2.15: news.cyb/net/@google warns rely only on printers:
. Google is the king of cloud computing
but Google's vice-president Vint Cerf warned:
"If there are photos you really care about,
print them out."
. I have all my photos on Google Drive;
is he worried WWIII destroys Google servers?
Showing posts with label cyb. Show all posts
Showing posts with label cyb. Show all posts
2015-01-03
#malware for #iOS #2014
news.cyb/sec/malware for iOS:
1.3: summary:
. some might say Wirelurker is no big deal
since it requires the mac user to install
an untrusted enterprise app:
moral of the story, reap what you sew;
don't trust any apps
unless you can trust its source;
right?
. but did you know that one mistake
could rewrite your other iOS apps?
in the name of user friendliness,
iOS security could be better,
and zdziarski.com has some suggestions .
1.3: summary:
. some might say Wirelurker is no big deal
since it requires the mac user to install
an untrusted enterprise app:
moral of the story, reap what you sew;
don't trust any apps
unless you can trust its source;
right?
. but did you know that one mistake
could rewrite your other iOS apps?
in the name of user friendliness,
iOS security could be better,
and zdziarski.com has some suggestions .
sharing via tech will kill you #psy
11.14: news.psy/sharing via tech will kill you:
Aris Theophilakis at TEDxOslo 2013:
1.3: summary of his talk:
. we are sharing too much
and being drowned in garbage;
we are seeing the same with food,
as the quantity has gone up,
the quality has gone down
and low food quality is making us
insulin resistant, and ruining our health .
. when you are always sharing
every trivial thing you are doing,
your behavior changes: less spontaneous .
. never being bored and alone
means you could be less creative .
. when distracted by so much trivia
we have less time to think critically
about what was really important to
our community or our future .
Aris Theophilakis at TEDxOslo 2013:
1.3: summary of his talk:
. we are sharing too much
and being drowned in garbage;
we are seeing the same with food,
as the quantity has gone up,
the quality has gone down
and low food quality is making us
insulin resistant, and ruining our health .
. when you are always sharing
every trivial thing you are doing,
your behavior changes: less spontaneous .
. never being bored and alone
means you could be less creative .
. when distracted by so much trivia
we have less time to think critically
about what was really important to
our community or our future .
2014-12-30
#youtube is a poor socialization tool
7.28: pol/gemini/youtube is a poor socialization tool:
. youtube is a poor socialization tool; because,
there is no way to build credentials:
where are the videos of those in my chain of trust?
or the same political class I trust?
why can a channel owner delete my comments
rather than tag me as some class
such that my comment remains invisible
only to those of an opposite class?
. what if there is political pressure
to turn youtube into a tower of babble
rather than a self-organizing palace of instruction ?
what would happen to our political system
if youtube pointed everyone at the
Dr.JudyWood's of the 9/11 topics?
. youtube is a poor socialization tool; because,
there is no way to build credentials:
where are the videos of those in my chain of trust?
or the same political class I trust?
why can a channel owner delete my comments
rather than tag me as some class
such that my comment remains invisible
only to those of an opposite class?
. what if there is political pressure
to turn youtube into a tower of babble
rather than a self-organizing palace of instruction ?
what would happen to our political system
if youtube pointed everyone at the
Dr.JudyWood's of the 9/11 topics?
2014-11-26
#cyber #security @rootkovska #qubes vs @Bruce_Schneier @schneierblog
11.22: co.wired.com/cyb/sec/qubes/
comments @ wired.com/2014/11/protection-from-hackers/
in defense of qubes
comments @ wired.com/2014/11/protection-from-hackers/
in defense of qubes
2014-11-09
#Secret Manuals Show #Spyware Sold to #police
11.5: news.cyb/sec/Secret Manuals Show Spyware Sold to police:
firstlook.org 2014/10
Hacking Team’s Government Surveillance Malware
firstlook.org 2014/10
When Apple and Google unveiled. they mention citizenlab.org's June 24 Police Story:
new encryption schemes last month,
law enforcement officials complained that
they wouldn't be able to unlock evidence
on criminals’ digital devices.
What they didn't say is that there are
already methods to bypass encryption,
thanks to off-the-shelf digital implants
readily available to the smallest national agencies
and the largest city police forces
— easy-to-use software that takes over and monitors
digital devices in real time.
First Look Media are publishing in full, for the first time,
manuals explaining the prominent commercial implant software
“Remote Control System,” manufactured by
the Italian company Hacking Team.
Hacking Team’s Government Surveillance Malware
2014-10-11
#BadUSB code made public #badBIOS #android #linux #mac #Windows
news.cyb/sec/#badBIOS/#BadUSB code made public:
10.11: summary:
. in 2013 I wrote about #badBIOS malware
apparently infecting my mac and linux/pc;
recently a demonstration of badUSB
has proven a key technology needed by badBIOS;
but the code was not revealed; because,
USB is considered to be unpatchable,
unless $billions in hardware were replaced .
. even more recently,
other researchers have released the code .
10.11: summary:
. in 2013 I wrote about #badBIOS malware
apparently infecting my mac and linux/pc;
recently a demonstration of badUSB
has proven a key technology needed by badBIOS;
but the code was not revealed; because,
USB is considered to be unpatchable,
unless $billions in hardware were replaced .
. even more recently,
other researchers have released the code .
2014-09-20
#USAFREEDOMAct reauthorizes #PATRIOTAct until after #wwIII is over
news.pol/privacy rights
/#USAFREEDOMAct reauthorizes #PATRIOTAct until after #wwIII is over:
. it's ok to lose privacy; we're in a war until 2017;
and after that we're in a global union;
how can you keep global peace
without keeping an eye on every guy
since you can't know who's evil until you look .
sign the petition:
/#USAFREEDOMAct reauthorizes #PATRIOTAct until after #wwIII is over:
. it's ok to lose privacy; we're in a war until 2017;
and after that we're in a global union;
how can you keep global peace
without keeping an eye on every guy
since you can't know who's evil until you look .
sign the petition:
2014-06-11
#kindle supports .txt but not #epub
cyb/kindle formats don't include epub:
6.11: summary:
. I'm interested in amazon's Kindle; because,
it has the largest E Ink display on the market;
and, unlike the Nook, it also shows .txt files,
which most of my docs are already formatted as;
however I was needing html access too;
and epub support would have been convenient
since Nook already has me converting to that;
but, Amazon also has an email conversion service
if you don't mind your content being In The Cloud
(available to not only NSA but also many other authorities).
. if you are not confined to Chrome OS,
there are local apps for converting epub to mobi .
6.11: summary:
. I'm interested in amazon's Kindle; because,
it has the largest E Ink display on the market;
and, unlike the Nook, it also shows .txt files,
which most of my docs are already formatted as;
however I was needing html access too;
and epub support would have been convenient
since Nook already has me converting to that;
but, Amazon also has an email conversion service
if you don't mind your content being In The Cloud
(available to not only NSA but also many other authorities).
. if you are not confined to Chrome OS,
there are local apps for converting epub to mobi .
2014-06-07
DARPA's automated internet disinfectant
6.4: news.cyb/sec/DARPA's automated internet disinfectant:
Mike Walker, DARPA program manager
on Reddit.com:
. what is stale is the attack/defense model;
because, the chip firmwares have backdoors;
you need to secure the hardware;
then you can analyze the software;
but, at least with DECREE
they are promoting a microkernel OS
that can guarantee isolation between app's?
(well, the interface is tiny, if not the Trusted Code Base).
. unfortunately what they have in mind
is to use their simple OS only for
easily managing the budding automation competition;
then they plan to evolve the winning buds
for auto-fixing today's software on today OS's.
. but, what can they do for firmware breaches?
. they are trying to show concern about cybercrime
without actually blocking the backdoors used by NSA .
Mike Walker, DARPA program manager
on Reddit.com:
In April of 2014, insurers started selling insurance productscybergrandchallenge/about:
that covered physical harm generated by cyber effects
-- Google "cyber insurance" "property damage".
In May of 2014,
Sky News reported that over 42,000 London cars
-- nearly half of the cars stolen in the city of London --
were stolen with hacking.
The networked civilization we are building
is going to need to be able to make
strong promises about the safety of software,
because it won't just be guarding our data security
-- it will be guarding our physical security.
If we're going to be able to make strong promises about
software safety, we're going to need automation
that can investigate software in a
uniform, scalable and effective manner.
We know that expert auditors can't get there
-- IBM/Rational points out that our civilization crossed
1 trillion lines of code in the early 2000's.
Operating systems weigh in above 40 million lines
under constant development.
The problem is too big and it’s moving too fast.
We also know that today's automation is
losing every contest of wits to experts
-- in the wake of Heartbleed,
not a single automation product has come forward to say
that this flaw could have been detected
without expert annotation or intervention.
CGC is open technology development
on the problem of software safety,
a problem seen by the DoD
-- and everyone with a vested interest in our connected future.
. What if a purpose built supercomputerco.reddit comment:
could scour the billions of lines of code we depend on,
find and fix the toughest flaws,
upend the economics of computer security,
and level the playing field
between attackers and defenders?
. a lot invested in the [stale] attack/defense modelMike Walker:
of computer security competition.
I've heard arguments from many players
that the current model of attack/defense CTF
[capture the flag competitions] is "stale".
. great innovation is happening in the CTF community:6.7: my response:
see Build It / Break It / Fix It,
funded by the National Science Foundation.
. what is stale is the attack/defense model;
because, the chip firmwares have backdoors;
you need to secure the hardware;
then you can analyze the software;
but, at least with DECREE
they are promoting a microkernel OS
that can guarantee isolation between app's?
(well, the interface is tiny, if not the Trusted Code Base).
. unfortunately what they have in mind
is to use their simple OS only for
easily managing the budding automation competition;
then they plan to evolve the winning buds
for auto-fixing today's software on today OS's.
. but, what can they do for firmware breaches?
. they are trying to show concern about cybercrime
without actually blocking the backdoors used by NSA .
2014-04-30
#politics of on-going #malware injustice
news.cyb/sec/#politics of on-going #malware injustice:
summary:
. we need a hardware system redesign that will
give the NSA the information they search for
but will not allow them to modify our systems,
so then criminals cannot modify our systems .
summary:
. we need a hardware system redesign that will
give the NSA the information they search for
but will not allow them to modify our systems,
so then criminals cannot modify our systems .
2014-02-09
Metapedia judged by its 9-11 coverage
6: news.cyb/net.wiki/alternative to wikipedia/Metapedia:
summary:
. Metapedia is a wikipedia supplement:
here to do things that can't be done there .
. one thing you can't do in wikipedia
is talk about Dr. Judy Wood as being
a serious part of the 9/11 truth movement;
but, Metapedia doesn't even mention her
or her beam weapons evidence,
although Metapedia editors are hardly
main-line 911truthers either
since they blame 9/11 on a Jewish Conspiracy
rather than neocon-CIA-NSA imperialism
or a Liberal Conspiracy bent on
challenging the Muslim globalists
by stealing Zion from them
and handing it back to the Jewish people,
in order to start the Final World War
to choose the world leader
and give that leader the power to
implement global surveillance
and enforce peace throughout the world .
summary:
. Metapedia is a wikipedia supplement:
here to do things that can't be done there .
. one thing you can't do in wikipedia
is talk about Dr. Judy Wood as being
a serious part of the 9/11 truth movement;
but, Metapedia doesn't even mention her
or her beam weapons evidence,
although Metapedia editors are hardly
main-line 911truthers either
since they blame 9/11 on a Jewish Conspiracy
rather than neocon-CIA-NSA imperialism
or a Liberal Conspiracy bent on
challenging the Muslim globalists
by stealing Zion from them
and handing it back to the Jewish people,
in order to start the Final World War
to choose the world leader
and give that leader the power to
implement global surveillance
and enforce peace throughout the world .
2014-01-30
#mac #osx #rtfm #badBIOS #NSA stuccomontana
9: news.cyb/sec/#mac #osx #rtfm #badBIOS #NSA stuccomontana:
intro:
. when NSA conceals a computer vulnerability
(one that can take possession of your computer
and make it do the bidding of the internet)
there is nothing magical about this situation
that would prevent criminal elements
from also exploiting these backdoors .
. NSA knows the cat is out of the bag;
that's why they set up the Snowden leak:
NSA knows they need to get our permission now
rather than use our computer vulnerabilities
because the criminals now know too much
about the backdoors NSA needs for surveillance .
. the following is someone claiming to show
an NSA leak documenting the #badBIOS malware
that has been plaguing Dragos Ruiu .
intro:
. when NSA conceals a computer vulnerability
(one that can take possession of your computer
and make it do the bidding of the internet)
there is nothing magical about this situation
that would prevent criminal elements
from also exploiting these backdoors .
. NSA knows the cat is out of the bag;
that's why they set up the Snowden leak:
NSA knows they need to get our permission now
rather than use our computer vulnerabilities
because the criminals now know too much
about the backdoors NSA needs for surveillance .
. the following is someone claiming to show
an NSA leak documenting the #badBIOS malware
that has been plaguing Dragos Ruiu .
2013-12-31
chromebook #ChromeOS #VerifiedBoot
12.12: web.cyb/sec/chrome's verified boot:
. chromebooks grow while microsoft shrivels?
. promising better security makes a diff .
12.25: best-seller on amazon:
. the best selling laptop on amazon.com [2013.1]
was the Samsung ARM-powered, Linux-based Chromebook.
7.28: news.cyb/chrome/sec
/some vulnerabilities found but many avoided:
application-sandboxes-a-pen-testers-perspective .
see also pdf .
Verified boot provides a means of11.8: news.cyb/chrome/doing well while ms declines:
getting cryptographic assurances
that the Linux kernel, non-volatile system memory,
and the partition table are untampered with
when the system starts up.
This approach is not "trusted boot"
as it does not depend on a TPM device
or other specialized processor features.
Instead, a chain of trust is created
using custom read-only firmware
that performs integrity checking on
a writable firmware.
The verified code in the writable firmware
then verifies the next component in the boot path, and so on.
. chromebooks grow while microsoft shrivels?
. promising better security makes a diff .
12.25: best-seller on amazon:
. the best selling laptop on amazon.com [2013.1]
was the Samsung ARM-powered, Linux-based Chromebook.
7.28: news.cyb/chrome/sec
/some vulnerabilities found but many avoided:
application-sandboxes-a-pen-testers-perspective .
see also pdf .
. Chrome OS kernel exploits are not easy,
but are of medium difficulty to pull off;
OS user mode exploits are very difficult,
and every other penetration test was
not even applicable to Chrome OS
-- these included off the shelf exploits,
and various sandbox leakages:
keylogging, remote webcam/mic access,
clipboard hijack, screen scraping,
file stealing, network shares access .
Dell Latitude E6430 #QubesOS #xen #security&freedom
12.31: summary:
. I feel secure on Chromebook with its verified boot;
but that is very limited in what it can do .
. the Qubes OS provides virtualization of linux
that is needed to isolate computer activities
into separate linux virtual machines .
. by providing this "security by isolation"
your web surfing of unsafe sites
can't be exploited to steal your bank's password
because they run on virtually separate machines .
. there is an hcl (hardware compatibility list)
to help you find a computer that Qubes works with;
and it says a Dell Latitude E6430 does work,
but doesn't work out-of-the-box
(it needs some sort of unspecified "tweaking").
. I feel secure on Chromebook with its verified boot;
but that is very limited in what it can do .
. the Qubes OS provides virtualization of linux
that is needed to isolate computer activities
into separate linux virtual machines .
. by providing this "security by isolation"
your web surfing of unsafe sites
can't be exploited to steal your bank's password
because they run on virtually separate machines .
. there is an hcl (hardware compatibility list)
to help you find a computer that Qubes works with;
and it says a Dell Latitude E6430 does work,
but doesn't work out-of-the-box
(it needs some sort of unspecified "tweaking").
printers for #EMP -proof #backup
12.12: summary:
. given that the policies of USA-Israelare inciting such hostilities from
both dictators (China, Russia, Iran)
and muslims (Iran, Syria, ...),
there is a good chance USA will get
at least one EMP bomb in the next 3 years
that will destroy every electronics device
so that electronic backups of information
are not accessable until one can
import and afford another computing device .
. in the meantime,
a printout of all needed information
would come in quite handy .
#recycle #Apple #iMac 2008
10.9: todo.cyb/mac/recycling: [done]
. if I've found my infected overheating imac
isn't worth fixing,
I could just find how to crack it open
and reuse the drive,
and maybe also the dvd drive?
. vaguely recall the mac#mini's dvd burner
was not immediately reusable,
because I didn't have the right enclosure
(it wasn't the same interface as the harddrive).
[12.15:
. there are also rumors that mac's dvd burner
has unique firmware that needs special drivers? .]
. if I've found my infected overheating imac
isn't worth fixing,
I could just find how to crack it open
and reuse the drive,
and maybe also the dvd drive?
. vaguely recall the mac#mini's dvd burner
was not immediately reusable,
because I didn't have the right enclosure
(it wasn't the same interface as the harddrive).
[12.15:
. there are also rumors that mac's dvd burner
has unique firmware that needs special drivers? .]
#Apple #iMac #badBIOS #malware
12.15: summary:
. my 2008 imac seemed infected by opening pdf's,
and I suspected it was #badBIOS malware;
because, it gave my dvd player troubles:
it made the os x installer disk unreadable,
and it also seemed to be coming from firmware,
as even after I reinstalled the OS via download,
and hadn't opened any more pdf's or javascript,
I still seemed to get infected again .
. my troubles started with finding a new pdf library,
and I ended up finally replacing my sick mac
with a chromebook featuring verified boot!
. my 2008 imac seemed infected by opening pdf's,
and I suspected it was #badBIOS malware;
because, it gave my dvd player troubles:
it made the os x installer disk unreadable,
and it also seemed to be coming from firmware,
as even after I reinstalled the OS via download,
and hadn't opened any more pdf's or javascript,
I still seemed to get infected again .
. my troubles started with finding a new pdf library,
and I ended up finally replacing my sick mac
with a chromebook featuring verified boot!
2013-12-28
#OKL4 #opensource to see what #NSA did to it
2: co.okl4-developer/cyb/sec/OKL4
/open source to see what NSA did to it:
Ph.T 8:57 PM to Jim, developer
/open source to see what NSA did to it:
Ph.T 8:57 PM to Jim, developer
I think the problem is OKL4 is military-grade isolation,
and the NSA doesn't want us to be protected like that .
rate businesses for accessibility
9: news.cyb/net.ableroad/rate businesses for accessability:
AbleRoads, via web and smartphone apps,
ableroad.com/ allows us to review public spaces
and rate them for accessibility
by those who have require assistance for
mobility, vision, hearing, or cognitive abilities.
AbleRoad users see ratings by
both Yelp and AbleRoad reviewers,
and users of the AbleRoads app
can also write Yelp rating .
AbleRoads, via web and smartphone apps,
ableroad.com/ allows us to review public spaces
and rate them for accessibility
by those who have require assistance for
mobility, vision, hearing, or cognitive abilities.
AbleRoad users see ratings by
both Yelp and AbleRoad reviewers,
and users of the AbleRoads app
can also write Yelp rating .
Subscribe to:
Posts (Atom)
