The Catalan independence movement is being coordinated by an app designed for revolutions

Tsunami Democràtic is a radical, decentralized wing of the resurgent Catalan independence movement, centered around an anonymously authored app designed to coordinate revolutionary uprisings. Read the rest

Doordash's breach is different

One important detail from this week's admission from Doordash that they'd suffered (and remained silent about) a breach of 4.9 million records: Doordash, by its nature, includes the home addresses of people who otherwise avoid disclosing where they live. Read the rest

Permanent Record: Edward Snowden and the making of a whistleblower

I will never forget the moment on June 9, 2013, when I watched a video of a skinny, serious, unshaven man named Edward Snowden introduce himself to the world as the source of a series of blockbuster revelations about US spy agencies' illegal surveillance of the global internet. Please, I thought, be safe. And Please, don't turn out to be an asshole. Read the rest

Adversarial Fashion: clothes designed to confuse license-plate readers

Adversarial Fashions have a line of clothes (jackets, tees, hoodies, dresses, skirts, etc) designed to confound automated license-plate readers; one line is tiled with fake license plates that spell out the Fourth Amendment (!); the designers presented at Defcon this year. (via JWZ) Read the rest

Hong Kong's #612strike uprising is alive to surveillance threats, but its countermeasures are woefully inadequate

The millions of Hong Kong people participating in the #612strike uprising are justifiably worried about state retaliation, given the violent crackdowns on earlier uprisings like the Umbrella Revolution and Occupy Central; they're also justifiably worried that they will be punished after the fact. Read the rest

Research shows that 2FA and other basic measures are incredibly effective at preventing account hijacking

Google has published the results of a study of the efficacy of standard anti-account-hijacking techniques like two-factor authentication (2FA), secret questions, and passwords: the good news is that when these are used, they are incredibly effective at stopping both automated and targeted attacks, including "advanced" attacks of the sort that are often characterized as unstoppable. Read the rest

Secret Service learns why you don't plug strange USB drives into computers

After collaring a woman who got past security at Mar-a-Lago (described by Chris Hayes as President Donald Trump's "bribery palace") the Secret Service found a USB drive in her possession. So they stuck it in a computer to see what was on it.

From the Miami Herald:

Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing. He stated that when another agent put Zhang’s thumb-drive into his computer, it immediately began to install files, a “very out-of-the-ordinary” event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said. The analysis is ongoing but still inconclusive, he testified.

Experts say don't do that.

Jake Williams, founder of Rendition Infosec and former NSA hacker, criticized the agent’s actions “threatened his own computing system and possibly the rest of the Secret Service network." ...

Williams said the best way to forensically examine a suspect USB drive is by plugging the device into an isolated Linux-based computer that doesn’t automatically mount the drive to the operating system.

“We would then create a forensic image of the USB and extract any malware for analysis in the lab,” he said. “While there is still a very small risk that the malware targets Linux, that’s not the normal case.”

Read the rest

What ephemeral messaging is good for

A few years ago, a friend of mine, Nico Sell (who runs the Defcon kids' programming track r00tz) asked me to join the advisory board for her startup, Wickr, which does "ephemeral messaging," a subject that is greatly in the news with Facebook's recent announcement of a new kind of "ephemeral messaging" option. Read the rest

Teen Vogue counsels taping over your webcam to resist FBI (and other) surveillance

As EFF's Eva Galperin notes, Nicole Kobie's story about resisting surveillance by taping over your webcam "proves that once more, the best and most straightforward tech reporting is being done by Teen Vogue." Read the rest

Unemployed 20-year-old who lives with his parents confesses to massive German political dox

When top German officials had their emails and social media hacked and dumped, people wondered whether the attack was some kind of well-financed act of political extremism, given that the targets were so high-profile (even Chancellor Angela Merkel wasn't spared) and that politicians from the neofascist Alternative for Germany were passed over by the hacker. Read the rest

Lawsuit: US citizen suing CBP for coercing him into unlocking his phone during boarding at LAX

Haisam Elsharkawi is a US citizen of Egyptian descent who was travelling to Mecca in 2017 when he was pulled out the boarding line for his flight from LAX by CBP agents who demanded that he unlock his phones; when he refused and asked for a lawyer, he was handcuffed and taken to an interrogation room where he was questioned and bullied until he unlocked his phones; the CBP officers spent 15 minutes paging through his emails, making snarky remarks about his Amazon purchase history and how many unread emails he had, and then let him go. Read the rest

Facebook lured charities to its platform, then abandoned them once they got hacked

Facebook's walled garden/roach motel strategy made it progressively harder and harder for charities to reach supporters on the web, driving them within Facebook's confines, where they devoted thousands of hours to making their Facebook presence attractive and pleasing to Facebook's algorithm. Read the rest

Steganographically hiding secret messages in fake fingerprints

In Towards Construction Based Data Hiding: From Secrets to Fingerprint Images , published in IEEE Transactions on Image Processing (Sci-Hub Mirror), two Fudan University computer scientists propose a fascinating method for hiding encrypted messages in fake fingerprints that are both visually and computationally difficult to distinguish from real ones, which could theoretically allow the use of fingerprint databases to convey secret messages. Read the rest

Hackers can listen to smartphone and computer displays to know what content you're consuming

It's getting more difficult with every passing day to keep from being spied upon by nefarious tools interested in getting their hands on your personal information, creeping on what you're browsing with on your laptop or phone and, if you've not bothered to cover up that webcam, keep tabs on your life as they stream images of your day-to-day doings across the Internet. Thanks to a group of computer-savvy scientists, it looks like there may soon be one more monitoring method that we'll have to watch out for.

From Ars Technica:

Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia": a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens."

Synesthesia, at its core, is pretty much just Van Eck phreaking with a twist. Where Van Eck phreaking typically uses radio signals leaking from display hardware to snoop on what a computer user's perusing, Synesthesia listens for aural emissions from the bits and pieces that are required to power a display. Depending on what you're looking at on your computer's screen, the power being sent out to drive each pixel ramps up or down. This changes the pitch of power running through the display's guts. By capturing this audio for review, using the microphone built into the device or a nearby device like an Amazon Echo or other digital assistant-enabled device (never let one in your house,) it's very possible that a hacker could sort out what you were looking at with a bit of skill and a whole lot of machine learning. Read the rest

Turning the NSA's vintage internal security posters into t-shirts

Techdirt is in the throes of a two-part revelation: 1. the US government's works are public domain and can be freely commercialized, and; 2. many of the weird things that spy agencies make can be turned into ironic, cool, and sometimes fun and/or beautiful objects of commerce. Read the rest

Internet of Battle Things: a militarized IoT where "cognitive bandwidth constraints" require "autonomous cyber agents"

Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years' worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an "Internet of Battle Things" will look like. Read the rest

Help crowdfund the Harlem Cryptoparty and 100 unlimited, privacy-protecting wifi hotspots for Puerto Rico

Calyx is an amazing nonprofit, privacy-oriented activist ISP (they were the first ISP to successfully resist a secret Patriot Act warrant); they are notable for offering an unlimited, unfiltered, unthrottled 4G/wifi hotspot for a tax-deductible $400 year (mine has repeatedly saved my bacon). Read the rest

More posts