Skip to main content

Home/ Open Web/ Group items tagged mobile-devices

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Google confirms that advanced backdoor came preinstalled on Android devices | Ars Technica - 0 views

arstechnica.com/...ed-backdoor-on-android-devices

malware backdoors Android

shared by Paul Merrell on 07 Jun 19 - No Cached
  • Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday. Triada first came to light in 2016 in articles published by Kaspersky here and here, the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered. Once installed, Triada's chief purpose was to install apps that could be used to send spam and display ads. It employed an impressive kit of tools, including rooting exploits that bypassed security protections built into Android and the means to modify the Android OS' all-powerful Zygote process. That meant the malware could directly tamper with every installed app. Triada also connected to no fewer than 17 command and control servers. In July 2017, security firm Dr. Web reported that its researchers had found Triada built into the firmware of several Android devices, including the Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. The attackers used the backdoor to surreptitiously download and install modules. Because the backdoor was embedded into one of the OS libraries and located in the system section, it couldn't be deleted using standard methods, the report said. On Thursday, Google confirmed the Dr. Web report, although it stopped short of naming the manufacturers. Thursday's report also said the supply chain attack was pulled off by one or more partners the manufacturers used in preparing the final firmware image used in the affected devices.
Gary Edwards

GSA picks Google Apps: What it means | ZDNet - 0 views

www.zdnet.com/...561

cloud-computing google-apps sursen

shared by Gary Edwards on 06 Dec 10 - No Cached
  • Gary Edwards on 06 Dec 10
     
    The General Services Administration made a bold decision to move its email and collaboration systems to the cloud.  This is a huge win for cloud-computing, but perhaps should have been expected since last week the Feds announced a new requisition and purchase mandate that cloud-computing had to be the FIRST consideration for federal agency purchases.  Note that the General Services Administration oversees requisitions and purchases for all Federal agencies!  This is huge.  Estimated to be worth $8 billion to cloud-computing providers. The cloud-computing market is estimated to be $30 Billion, but Gartner did not anticipate or expect Federal Agencies to embrace cloud-computing let alone issue a mandate for it.   In the RFP issued last June, it was easy to see their goals in the statement of objectives: This Statement of Objectives (SOO) describes the goals that GSA expects to achieve with regard to the 1. modernization of its e-mail system; 2. provision of an effective collaborative working environment; 3. reduction of the government's in-house system maintenance burden by providing related business, technical, and management functions; and 4. application of appropriate security and privacy safeguards. GSA announced yesterday that they choose Google Apps for email and collaboration and Unisys as the implementation partner. So what does this mean? What it means (WIM) #1: GSA employees will be using a next-generation information workplace. And that means mobile, device-agnostic, and location-agile. Gmail on an iPad? No problem. Email from a home computer? Yep. For GSA and for every other agency and most companies, it's important to give employees the tools to be productive and engage from every location on every device. "Work becomes a thing you do and not a place you go." [Thanks to Earl Newsome of Estee Lauder for that quote.] WIM #2: GSA will save 50% of the cost of email over five years. This is also what our research on the cost of email o
Gary Edwards

Pugpig: iPhone, iPad HTML Reader That Feels Like a Native App - 0 views

www.cmswire.com/...s-like-a-native-app-011590.php

pugpig visually-immersive html5-reader

shared by Gary Edwards on 16 Jun 11 - No Cached
  • Gary Edwards on 16 Jun 11
     
    Open Source framework for building visually-immersive mobile ready magazines in HTML5-CSS3-JavaScript. excerpt:  Pugpig is an open source framework that enables you to publish HTML5 content in the form of a magazine, book or newspaper to iPhone and iPad devices. It's slick and feels like you are using a native app (we tested the it on the iPad) Pugpig is an HTML reader for iOS. It's basically a hybrid - part native application, part web app, designed to prove that you can have an HTML-based app that feels like it's native. Your app sits on top of the Pugpig framework. It can be customized and extended. For example, you can link to your own data source, change the navigation and look and feel. It can also be multi-lingual - for example, the sample app I tested leverages the AJAX API for the Microsoft Translator. Additional Pugpig benefits are its low memory footprint and ability to store a lot magazine/newspaper editions within the device, for easy offline viewing. You can offer your app in either the App Store or the new iOS 5 Newsstand (integration with the framework is in progress now).
malwaresecurity

What is BYOD and How to Implement a BYOD Policy? - 1 views

bit.ly/2FUWGn4

Byod

shared by malwaresecurity on 28 Jan 19 - No Cached
  • malwaresecurity on 28 Jan 19
     
    #BYOD today is becoming more prevalent as people now own their own mobile computing devices and also tend to get attached to a particular type of device or OS.
  • malwaresecurity on 28 Jan 19
     
    Free Download MDM Software http://bit.ly/2G5CFJY
Paul Merrell

Mozilla Developers Testing Mobile OS - HotHardware - 0 views

hothardware.com/...a-Developers-Testing-Mobile-OS

Mozilla web OS B2G boot to Gecko

shared by Paul Merrell on 08 Nov 11 - No Cached
  • Mozilla has been experimenting with an interesting idea called Boot 2 Gecko. Essentially, B2G (as it’s called) is a mobile operating system based on the Web, as opposed to what the project’s wiki calls “proprietary, single-vendor stacks”. Mozilla has something there--open Web technologies indeed increasingly provide an intriguing platform for lots of things, mobile and otherwise. The developers on the B2G project are looking at the following areas: New web APIs: build prototype APIs for exposing device and OS capabilities to content (Telephony, SMS, Camera, USB, Bluetooth, NFC, etc.) Privilege model: making sure that these new capabilities are safely exposed to pages and applications Booting: prototype a low-level substrate for an Android-compatible device Applications: choose and port or build apps to prove out and prioritize the power of the system
Gary Edwards

Run iPhone Apps Directly From Your Browser With Pieceable Viewer - 0 views

techcrunch.com/...pieceable-viewer

iPhone cloud-computing

shared by Gary Edwards on 12 Apr 11 - No Cached
  • Gary Edwards on 12 Apr 11
     
    Developers can publish their apps directly to the service and the Pieceable team will create a web page that displays a fully functional copy of the app. Developers or anyone who needs to share an app can then send a link to whomever they'd like to give the demo to. "It ends up being the easiest way ever to share an iPhone app on the web," CEO Fred Potter tells me. "There's no UDID exchange, there's no worry about the 100-device limit Apple places on dev accounts - it's zero friction and hassle." Using Flash to simulate the app's functionality, Pieceable Viewer works without any code modifications on the developer's side, "It's literally a one line command to publish an existing app to the viewer service," says Potter. But Pieceable Viewer isn't Pieceable's core product. The company itself, in the same space as Mobile Roadie and AppMakr, aims to be a WordPress for mobile platforms, helping people write apps even if they don't know how to code.
Paul Merrell

Join Opera's journey to reinvent the Web - 1 views

www.opera.com/...23

Opera Opera Unite content sharing

shared by Paul Merrell on 24 Nov 09 - No Cached
  • Opera today released Opera 10.10 with Opera Unite, a powerful technology for personal content sharing directly between all your devices. Opera Unite is available as a standard feature in Opera 10.10, available free from www.opera.com.To mark this release, Opera is inviting the world to join our journey to reinvent the Web. By wrapping both a Web browser and a Web server into one package, Opera Unite challenges the conventional, semi-private methods of sharing the content that really matters to people everywhere."We promised Opera Unite would reinvent the Web," said Jon von Tetzchner, CEO, Opera. "What we are really doing is reinventing how we as consumers interact with the Web. By giving our devices the ability to serve content, we become equal citizens on the Web. In an age where we have ceded control of our personal data to third-parties, Opera Unite gives us the freedom to choose how we will share the data that belongs to us."
  • Paul Merrell on 24 Nov 09
     
    Playing with the software now. Unite is a cloud integration, with a directory on your system identified as a directory to be shared with the cloud storage. Haven't really got into it yet, but I see options to keep the data in the folder private, to share it with those who know the password, and to publish the directory to the world. There are roughly 25 Unite applications not discussed in the press release here. http://unite.opera.com/applications/ My first thought was that Google will have to respond in kind, while Microsoft --- which doesn't get the power of "free" --- will respond but with a less generous offering.
  • Paul Merrell on 24 Nov 09
     
    Opps. I was wrong. There is no online storage. It is as stated in the press release, an integration of a server with the Opera browser. The shared content is served by the local machine. Which means that the local machine must be running in order for others to access the shared content. But according to the Unite FAQ, this also means that there are only practical limits on the amount of content shared, e.g., hard disk capacity and bandwidth. Why bother with setting up a LAN or VPN if you can share files over the internet using Opera? And how will Google and Microsoft respond?
Paul Merrell

NSA Spying Inspires ProtonMail 'End-to-End' Encrypted Email Service | NDTV Gadgets - 0 views

gadgets.ndtv.com/...encrypted-email-service-526769

surveillance state secure-email ProtonMail

shared by Paul Merrell on 20 May 14 - No Cached
  • ne new email service promising "end-to-end" encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures.A major catalyst for email encryption were revelations about widespread online surveillance in documents leaked by Edward Snowden, the former National Security Agency contractor."A lot of people were upset with those revelations, and that coalesced into this effort," said Jason Stockman, a co-developer of ProtonMail, a new encrypted email service which launched Friday with collaboration of scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.Stockman said ProtonMail aims to be as user-friendly as the major commercial services, but with extra security, and with its servers located in Switzerland to make it more difficult for US law enforcement to access.
  • By locating in Switzerland, ProtonMail hopes to avoid the legal woes of services like Lavabit widely believed to be used by Snowden which shut down rather than hand over data to the US government, and which now faces a contempt of court order.Even if a Swiss court ordered data to be turned over, Stockman said, "we would hand over piles of encrypted data. We don't have a key. We never see the password."
  • As our users from China, Iran, Russia, and other countries around the world have shown us in the past months, ProtonMail is an important tool for freedom of speech and we are happy to finally be able to provide this to the whole world," the company said in a blog post.Google and Yahoo recently announced efforts to encrypt their email communications, but some specialists say the effort falls short."These big companies don't want to encrypt your stuff because they spy on you, too," said Bruce Schneier, a well-known cryptographer and author who is chief technology officer for CO3 Systems."Hopefully, the NSA debate is creating incentives for people to build more encryption."Stockman said that with services like Gmail, even if data is encrypted, "they have the key right next to it if you have the key and lock next to each other, so it's pretty much useless."
  • ...3 more annotations...
  • "Our vision is to make encryption and privacy mainstream by making it easy to use," Stockman told AFP. "There's no installation. Everything happens behind the scenes automatically."Even though email encryption using special codes or keys, a system known as PGP, has been around for two decades, "it was so complicated," and did not gain widespread adoption, Stockman said.After testing over the past few months, ProtonMail went public Friday using a "freemium" model a basic account will be free with some added features for a paid account.
  • Lavabit founder Ladar Levison meanwhile hopes to launch a new service with other developers in a coalition known as the "Dark Mail Alliance."Levison told AFP he hopes to have a new encrypted email system in testing within a few months and widely available later this year."The goal is to make it ubiquitous, so people don't have to turn it on," he said.But he added that the technical hurdles are formidable, because the more user-friendly the system becomes, "the more susceptible it is to a sophisticated attacker with fake or spoofed key information."Levison said he hopes Dark Mail will become a new open standard that can be adopted by other email services.
  • on Callas, a cryptographer who developed the PGP standard and later co-founded the secure communications firm Silent Circle, cited challenges in making a system that is both secure and ubiquitous."If you are a bank you have to have an email system that complies with banking regulations," Callas told AFP, which could allow, for example, certain emails to be subject to regulatory or court review."Many of the services on the Internet started with zero security. We want to start with a system that is totally secure and let people dial it down."The new email system would complement Silent Circle's existing secure messaging system and encrypted mobile phone, which was launched earlier this year."If we start competing for customers on the basis of maximum privacy, that's good for everybody," Callas said.
  • Paul Merrell on 20 May 14
     
    They're already so swamped that you have to reserve your user name and wait for an invite. They say they have to add servers. Web site is at https://protonmail.ch/ "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones. It's as simple as visiting our site and logging in. There are no plugins or apps to install - simply use your favorite web browser." "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones.
Paul Merrell

Comcast is turning your Xfinity router into a public Wi-Fi hotspot - Dwight Silverman's... - 0 views

blog.seattlepi.com/...er-into-a-public-wi-fi-hotspot

broadband roll-out wireless-hotspots Comcast

shared by Paul Merrell on 10 Jun 14 - No Cached
  • Some time on Tuesday afternoon, about 50,000 Comcast Internet customers in Houston will become part of a massive public Wi-Fi hotspot network, a number that will swell to 150,000 by the end of June. Comcast will begin activating a feature in its Arris Touchstone Telephony Wireless Gateway Modems that sets up a public Wi-Fi hotspot alongside a residential Internet customer’s private home network. Other Comcast customers will be able to log in to the hotspots for free using a computer, smartphone or other mobile device. And once they log into one, they’ll be automatically logged in to others when their devices “see” them. Comcast says the hotspot – which appears as “xfinitywifi” to those searching for a Wi-Fi connection – is completely separate from the home network. Someone accessing the Net through the hotspot can’t get to the computers, printers, mobile devices, streaming boxes and more sitting on the host network. Comcast officials also say that people using the Internet via the hotspot won’t slow down Internet access on the home network. Additional capacity is allotted to handle the bandwidth. You can read more about Comcast’s reason for doing this in my report on HoustonChronicle.com.
  • What’s interesting about this move is that, by default, the feature is being turned on without its subscribers’ prior consent. It’s an opt-out system – you have to take action to not participate. Comcast spokesman Michael Bybee said on Monday that notices about the hotspot feature were mailed to customers a few weeks ago, and email notifications will go out after it’s turned on. But it’s a good bet that this will take many Comcast customers by surprise. If you have one of these routers and don’t want to host a public Wi-Fi hotspot, here’s how to turn it off.
  • The additional capacity for public hotspot users is provided through a separate channel on the modem called a “service flow,” according to Comcast. But the speed of the connection reflects the tier of the subscriber hosting the hotspot. For example, if you connect to a hotspot hosted by a home user with a 25-Mbps connection, it will be slower than if you connect to a host system on the 50-Mbps tier.
  • Paul Merrell on 10 Jun 14
     
    I didn't see this one coming. I've got a Comcast account and their Arris Gateway modem. In our area, several coffeehouses, etc., that already offered free wireless connections are now broadcasting Comcast Xfinity wireless. So I'm guessing that this is a planned rollout nationwide. 
Paul Merrell

Researchers tout electricity storage technology that could recharge devices in minutes - 0 views

www.networkworld.com/...could-recharge-devices-minutes

mobile devices power-source batteries capacitors supercapacitors

shared by Paul Merrell on 24 Oct 13 - No Cached
  • Vanderbilt University researchers say they have come up with a way to store electricity on a silicon-based supercapacitor that would let mobile phones recharge in seconds and let them continue to operate for weeks without recharging.
Gary Edwards

Why Android Smartphone Apps Are About to Improve: Mobile Technology News « - 0 views

gigaom.com/...hone-apps-are-about-to-improve

mobile-apps android-apps fragment-design google-apps

shared by Gary Edwards on 04 Mar 11 - No Cached
  • Gary Edwards on 04 Mar 11
     
    Google's Honeycomb operating system is specifically optimized for large-screened tablets, but the first bits of the new platform are starting to now filter down into Android smartphones. The Android Developer Blog notes the release of an "Android Compatibility Package" that includes a new Fragments API for developers building software for Android 1.6 and up. Fragments are a key element for Honeycomb tablets such as Motorola's Xoom, as they allow for multiple windows of activity on the device display, which can greatly increase the usability of an app.
Gary Edwards

Google's Enterprise Vision: Mobile First, In the Cloud - 0 views

www.readwriteweb.com/...les-enterprise-vision-mobi.php

cloud-computing cloud-productivity cloud-collaboration

shared by Gary Edwards on 12 Jun 11 - No Cached
  • Gary Edwards on 12 Jun 11
     
    Google "Innovation Nation" Conference in Washington, DC had an interesting conversation thread; that the move to Cloud Computing embraces a move for individual productivity to group productivity.  Not sure i agree with that.  The Windows Desktop-WorkGroup Productivity environment has dominated business since 1992.  Maybe Google might instead focus on the limited access of desktop workgroups and the fact that productivity was horribly crippled by the the PC's lack of communication.  The Web/Cloud magically combines and integrates communication with content and computation.  This is what makes cloud collaboration a genuine leap in productivity - no matter what the discipline.  Here's a question for Google: What's the productivity difference between desktop collaboration and cloud-collaboration? excerpt:  The meeting is the staple of corporate life. The whole day revolves around when a meeting will be, who will be there and what needs to be discussed. Yet, is this rote practice may have become counter-productive in today's world of the always on, always connected workplace. Google's enterprise vision is to leverage mobility and the cloud to change the fundamental way people work. Workforce productivity used to be about how you can optimize individual output. Take all those individuals, put their output together and have a meeting to sort it all out. Google thinks that by putting all that functionality into a cloud environment, workers can use whatever device they want and always be working as a group towards on the mission. A faster, more secure, more cost efficient workplace will be the result. "The main message is that to be an effective [enterprise], we need to change from individual productivity to group productivity,"
Paul Merrell

HART: Homeland Security's Massive New Database Will Include Face Recognition, DNA, and ... - 0 views

www.eff.org/...clude-face-recognition-dna-and

surveillance state DHS facial-recognition HART-database

shared by Paul Merrell on 11 Jun 18 - No Cached
  • The U.S. Department of Homeland Security (DHS) is quietly building what will likely become the largest database of biometric and biographic data on citizens and foreigners in the United States. The agency’s new Homeland Advanced Recognition Technology (HART) database will include multiple forms of biometrics—from face recognition to DNA, data from questionable sources, and highly personal data on innocent people. It will be shared with federal agencies outside of DHS as well as state and local law enforcement and foreign governments. And yet, we still know very little about it.The records DHS plans to include in HART will chill and deter people from exercising their First Amendment protected rights to speak, assemble, and associate. Data like face recognition makes it possible to identify and track people in real time, including at lawful political protests and other gatherings. Other data DHS is planning to collect—including information about people’s “relationship patterns” and from officer “encounters” with the public—can be used to identify political affiliations, religious activities, and familial and friendly relationships. These data points are also frequently colored by conjecture and bias.
  • DHS currently collects a lot of data. Its legacy IDENT fingerprint database contains information on 220-million unique individuals and processes 350,000 fingerprint transactions every day. This is an exponential increase from 20 years ago when IDENT only contained information on 1.8-million people. Between IDENT and other DHS-managed databases, the agency manages over 10-billion biographic records and adds 10-15 million more each week.
  • DHS’s new HART database will allow the agency to vastly expand the types of records it can collect and store. HART will support at least seven types of biometric identifiers, including face and voice data, DNA, scars and tattoos, and a blanket category for “other modalities.” It will also include biographic information, like name, date of birth, physical descriptors, country of origin, and government ID numbers. And it will include data we know to by highly subjective, including information collected from officer “encounters” with the public and information about people’s “relationship patterns.”
  • ...1 more annotation...
  • DHS’s face recognition roll-out is especially concerning. The agency uses mobile biometric devices that can identify faces and capture face data in the field, allowing its ICE (immigration) and CBP (customs) officers to scan everyone with whom they come into contact, whether or not those people are suspected of any criminal activity or an immigration violation. DHS is also partnering with airlines and other third parties to collect face images from travelers entering and leaving the U.S. When combined with data from other government agencies, these troubling collection practices will allow DHS to build a database large enough to identify and track all people in public places, without their knowledge—not just in places the agency oversees, like airports, but anywhere there are cameras.Police abuse of facial recognition technology is not a theoretical issue: it’s happening today. Law enforcement has already used face recognition on public streets and at political protests. During the protests surrounding the death of Freddie Gray in 2015, Baltimore Police ran social media photos against a face recognition database to identify protesters and arrest them. Recent Amazon promotional videos encourage police agencies to acquire that company’s face “Rekognition” capabilities and use them with body cameras and smart cameras to track people throughout cities. At least two U.S. cities are already using Rekognition.DHS compounds face recognition’s threat to anonymity and free speech by planning to include “records related to the analysis of relationship patterns among individuals.” We don’t know where DHS or its external partners will be getting these “relationship pattern” records, but they could come from social media profiles and posts, which the government plans to track by collecting social media user names from all foreign travelers entering the country.
Paul Merrell

MeeGo rebooted as Intel and Samsung launch new Tizen platform - 1 views

arstechnica.com/...-launch-new-tizen-platform.ars

mobile devices Intel Samsung MeeGo Tizen

shared by Paul Merrell on 29 Sep 11 - No Cached
  • The Linux Foundation and the LiMo Foundation issued a joint statement on Wednesday morning to announce the launch of Tizen, a new Linux-based open source mobile operating system. The platform's application stack and third-party developer frameworks will be built around standards-based Web technologies. The new Tizen website says that Intel and Samsung are jointly backing the effort. The new platform effort will displace the unsuccessful MeeGo project, an open source mobile operating system that was launched last year when Intel and Nokia sought to unify their respective mobile Linux platforms with the help of the Linux Foundation. MeeGo began to unravel when Nokia abandoned Linux in favor of Microsoft's Windows Phone 7 operating system.
Paul Merrell

Verizon Injecting Perma-Cookies to Track Mobile Customers, Bypassing Privacy Controls |... - 0 views

www.eff.org/...verizon-x-uidh

surveillance state Verizon X-UIDH tracker

shared by Paul Merrell on 04 Nov 14 - No Cached
  • Verizon users might want to start looking for another provider. In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users' web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors' web browsing habits without their consent.Verizon apparently created this mechanism to expand their advertising programs, but it has privacy implications far beyond those programs. Indeed, while we're concerned about Verizon's own use of the header, we're even more worried about what it allows others to find out about Verizon users. The X-UIDH header effectively reinvents the cookie, but does so in a way that is shockingly insecure and dangerous to your privacy. Worse still, Verizon doesn't let users turn off this "feature." In fact, it functions even if you use a private browsing mode or clear your cookies. You can test whether the header is injected in your traffic by visiting lessonslearned.org/sniff or amibeingtracked.com over a cell data connection.How X-UIDH Works, and Why It's a Problem
  • To compound the problem, the header also affects more than just web browsers. Mobile apps that send HTTP requests will also have the header inserted. This means that users' behavior in apps can be correlated with their behavior on the web, which would be difficult or impossible without the header. Verizon describes this as a key benefit of using their system. But Verizon bypasses the 'Limit Ad Tracking' settings in iOS and Android that are specifically intended to limit abuse of unique identifiers by mobile apps.
  • Because the header is injected at the network level, Verizon can add it to anyone using their towers, even those who aren't Verizon customers.
  • ...1 more annotation...
  • We're also concerned that Verizon's failure to permit its users to opt out of X-UIDH may be a violation of the federal law that requires phone companies to maintain the confidentiality of their customers' data. Only two months ago, the wireline sector of Verizon's business was hit with a $7.4 million fine by the Federal Communications Commission after it was caught using its "customers' personal information for thousands of marketing campaigns without even giving them the choice to opt out." With this header, it looks like Verizon lets its customers opt out of the marketing side of the program, but not from the disclosure of their browsing habits.
Paul Merrell

Feds Claim They Can Enter a House and Demand Fingerprints to Unlock Everyone's Phones - 0 views

gizmodo.com/d-demand-fingerprin-1787864265

surveillance state fingerprints phone-access search-warrants civil-liberties

shared by Paul Merrell on 18 Oct 16 - No Cached
  • Under the Fourth Amendment, Americans are protected from unreasonable searches and seizures, but according to one group of federal prosecutors, just being in the wrong house at the wrong time is cause enough to make every single person inside provide their fingerprints and unlock their phones.Back in 2014, a Virginia Circuit Court ruled that while suspects cannot be forced to provide phone passcodes, biometric data like fingerprints doesn’t have the same constitutional protection. Since then, multiple law enforcement agencies have tried to force individual suspects to unlock their phones with their fingers, but none have claimed the sweeping authority found in a Justice Department memorandum recently uncovered by Forbes.
  • In the court document filed earlier this year, federal prosecutors in California argued that a warrant for a mass finger-unlocking was constitutionally sound even though “the government does not know ahead of time the identity of every digital device or every fingerprint (or indeed, every other piece of evidence) that it will find in the search” because “it has demonstrated probable cause that evidence may exist at the search location.” Criminal defense lawyer Marina Medvin, however, disagreed. Advertisement Advertisement “They want the ability to get a warrant on the assumption that they will learn more after they have a warrant,” Medvin told Forbes. “This would be an unbelievably audacious abuse of power if it were permitted.”Unfortunately, other documents related to the case were not publicly available, so its unclear if the search was actually executed. Even so, Medvin believes the memorandum sets a deeply troubling precedent, using older case law regarding the collection of fingerprint evidence to request complete access to the “amazing amount of information” found on a cellphone.
Paul Merrell

Long-Secret Stingray Manuals Detail How Police Can Spy on Phones - 0 views

theintercept.com/...l-how-police-can-spy-on-phones

surveillance state Stingray documentation

shared by Paul Merrell on 15 Sep 16 - No Cached
  • Harris Corp.’s Stingray surveillance device has been one of the most closely guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet. Harris has fought to keep its surveillance equipment, which carries price tags in the low six figures, hidden from both privacy activists and the general public, arguing that information about the gear could help criminals. Accordingly, an older Stingray manual released under the Freedom of Information Act to news website TheBlot.com last year was almost completely redacted. So too have law enforcement agencies at every level, across the country, evaded almost all attempts to learn how and why these extremely powerful tools are being used — though court battles have made it clear Stingrays are often deployed without any warrant. The San Bernardino Sheriff’s Department alone has snooped via Stingray, sans warrant, over 300 times.
  • The documents described and linked below, instruction manuals for the software used by Stingray operators, were provided to The Intercept as part of a larger cache believed to have originated with the Florida Department of Law Enforcement. Two of them contain a “distribution warning” saying they contain “Proprietary Information and the release of this document and the information contained herein is prohibited to the fullest extent allowable by law.”  Although “Stingray” has become a catch-all name for devices of its kind, often referred to as “IMSI catchers,” the manuals include instructions for a range of other Harris surveillance boxes, including the Hailstorm, ArrowHead, AmberJack, and KingFish. They make clear the capability of those devices and the Stingray II to spy on cellphones by, at minimum, tracking their connection to the simulated tower, information about their location, and certain “over the air” electronic messages sent to and from them. Wessler added that parts of the manuals make specific reference to permanently storing this data, something that American law enforcement has denied doing in the past.
  • One piece of Windows software used to control Harris’s spy boxes, software that appears to be sold under the name “Gemini,” allows police to track phones across 2G, 3G, and LTE networks. Another Harris app, “iDen Controller,” provides a litany of fine-grained options for tracking phones. A law enforcement agent using these pieces of software along with Harris hardware could not only track a large number of phones as they moved throughout a city but could also apply nicknames to certain phones to keep track of them in the future. The manual describing how to operate iDEN, the lengthiest document of the four at 156 pages, uses an example of a target (called a “subscriber”) tagged alternately as Green Boy and Green Ben:
  • ...2 more annotations...
  • In order to maintain an uninterrupted connection to a target’s phone, the Harris software also offers the option of intentionally degrading (or “redirecting”) someone’s phone onto an inferior network, for example, knocking a connection from LTE to 2G:
  • A video of the Gemini software installed on a personal computer, obtained by The Intercept and embedded below, provides not only an extensive demonstration of the app but also underlines how accessible the mass surveillance code can be: Installing a complete warrantless surveillance suite is no more complicated than installing Skype. Indeed, software such as Photoshop or Microsoft Office, which require a registration key or some other proof of ownership, are more strictly controlled by their makers than software designed for cellular interception.
Gary Edwards

Electronic Imp: Former Apple, Google, Facebook engineers launch IoT startup - 2012-05-1... - 0 views

www.edn.com/...gineers_launch_IoT_startup.php

Electronic-Imp WiFi IOT Internet-of-Things

shared by Gary Edwards on 17 May 12 - No Cached
  • "We've put it in a user-installable module. The user buys the card and just plugs it into any device that has a slot," Fiennes explained." All a developer needs to do is add a socket and a 3-pin Atmel ID chip to their product. That's 75 cents: 30 cents for the ID chip and 45 cents for the socket." This assumes the availability of 3.3 V. "But given that most things you want to control from the Internet are electrical, we think that's reasonable," he said. If not, developers can include a battery.
  • Fiennes demonstrated a power adaptor with an Imp socket. He installed a card and an appropriately labeled block appeared in a browser window. Fiennes plugged in a chain of decorative lights and we clicked on the box on our browser. After clicking, the box text went from "off" to "on." Over Skype, we could see the lights had come on.Fiennes emphasized that control need not be manual and could be linked to other Internet apps such as weather reports, or to Electric Imp sensor nodes that monitor conditions such as humidity.A second example is an Electric Imp enabled passive infrared sensor. Fiennes demonstrated how it could be programmed to report the time and date of detected motion to a client's Web pages on the Electric Imp server. In turn, those pages could be programmed to send an alarm to a mobile phone. The alarm could also be triggered if no motion was detected, allowing the sensor to serve as a monitor for the elderly in their homes, for example. If there is no activity before 9 a.m., a message is sent to a caregiver.
  • The final example is an Electric Imp washing machine. Machine operation can be made conditional on a number of variables, including the price of electricity. "Every washing machine has microcontroller and that microcontroller has a lot of data," said Fiennes. "That data could be sent back to a washing machine service organization that could call the client up before the washing machine breaks down."
  • ...1 more annotation...
  • The cards will be on sale to developers by the end of June for $25 each and Electric Imp will also supply development kits that include a socket, ID chip and power connection on a small board for about $10. While these are intended for consumer electronics developers Electric Imp is happy to sell them to students and non-professional developers. "Hobbyists can play with it and tell us what they think."
  • Gary Edwards on 17 May 12
     
    Put Electronic Imp at the top of the "Technologies to watch" list.  Good stuff and great implementation - platform plan.   excerpt "We've put it in a user-installable module. The user buys the card and just plugs it into any device that has a slot," Fiennes explained." All a developer needs to do is add a socket and a 3-pin Atmel ID chip to their product. That's 75 cents: 30 cents for the ID chip and 45 cents for the socket." This assumes the availability of 3.3 V. "But given that most things you want to control from the Internet are electrical, we think that's reasonable," he said. If not, developers can include a battery. When the $25 card is installed in a slot and powered up, it will find the ID number and automatically transmit the information to Electric Imp's servers. Fiennes and his colleagues have written a virtual machine that runs under a proprietary embedded operating system on the node and looks for updates of itself on the Internet. SSL encryption is used for data security when transmitted over the link. ........
Paul Merrell

Cameron Calls June 23 EU Referendum as Cabinet Fractures - Bloomberg Business - 0 views

www.bloomberg.com/...m-on-eu-membership-for-june-23

surveillance state Apple iPhone hack FBI NSC

shared by Paul Merrell on 20 Feb 16 - No Cached
  • In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.
  • On Tuesday, the public got its first glimpse of what those efforts may look like when a federal judge ordered Apple to create a special tool for the FBI to bypass security protections on an iPhone 5c belonging to one of the shooters in the Dec. 2 terrorist attack in San Bernardino, California that killed 14 people. Apple Chief Executive Officer Tim Cook has vowed to fight the order, calling it a “chilling” demand that Apple “hack our own users and undermine decades of security advancements that protect our customers.” The order was not a direct outcome of the memo but is in line with the broader government strategy.White House spokesman Josh Earnest said Wednesday that the Federal Bureau of Investigation and Department of Justice have the Obama administration’s “full” support in the matter. The government is “not asking Apple to redesign its product or to create a new backdoor to their products,” but rather are seeking entry “to this one device,” he said.
« First ‹ Previous 41 - 60 of 100 Next › Last »
Showing 20 items per page