By timothy from Slashdot's that's-how-clever-it-was department
links to a NYTimes piece which says "The evidence gathered by the 'early warning radar' of software painstakingly hidden to monitor North Korea's activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified N.S.A. operation."
From the linked article:For about a decade, the United States has implanted “beacons,” which can map a computer network, along with surveillance software and occasionally even destructive malware in the computer systems of foreign adversaries. The government spends billions of dollars on the technology, which was crucial to the American and Israeli attacks on Iran’s nuclear program, and documents previously disclosed by Edward J. Snowden, the former security agency contractor, demonstrated how widely they have been deployed against China. ... The extensive American penetration of the North Korean system also raises questions about why the United States was not able to alert Sony as the attacks took shape last fall, even though the North had warned, as early as June, that the release of the movie “The Interview,” a crude comedy about a C.I.A. plot to assassinate the North’s leader, would be “an act of war.”Read Replies (0)
By timothy from Slashdot's best-hanging-from-rearview-mirror department
According to a story at Forbes, Digital Bond Labs hacker Corey Thuen has some news that should make you think twice about saving a few bucks on insurance by adding a company-supplied car-tracking OBD2 dongle:It’s long been theorised that [Progressive Insurance's Snapshot and other] such usage-based insurance dongles, which are permeating the market apace, would be a viable attack vector. Thuen says
he’s now proven those hypotheses; previous attacks via dongles either didn’t name the OBD2 devices or focused on another kind of technology, namely Zubie, which tracks the performance of vehicles for maintenance and safety purposes. ... He started by extracting the firmware from the dongle, reverse engineering it and determining how to exploit it. It emerged the Snapshot technology, manufactured by Xirgo Technologies, was completely lacking in the security department, Thuen said. “The firmware running on the dongle is minimal and insecure. It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies basically it uses no security technologies whatsoever.”Read Replies (0)
By timothy from Slashdot's you'll-also-want-a-drone-hunting-drone-hunting-drone department
writes, "Are paparazzi flying drones over your garden to snap you sunbathing? You may need the Rapere
, the drone-hunting drone which uses 'tangle-lines' to quickly down its prey
From The Telegraph's article: It has been designed to be faster and more agile than other drones to ensure that they can't escape - partly by limiting flight time and therefore reducing weight.
“Having worked in the UAS industry for years, we've collectively never come across any bogus use of drones. However it's inevitable that will happen, and for people such as celebrities, where there is profit to be made in illegally invading their privacy, there should be an option to thwart it,” the group say on their website.
This seems more efficient than going after those pesky paparazzi drones with fighting kites
(video), but it should also inspire some skepticism: CNET notes that the team behind it is anonymous, and that "Rapere works in a lab setting, however there aren't any photos or videos of the killer drone in action
. The website instead has only a slideshow of the concept."Read Replies (0)
By timothy from Slashdot's problem-with-authority department
A story at Ars Technica describes yet another Federal database of logged call details maintained by the Federal government which has now come to light, this one maintained by the Department of Justice rather than the NSA, and explains how it came to be discovered: [A] three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use "administrative subpoenas" to obtain business records and other "tangible things." The affidavit does not specify which countries records were included, but specifically does mention Iran. ... This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013.
From elsewhere in the article:
"It’s now clear that multiple government agencies have tracked the calls that Americans make to their parents and relatives, friends, and business associates overseas, all without any suspicion of wrongdoing," [said ACLU lawyer Patrick Toomey]. "The DEA program shows yet again how strained and untenable legal theories have been used to secretly justify the surveillance of millions of innocent Americans using laws that were never written for that purpose."Read Replies (0)