bullrun

The Infinity Wall: projection mapped illusion in the desert night

It was a projection mapper's dream: a white canvas 30 feet high and wider than a football field. Megavision Arts was able to make the most of it with a dizzying and hypnotic projection mapped lightshow that dazzled the 1200 guests entering the temporary venue in the desert. Read the rest

The NSA's program of tech sabotage created the Shadow Brokers

The more we learn about the Shadow Brokers, who claim to be auctioning off "cyberweapons" that crafted for the NSA's use, the scarier the breach gets: some of the world's biggest security companies are tacitly admitting that the exploits in the Shadow Brokers' initial release can successfully penetrate their products, and they have no fix at hand. Read the rest

Qatar's World Cup stadium is being built by modern slaves

Qatar, one of the worst places in the world to be a worker (even the flight attendants experience human rights abuses), was picked to host the 2022 football world cup by the famously corrupt FIFA organization, despite the physical danger to spectators (and athletes!) from the incredible temperatures. Read the rest

Congress wants to know if agencies were compromised by the backdoor in Juniper gear (and where it came from)

The House Committee on Oversight and Government Reform has asked dozens of agencies in the US government to disclose whether they used switches made by Juniper, the disgraced US network technology giant that had at least two backdoors inserted into the software for one of its most popular product-lines. Read the rest

Juniper blinks: firewall will nuke the NSA's favorite random number generator

In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates -- everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA. Read the rest

Juniper's products are still insecure; more evidence that the company was complicit

It's been a month since Juniper admitted that its firewalls had back-doors in them, possibly inserted by (or to aid) US intelligence agencies. In the month since, Juniper has failed to comprehensively seal those doors, and more suspicious information has come to light. Read the rest

UK law will allow secret backdoor orders for software, imprison you for disclosing them

Under the UK's new Snoopers Charter (AKA the Investigatory Powers Bill), the Secretary of State will be able to order companies to introduce security vulnerabilities into their software ("backdoors") and then bind those companies over to perpetual secrecy on the matter, with punishments of up to a year in prison for speaking out, even in court. Read the rest

Ahmed Mohamed and family will move to Qatar

After the 14 year old maker/tinkerer was arrested on bullshit terrorism charges in his family's adoptive home in the small Texas town of Inving, many Americans spoke up in support of him, including President Obama and Facebook founder Mark Zuckerberg. Read the rest

Smurfs vs phones: GCHQ's smartphone malware can take pics, listen in even when phone is off

In a new episode of the BBC's Panorama, Edward Snowden describes the secret mobile phone malware developed by GCHQ and the NSA, which has the power to listen in through your phone's mic and follow you around, even when your phone is switched off. Read the rest

GCHQ hacking squad worried about getting sued for copyright violation

The British spy-agency targeted anti-virus software and other common applications in reverse-engineering projects aimed at discovering and weaponizing defects in the code. Read the rest

As crypto wars begin, FBI silently removes sensible advice to encrypt your devices

The FBI used to publish excellent advice about encrypting your devices to keep your data secure when your stuff is lost or stolen; this advice has been silently dropped now that FBI Director James Comey is trying to stop manufacturers from using crypto by default. Read the rest

NSA leak reveal plans to subvert mobile network security around the world

The NSA's AURORAGOLD program -- revealed in newly released Snowden docs -- used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security. Read the rest

What's the best way to weaken crypto?

Daniel Bernstein, the defendant in the landmark lawsuit that legalized cryptography (over howls of protest from the NSA) engages in a thought-experiment about how the NSA might be secretly undermining crypto through sabotage projects like BULLRUN/EDGEHILL.

Making sure crypto stays insecure [PDF/Daniel J Bernstein]

(via O'Reilly Radar) Read the rest

Did GCHQ reveal secrets about computer insecurity when it exorcised the Snowden leaks from the Guardian's laptops?

When Prime Minister David Cameron ordered two GCHQ spooks to go the the Guardian's offices and ritually exorcise two laptops that had held copies of the Snowden leaks, we assumed it was just spook-lunacy; but Privacy International thinks that if you look at which components the spies targeted for destruction, there are hints about ways that spies can control computer hardware. Read the rest

Former NSA boss defends breaking computer security (in the name of national security)

For me, the most under-reported, under-appreciated element of the Snowden leaks is the BULLRUN/EDGEHILL program, through which the NSA and GCHQ spend $250,000,000/year sabotaging information security. In a great Wired story, Andy Greenberg analyzes former NSA chief Keith Alexander's defense of the stockpiling of vulnerabilities to attack "bad guys." There is no delusion more deadly than the idea that spies will make us more secure by weakening our computers' security to make it easier to spy on us. Read the rest

Spyware increasingly a part of domestic violence

Australian Simon Gittany murdered his girlfriend, Lisa Harnum, after an abusive relationship that involved his surveillance of her electronic communications using off-the-shelf spyware marketed for purposes ranging from keeping your kids safe to spotting dishonest employees. As Rachel Olding writes in The Age, surveillance technology is increasingly a factor in domestic violence, offering abusive partners new, thoroughgoing ways of invading their spouses' privacy and controlling them.

The spyware industry relies upon computers -- laptops, mobile devices, and soon, cars and TVs and thermostats -- being insecure. In this, it has the same goals as the NSA and GCHQ, whose BULLRUN/EDGEHILL program sought to weaken the security of widely used operating systems, algorithms and programs. Every weakness created at taxpayer expense was a weakness that spyware vendors could exploit for their products.

Likewise, the entertainment industry wants devices that are capable of running code that users can't terminate or inspect, so that they can stop you from killing the programs that stop you from saving Netflix streams, running unapproved apps, or hooking unapproved devices to your cable box.

And Ratters, the creeps who hijack peoples' webcams in order to spy on them and blackmail them into sexual performances, also want computers that can run code that users can't stop. And so do identity thieves, who want to run keyloggers on your computer to get your banking passwords. And so do cops, who want new powers to insert malware into criminals' computers.

There are a lot of ways to slice the political spectrum -- left/right, authoritarian/anti-authoritarian, centralist/decentralist. Read the rest

Why DRM is the root of all evil

In my latest Guardian column, What happens with digital rights management in the real world?, I explain why the most important fact about DRM is how it relates to security and disclosure, and not how it relates to fair use and copyright. Most importantly, I propose a shortcut through DRM reform, through a carefully designed legal test-case. Read the rest

Next page

:)