Boing Boing 

Brute-force iPhone password guesser can bypass Apple's 10-guess lockout

The IP Box costs less than £200 and can guess all possible four-digit passwords in 111 hours.

Read the rest

How Harper's "anti-terror" bill ends privacy in Canada


Michael Geist writes, "Canadian Prime Minister Stephen Harper is fast-tracking a bill that eviscerates privacy protections within the public sector that represents the most significant reduction in public sector privacy protection in Canadian history -- he' blocking the Privacy Commissioner of Canada from appearing as a witness at the committee studying the bill."

Read the rest

Italy's Hacking Team allegedly sold Ethiopia's despots cyberweapons used to attack journalists


Ethopia's despotic regime has become the world's first "turnkey surveillance state," thanks to technology sold to it by western companies, including, it seems, Italy's Hacking Team, whose RCS spyware product is implicated in an attack on exiled, US-based journalists reporting on government corruption.

Read the rest

Three steps to save ourselves from firmware attacks


Following on the news that the (likely NSA-affiliated) Equation Group has developed a suite of firmware attacks that target the software embedded in your hard-drive and other subcomponents, it's time to expand the practice of information security to the realm of embedded software.

Read the rest

VPNs: which ones value your privacy?

Torrentfreak has published its annual survey of privacy-oriented VPN services, digging into each one's technical, legal and business practices to see how seriously they take the business of protecting your privacy.

Read the rest

Shining light on the shadowy, "superhuman" state-level Equation Group hackers


For more than decade, a shadowy, heavily resourced, sophisticated hacker group that Kaspersky Labs calls the Equation Group has committed a string of daring, cutting-edge information attacks, likely at the behest of the NSA.

Read the rest

Anyone who makes you choose between privacy and security wants you to have neither

An excellent op-ed from the Open Rights Group: "When ORG defends privacy, we are fighting to protect people from abuses of power that leave them vulnerable."

Read the rest

Samsung: watch what you say in front of our TVs, they're sending your words to third parties


Part of the Samsung Smarttv EULA: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."

Read the rest

If privacy was really dead, would everyone be trying so hard to kill it?


A reader writes, "SF author Peter Watts writes about the ever-encroaching assault on our privacy and how relocating their arguments from the Internet to meatspace illustrates how ridiculous they are, and reasons to be cheerful because of the governments of the 'free world''s determination to eliminate the last shreds of our privacy."

Read the rest

Shameless: rogue Lords sneak Snooper's Charter back in AGAIN

Last Friday, four rogue Lords copy/pasted the repeatedly defeated "Snooper's Charter" spying bill into a pending bill as an amendment, only to withdraw it on Monday after the Lords were bombarded by an aghast public -- and now, incredibly, these Lords have reintroduced the same language as a new amendment.

Read the rest

Snooper's Charter is dead: let's hammer a stake through its heart and fill its mouth with garlic

We killed the dreadful Snooper's Charter last week, again, for the third or fourth time, depending on how you count -- now how do we keep it from rising from the grave again and terrorizing Britain with the threat of total, ubiquitous, uncontrolled state spying?

Read the rest

What David Cameron just proposed would endanger every Briton and destroy the IT industry

David Cameron says there should be no "means of communication" which "we cannot read" -- and no doubt many in his party will agree with him, politically. But if they understood the technology, they would be shocked to their boots.Read the rest

FBI secretly seeking legal power to hack any computer, anywhere


The Bureau is seeking a rule-change from the Administrative Office of the US Courts that would give it the power to distribute malware, hack, and trick any computer, anywhere in the world, in the course of investigations; it's the biggest expansion of FBI spying power in its history and they're hoping to grab it without an act of Congress or any public scrutiny or debate.

Read the rest

Hong Kong Transparency Database: tracking HK gov't requests to ISPs

The data were extracted from the excellent Hong Kong Transparency Report as well as transparency reports from various online service providers' global transparency reports from 2010 onward-- its shows a steep increase in surveillance requests, and hints that the HK government's stats omit a large slice of its activities.

Read the rest

Meet the spooky tech companies getting rich by making NSA surveillance possible


Wildly profitable companies like Neustar, Subsentio, and Yaana do the feds' dirty work for them, slurping huge amounts of unconstitutionally requisitioned data out of telcos' and ISPs' data-centers in response to secret, sealed FISA warrants -- some of them publicly traded, too, making them a perfect addition to the Gulag Wealth Fund.

Read the rest

Weaseling about surveillance, Australian Attorney General attains bullshit Singularity

Michael writes, "Watching Australia's Attorney-General try to explain why tracking Australians' web histories is not such a big deal resembles listening to a dirty joke told by a ten-year-old, i.e. it leaves one with the distinct impression the speaker is trying to seem like they understand something they've only heard about secondhand."

Read the rest

Back doors in Apple's mobile platform for law enforcement, bosses, spies (possibly)

Jonathan Zdziarski's HOPE X talk, Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices, suggests that hundreds of millions of Iphone and Ipad devices ship from Apple with intentional back-doors that can be exploited by law enforcement, identity thieves, spies, and employers.

Read the rest

Open Rights Group wants to sue UK government over #DRIP, needs your help

Parliament has passed #DRIP, a sweeping, illegal surveillance bill that doubles down on the old surveillance law, which was struck down by the European Court for violating fundamental human rights.

Read the rest

Understanding #DRIP: new spy powers being rammed through UK Parliament


The party line from MPs who are being told by their parties to vote in mass-scale, warrantless surveillance powers is that the law doesn't change anything -- it's a lie.

Read the rest

Cowardice meets arrogance in UK surveillance stitch up

The leadership of the major UK political parties are set to ram through a sweeping surveillance bill without debate or study. It's a perfect storm of cowardice and arrogance, and it comes at a price. Cory Doctorow wants you to do something about it.Read the rest

UK government set to ram through surveillance legislation


The UK government is has put MPs on notice that a bill will be considered and moved on July 14, but they won't say what it is. Veteran Labour MP Tom Watson thinks it's data retention legislation that will enlist the private sector to comprehensively spy on everything you do and save it for long periods, turning it over to the government when asked. And almost no one -- not even MPs -- will get a chance to read the bill right up to the last minute, when they'll be whipped to vote for it by their party leadership.

UK secretary of state: "There is no surveillance state"


UK Secretary of State Theresa May -- part of a regime that presides over a spy service that claims the right to intercept all webmail, search and clicks; that spends hundreds of millions sabotaging Internet security; that dirty-tricks and psy-opses peaceful protest groups;

Read the rest

Researchers publish secret details of cops' phone-surveillance malware


Kaspersky Labs (Russia) and Citizen Lab (University of Toronto) have independently published details of phone-hacking tools sold to police departments worldwide by the Italian firm Hacking Team (here's Kaspersky's report and Citizen Lab's). The tools can be used to attack Android, Ios, Windows Mobile and Blackberry devices, with the most sophisticated attacks reserved for Android and Ios.

The spyware can covertly record sound, images and keystrokes, capture screenshots, and access the phones' storage and GPS. The tools are designed to detect attempts to search for them and to delete themselves without a trace if they sense that they are under attack.

Hacking Team insists that its tools are only sold to "democratic" police forces, but Citizen Lab's report suggests that the tool was used by the Saudi government to target dissidents.

The means of infection is device-specific. If police have physical access, it's simple. Android devices can be attacked by infecting a PC with a virus that installs the police malware when the device is connected to it. This attack also works on jailbroken Iphones.

Read the rest

GCHQ claims right to do warrantless mass interception of all webmail, search and social media


The UK spy agency GCHQ says it doesn't need a warrant to intercept and store all UK social media traffic, search history and webmail because it is headed offshore, so it's "foreign communications". It had kept this interpretation of English and Welsh law a secret until now, and only revealed it after a protracted legal battle with the excellent people at Privacy International and six other civil liberties groups, including Amnesty International, and ACLU.

Read the rest

Anti-forensic mobile OS gets your phone to lie for you

In Android Anti-forensics: Modifying CyanogenMod Karl-Johan Karlsson and William Bradley Glisson present a version of the Cyanogenmod alternate operating system for Android devices, modified so that it generates plausible false data to foil forensic analysis by law enforcement. The idea is to create a mobile phone that "lies" for you so that adversaries who coerce you into letting them take a copy of its data can't find out where you've been, who you've been talking to, or what you've been talking about.

I'm interested in this project but wonder about how to make it practical for daily use. Presently, it maintains a hidden set of true data, and a trick set of false data intended to be fetched by forensic tools. Presumably, this only works until the forensic tools are modified to spot the real data. But you can conceptually imagine a phone that maintains a normal address book and SMS history, etc -- all the things that are useful to have in daily use -- but that, on a certain signal (say, when an alternate unlock code is entered, or after a certain number of failed unlock attempts) scrubs all that and replaces it with plausible deniability data.

Obviously, this kind of thing doesn't work against state-level actors who can subpoena (or coerce) your location data and call history from your carrier, but those people don't need to seize your phone in the first place.

Read the rest

Podcast: News from the future for Wired UK

Here's a reading (MP3) of a short story I wrote for the July, 2014 issue of Wired UK in the form of a news dispatch from the year 2024 -- specifically, a parliamentary sketch from a raucous Prime Minister's Question Time where a desperate issue of computer security rears its head:

Read the rest

Canadian Supreme Court's landmark privacy ruling

The Supreme Court of Canada's ruling in R. v. Spencer sets an amazing precedent for privacy that not only reforms the worst practices of Canadian ISPs and telcos; it also annihilates the Tories' plans to weaken Canadian privacy law into insignificance. The Supremes unanimously held that the longstanding practice of carriers voluntarily handing over subscriber data to cops and government agencies without a warrant was unconstitutional.

The court's decision, written by Harper appointed Justice Thomas Cromwell, takes a nuanced view of privacy, and upholds the importance of anonymity as part of the protected right to privacy.

The Harper government is currently pushing two surveillance bills, C-13 and S-4, which would radically expand the practice of "voluntary" disclosure of subscriber data without a warrant. As Michael Geist writes in an excellent explainer, these bills are almost certainly unconstitutional under this ruling and are likely to die or be substantially reformed.

Read the rest

US Marshals raid Florida cops to prevent release of records of "stingray" surveillance


US Marshals swept into the offices of police in Sarasota, Florida to whisk away records related to operation of "stingray" surveillance tools that the ACLU had requested. The records detailed the farcically low standard for judicial permission to use a stingray (which captures information about the movements, communications and identities of all the people using mobile phones in range of them), and is part of a wider inquiry to their use without a warrant at all -- at least 200 Florida stingray deployments were undertaken without judicial oversight because the police had signed a nondisclosure agreement with the device's manufacturer and they decided that this meant they didn't have to get warrants anymore.

The ACLU has seen a lot of shenanigans in respect of its campaign to document the use and abuse of stingrays, but this is a cake-taker: "We’ve seen our fair share of federal government attempts to keep records about stingrays secret, but we’ve never seen an actual physical raid on state records in order to conceal them from public view."

Read the rest

Warrantless spying makes spying-with-a-warrant impossible

Tim Bray's taxonomy of privacy levels makes a compact and compelling argument that the existence of warrantless spying and security sabotage is what drives people to adopt cryptographic techniques that can't be broken even with a warrant.

Did GCHQ reveal secrets about computer insecurity when it exorcised the Snowden leaks from the Guardian's laptops?


When Prime Minister David Cameron ordered two GCHQ spooks to go the the Guardian's offices and ritually exorcise two laptops that had held copies of the Snowden leaks, we assumed it was just spook-lunacy; but Privacy International thinks that if you look at which components the spies targeted for destruction, there are hints about ways that spies can control computer hardware.

Read the rest