m Quec.lim's republished posts.http://quec.li/~m /NSA Classification ECI = Exceptionally Controlled Informationhttps://www.schneier.com/blog/archives/2014/10/nsa_classificat.htmltag:www.schneier.com,2014:/blog//2.6365Thu, 16 Oct 2014 07:22:00 -0400<p>ECI is a classification above Top Secret. It's for things that are so sensitive they're basically not written down, like the names of companies whose cryptography has been deliberately weakened by the NSA, or the names of agents who have infiltrated foreign IT companies.</p> <p>As part of the <i>Intercept</i> <a href="https://firstlook.org/theintercept/2014/10/10/core-secrets/">story</a> on the NSA's using agents to infiltrate foreign companies and networks, it published a <a href="https://firstlook.org/theintercept/?p=6630">list of ECI compartments</a>. It's just a list of code names and three-letter abbreviations, along with the <a href="https://en.wikipedia.org/wiki/National_Security_Agency#Structure">group</a> <a href="http://www.matthewaid.com/post/58339598875/organizational-structure-of-the-national-security">inside</a> the NSA that is responsible for them. The descriptions of what they all mean would <i>never</i> be in a computer file, so it's only of value to those of us who like code names.</p> <p>This designation is why there have been no documents in the Snowden archive listing specific company names. They're all referred to by these ECI code names.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.6365The Ruleshttp://dandreamsofcoding.com/2014/10/13/the-rules/http://dandreamsofcoding.com/?p=2311Mon, 13 Oct 2014 09:00:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fdandreamsofcoding.com%2Ffeed%2F&entry=http%3A%2F%2Fdandreamsofcoding.com%2F%3Fp%3D2311Online Activism and the Computer Fraud and Abuse Acthttps://www.schneier.com/blog/archives/2014/10/online_activism.htmltag:www.schneier.com,2014:/blog//2.6360Fri, 10 Oct 2014 13:31:00 -0400<p>Good <a href="http://boingboing.net/2014/09/26/fuckthecfaa.html">essay</a> by Molly Sauter: basically, there is no legal avenue for activism and protest on the Internet.</p> <p>Also note Sauter's new book, <a href="http://www.amazon.com/The-Coming-Swarm-Hacktivism-Disobedience/dp/1623564565"><i>The Coming Swarm</i></a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.6360California regulators ruin sofa shopping in Massachusettshttp://blogs.law.harvard.edu/philg/2014/10/10/california-regulators-ruin-sofa-shopping-in-massachusetts/http://blogs.law.harvard.edu/philg/?p=6349Fri, 10 Oct 2014 12:08:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6349The Sake of Argumenthttp://xkcd.com/1432/http://xkcd.com/1432/Fri, 10 Oct 2014 00:00:00 -0400<img src="http://imgs.xkcd.com/comics/the_sake_of_argument.png" title="'It's not actually ... it's a DEVICE for EXPLORING a PLAUSIBLE REALITY that's not the one we're in, to gain a broader understanding about it.' 'oh, like a boat!' '...' 'Just for the sake of argument, we should get a boat! You can invite the Devil, too, if you want.'" alt="'It's not actually ... it's a DEVICE for EXPLORING a PLAUSIBLE REALITY that's not the one we're in, to gain a broader understanding about it.' 'oh, like a boat!' '...' 'Just for the sake of argument, we should get a boat! You can invite the Devil, too, if you want.'" />http://quec.li/EntryComments?feed=http%3A%2F%2Fxkcd.com%2Frss.xml&entry=http%3A%2F%2Fxkcd.com%2F1432%2FUSB Cufflinkshttps://www.schneier.com/blog/archives/2014/10/usb_cufflinks.htmltag:www.schneier.com,2014:/blog//2.6357Thu, 09 Oct 2014 08:12:00 -0400<p>Just the thing for <a href="http://www.dalys1895.com/designer/dalys/dalys1895-silver-rectangular-usb-16gb-cufflinks.html">smuggling data</a> out of secure locations.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.6357Portrait Photography then and nowhttp://blogs.law.harvard.edu/philg/2014/10/07/portrait-photography-then-and-now/http://blogs.law.harvard.edu/philg/?p=6339Tue, 07 Oct 2014 16:42:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6339iPhone Encryption and the Return of the Crypto Warshttps://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.htmltag:www.schneier.com,2014:/blog//2.6353Mon, 06 Oct 2014 07:50:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.6353William Binney Explains NSA Surveillance Using Snowden's Documentshttps://www.schneier.com/blog/archives/2014/10/william_binney_.htmltag:www.schneier.com,2014:/blog//2.6348Fri, 03 Oct 2014 07:59:00 -0400<p>Former NSA employee -- not technical director, as the link says -- <a href="http://www.alexaobrien.com/secondsight/wb/binney.html">explains</a> how NSA bulk surveillance works, using some of the Snowden documents. Very interesting.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.6348The 20f1.8 ? WOW!http://www.moosepeterson.com/blog/2014/10/03/the-20f1-8-wow/http://www.moosepeterson.com/blog/?p=36452Fri, 03 Oct 2014 07:30:00 -0400<p><a href="http://www.moosepeterson.com/blog/wp-content/uploads/2014/10/DLCGCSR5949.jpg" rel="lightbox[36452]"><img src="http://www.moosepeterson.com/blog/wp-content/uploads/2014/10/DLCGCSR5949.jpg" alt="DLCGCSR5949" width="800" height="534" class="aligncenter size-full wp-image-36453" /></a></p> <p>The Grand Canyon is simply, breath taking! But the photo Gods haven&#8217;t been really kind to us, bald skies. This limits our shooting hours in the morning to less than an hour. Not really an issue, plenty to shoot and it&#8217;s simply gorgeous. I shot the whole morning with just the <a href="http://www.bhphotovideo.com/c/product/1082599-REG/nikon_d750_dslr_camera_body.html/BI/8449/KBID/9350/kw/NID750/DFF/d10-v2-t1-xNID750" target="_blank">D750</a> and <a href="http://www.bhphotovideo.com/c/product/1082607-REG/nikon_20mm_f_1_8g_fx_lens.html/BI/8449/KBID/9350/kw/NI2018/DFF/d10-v2-t1-xNI2018" target="_blank">20f1.8AFS</a> and I&#8217;m blown away by the 20f1.8. I love the pattern its aperture creates for starbursts. I love its light weight but most of all, I LOVE its quality! Man, it&#8217;s a sharp lens!!!</p> <p><a href="http://www.moosepeterson.com/blog/wp-content/uploads/2014/10/DLCGCSR5972.jpg" rel="lightbox[36452]"><img src="http://www.moosepeterson.com/blog/wp-content/uploads/2014/10/DLCGCSR5972.jpg" alt="DLCGCSR5972" width="800" height="534" class="aligncenter size-full wp-image-36454" /></a></p> <p>And I&#8217;m talking sharp at f/1.8. Both of these photos were taken at f/1.8. F/1.8 for a landscape photo? Ya, f/1.8 for a landscape photo because the subject is at infinity and infinity has no depth of field. Now that fact won&#8217;t sit well with most but that&#8217;s the way it is. You don&#8217;t need to crank the aperture down to f/16 or more to have a sharp landscape photo. Just look above. And you don&#8217;t have to own the 20f1.8 or take my word to this fact. Just go shoot a subject at infinity and look for yourself. mtc</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.moosepeterson.com%2Fblog%2Ffeed%2Frss%2F&entry=http%3A%2F%2Fwww.moosepeterson.com%2Fblog%2F%3Fp%3D36452White House Securityhttp://blogs.law.harvard.edu/philg/2014/10/01/white-house-security/http://blogs.law.harvard.edu/philg/?p=6328Wed, 01 Oct 2014 20:55:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6328Breaking Bad Questionshttp://blogs.law.harvard.edu/philg/2014/09/24/breaking-bad-questions/http://blogs.law.harvard.edu/philg/?p=6294Wed, 24 Sep 2014 12:57:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6294DSA-3032 bash - security updatehttps://www.debian.org/security/2014/dsa-3032https://www.debian.org/security/2014/dsa-3032Tue, 23 Sep 2014 20:00:00 -0400<p>Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell.</p>http://quec.li/EntryComments?feed=https%3A%2F%2Fwww.debian.org%2Fsecurity%2Fdsa-long&entry=https%3A%2F%2Fwww.debian.org%2Fsecurity%2F2014%2Fdsa-3032Fake Cell Phone Towers Across the UShttps://www.schneier.com/blog/archives/2014/09/fake_cell_phone.htmltag:www.schneier.com,2014:/blog//2.5958Fri, 19 Sep 2014 07:11:00 -0400<p>Earlier this month, <a href="http://www.wired.com/2014/09/cryptophone-firewall-identifies-rogue-cell-towers/">there</a> <a href="http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls">were</a> <a href="http://io9.com/fake-cell-phone-towers-could-be-taking-control-of-your-1630378142">a</a> <a href="http://gizmodo.com/phony-cell-towers-could-be-intercepting-your-data-1629478616">bunch</a> <a href="http://venturebeat.com/2014/09/02/who-is-putting-up-interceptor-cell-towers-the-mystery-deepens/">of</a> <a href="https://news.ycombinator.com/item?id=8264540">stories</a> about fake cell phone towers discovered around the US These seems to be ISMI catchers, like Harris Corporation's <a href="http://www.extremetech.com/mobile/184597-stingray-the-fake-cell-phone-tower-cops-and-providers-use-to-track-your-every-move">Stingray</a>, and are used to capture location information and potentially phone calls, text messages, and smart-phone Internet traffic. A couple of days ago, the <i>Washington Post</i> ran <a href="http://www.washingtonpost.com/world/national-security/researchers-try-to-pull-back-curtain-on-surveillance-efforts-in-washington/2014/09/17/f8c1f590-3e81-11e4-b03f-de718edeb92f_story.html">a story</a> about fake cell phone towers in politically interesting places around Washington DC. In both cases, researchers used by security software that's part of CryptoPhone from the German company GSMK. And in both cases, we don't know who is running these fake cell phone towers. Is it the US government? A foreign government? Multiple foreign governments? Criminals?</p> <p>This is the problem with building an infrastructure of surveillance: you can't regulate who gets to use it. The FBI has been protecting Stingray like its an enormous secret, but it's <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2437678">not a secret anymore</a>. We are all vulnerable to everyone because the NSA wanted us to be vulnerable to them.</p> <p>We have one infrastructure. We can't choose a world where the US gets to spy and the Chinese don't. We get to choose a world where everyone can spy, or a world where no one can spy. We can be secure from everyone, or vulnerable to anyone. And I'm tired of us choosing surveillance over security.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5958Payment for surrogate mothershttp://blogs.law.harvard.edu/philg/2014/09/18/payment-for-surrogate-mothers/http://blogs.law.harvard.edu/philg/?p=6280Thu, 18 Sep 2014 10:07:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6280Aerials of New York with the World Trade Centerhttp://aboutphotography-tomgrill.blogspot.com/2014/09/aerials-of-new-york-with-world-trade.htmltag:blogger.com,1999:blog-8331638045168087261.post-6962061277375973270Thu, 18 Sep 2014 08:20:00 -0400Last night I did some helicopter aerials of lower Manhattan at sunset. Haven't had time to process them yet, but decided to begin this post, and will add to it later. <br /><br /><br /><div><a href="http://1.bp.blogspot.com/-VnUatEndTOY/VBrNKklOTrI/AAAAAAAAPmw/xWu54eQWCu4/s1600/ti01077319bl.jpg" imageanchor="1"><img border="0" src="http://1.bp.blogspot.com/-VnUatEndTOY/VBrNKklOTrI/AAAAAAAAPmw/xWu54eQWCu4/s1600/ti01077319bl.jpg" /></a></div><br /><div></div><br /><div></div><div><a href="http://1.bp.blogspot.com/-NHdGql2GM-k/VBrNp2Tr_nI/AAAAAAAAPnE/zqZGXk4muP4/s1600/ti01077323bl.jpg" imageanchor="1"><img border="0" src="http://1.bp.blogspot.com/-NHdGql2GM-k/VBrNp2Tr_nI/AAAAAAAAPnE/zqZGXk4muP4/s1600/ti01077323bl.jpg" /></a></div><br />http://quec.li/EntryComments?feed=http%3A%2F%2Faboutphotography-tomgrill.blogspot.com%2Ffeeds%2Fposts%2Fdefault&entry=tag%3Ablogger.com%2C1999%3Ablog-8331638045168087261.post-6962061277375973270The Full Story of Yahoo's Fight Against PRISMhttps://www.schneier.com/blog/archives/2014/09/the_full_story_.htmltag:www.schneier.com,2014:/blog//2.5956Thu, 18 Sep 2014 08:13:00 -0400<p>In 2008 Yahoo <a href="http://gizmodo.com/the-nsa-was-going-to-fine-yahoo-250k-a-day-if-it-didnt-1633677548">fought</a> the NSA to avoid becoming part of the PRISM program. They eventually lost their court battle, and at one point were threatened with a $250,000 a day fine if they continued to resist. I am continually amazed at the extent of the government coercion.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5956Prices in the Good Old Dayshttp://blogs.law.harvard.edu/philg/2014/09/18/prices-in-the-good-old-days/http://blogs.law.harvard.edu/philg/?p=6278Thu, 18 Sep 2014 01:02:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6278Identifying Dread Pirate Robertshttps://www.schneier.com/blog/archives/2014/09/identifying_dre.htmltag:www.schneier.com,2014:/blog//2.5955Wed, 17 Sep 2014 15:30:00 -0400<p>According to court documents, Dread Pirate Roberts was identified because a CAPTCHA service used on the Silk Road login page <a href="http://krebsonsecurity.com/2014/09/dread-pirate-sunk-by-leaky-captcha/">leaked</a> the users' true location.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5955Tracking People From their Cellphones with an SS7 Vulnerabilityhttps://www.schneier.com/blog/archives/2014/09/tracking_people_3.htmltag:www.schneier.com,2014:/blog//2.5954Wed, 17 Sep 2014 08:15:00 -0400<p>What's interesting about <a href="http://www.washingtonpost.com/business/technology/for-sale-systems-that-can-secretly-track-where-cellphone-users-go-around-the-globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html">this story</a> is not that the cell phone system can track your location worldwide. That makes sense; the system has to know where you are. What's interesting about this story is that <i>anyone</i> can do it. Cyber-weapons arms manufacturers are selling the capability to governments worldwide, and <a href="http://berlin.ccc.de/~tobias/25c3-locating-mobile-phones.pdf">hackers</a> have demonstrated the capability.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5954Monica Chew: Making decisions with limited datahttp://monica-at-mozilla.blogspot.com/2014/09/making-decisions-with-limited-data.htmltag:blogger.com,1999:blog-2365489364368097756.post-5949559424013864686Wed, 10 Sep 2014 12:05:00 -0400It is challenging but possible to make decisions with limited data. For example, take the rollout saga of <a href="http://monica-at-mozilla.blogspot.com/2014/08/firefox-32-supports-public-key-pinning.html">public key pinning</a>.<br /><br />The <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=744204">first implementation of public key pinning</a> included enforcing pinning on addons.mozilla.org. In retrospect, this was a bad decision because it <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1005364">broke the Addons Panel</a> and <a href="http://telemetry.mozilla.org/#filter=nightly/32/CERT_PINNING_EVALUATION_RESULTS&amp;aggregates=multiselect-all!Submissions&amp;evoOver=Builds&amp;locked=true&amp;sanitize=true&amp;renderhistogram=Table">generated pinning warnings 86% of the time</a>. As it turns out, the pinset was <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1005364">missing some Verisign certificates</a> used by services.addons.mozilla.org, and the pinning enforcement on addons.mozilla.org included subdomains. Having more data lets us avoid bad decisions.<br /><br />To enable safer rollouts, we implemented a <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=772756">test mode for pinning</a>. In test mode, pinning violations are counted but not enforced. With sufficient telemetry, it is possible to measure how badly sites would break without actually breaking the site.<br /><br />Due to privacy restrictions in telemetry, we do not collect per-organization pinning violations except for Mozilla sites that are operationally critical to Firefox. This means that it is not possible to distinguish pinning violations for Google domains from Twitter domains, for example. I do not believe that collecting the aggregated number of pinning violations for sites on the Alexa top 10 list constitutes a privacy violation, but I look forward to the day when technologies such as <a href="http://arxiv.org/abs/1407.6981?context=cs">RAPPOR</a> make it easier to collect actionable data in a privacy-preserving way. <br /><br />Fortunately for us, Chrome has already implemented pinning on many high-traffic sites. This is fantastic news, because it means we can import Chrome?s pin list in test mode with relatively high assurance that the pin list won?t break Firefox, since it is already in production in Chrome.<br /><br />Given sufficient test mode telemetry, we can decide whether to enforce pins instead of just counting violations. If the pinning violation rate is sufficiently low, it is probably safe to promote the pinned domain from test mode to production mode. The screenshot below shows a 3 week period where we promoted cdn.mozilla.com and media.mozilla.com and Google domains to production, as well as expand coverage on Twitter to include all subdomains.<br /><br /><img height="425" src="https://lh4.googleusercontent.com/WWGa1hbHo7fOeu_b7H-ehlQ2QlTdZ1a092xb6KN3c75rxjPX--co1u3WRhG8JjjRzUKqjoN-XsMolisa8F_o_aa_W2gcPVkmpp0YmZtJvZbE3CUmCwatsiH27JjNW4pcYw" width="640" /><br /><br />Because the current implementation of pinning in Firefox relies on built-in static pinsets and we are unable to count violations per-pinset, it is important to track changes to the pinset file in the <a href="https://github.com/monicachew/pinning-dashboard">dashboard</a>. Fortunately <a href="http://www.highcharts.com/products/highstock">HighStock</a> supports <a href="http://www.highcharts.com/stock/demo/flags-general/grid">event markers</a> which somewhat alleviates this problem, and David Keeler also contributed some tooltip code to roughly associate dates with Mercurial revisions. Armed with the timeseries of pinning violation rates, event markers for dates that we promoted organizations to production mode (or high-traffic organizations like Dropbox were added in test mode due to a new import from Chromium) we can see whether pinning is working or not.<br /><br />Telemetry is useful for forensics, but in our case, it is not useful for catching problems as they occur. This limitation is due to several difficulties, which I hope will be overcome by more generalized, comprehensive SSL error-reporting and HPKP:<div><ul><li>Because pinsets are static and built-in, there is sometimes a 24-hour lag between making a change to a pinset and reaching the next Nightly build.</li><li>Telemetry information is only sent back once per day, so we are looking at a 2-day delay between making a change and receiving any data back at all.</li><li>Telemetry dashboards (as accessible from <a href="http://telemetry.mozilla.org/docs.html">telemetry.js</a> and <a href="http://telemetry.mozilla.org/">telemetry.mozilla.org</a>) need about a day to aggregate, which adds another day.</li><li>Update uptake rates are slow. The <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1017269#c4">median time to update Nightly</a> is around 3 days, getting to 80% takes 10 days or longer.</li></ul><div>Due to these latency issues, pinning violation rates take at least a week to stabilize. Thankfully, <a href="https://groups.google.com/d/msg/mozilla.dev.planning/2ScJSX0QTOs/XSZbWEyN0ggJ">telemetry is on by default in all pre-release channels</a> as of Firefox 31, which gives us a lot more confidence that the pinning violation rates are representative.<br /><br />Despite all the caveats and limitations, using these simple tools we were able to successfully roll out pinning pretty much all sites that we?ve attempted (including AMO, our unlucky canary) as of Firefox 34 and look forward to expanding coverage.<br /><br />Thanks for reading, and don?t forget to update your Nightly if you love Mozilla! :)</div></div>http://quec.li/EntryComments?feed=http%3A%2F%2Fplanet.mozilla.org%2Frss20.xml&entry=tag%3Ablogger.com%2C1999%3Ablog-2365489364368097756.post-5949559424013864686Security Audit of Safeplug ?Tor in a Box?https://freedom-to-tinker.com/blog/annee/security-audit-of-safeplug-tor-in-a-box/https://freedom-to-tinker.com/?p=10368Mon, 08 Sep 2014 08:16:00 -0400<strong>m</strong>: <em>This was always a neat idea, although from the audit, it sounds like a) it should only be run by the same sort of person who would know to actively search-out such a thing (lacking informative documentaiton); and b) you'd need to be very careful and deliberate in how you design your network to guard against the lax security inherent in the device.<br /> </em>Last month at the FOCI workshop, we presented a security analysis of the Safeplug, a $49 box which promised users &#8220;complete security and anonymity&#8221; online by sending all of their web traffic through the Tor onion routing network. Safeplug claims to offer greater usability, particularly for non-technical customers, than the state-of-the-art in anonymous Internet browsing: [&#8230;]http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10368TIME Special Preview: A Guide to the Best Fall Photo Bookshttp://lightbox.time.com/2014/09/08/fall-photo-book-guide/http://lightbox.time.com/?p=101056Mon, 08 Sep 2014 04:00:00 -0400<p>LightBox presents a special preview of the season?s best photography books, featuring new titles from legendary photographers Stephen Shore and Bruce Davidson, as well as inspired work by contemporary photographers Michael Light, Julie Blackmon and LaToya Ruby Frazier.</p> <p>These photo books, lovingly designed and meticulously edited, are a rare treat in an time when photography is all-too-often relegated to selfies and snapshots, and offer an opportunity to truly indulge in the unfettered beauty of a well-made book.</p> <p><em>If you are a publisher and would like to submit a title for our Spring/Summer edition of the Guide, please contact lightbox@time.com.</em></p><br /> <a rel="nofollow" href="http://feeds.wordpress.com/1.0/gocomments/timethemoment.wordpress.com/101056/"><img alt="" border="0" src="http://feeds.wordpress.com/1.0/comments/timethemoment.wordpress.com/101056/" /></a> <img alt="" border="0" src="http://pixel.wp.com/b.gif?host=lightbox.time.com&amp;blog=17898441&amp;post=101056&amp;subd=timethemoment&amp;ref=&amp;feed=1" width="1" height="1" />http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D101056