ethdev | To research, design and build software that, as best as possible,
facilitates, in a secure, decentralised and fair manner, the
communication and automatically-enforced agreement between parties.
The facilitation will necessitate the building of tools to aid users
and developers alike to utilise the back-end systems and make them as
effective as possible in their facilities. It is anticipated that these
tools will include the development of consumer-grade end-user
components (the so-called Ethereum Browser) together with IDE-like
components and associated tools. It will also mean the provision of
certain high-level (on-the-system) functions, modules, examples,
templates, standards and live services without which development and
interoperation would suffer.
Security will likely entail use of strong cryptographic technologies,
but could also use various other technologies including, but not
limited to verifiable computation, computational steganography,
complex-systems modelling and formal proof systems.
Fairness must be absolutely guaranteed throughout. We agree that this
is pure technology and must make no affordances to the beliefs of any
single actor against any other. The system must never even have the
possibility of disadvantaging a single user or organisation over any
other. We accept that full decentralisation is pivotal in accomplishing
this.
Forward-enforceable agreement between arbitrary sets of parties is a
core goal, however to achieve this goal, parties must be able to
determine the existence and volition of the other. Communication
methods must be provided, on the same technological basis, to
facilitate this.
It is anticipated that the use of consensus-based blockchain technology
using a Turing-complete VM within its transaction resolver and an
arbitrarily large state space, such as that first proposed by Buterin
(2013) and an evolution of which was formalised by Wood (2014) will be
pivotal in the initial delivery.
It is also anticipated that additional research will need to be
conducted, both internally and externally in order to deliver solutions
of increasing concordance with these broad goals.
wikipedia |Purpose
The stated purpose of the Ethereum project is to "decentralize the
web" by introducing four components as part of its roadmap: static
content publication, dynamic messages, trustless transactions and an
integrated user-interface.[6]
Each of these services is designed to replace some aspect of the
systems currently used in the modern web, but to do so in a fully
decentralised and pseudonymous manner.[7]
Ethereum is an open source project. Development began in December 2013, with the first Go and C++proof of concept builds (PoC1) being released in early February 2014.[8]
Since then, several further PoC builds have been released, culminating
with the public launch of the Ethereum blockchain on 30 July 2015.
Ether
The currency unit of Ethereum is the Ether, used to pay for computational services on the network.
To finance development, Ethereum distributed the initial allocation of Ethers via a 42-day public crowdsale, netting 31,591 bitcoins, worth $18,439,086 at that time, in exchange for about 60,102,216 Ethers.[12][citation needed]
Ether is divided into smaller units of currency called finney, szabo, shannon, babbage, lovelace, and wei (named after Wei Dai, the creator of b-money). Each larger unit is equal to 1000 of the next lower unit.[13]
In practice, however, the developers encourage the use of ether and
wei. Wei is the base unit of implementation and cannot be further
divided.
Smart contracts on Ethereum
Smart contracts
are computer protocols which verify or enforce the performance of a
contractual agreement. On Ethereum, contracts can be written in one of
the following four languages: Solidity (a JavaScript-like language), Serpent (a Python-like language), Mutan (C-like) and LLL (Lisp-like). They are compiled into bytecode before being deployed to the blockchain.
WaPo | It took years for the Internet to reach its first 100 computers. Today,
100 new ones join each second. And running deep within the silicon
souls of most of these machines is the work of a technical wizard of
remarkable power, a man described as a genius and a bully, a spiritual
leader and a benevolent dictator.
Linus Torvalds — who in person could be mistaken for just another
paunchy, middle-aged suburban dad who happens to have a curiously large
collection of stuffed penguin dolls — looms over the future of
computing much as Bill Gates and the late Steve Jobs loom over its past
and present. For Linux, the operating system that Torvalds created and
named after himself, has come to dominate the exploding online world,
making it more popular overall than rivals from Microsoft and Apple.
But while Linux is fast, flexible and free, a growing chorus of critics
warn that it has security weaknesses that could be fixed but haven’t
been. Worse, as Internet security has surged as a subject of
international concern, Torvalds has engaged in an occasionally profane
standoff with experts on the subject. One group he has dismissed as
“masturbating monkeys.” In blasting the security features produced by
another group, he said in a public post, “Please just kill yourself
now. The world would be a better place.”
There are legitimate philosophical differences amid the harsh words.
Linux has thrived in part because of Torvalds’s relentless focus on
performance and reliability, both of which could suffer if more
security features were added. Linux works on almost any chip in the
world and is famously stable as it manages the demands of many programs
at once, allowing computers to hum along for years at a time without
rebooting.
Yet even among Linux’s many fans there is growing unease about
vulnerabilities in the operating system’s most basic, foundational
elements — housed in something called “the kernel,” which Torvalds has
personally managed since its creation in 1991. Even more so, there is
concern that Torvalds’s approach to security is too passive, bordering
on indifferent.
gizmodo | Security researchers have come across a new kind
of Android malware, which purports to be a well-known app but then
exposes your phone to root attacks—and is virtually impossible to
remove.
The new malware has been found
in software available on third-party app stores. The apps in question
use code from official software that you can download from Google Play
like Facebook and Twitter, reports Ars Technica, so they initially seem innocuous and even provide the exact same functionality.
But in fact they’re injected with malicious code, which allows them
to gain root access to the OS. In turn, a series of exploits are
installed on the device as system applications, which makes them
incredibly hard—for most people, impossible—to remove. Fist tap Big Don.
Initially developed by Android, Inc., which Google bought in 2005,[13] Android was unveiled in 2007, along with the founding of the Open Handset Alliance – a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.[14] As of July 2013[update], the Google Play store has had over one million Android applications ("apps") published, and over 50 billion applications downloaded.[15] An April–May 2013 survey of mobile application developers found that 71% of developers create applications for Android,[16] and a 2015 survey found that 40% of full-time professional developers see Android as their priority target platform, which is comparable to Apple's iOS on 37% with both platforms far above others.[17] At Google I/O 2014, the company revealed that there were over one billion active monthly Android users, up from 538 million in June 2013.[18]
Android's source code is released by Google under open source licenses, although most Android devices ultimately ship with a combination of open source and proprietary software, including proprietary software required for accessing Google services.[3] Android is popular with technology companies that require a ready-made, low-cost and customizable operating system for high-tech devices.[19] Its open nature has encouraged a large community of developers and enthusiasts to use the open-source code as a foundation for community-driven projects, which add new features for advanced users[20] or bring Android to devices originally shipped with other operating systems. At the same time, as Android has no centralised update system most Android devices fail to receive security updates: research in 2015 concluded that almost 90% of Android phones in use had known but unpatched security vulnerabilities due to lack of updates and support.[21][22] The success of Android has made it a target for patent litigation as part of the so-called "smartphone wars" between technology companies.[23
It is instructive to look at Android
as a case study of mobile phone security for two reasons.
First, it's a much more principled design
and approach to security than either the web or desktop application contexts.
Web browsers have evolved incrementally over many years
to incorporate more and more security checks without as clean a
story
for how security should work and how isolation should be done. Looking at Android
allows us to understand how you go about designing a new clean
slate
security architecture from scratch if needed.
To understand what security problems we have to contend with, let's
understand what are the security goals you might have in mind,
or what things you might worry about in the context of applications
running on a user's mobile phone. Simply stated, we are working with a some data that the user has,
as well some resources-- things like the user's camera, GPS
device,
microphone,
and so on, and, a physical human user.
Then, we have the network interacting with the
device.
Some considerations for this interaction include ensuring that when two applications
interact,
they cannot arbitrarily tamper with each other's data, and processes,
and execution. At the same time, we want to allow applications
to interact with one another.
For example, if you get an email attachment in your email program,
you would like to open it up with a text editor, or a PDF viewer, or an
image
viewer.
So we need some sort of protected sharing between applications,
but isolation to make sure that they're still
secure in the presence of other applications.
Next, we might worry about access between applications
and shared
data that the user wants to keep private, perhaps,
or untampered with on their phone.
So we need to make sure that when applications
access the data on the user's device, this
is somehow mediated and done according to whatever policy the user is
OK with.
A similar consideration applies to applications
accessing the phone's resources.
Now this is not necessarily confidential data
that the user has stored on the phone, but it might, nonetheless,
be undesirable behavior from the phone user perspective.
For example, if the phones turn on the GPS device and start tracking
the user,
or running the device out of battery, or these
might cost the user money if the application starts
sending SMS messages, or using a lot of data on the user's mobile phone
plan.
These are some of the considerations that go
into isolating things within the phone.
There are of course other sets of considerations
that you have to worry about when dealing with the outside world--
outside of the phone, but that's Sith bidnis and not for slovenly peasant consideration.
Now in the case of Android, the platform itself
has relatively little to say about protecting the interaction
between the phone and the network.
One of the few exceptions is the application installation update
mechanism.
Here, the mobile phone platform has to make sure
that when your phone downloads a new version of an app,
it comes from the right application developer
and not from some man in the middle that's
injecting a malicious copy of the application into your phone.
Now, in the case of actual interactions between applications and the
network,
such as an application server running somewhere in the Cloud,
the Android platform doesn't provide much
in terms of primitives or mechanisms to help
applications secure that interaction.
The peasants applications are on their own in terms of protecting these
communication.
The final interaction we might want to consider in terms of security
on a mobile phone is the interaction between the human the user
and the phone in their hands.
Here, there are two qualitative kinds of problems you might worry about.
One, is that someone might steal your phone
and try to get at your information at their leisure. The typical defense against this is asking the user,
when they're interacting with the phone, to enter
some kind of a PIN or a password, to unlock a phone
to have the legitimate user be able to identify themselves. There are many techniques you might use here
to make sure that this password or PIN is strongly enforced,
such as disk encryption of all the contents on the phone itself.
We can talk about doing disk encryption as a separate matter.
The final consideration of interactions
between the user and the phone comes from protecting
the phone's proprietary internal states from a potentially curious or malicious
user.
This shows up in the case of DRM, or digital rights management,
concerns,
or paid applications.
So, for example, if a user buys some application in the Android Play
Store
or in Apple's equivalent app store, the phone platform
might want to make sure the user can't take the phone apart and get
the application out and give it to all of their friends for free.
This is really more Sith bidnis and outside the scope of what you peasants need concern yourself with your beloved little digital cather units.
We will focus exclusively on the interactions that take place within the phone--
so isolating applications from each other,
controlling how our applications can get at the data,
and the different resources. other aspects of the Android security problem will be addressed as these come to mind over time. Next time, we camy consider and briefly explore the threat model in which your digital catheter is embedded.
Careful, in-depth consideration of this topic is bound to disclose a very great deal concerning our assumptions about the world. In the world as we know it, your imagination could well run wild with possibilities over which you really shouldn't ever worry your pointy little peasant head...., (^;
newsfactor | Last November, the State Department announced it would be performing
"maintenance" on its non-classified e-mail systems during regularly
scheduled system downtime. However, The Associated Press later revealed
that the "maintenance" actually consisted of unplanned security
enhancements to address what State Department officials conceded were
signs of "suspicious activity."
Underscoring the severity of the intrusion, the State Department shut
down its unclassified e-mail system around the entire world. State
Department officials told media outlets at the time that they were using
their personal Gmail accounts in order to get their work done.
Although the State Department predicted that the issue would be resolved
within 48 to 72 hours, the intrusion has clearly lingered. Still
unresolved is the amount of material that might have been seized by the
hackers, or whether the hackers were able to use the unclassified e-mail
system as a staging area for attacks on more sensitive computer
networks.
Global Hack Attacks
The hacker intrusions into the State Department unclassified e-mail
system were actually first detected in October 2014, at about the same
time that hackers attempted to gain entry to computer systems at the
White House, the National Weather Service, and the U.S. Post Office.
No specific nation or group has been identified as the alleged source of
the attacks, although there was speculation that the White House was
targeted by Russian hackers and the other government agencies by Chinese
intruders. In its report Thursday, the Journal cited unnamed sources
who believed the State Department intrusions also originated from
Russia.
One aspect of the attacks that has left U.S. investigators somewhat
puzzled, however, is the fact that they have been able to detect the
intrusions at all. Their assumption, officials told the Journal, is that
Russian computer experts are at least as good as those working for the
United States, and that they are capable of avoiding this type of
routine detection. The fact that the attacks were so readily
identifiable suggests either that Russia was not using its starters, or
that the country was trying to send the U.S. some sort of message.
One thing that is relatively clear is how the initial infection
occurred. Investigators pin the blame on an unnamed State Department
official who apparently fell for a classic phishing attack. The hackers
created an e-mail message purporting to be about departmental issues,
and included a link to malicious software. All it took was for a single recipient to click on the link, and the infection was under way.
As numerous computer security experts have observed over the years, it
is vastly easier to play offense than defense in the cyber realm. Put
another way, a hacker only has to get lucky once; network defenders have
to be perfect all the time.
NYTimes | In
a report to be published on Monday, and provided in advance to The New
York Times, Kaspersky Lab says that the scope of this attack on more
than 100 banks and other financial institutions in 30 nations could make
it one of the largest bank thefts ever — and one conducted without the
usual signs of robbery.
The
Moscow-based firm says that because of nondisclosure agreements with
the banks that were hit, it cannot name them. Officials at the White
House and the F.B.I. have been briefed on the findings, but say that it
will take time to confirm them and assess the losses.
Kaspersky
Lab says it has seen evidence of $300 million in theft through clients,
and believes the total could be triple that. But that projection is
impossible to verify because the thefts were limited to $10 million a
transaction, though some banks were hit several times. In many cases the
hauls were more modest, presumably to avoid setting off alarms.
The majority of the targets were in Russia, but many were in Japan, the United States and Europe.
No
bank has come forward acknowledging the theft, a common problem that
President Obama alluded to on Friday when he attended the first White
House summit meeting on cybersecurity and consumer protection at
Stanford University. He urged passage of a law that would require public
disclosure of any breach that compromised personal or financial
information.
But
the industry consortium that alerts banks to malicious activity, the
Financial Services Information Sharing and Analysis Center, said in a
statement that “our members are aware of this activity. We have
disseminated intelligence on this attack to the members,” and that “some
briefings were also provided by law enforcement entities.”
arstechnica | A long list of almost superhuman technical feats illustrate Equation Group's extraordinary skill, painstaking work, and unlimited resources. They include:
The stashing of malicious files in multiple branches of an infected
computer's registry. By encrypting all malicious files and storing them
in multiple branches of a computer's Windows registry, the infection was
impossible to detect using antivirus software.
Redirects that sent iPhone users to unique exploit Web pages. In
addition, infected machines reporting to Equation Group command servers
identified themselves as Macs, an indication that the group successfully
compromised both iOS and OS X devices.
The use of more than 300 Internet domains and 100 servers to host a sprawling command and control infrastructure.
USB stick-based reconnaissance malware to map air-gapped networks,
which are so sensitive that they aren't connected to the Internet. Both
Stuxnet and the related Flame malware platform also had the ability to bridge airgaps.
An unusual if not truly novel way of bypassing code-signing
restrictions in modern versions of Windows, which require that all
third-party software interfacing with the operating system kernel be
digitally signed by a recognized certificate authority. To circumvent
this restriction, Equation Group malware exploited a known vulnerability in an already signed driver for CloneCD to achieve kernel-level code execution.
Taken together, the accomplishments led Kaspersky researchers to
conclude that Equation Group is probably the most sophisticated computer
attack group in the world, with technical skill and resources that
rival the groups that developed Stuxnet and the Flame espionage malware.
"It seems to me Equation Group are the ones with the coolest toys,"
Costin Raiu, director of Kaspersky Lab's global research and analysis
team, told Ars. "Every now and then they share them with the Stuxnet
group and the Flame group, but they are originally available only to the
Equation Group people. Equation Group are definitely the masters, and
they are giving the others, maybe, bread crumbs. From time to time they
are giving them some goodies to integrate into Stuxnet and Flame."
cbsnews | Fixing blame for cyber attacks is frustratingly difficult, partly
because originators often employ proxies, partly because attack analysis
turns up diversionary red herrings that implicate innocents. And that's
just the start of the problem.
It goes without saying by now
that cyber weapons enlarge and blur understood definitions of war. Cyber
aggressors include nation states, their private contractors, non-state
evildoers, and corporate interests. There are no norms or conventions
framing acceptable behavior in cyberspace -- the cyber version of arms
treaties. There's no playbook for proportional retaliation, nor
protocols for cooperative defensive action that join public and private
interests. (As evidence of our own cultural confusion, some called news
coverage of looted Sony data "near treason" -- as if the embarrassing email rants of studio execs are akin to nuclear launch codes.)
Any
rapid, unequivocal, on-the-record conclusion about who perpetrated what
should raise eyebrows. This is especially true with Europeans, who
harbor broad hesitation about such U.S. pronouncements after all those
keenly recalled 2003 assurances about Iraqi weapons of mass destruction.
Google Play | *This app requires root access and will only run on devices with Qualcomm chipset.*
SnoopSnitch collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking, and SS7 attacks.
To use SnoopSnitch, a rooted device with a Qualcomm chipset running stock Android 4.1 or higher is required. Unfortunately, custom ROMs are often unsupported at the moment as they can lack necessary proprietary drivers. (Some successful CyanogenMod installs have been reported.)
This application uses data contributed by other users. By choosing to upload your measurement results or security events, you can help improve this data base and support future research.
motherboard.vice | Prior to the release of the ANT catalog, the last time the public had
ever heard anything about retro-reflection technology being used in a
surveillance device was in 1960. And the technology became such a
sensation that it earned one of the most iconic nicknames of the Cold
War.
On August 4, 1945, as World War II was winding down and new tensions
with the Soviets were starting to wind up, Russian schoolchildren paid a
visit to the American Ambassador in Moscow and bestowed upon him a
token of good will: a Great Seal of the United States. The Ambassador
hung it in his residential study.
There it hung until one day in 1952, when a British radio technician in
Moscow, listening in on Russian air traffic, discovered something
unexpected on one frequency: the sound of the British ambassador, loud
and clear, along with other American-accented conversations. Thus began
one of many exhaustive tear-downs of the embassy. They were looking to
find a listening device—and they did, along with a new frontier of
spying. The culprit was the Great Seal.
Inside the Americans and British found a tiny device the likes of which
they’d never seen. So alien was the Great Seal Bug that the only
appropriate name for it seemed to be “The Thing,” after the character in
the Addams Family (which was then still just a New Yorker cartoon). It
was a retroreflector.
“The Thing,” turned out to have been invented by the legendary Russian
engineer Lev Sergeyevich Termen, or Leon Theremin, who may be most
famous as the father of
the spooky radio-based instrument named after him, but is also considered a pioneer of RFID technology.
But perhaps surprisingly, despite all the public interest in the
revelation, “The Thing” did not seem to herald more “things.” In the
history of espionage technology, it was a great story, but ultimately a
footnote. As far as the public knew, after its fantastical discovery
there were fifty-three years of radio silence, so to speak.
“In hindsight,” Ossmann said, “it’s obvious that these types of attacks
are practical and employed. For someone who knows a little bit about
electronics and a little bit about security, RF retroreflectors should
be completely unsurprising. However, I couldn't find anyone who had
published any research on the subject at all. That was astonishing."
(This is where things get a bit complicated again; it's worth it, but
if you simply can't deal with the details, take my word for it, and skip
down to the next section.) Fist tap Arnach.
spiegel | When it comes to modern firewalls for corporate computer networks, the
world's second largest network equipment manufacturer doesn't skimp on
praising its own work. According to Juniper Networks' online PR copy,
the company's products are "ideal" for protecting large companies and
computing centers from unwanted access from outside. They claim the
performance of the company's special computers is "unmatched" and their
firewalls are the "best-in-class." Despite these assurances, though,
there is one attacker none of these products can fend off -- the United
States' National Security Agency.
Specialists at the intelligence organization succeeded years ago in
penetrating the company's digital firewalls. A document viewed by
SPIEGEL resembling a product catalog reveals that an NSA division called
ANT has burrowed its way into nearly all the security architecture made
by the major players in the industry -- including American global
market leader Cisco and its Chinese competitor Huawei, but also
producers of mass-market goods, such as US computer-maker Dell.
A 50-Page Catalog
These NSA agents, who specialize in secret back doors, are able to
keep an eye on all levels of our digital lives -- from computing centers
to individual computers, and from laptops to mobile phones. For nearly
every lock, ANT seems to have a key in its toolbox. And no matter what
walls companies erect, the NSA's specialists seem already to have gotten
past them.
This, at least, is the impression gained from flipping through the
50-page document. The list reads like a mail-order catalog, one from
which other NSA employees can order technologies from the ANT division
for tapping their targets' data. The catalog even lists the prices for
these electronic break-in tools, with costs ranging from free to
$250,000.
spiegel | The NSA's TAO hacking unit is considered to be the intelligence agency's top secret weapon. It maintains its own covert network, infiltrates computers around the world and even intercepts shipping deliveries to plant back doors in electronics ordered by those it is targeting.
It was thanks to the garage door opener episode that Texans learned
just how far the NSA's work had encroached upon their daily lives. For
quite some time now, the intelligence agency has maintained a branch
with around 2,000 employees at Lackland Air Force Base, also in San
Antonio. In 2005, the agency took over a former Sony computer chip plant
in the western part of the city. A brisk pace of construction commenced
inside this enormous compound. The acquisition of the former chip
factory at Sony Place was part of a massive expansion the agency began
after the events of Sept. 11, 2001.
On-Call Digital Plumbers
One of the two main buildings at the former plant has since housed a
sophisticated NSA unit, one that has benefited the most from this
expansion and has grown the fastest in recent years -- the Office of
Tailored Access Operations, or TAO. This is the NSA's top operative unit
-- something like a squad of plumbers that can be called in when normal
access to a target is blocked.
According to internal NSA documents viewed by SPIEGEL, these on-call
digital plumbers are involved in many sensitive operations conducted by
American intelligence agencies. TAO's area of operations ranges from
counterterrorism to cyber attacks to traditional espionage. The
documents reveal just how diversified the tools at TAO's disposal have
become -- and also how it exploits the technical weaknesses of the IT
industry, from Microsoft to Cisco and Huawei, to carry out its discreet
and efficient attacks.
The unit is "akin to the wunderkind of the US intelligence
community," says Matthew Aid, a historian who specializes in the history
of the NSA. "Getting the ungettable" is the NSA's own description of
its duties. "It is not about the quantity produced but the quality of
intelligence that is important," one former TAO chief wrote, describing
her work in a document. The paper seen by SPIEGEL quotes the former unit
head stating that TAO has contributed "some of the most significant
intelligence our country has ever seen." The unit, it goes on, has
"access to our very hardest targets."
A Unit Born of the Internet
Defining the future of her unit at the time, she wrote that TAO
"needs to continue to grow and must lay the foundation for integrated
Computer Network Operations," and that it must "support Computer Network
Attacks as an integrated part of military operations." To succeed in
this, she wrote, TAO would have to acquire "pervasive, persistent access
on the global network." An internal description of TAO's
responsibilities makes clear that aggressive attacks are an explicit
part of the unit's tasks. In other words, the NSA's hackers have been
given a government mandate for their work. During the middle part of the
last decade, the special unit succeeded in gaining access to 258
targets in 89 countries -- nearly everywhere in the world. In 2010, it
conducted 279 operations worldwide.
Indeed, TAO specialists have directly accessed the protected networks of democratically elected leaders
of countries. They infiltrated networks of European telecommunications
companies and gained access to and read mails sent over Blackberry's BES
email servers, which until then were believed to be securely encrypted.
Achieving this last goal required a "sustained TAO operation," one
document states.
springer | Let us return to the nature of information warfare. In the past, war has always and only been real,
in the system + model sense, like the bed in which you sleep and the
apple you eat. The hard facts of war were inevitably accompanied by
their informational shadows: the human shouting, the smell of horses,
the sounds of trumpets in battles, the rhythm of machineguns, the
pitched whistles of bombs falling from the sky, the smell of napalm, the
marks left by the tanks’ tracks. For a short time, in the eighties,
passive mass media and digital consumerism made us mistakenly think that
war could be experienced by the public as virtual: a televised or
computerized game, involving only representations to which nothing
corresponded, like shadows without objects, simulacra in Baudrillard’s terminology. Thus, in 1991,4 Baudrillard argued in The Gulf War Did Not Take Place
that the hi-tech fighting on the American side during the first Gulf
War had transformed a conflict into propaganda and mass-mediated
experience. The analysis was correct both in perceiving a difference and
in identifying that difference in the decoupling between the system and
the model. But it was wrong in selecting models as the new
battlefields. Global information warfare is not virtual. It is mostly
latent, that is, it is in the world but not experienced as part of the
world. It is a war without shadows. You cannot see it, and cannot hear
it, it silently happens everyday, can hit anyone anywhere, and we can
all be its unaware victims. Take for instance distributed
denial-of-service attacks. According to Arbor Networks, more than 2,000
of DDoS occur worldwide every day.5
Their number is increasing and more and more countries are involved
that are not officially at war with each other. Similar attacks are very
cheap. According to TrendMicro Research a week-long DDoS attack,
capable of taking a small organization offline, can cost as little as
$150 in the underground market. This is just an example. Conflicts in
the infosphere—not just DDoS attacks, but also trade wars, currency
wars, patent wars, marketing wars, and other silent forms of
informational battles to win hearts, minds, and wallets—are increasingly
neither real nor virtual, but latent to most of their victims. They are
nonetheless dangerous and wasteful. They require special interfaces to
be perceived. They will require a special sensitivity to be eradicated.
anonymous | Anonymous has revealed a list of KKK members in light of the Ferguson
protests as part of #OpKKK and a cyberwar against the organization. The
‘de-hooding’ of Ku Klux Klan members has spurred threats and attacks
against Anonymous over social media, with @KuKluxKlanUSA stating “You
messed with us, now it’s our turn to mess with you.”
The threat comes in response to the campaign Anonymous began online,
to name KKK members in the Ferguson and St. Louis area after it was
discovered that the KKK members have been distributing fliers. The
fliers warn Ferguson protesters of the consequences of a continuation of
their fight, stating they have “awakened a sleeping giant,” and that
they [KKK] will use “lethal force” against protestors if they continue.
The fliers handed out justify the lethal force as a form of
“self-defense.”
Anonymous won’t tolerate racism in any form, or the suppression of
the right to protest. Many of the names listed are also accompanied by
photos of the members without their hoods. One member is a known police
officer, while another works in education. An image posted, displays a
KKK member standing quietly amongst the Ferguson protestors.
Anonymous will continue to monitor the KKK servers and disrupt their websites. [1]
The list, accompanied by images, can be found here.
computerworld | High-tech entrepreneur Elon Musk made headlines when he said artificial
intelligence research is a danger to humanity, but researchers from some
of the top U.S. universities say he's not so far off the mark.
"At first I was surprised and then I thought, 'this is not completely crazy,' " said Andrew Moore,
dean of the School of Computer Science at Carnegie Mellon University.
"I actually do think this is a valid concern and it's really an
interesting one. It's a remote, far future danger but sometime we're
going to have to think about it. If we're at all close to building these
super-intelligent, powerful machines, we should absolutely stop and
figure out what we're doing."
Musk, most well-known as the CEO of electric car maker Tesla Motors, and CEO and co-founder of SpaceX , caused a stir after he told an audience at an MIT symposium that artificial intelligence (AI), and research into it, poses a threat to humans.
"I think we should be very careful about artificial intelligence,"
Musk said when answering a question about the state of AI. "If I were
to guess at what our biggest existential threat is, it's probably that…
With artificial intelligence, we are summoning the demon. In all those
stories with the guy with the pentagram and the holy water, and he's
sure he can control the demon. It doesn't work out."
He added that there should be regulatory oversight -- at the national
and international level -- to "make sure we don't do something very
foolish."
Musk's comments came after he tweeted in early August that AI is "potentially more dangerous than nukes."
tomdispatch | Even if some future government stepped over one of the
last remaining red lines in our world and simply assassinated
whistleblowers as they surfaced, others would always emerge. Back in
1948, in his eerie novel 1984,
however, Orwell suggested a far more diabolical solution to the
problem. He conjured up a technological device for the world of Big
Brother that he called "the memory hole."
In his dark future, armies of bureaucrats, working in what he
sardonically dubbed the Ministry of Truth, spent their lives erasing or
altering documents, newspapers, books, and the like in order to create
an acceptable version of history. When a person fell out of favor, the
Ministry of Truth sent him and all the documentation relating to him
down the memory hole. Every story or report in which his life was in any
way noted or recorded would be edited to eradicate all traces of him.
In Orwell's pre-digital world, the memory hole was a vacuum tube into
which old documents were physically disappeared forever. Alterations to
existing documents and the deep-sixing of others ensured that even the
sudden switching of global enemies and alliances would never prove a
problem for the guardians of Big Brother. In the world he imagined,
thanks to those armies of bureaucrats, the present was what had always
been -- and there were those altered documents to prove it and nothing
but faltering memories to say otherwise. Anyone who expressed doubts
about the truth of the present would, under the rubric of “thoughtcrime,” be marginalized or eliminated.
Government and Corporate Digital Censorship
Increasingly, most of us now get our news, books, music, TV, movies,
and communications of every sort electronically. These days, Google
earns more advertising revenue than all U.S. print media combined. Even the venerable Newsweek no longer publishes a paper edition. And in that digital world, a certain kind of “simplification” is being explored.
DEFCON is the world's largest hacking conference, held in Las Vegas, Nevada. In 2012 it was held for the 20th time. The conference has strict no-filming policies, but for DEFCON 20, a documentary crew was allowed full access to the event. The film follows the four days of the conference, the events and people (attendees and staff), and covers history and philosophy behind DEFCON's success and unique experience.
reuters | "What bothers me is the hypocritical bit - we demonize China when we've been doing these things and probably worse."
Alexander
took a conciliatory tone during his Black Hat speech, defending the NSA
but saying he looked forward to a discussion about how it could do
things better.
Black Hat attracts
professionals whose companies pay thousands of dollars for them to
attend. Def Con costs $180 and features many of the same speakers.
At
Black Hat, a casual polling station at a vendor's exhibition booth
asking whether Snowden was a villain or a hero produced a dead heat: 138
to 138. European attendees were especially prone to vote for hero, the
vendor said.
Def Con would have
been much rougher on Alexander, judging by interviews there and the
reception given speakers who touched on Snowden and other government
topics.
Christopher Soghoian, an
American Civil Liberties Union technologist, drew applause from hundreds
of attendees when he said the ACLU had been the first to sue the NSA
after one of the spy programs was revealed.
Peiter
Zatko, a hacker hero who funded many small projects from a
just-departed post at the Pentagon's Defense Advanced Research Projects
Agency, told another large audience that he was unhappy with the
surveillance programs and that "challenging the government is your
patriotic duty."
The disenchanted
give multiple reasons, citing previous misleading statements about
domestic surveillance, the government's efforts to force companies to
decrypt user communications, and the harm to U.S. businesses overseas.
"I
don't think anyone should believe anything they tell us," former NSA
hacker Charlie Miller said of top intelligence officials. "I wouldn't
work there anymore."
Stamos and
Moss said the U.S. government is tilting too much toward offense in
cyberspace, using secret vulnerabilities that their targets can then
discover and wield against others.
Closest
to home for many hackers are the government's aggressive prosecutions
under the Computer Fraud and Abuse Act, which has been used against
Internet activist Aaron Swartz, who committed suicide in January, and
U.S. soldier Bradley Manning, who leaked classified files to
anti-secrecy website WikiLeaks.
A
letter circulating at Def Con and signed by some of the most prominent
academics in computer security said the law was chilling research in the
public interest by allowing prosecutors and victim companies to argue
that violations of electronic "terms of service" constitute unauthorized
intrusions.
Researchers who have
found important flaws in electronic voting machines and medical devices
did so without authorization, the letter says.
If
there is any silver lining, Moss said, it is that before Snowden's
leaks, it had been impossible to have an informed discussion about how
to balance security and civil liberties without real knowledge of
government practices. Fist tap Arnach.
"The debate is just starting," he said. "Maybe we can be a template for other democracies."
Citizenship, Criticism, and Communism
-
In the 1940s and ’50s, Americans engaged in an intense debate over the
content of school textbooks, particularly social studies texts. Fears of
communism a...
A Foundation of Joy
-
Two years and I've lost count of how many times my eye has been operated
on, either beating the fuck out of the tumor, or reattaching that slippery
eel ...
April Three
-
4/3
43
When 1 = A and 26 = Z
March = 43
What day?
4 to the power of 3 is 64
64th day is March 5
My birthday
March also has 5 letters.
4 x 3 = 12
...
Return of the Magi
-
Lately, the Holy Spirit is in the air. Emotional energy is swirling out of
the earth.I can feel it bubbling up, effervescing and evaporating around
us, s...
New Travels
-
Haven’t published on the Blog in quite a while. I at least part have been
immersed in the area of writing books. My focus is on Science Fiction an
Historic...
Covid-19 Preys Upon The Elderly And The Obese
-
sciencemag | This spring, after days of flulike symptoms and fever, a man
arrived at the emergency room at the University of Vermont Medical Center.
He ...