NSA Agents Leak Tor Bugs To Developers
I happen to know a highly skilled person working as a security analist. He says his main customer for 0days is the NSA.......
Golly someone connected directly to gwolf has now been outed.
Unless you are Kim Kardashian with 23 million followers a zero
level direct connection might well be an individual name.
Further with 23 million followers for Kim; 600,000 for Robert Scoble;
83,000 for /. ; 42 million for B. Obama.... we are all connected within three
or so degrees of K Bacon
NSA Agents Leak Tor Bugs To Developers
He suggests a massive company like Google or Facebook will eventually have to take up the task of making Tor scale up to millions of users.
If one of those guys gets their hands on it you can forget about using it to hide anything from the government.
"Here's some bugs we've fixed for you guys. Trust us."
Oh yeah, because the current debug team we can trust so much...
There are two parts..
* Here is the bug.
* Here is a bug fix.
The first has a lot of value in an open source community.
The second if taken with blind faith is a potential disaster.
As a pair the time window for attack can be reduced.
Gifts from the NSA are an interesting thing... Some might be triggered
because they have evidence that others have knowledge of the
flaw and are exploiting it. As the need for human intelligence
grows the need for secure communication increases from individuals
(assets) far afield. In that regard bug disclosures would be self
serving but still be quality fixes the Tor community needs.
One important point to me in terms of global security is that
"actions speak louder than words" and if the TLAs like the NSA
pay attention to global bad actors things might find clarity in contrast
to the thought police reaching out four+ degrees of connectivity
for co-conspirators (almost the entire world today)
Speaking about bad actors... our news media outlets seem to
have abandoned all attempts at quality, completeness and
truth. The web does not have time editorial limitations the way
airtime programming does and unedited content should be available.
It is not obvious how one might edit out the payment for cigars
unless the shop is a source of illegal Cubans for the local big
Decades ago news broadcast (Walter Cronkite time frame) news
was a mandate and effectively a cost center not a profit center.
This has gone to stink with the advent of cable and broadcast
outside of the airwaves. But if the FCC can get in the middle
of net neutrality these magazine format sensation and headline
grabbing outlets could find their finances and marketing vastly different.
What You Wish You'd Known Starting Out As A Programmer
I wish I knew about Python, FORTH and Haskell in 1968
when FORTAN, Snowball, Lisp... were the dominant choices.
Implied in this is the dream that students then had access to
tools like a Raspberry Pi and all that implies.
Why... well I am excited by the future and would like to push the
clock ahead 40+ years both hardware and software. I do find the
path of least resistance.
Munich Reverses Course, May Ditch Linux For Microsoft
Well sure -- I do not know but would assert() that MS gave them a major
sales effort. Full court press perhaps with promises and discounts.
Linux is not free. It does take work and is not monolithic.
The biggest gap is one that customers of Munich must bridge
in terms of document tools, multimedia tools, codecs and
even Adobe Flash tools and development.
Having said this it is clear from the most recent blue screen
of death Tuesday updates that any critical business could find
themselves in a monster tangle with a botched patch, an aggressive
zero day attack and any number of other risks. All of which would
be worse if there was only one OS in the house.
Some might recall the old IBM executive directive that overhead
slide presentations be prepared ONLY with a typewriter and only
in black and white. The flood of artistic efforts and costs to contrive
fancier more marketing rich eye catching song and dance presentations
and production company tail wagging the dog expense was diverting
and distracting from the ability to communicate content.
Decades ago at Silicon Graphics there was a move over MAC program
to focus the company and eat your own cooking in the decision making
levels of the company. If an SGI executive could not communicate with
other parts of SGI with ONLY SGI tools customers would have the same
problem and no mater how worthy the hardware could not get the job done.
The important lesson for the world and especially the US to understand
is monoculture is a big risk as any that have looked into the Dutch Elm
disease that killed more trees than Xerox (perhaps an exaggeration).
The attack surface for computers and digital infrastructure and data should
not be in the hands of one company or one QA, or one release test group.
There are a couple of ways to divide and identify the issues and needs.
There are a lot of smart people on /. and we could make some positive
comments --- but hey this is /.
Sniffing Out Billions In US Currency Smuggled Across the Border To Mexico
And interesting specific yet easy to detect substances
could be added to money to make it easy to track from
one place to another. Each of the 12 reserve banks could
use a unique easy to detect substance....
One step beyond serial number records... and one step
beyond ultraviolet and edge stack marks.
Comcast Drops Spurious Fees When Customer Reveals Recording
Listen with care...
Here my Comcast prerecorded announcement states "This conversation may be recorded
for quality assurance." I hit record and say "Thank you for permission to record this conversation
for quality assurance".
Google Spots Explicit Images of a Child In Man's Email, Tips Off Police
Replace "Child Porn" with "Subversive Material" and suddenly it doesn't see like such a good thing, does it?
Or, for you folks who like to "share", copyrighted movies, music, etc.
Or replace with any financial instrument bought and sold.
Remember Martha was locked up over a lost post-it note
that implied that the sale/purchase of such and such a stock
was likely profitable...
Given the interconnectivity of the modern world the vast majority
of the technical community are connected to individuals that know
or MIGHT have access to sensitive financial information.
Any recruiter or resume system that sees a bump in traffic from XYZtech
might assume trouble as the rats flee the ship. They do not even
have to mine it... it is visible.
Social issues, financial, sexual (legal), religious, emotional, medical.....
can be fabricated from real and fabricated content....
Google Spots Explicit Images of a Child In Man's Email, Tips Off Police
There is some trouble lurking here:
"The Electronic Communications Privacy Act (ECPA) [18 U.S.C. Sections 2510-2521, 2701-2710], which was signed into law in 1986, amended the Federal Wiretap Act to account for the increasing amount of communications and data transferred and stored on computer systems. The ECPA protects against the unlawful interceptions of any wire communications--whether it's telephone or cell phone conversations, voicemail, email, and other data sent over the wires. The ECPA also includes protections for messages that are stored--email messages that are archived on servers, for instance. Now, under the law, unauthorized access to computer messages, whether in transit or in storage, is a federal crime." http://www.pbs.org/wgbh/pages/...
It is not clear to me that Google has the legal right to look into email beyond the notion of
presenting marketing content that lines up with a user profile and perhaps a blind data
base match against market content and marketing profiles.
Since CP is illegal no profile or other marketing activity can be sold or participated with
by Google. To me nothing in any market driven activity can generate a CP profile
and match.... the implication is that someone was buying or selling Google services
to engage in CP.
It is possible that an image was discovered and a federal warrant caused Google to
search for a match against a very specific image. The sharing of such images outside
of law enforcement may itself be illegal especially if a service to discover such an image
if Google was paid to search for it.
It is possible that an image transfer to a different suspect or legal honey pot
was detected but that should trigger a search warrant.
As others have pointed out anything seen and disliked or disliked and searched
for but not illegal could trigger a witch hunt. I know individuals that have a
visceral dislike for: Rush Limbaugh, CNN, FoX, Kate Gosselin, Jodi Arias,
Joe Arpaio and some would have inclinations to make accusations if they
thought they could get away with it.
The good thing at this moment is that I do not know enough about this
in any detail so others will have to dig into the reality.
"Secret Serum" Used To Treat Americans With Ebola
Given that Ebola is currently confined to Africa, and that a relatively small number of people have caught it (less than 4000)...and these outbreaks seem to only come along once every 20 years, where was the incentive for the drug company to create this drug? Was it good timing that it has something ready to go just now.
Will each dose be prohibitively expensive to administer in Africa, or it remains to be seen if WHO will foot the bill to the tune of 10's of millions $$.
Not once in 20. Every two years... en.wikipedia.org/wiki/List_of_Ebola_outbreaks
Yes the number of inflicted individuals is too small \ to trigger major financial investment.
Yes the inflicted individuals are mostly too poor to trigger major financial investment!
Yes global risk is so large most research is department of defense funded.
This is so serious and so bad a global risk I dislike thinking about it except that
the world needs to pay attention. Today the context for disease is big $$ pharma
and big $$ agriculture. This has risks so large none with $$ want to touch it
outside of some rarified well funded well secured facilities (a good thing IMO).
Cell Phone Unlocking Is Legal -- For Now
Consider how the EPA has extended its mandate to include the CO2 that you exhale and incur simply by eating and making a living and soon will be carbon taxing you... too. [...] Some historic "solutions" came to light January 27, 1945...
That's cute. But parody is better when it's not so exaggerated. Even the US right wing aren't stupid enough, insane enough, to go around saying that the EPA is going to tax breathing, nor invoke Nazi death camps to condemn US environmental regulations. The premise of the joke has to at least be believable.
Yes a bit of exaggeration yet the relentless move to legislate regulatory agencies that then craft regulations with the power of law is astounding.
The terrible part is that to tear down man bad regulations the entire agency must be dismantled which
does not happen for agencies that mostly do the right things.
The EPA is easy to point fingers at yet they do constantly work to extend their charter and reach.
Of interest was a bunch of EPA mandates involving rainwater runoff in Virginia. The state of Virginia
won the first batch of litigation and the EPA was pushed back. However the fact that rain water catchment
basins do not respect state boundaries. Coal does not respect state boundaries. Fumes from coal and other
fuel fired power plants does not.... Then there was the individual in Oregon that put a rain barrel between his
roof and garden. Oregon felt his roof water run off was property of the state of Oregon.
Bose Sues New Apple Acquisition Beats Over Patent Violations
ALso, noise-cancelling technology isn't unique to, or even invented by BOSE. It's, AFAIK, a military patent.. and used in almost every modern headphone and smartphone made.
But what military?
Of interest if a military design was classified and if someone invented
the same thing how could this be litigated. In some cases the disclosure
need only be a public RFP that implies it is possible for another skilled
in the art to go and do it.
Since the secrecy order covers methods and capabilities it could be
that military hardware designs will never be used to show prior art.
FIrst rumor I heard on noise cancellation was for Israel tank communication
systems. Second was old AT&T stuff in the acoustic labs at bell labs for
The patent system is a closed ecosystem and if no one ever filed a patent
on something invented 2000 years ago by a Roman a patent would get issued
and used to extort funds from small players where the cost of litigation
vs. the cost of paying extortion makes the decision.
The other issue is language. Many inventions use alternative language
to isolate their filing from all others. Multiple devices to virtualize large
storage could be used and not trigger a match from a filing involving
redundant array of inexpensive disks etc...
Technical readers could discover some of these but there is no $$ in doing
it. Some large organizations involved in natural language processing might
crack this open as inventions in many nations are stolen and used
in others. This is hard but translation from IEEE publication to PartentOffice to
Chinese, Russian and more might prove to generate matches of interesting
to national security and industry in general (pick your nation... no fixed answer
is correct here).
US Army To Transport American Ebola Victim To Atlanta Hospital From Liberia
What could go wrong here....
I would love to see retrofit of cast off steel shipping containers
delivered to foreign soil as emergency hot zone mini hospitals.
In some areas of the US we have piles of long and short shipping
containers. Pant white, seal the inside with a tough liner like folk use for
pick up truck beds. Add a solar powered air vent or redundant two
with LED lighting. Airlift with helicopters or truck in on skid trucks.
Room inside for gowns, antibiotics, bleach and basic sanitation kit too.
These and technology like this will be needed in abundance should
Ebola make it to our shores and run amok.
In part we need to find a way do deliver to hot zones world wide
the ability to care for those that need care. This is my current
favorite way to address this need. They can be tied to the earth
with footers and bolted down well enough to endure a hurricane.
Insulation kits (internal or external spray foam) can make them
cold or hot weather tolerant. Screens and doors, mosquito proof
with a simple cutting torch and install kit all inside the box.
Cell Phone Unlocking Is Legal -- For Now
I'm really hoping this is a joke. You realize Congress passes the laws that get to Obama's desk?
Less of a joke than one might think.
Too many laws establish a regulatory framework that then writes regulations
with the force of law. The agency established by the law is under the direct
management control of the executive office.
This is not new with Obama but the recalcitrant congress has made this
more and more visible and "necessary". Consider how the EPA has
extended its mandate to include the CO2 that you exhale and incur simply
by eating and making a living and soon will be carbon taxing you... too.
Some of the worlds worst has been delivered by bureaucratic middle management
given a mandate to solve a problem with little oversight as to how. Some
historic "solutions" came to light January 27, 1945...
Cell Phone Unlocking Is Legal -- For Now
Thankfully Obama passed this, because our congress is do nothing. Now, off to get my Verizon phone unlocked so I can switch to AT&T!
Hmmm off to get my phone unlocked while I can....
FWIW I unlocked my previous AT&T phones (never give one up) bought some prepaid SIM cards with other carriers
and gave their networks a try. Here in the heart of Silly Valley -- we have the worlds worst cell coverage. Too many phones,
too few towers. My most reliable phone is a 15 year old unlocked Nokia flip phone. One charge lasts a full week -- a
replacement battery costs about $7. I power it down... put it in a zip lock bag in clean pair of socks while hiking...
I have been shopping for a modern dumb phone that is it's equal and am having
little luck. I would buy one... voice+text+GPS(for 911 safety) if it had a full week+ of
The dumb thing about smart phones is the battery life.... it stinks.
UK Government Report Recommends Ending Online Anonymity
At a local pizza shop. I placed my order
and paid cash. She asked:
Q: May I have your name sir?
After a while I hear on the speaker.
"Yes, your pizza is ready".
Passport database outage leaves thousands stranded.
Why am I reading about this first on /. and not
on CNN, FoX, ABC, NBR, RT and other news and not news outlets.
This is a big deal.
35% of (American) Adults Have Debt "In Collections"
Time, time, time again this type of information needs
a context of time to tell us anything. Without knowing
what has changed it is difficult to know if this is important
My guess is that this is astoundingly important not because
of employment or finances but because more and more
government agencies and their contracted proxies are
going after peoples deeper pockets with an escalation of
collection fees and a minimization of notification.
So often we hear that a letter has been posted telling
the delinquent payer to pay up. Yet these are non descript
bulk mailings that have no postmark and look like so
much junk mail.
I happen to have a notice for a dog license renewal by an
address in Texas some two time zones away from me.
Now how is it that my local municipality feels free to contract
a collection to a service in another state in a way that gives
that LLC the power to add a tax levy on my home in the form
of a property lean and not tell me.
If these tiny fees that I see from a five dollar bridge toll
to a dog or cat license issued and sent to collection by some
Kafka inspired process that .....
Well if this is what is going on we have trouble right here in river city
Police placing anti-piracy warning ads on illegal sites
To my uneducated in UK law this is hacking to a degree that would
get you in trouble in the US.
It is interesting that I suspect a click through page might be
less illegal in the same way that many search engines give
you a warning page for sites with apparently BAD intentions.
The search engine page presents a link to and not an altered
version of the page. It is the alteration that might be illegal.
Since the ad content is paid for, someone paid for and did not
get what they paid for. This seems to be an open door for
loss of income litigation. It is unclear that these paid ads are
illegal or not but toothpaste advertisements when you see
a big smiling face are not illegal even when the reason for the
big smile is less than responsible.
Time will tell....
Smoking Mothers May Alter the DNA of Their Children
Many viruses affect tulips, causing streaked flowers, mottled leaves, distorted plants and stunted growth.
One evil virus is the tobacco mosaic virus and yes it impacts animals too.
For 50 years that I know many greenhouses for cut flowers have prohibited tobacco products
and sterilize their cutting knives.
Of interest a new virus has been found to infect the gut of many humans. It has only recently
been identified and the value it provides to the human gut is the hot new research topic.
The risks to humans from the the tobacco mosaic virus seem to be ignored in much
of the tobacco cancer research.... I think that is a blunder. I also want to make sure the
Colorado grower associations take precautions to keep the tobacco mosaic virus out
of their herb patches.
US Department of Homeland Security Providing Online Open Source Code Testing
Yes please, but with all things free take with a grain of salt.
The DHS does have a vested interest in the internet infrastructure
working. And also an interest in keeping it free of the worst parasitic
It makes a lot of sense to give this service a test drive and look hard at the comments,
terms and conditions....
I can also think of ways to watermark my own code to make sure
it does what and is what I intend and has not been replaced in
some interesting perhaps criminal way.