CyberOSINT banner

The Most Dangerous Writing App Will Delete Your Work If You Stop Typing, for Free

May 2, 2016

The article on The Verge titled The Most Dangerous Writing App Lets You Delete All of Your Work For Free speculates on the difficulties and hubris of charging money for technology that someone can clone and offer for free. Manuel Ebert’s The Most Dangerous Writing App offers a self-detonating notebook that you trigger if you stop typing. The article explains,

“Ebert’s service appears to be a repackaging of Flowstate, a $15 Mac app released back in January that functions in a nearly identical way. He even calls it The Most Dangerous Writing App, which is a direct reference to the words displayed on Flowstate creator Overman’s website. The difference: Ebert’s app is free, which could help it take off among the admittedly niche community of writers looking for self-deleting online notebooks.”

One such community that comes to mind is that of the creative writers. Many writers, and poets in particular, rely on exercises akin to the philosophy of The Most Dangerous Writing App: don’t let your pen leave the page, even if you are just writing nonsense. Adding higher stakes to the process might be an interesting twist, especially for those writers who believe that just as the nonsense begins, truth and significance are unlocked.

 

Chelsea Kerwin, May 2, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

New Security Service Enters Consumer Space

April 29, 2016

It looks like another company is entering the arena of consumer cybersecurity. An article from Life Hacker, Privacy Lets You Create “Virtual” Credit Card Numbers, Deactivate One Instantly If It’s Stolen, shares the details of Privacy. Their tool generates disposable card numbers online, which can be tied to accounts with participating banks or Visa cards, and then allows users to easily deactivate if one is stolen. The service is free to users because Privacy makes money acting as a credit card processor. The article tells us,

“Privacy just gives you the ability to create virtual “accounts” that are authorized to charge a given amount to your account. You can set that account to be single use or multi-use, and if the amount is used up, then the transaction doesn’t go through to your main account. If one of your virtual accounts gets hit with an account you don’t recognize, you’ll be able to open the account from the Privacy Chrome or Firefox extension and shut it down immediately. The Chrome extension lets you manage your account quickly, auto-fill shopping sites with your virtual account numbers, or quickly create or shut down numbers.”

We think the concept of Privacy and the existence of such a service points to the perception consumers find security measures increasingly important. However, why trust Privacy? We’re not testing this idea, but perhaps Privacy is suited for Dark Web activity.

 

Megan Feil, April 29, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

A Dark Web Spider for Proactive Protection

April 29, 2016

There is a new tool for organizations to more quickly detect whether their sensitive data has been hacked.  The Atlantic discusses “The Spider that Crawls the Dark Web Looking for Stolen Data.” Until now, it was often many moons before an organization realized it had been hacked. Matchlight, from Terbium Labs, offers a more proactive approach. The service combs the corners of the Dark Web looking for the “fingerprints” of its clients’ information. Writer Kevah Waddell reveals how it is done:

“Once Matchlight has an index of what’s being traded on the Internet, it needs to compare it against its clients’ data. But instead of keeping a database of sensitive and private client information to compare against, Terbium uses cryptographic hashes to find stolen data.

“Hashes are functions that create an effectively unique fingerprint based on a file or a message. They’re particularly useful here because they only work in one direction: You can’t figure out what the original input was just by looking at a fingerprint. So clients can use hashing to create fingerprints of their sensitive data, and send them on to Terbium; Terbium then uses the same hash function on the data its web crawler comes across. If anything matches, the red flag goes up. Rogers says the program can find matches in a matter of minutes after a dataset is posted.”

What an organization does with this information is, of course, up to them; but whatever the response, now they can implement it much sooner than if they had not used Matchlight. Terbium CEO Danny Rogers reports that, each day, his company sends out several thousand alerts to their clients. Founded in 2013, Terbium Labs is based in Baltimore, Maryland. As of this writing, they are looking to hire a software engineer and an analyst, in case anyone here is interested.

 

Cynthia Murrell, April 29, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

Duck Duck Go as a Privacy Conscious Google Alternative

April 26, 2016

Those frustrated with Google may have an alternative. Going over to the duck side: A week with Duck Duck Go from Search Engine Watch shares a thorough first-hand account of using Duck Duck Go for a week. User privacy protection seems to be the hallmark of the search service and there is even an option to enable Tor in its mobile app. Features are comparable, such as one designed to compete with Google’s Knowledge Graph called Instant Answers. As an open source product, Instant Answers is built up by community contributions. As far as seamless, intuitive search, the post concludes,

“The question is, am I indignant enough about Google’s knowledge of my browsing habits (and everyone else’s that feed its all-knowing algorithms) to trade the convenience of instantly finding what I’m after for that extra measure of privacy online? My assessment of DuckDuckGo after spending a week in the pond is that it’s a search engine for the long term. To get the most out of using it, you have to make a conscious change in your online habits, rather than just expecting to switch one search engine for another and get the same results.”

Will a majority of users replace “Googling” with “Ducking” anytime soon? Time will tell, and it will be an interesting saga to see unfold. I suppose we could track the evolution on Knowledge Graph and Instant Answers to see the competing narratives unfold.

 

Megan Feil, April 26, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

The Dark Web Cuts the Violence

March 23, 2016

Drug dealing is a shady business that takes place in a nefarious underground and runs discreetly under our noses.  Along with drug dealing comes a variety of violence involving guns, criminal offenses, and often death.   Countless people have lost their lives related to drug dealing, and that does not even include the people who overdosed.  Would you believe that the drug dealing violence is being curbed by the Dark Web?  TechDirt reveals, “How The Dark Net Is Making Drug Purchases Safer By Eliminating Associated Violence And Improving Quality.”

The Dark Web is the Internet’s underbelly, where stolen information and sex trafficking victims are sold, terrorists mingle, and, of course, drugs are peddled.  Who would have thought that the Dark Web would actually provide a beneficial service to society by sending drug dealers online and taking them off the streets?  With the drug dealers goes the associated violence.  There also appears to be a system of checks and balances, where drug users can leave feedback a la eBay.  It pushes the drug quality up as well, but is that a good or bad thing?

“The new report comes from the European Monitoring Centre for Drugs and Drug Addiction, which is funded by the European Union, and, as usual, is accompanied by an official comment from the relevant EU commissioner. Unfortunately, Dimitris Avramopoulos, the European Commissioner for Migration, Home Affairs and Citizenship, trots out the usual unthinking reaction to drug sales that has made the long-running and totally futile “war on drugs” one of the most destructive and counterproductive policies ever devised:

‘We should stop the abuse of the Internet by those wanting to turn it into a drug market. Technology is offering fresh opportunities for law enforcement to tackle online drug markets and reduce threats to public health. Let us seize these opportunities to attack the problem head-on and reduce drug supply online.’”

The war on drugs is a futile fight, but illegal substances do not benefit anyone.  While it is a boon to society for the crime to be taken off the streets, take into consideration that the Dark Web is also a breeding ground for crimes arguably worse than drug dealing.

 

Whitney Grace, March 23, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Tails Increases Ease of Online Anonymity

March 17, 2016

The interest in browsing the internet anonymously does not appear to be fading. Softpedia recently posted Debian Makes It a Lot Easier for Users to Install the Tails Anonymous Live CD. Called the “amnesic incognito live system”, Tails is a GNU/Linux Live CD distribution which is based on the Debian operating system and allows your online activities to remain anonymous. Tails is driven by Tor and provides its users access to the anonymous Tor network. The article tells us,

Now, we all know how to write a Live ISO image on a USB key or a CD disc, right? But what you probably don’t know is that there’s an app for that, called Tails Installer, which the skilled Debian Privacy Tools maintainers team included in Debian repos. “The previous process for getting started with Tails was very complex and was problematic for less tech-savvy users,” developers explained. “It required starting Tails three times, and copying the full ISO image onto a USB stick twice before having a fully functional Tails USB stick with persistence enabled.”

As the article points out, Tails has a stamp of approval from Edward Snowden. It seems like before Debian, it would have been quite the stretch for many users to even consider adopting the use of Tails. However, using a Linux-based operating system, the pre-requisite for Tails, may also be a hurdle preventing wide-scale adoption. Time will tell.

 

Megan Feil, March 17, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

Facebook Faces French Frippery

February 12, 2016

Facebook and its privacy and information policies are under scrutiny in France. Unlike the US and other countries, French regulators can be a frisky bunch. I recall an incident involving a certain Russian who operated in an interesting manner. If recollection serves, the French authorities kept pecking and pecking and finally chewed the feet off the alleged wrong doer. Persistence and institutional coordination are different in the land of more than 200 types of cheese.

French Data Privacy Regulator Cracks down on Facebook” reports that the social media outfit has 90 days to “stop tracking non users’ Web activity without their consent.”

This begs the question, “Then what?”

Two things. France will cheerlead for actions against Facebook from its EC colleagues.

Plus the French bureaucracy, the outfit which “invented red tape,” will swing into action. This is often not a good thing. I recall a French born French citizen who had to display her great grandfather’s medal of honor to clear up a citizenship inquiry. The nifty part of this anecdote is that a letter from the president of France to her grandfather was not enough. The picture verified that the grandfather and the French president were shaking hands at the award ceremony. That’s bureaucratic attentiveness in action.

Facebook faces French friskiness in the institutional playground. At least, lunches are usually pretty good. That’s a benefit for the legal eagles who will flock to answer the “then what?” question.

Stephen E Arnold, February 12, 2016

Anonymity Not Always Secured for Tor and Dark Web Users

January 28, 2016

From the Washington Post comes an article pertinent to investigative security technologies called This is how the government is catching people who use child porn sites. This piece outlines the process used by the FBI to identify a Tor user’s identity, despite the anonymity Tor provides. The article explains how this occurred in one case unmasking the user Pewter,

“In order to uncover Pewter’s true identity and location, the FBI quietly turned to a technique more typically used by hackers. The agency, with a warrant, surreptitiously placed computer code, or malware, on all computers that logged into the Playpen site. When Pewter connected, the malware exploited a flaw in his browser, forcing his computer to reveal its true Internet protocol address. From there, a subpoena to Comcast yielded his real name and address.”

Some are concerned with privacy of the thousands of users whose computers are also hacked in processes such as the one described above. The user who was caught in this case is arguing the government’s use of such tools violated the Fourth Amendment. One federal prosecutor quoted in the article describes the search processes used in this case as a “gray area in the law”. His point, that technology is eclipsing the law, is definitely one that deserves more attention from all angles: the public, governmental agencies, and private companies.

 

Megan Feil, January 28, 2016

Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph

 

 

Oscobo: A Privacy Centric Web Search System

January 7, 2016

Before you get too excited, the Oscobo service uses results from Bing. Yep, that is the search engine which uses Baidu in China and Yandex in Russia for results.

The Oscobo search system is about privacy for its users, not about the dreary precision, recall, and relevance issues. “Oscobo Is An Anonymous Search Engine Targeting Brits” reports that the system reminded the article’s author of DuckDuckGo and Hulbee, both working to ensure the privacy of their users.

The results are filtered to cater to the needs of the UK online search it seems.

According to the write up, Oscobo’s business model

is simple paid search, based on bare-bones search data (i.e. whatever string a user is searching for) and their location — given the product is serving the U.K. market this is assumed to be the U.K., but whatever search string they input may further flesh out a more specific location.

There is no definition of “paid search”, however. You can check out the system at https://oscobo.co.uk/.

Stephen E Arnold, January 7, 2016

Google and Students: The Quest for Revenue

January 7, 2016

The Alphabet Google thing is getting more focused in its quest for revenue in the post desktop search world. I read “Google Is Tracking Students As It Sells More Products to Schools, Privacy Advocates Warn.” I remember the good old days when the Google was visiting universities to chat about its indexing of the institutions’ Web sites and the presentations related to the book scanning project. This write up seems, if Jeff Bezos’ newspaper is spot on, to suggest that the Alphabet Google thing is getting more interested in students, not just the institutions.

I read:

More than half of K-12 laptops or tablets purchased by U.S. schools in the third quarter were Chromebooks, cheap laptops that run Google software…. But Google is also tracking what those students are doing on its services and using some of that information to sell targeted ads, according to a complaint filed with federal officials by a leading privacy advocacy group.

The write up points out:

In just a few short years, Google has become a dominant force as a provider of education technology…. Google’s fast rise has partly been because of low costs: Chromebooks can often be bought in the $100 to $200 range, a fraction of the price for a MacBook. And its software is free to schools.

Low prices. Well, Amazon is into that type of marketing too, right? Collecting data. Isn’t Amazon gathering data for its recommendations service?

My reaction to the write up is that the newspaper will have more revelations about the Alphabet Google thing. The security and privacy issue is one that has the potential to create some excitement in the land of online giants.

Stephen E Arnold, January 7, 2015

Next Page »