Skip to main content

Home/ Future of the Web/ Group items tagged 2016

Rss Feed Group items tagged

Paul Merrell

The New Snowden? NSA Contractor Arrested Over Alleged Theft Of Classified Data - 0 views

  • A contractor working for the National Security Agency (NSA) was arrested by the FBI following his alleged theft of “state secrets.” More specifically, the contractor, Harold Thomas Martin, is charged with stealing highly classified source codes developed to covertly hack the networks of foreign governments, according to several senior law enforcement and intelligence officials. The Justice Department has said that these stolen materials were “critical to national security.” Martin was employed by Booz Allen Hamilton, the company responsible for most of the NSA’s most sensitive cyber-operations. Edward Snowden, the most well-known NSA whistleblower, also worked for Booz Allen Hamilton until he fled to Hong Kong in 2013 where he revealed a trove of documents exposing the massive scope of the NSA dragnet surveillance. That surveillance system was shown to have targeted untold numbers of innocent Americans. According to the New York Times, the theft “raises the embarrassing prospect” that an NSA insider managed to steal highly damaging secret information from the NSA for the second time in three years, not to mention the “Shadow Broker” hack this past August, which made classified NSA hacking tools available to the public.
  • Snowden himself took to Twitter to comment on the arrest. In a tweet, he said the news of Martin’s arrest “is huge” and asked, “Did the FBI secretly arrest the person behind the reports [that the] NSA sat on huge flaws in US products?” It is currently unknown if Martin was connected to those reports as well.
  • It also remains to be seen what Martin’s motivations were in removing classified data from the NSA. Though many suspect that he planned to follow in Snowden’s footsteps, the government will more likely argue that he had planned to commit espionage by selling state secrets to “adversaries.” According to the New York Times article on the arrest, Russia, China, Iran, and North Korea are named as examples of the “adversaries” who would have been targeted by the NSA codes that Martin is accused of stealing. However, Snowden revealed widespread US spying on foreign governments including several US allies such as France and Germany. This suggests that the stolen “source codes” were likely utilized on a much broader scale.
Paul Merrell

The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rig... - 0 views

  • 1. Executive Summary Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”).  On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers.  We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government-exclusive “lawful intercept” spyware product.  NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management. The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.  We are calling this exploit chain Trident.  Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.   We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign, making this a rare find.
  • The Trident Exploit Chain: CVE-2016-4657: Visiting a maliciously crafted website may lead to arbitrary code execution CVE-2016-4655: An application may be able to disclose kernel memory CVE-2016-4656: An application may be able to execute arbitrary code with kernel privileges Once we confirmed the presence of what appeared to be iOS zero-days, Citizen Lab and Lookout quickly initiated a responsible disclosure process by notifying Apple and sharing our findings. Apple responded promptly, and notified us that they would be addressing the vulnerabilities. We are releasing this report to coincide with the availability of the iOS 9.3.5 patch, which blocks the Trident exploit chain by closing the vulnerabilities that NSO Group appears to have exploited and sold to remotely compromise iPhones. Recent Citizen Lab research has shown that many state-sponsored spyware campaigns against civil society groups and human rights defenders use “just enough” technical sophistication, coupled with carefully planned deception. This case demonstrates that not all threats follow this pattern.  The iPhone has a well-deserved reputation for security.  As the iPhone platform is tightly controlled by Apple, technically sophisticated exploits are often required to enable the remote installation and operation of iPhone monitoring tools. These exploits are rare and expensive. Firms that specialize in acquiring zero-days often pay handsomely for iPhone exploits.  One such firm, Zerodium, acquired an exploit chain similar to the Trident for one million dollars in November 2015. The high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting. Remarkably, this case marks the third commercial “lawful intercept” spyware suite employed in attempts to compromise Mansoor.  In 2011, he was targeted with FinFisher’s FinSpy spyware, and in 2012 he was targeted with Hacking Team’s Remote Control System.  Both Hacking Team and FinFisher have been the object of several years of revelations highlighting the misuse of spyware to compromise civil society groups, journalists, and human rights workers.
Gonzalo San Gil, PhD.

Internet Users in OECD Countries - 2016 - 0 views

  •  
    "NOTES: (1) OECD Countries Internet User Statistics were updated for June 30, 2016. (2) Growth percentage represents the increase in the number of Internet users between the years 2000 and 2016. (3) The most recent user information comes from data published by Facebook, International Telecommunications Union, official country telecom reports, and other trustworthy research sources. (4) Data from this site may be cited, giving the due credit and establishing a link back to www.internetworldstats.com. Copyright © 2016, Miniwatts Marketing Group. All rights reserved worldwide."
Paul Merrell

ACLU Demands Secret Court Hand Over Crucial Rulings On Surveillance Law - 0 views

  • The American Civil Liberties Union (ACLU) has filed a motion to reveal the secret court opinions with “novel or significant interpretations” of surveillance law, in a renewed push for government transparency. The motion, filed Wednesday by the ACLU and Yale Law School’s Media Freedom and Information Access Clinic, asks the Foreign Intelligence Surveillance Act (FISA) Court, which rules on intelligence gathering activities in secret, to release 23 classified decisions it made between 9/11 and the passage of the USA Freedom Act in June 2015. As ACLU National Security Project staff attorney Patrick Toomey explains, the opinions are part of a “much larger collection of hidden rulings on all sorts of government surveillance activities that affect the privacy rights of Americans.” Among them is the court order that the government used to direct Yahoo to secretly scanits users’ emails for “a specific set of characters.” Toomey writes: These court rulings are essential for the public to understand how federal laws are being construed and implemented. They also show how constitutional protections for personal privacy and expressive activities are being enforced by the courts. In other words, access to these opinions is necessary for the public to properly oversee their government.
  • Although the USA Freedom Act requires the release of novel FISA court opinions on surveillance law, the government maintains that the rule does not apply retroactively—thereby protecting the panel from publishing many of its post-9/11 opinions, which helped create an “unprecedented buildup” of secret surveillance laws. Even after National Security Agency (NSA) whistleblower Edward Snowden revealed the scope of mass surveillance in 2013, sparking widespread outcry, dozens of rulings on spying operations remain hidden from the public eye, which stymies efforts to keep the government accountable, civil liberties advocates say. “These rulings are necessary to inform the public about the scope of the government’s surveillance powers today,” the ACLU’s motion states.
  • Toomey writes that the rulings helped influence a number of novel spying activities, including: The government’s use of malware, which it calls “Network Investigative Techniques” The government’s efforts to compel technology companies to weaken or circumvent their own encryption protocols The government’s efforts to compel technology companies to disclose their source code so that it can identify vulnerabilities The government’s use of “cybersignatures” to search through internet communications for evidence of computer intrusions The government’s use of stingray cell-phone tracking devices under the Foreign Intelligence Surveillance Act (FISA) The government’s warrantless surveillance of Americans under FISA Section 702—a controversial authority scheduled to expire in December 2017 The bulk collection of financial records by the CIA and FBI under Section 215 of the Patriot Act Without these rulings being made public, “it simply isn’t possible to understand the government’s claimed authority to conduct surveillance,” Toomey writes. As he told The Intercept on Wednesday, “The people of this country can’t hold the government accountable for its surveillance activities unless they know what our laws allow. These secret court opinions define the limits of the government’s spying powers. Their disclosure is essential for meaningful public oversight in our democracy.”
Paul Merrell

'Pardon Snowden' Campaign Takes Off As Sanders, Ellsberg, And Others Join - 0 views

  • Prominent activists, lawmakers, artists, academics, and other leading voices in civil society, including Sen. Bernie Sanders (I-Vt.), are joining the campaign to get a pardon for National Security Agency (NSA) whistleblower Edward Snowden. “The information disclosed by Edward Snowden has allowed Congress and the American people to understand the degree to which the NSA has abused its authority and violated our constitutional rights,” Sanders wrote for the Guardian on Wednesday. “Now we must learn from the troubling revelations Mr. Snowden brought to light. Our intelligence and law enforcement agencies must be given the tools they need to protect us, but that can be done in a way that does not sacrifice our rights.” Pentagon Papers whistleblower Daniel Ellsberg, who co-founded the public interest journalism advocacy group Freedom of the Press Foundation, where Snowden is a board member, also wrote, “Ed Snowden should be freed of the legal burden hanging over him. They should remove the indictment, pardon him if that’s the way to do it, so that he is no longer facing prison.” Snowden faces charges under the Espionage Act after he released classified NSA files to media outlets in 2013 exposing the U.S. government’s global mass surveillance operations. He fled to Hong Kong, then Russia, where he has been living under political asylum for the past three years.
  • The Pardon Snowden campaign, supported by the American Civil Liberties Union (ACLU), Amnesty International, and Human Rights Watch (HRW), urgespeople around the world to write to Obama throughout his last four months in the White House.
  •  
    If you want to take part, the action page is at https://www.pardonsnowden.org/
Gonzalo San Gil, PhD.

Four Key Digital Challenges for the Music Industry in 2016 - Digital Music News - 0 views

  •  
    "This past year has been very eventful one for the music industry. The major debates centered on royalties, the freemium model and the place of YouTube in the industry. This piece takes a look at the main digital challenges for the industry over the course of 2016."
Gonzalo San Gil, PhD.

Mozilla 2016 Outlook: Promising Despite Funding, Competitive Woes - 0 views

  •  
    "For Mozilla, 2015 has been a year of large challenges, with a shift in funding sources and increasing competitive pressures across the desktop and mobile markets. The biggest challenges for Mozilla, however, are likely yet to come in 2016. One of the biggest challenges for Mozilla in 2015 and into 2016 is funding; 2015 is the first year in a decade that Mozilla didn't rely on Google for the vast majority of its revenue. Mozilla signed a five-year partnership deal with Yahoo at the end of 2014 that went into effect in 2015."
Paul Merrell

What to Do About Lawless Government Hacking and the Weakening of Digital Security | Ele... - 0 views

  • In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and "digital sabotage." And this is no abstract question—these actions increasingly endanger everyone’s security
  • The problem became especially clear this year during the San Bernardino case, involving the FBI’s demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an "outside party." Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw. Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones. Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI’s mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects.  That’s why we’re working on a positive agenda to confront governmental threats to digital security. Put more directly, we’re calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.  
  • Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it’s time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions. This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here.   
  •  
    "In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. "
  •  
    It's not often that I disagree with EFF's positions, but on this one I do. The government should be prohibited from exploiting computer vulnerabilities and should be required to immediately report all vulnerabilities discovered to the relevant developers of hardware or software. It's been one long slippery slope since the Supreme Court first approved wiretapping in Olmstead v. United States, 277 US 438 (1928), https://goo.gl/NJevsr (.) Left undecided to this day is whether we have a right to whisper privately, a right that is undeniable. All communications intercept cases since Olmstead fly directly in the face of that right.
Gonzalo San Gil, PhD.

Informe sobre el estado de la cultura en España 2016. La cultura como motor d... - 0 views

  •  
    "Miércoles 30 de marzo a las 19.00 h. Círculo de Bellas Artes de Madrid (Sala Valle Inclán). _______________________________________________________________________ La Fundación Alternativas le invita a la presentación del Informe sobre el Estado de la Cultura en España 2016: La cultura como motor del cambio. El acto se celebrará el 30 de marzo a las 19,00 h. en el Círculo de Bellas Artes de Madrid (sala Valle Inclán)."
  •  
    "Miércoles 30 de marzo a las 19.00 h. Círculo de Bellas Artes de Madrid (Sala Valle Inclán). _______________________________________________________________________ La Fundación Alternativas le invita a la presentación del Informe sobre el Estado de la Cultura en España 2016: La cultura como motor del cambio. El acto se celebrará el 30 de marzo a las 19,00 h. en el Círculo de Bellas Artes de Madrid (sala Valle Inclán)."
Paul Merrell

Microsoft Pitches Technology That Can Read Facial Expressions at Political Rallies - 1 views

  • On the 21st floor of a high-rise hotel in Cleveland, in a room full of political operatives, Microsoft’s Research Division was advertising a technology that could read each facial expression in a massive crowd, analyze the emotions, and report back in real time. “You could use this at a Trump rally,” a sales representative told me. At both the Republican and Democratic conventions, Microsoft sponsored event spaces for the news outlet Politico. Politico, in turn, hosted a series of Microsoft-sponsored discussions about the use of data technology in political campaigns. And throughout Politico’s spaces in both Philadelphia and Cleveland, Microsoft advertised an array of products from “Microsoft Cognitive Services,” its artificial intelligence and cloud computing division. At one exhibit, titled “Realtime Crowd Insights,” a small camera scanned the room, while a monitor displayed the captured image. Every five seconds, a new image would appear with data annotated for each face — an assigned serial number, gender, estimated age, and any emotions detected in the facial expression. When I approached, the machine labeled me “b2ff” and correctly identified me as a 23-year-old male.
  • “Realtime Crowd Insights” is an Application Programming Interface (API), or a software tool that connects web applications to Microsoft’s cloud computing services. Through Microsoft’s emotional analysis API — a component of Realtime Crowd Insights — applications send an image to Microsoft’s servers. Microsoft’s servers then analyze the faces and return emotional profiles for each one. In a November blog post, Microsoft said that the emotional analysis could detect “anger, contempt, fear, disgust, happiness, neutral, sadness or surprise.” Microsoft’s sales representatives told me that political campaigns could use the technology to measure the emotional impact of different talking points — and political scientists could use it to study crowd response at rallies.
  • Facial recognition technology — the identification of faces by name — is already widely used in secret by law enforcement, sports stadiums, retail stores, and even churches, despite being of questionable legality. As early as 2002, facial recognition technology was used at the Super Bowl to cross-reference the 100,000 attendees to a database of the faces of known criminals. The technology is controversial enough that in 2013, Google tried to ban the use of facial recognition apps in its Google glass system. But “Realtime Crowd Insights” is not true facial recognition — it could not identify me by name, only as “b2ff.” It did, however, store enough data on each face that it could continuously identify it with the same serial number, even hours later. The display demonstrated that capability by distinguishing between the number of total faces it had seen, and the number of unique serial numbers. Photo: Alex Emmons
  • ...2 more annotations...
  • Instead, “Realtime Crowd Insights” is an example of facial characterization technology — where computers analyze faces without necessarily identifying them. Facial characterization has many positive applications — it has been tested in the classroom, as a tool for spotting struggling students, and Microsoft has boasted that the tool will even help blind people read the faces around them. But facial characterization can also be used to assemble and store large profiles of information on individuals, even anonymously.
  • Alvaro Bedoya, a professor at Georgetown Law School and expert on privacy and facial recognition, has hailed that code of conduct as evidence that Microsoft is trying to do the right thing. But he pointed out that it leaves a number of questions unanswered — as illustrated in Cleveland and Philadelphia. “It’s interesting that the app being shown at the convention ‘remembered’ the faces of the people who walked by. That would seem to suggest that their faces were being stored and processed without the consent that Microsoft’s policy requires,” Bedoya said. “You have to wonder: What happened to the face templates of the people who walked by that booth? Were they deleted? Or are they still in the system?” Microsoft officials declined to comment on exactly what information is collected on each face and what data is retained or stored, instead referring me to their privacy policy, which does not address the question. Bedoya also pointed out that Microsoft’s marketing did not seem to match the consent policy. “It’s difficult to envision how companies will obtain consent from people in large crowds or rallies.”
  •  
    But nobody is saying that the output of this technology can't be combined with the output of facial recognition technology to let them monitor you individually AND track your emotions. Fortunately, others are fighting back with knowledge and tech to block facial recognition. http://goo.gl/JMQM2W
Gonzalo San Gil, PhD.

Cybersecurity law given thumbs up by European Union's ministers | Ars Technica UK - 0 views

  •  
    "Former adoption paves way for legislation at national level within next two years. by Jennifer Baker - May 17, 2016 1:47pm CEST"
  •  
    "Former adoption paves way for legislation at national level within next two years. by Jennifer Baker - May 17, 2016 1:47pm CEST"
Gonzalo San Gil, PhD.

Apple Stole My Music. No, Seriously. | vellumatlanta - 1 views

  •  
    "May 4, 2016 / jamespinkstone "The software is functioning as intended," said Amber. "Wait," I asked, "so it's supposed to delete my personal files from my internal hard drive without asking my permission?" "Yes," she replied."
  •  
    "May 4, 2016 / jamespinkstone "The software is functioning as intended," said Amber. "Wait," I asked, "so it's supposed to delete my personal files from my internal hard drive without asking my permission?" "Yes," she replied."
Gonzalo San Gil, PhD.

US gov't: Someone gave us the passcode to locked iPhone, so we don't need Apple | Ars T... - 1 views

  •  
    "In February, judge warned of "virtually limitless expansion" of US gov't authority. by Cyrus Farivar (US) - Apr 23, 2016 5:54pm CEST"
  •  
    "In February, judge warned of "virtually limitless expansion" of US gov't authority. by Cyrus Farivar (US) - Apr 23, 2016 5:54pm CEST"
Gonzalo San Gil, PhD.

OK, panic-newly evolved ransomware is bad news for everyone | Ars Technica UK - 0 views

  •  
    "Crypto-ransomware has turned every network intrusion into a potential payday. by Sean Gallagher (US) - Apr 9, 2016 9:55am CEST"
  •  
    "Crypto-ransomware has turned every network intrusion into a potential payday. by Sean Gallagher (US) - Apr 9, 2016 9:55am CEST"
Gonzalo San Gil, PhD.

Ardour 5.0 Open Source DAW Officially Released with Tabbed User Interface - 0 views

  •  
    "Now available for GNU/Linux, Mac OS X, and Windows OSes Aug 12, 2016 18:40 GMT · By Marius Nestor · Share: Currently one of the best cross-platform, open-source and freely distributed DAW (Digital Audio Workstation) software pieces, Ardour has received today, August 12, 2016, a major milestone that introduces a multitude of new features and countless improvements."
Gonzalo San Gil, PhD.

TCP Flaw Opens Linux Systems to Hijackers | Software | LinuxInsider - 0 views

  •  
    "By Richard Adhikari Aug 11, 2016 4:09 PM PT A flaw in the RFC 5961 specification the Internet Engineering Task Force developed to protect TCP against blind in-window attacks could threaten Android smartphones, as well as every Linux computer on the planet. [*Correction - Aug. 12, 2016]"
Gonzalo San Gil, PhD.

Cultivating a Culture of Knowledge Sharing - Creative Commons - 0 views

  •  
    "Fiona MacAlister September 1, 2016 In March we hosted the second Institute for Open Leadership. In our summary of the event we mentioned that the Institute fellows would be taking turns to write about their open policy projects. This week's post is from Fiona MacAlister, OER Specialist at Wits University in Johannesburg, South Africa."
  •  
    "Fiona MacAlister September 1, 2016 In March we hosted the second Institute for Open Leadership. In our summary of the event we mentioned that the Institute fellows would be taking turns to write about their open policy projects. This week's post is from Fiona MacAlister, OER Specialist at Wits University in Johannesburg, South Africa."
Gonzalo San Gil, PhD.

http://www.linux-server-security.com/linux_servers_howtos/linux_monitor_network_nload.html - 0 views

  •  
    "©2016 Chris Binnie On a continually changing network it is often difficult to spot issues due to the amount of noise generated by expected network traffic. Even when communications are seemingly quiet a packet sniffer will display screeds of noisy data. That data might be otherwise unseen broadcast traffic being sent to all hosts willing to listen and respond on a local network. Make no mistake, noise on a network link can cause all sorts of headaches because it can be impossible to identify trends quickly, especially if a host or the network itself is under attack. Packet sniffers will clearly display more traffic for the busiest connections which ultimately obscures the activities of less busy hosts."
  •  
    "©2016 Chris Binnie On a continually changing network it is often difficult to spot issues due to the amount of noise generated by expected network traffic. Even when communications are seemingly quiet a packet sniffer will display screeds of noisy data. That data might be otherwise unseen broadcast traffic being sent to all hosts willing to listen and respond on a local network. Make no mistake, noise on a network link can cause all sorts of headaches because it can be impossible to identify trends quickly, especially if a host or the network itself is under attack. Packet sniffers will clearly display more traffic for the busiest connections which ultimately obscures the activities of less busy hosts."
Gonzalo San Gil, PhD.

Net Neutrality: BEREC's "consultation" (or the discouragement policy) | La Quadrature d... - 0 views

  •  
    "Submitted on 7 Jun 2016 - 15:25 Net neutrality telecoms package press release Printer-friendly version Français Paris, 7 June 2016 - BEREC1 just published its draft guidelines that aims at clarifying the telecoms regulation2 and therefore the net neutrality. After secret negotiations between the national regulators (ARCEP in France) within BEREC it seems that nothing was put in place in order to facilitate the consultation process. La Quadrature du Net calls on all Internet users who care about a strong defense of net neutrality to join and to respond together to this consultation."
Gonzalo San Gil, PhD.

The benefits of getting involved in tech communities | Ginny Ghezzo | Opensource.com - 0 views

  •  
    "Great Wide Open 2016 lightning talks: Ginny Ghezzo A common piece of advice thrown around in tech circles is to "get involved," but what does that mean, exactly?"
  •  
    "Great Wide Open 2016 lightning talks: Ginny Ghezzo A common piece of advice thrown around in tech circles is to "get involved," but what does that mean, exactly?"
1 - 20 of 359 Next › Last »
Showing 20 items per page