Steganographically hiding secret messages in fake fingerprints

In Towards Construction Based Data Hiding: From Secrets to Fingerprint Images , published in IEEE Transactions on Image Processing (Sci-Hub Mirror), two Fudan University computer scientists propose a fascinating method for hiding encrypted messages in fake fingerprints that are both visually and computationally difficult to distinguish from real ones, which could theoretically allow the use of fingerprint databases to convey secret messages. Read the rest

Hackers can listen to smartphone and computer displays to know what content you're consuming

It's getting more difficult with every passing day to keep from being spied upon by nefarious tools interested in getting their hands on your personal information, creeping on what you're browsing with on your laptop or phone and, if you've not bothered to cover up that webcam, keep tabs on your life as they stream images of your day-to-day doings across the Internet. Thanks to a group of computer-savvy scientists, it looks like there may soon be one more monitoring method that we'll have to watch out for.

From Ars Technica:

Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia": a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens."

Synesthesia, at its core, is pretty much just Van Eck phreaking with a twist. Where Van Eck phreaking typically uses radio signals leaking from display hardware to snoop on what a computer user's perusing, Synesthesia listens for aural emissions from the bits and pieces that are required to power a display. Depending on what you're looking at on your computer's screen, the power being sent out to drive each pixel ramps up or down. This changes the pitch of power running through the display's guts. By capturing this audio for review, using the microphone built into the device or a nearby device like an Amazon Echo or other digital assistant-enabled device (never let one in your house,) it's very possible that a hacker could sort out what you were looking at with a bit of skill and a whole lot of machine learning. Read the rest

Turning the NSA's vintage internal security posters into t-shirts

Techdirt is in the throes of a two-part revelation: 1. the US government's works are public domain and can be freely commercialized, and; 2. many of the weird things that spy agencies make can be turned into ironic, cool, and sometimes fun and/or beautiful objects of commerce. Read the rest

Internet of Battle Things: a militarized IoT where "cognitive bandwidth constraints" require "autonomous cyber agents"

Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years' worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an "Internet of Battle Things" will look like. Read the rest

Help crowdfund the Harlem Cryptoparty and 100 unlimited, privacy-protecting wifi hotspots for Puerto Rico

Calyx is an amazing nonprofit, privacy-oriented activist ISP (they were the first ISP to successfully resist a secret Patriot Act warrant); they are notable for offering an unlimited, unfiltered, unthrottled 4G/wifi hotspot for a tax-deductible $400 year (mine has repeatedly saved my bacon). Read the rest

Badass Army: revenge-porn survivors teach each other digital and legal self-defense

Battling Against Demeaning & Abusive Selfie Sharing (AKA the Badass Army) is an activist group founded by revenge porn survivor Katelyn Bowden to offer self-defense training against the tactics of traffickers in "involuntary pornography," particularly the loathsome denizens of Anon-IB. Read the rest

Trump's tiny sausage fingers too small to mask his "how to human" crib-sheet for mass shooting presser

On Wednesday, President Trump met with mass-shooting survivors to dismiss their pleas for basic gun safety laws that might negatively impact gun manufacturers' profits by instead proposing stupid shit like filling schools with armed veterans and giving guns to teachers. Read the rest

Australian government's worst-ever state-secrets leak: accidentally selling filing cabinets full of classified docs in a surplus store

Australian national broadcaster ABC has gotten hold of a massive trove of state secrets that were inadvertently sold off in a pair of cheap, locked filing cabinets purchased from a Canberra junk-shop that specialises in government surplus furniture. Read the rest

The in-depth tale of Bylock, the Turkish messenger app whose 1x1 tracking GIF was the basis for tens of thousands of treason accusations

A group of exiled Turkish human rights lawyers have published an in-depth history of how Recep Tayyip Erdogan's Turkish government has described Bylock, an encrypted messenging app, whose 1x1 analytics pixel was used as the basis for accusing tens -- if not hundreds -- of thousands of Turks of treason, with consequences ranging from loss of employment and ostracization to imprisonment, to torture, to suicide. Read the rest

Fitness app releases data-set that reveals the location of sensitive military bases, patrol routes, aircrew flightpaths, and individual soldiers' jogging routes

Strava is a popular fitness route-tracker focused on sharing the maps of your workouts with others; last November, the company released an "anonymized" data-set of over 3 trillion GPS points, and over the weekend, Institute for United Conflict Analysts co-founder Nathan Ruser started a Twitter thread pointing out the sensitive locations and details revealed by the release. Read the rest

NHS okays hospitals and doctors storing patient data on public cloud servers

NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers. Read the rest

Using structured encryption to search protected photos in the cloud

In a recent presentation at the Real World Crypto symposium, researchers affiliated with Brown University and a startup called Pixek presented their work developing an app that encrypts photos at the moment they're taken and uploads them in encrypted form to a cloud server, in such a way that the keys remain on the user's device, meaning the service provider can't view the photos. Read the rest

The FBI and the New York Times warn that smart toys are emissaries from the Internet of Shit

One by one, the New York Times warns of the dangers of every hot smart toy your kids are begging for this Xmas: Furbies, Cayla, kids' smart watches, the ubiquitous Vtech toys (they omit the catastrophic Cloudpets, presumably because that company is out of business now). Read the rest

Snowden helped design an app that turns your old phone into a surveillance device to help solve the "evil maid" problem

In cryptographic and security circles, the "evil maid" problem describes a class of attacks in which a piece of unguarded hardware, is tampered with by someone who gains physical access to it: for example, a hotel chambermaid who can access your laptop while you're out of the room. Read the rest

Security Planner: a peer-reviewed tool to help you figure out your personal digital security plan

The University of Toronto's Citizen Lab (previously) is one of the most effective, most trustworthy expert groups when it comes to investigating the abuse of computers to effect surveillance and sabotage, so the launch of Security Planner, the Lab's peer-reviewed tool that guides you through the creation of a personal security plan, is a game-changing event. Read the rest

Wired releases a surveillance self-defense guide

Wired's new Guide to Digital Security is an excellent addition to the genre of simple-to-follow how-tos for reducing the likelihood that you'll be victimized by computer-assisted crime and harassment, and that if you are, the harms will be mitigated. Read the rest

EFF's Security Education Companion: essential materials for people helping their communities practice good information security

EFF has just launched its new Announcing the Security Education Companion, a beautifully organized, clearly written set of materials to help "people who would like to help their communities learn about digital security but are new to the art of security training." Read the rest

More posts