Facebook: Interesting Real News Filtering

September 29, 2018

Here in Harrod’s Creek, it is difficult to determine what is accurate and what is not. For example, allegedly a university president fiddled his pay. Then we had rumors of a novel way to recruit basketball players. News about these events were filtered because, hey, basketball is a big deal along with interesting real estate deals in River City.

We read “Facebook Users Unable to Post Story about Huge Facebook Hack on Facebook.” A real news outfit in London noticed that stories about Facebook’s most recent security lapse were not appearing on Facebook.

Another real news outfit reported that some Facebook users saw this message:

“Action Blocked: Our security systems have detected that a lot of people are posting the same content, which could mean that it’s spam. Please try a different post.”

Facebook fans suggested that Facebook was not blocking a story which might put Facebook in a bad light.

Here in rural Kentucky we know that no Silicon Valley company would filter news about its own security problems.

Facebook is a fine outfit. Obviously the news about the security lapse was fake; otherwise, why would the information be blocked?

Just a misunderstanding which the 50 million plus people affected are certain to understand. What’s the big deal with regaining access to one’s account?

The Facebook service is free and just wonderful. Really wonderful.

Stephen E Arnold, September 29, 2018

A New Cyber Angle: Differential Traceability

August 20, 2018

Let’s start the week with a bit of jargon: differential traceability.”

How do you separate the bad eggs from the good online? It’s a question we’ve all been wracking our brains to solve ever since the first email was sent. However, the stakes have grown incredibly higher since those innocent days. Recently, some very bright minds have begun digging deeply into the idea of traceability as a way to track down internet offenders and it’s gaining traction, as we discovered from a Communications of the ACM editorial entitled: “Traceability.”

According to the story, it all comes down to differential traceability:

“The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners.”

Giving everyone a tag, much like a car, for Internet traffic is an interesting idea. However, much like real license plates, the only ones who will follow the rules will be the ones who aren’t trying to break them.

This phrase meshes nicely with Australia’s proposed legislation to attach fines to specific requests for companies to work around encryption. Cooperate and there is no fine. Fail to cooperate, the company could be fined millions per incident.

Differential? A new concept.

Patrick Roland, August 20, 2018

Amazon Clarification on Network Switches

July 19, 2018

I read an exclusive on Marketwatch. (I did not know it was “real” journalism.) The story is “Exclusive: Amazon Denies It Will Challenge Cisco with Switch Sales.” The story’s main point struck me as:

Amazon.com Inc.’s top cloud-computing executive has officially denied that Amazon Web Services plans to start selling network switches to other businesses, after a report last week claiming that move was in the works damaged stocks of Cisco Systems Inc. and other major networking companies.

I think I understand.

Amazon may be building switches with Amazon Web Services and maybe its streaming data marketplace baked in. But these switches will not be old to “other businesses.”

Such a switch would add some functionality to Amazon’s own infrastructure. I wonder if these switches, assuming they exist, would add some beef to Amazon’s government client activities. For example, some lawful intercept activities take place at network tiers where there are some quite versatile switches.

The write up adds:

Amazon would not comment on whether it is creating its own networking equipment, just that it did not plan to sell such equipment to other businesses.

If Amazon wins more US government cloud and AWS centric work, certification of these devices eliminates possible questions about backdoors or phone home functions in gear sourced from other companies.

To sum up, Amazon does not deny it is building switches (whatever that term includes).

Worth watching in the context of the on going dust up between Oracle’s data marketplace and Amazon’s designs on building a new source of revenue with its marketplace innovations.

Stephen E Arnold, July 19, 2018

Unlocking iPhones: Cat and Mouse Continues

June 25, 2018

In a recent DarkCyber, referenced companies that specialize in unlocking iPhones for law enforcement. Apple responded by suggesting that it would alter the functionality of its lightning USB connector to provide greater user privacy.

At the security conference in Winston Salem, North Carolina, last week, I heard some talk about the issues that the Apple versus law enforcement cat and mouse game would create. (I gave two talks available to the 160 conference attendees. No boos and not thrown tomatoes.)

My impression of these comments is that the games will continue.

I was not surprised to read “A Hacker Figured Out How to Brute Force iPhone Passcodes.” Has the hacker kicked off a new round of game playing? Who knows?

The write up states:

A security researcher has figured out how to brute force a passcode on any up-to-date iPhone or iPad, bypassing the software’s security mechanisms… But Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, found a way to bypass the 10-time limit and enter as many codes as he wants — even on iOS 11.3.

The method revealed in the write up is clever, like many hacks.

The write up quotes the hacker as saying, “I suspect others will find it [the hack] or have already found it.

Worth monitoring the score line.

Stephen E Arnold, June 25, 2018

Cheerleading for VPNs: Gimme a V, Gimmie an S, Gimmie an N!

June 20, 2018

VPNs Protect Your Data Away From Home

The received wisdom is that a VPN or virtual private network can be used to protect your Internet data from hackers and other bad actors.  ZDNet wrote up a piece about VPNs in “Take Home Along: Six Ways A VPN Can Help Travelers Connect Wherever They Go.”  Typically remote access from a different country or area than your normal IP area will be flagged as a bad actor, but it can also protect you.

In theory, you can use a VPN to prevent your debit or credit card from being blocked, do home online shopping, watch your streaming services, and use VOIP services.  While these are apparent application for a VPN, the article also shares some other that are “naughtier.”

If you are visiting a country, like China, that has restricted access to social media then a VPN in theory will allow you to circumnavigate it.  Even more helpful is that it can hide your online tracks from spies:

“Some companies provide VPN access to their employees while traveling. Employees are given software or configurations that allow them to create encrypted tunnels between their laptops and home servers. These enterprise VPN clients do a great job of hiding the content, but they fail in one critical way: They often let a spying nation state know the IP address of those VPN end-points.

The hope is that by using a VPN service provider, you can obfuscate the path back to work, as well as the data you’re transmitting. This is a very good idea to make it just a little harder for nation-state spies and the organized crime hackers that often work with them to find your company’s servers.”

The problem is that not every VPN is fully secure. Why? In some countries, those who use and operate VPNs are either expected to cooperate with the authorities or just want to stay in business and maybe out of jail.

Whitney Grace, June 20, 2018

France: A Player in Cybersecurity

May 9, 2018

We know the French are good at cheese and wine and romance. Heck, we’d say they are the best in the world in those departments. But when it comes to cyber security, most people think they are about as fresh as rotten brie. That image could be changing. We certainly changed our tune after reading some persuasive recent pieces, starting with Express article, “WhatsApp is About to Get a Rival From One of the Most Unlikely Places.”

That place is, obviously, France. Here’s what the story had to say:

“Since none of the major encrypted messaging apps are based in France, it has raised the risk of data breaches at servers outside the country, the French digital ministry said.

“About 20 officials and top civil servants are testing the new app which a state-employed developer has designed, a ministry spokewoman said, with the aim that its use will become mandatory for the whole government by the summer.”

On the surface, this sounds completely laughable, right? But people are starting to talk about the surprising strength of France’s tech industry. If you ask some people, they are on the cusp of becoming a cyber security power. If things go France’s way, cyber technology might rank up there with champagne, as the country’s finer exports.

Patrick Roland, May 9, 2018

Dark Web Security: The New Black

April 3, 2018

Security threats on the general internet have been around since the first email was sent. But a new and more vengeful form of cybercrime is rising up from the Dark Web and the hiddenwebs, and companies are scrambling to fight it. We learned about one such organization in a recent Gov.uk story, “Cyber Security Firm Secures $26 Million Series C Funding.”

According to the story, Digital Shadows helps target threats on the everyday web, but also those more shadowy realms average people have no idea about. This financial boon will help in many ways, according to a spokesman:

“We intend to use this new funding to scale and grow on a global basis. We’ll also continue to invest in the product, and to stay ahead of anyone else, continually ensuring we can provide unique value to the customer… We will continue to work with organizations with 500+ employees, because they need the most help to protect themselves and their assets against digital risks.”

In addition to venture capital firms, governments, too, have been focusing attention on fighting this type of fraud too. The challenge is that security remains a cat and mouse game. Watch this blog for a link to our new video about Grayshift’s iPhone unlocking device. We point out in this video that Apple will button up loopholes, and the security arms race begins again. Dark Web security operates in the same manner. Expensive? Yes. Frustrating? Yes. Profitable for security firms? Yes.

Patrick Roland, April 3, 2018

Artificial Intelligence: Tiny Ears May Listen Well

March 29, 2018

The allegations that Facebook-type companies can “listen” to one’s telephone conversations or regular conversations may be “fake” news. But the idea is worth considering.

Artificial intelligence’s ability to process written data is unparalleled. However, the technology has always lagged pretty severely when it comes to spoken words. Soon, that will be a thing of the past if this recent article is to be believed. We learned more from the Smart Data Collective piece, “Natural Language Processing: An Essential Element of Artificial Intelligence.”

According to the story:

“Natural Language Processing (NLP) is an important part of artificial intelligence which is being researched upon to aid enterprises and businesses in the quick, speedy and fast retrieval of both structured and unstructured organizational data when needed. In simple terms, natural language processing (NLP), is the skill of a machine to understand and process human language within the context in which it is spoken.”

This technology is really taking off in the food industry. According to sources, shoppers in London are the first to use language processing apps to help them determine what vitamins their body may be lacking. It may sound like a stretch, but this is the sweet spot where AI really soars. The technology seems to really take off in industries that previously felt like it needed no help. Watch for language processing to begin bleeding into everyday life elsewhere, too. If one is carrying a mobile phone, is it listening and recording, converting text to speech, and indexing that content for psychographic analysis?

Patrick Roland, March 29, 2018

Hidden Webs May Be a Content Escape Hatch

March 28, 2018

Beyond Search and the Dark Cyber research team discussed a topic which raised some concern among the team. Censorship may be nudging some individuals to the hidden Webs; for example, the Dark Web, i2p, ZeroWeb, etc.

In the wake of several US school shootings, the outcry of more control over gun sales has grown louder. Many organizations have begun to distance themselves from firearms related topics, like YouTube who removed all of their firearms content recently. The response has created a strange subculture, as we discovered in this recent NPR story, “Restricted by YouTube, Gun Enthusiasts are Taking Their Videos to Pornhub.”

According to the story:

“InRangeTV, which has some 144,000 subscribers on its YouTube channel, has chosen to publish videos on an adult website called Pornhub…InRangeTV also recently wrote on Facebook that it is defending “Why are we seeing continuing restrictions and challenges towards content about something demonstrably legal yet not against that which is clearly illegal?” It then posted links to YouTube videos on synthesizing meth and other illicit acts.”

This is an odd place for a freedom of speech battle to take place, but not completely. It seems right in line with something Larry Flynt would have perused. Conversely, as far right leaning content is going closer and closer toward the dark web (pornography is not the dark web, but it feels like that’s the direction this is heading) the dark web is beginning to try to take down YouTube with rightwing trolling at an extreme level. What all this means for average citizens is that search is going to get more complicated, no matter what you are hunting for.

We also noted that a site dedicated to off color content has become the new home for those who are interested in weaponry. We think the shift may be gaining momentum. How does one “find” these types of content? Perhaps encrypted chat or old fashioned word of mouth messaging. Worth watching this possible shift.

Patrick Roland, March 28, 2018

The Digital Purloined Letter

March 28, 2018

Want to keep a Secret? Do it in public?

We spend a lot of time worrying about how secure our private data and messages are. If the internet has proven anything to us, it’s that if someone wants to get into your info, they’ll do it. So, one of the world’s most clandestine agencies has started using social media to do perform some of its most secret activities out in the open. We learned more from the recent Engadget piece, “NSA Sent Coded Messages Through Twitter.

According to the piece, the NSA paid about $100,000 to Russian informants and did most of the communicating in secret messages on Twitter.

“It’s unknown how common this practice is, both on other social networks and from other agencies. However, it wouldn’t be surprising if there have been other instances. This lets intelligence bureaus orchestrate clandestine communications with little effort, and no way of knowing about the secret meaning (outside of leaks like this, of course) if you’re not directly involved.”

This certainly sounds like something straight out of a spy movie, but this level of secrecy is actually available to the general public. You just have to know where to look. For example, as recently as 2016, Facebook had a secret Messenger app that allowed for coded messages and for disappearing messages, not unlike Snapchat. So, if you are thinking of passing secrets to someone, social media is, oddly, a great place for it.

Patrick Roland, March 28, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta