the future of ethereum?

ethdev |  To research, design and build software that, as best as possible, facilitates, in a secure, decentralised and fair manner, the communication and automatically-enforced agreement between parties.

The facilitation will necessitate the building of tools to aid users and developers alike to utilise the back-end systems and make them as effective as possible in their facilities. It is anticipated that these tools will include the development of consumer-grade end-user components (the so-called Ethereum Browser) together with IDE-like components and associated tools. It will also mean the provision of certain high-level (on-the-system) functions, modules, examples, templates, standards and live services without which development and interoperation would suffer.

Security will likely entail use of strong cryptographic technologies, but could also use various other technologies including, but not limited to verifiable computation, computational steganography, complex-systems modelling and formal proof systems.

Fairness must be absolutely guaranteed throughout. We agree that this is pure technology and must make no affordances to the beliefs of any single actor against any other. The system must never even have the possibility of disadvantaging a single user or organisation over any other. We accept that full decentralisation is pivotal in accomplishing this.

Forward-enforceable agreement between arbitrary sets of parties is a core goal, however to achieve this goal, parties must be able to determine the existence and volition of the other. Communication methods must be provided, on the same technological basis, to facilitate this.

It is anticipated that the use of consensus-based blockchain technology using a Turing-complete VM within its transaction resolver and an arbitrarily large state space, such as that first proposed by Buterin (2013) and an evolution of which was formalised by Wood (2014) will be pivotal in the initial delivery.

It is also anticipated that additional research will need to be conducted, both internally and externally in order to deliver solutions of increasing concordance with these broad goals.

what is ethereum?

wikipedia | Purpose The stated purpose of the Ethereum project is to "decentralize the web" by introducing four components as part of its roadmap: static content publication, dynamic messages, trustless transactions and an integrated user-interface.^[6] Each of these services is designed to replace some aspect of the systems currently used in the modern web, but to do so in a fully decentralised and pseudonymous manner.^[7]

Ethereum is an open source project. Development began in December 2013, with the first Go and C++ proof of concept builds (PoC1) being released in early February 2014.^[8] Since then, several further PoC builds have been released, culminating with the public launch of the Ethereum blockchain on 30 July 2015.

 

Ether

The currency unit of Ethereum is the Ether, used to pay for computational services on the network.

To finance development, Ethereum distributed the initial allocation of Ethers via a 42-day public crowdsale, netting 31,591 bitcoins, worth $18,439,086 at that time, in exchange for about 60,102,216 Ethers.^{[12][citation needed]}

Ether is divided into smaller units of currency called finney, szabo, shannon, babbage, lovelace, and wei (named after Wei Dai, the creator of b-money). Each larger unit is equal to 1000 of the next lower unit.^[13] In practice, however, the developers encourage the use of ether and wei. Wei is the base unit of implementation and cannot be further divided.

Smart contracts on Ethereum

Smart contracts are computer protocols which verify or enforce the performance of a contractual agreement. On Ethereum, contracts can be written in one of the following four languages: Solidity (a JavaScript-like language), Serpent (a Python-like language), Mutan (C-like) and LLL (Lisp-like). They are compiled into bytecode before being deployed to the blockchain.

Media 

The platform has been covered in The Wall Street Journal, ^[14] Wired,^[15] The Globe and Mail,^[16] SiliconANGLE,^[17] Al Jazeera,^[18] The Telegraph^[19] and the Keiser Report.^[20]

the kernal of the argument

WaPo |  It took years for the Internet to reach its first 100 computers. Today, 100 new ones join each second. And running deep within the silicon souls of most of these machines is the work of a technical wizard of remarkable power, a man described as a genius and a bully, a spiritual leader and a benevolent dictator.

Linus Torvalds — who in person could be mistaken for just another paunchy, middle-aged suburban dad who happens to have a curiously large collection of stuffed penguin dolls — looms over the future of computing much as Bill Gates and the late Steve Jobs loom over its past and present. For Linux, the operating system that Torvalds created and named after himself, has come to dominate the exploding online world, making it more popular overall than rivals from Microsoft and Apple.

But while Linux is fast, flexible and free, a growing chorus of critics warn that it has security weaknesses that could be fixed but haven’t been. Worse, as Internet security has surged as a subject of international concern, Torvalds has engaged in an occasionally profane standoff with experts on the subject. One group he has dismissed as “masturbating monkeys.” In blasting the security features produced by another group, he said in a public post, “Please just kill yourself now. The world would be a better place.”

There are legitimate philosophical differences amid the harsh words. Linux has thrived in part because of Torvalds’s relentless focus on performance and reliability, both of which could suffer if more security features were added. Linux works on almost any chip in the world and is famously stable as it manages the demands of many programs at once, allowing computers to hum along for years at a time without rebooting.

Yet even among Linux’s many fans there is growing unease about vulnerabilities in the operating system’s most basic, foundational elements — housed in something called “the kernel,” which Torvalds has personally managed since its creation in 1991. Even more so, there is concern that Torvalds’s approach to security is too passive, bordering on indifferent.

don't be stupid or degenerate - avoid chemsex with your digital butt plug and you'll be just fine...,

gizmodo |  Security researchers have come across a new kind of Android malware, which purports to be a well-known app but then exposes your phone to root attacks—and is virtually impossible to remove.

The new malware has been found in software available on third-party app stores. The apps in question use code from official software that you can download from Google Play like Facebook and Twitter, reports Ars Technica, so they initially seem innocuous and even provide the exact same functionality.

But in fact they’re injected with malicious code, which allows them to gain root access to the OS. In turn, a series of exploits are installed on the device as system applications, which makes them incredibly hard—for most people, impossible—to remove. Fist tap Big Don.

android is a linux fork

wikipedia |  Android is a mobile operating system (OS) currently developed by Google, based on the Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets. Android's user interface is based on direct manipulation, using touch gestures that loosely correspond to real-world actions, such as swiping, tapping and pinching, to manipulate on-screen objects, along with a virtual keyboard for text input. In addition to touchscreen devices, Google has further developed Android TV for televisions, Android Auto for cars, and Android Wear for wrist watches, each with a specialized user interface. Variants of Android are also used on notebooks, game consoles, digital cameras, and other electronics. As of 2015^[update], Android has the largest installed base of all operating systems.^[11] It is the second most commonly used mobile operating system in the United States, while iOS is the first.^[12]

Initially developed by Android, Inc., which Google bought in 2005,^[13] Android was unveiled in 2007, along with the founding of the Open Handset Alliance – a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.^[14] As of July 2013^[update], the Google Play store has had over one million Android applications ("apps") published, and over 50 billion applications downloaded.^[15] An April–May 2013 survey of mobile application developers found that 71% of developers create applications for Android,^[16] and a 2015 survey found that 40% of full-time professional developers see Android as their priority target platform, which is comparable to Apple's iOS on 37% with both platforms far above others.^[17] At Google I/O 2014, the company revealed that there were over one billion active monthly Android users, up from 538 million in June 2013.^[18]

Android's source code is released by Google under open source licenses, although most Android devices ultimately ship with a combination of open source and proprietary software, including proprietary software required for accessing Google services.^[3] Android is popular with technology companies that require a ready-made, low-cost and customizable operating system for high-tech devices.^[19] Its open nature has encouraged a large community of developers and enthusiasts to use the open-source code as a foundation for community-driven projects, which add new features for advanced users^[20] or bring Android to devices originally shipped with other operating systems. At the same time, as Android has no centralised update system most Android devices fail to receive security updates: research in 2015 concluded that almost 90% of Android phones in use had known but unpatched security vulnerabilities due to lack of updates and support.^[21][22] The success of Android has made it a target for patent litigation as part of the so-called "smartphone wars" between technology companies.^[23

android security architecture

It is instructive to look at Android as a case study of mobile phone security for two reasons. First, it's  a much more principled design and approach to security than either the web or desktop application contexts.

Web browsers have evolved incrementally over many years to incorporate more and more security checks without as clean a story for how security should work and how isolation should be done. Looking at Android allows us to understand how you go about designing a new clean slate security architecture from scratch if needed. To understand what security problems we have to contend with, let's understand what are the security goals you might have in mind, or what things you might worry about in the context of applications running on a user's mobile phone. Simply stated, we are working with a some data that the user has, as well some resources-- things like the user's camera, GPS

device, microphone, and so on, and, a physical human user.

Then, we have the network interacting with the device. Some considerations for this interaction include ensuring that when two applications interact, they cannot arbitrarily tamper with each other's data, and processes, and execution.  At the same time, we want to allow applications to interact with one another. For example, if you get an email attachment in your email program, you would like to open it up with a text editor, or a PDF viewer, or an image viewer. So we need some sort of protected sharing between applications, but isolation to make sure that they're still secure in the presence of other applications.

Next, we might worry about access between applications and shared data that the user wants to keep private, perhaps, or untampered with on their phone. So we need to make sure that when applications access the data on the user's device, this is somehow mediated and done according to whatever policy the user is OK with. A similar consideration applies to applications accessing the phone's resources.

Now this is not necessarily confidential data that the user has stored on the phone, but it might, nonetheless, be undesirable behavior from the phone user perspective. For example, if the phones turn on the GPS device and start tracking the user, or running the device out of battery, or these might cost the user money if the application starts sending SMS messages, or using a lot of data on the user's mobile phone plan. These are some of the considerations that go into isolating things within the phone. There are of course other sets of considerations that you have to worry about when dealing with the outside world-- outside of the phone, but that's Sith bidnis and not for slovenly peasant consideration.

Now in the case of Android, the platform itself has relatively little to say about protecting the interaction between the phone and the network. One of the few exceptions is the application installation update mechanism. Here, the mobile phone platform has to make sure that when your phone downloads a new version of an app, it comes from the right application developer and not from some man in the middle that's injecting a malicious copy of the application into your phone. Now, in the case of actual interactions between applications and the network, such as an application server running somewhere in the Cloud, the Android platform doesn't provide much in terms of primitives or mechanisms to help applications secure that interaction. The peasants applications are on their own in terms of protecting these communication.

The final interaction we might want to consider in terms of security on a mobile phone is the interaction between the human the user and the phone in their hands. Here, there are two qualitative kinds of problems you might worry about. One, is that someone might steal your phone and try to get at your information at their leisure. The typical defense against this is asking the user, when they're interacting with the phone, to enter some kind of a PIN or a password, to unlock a phone to have the legitimate user be able to identify themselves. There are many techniques you might use here to make sure that this password or PIN is strongly enforced, such as disk encryption of all the contents on the phone itself.

We can talk about doing disk encryption as a separate matter.

The final consideration of interactions between the user and the phone comes from protecting the phone's proprietary internal states from a potentially curious or malicious user. This shows up in the case of DRM, or digital rights management, concerns, or paid applications. So, for example, if a user buys some application in the Android Play Store or in Apple's equivalent app store, the phone platform might want to make sure the user can't take the phone apart and get the application out and give it to all of their friends for free. This is really more Sith bidnis and outside the scope of what you peasants need concern yourself with your beloved little digital cather units.

We will focus exclusively on the interactions that take place within the phone-- so isolating applications from each other, controlling how our applications can get at the data, and the different resources. other aspects of the Android security problem will be addressed as these come to mind over time. Next time, we camy consider and briefly explore the threat model in which your digital catheter is embedded. Careful, in-depth consideration of this topic is bound to disclose a very great deal concerning our assumptions about the world.  In the world as we know it, your imagination could well run wild with possibilities over which you really shouldn't ever worry your pointy little peasant head...., (^;

need to get office 365 in the cloud and let new delhi handle exchange security...,

newsfactor |  Last November, the State Department announced it would be performing "maintenance" on its non-classified e-mail systems during regularly scheduled system downtime. However, The Associated Press later revealed that the "maintenance" actually consisted of unplanned security enhancements to address what State Department officials conceded were signs of "suspicious activity." 

Underscoring the severity of the intrusion, the State Department shut down its unclassified e-mail system around the entire world. State Department officials told media outlets at the time that they were using their personal Gmail accounts in order to get their work done. 

Although the State Department predicted that the issue would be resolved within 48 to 72 hours, the intrusion has clearly lingered. Still unresolved is the amount of material that might have been seized by the hackers, or whether the hackers were able to use the unclassified e-mail system as a staging area for attacks on more sensitive computer networks.

Global Hack Attacks 

The hacker intrusions into the State Department unclassified e-mail system were actually first detected in October 2014, at about the same time that hackers attempted to gain entry to computer systems at the White House, the National Weather Service, and the U.S. Post Office. 

No specific nation or group has been identified as the alleged source of the attacks, although there was speculation that the White House was targeted by Russian hackers and the other government agencies by Chinese intruders. In its report Thursday, the Journal cited unnamed sources who believed the State Department intrusions also originated from Russia. 

One aspect of the attacks that has left U.S. investigators somewhat puzzled, however, is the fact that they have been able to detect the intrusions at all. Their assumption, officials told the Journal, is that Russian computer experts are at least as good as those working for the United States, and that they are capable of avoiding this type of routine detection. The fact that the attacks were so readily identifiable suggests either that Russia was not using its starters, or that the country was trying to send the U.S. some sort of message. 

One thing that is relatively clear is how the initial infection occurred. Investigators pin the blame on an unnamed State Department official who apparently fell for a classic phishing attack. The hackers created an e-mail message purporting to be about departmental issues, and included a link to malicious software. All it took was for a single recipient to click on the link, and the infection was under way. 

As numerous computer security experts have observed over the years, it is vastly easier to play offense than defense in the cyber realm. Put another way, a hacker only has to get lucky once; network defenders have to be perfect all the time.

military-backed criminal superhacking, or, three stacks for uncle sugar, one stack for me?

NYTimes |  In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.

The Moscow-based firm says that because of nondisclosure agreements with the banks that were hit, it cannot name them. Officials at the White House and the F.B.I. have been briefed on the findings, but say that it will take time to confirm them and assess the losses.

Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times. In many cases the hauls were more modest, presumably to avoid setting off alarms.

The majority of the targets were in Russia, but many were in Japan, the United States and Europe.

No bank has come forward acknowledging the theft, a common problem that President Obama alluded to on Friday when he attended the first White House summit meeting on cybersecurity and consumer protection at Stanford University. He urged passage of a law that would require public disclosure of any breach that compromised personal or financial information.

But the industry consortium that alerts banks to malicious activity, the Financial Services Information Sharing and Analysis Center, said in a statement that “our members are aware of this activity. We have disseminated intelligence on this attack to the members,” and that “some briefings were also provided by law enforcement entities.”

i've used kaspersky endpoint security for years and so should you...,

arstechnica |  A long list of almost superhuman technical feats illustrate Equation Group's extraordinary skill, painstaking work, and unlimited resources. They include:

• The use of virtual file systems, a feature also found in the highly sophisticated Regin malware. Recently published documents provided by Ed Snowden indicate that the NSA used Regin to infect the partly state-owned Belgian firm Belgacom.
• The stashing of malicious files in multiple branches of an infected computer's registry. By encrypting all malicious files and storing them in multiple branches of a computer's Windows registry, the infection was impossible to detect using antivirus software.
• Redirects that sent iPhone users to unique exploit Web pages. In addition, infected machines reporting to Equation Group command servers identified themselves as Macs, an indication that the group successfully compromised both iOS and OS X devices.
• The use of more than 300 Internet domains and 100 servers to host a sprawling command and control infrastructure.
• USB stick-based reconnaissance malware to map air-gapped networks, which are so sensitive that they aren't connected to the Internet. Both Stuxnet and the related Flame malware platform also had the ability to bridge airgaps.
• An unusual if not truly novel way of bypassing code-signing restrictions in modern versions of Windows, which require that all third-party software interfacing with the operating system kernel be digitally signed by a recognized certificate authority. To circumvent this restriction, Equation Group malware exploited a known vulnerability in an already signed driver for CloneCD to achieve kernel-level code execution.

Taken together, the accomplishments led Kaspersky researchers to conclude that Equation Group is probably the most sophisticated computer attack group in the world, with technical skill and resources that rival the groups that developed Stuxnet and the Flame espionage malware.

"It seems to me Equation Group are the ones with the coolest toys," Costin Raiu, director of Kaspersky Lab's global research and analysis team, told Ars. "Every now and then they share them with the Stuxnet group and the Flame group, but they are originally available only to the Equation Group people. Equation Group are definitely the masters, and they are giving the others, maybe, bread crumbs. From time to time they are giving them some goodies to integrate into Stuxnet and Flame."

In an exhaustive report published Monday at the Kaspersky Security Analyst Summit here, researchers stopped short of saying Equation Group was the handiwork of the NSA—but they provided detailed evidence that strongly implicates the US spy agency.

why did the hon.bro.preznit say pyongyang did it?

cbsnews |  Fixing blame for cyber attacks is frustratingly difficult, partly because originators often employ proxies, partly because attack analysis turns up diversionary red herrings that implicate innocents. And that's just the start of the problem. 

It goes without saying by now that cyber weapons enlarge and blur understood definitions of war. Cyber aggressors include nation states, their private contractors, non-state evildoers, and corporate interests. There are no norms or conventions framing acceptable behavior in cyberspace -- the cyber version of arms treaties. There's no playbook for proportional retaliation, nor protocols for cooperative defensive action that join public and private interests. (As evidence of our own cultural confusion, some called news coverage of looted Sony data "near treason" -- as if the embarrassing email rants of studio execs are akin to nuclear launch codes.) 

Any rapid, unequivocal, on-the-record conclusion about who perpetrated what should raise eyebrows. This is especially true with Europeans, who harbor broad hesitation about such U.S. pronouncements after all those keenly recalled 2003 assurances about Iraqi weapons of mass destruction. 

Here the burden of proof is also high, and the skeptics are rightfully speaking up in greater numbers.

here's one way to know

Google Play | *This app requires root access and will only run on devices with Qualcomm chipset.*

 

SnoopSnitch collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking, and SS7 attacks.

To use SnoopSnitch, a rooted device with a Qualcomm chipset running stock Android 4.1 or higher is required. Unfortunately, custom ROMs are often unsupported at the moment as they can lack necessary proprietary drivers. (Some successful CyanogenMod installs have been reported.)

This application uses data contributed by other users. By choosing to upload your measurement results or security events, you can help improve this data base and support future research.

let's play nsa!

motherboard.vice |  Prior to the release of the ANT catalog, the last time the public had ever heard anything about retro-reflection technology being used in a surveillance device was in 1960. And the technology became such a sensation that it earned one of the most iconic nicknames of the Cold War.

On August 4, 1945, as World War II was winding down and new tensions with the Soviets were starting to wind up, Russian schoolchildren paid a visit to the American Ambassador in Moscow and bestowed upon him a token of good will: a Great Seal of the United States. The Ambassador hung it in his residential study.

There it hung until one day in 1952, when a British radio technician in Moscow, listening in on Russian air traffic, discovered something unexpected on one frequency: the sound of the British ambassador, loud and clear, along with other American-accented conversations. Thus began one of many exhaustive tear-downs of the embassy. They were looking to find a listening device—and they did, along with a new frontier of spying. The culprit was the Great Seal.

Inside the Americans and British found a tiny device the likes of which they’d never seen. So alien was the Great Seal Bug that the only appropriate name for it seemed to be “The Thing,” after the character in the Addams Family (which was then still just a New Yorker cartoon). It was a retroreflector.

“The Thing,” turned out to have been invented by the legendary Russian engineer Lev Sergeyevich Termen, or Leon Theremin, who may be most famous as the father of the spooky radio-based instrument named after him, but is also considered a pioneer of RFID technology.

But perhaps surprisingly, despite all the public interest in the revelation, “The Thing” did not seem to herald more “things.” In the history of espionage technology, it was a great story, but ultimately a footnote. As far as the public knew, after its fantastical discovery there were fifty-three years of radio silence, so to speak.

“In hindsight,” Ossmann said, “it’s obvious that these types of attacks are practical and employed. For someone who knows a little bit about electronics and a little bit about security, RF retroreflectors should be completely unsurprising. However, I couldn't find anyone who had published any research on the subject at all. That was astonishing."

(This is where things get a bit complicated again; it's worth it, but if you simply can't deal with the details, take my word for it, and skip down to the next section.)  Fist tap Arnach.

babes in toyland where cost is not an issue...,

spiegel |  When it comes to modern firewalls for corporate computer networks, the world's second largest network equipment manufacturer doesn't skimp on praising its own work. According to Juniper Networks' online PR copy, the company's products are "ideal" for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company's special computers is "unmatched" and their firewalls are the "best-in-class." Despite these assurances, though, there is one attacker none of these products can fend off -- the United States' National Security Agency. 

Specialists at the intelligence organization succeeded years ago in penetrating the company's digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry -- including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell. 

A 50-Page Catalog

These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives -- from computing centers to individual computers, and from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA's specialists seem already to have gotten past them. 

This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets' data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.

gen. michael hayden brought the elite hacknological bacon home to the usaf...,

spiegel |  The NSA's TAO hacking unit is considered to be the intelligence agency's top secret weapon. It maintains its own covert network, infiltrates computers around the world and even intercepts shipping deliveries to plant back doors in electronics ordered by those it is targeting.

It was thanks to the garage door opener episode that Texans learned just how far the NSA's work had encroached upon their daily lives. For quite some time now, the intelligence agency has maintained a branch with around 2,000 employees at Lackland Air Force Base, also in San Antonio. In 2005, the agency took over a former Sony computer chip plant in the western part of the city. A brisk pace of construction commenced inside this enormous compound. The acquisition of the former chip factory at Sony Place was part of a massive expansion the agency began after the events of Sept. 11, 2001.

On-Call Digital Plumbers

One of the two main buildings at the former plant has since housed a sophisticated NSA unit, one that has benefited the most from this expansion and has grown the fastest in recent years -- the Office of Tailored Access Operations, or TAO. This is the NSA's top operative unit -- something like a squad of plumbers that can be called in when normal access to a target is blocked.

According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies. TAO's area of operations ranges from counterterrorism to cyber attacks to traditional espionage. The documents reveal just how diversified the tools at TAO's disposal have become -- and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks.

The unit is "akin to the wunderkind of the US intelligence community," says Matthew Aid, a historian who specializes in the history of the NSA. "Getting the ungettable" is the NSA's own description of its duties. "It is not about the quantity produced but the quality of intelligence that is important," one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed "some of the most significant intelligence our country has ever seen." The unit, it goes on, has "access to our very hardest targets."

A Unit Born of the Internet

Defining the future of her unit at the time, she wrote that TAO "needs to continue to grow and must lay the foundation for integrated Computer Network Operations," and that it must "support Computer Network Attacks as an integrated part of military operations." To succeed in this, she wrote, TAO would have to acquire "pervasive, persistent access on the global network." An internal description of TAO's responsibilities makes clear that aggressive attacks are an explicit part of the unit's tasks. In other words, the NSA's hackers have been given a government mandate for their work. During the middle part of the last decade, the special unit succeeded in gaining access to 258 targets in 89 countries -- nearly everywhere in the world. In 2010, it conducted 279 operations worldwide.

Indeed, TAO specialists have directly accessed the protected networks of democratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry's BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a "sustained TAO operation," one document states.

the latent nature of global information warfare

springer |  Let us return to the nature of information warfare. In the past, war has always and only been real, in the system + model sense, like the bed in which you sleep and the apple you eat. The hard facts of war were inevitably accompanied by their informational shadows: the human shouting, the smell of horses, the sounds of trumpets in battles, the rhythm of machineguns, the pitched whistles of bombs falling from the sky, the smell of napalm, the marks left by the tanks’ tracks. For a short time, in the eighties, passive mass media and digital consumerism made us mistakenly think that war could be experienced by the public as virtual: a televised or computerized game, involving only representations to which nothing corresponded, like shadows without objects, simulacra in Baudrillard’s terminology. Thus, in 1991,⁴ Baudrillard argued in The Gulf War Did Not Take Place that the hi-tech fighting on the American side during the first Gulf War had transformed a conflict into propaganda and mass-mediated experience. The analysis was correct both in perceiving a difference and in identifying that difference in the decoupling between the system and the model. But it was wrong in selecting models as the new battlefields. Global information warfare is not virtual. It is mostly latent, that is, it is in the world but not experienced as part of the world. It is a war without shadows. You cannot see it, and cannot hear it, it silently happens everyday, can hit anyone anywhere, and we can all be its unaware victims. Take for instance distributed denial-of-service attacks. According to Arbor Networks, more than 2,000 of DDoS occur worldwide every day.⁵ Their number is increasing and more and more countries are involved that are not officially at war with each other. Similar attacks are very cheap. According to TrendMicro Research a week-long DDoS attack, capable of taking a small organization offline, can cost as little as $150 in the underground market. This is just an example. Conflicts in the infosphere—not just DDoS attacks, but also trade wars, currency wars, patent wars, marketing wars, and other silent forms of informational battles to win hearts, minds, and wallets—are increasingly neither real nor virtual, but latent to most of their victims. They are nonetheless dangerous and wasteful. They require special interfaces to be perceived. They will require a special sensitivity to be eradicated.

a little air and sunlight'll clear up that nasty turner diaries infection...,

anonymous |  Anonymous has revealed a list of KKK members in light of the Ferguson protests as part of #OpKKK and a cyberwar against the organization. The ‘de-hooding’ of Ku Klux Klan members has spurred threats and attacks against Anonymous over social media, with @KuKluxKlanUSA stating “You messed with us, now it’s our turn to mess with you.”

The threat comes in response to the campaign Anonymous began online, to name KKK members in the Ferguson and St. Louis area after it was discovered that the KKK members have been distributing fliers. The fliers warn Ferguson protesters of the consequences of a continuation of their fight, stating they have “awakened a sleeping giant,” and that they [KKK] will use “lethal force” against protestors if they continue. The fliers handed out justify the lethal force as a form of “self-defense.”

Anonymous won’t tolerate racism in any form, or the suppression of the right to protest. Many of the names listed are also accompanied by photos of the members without their hoods. One member is a known police officer, while another works in education. An image posted, displays a KKK member standing quietly amongst the Ferguson protestors.

Anonymous will continue to monitor the KKK servers and disrupt their websites. [1]

The list, accompanied by images, can be found here.

elon musk's fears not completely crazy?

computerworld |  High-tech entrepreneur Elon Musk made headlines when he said artificial intelligence research is a danger to humanity, but researchers from some of the top U.S. universities say he's not so far off the mark. 

"At first I was surprised and then I thought, 'this is not completely crazy,' " said Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University. "I actually do think this is a valid concern and it's really an interesting one. It's a remote, far future danger but sometime we're going to have to think about it. If we're at all close to building these super-intelligent, powerful machines, we should absolutely stop and figure out what we're doing." 

Musk, most well-known as the CEO of electric car maker Tesla Motors, and CEO and co-founder of SpaceX , caused a stir after he told an audience at an MIT symposium that artificial intelligence (AI), and research into it, poses a threat to humans. 

"I think we should be very careful about artificial intelligence," Musk said when answering a question about the state of AI. "If I were to guess at what our biggest existential threat is, it's probably that… With artificial intelligence, we are summoning the demon. In all those stories with the guy with the pentagram and the holy water, and he's sure he can control the demon. It doesn't work out."

He added that there should be regulatory oversight -- at the national and international level -- to "make sure we don't do something very foolish."

Musk's comments came after he tweeted in early August that AI is "potentially more dangerous than nukes."

welcome to the memory hole...,

tomdispatch | Even if some future government stepped over one of the last remaining red lines in our world and simply assassinated whistleblowers as they surfaced, others would always emerge. Back in 1948, in his eerie novel 1984, however, Orwell suggested a far more diabolical solution to the problem. He conjured up a technological device for the world of Big Brother that he called "the memory hole." In his dark future, armies of bureaucrats, working in what he sardonically dubbed the Ministry of Truth, spent their lives erasing or altering documents, newspapers, books, and the like in order to create an acceptable version of history. When a person fell out of favor, the Ministry of Truth sent him and all the documentation relating to him down the memory hole. Every story or report in which his life was in any way noted or recorded would be edited to eradicate all traces of him.

In Orwell's pre-digital world, the memory hole was a vacuum tube into which old documents were physically disappeared forever. Alterations to existing documents and the deep-sixing of others ensured that even the sudden switching of global enemies and alliances would never prove a problem for the guardians of Big Brother. In the world he imagined, thanks to those armies of bureaucrats, the present was what had always been -- and there were those altered documents to prove it and nothing but faltering memories to say otherwise. Anyone who expressed doubts about the truth of the present would, under the rubric of “thoughtcrime,” be marginalized or eliminated.

Government and Corporate Digital Censorship

Increasingly, most of us now get our news, books, music, TV, movies, and communications of every sort electronically. These days, Google earns more advertising revenue than all U.S. print media combined. Even the venerable Newsweek no longer publishes a paper edition. And in that digital world, a certain kind of “simplification” is being explored.

defcon 20 documentary

DEFCON is the world's largest hacking conference, held in Las Vegas, Nevada. In 2012 it was held for the 20th time. The conference has strict no-filming policies, but for DEFCON 20, a documentary crew was allowed full access to the event. The film follows the four days of the conference, the events and people (attendees and staff), and covers history and philosophy behind DEFCON's success and unique experience.

a free man is a dangerous man at the end of the constitutional era...,

reuters | "What bothers me is the hypocritical bit - we demonize China when we've been doing these things and probably worse."

Alexander took a conciliatory tone during his Black Hat speech, defending the NSA but saying he looked forward to a discussion about how it could do things better.

Black Hat attracts professionals whose companies pay thousands of dollars for them to attend. Def Con costs $180 and features many of the same speakers.

At Black Hat, a casual polling station at a vendor's exhibition booth asking whether Snowden was a villain or a hero produced a dead heat: 138 to 138. European attendees were especially prone to vote for hero, the vendor said.

Def Con would have been much rougher on Alexander, judging by interviews there and the reception given speakers who touched on Snowden and other government topics.

Christopher Soghoian, an American Civil Liberties Union technologist, drew applause from hundreds of attendees when he said the ACLU had been the first to sue the NSA after one of the spy programs was revealed.

Peiter Zatko, a hacker hero who funded many small projects from a just-departed post at the Pentagon's Defense Advanced Research Projects Agency, told another large audience that he was unhappy with the surveillance programs and that "challenging the government is your patriotic duty."

The disenchanted give multiple reasons, citing previous misleading statements about domestic surveillance, the government's efforts to force companies to decrypt user communications, and the harm to U.S. businesses overseas.

"I don't think anyone should believe anything they tell us," former NSA hacker Charlie Miller said of top intelligence officials. "I wouldn't work there anymore."

Stamos and Moss said the U.S. government is tilting too much toward offense in cyberspace, using secret vulnerabilities that their targets can then discover and wield against others.

Closest to home for many hackers are the government's aggressive prosecutions under the Computer Fraud and Abuse Act, which has been used against Internet activist Aaron Swartz, who committed suicide in January, and U.S. soldier Bradley Manning, who leaked classified files to anti-secrecy website WikiLeaks.

A letter circulating at Def Con and signed by some of the most prominent academics in computer security said the law was chilling research in the public interest by allowing prosecutors and victim companies to argue that violations of electronic "terms of service" constitute unauthorized intrusions.

Researchers who have found important flaws in electronic voting machines and medical devices did so without authorization, the letter says.

If there is any silver lining, Moss said, it is that before Snowden's leaks, it had been impossible to have an informed discussion about how to balance security and civil liberties without real knowledge of government practices. Fist tap Arnach.

"The debate is just starting," he said. "Maybe we can be a template for other democracies."