m Quec.lim's republished posts.http://quec.li/~m /Men in Massachusetts should simply not show up to defend restraining orders, divorces, and other family law matters?http://blogs.law.harvard.edu/philg/2015/07/30/men-in-massachusetts-should-simply-not-show-up-to-defend-restraining-orders-divorces-and-other-family-law-matters/http://blogs.law.harvard.edu/philg/?p=8375Thu, 30 Jul 2015 13:15:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D8375Bizarre High-Tech Kidnappinghttps://www.schneier.com/blog/archives/2015/07/bizarre_high-te.htmltag:www.schneier.com,2015:/blog//2.7170Wed, 29 Jul 2015 07:34:00 -0400<strong>m</strong>: <em>"It borders on surreal. Were it an episode of CSI:Cyber, you would never believe it."<br /> <br /> Indeed. Lessons to be learned, beyond all the steps reported: Don't buy your burner from Target or any other big chain store. Ideally buy it from a small mom-and-pop far away from where you live or plan to use it. Ideally, don't be the person that buys it yourself. Bypass all those concerns by going to a neutral area that collects working phones for recycling/use by older/minimal-mobility people and take a phone from the box.<br /> </em><p>This is a <a href="http://www.wired.com/2015/07/mare-island/">story</a> of a very high-tech kidnapping:</p> <blockquote><p>FBI court filings unsealed last week showed how Denise Huskins' kidnappers used anonymous remailers, image sharing sites, Tor, and other people's Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath of the abduction and had a Parrot radio-controlled drone standing by to pick up the ransom by remote control.</p></blockquote> <p>The story also demonstrates just how effective the FBI is tracing cell phone usage these days. They had a blocked call from the kidnappers to the victim's cell phone. First they used an search warrant to AT&T to get the actual calling number. After learning that it was an AT&T prepaid Trakfone, they called AT&T to find out where the burner was bought, what the serial numbers were, and the location where the calls were made from.</p> <blockquote><p>The FBI reached out to Tracfone, which was able to tell the agents that the phone was purchased from a Target store in Pleasant Hill on March 2 at 5:39 pm. Target provided the bureau with a surveillance-cam photo of the buyer: a white male with dark hair and medium build. AT&T turned over records showing the phone had been used within 650 feet of a cell site in South Lake Tahoe.</p></blockquote> <p>Here's the <a href="http://www1.icsi.berkeley.edu/~nweaver/vallejo.pdf">criminal complaint</a>. It borders on surreal. Were it an episode of <i>CSI:Cyber</i>, you would never believe it.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7170Stagefright Vulnerability in Android Phoneshttps://www.schneier.com/blog/archives/2015/07/stagefright_vul.htmltag:www.schneier.com,2015:/blog//2.7171Tue, 28 Jul 2015 07:37:00 -0400<p><a href="http://arstechnica.com/security/2015/07/950-million-android-phones-can-be-hijacked-by-malicious-text-messages/">The</a> <a href="http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/">Stagefright</a> <a href="http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/">vulnerability</a> for Android phones is a bad one. It's exploitable via a text message (details depend on auto downloading of the particular phone), it runs at an elevated privilege (again, the severity depends on the particular phone -- on some phones it's full privilege), and it's trivial to weaponize. Imagine a worm that infects a phone and then immediately sends a copy of itself to everyone on that phone's contact list.</p> <p>The worst part of this is that it's an Android exploit, so most phones <a href="http://www.androidcentral.com/solving-impossible-problem-android-updates">won't be patched anytime soon</a> -- if ever. (The people who discovered the bug alerted Google in April. Google has sent patches to its phone manufacturer partners, but most of them have not sent the patch to Android phone users.)</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7171http://instagram.com/p/5gRqzEhapS/?taken-by=koulersfulhttp://instagram.com/p/5gRqzEhapS/?taken-by=koulersfulThu, 23 Jul 2015 23:46:00 -0400<p><a href="http://instagram.com/p/5gRqzEhapS/?taken-by=koulersful"><img src="https://igcdn-photos-e-a.akamaihd.net/hphotos-ak-xaf1/t51.2885-15/11324890_851643381589316_1413443838_n.jpg" height="" width="" alt="" /></a><br /></p>http://quec.li/EntryComments?feed=http%3A%2F%2Fod.saverpigeeks.com%2Frss%2FInstagram%2Fkoulersful&entry=http%3A%2F%2Finstagram.com%2Fp%2F5gRqzEhapS%2F%3Ftaken-by%3DkoulersfulItalian tourism in the smartphone agehttp://blogs.law.harvard.edu/philg/2015/07/23/italian-tourism-in-the-smartphone-age/http://blogs.law.harvard.edu/philg/?p=8337Thu, 23 Jul 2015 12:24:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D8337Remotely Hacking a Car While It's Drivinghttps://www.schneier.com/blog/archives/2015/07/remotely_hackin.htmltag:www.schneier.com,2015:/blog//2.7160Thu, 23 Jul 2015 07:17:00 -0400<p><a href="http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/">This</a> is a big deal. Hackers can remotely hack the Uconnect system in cars just by knowing the car's IP address. They can disable the brakes, turn on the AC, blast music, and disable the transmission:</p> <blockquote><p>The attack tools Miller and Valasek developed can remotely trigger more than the dashboard and transmission tricks they used against me on the highway. They demonstrated as much on the same day as my traumatic experience on I-64; After narrowly averting death by semi-trailer, I managed to roll the lame Jeep down an exit ramp, re-engaged the transmission by turning the ignition off and on, and found an empty lot where I could safely continue the experiment. <p>Miller and Valasek's full arsenal includes functions that at lower speeds fully kill the engine, abruptly engage the brakes, or disable them altogether. The most disturbing maneuver came when they cut the Jeep's brakes, leaving me frantically pumping the pedal as the 2-ton SUV slid uncontrollably into a ditch. The researchers say they're working on perfecting their steering control -- for now they can only hijack the wheel when the Jeep is in reverse. Their hack enables surveillance too: They can track a targeted Jeep's GPS coordinates, measure its speed, and even drop pins on a map to trace its route.</p></blockquote> <p>In related news, there's a <a href="http://www.wired.com/2015/07/senate-bill-seeks-standards-cars-defenses-hackers/">Senate bill</a> to improve car security standards. Honestly, I'm not sure our security technology is enough to prevent this sort of thing if the car's controls are attached to the Internet.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7160Equal Pay for Female Soccer Players?http://blogs.law.harvard.edu/philg/2015/07/21/equal-pay-for-female-soccer-players/http://blogs.law.harvard.edu/philg/?p=8255Tue, 21 Jul 2015 12:15:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D8255Using Secure Chathttps://www.schneier.com/blog/archives/2015/07/using_secure_ch.htmltag:www.schneier.com,2015:/blog//2.7154Fri, 17 Jul 2015 07:35:00 -0400<p>Micah Lee has a <a href="https://firstlook.org/theintercept/2015/07/14/communicating-secret-watched/">good tutorial</a> on installing and using secure chat.</p> <blockquote><p>To recap: We have installed Orbot and connected to the Tor network on Android, and we have installed ChatSecure and created an anonymous secret identity Jabber account. We have added a contact to this account, started an encrypted session, and verified that their OTR fingerprint is correct. And now we can start chatting with them with an extraordinarily high degree of privacy.</p></blockquote> <p>FBI Director James Comey, UK Prime Minister David Cameron, and totalitarian governments around the world all don't want you to be able to do this.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7154More on Hacking Teamhttps://www.schneier.com/blog/archives/2015/07/more_on_hacking_1.htmltag:www.schneier.com,2015:/blog//2.7142Tue, 07 Jul 2015 18:30:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7142More about the NSA's XKEYSCOREhttps://www.schneier.com/blog/archives/2015/07/more_about_the_.htmltag:www.schneier.com,2015:/blog//2.7137Tue, 07 Jul 2015 07:38:00 -0400<p>I've been reading through the 48 <a href="https://firstlook.org/theintercept/2015/07/01/nsas-google-worlds-private-communications/">classified</a> <a href="https://firstlook.org/theintercept/2015/07/02/look-under-hood-xkeyscore/">documents</a> about the NSA's XKEYSCORE system released by the <i>Intercept</i> last week. From the article:</p> <blockquote><p>The NSA's XKEYSCORE program, first <a href="http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data">revealed</a> by <i>The Guardian</i>, sweeps up countless people's Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from <a href="https://web.archive.org/web/20150123062050/https%3A//www.eff.org/files/2014/06/23/report_on_the_nsas_access_to_tempora.pdf">fiber optic cables</a> that make up the backbone of the world's communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers. <p>These servers store "full-take data" at the collection sites -- meaning that they captured all of the traffic collected -- and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. "It is a fully distributed processing and query system that runs on machines around the world," an NSA briefing on XKEYSCORE says. "At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage."</p></blockquote> <p>There seems to be no access controls at all restricting how analysts can use XKEYSCORE. Standing queries -- called "workflows" -- and new fingerprints have an approval process, presumably for load issues, but individual queries are not approved beforehand but may be audited after the fact. These are things which are supposed to be low latency, and you can't have an approval process for low latency analyst queries. Since a query can get at the recorded raw data, a single query is effectively a retrospective wiretap.</p> <p>All this means that the <i>Intercept</i> is correct when <a href="https://firstlook.org/theintercept/2015/07/01/nsas-google-worlds-private-communications/">it writes</a>:</p> <blockquote><p>These facts bolster one of Snowden's most controversial statements, made in his <a href="http://www.theguardian.com/world/video/2013/jun/09/nsa-whistleblower-edward-snowden-interview-video">first video interview published by <i>The Guardian</i></a> on June 9, 2013. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge to even the president, if I had a personal email."</p></blockquote> <p>You'll only get the data if it's in the NSA's databases, but if it is there you'll get it.</p> <p>Honestly, there's not much in these documents that's a surprise to anyone who studied the 2013 <a href="http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data">XKEYSCORE</a> leaks and knows what can be done with a highly customizable Intrusion Detection System. But it's always interesting to read the details.</p> <p>One document -- "<a href="https://firstlook.org/theintercept/document/2015/07/01/intro-context-sensitive-scanning-xks-fingerprints/">Intro to Context Sensitive Scanning with X-KEYSCORE Fingerprints</a> (2010) -- talks about some of the queries an analyst can run. A sample scenario: "I want to look for people using Mojahedeen Secrets encryption from an iPhone" (page 6).</p> <p>Mujahedeen Secrets is an <a href="https://en.wikipedia.org/wiki/Mujahedeen_Secrets">encryption program</a> written by al Qaeda supporters. It has <a href="https://www.schneier.com/blog/archives/2008/02/mujahideen_secr_1.html">been around</a> since 2007. Last year, Stuart Baker <a href="https://www.schneier.com/blog/archives/2014/08/the_security_of_9.html">cited its increased use</a> as evidence that Snowden harmed America. I thought <a href="https://www.schneier.com/blog/archives/2014/05/new_al_qaeda_en_1.html">the opposite</a>, that the NSA benefits from al Qaeda using this program. I <a href="https://www.schneier.com/blog/archives/2014/08/the_security_of_9.html">wrote</a>: "There's nothing that screams 'hack me' more than using specially designed al Qaeda encryption software."</p> <p>And now we see how it's done. In the document, we read about the specific XKEYSCORE queries an analyst can use to search for traffic encrypted by Mujahedeen Secrets. Here are some of the <a href="https://firstlook.org/theintercept/document/2015/07/01/intro-context-sensitive-scanning-xks-fingerprints/">program's fingerprints</a> (page 10):</p> <blockquote><p>encryption/mojahaden2<br> encryption/mojahaden2/encodedheader<br> encryption/mojahaden2/hidden<br> encryption/mojahaden2/hidden2<br> encryption/mojahaden2/hidden44<br> encryption/mojahaden2/secure_file_cendode<br> encryption/mojahaden2/securefile</p></blockquote> <p>So if you want to search for all iPhone users of Mujahedeen Secrets (page 33):</p> <blockquote><p>fingerprint('demo/scenario4')= <blockquote><p>fingerprint('encryption/mojahdeen2' and fingerprint('browser/cellphone/iphone')</p></blockquote></p></blockquote> <p>Or you can search for the program's use in the encrypted text, because (page 37): "...many of the CT Targets are now smart enough not to leave the Mojahedeen Secrets header in the E-mails they send. How can we detect that the E-mail (which looks like junk) is in fact Mojahedeen Secrets encrypted text." Summary of the answer: there are lots of ways to detect the use of this program that users can't detect. And you can combine the use of Mujahedeen Secrets with other identifiers to find targets. For example, you can specifically search for the program's use in <a href="https://firstlook.org/theintercept/document/2015/07/01/intro-xks-appids-fingerprints/">extremist forums</a> (page 9). (Note that the NSA wrote that comment about Mujahedeen Secrets users increasing their opsec in 2010, two years before Snowden supposedly told them that the NSA was listening on their communications. Honestly, I would not be surprised if the program turned out to have been a US operation to get Islamic radicals to make their traffic stand out more easily.)</p> <p>It's not just Mujahedeen Secrets. Nicholas Weaver <a href="https://medium.com/@nweaver/extra-unofficial-xkeyscore-guide-b8513600ad24">explains</a> how you can use XKEYSCORE to identify co-conspirators who are all using PGP.</p> <p>And these searches are just one example. Other examples from the documents include:</p> <ul><li>"Targets using mail.ru from a behind a large Iranian proxy" (<a href="https://firstlook.org/theintercept/document/2015/07/01/intro-xks-appids-fingerprints/">here, page 7</a>). <p><li>Usernames and passwords of people visiting gov.ir (<a href="https://firstlook.org/theintercept/document/2015/07/01/using-xks-enable-tao/">here, page 26 and following</a>).</p> <p><li>People in Pakistan visiting certain German-language message boards (<a href="https://www.documentcloud.org/documents/2116488-xks-targets-visiting-specific-websites.html">here, page 1</a>).</p> <p><li>HTTP POST traffic from Russia in the middle of the night -- useful for finding people trying to steal our data (<a href="https://firstlook.org/theintercept/document/2015/07/01/xks-counter-cne/">here, page 16</a>).</p> <p><li>People doing web searches on jihadist topics from Kabul (<a href="https://firstlook.org/theintercept/document/2015/07/01/guide-using-contexts-xks-fingerprints/">here</a>).</ul> <p>E-mails, chats, web-browsing traffic, pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, file uploads to online services, Skype sessions and more: if you can <a href="https://firstlook.org/theintercept/document/2015/07/01/guide-using-contexts-xks-fingerprints/">figure out how to form the query</a>, you can ask XKEYSCORE for it. For an example of how complex the searches can be, look at <a href="http://media.nzherald.co.nz/webcontent/document/pdf/201513/WTO%20document.pdf">this</a> XKEYSCORE query <a href="https://firstlook.org/theintercept/2015/03/22/new-zealand-gcsb-spying-wto-director-general/">published</a> <a href="http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&amp;objectid=11421370">in</a> March, showing how New Zealand used the system to spy on the World Trade Organization: automatically track any email body with any particular WTO-related content for the upcoming election. (Good new documents to read include <a href="https://firstlook.org/theintercept/document/2015/07/01/xks-intro/">this</a>, <a href="https://firstlook.org/theintercept/document/2015/07/01/intro-context-sensitive-scanning-xks-fingerprints/">this</a>, and <a href="https://firstlook.org/theintercept/document/2015/07/01/cne-analysis-xks/">this</a>.)</p> <p>I always read these NSA documents with an assumption that other countries are doing the same thing. The NSA is <a href="https://www.schneier.com/blog/archives/2014/05/the_nsa_is_not_.html">not made of magic</a>, and XKEYSCORE is not some super-advanced NSA-only technology. It is the same sort of thing that every other country would use with its surveillance data. For example, Russia explicitly requires ISPs to install similar monitors as part of its <a href="https://en.wikipedia.org/wiki/SORM">SORM</a> Internet surveillance system. As a home user, you can build your own XKEYSCORE using the public-domain <a href="https://www.bro.org/index.html">Bro Security Monitor</a> and the related <a href="https://www.bro.org/community/time-machine.html">Network Time Machine</a> attached to a back-end data-storage system. (Lawrence Berkeley National Laboratory uses this system to store three months' worth of Internet traffic for retrospective surveillance -- it used the data to <a href="https://jhalderm.com/pub/papers/heartbleed-imc14.pdf">study Heartbleed</a>.) The primary advantage the NSA has is that it sees more of the Internet than anyone else, and spends more money to store the data it intercepts for longer than anyone else. And if these documents explain XKEYSCORE in 2009 and 2010, expect that it's much more powerful now.</p> <p>Back to encryption and Mujahedeen Secrets. If you want to stay secure, whether you're trying to evade surveillance by Russia, China, the NSA, criminals intercepting large amounts of traffic, or anyone else, try not to stand out. Don't use some homemade specialized cryptography that can be easily identified by a system like this. Use reasonably strong encryption software on a reasonably secure device. If you trust <a href="https://www.apple.com/business/docs/iOS_Security_Guide.pdf">Apple's claims</a> (pages 35-6), use iMessage and Facetime on your iPhone. I really like <a href="https://firstlook.org/theintercept/2015/03/02/signal-iphones-encrypted-messaging-app-now-supports-text/">Moxie Marlinspike's</a> <a href="https://whispersystems.org/blog/signal/">Signal</a> for both text and voice, but worry that it's too obvious because it's still rare. Ubiquitous encryption is the bane of listeners worldwide, and it's the best thing we can deploy to make the world safer.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7137matt [wronka.org]http://quec.es/org.wronka/matt/2015/06/26/Fri, 26 Jun 2015 17:25:08 +0000;matt [wronka.org]Fri, 26 Jun 2015 13:25:00 -0400Dentist.http://quec.li/EntryComments?feed=http%3A%2F%2Fquec.es%2Forg.wronka%2Fmatt%2Fsynd%2F&entry=Fri%2C+26+Jun+2015+17%3A25%3A08+%2B0000%3Bmatt+%5Bwronka.org%5DSouth Carolina lawmakers vote to open debate over Confederate flaghttp://feeds.reuters.com/~r/Reuters/PoliticsNews/~3/7nso3RguTCk/story01.htmhttp://www.reuters.com/article/2015/06/23/us-usa-shooting-south-carolina-idUSKBN0P31UY20150623?feedType=RSS&amp;feedName=politicsNewsTue, 23 Jun 2015 17:05:00 -0400COLUMBIA, S.C. (Reuters) - South Carolina lawmakers voted to open debate on Tuesday on removing the Confederate flag from the State House grounds in the aftermath of last week's massacre of nine African-Americans at a historic Charlestown church.<img width="1" height="1" src="http://reuters.us.feedsportal.com/c/35217/f/654214/s/4781a873/sc/7/mf.gif" border="0" /><br clear='all'/><br/><br/><a href="http://rc.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/rc/1/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/rc/1/rc.img" border="0" /></a><br/><a href="http://rc.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/rc/2/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/rc/2/rc.img" border="0" /></a><br/><a href="http://rc.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/rc/3/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/rc/3/rc.img" border="0" /></a><br/><br/><a href="http://da.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/a2.htm"><img src="http://da.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/a2.img" border="0" /></a><br/><a href="http://adchoice.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/ach.htm"><img src="http://adchoice.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/ach.img" border="0" /></a><img width="1" height="1" src="http://pi.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/a2t.img" border="0" /><img width="1" height="1" src="http://pi2.feedsportal.com/r/232684467289/u/49/f/654214/c/35217/s/4781a873/sc/7/a2t2.img" border="0" /><div> <a href="http://feeds.reuters.com/~ff/Reuters/PoliticsNews?a=7nso3RguTCk:KUg0ZC4DbJg:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/Reuters/PoliticsNews?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/Reuters/PoliticsNews?a=7nso3RguTCk:KUg0ZC4DbJg:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Reuters/PoliticsNews?i=7nso3RguTCk:KUg0ZC4DbJg:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/Reuters/PoliticsNews?a=7nso3RguTCk:KUg0ZC4DbJg:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Reuters/PoliticsNews?i=7nso3RguTCk:KUg0ZC4DbJg:V_sGLiPBpWU" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Reuters/PoliticsNews/~4/7nso3RguTCk" height="1" width="1" alt="" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2FReuters%2FPoliticsNews&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2015%2F06%2F23%2Fus-usa-shooting-south-carolina-idUSKBN0P31UY20150623%3FfeedType%3DRSS%26amp%3BfeedName%3DpoliticsNewsMassachusetts inventor of pink lawn flamingo dead at 79http://feeds.reuters.com/~r/news/artsculture/~3/sGpjq1Z9ASI/us-massachusetts-flamingo-obituary-idUSKBN0P32GC20150623http://www.reuters.com/article/2015/06/23/us-massachusetts-flamingo-obituary-idUSKBN0P32GC20150623?feedType=RSS&amp;feedName=artsNewsTue, 23 Jun 2015 17:02:00 -0400BOSTON (Reuters) - The Massachusetts man who invented the plastic pink flamingo lawn ornament, which went from a 1960s craze to a kitsch icon, died this week aged 79, his widow said on Tuesday.<div> <a href="http://feeds.reuters.com/~ff/news/artsculture?a=sGpjq1Z9ASI:_xOQnm6FGus:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/news/artsculture?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/news/artsculture?a=sGpjq1Z9ASI:_xOQnm6FGus:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/news/artsculture?i=sGpjq1Z9ASI:_xOQnm6FGus:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/news/artsculture?a=sGpjq1Z9ASI:_xOQnm6FGus:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/news/artsculture?i=sGpjq1Z9ASI:_xOQnm6FGus:V_sGLiPBpWU" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/news/artsculture/~4/sGpjq1Z9ASI" height="1" width="1" alt="" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2Fnews%2Fartsculture&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2015%2F06%2F23%2Fus-massachusetts-flamingo-obituary-idUSKBN0P32GC20150623%3FfeedType%3DRSS%26amp%3BfeedName%3DartsNewsGuy puts 1990s MacOS 7 on an Apple Watch ? without jailbreaking ithttp://go.theregister.com/feed/www.theregister.co.uk/2015/06/23/aaple_watch_os7/tag:theregister.co.uk,2005:story/2015/06/23/aaple_watch_os7/Tue, 23 Jun 2015 16:44:00 -0400<h4>Welcome to MacinWatch</h4> <p>An Apple Watch tinkerer has managed to get his wristslab running an operating system that hasn't been updated in nearly two decades.?</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.rss&entry=tag%3Atheregister.co.uk%2C2005%3Astory%2F2015%2F06%2F23%2Faaple_watch_os7%2FHayden Mocks NSA Reformshttps://www.schneier.com/blog/archives/2015/06/hayden_mocks_ns.htmltag:www.schneier.com,2015:/blog//2.7112Tue, 23 Jun 2015 14:39:00 -0400<p>Former NSA Director Michael <a href="https://screen.yahoo.com/former-nsa-head-hayden-snowdens-020710743.html">recently</a> <a href="http://arstechnica.com/tech-policy/2015/06/even-former-nsa-chief-thinks-usa-freedom-act-was-a-pointless-change/">mocked</a> the NSA reforms in the recently passed USA Freedom Act:</p> <blockquote><p>If somebody would come up to me and say, "Look, Hayden, here's the thing: This Snowden thing is going to be a nightmare for you guys for about two years. And when we get all done with it, what you're going to be required to do is that little 215 program about American telephony metadata -- and by the way, you can still have access to it, but you got to go to the court and get access to it from the companies, rather than keep it to yourself." I go: "And this is it after two years? Cool!"</p></blockquote> <p>The thing is, he's right. And Peter Swire is <a href="https://www.schneier.com/blog/archives/2015/06/peter_swire_on_.html">also</a> <a href="https://privacyassociation.org/news/a/the-usa-freedom-act-the-presidents-review-group-and-the-biggest-intelligence-reform-in-40-years/">right</a> when he calls the law "the biggest pro-privacy change to U.S. intelligence law since the original enactment of the Foreign Intelligence Surveillance Act in 1978." I supported the bill not because it was the answer, but because it was a step in the right direction. And Hayden's comments demonstrate how much more work we have to do.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7112Apple Music: Good reminder not to listen to computer scientistshttp://blogs.law.harvard.edu/philg/2015/06/23/apple-music-good-reminder-not-to-listen-to-computer-scientists/http://blogs.law.harvard.edu/philg/?p=7984Tue, 23 Jun 2015 09:07:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D7984matt [wronka.org]http://quec.es/org.wronka/matt/2015/06/22/Mon, 22 Jun 2015 20:14:36 +0000;matt [wronka.org]Mon, 22 Jun 2015 16:12:45 -0400Fixes bug 1155467: <a href="http://matt.wronka.org/stuff/projects/icpp/mozilla/unpocket-20150622.diff">http://matt.wronka.org/stuff/projects/icpp/mozilla/unpocket-20150622.diff</a>http://quec.li/EntryComments?feed=http%3A%2F%2Fquec.es%2Forg.wronka%2Fmatt%2Fsynd%2F&entry=Mon%2C+22+Jun+2015+20%3A14%3A36+%2B0000%3Bmatt+%5Bwronka.org%5DHistory of the First Crypto Warhttps://www.schneier.com/blog/archives/2015/06/history_of_the_.htmltag:www.schneier.com,2015:/blog//2.7109Mon, 22 Jun 2015 14:35:00 -0400<p>As we're all gearing up <a href="https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html">to</a> <a href="https://www.schneier.com/blog/archives/2014/10/more_crypto_war.html">fight</a> the <a href="http://harvardkennedyschoolreview.com/the-return-of-the-crypto-wars/">Second</a> <a href="http://www.huffingtonpost.com/matthew-prince/the-second-crypto-war-and_b_6517528.html">Crypto</a> <a href="http://www.tandfonline.com/doi/pdf/10.1080/15295036.2014.921320">War</a> over governments' demands to be able to back-door any cryptographic system, it pays for us to remember the history of the First Crypto War. The Open Technology Instutute has <a href="http://www.newamerica.org/oti/doomed-to-repeat-history-lessons-from-the-crypto-wars-of-the-1990s/">written the story</a> of those years in the mid-1990s.</p> <blockquote><p>The act that truly launched the Crypto Wars was the White House's introduction of the "Clipper Chip" in 1993. The Clipper Chip was a state-of-the-art microchip developed by government engineers which could be inserted into consumer hardware telephones, providing the public with strong cryptographic tools without sacrificing the ability of law enforcement and intelligence agencies to access unencrypted versions of those communications. The technology relied on a system of "key escrow," in which a copy of each chip's unique encryption key would be stored by the government. Although White House officials mobilized both political and technical allies in support of the proposal, it faced immediate backlash from technical experts, privacy advocates, and industry leaders, who were concerned about the security and economic impact of the technology in addition to obvious civil liberties concerns. As the battle wore on throughout 1993 and into 1994, leaders from across the political spectrum joined the fray, supported by a broad coalition that opposed the Clipper Chip. When computer scientist Matt Blaze discovered a flaw in the system in May 1994, it proved to be the final death blow: the Clipper Chip was dead. <p>Nonetheless, the idea that the government could find a palatable way to access the keys to encrypted communications lived on throughout the 1990s. Many policymakers held onto hopes that it was possible to securely implement what they called "software key escrow" to preserve access to phone calls, emails, and other communications and storage applications. Under key escrow schemes, a government-certified third party would keep a "key" to every device. But the government's shift in tactics ultimately proved unsuccessful; the privacy, security, and economic concerns continued to outweigh any potential benefits. By 1997, there was an overwhelming amount of evidence against moving ahead with any key escrow schemes.</p></blockquote> <p>The Second Crypto War is going to be harder and nastier, and I am less optimistic that strong cryptography will win in the short term.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7109General Mills says to rid its cereals of artificial flavors, colorshttp://feeds.reuters.com/~r/reuters/cyclicalconsumergoodsNews/~3/tgNOqmLUYzc/general-mills-food-additives-idUSL3N0Z83ZO20150622http://www.reuters.com/article/2015/06/22/general-mills-food-additives-idUSL3N0Z83ZO20150622?feedType=RSS&amp;feedName=cyclicalConsumerGoodsSectorMon, 22 Jun 2015 11:28:00 -0400June 22 (Reuters) - General Mills Inc, maker of Cinnamon Toast Crunch and Original Cheerios cereals, said it would stop using artificial flavors and colors in almost all of its cereals, joining the U.S. food industry's move towards products perceived as healthier.<div> <a href="http://feeds.reuters.com/~ff/reuters/cyclicalconsumergoodsNews?a=tgNOqmLUYzc:344La4ANJaQ:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/reuters/cyclicalconsumergoodsNews?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/reuters/cyclicalconsumergoodsNews?a=tgNOqmLUYzc:344La4ANJaQ:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/reuters/cyclicalconsumergoodsNews?i=tgNOqmLUYzc:344La4ANJaQ:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/reuters/cyclicalconsumergoodsNews?a=tgNOqmLUYzc:344La4ANJaQ:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/reuters/cyclicalconsumergoodsNews?i=tgNOqmLUYzc:344La4ANJaQ:F7zBnMyn0Lo" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/reuters/cyclicalconsumergoodsNews/~4/tgNOqmLUYzc" height="1" width="1" alt="" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2Freuters%2FcyclicalconsumergoodsNews&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2015%2F06%2F22%2Fgeneral-mills-food-additives-idUSL3N0Z83ZO20150622%3FfeedType%3DRSS%26amp%3BfeedName%3DcyclicalConsumerGoodsSectorThe Secrecy of the Snowden Documentshttps://www.schneier.com/blog/archives/2015/06/the_secrecy_of_.htmltag:www.schneier.com,2015:/blog//2.7106Mon, 22 Jun 2015 07:13:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7106Honda confirms eighth death linked to Takata airbagshttp://feeds.reuters.com/~r/reuters/businessNews/~3/7BvdAjP9vBE/story01.htmhttp://www.reuters.com/article/2015/06/19/us-americanhonda-takata-idUSKBN0OZ2KJ20150619?feedType=RSS&amp;feedName=businessNewsFri, 19 Jun 2015 19:00:00 -0400(Reuters) - Honda Motor Co's U.S. unit said on Friday it has linked the September 2014 death of a woman in Los Angeles, California, to the rupture of a Takata airbag inflator, bringing to eight the number of fatalities related to defective Takata airbags.<img width="1" height="1" src="http://reuters.us.feedsportal.com/c/35217/f/654199/s/4767d146/sc/28/mf.gif" border="0" /><br clear='all'/><br/><br/><a href="http://rc.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/rc/1/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/rc/1/rc.img" border="0" /></a><br/><a href="http://rc.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/rc/2/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/rc/2/rc.img" border="0" /></a><br/><a href="http://rc.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/rc/3/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/rc/3/rc.img" border="0" /></a><br/><br/><a href="http://da.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/a2.htm"><img src="http://da.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/a2.img" border="0" /></a><br/><a href="http://adchoice.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/ach.htm"><img src="http://adchoice.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/ach.img" border="0" /></a><img width="1" height="1" src="http://pi.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/a2t.img" border="0" /><img width="1" height="1" src="http://pi2.feedsportal.com/r/231123222165/u/49/f/654199/c/35217/s/4767d146/sc/28/a2t2.img" border="0" /><div> <a href="http://feeds.reuters.com/~ff/reuters/businessNews?a=7BvdAjP9vBE:Fb7EYdDTgOI:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/reuters/businessNews?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/reuters/businessNews?a=7BvdAjP9vBE:Fb7EYdDTgOI:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/reuters/businessNews?i=7BvdAjP9vBE:Fb7EYdDTgOI:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/reuters/businessNews?a=7BvdAjP9vBE:Fb7EYdDTgOI:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/reuters/businessNews?i=7BvdAjP9vBE:Fb7EYdDTgOI:V_sGLiPBpWU" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/reuters/businessNews/~4/7BvdAjP9vBE" height="1" width="1" alt="" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2Freuters%2FbusinessNews&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2015%2F06%2F19%2Fus-americanhonda-takata-idUSKBN0OZ2KJ20150619%3FfeedType%3DRSS%26amp%3BfeedName%3DbusinessNewsAdvice to software development internshttp://blogs.law.harvard.edu/philg/2015/06/19/advice-to-software-development-interns/http://blogs.law.harvard.edu/philg/?p=7845Fri, 19 Jun 2015 11:47:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D7845Counterfeit Social Media Accountshttps://www.schneier.com/blog/archives/2015/06/counterfeit_soc.htmltag:www.schneier.com,2015:/blog//2.7105Thu, 18 Jun 2015 07:29:00 -0400<strong>m</strong>: <em>"Want to know how Old Navy makes your butt look scary good?"<br /> </em><p><a href="https://theweek.com/articles/560046/inside-counterfeit-facebook-farm">Interesting article</a> on the inner workings of a Facebook account farm, with commentary on fake social media accounts in general.<br /> </p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.7105Identifying as black: Rachel Dolezal today and Boston?s Malone Brothers circa 1988http://blogs.law.harvard.edu/philg/2015/06/17/identifying-as-black-rachel-dolezal-today-and-bostons-malone-brothers-circa-1988/http://blogs.law.harvard.edu/philg/?p=7918Wed, 17 Jun 2015 21:01:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D7918