

Because I still constricted by time - fixing routers, computers and bad MS patches - I briefly looked over Greenwald's rather long Exposé covering over 100 or many 100s of politicians, businessmen, six or more years of investigations, recordings and may countries playing the bribery game, I will have to defer I will have to defer to the experts on his blogs to make a legal determiniation.

I did take a quick look at Wikipedia's article, and found about the same thing. The positive news is "experts" see Greenwald as being in legally correct - regardless of the Brazil police and...

Read More →

January 21, 2020 9:14 PM

AL on Brazil Charges Glenn Greenwald with Cybercrimes :

There are two distinguishable activities involved, one being stealing classified information, and the other, publishing such information.

In the case of Assange, under U.S. law or precedence (Pentagon papers), so long as the publisher only publishes and doesn't involve himself in the stealing of the classified information, he has a defense. But in the case of Assange, if the government's allegation is true, in offering to assist in crack a password, he involved himself in a conspiracy to steal the information, and left himself wide open.

In the case of Greenwald,...

Read More →

January 21, 2020 8:20 PM

Giancarlo Razzolini on Brazil Charges Glenn Greenwald with Cybercrimes :

@David Australia

The aledged "hackers" were using telegram. They accesses the telegram cloud of several authorities, because of a issue with a carrier allowing them to request a password reset for any phone number and since telegram is cloud, they would be able to download all the messages. Looks like they were able to access only for the users that didn't had 2FA on telegram.

Glenn never commented on the source and how he communicated with them. I wouldn't be surprised if the initial contact was through telegram, and them they moved to something else. Not sure we'll know soon.

January 21, 2020 8:02 PM

Electron 007 on Brazil Charges Glenn Greenwald with Cybercrimes :

David Australia • January 21, 2020 7:30 PM

Moderator please keep a watch on Electron 007, their comments here indicate they are on the verge of being even more offensive. And, not for the first time.
I actually suspect they are another formerly banned poster.

The implied discrimination and shadow banning, the censorship and enforcement of codes of mafia omertà and gangster respect reveal that the true aim of The Intercept and its organized criminal associates are opposed to open journalism, freedom, and human rights.

There was an...

Read More →

January 21, 2020 7:47 PM

Rachel on SIM Hijacking:

Passwords or tokens are one thing. But, remember the advice from the unix mainframe days. Don't let anyone know your username.

January 21, 2020 7:43 PM

Rachel on SIM Hijacking:

Space Life Form

love your posts here. You are a really welcome presence
And your occasionally under ther radar references to who you are, who you know, or who may know you (!)

2FA is required for some online services. My suggestion, posted here but one I've not seen anywhere else. Which should be bleedin' obvious, as Clive would say:

use an non-public, non distributed number for the 2FA. This should really become a mainstream recommendation, seeing as the animals bolted out of the barn long ago and 2FA is part of the narrative

Get a SIM...

Read More →

January 21, 2020 7:34 PM

Thoth on Brazil Charges Glenn Greenwald with Cybercrimes :

Regarding the report of how it happened:

"Prosecutors also say that Mr. Greenwald was communicating with the hackers while they were actively monitoring private chats on Telegram, a messaging app."

Which means ... the prosecutors/govts are the supposed hackers that pose as informants for baiting poor Greenwald as my guess.

January 21, 2020 7:30 PM

David Australia on Brazil Charges Glenn Greenwald with Cybercrimes :

Moderator please keep a watch on Electron 007, their comments here indicate they are on the verge of being even more offensive. And, not for the first time.
I actually suspect they are another formerly banned poster. It's the grinding of teeth one can sense

@All

WTF was Greenwald doing using Telegram?! He should surely know much better

January 21, 2020 6:50 PM

Giancarlo Razzolini on Brazil Charges Glenn Greenwald with Cybercrimes :

@Bettynho

You'll be delighted to hear that Brazil has, even though we are among the countries that most kill LGBT people, laws that makes comments like yours a criminal offense. Ever since last year being a homophobic is a crime that's comparable with racism on our entire national territory. Which is more than the US has.

You'll also be delighted to hear that one of our justices from the supreme court already manifested in favor of Glenn. I expect this indictment to fall very soon.

So, happy living spreading your homophobic comments around. But don't come to Brazil...

Read More →

January 21, 2020 6:40 PM

Clive Robinson on SIM Hijacking:

@ K.S.,

I think you doing a bunch of revisionism here.

Sorry no I'm not the one doing "revisionism" here, go back and read what I wrote.

You will find I did not in the slightest talk about how easy or not it was to change somebodies number at any point in time. Which is essentially what the bulk of your posting was about.

What I was explaining was how SMS started to be used on dumb mobiles as an independent side channel.

Whilst it has been possible for any one of tens of thousands of Telco insiders to change a phone network number...

Read More →

January 21, 2020 6:20 PM

lurker on SIM Hijacking:

@Steve, Bruce, All
"It's a classic security vs. usability trade-off. The phone companies want to provide easy customer service for their legitimate customers..."

The heist is a transaction I would never expect to do over the phone, smart or POTS, and I wouldn't expect my phone Co. to do it over the phone either. Even tho' they're a phone Co. I've hung up on callers pretending to be my bank. Just more evidence justifying P.T.Barnum's oft mis-quoted line about under-estimating the intelligence of the American public.

January 21, 2020 6:00 PM

Clive Robinson on Clearview AI and Facial Recognition:

@ Phaete,

So if one were to setup an automated template to roll out several hundred information requests/deletions for the top 250 offending companies, then hosted that publicly. If you get enough people to do it, it would cost those companies a lot of money.

If I remember correctly, some years ago the home address of the self styled "Spam King" became known and "public minded activists"[1] signed him up for anything and everything, and the resulting mail was turning up by the truck load. Giving him the problem of soeting through it to find his actual...

Read More →

January 21, 2020 5:59 PM

lurker on Friday Squid Blogging: Giant Squid Genome Analyzed:

@SpaceLifeForm: No more birds for this Swift apparently
there's a nugget in the dross below that

Russia’s military Astra Linux is really quite cool, [...] It’s built on Debian proving all Linux users are really communists.

January 21, 2020 5:34 PM

Steve on SIM Hijacking:

Bruce sez:

Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours.
An argument to eschew using your phone as a "security measure or backup verification system" if I ever heard one.

January 21, 2020 4:32 PM

Giancarlo Razzolini on Brazil Charges Glenn Greenwald with Cybercrimes :

As a Brazilian, this isn't surprising. We have been spiraling into chaos and the democratic institutions are in trouble. I suspect this indictment won't hold into the higher courts, but it is a dangerous precedent to set. Anyone reading the transcription of Glenn's conversation with one of the allegedly so called "hackers", can see that he's concerned first with the sources protection. But there are 3 things that are worth mentioning. The first one is that this indictment comes less than 12 hours after the central figure on the revelations from Glenn and The Intercept, former judge Moro,...

Read More →

January 21, 2020 3:54 PM

Ross Snider on Brazil Charges Glenn Greenwald with Cybercrimes :

While I'm not a lawyer, these charges seem to me as a layman as very overly broad. As a (renowned) journalist, Greenwald has not done anything that any other journalism outfit regularly does to ensure the operational security of their sources.

The real difference here is that Greenwald worked with sources and to publish information controlled by the government of Brazil because its potential damaging affects, and so the interpretation of the law has been broadened in this indictment for those reasons, and kept narrow for reporting enjoyed by Brazil's executive arm.

In...

Read More →

January 21, 2020 3:39 PM

SpaceLifeForm on SIM Hijacking:

@ Clive

Actually, it does not have to be POTS.

It could be VOIP.

Still, Lightning.

The key is that it is NOT CELL.

January 21, 2020 3:32 PM

SpaceLifeForm on SIM Hijacking:

@ Clive

"The network will let you know if the phone is both on, in range and connected which means that the information needed to send an SMS gets updated in the phone companies location database with valid information before you send out the SMS."

Related.

Try sending a text (SMS) to a POTS number.

Watch how fast SS7 will respond that it is not deliverable.

Lightning.

Therefore, it is easy to enumerate POTS numbers.

January 21, 2020 2:57 PM

Clive Robinson on Friday Squid Blogging: Giant Squid Genome Analyzed:

@ Curious,

Something about Glenn Geenwald being charged by Brazilian authorities:

For entirely unrelated reasons the current political encumbrants in Brazil are attacking all journalists that don't print what the government thinks they should.

Thus in the more traditional way the Brazilian Government is "getting rid of a problem". Unfortunately Glenn is to well known world wide to be taken out by being killed in his home by a "burglary gone wrong" or accidently be shot by a gang fight on the street etc thus other more annoying techniques for the...

Read More →

January 21, 2020 2:37 PM

Sherman Jay on Friday Squid Blogging: Giant Squid Genome Analyzed:

Another view of the 'apples are not secure' 'clouding the issue' article:

New Report Says Apple Dropped Plans To Fully Encrypt Backups After FBI Complained
(Mis)Uses of Technology from the encrypt-all-the-things dept
Tue, Jan 21st 2020 11:58am — Mike Masnick
h t tps://www.techdirt.com/articles/20200121/11384243772/new-report-says-apple-dropped-plans-to-fully-encrypt-backups-after-fbi-complained.shtml


Quick Observation --
MLK Jr.: quality of character, not color of skin

Today maniacs think: color of skin, not quality of character

January 21, 2020 2:33 PM

Clive Robinson on SIM Hijacking:

@ Bruce,

[Service Provider] Companies could make the fraud harder, but it would necessarily also make it harder for legitimate customers to modify their accounts.

You've not mentioned other reasons why the service providers do not want to make it harder.

Firstly the cost of increasing the security especially to stop "insider attacks" would be immense, and gain the service providers no benifit what so ever. Their profit margins are not what they once were, so unless regulation is passed making all service providers put in the required measures it...

Read More →

January 21, 2020 2:26 PM

janu on Blockchain and Trust:

You re in motivation behind truth a without defect site administrator. The site stacking speed is shocking. It kind of feels that you're doing any unmistakable trap. Furthermore, The substance are ideal gem. you have completed a marvelous activity with respect to this issue! forum profil

January 21, 2020 2:08 PM

K.S. on SIM Hijacking:

@Clive Robinson

I think you doing a bunch of revisionism here. I worked for a small VOIP telecom during late 90s, and at the time the procedure for porting was "fax in a form" to transfer any number with hardly any verification. Occasionally honest mistakes would happen and we would fill another form to reverse the change. The only limitation at the time is that you couldn't transfer landline to cell and vice versa. I maintain that it was always easy to steal someone's phone number. This was true before cellphones were a thing and this is still true after smartphones...

Read More →

January 21, 2020 1:38 PM

Clive Robinson on SIM Hijacking:

@ Sok Puppet,

Then some idiots started trying to use phones for Two Factor Authentication(TM), and some even bigger idiots started pushing that cheesy hack as a Universal Best Practice(TM).

I was one of the people who pushed for the use of mobile phones as a seperate side channel for authentication via SMS --unreliable at the time-- or by auto-call[1], back last century.

Now you can shout and scream at me if you wish, but please remember you are judging me and others by a current world view not that of nearly a quater of a century ago....

Read More →

January 21, 2020 1:24 PM

Phaete on Clearview AI and Facial Recognition:

@Clive

I like the idea of making it more expensive for the abusers.
Fines and penalties are one thing, but can only be enforced if backed by correct legal action.

Public disobedience (not the right word but close enough) can also be very effective. I remember people sending bricks through mail to postal free addresses.
Myself i liked to 'return to sender' any unsolicited personally addressed commercial mail, incurring a small cost to them and most stopped sending me commercial mail.

So if one were to setup an automated template to roll out several...

Read More →

January 21, 2020 1:15 PM

Clay_T on SIM Hijacking:

"I think it's more important to protect your data in internet in 21st century. Nowadays all companies use our data as they wish so we need to do smth. Check this out hxxps://procollegeessays.com/examples/importance-of-data-security-and-data-safety/. I found here a lot of interesting. Hope you will also."

Article appears to be a little behind the times.

"...the most used browsers are Internet Explorer and Netscape Navigator."

January 21, 2020 1:03 PM

Winter on SIM Hijacking:

"It's a classic security vs. usability trade-off."

More like the phone companies could not be bothered to do anythong that might hurt this quarter's sales. The customer can be left to reassemble the pieces.

This is not thing in Europe because the phone companies there are held responsible, it seems.

January 21, 2020 12:35 PM

Clive Robinson on Clearview AI and Facial Recognition:

@ Phaete,

And yes, you will get on a list of people that requested their data to be removed (in case they try to add it again...)

And thereby you reveal two potential attacks against the system.

That is how much information is required?

Take my name it's far from unique, I've actually met a couple of people with the same name as me at conferences and exhibitions. One was because somebody paged me, and two of us turned up at the Information desk, much to the confusion of other people.

Thus the attacks,

The more people that...

Read More →

January 21, 2020 12:15 PM

Scumop on Clearview AI and Facial Recognition:

Just an aside on having your data "deleted."

In almost every database, the delete process does not involve removing or overwriting data. They simply set a flag to indicate the record is deprecated. There are good technological reasons for setting this 'do not use' flag such as preventing whats called a cascade delete.

If they use the flag, they should scrub the data as well, but that is pretty rare simply because it is extra work. As you can guess, browsing such data is dead easy with even simple tools. There is also the matter of database backups not being scrubbed of...

Read More →

January 21, 2020 12:02 PM

Noah on SIM Hijacking:

I have a dedicated Google voice number just for 2FA (when there is no better option than text). The account has advanced protection turned on and requires a physical U2F key. Not perfect but a lot better than trusting my phone company.

January 21, 2020 12:00 PM

TRX on 5G Security:

> Signal

Signal claims to be open source, but there's no link to the source code on their web site. There's a github project that claims to be the source, but it's not linked from the Signal site.

They also don't provide the app directly; only through the Google or Apple app stores, which means, at least with Android, you have to pwn your clean LineageOS install with Google's own spyware before you can even download it.

That's two major trust fails, even if the app is legitimate.

January 21, 2020 11:58 AM

SpaceLifeForm on Friday Squid Blogging: Giant Squid Genome Analyzed:

@ Curious

"All on the same boat (earth)"

You can not get off of the boat.

You can not avoid climate change.

The cruise ship you are on provides no refunds for lousy service.

January 21, 2020 11:24 AM

Phaete on Clearview AI and Facial Recognition:

@ATN,

Your examples does not fall into the category of specific, informed and unambiguous consent.

As far as given consent, just send them a legal communication withdrawing that consent.

For cookies and other "yes i agree" buttons on the internet, you might want to try NoScript and uBlock Origin.
NoScript blocks a lot of those consent popups, with uBlock Origin you can hide the consent and obscuring elements and just read the website normally without clicking any consent buttons.

And if you are using windows, you might as well just give up trying to...

Read More →

January 21, 2020 10:50 AM

ATN on Clearview AI and Facial Recognition:

@ Phaete:
You gave consent long time ago when you accepted cookies displaying an unrelated WEB page and did not read the 10 pages long contract that it did involved - before deleting the browser tab because it was completely unrelated information you did never want and had never requested.
Or when you used for the first time a Windows driver on the PC you did buy and refused to know which contract you did sign in to use the keyboard - or upgraded that windows driver "to fix a security issue".

Even when you decide to use GDPR to erase personal info from a company, that...

Read More →

January 21, 2020 10:37 AM

Impossibly Stupid on SIM Hijacking:

@Curious

Seems to me that ones mobile phone infrastructure and services ought to be as safe as banking services online.

Rubbish. The only reason banking services can be safely offered online is because they layer protections on top of a public Internet that is itself inherently insecure. The fact that smart phones have replaced personal computers for a lot of people in the last decade changes nothing in that respect. Prior to that, phones were not deeply tied to individual people, making the entire infrastructure built to be as safe and clean...

Read More →

January 21, 2020 10:05 AM

Phaete on Clearview AI and Facial Recognition:

Things can get interesting if the company ever decides to do business in Europe.
GDPR requires consent for biometric data that can uniquely identify a person.

GDPR art 4 [14]

‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;

GDPR art 4 [11]

‘consent’ of the data subject means any freely given, specific, informed...

Read More →

January 21, 2020 9:54 AM

Nobody on Artificial Personas and Public Discourse:

@MarkH

All you really need are to write up a bunch of mail in ballots, crossing off people who didn't show up if needed. There's no significant party presence in many places, so if you get a plant on the other side, you can go crazy with a couple of people or so. The envelopes are discarded to keep the votes anonymous, so once injected there, you're golden.

Really, if I can figure this stuff out, I bet that Russia can too. Also, I'm pretty sure I saw various photos claiming exactly this kind of scenario before, but it doesn't leave much evidence behind for later...

Read More →

January 21, 2020 8:50 AM

K.S. on SIM Hijacking:

If I design a system where reading tea leaves is used as a second factor authentication, I should be held accountable when such system fails to deliver reliable authentication. It would be entirely unreasonable to fault tea and cup suppliers for shortcomings in my design.

So could someone explain why we expect telecoms, that never been good at security, to offer us a robust foundation for 2FA all while not charging us extra for such service?

I think this failure is entirely on InfoSec architects that never paused to consider how reliable of an authentication would a cell...

Read More →

January 21, 2020 8:44 AM

Curious on Friday Squid Blogging: Giant Squid Genome Analyzed:

"Reuters: Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources"
https://www.reuters.com/article/us-apple-fbi-icloud-exclusive-idUSKBN1ZK1CT

I don't see any reference to a date on this with regard to Reuters having spoken to people at Apple, but I guess this might be semi-recent. This Reuters article is from today though.

"More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone...

Read More →

January 21, 2020 8:14 AM

Sok Puppette on SIM Hijacking:

The really interesting thing about this is how it got to be a Thing(TM).

It's always been easy to do this, but for a long time it flew below the radar. People didn't think it was an issue because it didn't happen. It didn't happen because it was only infrequently valuable.

Then some idiots started trying to use phones for Two Factor Authentication(TM), and some even bigger idiots started pushing that cheesy hack as a Universal Best Practice(TM). That directed massive pressure onto this weak point. Getting control of phone numbers became a "top of mind" issue for criminals....

Read More →

January 21, 2020 8:11 AM

JonKnowsNothing on Clearview AI and Facial Recognition:

Often these sorts of technologies are considered as impacting "the future", which they do but they also impact the past and that's something that gets missed.

There are age progression programs commonly seen on milk cartons for missing persons. They are used in other applications too.

In the case of unsolved crimes or actions that become criminal after the fact (like enhanced interrogation aka torture or state sponsored murders) and finding the names of various participants, these ginormous warehouses of long term images, data traces and geolocation points are going to be...

Read More →

January 21, 2020 7:36 AM

Curious on Friday Squid Blogging: Giant Squid Genome Analyzed:

Btw, on a somewhat unrelated note: George Orwell died on this day many years ago, (on 21. January in 1950).

Perhaps I can be forgiven for plugging the very reference to his essay called:
"Politics and the English language" (about 9 pages).

My own reference being "2005-2006 Standford MLA Application Critical Writing Piece"

A lot of good points being made there in that essay, one of them being "What is above all needed is to let the meaning choose the word, and not the other way around." He also brings up the importance of being 'sincere', or as he puts it...

Read More →

January 21, 2020 7:18 AM

Curious on SIM Hijacking:

Seems to me that ones mobile phone infrastructure and services ought to be as safe as banking services online. I wonder if using bank services online, is as safe in US as in Europe (assuming ofc, one might be allowed to generalize there for a moment).

I will admit, despite all the terrible things in computer security over the years, I guess I feel fairly safe using my bank online. Less when buying stuff online using your credit card.

Ofc, I do remember that moment, when that one guy in an online multiplayer game, a stranger even, asking me how much money I had in my bank....

Read More →

January 21, 2020 6:56 AM

Curious on Friday Squid Blogging: Giant Squid Genome Analyzed:

@SpaceLifeForm

I initially wanted to say something about how problematic the use of the word 'riot' was imo, but it seemed against the spirit of things given MLK and all. I think it is interesting, and presumably it is true, that the police thinks of groups larger than two, as being a part of a riot.

I find your idea of "All on the same boat (earth)" is something I find to be insulting in a way. Please indulge me: I think there is a risk of perversion of hypocricy in arguing that "we are all on the same boat because we live on planet earth". It is a nice thought, but I...

Read More →

January 21, 2020 4:24 AM

MarkH on Artificial Personas and Public Discourse:

@Nobody:

I won't say that you're wrong, but rather account for why my perspective is different.

1. In the U.S., all elections are local (in the sense of being conducted within electoral districts of limited size), and as far as I know, almost all of the polling places operate under the watchful eyes of representatives from the two strangle-hold parties.

These observers have a very keen interest in making sure that nothing happens in the voting process to damage their side ... so in this instance, the absence of evidence is actually quite significant evidence...

Read More →

January 21, 2020 4:02 AM

ATN on Clearview AI and Facial Recognition:

The "nice" thing about these companies are that they are after the money, so if you are a Mafia chief or other "important" man you can pay such company to clean the database - and/or add some "fact" to the database for the police to arrest "non-compliant" people...
Proven by Artificial Intelligence from data in the database, the new level accepted by the courts!

January 21, 2020 2:06 AM

Francisco on Write Down Your Password:

I use a random word (nothing like my mom's name, just something random nobody could easily guess, but not difficult to remember) and I mix it in all my passwords. So, let's say the word is "banana", I could have a password like "X43wwbNBANANA33fg". When I write down that password in paper, I write "X43wwbN****33fg", so, even if someone found my password's notebook, they would have to correctly guess that random word. I write down all my passwords in a notebook I keep at home.

January 21, 2020 12:54 AM

Raymond Mora on Friday Squid Blogging: Squid-Shaped Dog Toy:

Aluminium is a chemical element with the representation Al and microscopic number 13. It is a silvery-white, soft, non-magnetic and ductile metal in the boron group. By mass, aluminum makes up about 8% of the Earth's crust, where it is the third most profuse section and also the most abundant metal

January 20, 2020 10:25 PM

Nobody on Artificial Personas and Public Discourse:

Why are we securing the things that don't actually matter first? Online comments, really? Don't we have a much higher priority here?

Why not for the actual votes themselves. Shouldn't we want to know that only real voters are voting? I know people always say "oh, that never happens" and point to a lack of prosecutions, but it's hard to believe there are nation states interested in interfering with our elections and they will try everything except stuffing ballot boxes? Right, sure, I really believe that Russia can't figure this out. And we surely can't do something basic...

Read More →

January 20, 2020 9:54 PM

Thoth on Friday Squid Blogging: Giant Squid Genome Analyzed:

@Clive Robinson

Re: Lawfare Anti-TOR post

What's the difference between the post by Lawfare and backdoors, key escrow, Secure Chorus ...

They love to use the cases of child harming issues to push their point across and how it ties to harming children as a great shield to hide behind.

No difference between them and FBI, NSA, GCHQ and so on using the exact same rhetoric of child abuse and drug trafficking.

It is sad to see a blog that is suppose to support whistle blowing and privacy has fallen to such a state.

End of the day, I guess it seems...

Read More →

January 20, 2020 8:00 PM

Clive Robinson on Friday Squid Blogging: Giant Squid Genome Analyzed:

@ MarkH, Stephen Welch,

Now, the trajectory has reached its opposite arc: local amateur radio clubs are well-populated by guys of that same vintage, who have retired from the (sadly now much reduced) engineering establishments of the region.

There are at least four basic types of ham,

1, Club social members.
2, Rag chewers.
3, Contesters.
4, Technical tinkerers.

These are not exclusive groups, you can be in some or all of these groups, but it's rare to find someone not in any of them (such as say historical equipment...

Read More →

January 20, 2020 7:19 PM

Anon Y. Mouse on Clearview AI and Facial Recognition:


My decisions to never use Facebook and other social media and my
steadfast avoidance of being included in peoples' photos is looking
better and better.

Time for big, floppy, unisex hats to come into fashion!

January 20, 2020 6:16 PM

SpaceLifeForm on Friday Squid Blogging: Giant Squid Genome Analyzed:

UDP port 18634

To Block, or Not to Block?

That is the question.

Is it a Port Knock?

Or, is there something deeper involved?

hxxps://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

January 20, 2020 5:07 PM

vas pup on Clearview AI and Facial Recognition:

From the article - looks like the weakest link:
"Clearview’s app carries extra risks because law enforcement agencies are uploading sensitive photos to the servers of a company whose ability to protect its data is untested."

Photos from government databases are uploaded to private servers with untested security. Just speechless.

For all suggestion regarding laws: laws are working for honest people who used to follow them. Crooks and criminals of all flavors don't give a s....t about laws. Moreover, laws are working (if at all) only AFTER unpleasant event.

It...

Read More →

January 20, 2020 4:27 PM

SpaceLifeForm on Friday Squid Blogging: Giant Squid Genome Analyzed:

@ vas pup

There is no doubt that MLK understood the issue. That responding to oppression by riot will only to lead to more oppression.

I think most people realize that.

Does not matter where you live, colour, race. Does not matter.

I think 99% of homo sapiens 'get it'.

But, there is that 1% that try to stir pot.

And, at some point, the oppressed can't take it any longer. They are starving. They feel like they have nothing to lose, that they feel defeated. That is when others have to help them as much as they can.

All on the same...

Read More →

January 20, 2020 4:06 PM

Alex A on Clearview AI and Facial Recognition:

Directly from the article:

Another early investor is a small firm called Kirenaga Partners. Its founder, David Scalzo, dismissed concerns about Clearview making the internet searchable by face, saying it’s a valuable crime-solving tool.

“I’ve come to the conclusion that because information constantly increases, there’s never going to be privacy,” Scalzo said.

Excuse me but what the f*ck? Is this the direction we're headed with privacy?

January 20, 2020 3:58 PM

Clive Robinson on Friday Squid Blogging: Stuffed Squid with Vegetables and Pancetta:

@ MarkH,

Will holding the battery warm it enough to get more mA hours out?

Battery chemistry is actually very temperature sensitive. For instance if you try charging a LiPo battery at 32F/0C you will destroy it very very quickly, faster than you would recharging supposadly unrechargable batteries like Zinc/cardon (see below).

The mA rating is generaly based on the overly warm 25C room temprature. And depending on battery technology can have a gradient of 10% for each degree Celsius below that... So yes in winter if you are young with good blood...

Read More →

January 20, 2020 3:49 PM

SpaceLifeForm on Friday Squid Blogging: Giant Squid Genome Analyzed:

@ Curious

There is *ZERO* reason for a small router to have TLS Certificates. None.

If you are physically by the router, connected over ethernet, then you can reach and configure the router via ip address.

There is absolutely no reason to require TLS in order to configure your router.

None. Zilch. Nada.

It is a convenience for dummies that do not understand ip.

January 20, 2020 3:34 PM

MarkH on Securing Tiffany's Move:

@VP

Understood ... it's beyond my powers to predict where the hammer will fall

January 20, 2020 3:30 PM

Electron 007 on Clearview AI and Facial Recognition:

Federal and state law enforcement officers said that while they had only limited knowledge of how Clearview works and who is behind it, they had used its app to help solve shoplifting, identity theft, credit card fraud, murder and child sexual exploitation cases.

Some cops do methamphetamine on duty, and in their own minds they are able to think very, very clearly with the gun at hand in the holster on their hip.

The unrestricted ability to locate a targeted individual anywhere on the face of the earth is not limited to legitimate law enforcement...

Read More →

January 20, 2020 3:26 PM

vas pup on Friday Squid Blogging: Giant Squid Genome Analyzed:

Today is Martin Luther King Jr Day.

That is link to interview with MLK:
https://www.cbsnews.com/news/mlk-a-riot-is-the-language-of-the-unheard/

My attention was caught by those statements which I want to share with all respected bloggers [language as MLK said - no sanitazing - it was 1966, not 2020]:

"I think that we've got to see that a riot is the language of the unheard.

I will never change in my basic idea that non-violence is the most potent weapon...

Read More →

January 20, 2020 3:17 PM

AlexT on Clearview AI and Facial Recognition:

@Bruce,

Just noticed your NYT op-ed on the subject.

I think it is surprisinmgly naive. Again, it is way too late for legislation (and quite frankly do you really think that the US government will, under the excuse of law enforcement, give a pass to such a powerful technology, congress be damned ?).

The sooner we understand that there is not path back from surveillance society the better we will be able to respond to the immense societal changes to come.

January 20, 2020 1:48 PM

vas pup on Upcoming Speaking Engagements:

Hi Bruce,
Recent presentation on C-SPAN2 of new book related to 'morality' of big data sharks is good by both: author and moderator. In particular very interesting questions were asked and very good answers provided including privacy and security (closer to the end of presentation).
Looks like book could be utilized for your policy related activity:
https://www.c-span.org/video/?467773-1/after-words-rana-foroohar


January 20, 2020 1:42 PM

vas pup on Securing Tiffany's Move:

@MarkH - burnt many times when posted information/links related to security at all, e.g. security in prisons (physical), during riots/police work, in mental health facilities, etc. and almost all were sanitized by Moderator.
So, I made conclusion as far post is from IT security the more probability it has the destiny to be sanitized :(
Best,VP

January 20, 2020 12:57 PM

AlexT on Clearview AI and Facial Recognition:

Well I think the cat is out of the bad... the technology can't be "uninvented" and will only become even better (it is already pretty good)! with time.

I don't see a legislative solution either - in the unlikely case of congress passing a law the "five eyes" trick will be simply be put into action again.

I only (very) unperfect response I can see it to mandate for everyone to submit high resolution picture every few years - this will lower false positives and equalize somewhat the playing field. I'd go as far as suggest the same with DNA.

Happy to hear alternative views !

January 20, 2020 12:54 PM

Ross Snider on Clearview AI and Facial Recognition:

ClearView labels themselves as "Search, Not Surveillance". The NSA used the terminology "Bulk Collection, Not Surveillance".

Controlling the narrative through the use of suggestive vocabulary seems to be a widely deployed technique for these efforts. For example, in the United States propaganda is called "strategic communication" (and sometimes "perception management"), through which public conversation about the topic often gets dropped ("America doesn't do propaganda!").

This technique is also reminiscent of Orwell's "newspeak" - an evolution of language intended to...

Read More →

January 20, 2020 11:18 AM

Edu on Clearview AI and Facial Recognition:

I think I know why deepfake is so important for the future of humanity! It’s what’s going to save humanity from being surveilled and always watched by businesses, governments, marketers, institutions, strangers and potentially enemies. Increased surveillance means decreasing trust. If deepfake is perfected where a machine or a human cannot distinguish between a digital picture of a real and machine generated synthetic human face that look look alike, it means no face recognition technology will ever solve this, therefore shaping the value of “face detection, recognition, and tracking”...

Read More →

January 20, 2020 11:11 AM

Clive Robinson on Friday Squid Blogging: Giant Squid Genome Analyzed:

@ Humdee,

Lawfare goes on another rant against Tor hidden services.

It is a disingenuous article.

The authors claim to want to protect whistle blowers and others in what they see is good use of Tor via the client access (ie giving privacy to their traffic).

But the authors want to get rid of "hidden servers" because they see some of them as "bad" (some are used by criminals for criminals etc).

Well the problem with that is that user client traffic can be correlated with ordinary unhiden server site traffic, unmasking a users...

Read More →

January 20, 2020 10:22 AM

JonKnowsNothing on Clearview AI and Facial Recognition:

@Peter A

re: full face mask

This is against the law in a large number of countries. These laws were enacted to acculturate people with a diverse clothing style and backgrounds into western dress and demeanor.

Face masks, full or partial along with wearing or display large(tbd by courts) symbols will land you in the slammer.

If you cover up your face incidentally while traversing a transient face recognition capture point, you will also go to jail for "evading law enforcement".

The depth of enforcement and punishment for breaking these laws vary by country.

January 20, 2020 10:10 AM

Anders on Clearview AI and Facial Recognition:

Let's not forget Russia.

www.themoscowtimes.com/2019/11/12/russia-building-one-of-worlds-largest-facial-recognition-networks-a68139

Russian SearchFace capability example.

habr.com/ru/post/440402/

January 20, 2020 10:01 AM

Peter A. on Clearview AI and Facial Recognition:

China's style surveillance is going to be deployed anyway, if not by mildly oppressive "democratic" governments, then by private companies - from which governments will happily buy services as they please while claiming virginity: "we're not doing mass-surveillance".

Time to walk with full-face mask, or better a fluffy robe fully covering the body, Taliban style, just in case.

In my city there's a problem with smog (has been always, but only quite recently it got attention), so an anti-smog mask may be a good excuse. Add some goggles (protection from UV), and a poncho...

Read More →

January 20, 2020 9:25 AM

MarkH on Friday Squid Blogging: Giant Squid Genome Analyzed:

@Curious:

Simple rule for private keys: anyone who has had even the possibility to see them, must be presumed to be able to sign, decrypt, etc. just as originally authorized party could sign, decrypt, etc.

For important keys in security-conscious organizations, private keys are stored on air-gapped computers where (for example) executable code is loaded, signed, and then a copy mechanically transferred (preferably by optical disk) to networked computers for distribution.

The role of the CA is tangential here: they signed the certificate, so people (or more...

Read More →

January 20, 2020 8:29 AM

MarkH on Friday Squid Blogging: Giant Squid Genome Analyzed:

@Stephen, Clive:

Traditionally (I mean, going back two generations or more) in the U.S. a fair proportion of electronic engineers progressed to the profession by way of amateur radio in their teen years.

Now, the trajectory has reached its opposite arc: local amateur radio clubs are well-populated by guys of that same vintage, who have retired from the (sadly now much reduced) engineering establishments of the region.

Young folks are a rarity there ...

January 20, 2020 7:59 AM

tiger orange white pattern hi-rise leggings on Mail Fishing:

There are also various acting schools and the small screen i.e., the television has opened up avenues in bringing out the talent in the young minds through numerous platforms of music and dance. This is the innovation of the millennium in creating jobs and work in the fashion industry.

Sidebar photo of Bruce Schneier by Joe MacInnis.