jm + wired   14

The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users | WIRED
Since Operation Torpedo [use of a Metasploit side project], there’s evidence the FBI’s anti-Tor capabilities have been rapidly advancing. Torpedo was in November 2012. In late July 2013, computer security experts detected a similar attack through Dark Net websites hosted by a shady ISP called Freedom Hosting—court records have since confirmed it was another FBI operation. For this one, the bureau used custom attack code that exploited a relatively fresh Firefox vulnerability—the hacking equivalent of moving from a bow-and-arrow to a 9-mm pistol. In addition to the IP address, which identifies a household, this code collected the MAC address of the particular computer that infected by the malware.

“In the course of nine months they went from off the shelf Flash techniques that simply took advantage of the lack of proxy protection, to custom-built browser exploits,” says Soghoian. “That’s a pretty amazing growth … The arms race is going to get really nasty, really fast.”
fbi  tor  police  flash  security  privacy  anonymity  darknet  wired  via:bruces 
december 2014 by jm
Madhumita Venkataramanan: My identity for sale (Wired UK)
If the data aggregators know everything about you -- including biometric data, healthcare history, where you live, where you work, what you do at the weekend, what medicines you take, etc. -- and can track you as an individual, does it really matter that they don't know your _name_? They legally track, and sell, everything else.
As the data we generate about ourselves continues to grow exponentially, brokers and aggregators are moving on from real-time profiling -- they're cross-linking data sets to predict our future behaviour. Decisions about what we see and buy and sign up for aren't made by us any more; they were made long before. The aggregate of what's been collected about us previously -- which is near impossible for us to see in its entirety -- defines us to companies we've never met. What I am giving up without consent, then, is not just my anonymity, but also my right to self-determination and free choice. All I get to keep is my name.
wired  privacy  data-aggregation  identity-theft  future  grim  biometrics  opt-out  healthcare  data  data-protection  tracking 
november 2014 by jm
The Laborers Who Keep Dick Pics and Beheadings Out of Your Facebook Feed | WIRED
“Everybody hits the wall, generally between three and five months,” says a former YouTube content moderator I’ll call Rob. “You just think, ‘Holy shit, what am I spending my day doing? This is awful.’”
facebook  wired  beheadings  moderation  nsfw  google  youtube  social-media  filtering  porn  abuse 
october 2014 by jm
The FBI Finally Says How It ‘Legally’ Pinpointed Silk Road’s Server
The answer, according to a new filing by the case’s prosecution, is far more mundane: The FBI claims to have found the server’s location without the NSA’s help, simply by fiddling with the Silk Road’s login page until it leaked its true location.
fbi  nsa  silk-road  tor  opsec  dread-pirate-roberts  wired 
september 2014 by jm
Florida cops used IMSI catchers over 200 times without a warrant
Harris is the leading maker of [IMSI catchers aka "stingrays"] in the U.S., and the ACLU has long suspected that the company has been loaning the devices to police departments throughout the state for product testing and promotional purposes. As the court document notes in the 2008 case, “the Tallahassee Police Department is not the owner of the equipment.”

The ACLU now suspects these police departments may have all signed non-disclosure agreements with the vendor and used the agreement to avoid disclosing their use of the equipment to courts. “The police seem to have interpreted the agreement to bar them even from revealing their use of Stingrays to judges, who we usually rely on to provide oversight of police investigations,” the ACLU writes.
aclu  police  stingrays  imsi-catchers  privacy  cellphones  mobile-phones  security  wired 
march 2014 by jm
How to Read a Scientific Paper (About That Researcher With a Nematode in His Mouth) - Wired Science
Let’s rewind to September 2012. It was about then- according to this recently published report (paywall) in The American Journal of Tropical Medicine – that an “otherwise healthy, 36-year-old man” felt a rough patch in his mouth, a scaly little area his right cheek. It didn’t hurt. But then it didn’t stay there either. He started testing for it with his tongue. It traveled. It moved to the back of his mouth, then forward, coiled backwards again. In the language of science: “These rough patches would appear and disappear on a daily basis, giving the patient the indirect sense that there was an organism moving within the oral cavity.”
nematodes  parasites  biology  medicine  paper  gross  funny  wired  mouth 
october 2013 by jm
Piracy is a 'minority activity', pirates spend more on content, and piracy rates dropped in the UK during 2012
OfCom has published a report on online piracy, which found that the practice is becoming less common and that pirates tend to spend more on legitimate content than non-pirates.

The research, which was not funded by the entertainment industry, was conducted by Kantar Media among 21,474 participants and took place in 2012 across four separate stages. Over that time, the ratio of legal to illegal content fell -- confirming a suspected trend as legal streaming options became more available.

It also confirmed another suspicion -- that a relatively small number of web users are responsible for most piracy. In OfCom's data, just two percent of users conducted three quarters of all piracy. Ofcom described piracy as "a minority activity".

Of those surveyed, 58 percent accessed music, movie or TV content online, while 17 percent accessed illegal content sources. Those who admitted pirating content spent on average £26 every three months on legitimate content, set against an average spend of £16 among non-pirates.
wired  piracy  studies  ofcom  streaming 
september 2013 by jm
FBI Admits It Controlled Tor Servers Behind Mass Malware Attack
The code’s behavior, and the command-and-control server’s Virginia placement, is also consistent with what’s known about the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.
cipav  fbi  tor  malware  spyware  security  wired 
september 2013 by jm
How Advanced Is the NSA's Cryptanalysis — And Can We Resist It?
Bruce Schneier's suggestions:
Assuming the hypothetical NSA breakthroughs don’t totally break public-cryptography — and that’s a very reasonable assumption — it’s pretty easy to stay a few steps ahead of the NSA by using ever-longer keys. We’re already trying to phase out 1024-bit RSA keys in favor of 2048-bit keys. Perhaps we need to jump even further ahead and consider 3072-bit keys. And maybe we should be even more paranoid about elliptic curves and use key lengths above 500 bits.

One last blue-sky possibility: a quantum computer. Quantum computers are still toys in the academic world, but have the theoretical ability to quickly break common public-key algorithms — regardless of key length — and to effectively halve the key length of any symmetric algorithm. I think it extraordinarily unlikely that the NSA has built a quantum computer capable of performing the magnitude of calculation necessary to do this, but it’s possible. The defense is easy, if annoying: stick with symmetric cryptography based on shared secrets, and use 256-bit keys.
bruce-schneier  cryptography  wired  nsa  surveillance  snooping  gchq  cryptanalysis  crypto  future  key-lengths 
september 2013 by jm
Wired: how a Toronto statistician cracked the state lottery
'The tic-tac-toe lottery was seriously flawed. It took a few hours of studying his tickets and some statistical sleuthing, but he discovered a defect in the game: The visible numbers turned out to reveal essential information about the digits hidden under the latex coating. Nothing needed to be scratched off—the ticket could be cracked if you knew the secret code.'
toronto  hacks  money  statistics  probability  wired  tic-tac-toe  singleton  from delicious
february 2011 by jm

Copy this bookmark:



description:


tags: