Archive for the ‘Tech-Software’ Category

Maybe Better If You Don’t Read This Story on Public WiFi

Thursday, January 7th, 2016

– I knew things were bad – but I didn’t know they were this bad.

– Unless you want to be in complete denial about your computer security issues, you will want to read this.

– dennis

– – – – – – – – – – – – – – – –

We took a hacker to a café and, in 20 minutes, he knew where everyone else was born, what schools they attended, and the last five things they googled.

In his backpack, Wouter Slotboom, 34, carries around a small black device, slightly larger than a pack of cigarettes, with an antenna on it. I meet Wouter by chance at a random cafe in the center of Amsterdam. It is a sunny day and almost all the tables are occupied. Some people talk, others are working on their laptops or playing with their smartphones.

Wouter removes his laptop from his backpack, puts the black device on the table, and hides it under a menu. A waitress passes by and we ask for two coffees and the password for the WiFi network. Meanwhile, Wouter switches on his laptop and device, launches some programs, and soon the screen starts to fill with green text lines. It gradually becomes clear that Wouter’s device is connecting to the laptops, smartphones, and tablets of cafe visitors.

On his screen, phrases like “iPhone Joris” and “Simone’s MacBook” start to appear. The device’s antenna is intercepting the signals that are being sent from the laptops, smartphones, and tablets around us.

More text starts to appear on the screen. We are able to see which WiFi networks the devices were previously connected to. Sometimes the names of the networks are composed of mostly numbers and random letters, making it hard to trace them to a definite location, but more often than not, these WiFi networks give away the place they belong to.

We learn that Joris had previously visited McDonald’s, probably spent his vacation in Spain (lots of Spanish-language network names), and had been kart-racing (he had connected to a network belonging to a well-known local kart-racing center). Martin, another café visitor, had been logged on to the network of Heathrow airport and the American airline Southwest. In Amsterdam, he’s probably staying at the White Tulip Hostel. He had also paid a visit to a coffee shop called The Bulldog.

Session 1:

Let everyone connect to our fake network

The waitress serves us our coffee and hands us the WiFi password. After Slotboom is connected, he is able to provide all the visitors with an internet connection and to redirect all internet traffic through his little device.

Most smartphones, laptops, and tablets automatically search and connect to WiFi networks. They usually prefer a network with a previously established connection. If you have ever logged on to the T-Mobile network on the train, for example, your device will search for a T-Mobile network in the area.

Slotboom’s device is capable of registering these searches and appearing as that trusted WiFi network. I suddenly see the name of my home network appear on my iPhone’s list of available networks, as well as my workplace, and a list of cafes, hotel lobbies, trains, and other public places I’ve visited. My phone automatically connects itself to one of these networks, which all belong to the black device.

Slotboom can also broadcast a fictitious network name, making users believe they are actually connecting to the network of the place they’re visiting. For example, if a place has a WiFi network consisting of random letters and numbers (Fritzbox xyz123), Slotboom is able to provide the network name (Starbucks). People, he says, are much more willing to connect to these.

We see more and more visitors log on to our fictitious network. The siren song of the little black device appears to be irresistible. Already 20 smartphones and laptops are ours. If he wanted to, Slotboom could now completely ruin the lives of the people connected: He can retrieve their passwords, steal their identity, and plunder their bank accounts. Later today, he will show me how. I have given him permission to hack me in order to demonstrate what he is capable of, though it could be done to anyone with a smartphone in search of a network, or a laptop connecting to a WiFi network.

Everything, with very few exceptions, can be cracked.

The idea that public WiFi networks are not secure is not exactly news. It is, however, news that can’t be repeated often enough. There are currently more than 1.43 billion smartphone users worldwide and more than 150 million smartphone owners in the U.S. More than 92 million American adults own a tablet and more than 155 million own a laptop. Each year the worldwide demand for more laptops and tablets increases. In 2013, an estimated 206 million tablets and 180 million laptops were sold worldwide. Probably everyone with a portable device has once been connected to a public WiFi network: while having a coffee, on the train, or at a hotel.

The good news is that some networks are better protected than others; some email and social media services use encryption methods that are more secure than their competitors. But spend a day walking in the city with Wouter Slotboom, and you’ll find that almost everything and everyone connected to a WiFi network can be hacked. A study from threat intelligence consultancy Risk Based Security estimates that more than 822 million records were exposed worldwide in 2013, including credit card numbers, birth dates, medical information, phone numbers, social security numbers, addresses, user names, emails, names, and passwords. Sixty-five percent of those records came from the U.S. According to IT security firm Kaspersky Lab, in 2013 an estimated 37.3 million users worldwide and 4.5 million Americans were the victim of phishing—or pharming—attempts, meaning payment details were stolen from hacked computers, smartphones, or website users.

Report after report shows that digital identity fraud is an increasingly common problem. Hackers and cybercriminals currently have many different tricks at their disposal. But the prevalence of open, unprotected WiFi networks does make it extremely easy for them. The Netherlands National Cyber ??Security Center, a division of the Ministry of Security and Justice, did not issue the following advice in vain: “It is not advisable to use open WiFi networks in public places. If these networks are used, work or financial related activities should better be avoided.”

Slotboom calls himself an “ethical hacker,” or one of the good guys; a technology buff who wants to reveal the potential dangers of the internet and technology. He advises individuals and companies on how to better protect themselves and their information. He does this, as he did today, usually by demonstrating how easy it is to inflict damage. Because really, it’s child’s play: The device is cheap, and the software for intercepting traffic is very easy to use and is readily available for download. “All you need is 70 Euros, an average IQ, and a little patience,” he says. I will refrain from elaborating on some of the more technical aspects, such as equipment, software, and apps needed to go about hacking people.

Session 2:

Scanning for name, passwords, and sexual orientation

Armed with Slotboom’s backpack, we move to a coffeehouse that is known for the beautiful flowers drawn in the foam of the lattes, and as a popular spot for freelancers working on laptops. This place is now packed with people concentrating on their screens.

Slotboom switches on his equipment. He takes us through the same steps, and within a couple of minutes, 20 or so devices are connected to ours. Again we see their Mac-addresses and login history, and in some cases their owners’ names. At my request, we now go a step further.

Slotboom launches another program (also readily available for download), which allows him to extract even more information from the connected smartphones and laptops. We are able to see the specifications of the mobile phone models (Samsung Galaxy S4), the language settings for the different devices, and the version of the operating system used (iOS 7.0.5). If a device has an outdated operating system, for example, there are always known “bugs,” or holes in the security system that can be easily exploited. With this kind of information, you have what you need to break into the operating system and take over the device. A sampling of the coffeehouse customers reveals that none of the connected devices have the latest version of the operating system installed. For all these legacy systems, a known bug is listed online.

We can now see some of the actual internet traffic of those around us. We see that someone with a MacBook is browsing the site Nu.nl. We can see that many devices are sending documents using WeTransfer, some are connecting to Dropbox, and some show activity on Tumblr. We see that someone has just logged on to FourSquare. The name of this person is also shown, and, after googling his name, we recognize him as the person sitting just a few feet away from us.

Information comes flooding in, even from visitors who are not actively working or surfing. Many email programs and apps constantly make contact with their servers—a necessary step for a device to retrieve new emails. For some devices and programs, we are able to see what information is being sent, and to which server.

And now it’s getting really personal. We see that one visitor has the gay dating app Grindr installed on his smartphone. We also see the name and type of the smartphone he’s using (iPhone 5s). We stop here, but it would be a breeze to find out to who the phone belongs to. We also see that someone’s phone is attempting to connect to a server in Russia, sending the password along with it, which we are able to intercept.

Session 3:

Obtaining information on occupation, hobbies, and relational problems

Many apps, programs, websites, and types of software make use of encryption technologies. These are there to ensure that the information sent and received from a device is not accessible to unauthorized eyes. But once the user is connected to Slotboom’s WiFi network, these security measures can be circumvented relatively easily, with the help of decryption software.

To our shared surprise, we see an app sending personal information to a company that sells online advertising. Among other things, we see the location data, technical information of the phone, and information of the WiFi network. We can also see the name (first and last) of a woman using the social bookmarking website Delicious. Delicious allows users to share websites—bookmarks—they are interested in. In principle, the pages that users of Delicious share are available publicly, yet we can’t help feeling like voyeurs when we realize just how much we are able to learn about this woman on the basis of this information.

First we google her name, which immediately allows us to determine what she looks like and where in the coffeehouse she is sitting. We learn that she was born in a different European country and only recently moved to the Netherlands. Through Delicious we discover that she’s been visiting the website of a Dutch language course and she has bookmarked a website with information on the Dutch integration course.

In less than 20 minutes, here’s what we’ve learned about the woman sitting 10 feet from us: where she was born, where she studied, that she has an interest in yoga, that she’s bookmarked an online offer for a anti-snore mantras, recently visited Thailand and Laos, and shows a remarkable interest in sites that offer tips on how to save a relationship.

Slotboom shows me some more hacker tricks. Using an app on his phone, he is able to change specific words on any website. For example, whenever the word “Opstelten” (the name of a Dutch politician) is mentioned, people see the word “Dutroux” (the name of a convicted serial killer) rendered on the page instead. We tested it and it works. We try another trick: Anyone loading a website that includes pictures gets to see a picture selected by Slotboom. This all sounds funny if you’re looking for some mischief, but it also makes it possible to load images of child pornography on someone’s smartphone, the possession of which is a criminal offense.

Password intercepted

We visit yet another cafe. My last request to Slotboom is to show me what he would do if he wanted to really harm me. He asks me to go to Live.com (the Microsoft email site) and enter a random username and password. A few seconds later, the information I just typed appears on his screen. “Now I have the login details of your email account,” Slotboom says. “The first thing I would do is change the password of your account and indicate to other services you use that I have forgotten my password. Most people use the same email account for all services. And those new passwords will then be sent to your mailbox, which means I will have them at my disposal as well.” We do the same for Facebook: Slotboom is able to intercept the login name and password I entered with relative ease.

Another trick that Slotboom uses is to divert my internet traffic. For example, whenever I try to access the webpage of my bank, he has instructed his program to re-direct me to a page he owns: a cloned site that appears to be identical to the trusted site, but is in fact completely controlled by Slotboom. Hackers call this DNS spoofing. The information I entered on the site is stored on the server owned by Slotboom. Within 20 minutes he’s obtained the login details, including passwords for my Live.com, SNS Bank, Facebook, and DigiD accounts.

I will never again be connecting to an insecure public WiFi network without taking security measures.

– Follow this link to the original of this story…

Mysterious world of the ‘dark web’

Monday, August 17th, 2015

The “dark web” is a part of the world wide web that requires special software to access. Once inside, web sites and other services can be accessed through a browser in much the same way as the normal web.

However, some sites are effectively “hidden”, in that they have not been indexed by a search engine and can only be accessed if you know the address of the site. Special markets also operate within the dark web called, “darknet markets”, which mainly sell illegal products like drugs and firearms, paid for in the cryptocurrency Bitcoin.

There is even a crowdfunded “Assassination Market”, where users can pay towards having someone assassinated.

Because of the the dark web’s almost total anonymity, it has been the place of choice for groups wanting to stay hidden online from governments and law enforcement agencies. On the one hand, there have been whistleblowers using the dark web to communicate with journalists, but more frequently it has been used by paedophile groups, terrorists and criminals to keep their dealings secret.

Going dark

There are a number of ways to access the dark web, including the use of Tor, Freenet and I2P. Of these, the most popular is Tor (originally called The Onion Router), partly because it is one of the easiest software packages to use. Tor downloads as a bundle of software that includes a version of Firefox configured specifically to use Tor.

Tor provides secrecy and anonymity by passing messages through a network of connected Tor relays, which are specially configured computers. As the message hops from one node to another, it is encrypted in a way that each relay only knows about the machine that sent the message and the machine it is being sent to.

Rather than conventional web addresses, Tor uses “onion” addresses, which further obsure the content. There are even special versions of search engines like Bing and Duck Duck Go that will return onion addresses for Tor services.

It is a mistake to think that Tor is entirely anonymous. If a web site is accessed, it can still potentially find out information about whoever is accessing the site because of information that is shared, such as usernames and email addresses. Those wanting to stay completely anonymous have to use special anonymity services to hide their identity in these cases.

Services on the dark web would not have been as popular without a means of paying for them. This is something that Bitcoin has made possible. A recent study by Carnegie Mellon researchers Kyle Soska and Nicolas Christin has calculated that drug sales on the dark net total US$100 million a year. Most, if not all, was paid for in Bitcoin.

Bitcoin is made even more difficult to track on the dark web through the use of “mixing services” like Bitcoin Laundry, which enables Bitcoin transactions to be effectively hidden completely.

How ‘dark’ is the dark web?

The developers of Tor and organisations like the Electronic Frontier Foundation (EFF argue that the principal users of Tor are activists and people simply concerned with maintaining their privacy. Certainly, Tor has been used in the past for journalists to talk to whistleblowers and activists, including Edward Snowden).

However, even a cursory glance at the Hidden Wiki – the main index of dark websites – reveals that the majority of sites listed are concerned with illegal activities. Some of these sites are scams, and so it is not clear how easy it is to buy guns, fake passports and hire hackers from the services listed. But there are likely sites on the dark web where these things are entirely possible.

Although the dark web makes law enforcement agencies’ jobs much more difficult, they have had a great deal of success in bringing down sites and arresting their users and the people behind them. The most famous of these was the arrest of Ross Ulbricht, the person behind the most well known of the drug markets, Silk Road.

More recently, the FBI’s arrest of two users of a child abuse site on the dark web highlighted that they are now able to use a range of techniques to unmask Tor users’ real internet addresses.

– To the Original:  

 

Websites can track us by the way we type

Friday, July 31st, 2015

– Here’s an article explaining how websites can identify who is typing by watching patterns in how we touch the keys.  I.e., how long you hold particular keys down and how much time elapses between different keystrokes.

– And the article describes a Google Chrome add-on that will mask this for you so you can become anonymous again.

– It is getting harder and harder to move about in the world anonymously.  There are some who would say, “If you are not doing anything wrong, why would you care?”  I don’t subscribe to that.  We are, by common social agreement and oftentimes by the rule of law, innocent until proved guilty.

– The people that hold and use these tools may be benign towards us today but there’s no guarantee that they will remain so in the future.  So, it seems obvious to me that if someone wants to exert greater control over us in the future, they will already have all the tools they need to win the battle to control us before a shot is fired.

– dennis

= = = = = = = = = = = = =

Meet KeyboardPrivacy: a proof-of-concept Google Chrome extension that masks how long your fingers linger on each key you depress as you type and how much of a time lag there is between each of your key presses.

And just why would you need to disguise these typing traits – also known as periodicity – which are as unique to individuals as fingerprints?

Because there’s technology out there that can measure our typing characteristics, on the scale of millisecond-long delays and key presses, and use the data to profile us with such a high degree of accuracy that – Tor or no Tor – you won’t stay anonymous when browsing online.

Examples include profiling technology from a Swedish company called BehavioSec that can identify site visitors, based on their typing habits, with a session score of 99% and a confidence rate of 80%.

That type of success comes after the technology has been trained on a mere 44 input characters.

The extension, designed to obfuscate our typing patterns, comes from security researchers Per Thorsheim and Paul Moore.

On Tuesday, Moore said on his blog that UK banks are rumored to be actively trialing such technology to try to detect and minimize the risk of fraud.

That rumor is backed up by news reports mentioning that, as of March 2013, BehavioSec counted Sweden’s top ten national banks – along with Samsung – among its clients.

Why would the researchers want to fight off banks’ efforts to detect fraudulent activity on our accounts?

And why would bank customers want to reduce security by throwing a monkey wrench – or, really, in this case, it’s more like introducing the technical equivalent of a highly accurate cat walking across our keyboards – into banks’ efforts?

Because as it is, we’re trading privacy for security, Moore said.

…More:

 

Leaked docs show spyware used to snoop on US computers

Sunday, August 10th, 2014

– Truly, I think we have less and less of a chance to keep our computers secure and our communications private.  If we haven’t been hacked, it is only because there are so many of us and so few hackers/criminals to go around.   Or it’s because we have not sufficiently irritated someone in the officialdom enclosing us.

– Personally, I am considering setting up from scratch (wipe the disk and install a virgin copy of the operating system) one specific computer for my essential banking and financial activities.   This machine would be only used for these activities and nothing else.  I’ll keep its anti-vius and malware defenses fully updated and, when I am not using it, it will be turned off and disconnected.   And, when I do use it, I will shut off and disconnect the other systems on my LAN in case they are infected.

– I’m also considering changing all my passwords as well.

– Paranoid or playing the odds?  I think it is hard to tell but the saying ‘better safe than sorry’ does come to mind.

– And should I not worry so much and simply assume that my government will look out for me?  

– I Don’t think so.  They are too busy doing the bidding the corporate world.  And I am irrelevant to the corporate world useless they can use me  somehow to increase their profits.

– Nope, other than me, nobody else has my back on this.  And those who think it isn’t so will eventually find out the truth the hard way.

– dennis

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

imagesSoftware created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica.

It’s not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.

The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma’s software to spy on dissidents, journalists, and activist groups.

The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. “I think it’s highly unlikely that it’s a fake,” said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group’s software and who authored an article about the leak on Thursday.

The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.

Gamma has not commented publicly on the authenticity of the documents. A phone number listed on a Gamma Group website was disconnected. Gamma Group did not respond to e-mail requests for comment.

The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how touse Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets’ computers and cell phones.

price list included in the trove lists a license of the software at almost $4 million.

The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer “exploits.”

Exploits include techniques called “zero days” for “popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more.” Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.

Vupen has said publicly that it only sells its exploits to governments, but Gamma may have no such scruples. “Gamma is an independent company that is not bound to any country, governmental organisation, etc.,” says one file in the Gamma Group’s material. At least one Gamma customer listed in the materials is a private security company.

Vupen didn’t respond to a request for comment.

Many of Gamma’s product brochures have previously been published by the Wall Street Journal andWikileaks, but the latest trove shows how the products are getting more sophisticated.

In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user’s machine, and found that it could not be blocked by most antivirus software.

Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft’s Bitlocker.

Mike Janke, the CEO of Silent Circle, said in an e-mail that “we have serious doubts about if they were going to be successful” in circumventing the phone software and that Silent Circle is working on bulletproofing its app.

Microsoft did not respond to a request for comment.

The documents also describe a “country-wide” surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target’s computer.

The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak.

On Reddit, a user called PhineasFisher claimed responsibility for the leak. “Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents,” the user wrote. The name on the @GammaGroupPR Twitter account is also “Phineas Fisher.”

GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company’s malware was used to target activists in Bahrain.

In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.

– To the original:  

 

Cicada 3301

Monday, December 23rd, 2013

– I’ve been a programmer and systems analyst most of my life.  I started with computers the year before I graduated from university (1976) and I’ve loved the work ever since.   Indeed, I threw over the career that my degree in Microbiology qualified me for to pursue the new (then) world of computers.

– I’ve been all around the block with this career, as you might expect, given the years I’ve spent in it.   And I was lucky (or brash enough) to have found my self in widely disparate areas of the field ranging from applications, web-based and database work to the lowest levels of operating systems written in assembly language.   

– But, no matter how much you’ve seen and how far down the rabbit hole you’ve wandered, there’s always more.  The following article brought that home to me clearly.  

– The Internet that we know is not the Internet that actually exists.  Beyond what most of us have seen as either users or programmers, there’s still another entire world out there.

– Digital spelunking, anyone?   I’ve posted links to two articles you may enjoy, below.

– dennis

= = = = = = = = = = = = = = = = = = = = = =

tunnelsWikipedia’s take

A first hand account

Tiles, the NSA and your iPhone – it’s a changing world

Monday, September 16th, 2013

“The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.”  from ProPublica

– dennis

= = = = = = = = = = = = = = = = = = =

As someone who thinks of himself as a futurist, I tend to keep my eyes peeled for patterns and connections which can, possibly, indicate something about our future.

There are two things going on now which I think are going to conjunct and increase the penetration into our personal lives of the nascent police states that most western democracies are steadily becoming.

The first thing

Is already visibly in motion.  That is the efforts of the American NSA to penetrate everyone and everything in the name of national security; as revealed by Edward Snowden’s documents.

It is now open knowledge that the NSA has broken most of the cryptology that we’ve depended on to keep our personal information safe from prying eyes.

This would include your computer passwords.

NSA

And any files you store in encrypted form.  And any files you send.  And any files you receive in encrypted form.

And, if they have access to your computer passwords, then they have full access to all your files and all your stored e-mail.

If they have all of that, then what do you have?

Bupkis – you don’t have much that’s yours, if they want it.

The criminal hackers of the world would be overjoyed to have that sort of access.   If they did, your computers would be full of malware, trojans and key loggers before you could blink.

I suppose we can just hope that the folks in the NSA that have access to this sort of power are using it exclusively for the public good.

The second thing

Has only just recently come into play.   These are the little devices called “Tilesthat you may have seen advertised.  They’ve been sold on-line now for a few months and the first deliveries are scheduled for winter 2013/2014.  I bought one recently for $18.95 USD out of curiosity.

Tile

Tiles help you find things.  They are about an inch square, made of white plastic, about 1/8 of an inch thick and they have a small hole on one corner so you can tie or attach them to things.  You can also stick them onto things with two-sided adhesive.

They have a non-replaceable battery in them that runs for about a year and they communicate back and forth via the Bluetooth short-range radio.   They come with an application program that runs on your iPhone and the program can help you find  one of your Tiles if you’ve lost it and whatever it is attached to like your keys, or your backpack or whatever.

If, for example, you’ve lost your keys, you fire up the Tile application program and ask it to locate the Tile attached to your keys.

If you are within about 50 to 150 feet or so of your keys (the range varies with terrain), the application program will show you on your iPhone where the Tile (and your keys) are … out in the garage.

Ah!  And then you remember that you laid them down on the work bench when your phone rang as you were getting the groceries out of your car.

One more thing about Tiles.  If you really lose something, like your motorcycle is missing through theft, and you were thoughtful enough to have had a Tile attached to it, you can contact the Tile people and they will put out an alert on that Tile.

Once a Tile has an alert on it, any iPhone in the world running the Tile application program that passes with 50 to 150 feet or so of your sought-after Tile, will silently send a message to the Tile people indicating that it ‘saw’ your Tile and provide the GPS location where it was.

The person carrying the iPhone running the Tile application program that located your Tile won’t even know any of this happened.

So, where ever folks are wandering around with the Tile application program on their iPhones, a quiet and constant search is being made all the time for lost Tiles (and whatever’s attached to them).

So, how does this link to the NSA and future developments?

Well, it goes like this.

The first thing to realize is that the NSA folks are certainly smarter than the average bear.  They could, and probably already have, made something very much like the Tile.  Something that’s a lot smaller, harder to detect, has better range, longer battery life and etc.  Let’s call these special NSA versions NSATiles.

The second thing to recognize is that the NSA already has the technology to break and enter into virtually any computer they want to; including our iPhones.

So, if they wish to, they can populate most of the world’s iPhones with a sweet little bit of hidden software that none of us would know about that does just what the Tile application program does; except for NSA’s purposes.

Mmm. Perhaps, I’m not thinking this through clearly?

Why should they need to insert new clandestine software into our iPhones from the outside?

The recent news from Edward Snowden has also revealed that the NSA has, under national security laws, forced some of the major software companies in the US to install ‘backdoors‘ into their software so the NSA can go in and look at what it wants to even while users of that software think their privacy is secure.   Moreover, the NSA has enjoined these companies to say nothing of this; again under the threat of national security laws.

So, why couldn’t the NSA have pressured Apple to add NSATile detection and reporting software?  They’ve done a lot of this sort of thing already.  And, Apple couldn’t warn us without breaking the law.

In short, there’s no reason why the NSA cannot use our millions iPhone devices to clandestinely scan the world for NSATiles that the NSA is interested in tracking.

And, when your iPhone sees such an NSATile, it will silently “phone home”  to the NSA and report it along with its GPS coordinates.  Nice, eh?

So, we will be an entire world of folks wandering around with iPhones doing the NSA’s bidding and looking for anyone or anything that the NSA wants to track geographically.  Terrorists, demonstrators, spies, packages, books, animals, us … you name it.

And all of us doing NSA’s bidding unknowingly.

Will this happen?

The real question, I think, given that capabilities described already exist, is why wouldn’t it be happening now?   After all, knowledge is power and this is government we’re talking here.

In a related development

There’s a parallel development involving very similar technology, see this article which I just encountered today by coincidence.

It is about something called iBeacon which is part of Apple’s newly released iOS 7 software.

This new iBeacon technology will be coming to a shopping center near you soon and it’s going to be talking to your iPhone as you walk by the stores.  It’s going to be trying to sell  you things.

Personal – 13 Apr 2013

Friday, April 12th, 2013

– My partner, Colette, and I are wrapping up four months in Wellington, New Zealand, this weekend and preparing to spend two weeks touring New Zealand’s North Island by car before we travel across the Cook Strait via ferry to the South island and then by train back to Christchurch.

– I’ve really conceived a love for Wellington.  What a vibrant, beautiful and pleasant a city it is.  We’ve been over most of it on foot and by bus these four months.  We’ve sat in on Parliament’s question and answer sessions, visited endless coffee shops and restaurants, hosted a few friends with us, made use of the libraries, theaters, free concerts, talks and various cultural and ethnic street events.

– Another event that transpired during our time here was that Colette wrapped up 12 years with the New Zealand Ministry of Justice and is now a free agent.

– And yet another event was that it looks like I will finally be paid out for the apartment I lost in Christchurch in the February 2011 earthquake there.  And that money, when it arrives, will augment my income nicely and give me a bit more flexibility which is never a bad thing.

– While I’ve been here I’ve been digging into programming iPhone and iPad apps and I’ve come up to speed nicely.  In fact, just today, I bid my first job to write an app.

– That’s the news.

– Cheers from New Zealand, my friends,

-dennis

 

How to implement Globals in Objective-C – Updated

Monday, February 18th, 2013

– Oh, the embarrassment of premature technical wisdom ejaculation.

– Since I wrote all the stuff, below, I’ve had a big rethink about Globals and realized that the method of implementing them that I’d adopted was seriouly lame.

– I went back and thought through how I’d done it before in the Microsoft Win32 OOP world and I reasoned my way through to doing the same thing here, and, it is sooooo much simpler and way faster.  That’s what I get for cook-booking off someone else’s code without understanding it.

– It still baffles me, when you go searching for it, why the information out there about how to implement Globals in Objective-C is such a dog’s breakfast.

– But, I know how to do it now and I’m going to write it up here and maybe that will aid someone else on a search to answer the same question.

– So, below, you will find my new method and code and the old stuff is gone.

-dennis

*—————————————————–*

Create a class, UtlGen.  In it we put general utility methods that we can call from anywhere.

Create a file, globals.h, where we can declare our globals variables.  In it I have the following line:

UtlGen * g_pUtl;

This creates a pointer to an instance of the UtlGen class.

I want this pointer to be (globally) visible from anywhere in my program so I need to place it outside of any blocks.  I’d also like to put in a place that makes sense to other programmers.  To me, there are two obvious choices.  One is in the main.m file and the other is in the AppDelegate.m file.  Main.m is the first place where execution begin and the AppDelegate.m is the second.   I select the AppDelegate.m file because I think folks don’t generally expect you to mess with the main.m file.

Near the top of the AppDelegate.m file, I import the global.h file like so:

#import “myprogramAppDelegate.h”
#import “global.h”   <— global variables live here.
@implementation myprogramAppDelegate

We also instantiate and release the UtlGen object in the AppDelegate. module.   The very first method called in AppDelegate.m is:

-(BOOL) application( … and so on …

Inside this method, we add the line:

g_pUtl = [[UtlGen alloc] init]; 

This is how we instantiate the UtlGen object and assign its pointer to the global variable, g_pUtl.

In the -(void) dealloc method of the AppDelegate module, we add the following line:

[UtlGen release];

And that’s how we release the object’s memory when the app shuts down.

In the myprogram-Prefix.pch file, I place the following line in with the other imports:

#import “UtlGen.h”

This file contains the precompiled definitions that are visible to all modules.  Importing UtlGen.h here means that the methods (and their prototypes) available in the UtlGen object will be visible everywhere.

Now, we are ready to use any of the methods in the UtlGen object from any module.

Let’s use a hypothetical method called ‘twiceMe’ in the UtlGen object.

In the application, we have a class, someClass, which is implemented in the someClass.m file.  In this file is the implementation of a method, ‘doMath’.  In the doMath method, we will call the twiceMe method of the UtlGen object to double the value of an integer we pass to it.

In the someClass.m file we do this:

@implementation someClass
extern UtlGen * g_pUtl;

-(void) doMath
{
int n = [g_pUtl twiceMe:2];

The extern tells the compiler that the g_pUtl variable has been defined elsewhere (over in AppDelegate, remember?).  In doMath, we call the twiceMe property of the UtlGen object and pass it a ‘2’ and it returns a ‘4’ to us which we place into ‘n’.

That’s it.

 *——————————————————*

A Tale of Two Internets

Friday, February 15th, 2013

– I worked for a company up until a year ago that was heavily involved in e-Commerce.  They are a great group of people and I doubt that any of them would see themselves as adding to the world’s inequalities.  

– But as they say, “No single rain drop see itself as responsible for the flood.

– But they, like all such e-Commerce facilitators, are striving to develop the technology to ‘read’ the customer more and more.  And the quote, below, shows where some of this is going.  And it might not be pretty.

– dennis

= = = = = = = = = = = = = = = = = = = =

“For the past decade, e-commerce sites have altered prices based on your Web habits and personal attributes. What is your geography and your past buying history? How did you arrive at the e-commerce site? What time of day are you visiting? An entire literature has emerged on the ethics, legality and economic promise of pricing optimization. And the field is advancing quickly: last September, Google received a patent on technology that lets a company dynamically price electronic content. For instance, it can push the base price of an e-book up if it determines you are more likely to buy that particular item than an average user; conversely, it can adjust the price down as an incentive if you are judged less likely to purchase. And you won’t even know you are paying more than others for the exact same item.”

– To the original article in Scientific American:

Paybacks are hell: Parental spying prompts infiltration of German police system

Wednesday, January 11th, 2012

Der Spiegel published a story in yesterday’s edition of their magazine that the hack on the German police surveillance system “Patras” was prompted by a senior officer spying on his daughter’s internet activities.

The Patras system is used by the police to track suspects using so-called “silent” SMSs and GPS tracking devices planted on automobiles.

It appears that a senior policeman from Frankfurt am Main installed spyware onto his daughter’s computer to keep an eye on her online activities.

It is unclear whether this is legal under German law. It is also unknown whether he used the famous Bundestrojaner or some sort of commercial off-the-shelf spyware.

One of his daughters friends then discovered the spyware on her computer and decided that was justification enough to hack into her father’s computer.

Upon invading her dad’s system he found a selection of sensitive security related emails that enabled access to the Patras system. Two German hackers from a group called n0n4m3 cr3w (noname crew) were arrested after the system was breached in July of 2011.

According to Der Spiegel the policeman had redirected his work emails to his home computer. I expect that this is against the rules and is almost always a bad idea.

The worst part is that such a sensitive network used to covertly track people was accessible without any sort of two-factor authentication.

You would hope that intercepting a few sensitive emails would not provide enough information to allow a VPN connection or access critical infrastructure with such ease.

It is not clear whether this incident is the one that resulted in the successful attack against Patras last summer, or whether they were in fact breached twice.

It is one thing to accept the need of law enforcement to track suspects after receiving the approval of a judge, but it is becoming clear that access to these systems is too easy. It almost invites abuse and could result in criminal cases being compromised.

With great power comes great responsibility, and hopefully the German police have implemented more strict access controls and other authorities with similar power have heard this story and will look into their own security.

– To the original…