Page 403
Months after it was found in August, scientists have dissected a colossal squid. There’s even video.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Apple claims that they can no longer unlock iPhones, even if the police show up with a warrant. Of course they still have access to everything in iCloud, but it’s a start.
EDITED TO ADD (9/19): Android is doing the same thing.
EDITED TO ADD (9/23): Good analysis of iOS 8 and iCloud security.
Earlier this month, there were a bunch of stories about fake cell phone towers discovered around the US. These seem to be IMSI catchers, like Harris Corporation’s Stingray, and are used to capture location information and potentially phone calls, text messages, and smart-phone Internet traffic. A couple of days ago, the Washington Post ran a story about fake cell phone towers in politically interesting places around Washington DC. In both cases, researchers used security software that’s part of CryptoPhone from the German company GSMK. And in both cases, we don’t know who is running these fake cell phone towers. Is it the US government? A foreign government? Multiple foreign governments? Criminals?
This is the problem with building an infrastructure of surveillance: you can’t regulate who gets to use it. The FBI has been protecting Stingray like it’s an enormous secret, but it’s not a secret anymore. We are all vulnerable to everyone because the NSA wanted us to be vulnerable to them.
We have one infrastructure. We can’t choose a world where the US gets to spy and the Chinese don’t. We get to choose a world where everyone can spy, or a world where no one can spy. We can be secure from everyone, or vulnerable to anyone. And I’m tired of us choosing surveillance over security.
If there’s anything that confuses wannabe cryptographers, it’s one-time pads.
In 2008, Yahoo fought the NSA to avoid becoming part of the PRISM program. It eventually lost the court battle, and at one point was threatened with a $250,000 a day fine if it continued to resist. I am continually amazed at the extent of the government coercion.
According to court documents, Dread Pirate Roberts was identified because a CAPTCHA service used on the Silk Road login page leaked the users’ true location.
What’s interesting about this story is not that the cell phone system can track your location worldwide. That makes sense; the system has to know where you are. What’s interesting about this story is that anyone can do it. Cyber-weapons arms manufacturers are selling the capability to governments worldwide, and hackers have demonstrated the capability.
New Zealand is spying on its citizens. Edward Snowden weighs in personally.
The NSA and GCHQ are mapping the entire Internet, including hacking into Deutsche Telekom and other companies.
EDITED TO ADD (9/18): Marcy Wheeler comments on the second story, noting that the NSA uses this capability to map MAC addresses.
Good article on the insecurity of SHA-1 and the need to replace it sooner rather than later.
A 200-pound dead giant squid was found near the coast of Matagorda, Texas. This is only the third giant squid ever found in the Gulf of Mexico.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Sidebar photo of Bruce Schneier by Joe MacInnis.