Skip to main content

Posts

Showing posts with the label surveillance

EU says Pee-Yoo to transatlantic data sharing

Over in Europe, Irish Data Protection Commissioner Helen Dixon has just succeeded in her push to prevent Facebook from transferring data on European users back to the United States . At issue is a series of data transfer agreements between the EU and the US; it is the (reasonable) contention of Commissioner Dixon that the United State's regime of warrantless spying makes Facebook unable to comply with the data sharing arrangement required by the EU. Ireland may not seem like a major global hub for Big Data and telecom firms, but it very much is. The Emerald Isle's famous "Celtic Tiger" economic push successfully attracted some of the largest technology firms in the world with low taxes and easy regulations. But the times, they are a-changin'. This is the latest wrinkle in an ongoing battle over privacy regulations responsible for protecting European user data that traverses the Atlantic, but not the first. In September of last year, Commissioner Dixon had released

NSA Leak Bust Points to State Surveillance Deal with Printing Firms

Earlier this week a young government contractor named Reality Winner was accused by police of leaking an internal NSA document to news outlet The Intercept. The documents outline the intelligence community's take on Russian efforts to hack a variety of companies responsible for facilitating US election voting. You can read the documents here . Despite what anyone might have to say about the issue on Twitter, an arrest involving an accusation of any crime by any law enforcement agency in any country is not evidence of guilt. Even the most circumspect appraisal of the US justice system will reveal that tens of thousands of individuals are arrested every year only to have those charges *immediately* dismissed by a court, while nearly everyone who actually is *convicted* of a crime in this country has their charges reduced. Even in cases in which individuals have been convicted of the the most serious capitol crimes, courts have been forced to release dozens of individuals after DNA

Afternoon Links 8/4/2015

I am a victim of my nostalgia. Yesterday, I revived a years-old post in which I provided bloggees with some of the latest Windows activation keys to update the data for Windows 10. I figured I might as well dredge up another bit I had let fall by the wayside; Weekly links ! Exciting, I know.    - Yahoo's ad network and Microsoft Azure's web hosting service were abused to circulate an enormous flood of malicious software . Malwarebytes is being credited with the discovery - which is a little amusing because Malwarebytes has for had their own issues with security   for many years. h/t Washington Post     - Planned Parenthood and a variety of other related organizations were brought offline by a sustained series of DDoS attacks .  In what may or may not have been the work of the same group of individuals, someone has claimed they have hacked Planned Parenthood and retrieved an employee list database of some kind or another .      AFAIK, this sort of thing is new to the abor

Privacy is for closers says Microsoft

Heres part of the Microsoft's 12,000 word ToS for Windows 10: Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we

Gogo Inflight Internet Using SSL Exploit for Customer Surveillance

For many years in the IT community, it was assumed that time spent travelling on an airplane was wasted. At best, you could make do with expensive and often-unreliable cell network coverage for connectivity. Even that was an issue, though, because of the airline's histrionic and decades-out-of-date concern that electronic devices interfered with flight navigation equipment. On top of having to pay a premium for unreliable service, you had to be sneaky about it, as well. Some of us handled the situation better than others So when in-flight internet services first started to become integrated to major airline fleets en masse, many tech people applauded. Those of us who had to attend trade shows, travel to meet customers or were responsible for multiple data center locations could get things done as we bounced back and forth across the country.  The bandwidth was every bit as expensive as roaming cell network charges, regularly more expensive, but the planes were being equipped

Why is the Washington Post Publishing Pro-Surveillance Propaganda? Can Government Surveillance Revelations Decrease Encryption Adoption?

For the last few days I've had great fun watching James Comey and his pack of Keystone Cyber Cops failing to convince the world that they should be CC'd on everyone's calls, tweets and texts and generally exposing himself as the incompetent, braying ass that he is. Keep in mind the camera adds 10 pounds Dan Froomkin and Natasha Vargas-Cooper over at The Intercept  exposing each of the examples that Comey used to indicate the necessity for breaking cell phone encryption as fabricated - the cases were real, but none of them relied on cell phones or computers to obtain a conviction. In one case of infanticide, the parents who were eventually found guilty had been previously convicted of child cruelty and had the deceased child previously taken from their custody for neglect. Not only did the state not need to read the parents' phones for evidence, if they had read their own files  and demonstrated some inter-agency cooperation they could very likely have prevent

The Guardian Calls Bullsh*t on Whisper; Whisper Calls Bullsh*t on Guardian

Big drama today re: the popular messaging app Whisper. Whisper markets itself as anonymous, calling itself “the safest place on the internet”. But The Guardian disagrees. This morning the influential British newspaper published a story alleging that whisper tracks the geographic location of users who have requested that such tracking be disabled - even more alarming, the Guardian claims that Whisper provides location data to the US Department of Defense about Whisper messages sent from military bases, ostensibly to identify whistleblowers. The Guardian also stated that Whisper sends user data to the FBI and MI5. Whisper's terms of service changed after they found out that the Guardian was moving to publish. Now their TOS explicitly allows user tracking regardless of settings. Neetzan Zimmerman , speaking for the Whisper corporate office, has responded with a series of online pronouncements that were full of sound and fury; calling the story a "pack of lies" that w

NSA Targets Systems Administrators with no Relations to Extremism

The Details This is a bit of an old story, but I've found to my unpleasant surprise that the issues surrounding the story are not widely understood or known. Here's the gist: leaks from the US intelligence service have explicilty confirmed that the NSA targets systems administrators that have no ties to terrorism or extremist politics . If you are responsible for building and maintaining networks, the NSA will place you under surveillance both personally or professionally; they will hack your email, social network accounts and cell phone. The thinking behind this alarming strategy is that compromising a sysadmin provides root-level access to systems that enable further surveillance; hack an extremist's computer, and you track just that extremist. Hack a sysadmin's computer, and you can track thousands of users who may include extremists among them (its a strategy that is remarkably similar to the targeting of doctors in war zones ). Five years ago such a lead paragr

Best to Hush on the Bus - Cities Across the US Install Surveillance Equipment on Public Transit

This IP camera with microphone , the Safety Vision SVC2200, is being installed on buses in San Francisco, California; Eugene, Oregon; Traverse City, Michigan; Columbus, Ohio; Baltimore Maryland; Hartford, Connecticut; and Athens, Georgia. The microphones are sensitive enough to record conversations audibly. This leads one to wonder what such technology could possibly be used for. Cameras can be used for evidence in cases of violent crime. Recordings are not nearly as important in establishing proof of violence as they are in assisting with more subversive forms of surveillance. No doubt this information is headed in a roundabout way to your local DHS "Fusion Center", where it will be shuffled, cataloged and shuffled again. The IP cameras are listed as supporting the following protocols: IPv4/v6, TCP/IP, UDP, RTP, RTSP, HTTP, HTTPS, ICMP, FTP, SMTP, DHCP, PPPoE, UPnP, IGMP, SNMP, QoS & ONVIF, although one wonders in what capacity they 'support' QoS ... a few of t