Archive for July, 2015
There are two common predictions regarding the future of warfare. First, the arms race between military powers necessitates a continuous adoption of improving technologies. Second, the focus will increasingly be on attacking your opponents technology as opposed to their soldiers.
TrackingPoint, an optical system that automates almost all of the previously specialized knowledge usually required to accurately hit a target at long distances with a rifle, is an example of this. Such a system could greatly increase the accuracy of the average soldier while cutting training costs. Militaries that adopt such technology would have a distinct advantage over those that didn’t. The tradeoff is that the technology can be attacked and potentially render it useless:
At the Black Hat hacker conference in two weeks, security researchers Runa Sandvik and Michael Auger plan to present the results of a year of work hacking a pair of $13,000 TrackingPoint self-aiming rifles. The married hacker couple have developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit vulnerabilities in its software. Their tricks can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing. In a demonstration for WIRED (shown in the video above), the researchers were able to dial in their changes to the scope’s targeting system so precisely that they could cause a bullet to hit a bullseye of the hacker’s choosing rather than the one chosen by the shooter.
I’m sure somebody is going to claim this as a reason why merging firearms and technology is stupid. Such criticisms can be dismissed entirely because any military that fails to take advantage of this type of technology will be at a tremendous disadvantage. Merging technology and firearms is inevitable so we need to address the weaknesses.
TrakingPoint has stated that it will work with the researches to fix the vulnerabilities and that’s the proper response. This should also serve as a lesson to any organization creating military technology that software security, which will eventually become the primary target of enemy forces, must be a primary consideration.
As an aside it will be interesting to see if the death tolls in future wars decrease as focus on attacking technology increases. If one side can disable the other side’s ability to wage war it could lead to a bloodless surrender or an immediate retreat.
It’ll also be interesting to see how this plays out in the ancient battle of the state versus the people. Traditionally states, being centralized bureaucracies, have responded poorly to change whereas humanity as a whole has responded very well to change. In the future states will be entirely dependent on technology to both wage war and exploit its people. That could give the people a strong advantage since you could have the creativity of the entire world focused on rendering the technology and these centralized exploiters impotent. Imagine a world where a police cruiser pursuing a nonviolent drug dealer could be turned off with the push of a button. Suddenly the dangerous high-speed chase initiated by the officer could be made into a very safe getaway for the dealer. Family pets could be saved from police kicking in a door at oh dark thirty by merely using an exploit that would cause the officer’s identification friend or foe (IFF) to identify all of the house’s inhabitants as friendly and therefore prevent their weapons from discharging at them. Admittedly that is a farfetched vision but not one outside of the realm of possibility.
239 years ago the United States told its mum it was moving out. Mum, having always been a clingy parent, didn’t take the news very well but in the end there was nothing she could do. Every since then the United States seems to have always had a chip on its shoulder. It wanted to show the world that it could surpass its parent and in many ways it did. But to this day old age and treachery have proven far more able to establish a police state than youth and exuberance:
Nursery school staff and registered childminders must report toddlers at risk of becoming terrorists, under counter-terrorism measures proposed by the Government.
The directive is contained in a 39-page consultation document issued by the Home Office in a bid to bolster its Prevent anti-terrorism plan.
The consultation paper adds: “Senior management and governors should make sure that staff have training that gives them the knowledge and confidence to identify children at risk of being drawn into terrorism and challenge extremist ideas which can be used to legitimise terrorism and are shared by terrorist groups.
“They should know where and how to refer children and young people for further help.”
But concern was raised over the practicalities of making it a legal requirement for staff to inform on toddlers.
That is some beautiful fear mongering. Toddler terrorists! How could any other country come up with such a concept and be serious enough about it to use it as the basis for a law? Here you have children who have probably just mastered the fineries of bipedal motion and have just begun learning the very basics of arithmetic and the United Kingdom as managed to apply the very complex concepts of radicalization and terrorism to them! To top it all off it then legally required school teachers to do the same!
I’m sorry but that’s some advanced level shit right there. I think it’ll take some time before the politicians here even begin to approach this idea. They simply don’t have the cunning dear old mum does.
As some of you may be aware I’ve been working with a group of individuals on an initiative we call CrytoPartyMN. The idea is to have an organization that meets regularly to help people learn how to use secure communication tools. So far we’ve held two CrytoParties and have been trying to regularly hold meetings every other week. Next Tuesday we’ll be having a meeting at the Wedge Table (it’s kind of like the Wedge Co-op but with sit down space, you still have to dodge hipsters on fixies to get there though).
During the meeting we’ll be discussing our upcoming CryptoParty slated for the second or third weekend in August (depending on venue availability and such). If you’re interested helping with the event feel free to stop by. The meeting starts at 18:30 and we’re usually there until the place closes down.
Windows 10 has a feature, dubbed Wi-Fi Sense, that allows you to share any Wi-Fi pre-shared keys with your friends. Needless to say the security community hasn’t received this feature with open arms. Just because you trust a friend to connect to your wireless network doesn’t mean you trust all of their friends. But a lot of people have been trying to argue that this feature isn’t a big deal and people should stop being so worried about it. Some are even claiming that this feature is beneficial to security because it makes it easier for people to find encrypted Wi-Fi networks to join.
My focus when it comes to security is the individual. From my vantage point I see this feature as a risk to individuals who want to control who has access to their wireless networks. Ars Technica, while trying to argue that Wi-Fi Sense isn’t that big of a deal, inadvertently made the best case against it:
For a start, when a Wi-Fi passkey is shared with your PC via Wi-Fi Sense, you never actually see the password: it comes down from a Microsoft server in encrypted form, and is decrypted behind the scenes. There might be a way to see the decrypted passkeys if you go hunting through the registry, or something along those lines, but it’s certainly not something that most people are likely to do.
Emphasis mine. You can’t base your security model on the assumption that so long as something isn’t easy to do it won’t be done. Although Wi-Fi Sense encrypts pre-shared keys before transmitting them they have to be decrypted before they can be used. Once they’re decrypted they’re fair game for anybody who knows where to look. To make matters worse once somebody finds where the unencrypted keys are stored it will be trivial to write an automated tool for extracting and displaying them.
The biggest problem with Wi-Fi Sense it makes it extremely easy to lose any control over who has access to your pre-shared key. While it’s true that you potentially lose control over who has your pre-shared key the second you share it with somebody else this makes the problem worse because even a trustworthy person may inadvertently shard the key with all of their friends.
As with anything there are pros and cons. I’m not saying Wi-Fi Sense doesn’t offer any benefits. But I think a lot of people are sweeping major security concerns about the feature under the rug. You should be fully aware of the risks involved in using the feature and you especially can’t assume just because something is potentially difficult nobody is going to do it.
After the shooting in Aurora, Colorado the Brady Campaign found a family to sucker into filing a frivolous lawsuit against Lucky Gunner, the website the shooter ordered his ammunition from. The judge threw out the case and ordered the plaintiff to pay Lucky Gunner’s legal fees. Everybody following this lawsuit has been wondering if the plaintiff would appeal the decision. Now they’ve made an official statement saying they won’t:
Since a federal judge ordered the parents of a victim killed in the Aurora theater massacre to pay more than $200,000 in the defendants’ court costs, they said they’re forced to drop their appeal of the ruling because another loss may force them into bankruptcy.
With attorneys from the Brady Campaign to Prevent Gun Violence, the couple sued Lucky Gunner and other retailers with the intended goal of changing company policy and ultimately public policy in regard to gun and ammo sales as opposed to monetary gain.
This should serve as a cautionary tale not to get involved with the Brady Campaign. If the family is concerned that they would be forced into bankruptcy if they appealed the decision then the Brady Campaign must not be covering the costs. You would think the organization would do the right thing and back up the plaintiffs it has been abusing for public relations purposed. But like so much trash the family has apparently been discarded.
Since Edward Snowden aired the National Security Agency’s (NSA) dirty laundry the United States government has wanted his head. Meanwhile far saner individuals have been begging the White House to pardon him. This begging came in the form of a petition posted on the White House website that has been ignored since 2013. After two long years the White House has finally given its answer — Edward Snowden will not be pardoned:
Unsurprisingly, the White House formally announced Tuesday that it will not be granting a pardon to Edward Snowden anytime soon.
Immediately after Snowden was formally charged in 2013 with espionage, theft, and conversion of government property, supporters began petitioning the White House to pardon the famed former National Security Agency contractor.
I don’t think anybody is surprised. Snowden’s actions made the Internet a safer place for everybody and that directly conflicts with the White House’s desire to spy on everybody. Any decent nation would give somebody like Snowden, who revealed unlawful activities being perpetrated by a government agency, a medal and declare a nation holiday in his honor.
Adding further insult to injury Lisa Monaco, who is apparently the president’s adviser on homeland security and counterterrorism, made this laughable statement to justify the White House’s decision not to granted a pardon:
Instead of constructively addressing these [civil liberties] issues, Mr. Snowden’s dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it.
If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and—importantly—accept the consequences of his actions. He should come home to the United States, and be judged by a jury of his peers—not hide behind the cover of an authoritarian regime. Right now, he’s running away from the consequences of his actions.
I say the statement is laughable because the last time a whistle blower tried to “constructively address” the NSA’s unlawful activities the state sicced the Federal Bureau of Investigations (FBI) on them. Back in 2001 William Binney tried going through the appropriate channels to get the NSA’s domestic spying activities addressed. He ended up looking down the barrel of several FBI agents’ guns as they raided him home in an attempt to intimidate him into shutting up. That was one of several good stories he told on the panel discussion I was on with him.
When you threaten somebody at gunpoint for trying to get the NSA’s domestic spying addressed through proper channels you can’t expect the next person to do the same.
The candidates running for the 2016 presidential election truly are the bottom of the barrel. None of them are qualified to lead a herd of cattle into a slaughterhouse, let alone a nation. Although the playing field will likely change between now and the actual election the current darling child of the Democratic Party is Bernie Sanders. The interesting thing about Sanders is that he, unlike most of those wishy washy ninnies in the Democratic Party, outright admits he’s a socialist. There are two major types of socialists, national and international, and the question has been which of the two schools does Sanders belong to. Now we know:
Ezra Klein: You said being a democratic socialist means a more international view. I think if you take global poverty that seriously, it leads you to conclusions that in the US are considered out of political bounds. Things like sharply raising the level of immigration we permit, even up to a level of open borders. About sharply increasing …
Bernie Sanders: Open borders? No, that’s a Koch brothers proposal.
Ezra Klein: Really?
Bernie Sanders: Of course. That’s a right-wing proposal, which says essentially there is no United States. …
Ezra Klein: But it would make …
Bernie Sanders: Excuse me …
Ezra Klein: It would make a lot of global poor richer, wouldn’t it?
Bernie Sanders: It would make everybody in America poorer —you’re doing away with the concept of a nation state, and I don’t think there’s any country in the world that believes in that. If you believe in a nation state or in a country called the United States or UK or Denmark or any other country, you have an obligation in my view to do everything we can to help poor people. What right-wing people in this country would love is an open-border policy. Bring in all kinds of people, work for $2 or $3 an hour, that would be great for them. I don’t believe in that. I think we have to raise wages in this country, I think we have to do everything we can to create millions of jobs.
He wants to keep all of the “benefits” of socialism to the United States so he’s firmly in the national socialist camp. It’s also hilarious to hear him claim that open borders is a Koch brothers conspiracy, err, proposal. The Koch brothers are to the left-wing statists what George Soros is to the right-wing statists, a boogeyman responsible for all that is wrongs in the world.
Sanders also subscribes to the camp that believes open borders would hamper the creation of millions of jobs. Apparently he thinks the government should protect the jobs of individuals who are legitimately challenged by individuals for foreign lands who have no formal education and can barely speak English. Personally I disagree (because if you suck at your job that much you deserve to be replaced) but I also don’t acknowledge the nation state as a legitimate thing, unlike national socialist Sanders.
The roads are the purview of the state. Some claim this is because transportation infrastructure is so complex that the market couldn’t handle it. Of course this claim is bullshit. But the fact remains that the state will use its capacity for violence against anybody who tries to involve themselves in transportation infrastructure improvements.
A Massachusetts selectman got sick of the road repair teams not fixing the faded crosswalks in his town. Instead of impotently pounding his fist on a desk he actually decided to go out and fix the crosswalks himself. Now he’s facing criminal charges because, even though he’s an agent of the state, he didn’t respect the bureaucracy:
George Simolaris, a selectman in Billerica, about 25 miles from Boston, said he was tired of constituents asking when the white paint would be freshened up, so he fixed the problem himself. He said he bought cans of green paint, the town’s official color, and spent the weekend painting over six faded crosswalks.
“All I’ve heard for months is: ‘When is this going to get done?'” Simolaris said. “I got sick of it.”
Police and town officials said painting the street without authorization was illegal and charged him with two counts of destruction of property, according to Billerica police spokesman Roy Frost.
As if that wasn’t enough they are also planning to coerce him into “repairing” the “damage” he created:
He added that Simolaris would be required to repay the $4,000 cost of cleaning up the paint, which he said chipped and smeared.
Even though many of the crosswalks in question are going to be torn up as part of a pedestrian safety project:
Town Manager John Curran said the town was in the midst of a $400,000 pedestrian safety project that requires digging up the street including some of the crosswalks in question, which are slated to be repainted once construction is complete.
So he’s facing criminal charges for painting faded crosswalks that were slated to be ripped up anyways and he’s being criminal charged for it. I think this shows just how ridiculous the “justice” system in this country is. At most I’d say he could be demanded to pay for removing the paint if the crosswalks weren’t going to be ripped up anyways. But they’re going to be ripped up so I don’t think any grounds exist for punishing him in any way.
Either way, this story shows that the state will violently enforce its monopoly on transportation infrastructure. If people are willing to repair roads and the only thing stopping them are government guns then I think the entire claim that the market can’t handle transportation infrastructure has been rendered laughable.
A new text message vulnerability has been discovered. Sending a maliciously formed video through multimedia messaging service (MMS) an attacker can compromise a device running Android. This shouldn’t be a notable problem because Google has already pushed out a fix. But it is a notable problem because there’s no guarantee device manufacturers will push the fix to their users:
If you’re an Android user, you’d better hope that a stranger doesn’t send you a video message in the near future — it might compromise your phone. Security researchers at Zimperium have discovered an exploit that lets attackers take control if they send a malware-laden MMS video. The kicker is that you may not even need to do anything to trigger the payload, depending on your text messaging app of choice. While the stock Messenger app won’t do anything until you see the message, Hangouts’ pre-processing for media attachments could put you at risk before you’re even aware that there’s a message waiting.
Google is already on top of the flaw, and has pushed out a fix to its hardware partners. However, whether or not you’ll get that fix will depend on your phone’s manufacturer. Zimperium tells Forbes that the Nexus 6 and Blackphone are already safe against some of the related flaws (other Nexus devices are likely in a similar boat), but more common third-party phones from Samsung, HTC and others are typically still vulnerable.
There is a lot of heated debate over whether iOS or Android is more secure. Overall I think both operating systems have a decent reputations for security but Android gets a bad rap because Google doesn’t control the update channel for all Android devices. Google has already pushed the fix out to its device and some manufacturers have pushed the fixes to their users. But each manufacturer gets a great deal of leeway over what they can do with Android and many have opted to make their devices rely on their update channel instead of Google’s. This means updates may not arrive in a timely manner or at all.
iOS has an advantage when it comes to security because Apple controls the hardware and software. When a vulnerability is fixed Apple can guarantee everybody using a currently support version of iOS gets the update.
Google would do well to require device manufacturers to use its official Android update channel in order to use its proprietary apps (which is the only real pull Google has since Android is an open source operating system). Since most Android users rely on Google’s proprietary apps that would be a powerful incentive for handset manufacturers to utilize the official Android update channel instead of rolling their own. Until that is done I fear a lot of Android users will continue being vulnerable to exploits that have already been discovered and patched.
I was participating in one of those threads discussing an instance where a person incompetently reholsting their firearm lead to a negligent discharge. In this case the person in question was using a leather holster and a flimsy part of it bent in under the trigger. The discussion started off well with everybody pointing out that there are no medals for being the fastest person to reholster. But then somebody had to saying, “That’s why I carry a gun with a manual safety.”
That mindset is incredibly stupid. First, it’s an admission that the person views themselves as too incompetent to look at what they’re doing when they reholster their firearm. Second, they assume that they are only going to be incompetent in a very specific way and not incompetent in other ways.
I’ve come to label this mindset as the somewhat incompetent fallacy. It’s the idea that somebody who expresses themselves as being incompetent believes that their incompetence only happens under very specific circumstances. In the case above the somewhat incompetent fallacy applies because the person admits that they’re too careless to watch what they’re doing when reholstering a firearm but not so careless as to ever forget to engage the manual safety. They believe their incompetence only happens when they’re going through the motions of reholstering.
From extensive observations I’ve come to the conclusion that people who act careless with weapons tend to act careless in general. Therefore the belief that a manual safety will protect against a negligent discharge is, in my opinion, stupid because somebody who is so careless that they won’t watch what they’re doing when reholstering is almost certainly too careless to ensure they reengage the manual safety every time they reholster their weapon.