David Adams Archive
Facebook CEO Mark Zuckerberg is living at least a few years out ahead of anyone reading this post -- the founding executive told an audience in Rome (via Verge) today that he hopes to demonstrate his home’s artificial intelligence system, which controls things like air conditioning, lighting and more based on things like face and voice recognition.
The TechCrunch article is light on detail, but this project may be more interesting than it sounds at first blush. Zuckerberg isn't the first tech billionaire to sink a bunch of money into a fancy home automation project. Bill Gates famously did the same a couple of decades ago. High end homes all over the world have fancy and expensive home control systems, that provide their rich owners with frustration and hassle and absolutely confound houseguests. But these days, for a few hundred dollars, anyone can buy an Amazon Echo, any one of half a dozen automation hubs, and various switches, thermostats, and lightbulbs, and create a pretty nifty and convenient voice controlled home automation and entertainment system. Someone with the vision and the development budget that Mark Zuckerberg has at his disposal should be able, with readily available, inexpensive hardware, create something pretty amazing.
Researchers discovered that a Transmission Control Protocol (TCP) specification implemented in Linux creates a vulnerability that can be exploited to terminate connections and conduct data injection attacks.
The flaw, tracked as CVE-2016-5696, is related to a feature described in RFC 5961, which should make it more difficult to launch off-path TCP spoofing attacks. The specification was formulated in 2010, but it has not been fully implemented in Windows, Mac OS X, and FreeBSD-based operating systems. However, the feature has been implemented in the Linux kernel since version 3.6, released in 2012.
A team of researchers from the University of California, Riverside and the U.S. Army Research Laboratory identified an attack method that allows a blind, off-path attacker to intercept TCP-based connections between two hosts on the Internet.
Researchers noted that data cannot be injected into HTTPS communications, but the connection can still be terminated using this method. One attack scenario described by the experts involves targeting Tor by disrupting connections between certain relays so that users are forced to use attacker-controlled exit relays.
As the podcast mentions, mobile OS vendors and online services are getting a lot better at encrypting traffic and obscuring metadata, and one of the primary reasons for this was Edward Snowden's revelations about the ubiquity and sophistication of the NSA's surveillance, and by extension, the dangers of surveillance from other state agencies, black hat hackers, and legions of scammers. The Snowden revelations hit Silicon Valley right in the pocketbook, so that did impel a vast new rollout of encryption and bug fixing, but there's still a long way to go.
As a way of both highlighting and trying to fix some of the inherent vulnerabilities of smartphones in particular, Ed Snowden teamed up with famed hardware hacker Bunny Huang have been working on a hardware tool, specifically, a mobile phone case, that monitors the radio signals from a device and reports to the user what's really being transmitted. They explain their project in a fascinating article at PubPub.
Mobile phones provide a wide attack surface, since their multitude of apps are sharing data with the network at all times, and even if the core data is encrypted, a lot can be gleaned from metadata and snippets of unencrypted data that leak through. Journalists and activists generally know this, and often use Airplane Mode when they're worried their location may be tracked. Problem is, when agencies are using spearphishing attacks to remotely jailbreak iPhones and install tracking software, and there are even fears that OS vendors themselves might be cooperating with authorities, Snowden and Huang set out to allow users to monitor their devices in a way that doesn't implicitly trust the device's user interface, which may be hiding the fact that it's transmitting data when it says it's not. The article goes into great detail about the options they considered, and the specific design they've worked down to, and it looks terrific.
Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a â€œNobel Prize for human rightsâ€). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising â€œnew secretsâ€ about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based â€œcyber warâ€ company that sells Pegasus, a government-exclusive â€œlawful interceptâ€ spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management.
The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (â€œzero-daysâ€) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware. We are calling this exploit chain Trident. Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.
The average selling price of a smartphone in India is just $132, half that of China, so the market for low-end smartphones is brisk. On top of that, there are many languages spoken in india, and support for them in Google's Android and iOS is limited. This created an opening for an Indus OS, which has its own app store with 30,000 Android apps, most available in two or more local languages. Its installed based is currently around 4 million.
A step-by-step guide on how to download, install, and start using Tails, the world's most secure platform.
Tails, an encrypted and anonymous OS that bundles widely used open source privacy tools on a tiny device, is one of the most secure operating systems in the world. The Linux distribution rose to popularity when it was revealed Edward Snowden relied on Tails to secure his identity while sharing NSA secrets with journalists Glenn Greenwald and Laura Poitras. In the past half decade, Tails has been embraced as an essential security suite by journalists, hackers, and IT workers.
On the eve of launch of the latest generation of the Samsung Galaxy Note 7 we are reminded once again of Microsoft's failed Courier project, which was one of the first to propose a pen-first operating system.
Unlike the last major update, which added support for remote streaming to Macs and PCs, the 4.00 firmware beta (codenamed Shingen) is mostly focused on tweaking the PS4’s user interface. One of the biggest changes is the ability to create folders to organize your games and apps, instead of relying purely on Sony’s existing organizational tools. Another is that instead of taking over the whole screen, the Share and Quick menus will open as windows that don’t entirely cover your current game or app, and you’ll be able to add and remove items from the Quick menu to customize it.