What ephemeral messaging is good for

A few years ago, a friend of mine, Nico Sell (who runs the Defcon kids' programming track r00tz) asked me to join the advisory board for her startup, Wickr, which does "ephemeral messaging," a subject that is greatly in the news with Facebook's recent announcement of a new kind of "ephemeral messaging" option. Read the rest

Teen Vogue counsels taping over your webcam to resist FBI (and other) surveillance

As EFF's Eva Galperin notes, Nicole Kobie's story about resisting surveillance by taping over your webcam "proves that once more, the best and most straightforward tech reporting is being done by Teen Vogue." Read the rest

Unemployed 20-year-old who lives with his parents confesses to massive German political dox

When top German officials had their emails and social media hacked and dumped, people wondered whether the attack was some kind of well-financed act of political extremism, given that the targets were so high-profile (even Chancellor Angela Merkel wasn't spared) and that politicians from the neofascist Alternative for Germany were passed over by the hacker. Read the rest

Lawsuit: US citizen suing CBP for coercing him into unlocking his phone during boarding at LAX

Haisam Elsharkawi is a US citizen of Egyptian descent who was travelling to Mecca in 2017 when he was pulled out the boarding line for his flight from LAX by CBP agents who demanded that he unlock his phones; when he refused and asked for a lawyer, he was handcuffed and taken to an interrogation room where he was questioned and bullied until he unlocked his phones; the CBP officers spent 15 minutes paging through his emails, making snarky remarks about his Amazon purchase history and how many unread emails he had, and then let him go. Read the rest

Facebook lured charities to its platform, then abandoned them once they got hacked

Facebook's walled garden/roach motel strategy made it progressively harder and harder for charities to reach supporters on the web, driving them within Facebook's confines, where they devoted thousands of hours to making their Facebook presence attractive and pleasing to Facebook's algorithm. Read the rest

Steganographically hiding secret messages in fake fingerprints

In Towards Construction Based Data Hiding: From Secrets to Fingerprint Images , published in IEEE Transactions on Image Processing (Sci-Hub Mirror), two Fudan University computer scientists propose a fascinating method for hiding encrypted messages in fake fingerprints that are both visually and computationally difficult to distinguish from real ones, which could theoretically allow the use of fingerprint databases to convey secret messages. Read the rest

Hackers can listen to smartphone and computer displays to know what content you're consuming

It's getting more difficult with every passing day to keep from being spied upon by nefarious tools interested in getting their hands on your personal information, creeping on what you're browsing with on your laptop or phone and, if you've not bothered to cover up that webcam, keep tabs on your life as they stream images of your day-to-day doings across the Internet. Thanks to a group of computer-savvy scientists, it looks like there may soon be one more monitoring method that we'll have to watch out for.

From Ars Technica:

Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia": a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens."

Synesthesia, at its core, is pretty much just Van Eck phreaking with a twist. Where Van Eck phreaking typically uses radio signals leaking from display hardware to snoop on what a computer user's perusing, Synesthesia listens for aural emissions from the bits and pieces that are required to power a display. Depending on what you're looking at on your computer's screen, the power being sent out to drive each pixel ramps up or down. This changes the pitch of power running through the display's guts. By capturing this audio for review, using the microphone built into the device or a nearby device like an Amazon Echo or other digital assistant-enabled device (never let one in your house,) it's very possible that a hacker could sort out what you were looking at with a bit of skill and a whole lot of machine learning. Read the rest

Turning the NSA's vintage internal security posters into t-shirts

Techdirt is in the throes of a two-part revelation: 1. the US government's works are public domain and can be freely commercialized, and; 2. many of the weird things that spy agencies make can be turned into ironic, cool, and sometimes fun and/or beautiful objects of commerce. Read the rest

Internet of Battle Things: a militarized IoT where "cognitive bandwidth constraints" require "autonomous cyber agents"

Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years' worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an "Internet of Battle Things" will look like. Read the rest

Help crowdfund the Harlem Cryptoparty and 100 unlimited, privacy-protecting wifi hotspots for Puerto Rico

Calyx is an amazing nonprofit, privacy-oriented activist ISP (they were the first ISP to successfully resist a secret Patriot Act warrant); they are notable for offering an unlimited, unfiltered, unthrottled 4G/wifi hotspot for a tax-deductible $400 year (mine has repeatedly saved my bacon). Read the rest

Badass Army: revenge-porn survivors teach each other digital and legal self-defense

Battling Against Demeaning & Abusive Selfie Sharing (AKA the Badass Army) is an activist group founded by revenge porn survivor Katelyn Bowden to offer self-defense training against the tactics of traffickers in "involuntary pornography," particularly the loathsome denizens of Anon-IB. Read the rest

Trump's tiny sausage fingers too small to mask his "how to human" crib-sheet for mass shooting presser

On Wednesday, President Trump met with mass-shooting survivors to dismiss their pleas for basic gun safety laws that might negatively impact gun manufacturers' profits by instead proposing stupid shit like filling schools with armed veterans and giving guns to teachers. Read the rest

Australian government's worst-ever state-secrets leak: accidentally selling filing cabinets full of classified docs in a surplus store

Australian national broadcaster ABC has gotten hold of a massive trove of state secrets that were inadvertently sold off in a pair of cheap, locked filing cabinets purchased from a Canberra junk-shop that specialises in government surplus furniture. Read the rest

The in-depth tale of Bylock, the Turkish messenger app whose 1x1 tracking GIF was the basis for tens of thousands of treason accusations

A group of exiled Turkish human rights lawyers have published an in-depth history of how Recep Tayyip Erdogan's Turkish government has described Bylock, an encrypted messenging app, whose 1x1 analytics pixel was used as the basis for accusing tens -- if not hundreds -- of thousands of Turks of treason, with consequences ranging from loss of employment and ostracization to imprisonment, to torture, to suicide. Read the rest

Fitness app releases data-set that reveals the location of sensitive military bases, patrol routes, aircrew flightpaths, and individual soldiers' jogging routes

Strava is a popular fitness route-tracker focused on sharing the maps of your workouts with others; last November, the company released an "anonymized" data-set of over 3 trillion GPS points, and over the weekend, Institute for United Conflict Analysts co-founder Nathan Ruser started a Twitter thread pointing out the sensitive locations and details revealed by the release. Read the rest

NHS okays hospitals and doctors storing patient data on public cloud servers

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest

Using structured encryption to search protected photos in the cloud

In a recent presentation at the Real World Crypto symposium, researchers affiliated with Brown University and a startup called Pixek presented their work developing an app that encrypts photos at the moment they're taken and uploads them in encrypted form to a cloud server, in such a way that the keys remain on the user's device, meaning the service provider can't view the photos. Read the rest

More posts