Paula Broadwell,who had an affair with CIA director David Petraeus, similarly took extensive precautions to hide her identity. She never logged in to her anonymous e-mail service from her home network. Instead, she used hotel and other public networks when she e-mailed him. The FBI correlated hotel registration data from several different hotels — and hers was the common name. […]

The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we’re being tracked all the time. Google tracks us, both on its pages and on other pages it has access to. Facebook does the same; it even tracks non-Facebook users. Apple tracks us on our iPhones and iPads. One reporter used a tool called Collusion to track who was tracking him; 105 companies tracked his Internet use during one 36-hour period. […]

If the director of the CIA can’t maintain his privacy on the Internet, we’ve got no hope.

{ Bruce Schneier/CNN | Continue reading }

related { We were hacked: Here’s what you should know. }

photo { Adam Broomberg & Oliver Chanarin }

For the last six months, Cody Wilson and his non-profit group Defense Distributed have worked towards a controversial goal: To make as many firearm components as possible into 3D-printable, downloadable files. Now they’re seeking to make those files searchable, too–and to make a profit while they’re at it.

In a talk at the South By Southwest conference in Austin, Texas Monday afternoon, Wilson plans to announce a new, for-profit spinoff of his gun-printing project that will serve as both a repository and search engine for CAD files aimed at allowing anyone to 3D-print gun parts in their own garage.

{ Forbes | Continue reading }

related links posted between april 2012 and today in every day, the same, again:

The world’s first 3D-printed gun.

Airbus designer hopes to see planes roll out of hangar-sized 3D printers by 2050.

MIT students reveal PopFab, a 3D printer that fits inside a briefcase.

Japanese company will 3D print your fetus for $1,275.

PayPal Founder Backs Synthetic Meat Printing Company.

3D print glove is a wearable mobile phone.

Ever wanted a life-like miniature of yourself or loved ones? Now’s your chance, thanks to Omote 3D, which will soon be opening a 3D printing photo booth in Harajuku, Japan.

In October, 3D-printing startup Shapeways opened its New York production facility in Long Island City, Queens, the biggest consumer-focused 3D printing factory in the world.

The Pirate Bay launches crazy Physibles category for printing 3D objects.

Which 3D printers should you buy?

In many ways, today’s 3D printing community resembles the personal computing community of the early 1990s.

China’s first 3D printing museum opens.

“3D pen” can write in the air.

An Artificial Ear Built By a 3D Printer and Living Cartilage Cells.

Click by click, Facebook users are building a surprisingly nuanced picture of themselves, even without filling out their social networking profiles. […] Researchers found that they could, for example, correctly guess a man’s sexual orientation 88 percent of the time by analyzing the kinds of TV shows and movies he liked. It also found that few gay men — less than 5 percent in the study — identify with groups that openly declare their sexual orientation, so a man’s preference for “Britney Spears” or “Desperate Housewives” was more useful in predictions.

Similarly, the researchers also found that they could figure out if a Facebook user used drugs with about 65 percent accuracy based on their expressed public preferences.

The study even included “like” predictors that could tell whether users’ parents had separated when they were young vs. whether they had not.

Researchers told the British paper that they hope this study raises users’ awareness about the kind of information they may not realize they’re sharing with a wider audience.

{ Washington Post | Continue reading }

Designed for Google’s forthcoming Glass headset, it recognises people by the clothes they are wearing. Their name is then overlaid on the headset’s video.

{ NewScientist | Continue reading }

related { A technological singularity is defined as ‘the creation, by technology, of greater-than-human intelligence.’ Is it plausible? }

images { 1 | 2 }

Google Glass comes with yet another, even more important feature: lifebits, the ability to record video of the people, places, and events around you, at all times. […]

“I’m recorded by security cameras all day, it doesn’t bother me, what’s the difference?” […] It’s a Google project. And Google has the capacity to combine Glass with other technologies it owns.

{ Creative Good | Continue reading }

A multinational security firm has secretly developed a software capable of tracking people’s movements and predicting future behaviour by mining data from social networking websites.

{ Guardian | Continue reading }

images { 1 | 2 }

Deloitte predicts that in 2013 more than 90 percent of user-generated passwords, even those considered strong by IT departments, will be vulnerable to hacking. […]

How do passwords get hacked? The problem is not that a hacker discovers a username, goes to a login page and attempts to guess the password. That wouldn’t work: most web sites freeze an account after a limited number of unsuccessful attempts, not nearly enough to guess even the weakest password.

Most organizations keep usernames and passwords in a master file. That file is hashed: a piece of software encrypts both the username and password together. […] However, master files are often stolen or leaked. A hashed file is not immediately useful to a hacker, but various kinds of software and hardware can decrypt the master file and at least some of the usernames and passwords. Decrypted files are then sold, shared or exploited by hackers. […]

An eight-character password chosen from all 94 characters available on a standard keyboard is one of 6.1 quadrillion (6,095,689,385,410,816) possible combinations. It would take about a year for a relatively fast 2011 desktop computer to try every variation. Even gaining access to a credit card would not be worth the computing time.

However, a number of factors, related to human behavior and changes in technology, have combined to render the “strong” password vulnerable.

First, humans struggle to remember more than seven numbers in our short-term memory. Over a longer time span, the average person can remember only five. Adding letters, cases, and odd symbols to the mix makes remembering multiple characters even more challenging.

As a result, people use a variety of tricks to make recalling passwords easier. For example, users often create passwords that reference words and names in our language and experience. […] Although a keyboard has 32 different symbols, humans generally only use half-a-dozen in passwords because they have trouble distinguishing between many of them. These tricks and tendencies combine to make passwords less random, and therefore weaker. […]

But non-random passwords aren’t even the biggest problem. The bigger problem is password re-use. The average user has 26 password-protected accounts, but only five different passwords across those accounts. Because of password re-use, a security breach on a less-secure gaming or social networking site can expose the password that protects a bank account. […]

Longer passwords could make systems more secure. Adding just one or two characters make brute-force attacks almost a thousand times slower. A ten-character password has 8,836 more possible combinations than an eight-character password, and the same password-cracking machine cited above would take more than 5 years to crack it. Truly random passwords would also decrease the threat from hackers.

{ Deloitte | Continue reading }

A number of Instagram’s 90 million active users are in a confused panic after being locked out of their accounts over the weekend, and several seem to believe they’ve been hacked. […]

Your account has been secured and requires account validation. Please login to Instagram.com from your desktop computer to validate your identify.

The desktop validation process then requires the user to upload a photograph of a government-issued photo ID by February 1 — a puzzling requirement for many thread participants, who worried that a hacker was attempting to gain access to their personal information. Which is not the case.

“Instagram occasionally removes accounts due to violation of terms and, depending on the violation, may ask people to upload IDs for verification purposes,” a Facebook spokesperson told CNET. […]

Instagram, like Facebook, requires that its users are at least 13.

{ CNET | Continue reading }

Google agrees. “Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” Grosse and Upadhyay write in their paper.
Thus, they’re experimenting with new ways to replace the password, including a tiny Yubico cryptographic card that — when slid into a USB (Universal Serial Bus) reader — can automatically log a web surfer into Google. They’ve had to modify Google’s web browser to work with these cards, but there’s no software download and once the browser support is there, they’re easy to use. You log into the website, plug in the USB stick and then register it with a single mouse click.

They see a future where you authenticate one device — your smartphone or something like a Yubico key — and then use that almost like a car key, to fire up your web mail and online accounts.

In the future, they’d like things to get even easier, perhaps connecting to the computer via wireless technology.

{ Wired | Continue reading }

photo { Yasuhiro Ishimoto, Children at Halloween, Chicago, 1952 }

I purchased 75 cheap laptop computers and, with trusted help, installed invisible keystroke logging software on all of them—the kind that calls home (to me) and disgorges the text files. It also, on command, turns on, and off, the microphone and camera—and sends these files on command. I had the computers re-packaged as if new. I began giving these away as presents to select people—government employees, police officers, Cabinet Minister’s assistants, girlfriends of powerful men, boyfriends of powerful women. I hired four trusted people full time to monitor the text files and provide myself with the subsequent passwords for everyone’s e-mail, Facebook, private message boards, and other passworded accounts. The keystroke monitoring continued after password collection, in order to document text input that would later be deleted. So nothing was missed.

I next collected my human resources for the complex social engineering I would have to do. I arranged with 23 women and six men to be my operatives. Eight of the women were so accomplished that they ended up living with me. It was amazingly more efficient and they were easily convinced to check up on each other. One was so accomplished (Marcia) that she became a double agent and nearly got me killed.

{ John McAfee/Ars Technica | Continue reading | Thanks Tim }

Software developed by the FBI and Ernst & Young has revealed the most common words used in email conversations among employees engaged in corporate fraud.

The software, which was developed using the knowledge gained from real life corporate fraud investigations, pinpoints and tracks common fraud phrases like “cover up”, “write off”, “failed investment”, “off the books”, “nobody will find out” and “grey area”.

Expressions such as “special fees” and “friendly payments” are most common in bribery cases, while fears of getting caught are shown in phrases such as “no inspection” and “do not volunteer information”.

{ Computer World | Continue reading }

The US surveillance regime has more data on the average American than the Stasi ever did on East Germans.

The American government is collecting and storing virtually every phone call, purchases, email,  text message, internet searches, social media communications, health information,  employment history, travel and student records, and virtually all other information of every American.

Some also claim that the government is also using facial recognition software and surveillance cameras to track where everyone is going.  Moreover, cell towers track where your phone is at any moment, and the major cell carriers, including Verizon and AT&T, responded to at least 1.3 million law enforcement requests for cell phone locations and other data in 2011. And – given that your smartphone routinely sends your location information back to Apple or Google – it would be child’s play for the government to track your location that way.

As the top spy chief at the U.S. National Security Agency explained this week, the American government is collecting some 100 billion 1,000-character emails per day, and 20 trillion communications of all types per year.

{ Washington Blogs | Continue reading }

Check Point has revealed how a sophisticated malware attack was used to steal an estimated €36 million from over 30,000 customers of over 30 banks in Italy, Spain, Germany and Holland over summer this year.

The theft used malware to target the PCs and mobile devices of banking customers. The attack also took advantage of SMS messages used by banks as part of customers’ secure login and authentication process.

The attack worked by infecting victims’ PCs and mobiles with a modified version of the Zeus trojan. When victims attempted online bank transactions, the process was intercepted by the trojan.

Under the guise of upgrading the online banking software, victims were duped into giving additional information including their mobile phone number, infecting the mobile device. The mobile Trojan worked on both Blackberry and Android devices, giving attackers a wider reach.

{ Net Security | Continue reading }

Onity, the company whose locks protect 4 million or more hotel rooms around the world, has agreed to reimburse at least some fraction of its hotel customers for the cost of fixing a security flaw exposed in July.

{ Forbes | Continue reading }

Some cyberattacks over the past decade have briefly affected state strategic plans, but none has resulted in death or lasting damage. For example, the 2007 cyberattacks on Estonia by Russia shut down networks and government websites and disrupted commerce for a few days, but things swiftly went back to normal. The majority of cyberattacks worldwide have been minor: easily corrected annoyances such as website defacements or basic data theft — basically the least a state can do when challenged diplomatically.

Our research shows that although warnings about cyberwarfare have become more severe, the actual magnitude and pace of attacks do not match popular perception.

{ Foreign Affairs | Continue reading }

With everything from banking records and health data to contacts lists and photos available through our mobile phones, the ability to securely  access this data is an increasingly important concern.  That’s why many phone manufactures and data holders are keen on biometric security systems that reliably identify individuals.

The question of course is which biometric system to use. Face, fingerpint and iris recognition are all topics of intense research. But the most obvious choice for a mobile phone is surely voice identification. However, this approach has been plagued with problems.

For example, people’s voices can change dramatically when they are ill or in a hurry. What’s more, it’s relatively easy to record somebody’s voice during authentication and use that to break the system. So many groups have steered away from voice biometrics.

That could be set to change. Today, RC Johnson at the University of Colorado at Colorado Springs and a couple of pals lay out a new approach to voice biometrics which they say solves these problems. The new system provides secure authentication while also preserving the privacy of the user.

In the new system, users set up their accounts by recording a large number of words and phrases which are sent in encrypted form to a bank, for example. This forms a template that the bank uses to verify the user.

{ The Physics arXiv Blog | Continue reading }

These days, the TSA’s major role appears to be to make plane trips more unpleasant. And by doing so, it’s encouraging people to take the considerably more dangerous option of traveling by road. […]

A longer list of TSA’s confiscations would include a G.I. Joe action doll’s 4-inch plastic rifle (“it’s a replica”) and a light saber. […]

Researchers at Cornell University suggest that people switching from air to road transportation in the aftermath of the 9/11 attacks led to an increase of 242 driving fatalities per month—which means that a lot more people died on the roads as an indirect result of 9/11 than died from being on the planes that terrible day. They also suggest that enhanced domestic baggage screening alone reduced passenger volume by about 5 percent in the five years after 9/11, and the substitution of driving for flying by those seeking to avoid security hassles over that period resulted in more than 100 road fatalities.

{ BloombergBusinessweek | Continue reading }

U.S. cellphone carriers took a major step on Wednesday toward curbing the rising number of smartphone thefts with the introduction of databases that will block stolen phones from being used on domestic networks.

The initiative got its start earlier this year when the U.S. Federal Communications Commission and police chiefs from major cities asked the cellular carriers for assistance in battling the surging number of smartphone thefts. In New York, more than 40 percent of all robberies involve cellphones and in Washington, D.C., cellphone thefts accounted for 38 percent of all robberies in 2011.

With the introduction of the database, carriers will be able to block stolen handsets from being used on their networks. Until now, such blocking had targeted the SIM card, so unauthorized calls could not be made on stolen phones, but putting in a new SIM card meant the phone could still be used. That meant a stolen phone could be sold on the second-hand market.

The new database blocks the IMEI number, a unique identification number in the cellphone.

{ Network World | Continue reading }

photo { Garry Winogrand }

The U.S. government is surreptitiously collecting the DNA of world leaders, and is reportedly protecting that of Barack Obama. Decoded, these genetic blueprints could provide compromising information. In the not-too-distant future, they may provide something more as well—the basis for the creation of personalized bioweapons that could take down a president and leave no trace.

{ Atlantic | Continue reading }

Bobbi Duncan desperately wanted her father not to know she is lesbian. Facebook told him anyway.

One evening last fall, the president of the Queer Chorus, a choir group she had recently joined, inadvertently exposed Ms. Duncan’s sexuality to her nearly 200 Facebook friends, including her father, by adding her to a Facebook Inc. discussion group. That night, Ms. Duncan’s father left vitriolic messages on her phone, demanding she renounce same-sex relationships, she says, and threatening to sever family ties. […]

Soon, she learned that another choir member, Taylor McCormick, had been outed the very same way, upsetting his world as well.

The president of the chorus, a student organization at the University of Texas campus here, had added Ms. Duncan and Mr. McCormick to the choir’s Facebook group. The president didn’t know the software would automatically tell their Facebook friends that they were now members of the chorus.

The two students were casualties of a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval. As a result, the two lost control over their secrets, even though both were sophisticated users who had attempted to use Facebook’s privacy settings to shield some of their activities from their parents.

{ WSJ | Continue reading }

photo { Ray K. Metzker }

{ The US Naval Surface Warfare Center has created an Android app that secretly records your environment and reconstructs it as a 3D virtual model for a malicious user to browse. | The Physics arXiv Blog }

Physically securing a company doesn’t necessarily have to be about expensive alarm systems, high resolution cameras and other fancy gadgets. To keep burglars at bay, all you might need is a gadget that tricks them into thinking that you have high-tech security systems.

{ Softpedia | Continue reading | Thanks Tim }