Tag: Technology

Vulnerability Found in Wi-Fi Protected Setup

I apologize for being a little late with this news but I’m on vacation, what can you really ask from me? Anyways a brute force vulnerability was discovered in Wi-Fi Protect Setup (WPA):

A few weeks ago I decided to take a look at the Wi-Fi Protected Setup (WPS) technology. I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide.

Ouch, glad I never used WPS to setup the security on my wireless network. Technical details about the vulnerability can be found in this writeup [PDF].

AT&T Ends Bid for T-Mobile

AT&T and finally decided its attempted merger with T-Mobile was just not going to be allowed by the United States government:

US telecoms giant AT&T has said it will not pursue its $39bn bid to buy T-Mobile USA after running into fierce government objections.

[…]

AT&T has said it would include a $4bn charge in its fourth-quarter accounts to cover any potential compensation due if the deal does not go ahead.

AT&T agreed to buy T-Mobile USA from Deutsche Telekom in March, aiming to create the largest US wireless network.

While many T-Mobile customers are cheering I question whether or not this will allow T-Mobile to continue exiting. The bottom line is Deutsche Telekom is no longer interested in T-Mobile and is willing to break the subsidiary up and sell it in pieces if necessary. Likewise the $4 billion AT&T just payed for the failed merger goes to Deutsche Telekom, who may or may not invest it back into T-Mobile.

The merger also caused a great deal of damage to T-Mobile as it basically froze them in place. During the merger they did little or no network expansion that I’m aware of, obtained relatively few new phones, and now sit as the only carrier who doesn’t have the iPhone. If T-Mobile wants to remain relevant they have to play catchup for the last several months they did nothing while AT&T attempted to purchase the company. Overall the attempted merger may have caused irreversible damage to the fourth major carrier in the United States.

FBI Collecting Carrier IQ Data

Every since the news about Carrier IQ broke the metaphorical shit has been hitting the metaphorical fan. People are understandably upset about the type of information carriers are collecting using the, until recently, little known software. In my original post related to Carrier IQ I stated:

Carrier iQ is likely one of the most dangerous pieces of software in common use today. I do understand the great amount of benefit it gives to cellular providers but we all know anything accessible by said providers can also be access by the government, often without so much as a court order.

I hate having my suspicions confirmed:

Michael Morisy, a journalist who founded an organization called MuckRock to ease the process of filing FOIA requests, wrote the FBI on Dec. 1 asking for “any manuals, documents or other written guidance used to access or analyze data gathered by programs developed or deployed by Carrier IQ…. In addition, I ask for expedited processing as this is a matter of immediate news interest: The existence of Carrier IQ’s software was recently disclosed and has immediate ramifications on constitutionally protected privacy rights.”

The FBI acknowledged receiving his request within a few days, and then issued a blanket denial, which cites a law exempting records from disclosure if releasing them could interfere with law enforcement proceedings. “In applying this exemption, I have determined that the records responsive to your request are law enforcement records; that there is a pending or prospective law enforcement proceeding relevant to these responsive records; and that release of the information contained in these responsive records could reasonably be expected to interfere with the enforcement proceedings,” an FBI records management official named David Hardy wrote to Morisy.

Notice that the Federal Bureau of Investigations (FBI) filed for an exemption, they didn’t claim to have no such data available. The only logical conclusion one can draw from this fact is that the FBI has data collected by Carrier IQ on hand but doesn’t want to disclose how much. I wouldn’t be surprised if the FBI has issued blanket requests for this data from carriers using National Security Letters (NSL). As targets of NSLs are legally prohibited from disclosing the mere fact that they received the letter we have no idea how much of this data has been collected by the FBI, they could have issued a demand that all data collected using the Carrier IQ software be turned over.

Paranoids are just people with all the facts.

My Dreams of a Write Mountable Dosimeter are In Sight

Earlier this year I blogged about a wristwatch that contains a built-in dosimeter. I’ve been trying to find one of these but so far every company that sells them requires you either make a bulk purchase or they only sell to scientific institutions.

Browsing through Marathon’s website I came across a familiar face, a rebranded PM1208M. Technically it looks to be an upgraded version (the one on Marathon’s website is called the GammaMaster II whereas the one I linked to earlier this year was merely the GammaMaster) but either way I threw myself on the notification list and hope to see a message in my inbox soon telling me the watch is available to order.

What am I going to do with it you ask? Hell if I know, it’ll basically be a conversation piece. The bottom line is I have a love of cramming gizmos into wristwatches and this device does that exceptionally well.

Federal Government Censor Websites Using Copyright Laws

With all the debate surrounding the Stop Online Piracy Act (SOPA) and Immigration and Customs Enforcement’s (ICE) mission creep we often forget that the federal government has been practicing censorship by hijacking domains of websites. We’re told that SOPA will be OK because the government will only target copyright offenders but the truth is they’ve already used their authority to censor non-infringing websites:

Imagine if the US government, with no notice or warning, raided a small but popular magazine’s offices over a Thanksgiving weekend, seized the company’s printing presses, and told the world that the magazine was a criminal enterprise with a giant banner on their building. Then imagine that it never arrested anyone, never let a trial happen, and filed everything about the case under seal, not even letting the magazine’s lawyers talk to the judge presiding over the case. And it continued to deny any due process at all for over a year, before finally just handing everything back to the magazine and pretending nothing happened. I expect most people would be outraged. I expect that nearly all of you would say that’s a classic case of prior restraint, a massive First Amendment violation, and exactly the kind of thing that does not, or should not, happen in the United States.

But, in a story that’s been in the making for over a year, and which we’re exposing to the public for the first time now, this is exactly the scenario that has played out over the past year — with the only difference being that, rather than “a printing press” and a “magazine,” the story involved “a domain” and a “blog.”

[…]

Okay, now some details. First, remember Dajaz1.com? It was one of the sites seized over the Thanksgiving holiday weekend back in 2010 — a little over a year ago. Those seizures struck us as particularly interesting, because among the sites seized were a bunch of hip hop blogs, including a few that were highly ranked on Vibe’s list of the top hip hop blogs.

[…]

In fact, as the details came out, it became clear that ICE and the Justice Department were in way over their heads. ICE’s “investigation” was done by a technically inept recent college grad, who didn’t even seem to understand the basics of the technology. But it didn’t stop him from going to a judge and asking for a site to be completely censored with no due process.

The story goes into more detail but I’m sure you get the point. ICE has been shutting down domains based on “evidence” collected by completely unqualified individuals. Instead of laughing and tossing out requests for domain seizures judges have simply been saying, “Well I’m an agent of the state and you’re an agent of the state so you must be right. Sieze the domain!” This kind of ineptitude isn’t an exception but is the rule when it comes to government enforcement of almost anything.

Knowing this people still want to grant the government more power. What SOPA will do is allow this kind of incompetence to spread even further. I also guarantee you that many websites that are critical of the federal government will find themselves on the list of copyright offenders, by accident of course.

Hats Off to Kaspersky Lab

I would just like to give kudos to Kaspersky Lab for leaving the Business Software Alliance (BSA) because of the organization’s support of the Stop Online Piracy Act (SOPA):

Security research company and prominent antivirus software vendor Kaspersky Lab has announced its intent to withdraw from the Business Software Alliance (BSA) because of the Alliance’s support for the Stop Online Piracy Act (SOPA, also known as H.R. 3261).

The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are the software industry’s two biggest trade groups. Since both groups have strong anti-piracy stances, neither directly opposed the Stop Online Piracy Act. Both expressed interest in working with Congress to design the law.

[…]

“Kaspersky Lab is aware of the public controversy and debates sparked by the Stop Online Piracy Act (SOPA). Kaspersky Lab is occasionally mentioned in the discussion as a member of the Business Software Alliance (BSA), which supports the SOPA initiative,” a statement from the security company said on Monday. “Kaspersky Lab would like to clarify that the company did not participate in the elaboration or discussion of the SOPA initiative and does not support it. Moreover, the company believes that the SOPA initiative might actually be counter-productive for the public interest, and decided to discontinue its membership in the BSA as of January 1, 2012.”

Good on you guys, I hope other software companies follow suit.

Using Cell Phones to Track Shoppers

I’ve said cell phones are the best spy devices we’ve ever decided to voluntarily carry around and, as Bruce Schneier points out, the ability to judge a person’s location based on their cellphone signal isn’t restricted only to government agents:

Online retailers have long gathered behavioral metrics about how customers shop, tracking their movements through e-shopping pages and using data to make targeted offers based on user profiles. Retailers in meat-space have had tried to replicate that with frequent shopper offers, store credit cards, and other ways to get shoppers to voluntarily give up data on their behavior, but these efforts have lacked the sort of data capacity provided by anonymous store browsers—at least until now. This holiday season, shopping malls in the US have started collecting data about shoppers by tracking the closest thing to “cookies” human beings carry—their cell phones.

The technology, from Portsmouth, England based Path Intelligence, is called Footpath. It uses monitoring units distributed throughout a mall or retail environment to sense the movement of customers by triangulation, using the strength of their cell phone signals. That data is collected and run through analytics by Path, and provided back to retailers through a secure website.

The location of any device that emits a wireless signal can be triangulated. Again I will state that cell phones are immensely useful but not only to their owners. Combining the fact that cell phones are almost always on their owner, contain a vast amount of personal information about their owner, and have built-in cameras and microphones makes for devices that are great for spying on select individuals. While people can harp on the malls for implementing this technology ultimately it’s nothing new as your cell phone provider, whom I worry about far more, have the exact same information at all times (usually with some history of your past locations).

Another Pointless Study Parroted by the Media

The media loves to run headlines that sound shocking and a majority of people seem unwilling to read the actual content of articles meaning baseless information becomes widely circulated. Take this article titled Wi-Fi Near Testes Could Decrease Male Fertility: Study. After reading the headline many people probably go, “Gosh Wi-Fi is killing my sperm, we need to ban it!” Truth be told the study is meaningless because of the following fact:

A team of Argentine scientists placed healthy sperm under a laptop running a Wi-Fi connection. After four hours, the Wi-Fi-exposed sperm showed signs of damage including slowed motility and increased DNA fragmentation, the researchers found. Healthy sperm stored for the same time and temperature away from the computer didn’t show the damage.

Sounds like a pretty solid method so long as you ignore this tidbit towards the end:

The study, however, is far from conclusive on the effect of Wi-Fi on male fertility, mostly because the study was done with in vitro (out of the body) sperm. To continue to advance knowledge in this area, the authors of the paper suggested further in vivo (in organism) studies.

So the study didn’t test sperm in testicles, which is very important because the type of radiation emitted at the power levels we use for our wireless devices (Wi-Fi and cell phones for instance) don’t penetrate skin all that well. This study would be akin to demonstrating ultraviolet radiation kills sperm when they’re outside of a body. Being one purpose of skin is to protect the internal organs from ultraviolet radiation this is one of those no-shit-sherlock results.

This study is nothing more than sensationalist bullshit meant to generate scary headlines to up newspaper sales and page hits. People who read articles before parroting what the headline states need not worry about these traps but it appears as though a large portion of our population does not do this.

Police Working to Shut Public Out of Radio Communications

It appears as thought the police are becoming more militarized every day. First every department started establishing Special Weapons and Tactic (SWAT) teams, then they started arming themselves with armored personel carriers, and now they’re starting to classify everything:

Police departments around the country are moving to shield their radio communications from the public as cheap, user-friendly technology has made it easy for anyone to use handheld devices to keep tabs on officers responding to crimes.

The practice of encryption has become increasingly common from Florida to New York and west to California, with law enforcement officials saying they want to keep criminals from using officers’ internal chatter to evade them.

I find it funny that the police agencies moving to encrypt their communications, according to the article, are located in such havens of freedom such as New York and California. What is funny is their excuse, they’re claim of wanting to prevent criminals from listening into radio transmissions is dubious. Usually the police respond to crimes that have already happened meaning it’s unlikely a criminal is going to gain much advantage by having a police scanner on hand. While many criminals are idiots some are smart enough to realize the police will be soon to arrive after a call is made to 911.

Perhaps the police are getting sick of the public listening into their misdeeds. Then again I think the most likely reason they’re moving to encrypt their radio communications is because they’re getting a case of over classification from the military.

Companies Don’t Like Getting Caught Doing Shady Things

The company I mentioned a couple days ago that specializes in making root kit software for today’s smart phones isn’t taking the news about their little business being publicized very well:

A data-logging software company is seeking to squash an Android developer’s critical research into its software that is secretly installed on millions of phones, but Trevor Eckhart is refusing to publicly apologize for his research and remove the company’s training manuals from his website.

Though the software is installed on millions of Android, BlackBerry, and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user’s phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent.

[…]

When Carrier IQ discovered Eckhart’s recent research and his posting of those manuals, Carrier IQ sent him a cease-and-desist notice, saying Eckhart was in breach of copyright law and could face damages of as much as $150,000, the maximum allowed under US copyright law per violation. The company removed the manuals from its own website, as well.

So Carrier IQ doesn’t like the fact that their little software has become very public. This is likely because people who have heard this news haven’t been taking it very well and I’m sure complaints have been rolling into the customer support lines of AT&T, T-Mobile, Verizon, and Sprint. While it sucks that Carrier IQ are such dicks that they have threatened legal action against Eckhart for bringing their shenanigans to light it’s good to hear Eckhart’s cavalry has arrive:

On Monday, the Electronic Frontier Foundation announced it had came to the assistance of the 25-year-old Eckhart of Connecticut, whom Carrier IQ claims has breached copyright law for reposting the manuals.

This is why I give money to the Electronic Frontier Foundation. Hopefully this case is quickly resolved so Eckhart can continue his research unmolested.