m Quec.lim's republished posts.http://quec.li/~m /Night Lights: Breathtaking Photographs of Naturehttp://lightbox.time.com/2014/08/16/night-nature-photography-takehito-miyatake/http://lightbox.time.com/?p=96209Sat, 16 Aug 2014 04:00:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D96209The Switchboard: What happens when you start liking everything on Facebookhttp://feeds.washingtonpost.com/c/34656/f/636544/s/3d6c0b27/sc/21/l/0L0Swashingtonpost0N0Cthe0Eswitchboard0Ewhat0Ehappens0Ewhen0Eyou0Estart0Eliking0Eeverything0Eon0Efacebook0C20A140C0A80C120C3ae32a150E6240A0E48560E85510E6eeb550Abbab90Istory0Bhtml0Dwprss0Frss0Itechnology/story01.htmhttp://www.washingtonpost.com/the-switchboard-what-happens-when-you-start-liking-everything-on-facebook/2014/08/12/3ae32a15-6240-4856-8551-6eeb550bbab9_story.html?wprss=rss_technologyTue, 12 Aug 2014 07:12:00 -0400<p/> <p> <em>Published every weekday, the Switchboard is your morning helping of hand-picked stories from the Switch team.</em> </p> <p> <a data-xslt="_http" href="http://money.cnn.com/2014/08/11/technology/uber-fake-ride-requests-lyft/"> <strong>Uber's dirty tricks quantified: Rival counts 5,560 canceled rides.</strong> </a> CNN reports: "New data provided by Lyft, a competitor, shows that Uber employees have ordered and canceled more than 5,000 Lyft rides since last October. The data was provided to CNNMoney per a request made when reporting another story on the competition between the two companies."</p> <a href="http://www.washingtonpost.com/the-switchboard-what-happens-when-you-start-liking-everything-on-facebook/2014/08/12/3ae32a15-6240-4856-8551-6eeb550bbab9_story.html?wprss=rss_technology">Read full article &#62;&#62;</a><img width="1" height="1" src="http://feeds.washingtonpost.com/c/34656/f/636544/s/3d6c0b27/sc/21/mf.gif" border="0" /><br clear='all'/><br/><br/><a href="http://da.feedsportal.com/r/204366564301/u/197/f/636544/c/34656/s/3d6c0b27/sc/21/rc/1/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/204366564301/u/197/f/636544/c/34656/s/3d6c0b27/sc/21/rc/1/rc.img" border="0" /></a><br/><a href="http://da.feedsportal.com/r/204366564301/u/197/f/636544/c/34656/s/3d6c0b27/sc/21/rc/2/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/204366564301/u/197/f/636544/c/34656/s/3d6c0b27/sc/21/rc/2/rc.img" border="0" /></a><br/><a href="http://da.feedsportal.com/r/204366564301/u/197/f/636544/c/34656/s/3d6c0b27/sc/21/rc/3/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/204366564301/u/197/f/636544/c/34656/s/3d6c0b27/sc/21/rc/3/rc.img" border="0" /></a><br/><br/><a href="http://da.feedsportal.com/r/204366564301/u/197/f/636544/c/34656/s/3d6c0b27/sc/21/a2.htm"><img src="http://da.feedsportal.com/r/204366564301/u/197/f/636544/c/34656/s/3d6c0b27/sc/21/a2.img" border="0" /></a><img width="1" height="1" src="http://pi.feedsportal.com/r/204366564301/u/197/f/636544/c/34656/s/3d6c0b27/sc/21/a2t.img" border="0" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.washingtonpost.com%2Frss%2Fbusiness%2Ftechnology&entry=http%3A%2F%2Fwww.washingtonpost.com%2Fthe-switchboard-what-happens-when-you-start-liking-everything-on-facebook%2F2014%2F08%2F12%2F3ae32a15-6240-4856-8551-6eeb550bbab9_story.html%3Fwprss%3Drss_technologyIrrational Fear of Risks Against Our Childrenhttps://www.schneier.com/blog/archives/2014/08/irrational_fear.htmltag:www.schneier.com,2014:/blog//2.5915Mon, 11 Aug 2014 10:34:00 -0400<p>There's a <a href="http://www.theatlantic.com/national/archive/2014/07/arrested-for-letting-a-9-year-old-play-at-the-park-alone/374436/">horrible story</a> of a South Carolina mother arrested for letting her 9-year-old daughter play alone at a park while she was at work. The article linked to another <a href="http://www.salon.com/2014/06/03/the_day_i_left_my_son_in_the_car/">article</a> about a woman convicted of "contributing to the delinquency of a minor" for leaving her 4-year-old son in the car for a few minutes. That article contains some excellent commentary by the very sensible <a href="http://www.freerangekids.com/">Free Range Kids</a> blogger Lenore Skenazy:</p> <blockquote><p>"Listen," she said at one point. "Let's put aside for the moment that by far, the most dangerous thing you did to your child that day was put him in a car and drive someplace with him. About 300 children are injured in traffic accidents every day -- and about two die. That?s a real risk. So if you truly wanted to protect your kid, you'd never drive anywhere with him. But let?s put that aside. So you take him, and you get to the store where you need to run in for a minute and you?re faced with a decision. Now, people will say you committed a crime because you put your kid 'at risk.' But the truth is, there?s some risk to either decision you make.? She stopped at this point to emphasize, as she does in much of her analysis, how shockingly rare the abduction or injury of children in non-moving, non-overheated vehicles really is. For example, she insists that statistically speaking, it would likely take 750,000 years for a child left alone in a public space to be snatched by a stranger. "So there is some risk to leaving your kid in a car," she argues. It might not be statistically meaningful but it?s not nonexistent. The problem is,"she goes on, "there's some risk to every choice you make. So, say you take the kid inside with you. There?s some risk you'll both be hit by a crazy driver in the parking lot. There?s some risk someone in the store will go on a shooting spree and shoot your kid. There?s some risk he'll slip on the ice on the sidewalk outside the store and fracture his skull. There?s some risk no matter what you do. So why is one choice illegal and one is OK? Could it be because the one choice inconveniences you, makes your life a little harder, makes parenting a little harder, gives you a little less time or energy than you would have otherwise had?" <p>Later on in the conversation, Skenazy boils it down to this. "There?s been this huge cultural shift. We now live in a society where most people believe a child can not be out of your sight for one second, where people think children need constant, total adult supervision. This shift is not rooted in fact. It?s not rooted in any true change. It?s imaginary. It?s rooted in irrational fear."</blockquote"</p> <p>Skenazy has some <a href="http://reason.com/blog/2014/07/14/mom-jailed-because-she-let-her-9-year-ol">choice words</a> about the South Carolina story as well:</p> <blockquote><p>But, "What if a man would've come and snatched her?" said a woman interviewed by the TV station. <p>To which I must ask: In broad daylight? In a crowded park? Just because something happened on <a href="http://www.nbc.com/law-and-order-special-victims-unit">Law & Order</a> doesn't mean it's happening all the time in real life. Make "what if?" thinking the basis for an arrest and the cops can collar anyone. "You let your son play in the front yard? What if a man drove up and kidnapped him?" "You let your daughter sleep in her own room? What if a man climbed through the window?" etc.</p> <p>These fears pop into our brains so easily, they seem almost real. But they're not. Our crime rate today is <a href="http://www.csmonitor.com/USA/Justice/2012/0109/US-crime-rate-at-lowest-point-in-decades.-Why-America-is-safer-now">back to what it was when gas was 29 cents a gallon</a>, according to <i>The Christian Science Monitor</i>. It may feel like kids are in constant danger, but they are as safe (if not safer) than we were when our parents let us enjoy the summer outside, on our own, without fear of being arrested. </p></blockquote> <p>Yes.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5915Obama and New England aviation businesses start their vacationhttp://blogs.law.harvard.edu/philg/2014/08/09/obama-and-new-england-aviation-businesses-start-their-vacation/http://blogs.law.harvard.edu/philg/?p=6228Sat, 09 Aug 2014 16:34:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6228Crypto Daddy Phil Zimmerman says surveillance society is DOOMEDhttp://go.theregister.com/feed/www.theregister.co.uk/2014/08/09/technology_and_market_forces_will_defeat_surveillance_society_claims_crypto_king/tag:theregister.co.uk,2005:story/2014/08/09/technology_and_market_forces_will_defeat_surveillance_society_claims_crypto_king/Sat, 09 Aug 2014 03:58:00 -0400<h4>We?ve been here before when we defeated slavery and the absolute monarchy</h4> <p><strong>Defcon 22</strong> A killer combination of rapidly advancing technology and a desire for greater privacy among the public should condemn current surveillance state to an historical anachronism, according to PGP creator Phil Zimmermann.?</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.rss&entry=tag%3Atheregister.co.uk%2C2005%3Astory%2F2014%2F08%2F09%2Ftechnology_and_market_forces_will_defeat_surveillance_society_claims_crypto_king%2FU.S. judge rules against NCAA, says athletes can be paidhttp://feeds.reuters.com/~r/reuters/sportsNews/~3/VymzN5gYc_Y/story01.htmhttp://www.reuters.com/article/2014/08/09/us-ncaa-rules-decision-idUSKBN0G82AI20140809?feedType=RSS&amp;feedName=sportsNewsFri, 08 Aug 2014 21:12:00 -0400SAN FRANCISCO/NEW YORK (Reuters) - The National Collegiate Athletic Association must allow universities to offer student athletes a limited share of revenue, a U.S. judge ruled on Friday, a decision that cuts to the heart of the NCAA's mission to enforce amateurism in college sports.<img width="1" height="1" src="http://reuters.us.feedsportal.com/c/35217/f/654202/s/3d54e5ec/sc/13/mf.gif" border="0" /><br clear='all'/><div> <a href="http://feeds.reuters.com/~ff/reuters/sportsNews?a=VymzN5gYc_Y:hYUsI3U6WSM:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/reuters/sportsNews?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/reuters/sportsNews?a=VymzN5gYc_Y:hYUsI3U6WSM:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/reuters/sportsNews?i=VymzN5gYc_Y:hYUsI3U6WSM:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/reuters/sportsNews?a=VymzN5gYc_Y:hYUsI3U6WSM:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/reuters/sportsNews?i=VymzN5gYc_Y:hYUsI3U6WSM:V_sGLiPBpWU" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/reuters/sportsNews/~4/VymzN5gYc_Y" height="1" width="1" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2Freuters%2FsportsNews&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2014%2F08%2F09%2Fus-ncaa-rules-decision-idUSKBN0G82AI20140809%3FfeedType%3DRSS%26amp%3BfeedName%3DsportsNewsBeware WarKitteh, the connected cat that sniffs your Wi-Fi privateshttp://go.theregister.com/feed/www.theregister.co.uk/2014/08/09/beware_warkitteh_the_connected_cat_that_sniffs_your_wifi_privates/tag:theregister.co.uk,2005:story/2014/08/09/beware_warkitteh_the_connected_cat_that_sniffs_your_wifi_privates/Fri, 08 Aug 2014 20:57:00 -0400<h4>Inventor says, despite it all, he?s still not a cat person</h4> <p><strong>Defcon 22</strong> An inventive security researcher has successfully tested a war-driving kitty collar ? so its wearer can prowl around the neighborhood exposing the lamentable state of Wi-Fi security.?</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.rss&entry=tag%3Atheregister.co.uk%2C2005%3Astory%2F2014%2F08%2F09%2Fbeware_warkitteh_the_connected_cat_that_sniffs_your_wifi_privates%2FJigsaw puzzles and American corporate taxeshttp://blogs.law.harvard.edu/philg/2014/08/08/jigsaw-puzzles-and-american-corporate-taxes/http://blogs.law.harvard.edu/philg/?p=6223Fri, 08 Aug 2014 10:11:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6223Criminal Copyright Sanctions as a U.S. Exporthttps://freedom-to-tinker.com/blog/abridy/criminal-copyright-sanctions-as-a-u-s-export/https://freedom-to-tinker.com/?p=10298Thu, 07 Aug 2014 13:48:00 -0400http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10298The US Intelligence Community has a Third Leakerhttps://www.schneier.com/blog/archives/2014/08/the_us_intellig.htmltag:www.schneier.com,2014:/blog//2.5912Thu, 07 Aug 2014 13:14:00 -0400<p>Ever since <i>The Intercept</i> published <a href="https://firstlook.org/theintercept/article/2014/08/05/watch-commander/">this story</a> about the US government's Terrorist Screening Database, the press has been <a href="http://www.cnn.com/2014/08/05/politics/u-s-new-leaker/index.html?hpt=hp_t1">writing</a> about a "second leaker":</p> <blockquote><p>The Intercept article focuses on the growth in U.S. government databases of known or suspected terrorist names during the Obama administration. <p>The article cites documents prepared by the National Counterterrorism Center dated August 2013, which is after Snowden left the United States to avoid criminal charges.</p> <p>Greenwald has suggested there was another leaker. In July, he said on Twitter "it seems clear at this point" that there was another.</p></blockquote> <p>Everyone's miscounting. This is the third leaker:</p> <ul><li>Leaker #1: Edward Snowden. <p><li>Leaker #2: The person that is passing secrets to Jake Appelbaum, Laura Poitras and others in Germany: the <a href="http://www.spiegel.de/international/germany/gchq-and-nsa-targeted-private-german-companies-a-961444.html">Angela Merkle surveillance story</a>, the <a href="http://leaksource.info/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware/">TAO catalog</a>, the X-KEYSCORE <a href="https://www.schneier.com/blog/archives/2014/07/nsa_targets_pri.html">rules</a>. My guess is that this is either an NSA employee or contractor working in Germany, or someone from German intelligence who has access to NSA documents.</p> <p><li>Leaker #3: This new leaker, who <i>The Intercept</i> calls "a source in the intelligence community."</ul> <p>Harvard Law School professor Yochai Benkler has written an excellent law-review article on the need for a <a href="http://benkler.org/Benkler_Whistleblowerdefense_Prepub.pdf">whistleblower defense</a>. And there's <a href="http://harvardlawreview.org/2013/12/the-leaky-leviathan-why-the-government-condemns-and-condones-unlawful-disclosures-of-information/">this excellent article</a> by David Pozen on why government leaks are, in general, a good thing.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5912The hidden perils of cookie syncinghttps://freedom-to-tinker.com/blog/englehardt/the-hidden-perils-of-cookie-syncing/https://freedom-to-tinker.com/?p=10264Thu, 07 Aug 2014 06:29:00 -0400http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10264Monkey Selfie Lands Photographer in Legal Quagmirehttp://lightbox.time.com/2014/08/06/monkey-selfie/http://lightbox.time.com/?p=100488Wed, 06 Aug 2014 17:01:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D100488Bible left in North Korean sailor's club triggered U.S. tourist's arresthttp://feeds.reuters.com/~r/Reuters/worldNews/~3/Q1OrixsPwEQ/story01.htmhttp://www.reuters.com/article/2014/08/02/us-northkorea-usa-idUSKBN0G200W20140802?feedType=RSS&amp;feedName=worldNewsFri, 01 Aug 2014 23:09:00 -0400SEOUL (Reuters) - American tourist Jeffrey Fowle was arrested by North Korean authorities for leaving a bible under a bin in the toilet at a club for foreign sailors, a source familiar with Fowle's case told Reuters.<img width="1" height="1" src="http://reuters.us.feedsportal.com/c/35217/f/654198/s/3d1b93c7/sc/8/mf.gif" border="0" /><br clear='all'/><br/><br/><a href="http://da.feedsportal.com/r/204366115534/u/49/f/654198/c/35217/s/3d1b93c7/sc/8/rc/1/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/204366115534/u/49/f/654198/c/35217/s/3d1b93c7/sc/8/rc/1/rc.img" border="0" /></a><br/><a href="http://da.feedsportal.com/r/204366115534/u/49/f/654198/c/35217/s/3d1b93c7/sc/8/rc/2/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/204366115534/u/49/f/654198/c/35217/s/3d1b93c7/sc/8/rc/2/rc.img" border="0" /></a><br/><a href="http://da.feedsportal.com/r/204366115534/u/49/f/654198/c/35217/s/3d1b93c7/sc/8/rc/3/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/204366115534/u/49/f/654198/c/35217/s/3d1b93c7/sc/8/rc/3/rc.img" border="0" /></a><br/><br/><a href="http://da.feedsportal.com/r/204366115534/u/49/f/654198/c/35217/s/3d1b93c7/sc/8/a2.htm"><img src="http://da.feedsportal.com/r/204366115534/u/49/f/654198/c/35217/s/3d1b93c7/sc/8/a2.img" border="0" /></a><img width="1" height="1" src="http://pi.feedsportal.com/r/204366115534/u/49/f/654198/c/35217/s/3d1b93c7/sc/8/a2t.img" border="0" /><div> <a href="http://feeds.reuters.com/~ff/Reuters/worldNews?a=Q1OrixsPwEQ:GanNsfcsuOU:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/Reuters/worldNews?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/Reuters/worldNews?a=Q1OrixsPwEQ:GanNsfcsuOU:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Reuters/worldNews?i=Q1OrixsPwEQ:GanNsfcsuOU:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/Reuters/worldNews?a=Q1OrixsPwEQ:GanNsfcsuOU:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Reuters/worldNews?i=Q1OrixsPwEQ:GanNsfcsuOU:V_sGLiPBpWU" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Reuters/worldNews/~4/Q1OrixsPwEQ" height="1" width="1" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2FReuters%2FworldNews&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2014%2F08%2F02%2Fus-northkorea-usa-idUSKBN0G200W20140802%3FfeedType%3DRSS%26amp%3BfeedName%3DworldNewsThe NSA's Patentshttps://www.schneier.com/blog/archives/2014/08/the_nsas_patent.htmltag:www.schneier.com,2014:/blog//2.5907Fri, 01 Aug 2014 07:54:00 -0400<p><a href="http://complex.foreignpolicy.com/posts/2014/07/30/the_nsas_patents_in_one_searchable_database_0">Here</a> are all the NSA's patents, in one searchable database.</p> <p>If you find something good, tell us all in the comments.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5907Why were CERT researchers attacking Tor?https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/https://freedom-to-tinker.com/?p=10247Thu, 31 Jul 2014 13:18:00 -0400<p>Yesterday the Tor Project issued an <a href="https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack">advisory</a> describing a large-scale identification attack on Tor hidden services. The attack started on January 30 and ended when Tor ejected the attackers on July 4. It appears that this attack was the subject of a Black Hat talk that was <a href="https://www.blackhat.com/latestintel/07212014-a-schedule-update.html">canceled</a> abruptly.</p> <p>These attacks raise serious questions about research ethics and institutional responsibilities.<br /> <span></span></p> <p>Let&#8217;s review the timeline as we know it (all dates in 2014):</p> <ul> <li>30 January: 155 new machines join the Tor network as relays, carrying out an ongoing, novel identification attack against Tor hidden services.</li> <li>18 February &#8211; 4 April: Researchers at CERT (part of the Software Engineering Institute at Carnegie Mellon University) submit a presentation proposal to Black Hat, proposing to discuss a new identification attack on Tor.</li> <li>sometime March &#8211; May: Tor Project learns of the research and seeks information from the researchers, who decline to give details. Over time the researchers give a few hints to the Tor Project but withhold most of what they know. The attack continues.</li> <li>early June: Black Hat accepts the presentation and posts an <a href="https://web.archive.org/web/20140705114447/http%3A//blackhat.com/us-14/briefings.html">abstract</a> of the research, referencing the vulnerability and saying the researchers had carried out the attack in the wild.</li> <li>4 July: Tor Project discovers the ongoing attack, ejects the attacking relays from the Tor network, and starts developing a software fix to prevent the attack. The discovery was aided by some hints that the Tor team was able to extract from the researchers.</li> <li>21 July: Black Hat announces cancellation of the scheduled presentation, saying that &#8220;the materials that he would be speaking about have not yet approved by CMU/SEI for public release.&#8221;</li> <li>30 July: Tor Project releases a software update to fix the vulnerability, along with a detailed technical discussion of the attack. Tor Project is still unsure as to whether the attacks they saw were carried out by the CERT researchers, though this seems likely given the similarities between the attacks and the researchers&#8217; presentation abstract.</li> </ul> <p>This story raises some serious questions of research ethics. I&#8217;m hard pressed to think of previous examples where legitimate researchers carried out a large scale attack lasting for months that aimed to undermine the security of real users. That in itself is ethically problematic at least. The waters get even darker when we consider the data that the researchers might have gathered&#8212;data that would undermine the security of Tor users. Did the researchers gather and keep this data? With whom have they shared it? If they still have it, what are they doing to protect it? CERT, SEI, and CMU are not talking.</p> <p>The role of CERT in this story deserves special attention. CERT was set up in the aftermath of the <a href="https://en.wikipedia.org/wiki/Morris_worm">Morris Worm</a> as a clearinghouse for vulnerability information. The purpose of CERT was to (1) prevent attacks by (2) channeling vulnerability information to vendors and eventually (3) informing the public. Yet here, CERT staff (1) carried out a large-scale, long-lasting attack while (2) withholding vulnerability information from the vendor, and now, even after the vulnerability has been fixed, (3) withholding the same information from the public.</p> <p>So CERT has some explaining to do. While they&#8217;re at it, they ought to explain what their researchers did, what data was collected and when, and who has the data now. It&#8217;s too late to cover up what happened; now it&#8217;s time for CERT to give us some answers.</p>http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10247Debit Card Override Hackhttps://www.schneier.com/blog/archives/2014/07/debit_card_over.htmltag:www.schneier.com,2014:/blog//2.5905Thu, 31 Jul 2014 07:55:00 -0400<p><a href="http://www.businessinsider.com/sharron-laverne-parrish-jr-charged-with-apple-credit-card-scam-2014-7">Clever</a>:</p> <blockquote><p>Parrish allegedly visited Apple Stores and tried to buy products with four different debit cards, which were all closed by his respective financial institutions. When his debit card was inevitably declined by the Apple Store, he would protest and offer to call his bank -- except, he wasn?t really calling his bank. <p>So, the complaint says, he would offer the Apple Store employees a fake authorization code with a certain number of digits, which is normally provided by credit card issuers to create a record of the credit or debit override.</p></blockquote> <p>Now that this trick is public, how long before stores stop accepting these authorization codes altogether? I'll be that fixing the infrastructure will be expensive.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.59051914 ? 1918: The War Years in Photographshttp://lightbox.time.com/2014/07/28/1914-1918-the-war-years-in-photographs/http://lightbox.time.com/?p=99741Mon, 28 Jul 2014 04:00:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D99741Inside Bangladesh?s Cheap Cigarette Factorieshttp://lightbox.time.com/2014/07/24/bangladesh-cigarette-factories/http://lightbox.time.com/?p=97868Thu, 24 Jul 2014 04:30:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D97868Making the end of your internship counthttp://dandreamsofcoding.com/2014/07/21/making-the-end-of-your-internship-count/http://dandreamsofcoding.com/?p=1986Mon, 21 Jul 2014 09:51:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fdandreamsofcoding.com%2Ffeed%2F&entry=http%3A%2F%2Fdandreamsofcoding.com%2F%3Fp%3D1986Malaysia Airlines Ukraine Crash: ?Unreal? Scenes from Photographer Jerome Sessinihttp://lightbox.time.com/2014/07/18/malaysia-airline-ukraine-crash-jerome-sessini/http://lightbox.time.com/?p=99445Fri, 18 Jul 2014 14:35:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Flightbox.time.com%2Ffeed%2F&entry=http%3A%2F%2Flightbox.time.com%2F%3Fp%3D99445EFF, ACLU Join Idaho Mom?s Legal Challenge to NSA Surveillancehttps://www.eff.org/press/releases/eff-aclu-join-idaho-moms-legal-challenge-nsa-surveillance81404 at https://www.eff.orgWed, 16 Jul 2014 11:58:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.eff.org%2Frss%2Fupdates.xml&entry=81404+at+https%3A%2F%2Fwww.eff.orgA Scanner Darkly: Protecting User Privacy from Perceptual Applicationshttps://freedom-to-tinker.com/blog/shmat/a-scanner-darkly-protecting-user-privacy-from-perceptual-applications/https://freedom-to-tinker.com/?p=10174Wed, 16 Jul 2014 11:57:00 -0400http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10174Government: Unemployed person = helpless victim or lazy criminal, as situation demandshttp://blogs.law.harvard.edu/philg/2014/07/15/government-unemployed-person-helpless-victim-or-lazy-criminal-as-situation-demands/http://blogs.law.harvard.edu/philg/?p=6195Tue, 15 Jul 2014 21:20:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D6195Risks of Keyloggers on Public Computershttps://www.schneier.com/blog/archives/2014/07/risks_of_keylog.htmltag:www.schneier.com,2014:/blog//2.5891Tue, 15 Jul 2014 15:30:00 -0400<p>Brian Krebs is <a href="https://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/">reporting</a> that:</p> <blockquote><p>The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.</p></blockquote> <p>It's actually a very hard problem to solve. The adversary can have unrestricted access to the computer, especially hotel business center computers that are often tucked away where no one else is looking. I assume that if someone has physical access to my computer, he can own it. This is doubly true if he has hardware access.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5891Legal Attacks Against Torhttps://www.schneier.com/blog/archives/2014/07/the_war_against.htmltag:www.schneier.com,2014:/blog//2.5888Tue, 15 Jul 2014 07:13:00 -0400<p>Last week, we <a href="https://www.schneier.com/blog/archives/2014/07/nsa_targets_pri.html">learned</a> that the NSA targets people who look for information about Tor. A few days later, the operator of a Tor exit node in Austria has been <a href="https://www.techdirt.com/articles/20140701/18013327753/tor-nodes-declared-illegal-austria.shtml">found guilty</a> as an accomplice, because someone used his computer to transmit child porn. Even more recently, Tor has been <a href="https://www.scribd.com/fullscreen/233081133?access_key=key-WFujAqEI3BioFxNO43R3">named</a> as a defendant in a revenge-porn suit in Texas because it provides web-porn operators with privacy.</p> <p>Here's the EFF: "<a href="https://www.eff.org/deeplinks/2014/07/7-things-you-should-know-about-tor">Seven Things You Should Know About Tor</a>."</p> <p><br /> </p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2014%3A%2Fblog%2F%2F2.5888