Facebook provides a suite of turnkey app-building tools for Android that are widely used among the most popular Google Play apps, with billions of combined installs; naturally, these tools create incredibly data-hungry defaults in the apps that incorporate them, so that even before you do anything with an app, it has already snaffled up a titanic amount of data, tied it into your Google Ad ID (which is recycled by Facebook to join up data from different sources) and sent it to Facebook.
Read the rest
Charlie Stross's keynote at the 34th Chaos Communications Congress Leipzig is entitled "Dude, you broke the Future!" and it's an excellent, Strossian look at the future we're barelling towards, best understood by a critical examination of the past we've just gone through.
Read the rest
Adam Harvey, creator of 2012's CV Dazzle project to systematically confound facial recognition software with makeup and hairstyles, presented his latest dazzle iteration, Hyperface, at the Chaos Communications Congress in Hamburg last month. Read the rest
In On Smart Cities, Smart Energy, And Dumb Security -- Netanel Rubin's talk at this year's Chaos Communications Congress -- Rubin presents his findings on the failings in the security of commonly deployed smart meters. Read the rest
Karsten Nohl and Nemanja Nikodijevic's Chaos Communications Congress presentation details their research into becoming a "Secret travel agent": they figured out how to force the various portals to the Global Distribution System to let them know if they've guessed someone's reservation locator code, which they can use to arbitrarily alter your flight plans, sending you to different cities, reseating you, or cancelling your flight. Read the rest
Last month I blogged about Nora Al-Badri and Jan Nikolai Nelles, a pair of artists who released a high-resolution scan of a looted Egyptian bust of Nefertiti in the collection of Berlin's Neues Museum, which has a reputation for refusing to make data from its collection (including 3D scans) public. Read the rest
Update: All is not what it seems: it appears that the artists and the public were duped by a third party into passing off an illicitly obtained official scan as one that had been made by covert means.
Nora Al-Badri and Jan Nikolai Nelles, an Iraqi/German artistic duo, covertly scanned a famous looted Egyptian treasure, the Bust of Queen Nefertiti, from its contested perch in Berlin's Neues Museum. Read the rest
Protonmail is a Swiss pro-privacy email provider that offers end-to-end encyption to its customers. When the Swiss government proposed the Nachrichtendienstgesetzt -- a bill to create a "mini NSA" with the power to effect warrantless mass surveillance, including hacking residents' computers -- the company called on its users and supporters to petition the government for a referendum on the law. Read the rest
On December 30th, someone using an IP address from the 32nd Chaos Communications Congress in Hamburg sent a probe out to every IPv4 address with an open connection on Port 80, consisting of a poem exhorting the reader to "DELETE your logs. Delete your installations. Wipe everything clean, Walk out into the path of cherry blossom trees and let your motherboard feel the stones." Read the rest
Florian Grunow and Niklaus Schiess downloaded the sourcecode for Red Star OS, North Korea's homegrown, paranoid fork of Red Hat's Fedora, a flavor of GNU/Linux. The researchers analyzed the OS and presented their findings to the thirty second Chaos Communications Congress in Hamburg yesterday. Read the rest
A presentation by Starbug at the 31st Chaos Communications Congress (previously) demonstrated a technique for deriving fingerprints from a couple of photographs of your hands. Starbug's proof of concept was a copy of the fingerprints of German Defense Minister Ursula von der Leyen. Read the rest
The Great Firewall of Cameron is supposed to block "extremist" websites, and somehow, the website of the respected, excellent Chaos Computer Club, one of Germany's foremost centers for technology research and political analysis, has been blocked. Read the rest
The Electronic Frontier Foundation's Kurt Opsahl -- a brillliant digital civil liberties attorney who has been suing the US government and the NSA over spying since 2006 -- took to the stage at the 30th Chaos Communications Congress in Hamburg this week to explain in clear and simple language the history of NSA spying. Kurt lays out the tortured legal history of American bulk surveillance, showing how an interlocking set of laws, policies, lies and half-truths have been used to paper over an obviously, grossly unconstitutional program of spying without court oversight or particular suspicion.
If you're mystified by the legal shenanigans that led up to the Snowden and Manning leaks, this is where you should start. And even if you've been following the story closely, Opsahl gives badly needed coherence to the disjointed legal struggle, connecting the dots and revealing the whole picture.
30c3: Through a PRISM, Darkly - Everything we know about NSA spying
Read the rest
Sunday's Snowden leaks detailing the Tailored Access Operations group -- the NSA's exploit-farming, computer-attacking "plumbers" -- and the ANT's catalog of attacks on common computer equipment and software -- were accompanied by a lecture by Jacob Appelbaum at the 30th Chaos Communications Congress. I have seen Jake speak many times, but this talk is extraordinary, even by his standards, and should by watched by anyone who's said, "Well, they're probably not spying on me, personally;" or "What's the big deal about spies figuring out how to attack computers used by bad guys?" or "It's OK if spies discover back-doors and keep them secret, because no one else will ever find them." Read the rest
Yesterday in Hamburg, Glenn Greenwald gave an astounding, must-watch keynote address to the gathered hackers at the 30th Chaos Communications Congress, or 30C3 (Greenwald starts at 4:36). Greenwald excoriated the press for failing to hold the world's leaders to account, describing what he did with the Snowden leaks as challenge to the journalistic status quo as well as the political status quo. This is a leaping-off point for an extended riff on the active cooperation between the press and the national security apparatus, an arrangement calculated to give the appearance of oversight on surveillance activities without any such oversight (for example, BBC reporter expressed shock when he said that the role of the press should be to root out lies from senior spies, saying that generals and senior officials would ever lie to the public). Read the rest
Starbug, the Chaos Computer Club hacker who broke the fingerprint biometric security on the Iphone, has given an interview [German] to CT Magazine detailing the hack, and released a new video showing how he did it. Read the rest
Dawn is breaking over last day of the annual Chaos Communication
Congress in Hamburg, Germany. CCC is the meeting of the Chaos Computer
Club (also CCC), a group of German hackers hanging out together
since 1981. Congress (as it is also known) is one of the great
gatherings of tribes in the hacker world -- which, in the time it has
existed, has gone from being a tiny, sometimes gothy and mathematically
inclined subculture to being a big, elitist community whose work,
values, and aesthetics touch the lives of billions of people. CCC has
grown and flowered with the community. Read the rest