m Quec.lim's republished posts.http://quec.li/~m /Why are the stories about U.S. corporate tax avoidance about corporate greed rather than non-corporate greed?http://blogs.law.harvard.edu/philg/2015/04/19/why-are-the-stories-about-u-s-corporate-tax-avoidance-about-corporate-greed-rather-than-non-corporate-greed/http://blogs.law.harvard.edu/philg/?p=7351Sun, 19 Apr 2015 12:11:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D7351Universities are doing what they say: Discriminating against white and Asian menhttp://blogs.law.harvard.edu/philg/2015/04/17/universities-are-doing-what-they-say-discriminating-against-white-and-asian-men/http://blogs.law.harvard.edu/philg/?p=7362Fri, 17 Apr 2015 12:20:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D7362First color photos of Pluto, Charon snapped by New Horizons probehttp://go.theregister.com/feed/www.theregister.co.uk/2015/04/15/new_horizons_first_color_pluto_and_charon/tag:theregister.co.uk,2005:story/2015/04/15/new_horizons_first_color_pluto_and_charon/Wed, 15 Apr 2015 15:26:00 -0400<strong>m</strong>: <em>"They were snapped by the probe's 6cm telescope, called Ralph?"<br /> </em><h4>NASA craft flies three billion miles ? and someone forgot to focus</h4> <p><strong>Pic</strong> NASA's New Horizons spacecraft has sent back the first true color images of Pluto and its largest moon Charon. The probe is, right now, speeding towards the dwarf planet at four kilometres a second (8,950 MPH).?</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.theregister.co.uk%2Fheadlines.rss&entry=tag%3Atheregister.co.uk%2C2005%3Astory%2F2015%2F04%2F15%2Fnew_horizons_first_color_pluto_and_charon%2FAlternatives to the FBI's Manufacturing of Terroristshttps://www.schneier.com/blog/archives/2015/04/alternatives_to.htmltag:www.schneier.com,2015:/blog//2.6956Fri, 10 Apr 2015 11:33:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6956Attacking Researchers Who Expose Voting Vulnerabilitieshttps://www.schneier.com/blog/archives/2015/04/attacking_resea.htmltag:www.schneier.com,2015:/blog//2.6954Thu, 09 Apr 2015 07:45:00 -0400<p>Researchers found <a href="https://www.eff.org/deeplinks/2015/04/new-south-wales-attacks-researchers-who-warned-internet-voting-vulnerabilities">voting-system flaws</a> in New South Wales, and were attacked by voting officials and the company that made the machines.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6954Walter Scott: at odds with the law prior to being murdered by the policehttp://blogs.law.harvard.edu/philg/2015/04/08/walter-scott-at-odds-with-the-law-prior-to-being-murdered-by-the-police/http://blogs.law.harvard.edu/philg/?p=7321Wed, 08 Apr 2015 23:11:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D7321New York-area police officer life in novels versus realityhttp://blogs.law.harvard.edu/philg/2015/04/08/new-york-area-police-officer-life-in-novels-versus-reality/http://blogs.law.harvard.edu/philg/?p=7177Wed, 08 Apr 2015 12:35:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D7177Cell Phone Opsechttps://www.schneier.com/blog/archives/2015/04/cell_phone_opse.htmltag:www.schneier.com,2015:/blog//2.6950Tue, 07 Apr 2015 10:27:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6950matt [wronka.org] Unicomp != Model Mhttp://quec.es/org.wronka/matt/2015/04/07/Tue, 07 Apr 2015 12:53:06 +0000;matt [wronka.org]Tue, 07 Apr 2015 08:53:00 -0400I would like to second the statement in this thread: <a href="https://www.physicsforums.com/threads/do-not-buy-a-unicomp-keyboard.613424/">https://www.physicsforums.com/threads/do-not-buy-a-unicomp-keyboard.613424/</a><br /> <br /> I bought a <a href="http://quec.es/t/unicomp/">Unicomp</a> keyboard because my wife wanted a standard shape (e.g. not like my preferred <a href="http://quec.es/t/kinesis/">Kinesis</a> <a href="http://quec.es/t/advantage/">Advantage</a>) keyboard and I wanted a mechanicle keyboard that would plug into a <a href="http://quec.es/t/usb/">USB</a>-only (non-PS/2) <a href="http://quec.es/t/nuc/">NUC</a>. <a href="http://quec.es/t/immediately/">Immediately</a> there were issues with keybaord not being recognized at all. <a href="http://quec.es/t/that/">That</a>'s ok, every company has some defective units, I sent it back and got the keyboard back fairly quickly (it now has a &quot;repaired by <a href="http://quec.es/t/unicomp/">Unicomp</a>&quot; sticker labeled <a href="http://quec.es/t/june/">June</a> 2013 next to it's manufactured-on <a href="http://quec.es/t/april/">April</a> 2013 sticker).<br /> <br /> Two years after it was manufactured it started behaving oddly. The return consists of two pressure triggers, if the left side is the one you happen to hit, it triggers both the slash/pipe ('/') key and then the return key. My initial thought was that there was something physically connecting the two adjacent keys, but after removing the keys and examining the board superficially, everything seems fine. <a href="http://quec.es/t/trying/">Trying</a> with a different computer resulted in the same issue. A few days later, a few keys stopped responding entirely.<br /> <br /> A keyboard failing within two years is sad; I'm currently typing on the same <a href="http://quec.es/t/kinesis/">Kinesis</a> keyboard I've used five-days a week for over seven years and functions flawlessly. I've got PS/2 and AT keyboards that still work from the 1980s.. <a href="http://quec.es/t/unicomp/">Unicomp</a> charges between $30-$90 for repair of a keyboard outside warranty (plus shipping) which seems like more hassle than it's worth considering this thing's already been back to them, and even then has the annoying habbit of not being recognized if plugged-in during computer boot.http://quec.li/EntryComments?feed=http%3A%2F%2Fquec.es%2Forg.wronka%2Fmatt%2Fsynd%2F&entry=Tue%2C+07+Apr+2015+12%3A53%3A06+%2B0000%3Bmatt+%5Bwronka.org%5DTrueCrypt Security Audit Completedhttps://www.schneier.com/blog/archives/2015/04/truecrypt_secur.htmltag:www.schneier.com,2015:/blog//2.6947Fri, 03 Apr 2015 14:14:00 -0400<p>The security audit of the TrueCrypt code has been <a href="https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf">completed</a> (see <a href="https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf">here</a> for the first phase of the audit), and the <a href="https://www.schneier.com/blog/arstechnica.com/security/2015/04/truecrypt-security-audit-is-good-news-so-why-all-the-glum-faces/">results</a> <a href="http://www.theregister.co.uk/2015/04/02/truecrypt_security_audit/">are</a> <a href="http://betanews.com/2015/04/03/truecrypt-doesnt-contain-nsa-backdoors/">good</a>. Some issues were found, but nothing major.</p> <p>From <a href="http://blog.cryptographyengineering.com/2015/04/truecrypt-report.html">Matthew Green</a>, who is leading the project:</p> <blockquote><p>The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances. <p>That doesn't mean Truecrypt is perfect. The auditors <i>did</i> find a few glitches and some incautious programming -- leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we'd like it to. </p></blockquote> <p>Nothing that would make me not use the program, though.</p> <p>Slashdot <a href="http://it.slashdot.org/story/15/04/03/1223216/truecrypt-audit-no-nsa-backdoors">thread</a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6947matt [wronka.org]http://quec.es/org.wronka/matt/2015/04/01/Wed, 01 Apr 2015 17:31:10 +0000;matt [wronka.org]Wed, 01 Apr 2015 13:31:00 -0400The custom error module does not recognize this error.http://quec.li/EntryComments?feed=http%3A%2F%2Fquec.es%2Forg.wronka%2Fmatt%2Fsynd%2F&entry=Wed%2C+01+Apr+2015+17%3A31%3A10+%2B0000%3Bmatt+%5Bwronka.org%5DSurvey of Americans' Privacy Habits Post-Snowdenhttps://www.schneier.com/blog/archives/2015/03/survey_of_ameri.htmltag:www.schneier.com,2015:/blog//2.6939Tue, 31 Mar 2015 15:49:00 -0400<p>Pew Research has a <a href="http://www.pewinternet.org/2015/03/16/Americans-Privacy-Strategies-Post-Snowden/">new survey</a> on Americans' privacy habits in a post-Snowden world.</p> <blockquote><p>The 87% of those who had heard at least something about the programs were asked follow-up questions about their own behaviors and privacy strategies: <p>34% of those who are aware of the surveillance programs (30% of all adults) have taken at least one step to hide or shield their information from the government. For instance, 17% changed their privacy settings on social media; 15% use social media less often; 15% have avoided certain apps and 13% have uninstalled apps; 14% say they speak more in person instead of communicating online or on the phone; and 13% have avoided using certain terms in online communications.</p> <p>[...]</p> <p>25% of those who are aware of the surveillance programs (22% of all adults) say they have changed the patterns of their own use of various technological platforms "a great deal" or "somewhat" since the Snowden revelations. For instance, 18% say they have changed the way they use email "a great deal" or "somewhat"; 17% have changed the way they use search engines; 15% say they have changed the way they use social media sites such as Twitter and Facebook; and 15% have changed the way they use their cell phones.</p></blockquote> <p>Also interesting are the people who have not changed their behavior because they're afraid that it would lead to <i>more</i> surveillance. From pages 22-23 of the <a href="http://www.pewinternet.org/files/2015/03/PI_AmericansPrivacyStrategies_0316151.pdf%20">report</a>:</p> <blockquote><p>Still, others said they avoid taking more advanced privacy measures because they believe that taking such measures could make them appear suspicious: <blockquote><p>"There's no point in inviting scrutiny if it's not necessary." <p>"I didn't significantly change anything. It's more like trying to avoid anything questionable, so as not to be scrutinized unnecessarily.</p> <p>"[I] don't want them misunderstanding something and investigating me."</p></blockquote></p></blockquote> <p>There's also data about how Americans feel about government surveillance:</p> <blockquote><p>This survey asked the 87% of respondents who had heard about the surveillance programs: "As you have watched the developments in news stories about government monitoring programs over recent months, would you say that you have become more confident or less confident that the programs are serving the public interest?" Some 61% of them say they have become less confident the surveillance efforts are serving the public interest after they have watched news and other developments in recent months and 37% say they have become more confident the programs serve the public interest. Republicans and those leaning Republican are more likely than Democrats and those leaning Democratic to say they are losing confidence (70% vs. 55%). <p>Moreover, there is a striking divide among citizens over whether the courts are doing a good job balancing the needs of law enforcement and intelligence agencies with citizens' right to privacy: 48% say courts and judges are balancing those interests, while 49% say they are not.</p> <p>At the same time, the public generally believes it is acceptable for the government to monitor many others, including foreign citizens, foreign leaders, and American leaders:</p> <ul><li>82% say it is acceptable to monitor communications of suspected terrorists <li>60% believe it is acceptable to monitor the communications of American leaders. <li>60% think it is okay to monitor the communications of foreign leaders <li>54% say it is acceptable to monitor communications from foreign citizens</ul> <p>Yet, 57% say it is unacceptable for the government to monitor the communications of U.S. citizens. At the same time, majorities support monitoring of those particular individuals who use words like "explosives" and "automatic weapons" in their search engine queries (65% say that) and those who visit anti-American websites (67% say that).</p> <p>[...]</p> <p>Overall, 52% describe themselves as "very concerned" or "somewhat concerned" about government surveillance of Americans' data and electronic communications, compared with 46% who describe themselves as "not very concerned" or "not at all concerned" about the surveillance.</p></blockquote> <p>It's worth reading these results in detail. Overall, these numbers are consistent with a <a href="https://www.schneier.com/blog/archives/2014/12/over_700_millio.html">worldwide</a> survey from December. The press is spinning this as "<a href="http://www.npr.org/2015/03/16/393403197/most-americans-behavior-unchanged-after-snowden-revelations-study-finds">Most Americans' behavior unchanged after Snowden revelations, study finds</a>," but I see something very different. I see a sizable percentage of Americans not only concerned about government surveillance, but actively doing something about it. "<a href="http://www.usatoday.com/story/news/politics/2015/03/16/government-surveillance-privacy-pew-poll/70277338/">Third of Americans shield data from government</a>." Edward Snowden's goal was to start a national dialog about government surveillance, and these surveys show that he has succeeded in doing exactly that.</p> <p><a href="http://www.pbs.org/mediashift/2015/03/pew-survey-snowden-leaks-are-affecting-the-way-americans-view-privacy/">More</a> <a href="http://www.washingtonpost.com/news/morning-mix/wp/2015/03/17/after-edward-snowden-few-have-made-changes-to-protect-their-privacy/">news</a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6939Chinese CA Issuing Fraudulent Certificateshttps://www.schneier.com/blog/archives/2015/03/chinese_ca_issu.htmltag:www.schneier.com,2015:/blog//2.6931Tue, 31 Mar 2015 13:42:00 -0400<p>There's a Chinese CA that's issuing <a href="http://it.slashdot.org/story/15/03/24/1730232/chinese-ca-issues-certificates-to-impersonate-google">fraudulent Google certificates</a>. Yet another example of why the CA model is so broken.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6931Brute-Forcing iPhone PINshttps://www.schneier.com/blog/archives/2015/03/brute-forcing_i.htmltag:www.schneier.com,2015:/blog//2.6930Mon, 30 Mar 2015 07:47:00 -0400<p><a href="https://nakedsecurity.sophos.com/2015/03/17/black-box-brouhaha-breaks-out-over-brute-forcing-of-iphone-pin-lock/">This</a> is a clever attack, using a black box that attaches to the iPhone via USB:</p> <blockquote><p>As you know, an iPhone keeps a count of how many wrong PINs have been entered, in case you have turned on the <tt>Erase Data</tt> option on the <tt>Settings | Touch ID & Passcode</tt> screen. <p>That's a highly-recommended option, because it wipes your device after 10 passcode mistakes.</p> <p>Even if you only set a 4-digit PIN, that gives a crook who steals your phone just a 10 in 10,000 chance, or 0.1%, of guessing your unlock code in time.</p> <p>But this Black Box has a trick up its cable.</p> <p>Apparently, the device uses a light sensor to work out, from the change in screen intensity, when it has got the right PIN.</p> <p>In other words, it also knows when it gets the PIN wrong, as it will most of the time, so it can kill the power to your iPhone when that happens.</p> <p>And the power-down happens quickly enough (it seems you need to open up the iPhone and bypass the battery so you can power the device entirely via the USB cable) that your iPhone doesn't have time to subtract one from the "PIN guesses remaining" counter stored on the device. </p></blockquote> <p>Because every set of wrong guesses requires a reboot, the process takes about five days. Still, a very clever attack.</p> <p>More <a href="http://blog.mdsec.co.uk/2015/03/bruteforcing-ios-screenlock.html">details</a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6930Germanwings Tragedy: How to protect against mentally ill pilots?http://blogs.law.harvard.edu/philg/2015/03/28/germanwings-tragedy-how-to-protect-against-mentally-ill-pilots/http://blogs.law.harvard.edu/philg/?p=7196Sat, 28 Mar 2015 01:14:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2Ffeed%2F&entry=http%3A%2F%2Fblogs.law.harvard.edu%2Fphilg%2F%3Fp%3D7196Torn-up sick notes show crash pilot should have been groundedhttp://feeds.reuters.com/~r/Reuters/worldNews/~3/VWiYgbSk9mg/story01.htmhttp://www.reuters.com/article/2015/03/28/us-france-crash-idUSKBN0MN11N20150328?feedType=RSS&amp;feedName=worldNewsSat, 28 Mar 2015 00:01:00 -0400DUESSELDORF, Germany (Reuters) - German authorities said on Friday they had found torn-up sick notes showing that the pilot who crashed a plane into the French Alps was suffering from an illness that should have grounded him on the day of the tragedy.<img width="1" height="1" src="http://reuters.us.feedsportal.com/c/35217/f/654198/s/44e116df/sc/6/mf.gif" border="0" /><br clear='all'/><div> <a href="http://feeds.reuters.com/~ff/Reuters/worldNews?a=VWiYgbSk9mg:2DTZQdQ75bs:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/Reuters/worldNews?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/Reuters/worldNews?a=VWiYgbSk9mg:2DTZQdQ75bs:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Reuters/worldNews?i=VWiYgbSk9mg:2DTZQdQ75bs:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.reuters.com/~ff/Reuters/worldNews?a=VWiYgbSk9mg:2DTZQdQ75bs:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Reuters/worldNews?i=VWiYgbSk9mg:2DTZQdQ75bs:V_sGLiPBpWU" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Reuters/worldNews/~4/VWiYgbSk9mg" height="1" width="1" alt="" />http://quec.li/EntryComments?feed=http%3A%2F%2Ffeeds.reuters.com%2FReuters%2FworldNews&entry=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2015%2F03%2F28%2Fus-france-crash-idUSKBN0MN11N20150328%3FfeedType%3DRSS%26amp%3BfeedName%3DworldNewsBe wary of one-time pads and other crypto unicornshttps://freedom-to-tinker.com/blog/jbonneau/be-wary-of-one-time-pads-and-other-crypto-unicorns/https://freedom-to-tinker.com/?p=10967Wed, 25 Mar 2015 18:53:00 -0400http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10967Why Your Netflix Traffic is Slow, and Why the Open Internet Order Won?t (Necessarily) Make It Fasterhttps://freedom-to-tinker.com/blog/feamster/why-your-netflix-traffic-is-slow-and-why-the-open-internet-order-wont-necessarily-make-it-faster/https://freedom-to-tinker.com/?p=10856Wed, 25 Mar 2015 07:07:00 -0400The FCC recently released the Open Internet Order, which has much to say about &#8220;net neutrality&#8221; whether (and in what circumstances) an Internet service provider is permitted to prioritize traffic. I&#8217;ll leave more detailed thoughts on the order itself to future posts; in this post, I would like to clarify what seems to be a [&#8230;]http://quec.li/EntryComments?feed=https%3A%2F%2Ffreedom-to-tinker.com%2Frss.xml%3Ffeed%3Drss2&entry=https%3A%2F%2Ffreedom-to-tinker.com%2F%3Fp%3D10856Reforming the FISA Courthttps://www.schneier.com/blog/archives/2015/03/reforming_the_f.htmltag:www.schneier.com,2015:/blog//2.6894Tue, 24 Mar 2015 10:04:00 -0400<p>The Brennan Center has a <a href="https://www.brennancenter.org/publication/what-went-wrong-fisa-court">long report</a> on what's wrong with the FISA Court and how to fix it.</p> <blockquote><p>At the time of its creation, many lawmakers saw constitutional problems in a court that operated in total secrecy and outside the normal "adversarial" process.... But the majority of Congress was reassured by similarities between FISA Court proceedings and the hearings that take place when the government seeks a search warrant in a criminal investigation. Moreover, the rules governing who could be targeted for "foreign intelligence" purposes were narrow enough to mitigate concerns that the FISA Court process might be used to suppress political dissent in the U.S. -- or to avoid the stricter standards that apply in domestic criminal cases. <p>In the years since then, however, changes in technology and the law have altered the constitutional calculus. Technological advances have revolutionized communications. People are communicating at a scale unimaginable just a few years ago. International phone calls, once difficult and expensive, are now as simple as flipping a light switch, and the Internet provides countless additional means of international communication. Globalization makes such exchanges as necessary as they are easy. As a result of these changes, the amount of information about Americans that the NSA intercepts, even when targeting foreigners overseas, has exploded.</p> <p>Instead of increasing safeguards for Americans' privacy as technology advances, the law has evolved in the opposite direction since 9/11.... While surveillance involving Americans previously required individualized court orders, it now happens through massive collection programs...involving no case-by-case judicial review. The pool of permissible targets is no longer limited to foreign powers -- such as foreign governments or terrorist groups -- and their agents. Furthermore, the government may invoke the FISA Court process even if its primary purpose is to gather evidence for a domestic criminal prosecution rather than to thwart foreign threats.</p> <p>...[T]hese developments...have had a profound effect on the role exercised by the FISA Court. They have caused the court to veer off course, departing from its traditional role of ensuring that the government has sufficient cause to intercept communications or obtain records in particular cases and instead authorizing broad surveillance programs. It is questionable whether the court's new role comports with Article III of the Constitution, which mandates that courts must adjudicate concrete disputes rather than issuing advisory opinions on abstract questions. The constitutional infirmity is compounded by the fact that the court generally hears only from the government, while the people whose communications are intercepted have no meaningful opportunity to challenge the surveillance, even after the fact.</p> <p>Moreover, under current law, the FISA Court does not provide the check on executive action that the Fourth Amendment demands. Interception of communications generally requires the government to obtain a warrant based on probable cause of criminal activity. Although some courts have held that a traditional warrant is not needed to collect foreign intelligence, they have imposed strict limits on the scope of such surveillance and have emphasized the importance of close judicial scrutiny in policing these limits. The FISA Court's minimal involvement in overseeing programmatic surveillance does not meet these constitutional standards.</p> <p>[...]</p> <p>Fundamental changes are needed to fix these flaws. Congress should end programmatic surveillance and require the government to obtain judicial approval whenever it seeks to obtain communications or information involving Americans. It should shore up the Article III soundness of the FISA Court by ensuring that the interests of those affected by surveillance are represented in court proceedings, increasing transparency, and facilitating the ability of affected individuals to challenge surveillance programs in regular federal courts. Finally, Congress should address additional Fourth Amendment concerns by narrowing the permissible scope of "foreign intelligence surveillance" and ensuring that it cannot be used as an end-run around the constitutional standards for criminal investigations. </p></blockquote> <p>Just Security <a href="http://justsecurity.org/21282/reforming-fisa-court/#more-21282">post</a> -- where I copied the above excerpt. Lawfare <a href="http://www.lawfareblog.com/2015/03/brennan-center-report-on-what-went-wrong-with-the-fisa-court/">post</a>. </p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6894BIOS Hackinghttps://www.schneier.com/blog/archives/2015/03/bios_hacking.htmltag:www.schneier.com,2015:/blog//2.6888Mon, 23 Mar 2015 08:07:00 -0400<p>We've learned a lot about the NSA's <a href="http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html">abilities</a> to hack a computer's BIOS so that the hack <a href="https://www.schneier.com/blog/archives/2015/02/the_equation_gr.html">survives reinstalling the OS</a>. Now we have a research presentation about it.</p> <p>From <a href="http://www.wired.com/2015/03/researchers-uncover-way-hack-bios-undermine-secure-operating-systems/">Wired</a>:</p> <blockquote><p>The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computer's operating system were wiped and re-installed. <p>[...]</p> <p>Although most BIOS have protections to prevent unauthorized modifications, the researchers were able to bypass these to reflash the BIOS and implant their malicious code.</p> <p>[...]</p> <p>Because many BIOS share some of the same code, they were able to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo and HP. The vulnerabilities, which they're calling incursion vulnerabilities, were so easy to find that they wrote a script to automate the process and eventually stopped counting the vulns it uncovered because there were too many.</p> <p>From <a href="https://threatpost.com/new-bios-implant-vulnerability-discovery-tool-to-debut-at-cansecwest/111710">ThreatPost</a>:</p> <blockquote><p>Kallenberg said an attacker would need to already have remote access to a compromised computer in order to execute the implant and elevate privileges on the machine through the hardware. Their exploit turns down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed. <p>The devious part of their exploit is that they've found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure operating systems such as Tails in the line of fire of the implant.</p></blockquote> <p>From the <a href="http://www.theregister.co.uk/2015/03/19/cansecwest_talk_bioses_hack/">Register</a>:</p> <blockquote><p>"Because almost no one patches their BIOSes, almost every BIOS in the wild is affected by at least one vulnerability, and can be infected," Kopvah says. <p>"The high amount of code reuse across UEFI BIOSes means that BIOS infection can be automatic and reliable.</p> <p>"The point is less about how vendors don't fix the problems, and more how the vendors' fixes are going un-applied by users, corporations, and governments."</p></blockquote> <p>From <a href="http://www.forbes.com/sites/thomasbrewster/2015/03/18/hacking-tails-with-rootkits/">Forbes</a>:</p> <blockquote><p>Though such "voodoo" hacking will likely remain a tool in the arsenal of intelligence and military agencies, it's getting easier, Kallenberg and Kovah believe. This is in part due to the widespread adoption of UEFI, a framework that makes it easier for the vendors along the manufacturing chain to add modules and tinker with the code. That's proven useful for the good guys, but also made it simpler for researchers to inspect the BIOS, find holes and create tools that find problems, allowing Kallenberg and Kovah to show off exploits across different PCs. In the demo to FORBES, an HP PC was used to carry out an attack on an ASUS machine. Kovah claimed that in tests across different PCs, he was able to find and exploit BIOS vulnerabilities across 80 per cent of machines he had access to and he could find flaws in the remaining 10 per cent. <p>"There are protections in place that are supposed to prevent you from flashing the BIOS and we've essentially automated a way to find vulnerabilities in this process to allow us to bypass them. It turns out bypassing the protections is pretty easy as well," added Kallenberg.</p></blockquote> <p>The NSA has a term for vulnerabilities it think are exclusive to it: NOBUS, for "nobody but us." Turns out that NOBUS is a flawed concept. As I <a href="https://www.schneier.com/book-dg.html">keep saying</a>: "Today's top-secret programs become tomorrow's PhD theses and the next day's hacker tools." By <a href="https://www.schneier.com/essays/archives/2014/05/internet_subversion.html">continuing to exploit</a> these vulnerabilities rather than fixing them, the NSA is keeping us all vulnerable.</p> <p>Two <a href="http://it.slashdot.org/story/15/03/22/0910241/lighteater-malware-attack-places-millions-of-unpatched-bioses-at-risk">Slashdot</a> <a href="http://it.slashdot.org/story/15/03/19/1319244/persistent-bios-rootkit-implant-to-debut-at-cansecwest">threads</a>. Hacker News <a href="https://news.ycombinator.com/item?id=9242305">thread</a>. Reddit <a href="https://www.reddit.com/r/linux/comments/2zo8g4/new_bios_implant_tool_debutting_at_cansecwest/">thread</a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6888Cisco Shipping Equipment to Fake Addresses to Foil NSA Interceptionhttps://www.schneier.com/blog/archives/2015/03/cisco_shipping_.htmltag:www.schneier.com,2015:/blog//2.6852Fri, 20 Mar 2015 07:56:00 -0400<p>Last May, we <a href="http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden">learned</a> that the NSA intercepts equipment being shipped around the world and installs eavesdropping implants. There were <a href="http://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/">photos</a> of NSA employees opening up a Cisco box. Cisco's CEO John Chambers personally <a href="http://www.docstoc.com/docs/170154030/Cisco-Chambers-to-POTUS-2014_05_15pdf">complained to President Obama</a> about this practice, which is not exactly a selling point for Cisco equipment abroad. <i>Der Spiegel</i> published the <a href="http://www.spiegel.de/media/media-35669.pdf">more complete document</a>, along with a <a href="http://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html">broader story</a>, in January of this year:</p> <blockquote><p>In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. The call back provided us access to further exploit the device and survey the network. Upon initiating the survey, SIGINT analysis from TAO/Requirements & Targeting determined that the implanted device was providing even greater access than we had hoped: We knew the devices were bound for the Syrian Telecommunications Establishment (STE) to be used as part of their internet backbone, but what we did not know was that STE's GSM (cellular) network was also using this backbone. Since the STE GSM network had never before been exploited, this new access represented a real coup.</p></blockquote> <p>Now Cisco is taking matters into its own hands, offering to <a href="http://www.theregister.co.uk/2015/03/18/want_to_dodge_nsa_supply_chain_taps_ask_cisco_for_a_dead_drop/">ship equipment to fake addresses</a> in an effort to avoid NSA interception.</p> <p>I don't think we have even begun to understand the long-term damage the NSA has done to the US tech industry.</p> <p>Slashdot <a href="http://hardware.slashdot.org/story/15/03/19/1453212/to-avoid-nsa-interception-cisco-will-ship-to-decoy-addresses">thread</a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6852How the CIA Might Target Apple's XCodehttps://www.schneier.com/blog/archives/2015/03/how_the_cia_mig.htmltag:www.schneier.com,2015:/blog//2.6836Mon, 16 Mar 2015 08:38:00 -0400<p>The Intercept recently posted a <a href="https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/">story</a> on the CIA's attempts to hack the iOS operating system. Most interesting was the speculation that they hacked XCode, which would mean that any apps developed using that tool would be compromised. </p> <blockquote><p>The security researchers also claimed they had created a modified version of Apple's proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple's App Store. <p>The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could "force all iOS applications to send embedded data to a listening post." It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.</p> <p>Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a "keylogger."</p></blockquote> <p>It's a classic application of Ken Thompson's classic 1984 paper, "<a href="http://cm.bell-labs.com/who/ken/trust.html">Reflections on Trusting Trust</a>," and a very nasty attack. Dan Wallach <a href="https://freedom-to-tinker.com/blog/dwallach/on-compromising-app-developers-to-go-after-their-users/">speculates</a> on how this might work.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6836KAL&#039;s cartoonhttp://www.economist.com/news/world-week/21646270-kals-cartoon?fsrc=rss%7Ctwthttp://www.economist.com/news/world-week/21646270-kals-cartoonThu, 12 Mar 2015 11:48:00 -0400http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.economist.com%2Frss%2Fthe_world_this_week_rss.xml&entry=http%3A%2F%2Fwww.economist.com%2Fnews%2Fworld-week%2F21646270-kals-cartoonHardware Bit-Flipping Attackhttps://www.schneier.com/blog/archives/2015/03/hardware_bit-fl.htmltag:www.schneier.com,2015:/blog//2.6824Wed, 11 Mar 2015 07:16:00 -0400<p>The Project Zero team at Google has <a href="http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html">posted</a> details of a new attack that targets a computer's' DRAM. It's called Rowhammer. Here's a <a href="http://www.wired.com/2015/03/google-hack-dram-memory-electric-leaks/">good description</a>:</p> <blockquote><p>Here's how Rowhammer gets its name: In the Dynamic Random Access Memory (DRAM) used in some laptops, a hacker can run a program designed to repeatedly access a certain row of transistors in the computer's memory, "hammering" it until the charge from that row leaks into the next row of memory. That electromagnetic leakage can cause what's known as "bit flipping," in which transistors in the neighboring row of memory have their state reversed, turning ones into zeros or vice versa. And for the first time, the Google researchers have shown that they can use that bit flipping to actually gain unintended levels of control over a victim computer. Their Rowhammer hack can allow a "privilege escalation," expanding the attacker's influence beyond a certain fenced-in portion of memory to more sensitive areas.</p></blockquote> <p><a href="http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html">Basically</a>:</p> <blockquote><p>When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory. </p></blockquote> <p>The cause is simply the super dense packing of chips:</p> <blockquote><p>This works because DRAM cells have been getting smaller and closer together. As DRAM manufacturing scales down chip features to smaller physical dimensions, to fit more memory capacity onto a chip, it has become harder to prevent DRAM cells from interacting electrically with each other. As a result, accessing one location in memory can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells. With enough accesses, this can change a cell's value from 1 to 0 or vice versa.</p></blockquote> <p>Very clever, and yet another example of the security interplay between hardware and software.</p> <p>This kind of thing is hard to fix, although the Google team gives some mitigation techniques at the end of their analysis.</p> <p>Slashdot <a href="http://it.slashdot.org/story/15/03/10/0021231/exploiting-the-dram-rowhammer-bug-to-gain-kernel-privileges">thread</a>.</p>http://quec.li/EntryComments?feed=http%3A%2F%2Fwww.schneier.com%2Fblog%2Fatom.xml&entry=tag%3Awww.schneier.com%2C2015%3A%2Fblog%2F%2F2.6824