GPS Jamming

Fascinating PDF hosted on the Irish Lights website about current threats to GPS — the amount of chaos that can be created using relatively cheap jammers is incredible. I’m sure the twits out there with jammers think they’re the bees-knees, but they’re in the same or worse category as the pinheads that think it’s funny to point a laser pointers at a plane.

wikileaks.beecher.org

Wikileaks is having to play a ridiculous game of musical chairs this week. They were forced to move their hosting to Amazon, from which they were promptly booted; and then the DNS for their primary domain name wikileaks.org was deleted by EveryDNS. Their primary domain name is now wikileaks.ch, but if that disappears too you can use wikileaks.beecher.org to access the website; I’ll update the IP address if it changes.

Julian Assange’s personal life is not a factor here, and not just because the timing of the Swedish arrest warrant and Interpol red notice are so incredibly coincidental. Wikileaks is just an intermediary, it isn’t leaking anything, it’s just channeling it. It hasn’t broken any laws, and the likes of PayPal’s assertions that Wikileaks “encourage[s], promote[s], facilitate[s] or instruct[s] others to engage in illegal activity” is a blatant cover-up for their own engagement with – probably actually illegal – government pressure.

What’s truly sad about this nonsense is that leakers feel more comfortable sending this info to Wikileaks and not the mainstream media. If the media got their fingers out of their holes – or rather their publishers stopped cutting costs at the expense of their core business – perhaps Wikileaks would be moot, and Assange wouldn’t have to do their job for them.

New Orleans Scrapping Surveillance Cameras

Further proof that they just don’t work. They don’t even deter crime, much as proponents would like us to believe, they just move it.

Bruce Scheier: They’re not worth it:

In seven years, New Orleans’ crime camera program has yielded six indictments: three for crimes caught on video and three for bribes and kickbacks a vendor is accused of paying a former city official to sell the cameras to City Hall.

Scene from an Airport

With Bruce Schneier and an unnamed TSA officer.

I’ve gotten to the front of the security line and handed the TSA officer my ID and ticket.

TSA Officer: (Looks at my ticket. Looks at my ID. Looks at me. Smiles.)

Me: (Smiles back.)

TSA Officer: (Looks at my ID. Looks at me. Smiles.)

Me: (Tips hat. Smiles back.)

TSA Officer: A beloved name from the blogosphere.

Me: And I always thought that I slipped through these lines anonymously.

TSA Officer: Don't worry. No one will notice. This isn't the sort of job that rewards competence, you know.

Me: Have a good day.

Google Caught Rotten in Germany

Mark Suckerberg isn’t the only one that doesn’t respect your privacy you know. Do No Evil my hole.

Official Google Blog: Nine days ago the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that our Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect.

In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products.

Another Schneier Quotable Quote

He does have a talent for it…

Schneier on Security: At a security conference recently, the moderator asked the panel of distinguished cybersecurity leaders what their nightmare scenario was. The answers were the predictable array of large-scale attacks: against our communications infrastructure, against the power grid, against the financial system, in combination with a physical attack.

I didn’t get to give my answer until the afternoon, which was: “My nightmare scenario is that people keep talking about their nightmare scenarios.”

GameStation Owns Your Soul

Class!

Slashdot: “UK games retailer GameStation revealed that it legally owns the souls of thousands of customers, thanks to a clause it secretly added to the online terms and conditions for its website. The 'Immortal Soul Clause' was added as part of an attempt to highlight how few customers read the terms and conditions of an online sale. GameStation claims that 88 percent of customers did not read the clause, which gives legal ownership of the customer's soul over to the UK-based games retailer. The remaining 12 percent of customers however did notice the clause and clicked the relevant opt-out box, netting themselves a £5 GBP gift voucher in the process.”

Chip & PIN Broken

ZDNet: Chip-and-PIN readers can be tricked into accepting transactions without a valid personal identification number, opening the door to fraud, researchers have found.

Researchers at Cambridge University have found a fundamental flaw in the EMV — Europay, MasterCard, Visa — protocol that underlies chip-and-PIN validation for debit and credit cards.

As a consequence, a device can be created to modify and intercept communications between a card and a point-of-sale terminal, and fool the terminal into accepting that a PIN verification has succeeded.

“Chip and PIN is fundamentally broken,” Professor Ross Anderson of Cambridge University told ZDNet UK. “Banks and merchants rely on the words 'Verified by PIN' on receipts, but they don't mean anything.”

(Also, see Ross’s paper on 3D Secure.)