background propaganda

Blizzard’s CEO Mike Morhaime has confirmed in a letter that the company’s internal network has been breached this week. The “unauthorized and illegal access” has been closed off, and an investigation …

SOURCE Help Net Security – News

The FCC ruled today in favor of you, the customer, telling Verizon that they were in the wrong when they blocked tethering apps from being able to be downloaded to your phone. The blocking of tethering apps, as many of you suggested a year ago, does not comply with the FCC’s “C Block rules” that were set forth when Verizon purchased the C-block spectrum for their LTE network.

As of today, Verizon will have to notify the Google Play store that they would no longer like any of the tethering apps available, to be blocked. They are also settling the matter by paying $1.25 million to the U.S. Treasury.

GigaOM is also reporting that this new FCC ruling will force Verizon to offer tethering plans for free to tiered data customers. While that’s sort of already happening on Share Everything, this report suggests that there isn’t a way for Verizon to stop unlimited customers from doing this as well. That remains to be seen, but feel free to check into it.

What a day, right?

Here is the entire press release from the FCC:

VERIZON WIRELESS TO PAY $1.25 MILLION TO SETTLE INVESTIGATION 

INTO BLOCKING OF CONSUMERS’ ACCESS TO CERTAIN MOBILE BROADBAND APPLICATIONS 

Washington, D.C. – Today the FCC’s Enforcement Bureau released a $1.25 million consent decree with Verizon Wireless that resolves an investigation into whether the company had fully complied with the FCC’s “C Block rules,” requiring licensees of C Block spectrum to allow customers to freely use the devices and applications of their choosing.

FCC Chairman Julius Genachowski said, “Today’s action demonstrates that compliance with FCC obligations is not optional.  The open device and application obligations were core conditions when Verizon purchased the C-block spectrum.  The massive innovation and investment fueled by the Internet have been driven by consumer choice in both devices and applications.  The steps taken today will not only protect consumer choice, but defend certainty for innovators to continue to deliver new services and apps without fear of being blocked.”

Verizon Wireless offers customers its 4G LTE service on C Block spectrum.  Verizon Wireless bid at auction to acquire that spectrum, understanding that it was accompanied by open device and application obligations.  Specifically, licensees offering service on C Block spectrum “shall not deny, limit, or restrict the ability of their customers to use the devices and applications of their choice on the licensee’s C Block network,” subject to narrow exceptions.

P. Michele Ellison, Enforcement Bureau Chief, said, “This case was the first of its kind in enforcing the pro-consumer open access obligations of the C Block rules.  It underscores the agency’s commitment to guarantee consumers the benefits of an open wireless broadband platform by providing greater consumer choice and fostering innovation.”

The Bureau launched an investigation after reports suggested that Verizon Wireless had successfully requested that a major application store operator block Verizon’s customers from accessing tethering applications from its online market.  (“Tethering” is using a wireless phone as a modem to obtain Internet access for another device, such as a laptop computer or tablet.)

The Commission also received an informal complaint alleging that Verizon Wireless had violated the FCC’s C Block rules by making such a request.  At that time, Verizon Wireless’s terms of service required all customers who wanted to use their phones for tethering to subscribe to the company’s Mobile Broadband Connect service, at an additional charge.  In response, Verizon Wireless stated that the additional fee reflected the fact that customers who tether laptops or other devices have the capability to use more data capacity than others.  At the time of that response, however, Verizon Wireless required not only unlimited data plan customers, but also customers who paid for data on a usage basis, to pay the additional fee.  Verizon Wireless asserted that third-party tethering applications could enable its customers to tether without paying an additional fee.

Under the terms of today’s settlement, Verizon Wireless will make a voluntary payment to the Treasury in the amount of $1.25 million, and has committed to notifying the application store operator that it no longer objects to the availability of the tethering applications to C-Block network customers in the operator’s online market.  Verizon Wireless has also agreed to implement a compliance plan, requiring that:

• employees will receive training on compliance with the C Block rules;
• future communications with application store operators regarding the availability of applications to Verizon Wireless customers will be reviewed in advance by legal counsel; and
• Verizon will report any instances of noncompliance with the rule at issue that might occur during the two-year term of the plan.

In addition, the company recently revised its service offerings such that consumers on usage-based pricing plans may tether, using any application, without paying an additional fee.

SOURCE Droid Life

LAS VEGAS — A former NSA official has accused the NSA’s director of deception during a speech he gave at the DefCon hacker conference on Friday when he asserted that the agency does not collect files on Americans.

William Binney, a former technical director at the NSA, said during a panel discussion that NSA Director Gen. Keith Alexander was playing a “word game” and that the NSA was indeed collecting e-mails, Twitter writings, internet searches and other data belonging to Americans and indexing it.

“Unfortunately, once the software takes in data, it will build profiles on everyone in that data,” he said. “You can simply call it up by the attributes of anyone you want and it’s in place for people to look at.”

He said the NSA began building its data collection system to spy on Americans prior to 9/11, and then used the terrorist attacks that occurred that year as the excuse to launch the data collection project.

“It started in February 2001 when they started asking telecoms for data,” Binney said. “That to me tells me that the real plan was to spy on Americans from the beginning.”

Binney is referring to assertions that former Qwest CEO James Nacchio made in court documents in 2007 that the NSA had asked Qwest, AT&T, Verizon and Bellsouth in early 2001 for customer calling records and that all of the other companies complied with the request, but Nacchio declined to participate until served with a proper legal order.

“The reason I left the NSA was because they started spying on everybody in the country. That’s the reason I left,” said Binney, who resigned from the agency in late 2001.

Binney was contradicting statements made on Friday by Alexander, who told the crowd of hackers and security professionals that his agency “absolutely” does not maintain files on Americans.

“And anybody who would tell you that we’re keeping files or dossiers on the American people,” Alexander continued, “knows that’s not true.”

Alexander also told the audience that the NSA targets only foreign entities and that if it “incidentally” picked up the data of Americans in the process, the agency was required to “minimize” the data, “which means nobody else can see it unless there’s a crime that’s been committed.” Minimization refers to legal restrictions under the United states Signals Intelligence Directive 18 on how data pertaining to U.S. citizens can be handled, distributed or retained.

But ACLU staff attorney Alex Abdo, who was also on the panel, noted that a gaping loophole in the laws governing the NSA allows the agency to do dragnet surveillance of non-Americans and, in the process sweep up the data of Americans they may be communicating with, and hold onto that data even though the Americans aren’t the target. The NSA can then “target [the Americans] after-the-fact.” If, for example, new information came to light involving an American whose information is in the database, the NSA can sift through the “minimized” data and at that point “get the info that they couldn’t target from the outset.”

Earlier this month, the Office of the Director of National Intelligence admitted in a letter sent to Senator Ron Wyden that on at least one occasion the NSA had violated the Constitutional prohibitions on unlawful search and seizure.

According to the letter, the Foreign Intelligence Surveillance Court found that “minimization procedures” used by the government while it was collecting intelligence were “unreasonable under the Fourth Amendment.”

Author James Bamford, speaking with Abdo and Binney, said that the NSA could also get around the law against targeting Americans by targeting a call center for a U.S. company that is based overseas, perhaps in India. When Americans then called the center to obtain information about their bank account or some other transaction, the NSA would be able to pick up that communication.

Finally, Binney contradicted Alexander’s earlier claims that the agency could not violate the law even if it wanted to do so because the NSA is monitored by Congress, both intel committees and their congressional members and their staffs. “So everything we do is auditable by them, by the FISA court … and by the administration. And everything we do is accountable to them…. We are overseen by everybody,” Alexander had said.

But these assertions are disingenuous since, Binney said, “all the oversight is totally dependent on what the NSA tells them. They have no way of knowing what [the NSA is] really doing unless they’re told.”

SOURCE Threat Level

Audio from all of the scheduled talks at HOPE Number Nine is now up on the HOPE website. It’s available for free download in MP3 format at both 16kbps and 64kbps. Feel free to spread them around, convert them to other formats, and add this audio to your own archives. We want to thank everyone involved in the conference who helped make it all possible.

SOURCE 2600: The Hacker Quarterly

Skype used a huge behind-the-scenes change in VoIP service architecture to add messaging monitoring systems, insiders claim, following Microsoft’s acquisition of the company in 2011. According to the industry officials speaking to the Washington Post, the installation of server-based supernodes – hubs through which Skype traffic is routed to improve uptime and reliability as the service gains traction – has had the side-effect of making instant messaging conversations more easily tracked, much to the delight of the FBI and other law-enforcement organizations.

Supernodes are the numerous hubs through which networks of Skype traffic are routed, and were shifted into data centers in recent months after calamitous periods of service downtime. Previously, Skype communication was routed direct from computer to computer; some computers also became supernodes, acting as directory services to help route calls and messages around the dynamically-changing network.

Skype decided, however, to end this system and move the supernodes to dedicated servers. In the process, however, it also apparently gained greater ability to monitor text conversations that passed through them. Voice and video calls, meanwhile, are not routed through supernode servers.

Microsoft dealt with the recent security concerns with “tremendous sensitivity and a canny awareness of what the issues would be,” an industry official familiar with the company’s plans told the newspaper on condition of anonymity. That built upon Microsoft’s “long track record of working successfully with law enforcement here and internationally.”

Personal information, such as credit card data, can also be shared with law enforcement, it’s said, though logs of that and instant messaging chat are only kept for thirty days. Neither Skype nor Microsoft would comment publicly on the idea of a “backdoor” to the service, only confirming that they would cooperate with law officials in as much as it was possible.

The presence of a “backdoor” has been wrongly cited in recent months in the high-profile Megaupload case, where a crack in the VoIP service was for a while believed to have been used to track conversations between Kim DotCom and his team. However, it was later indicated that the FBI had instead loaded a spyware tool onto the Megaupload team’s systems that allowed it to store keylogs and other data.

Does your home have a security system but you don’t subscribe to the monitoring service to make it work? Rip that baby off of the wall and do something with it, or just build your own system around it. If you have a DSC PC1500RK control panel [CaitSith2] shows us how easy it is to control the buttons, LEDs, and buzzer. If you’ve got a different model this is still a good jumping off point to start your own reverse engineering.

There are only four connections that need to be made. [CaitSith2] is using an Arduino for the demonstration. He connected the red wire to voltage, the black wire to ground, the yellow wire (clock) to digital pin 3 and the green wire (data) to digital pin 2. A communication cycle starts by setting the data line high, then clocking out eight bits to capture keypresses. 16-bits are then clocked in to set the LEDs and drive the buzzer. This is shown in the video after the break as well as documented in his sample code. We’ve embedded the sketch after the break to preserve it in case the pastebin code goes missing in the future.

/*
	The code is to interface a DSC PC1500RK alarm keypad.
        It has 15 keys, 11 LEDs, and a Beeper that can be controlled.
        This code cycles through all the LEDs in a top-down fashion.
        The beeper is used to acknowledge that a key has been pressed.
        If the key was pressed successfully, its character is output on the serial line, at 115200 bps.

        Wiring is simple.  Red is Vcc, hooked to 5V
        Black is Gnd.
        Yellow is the Clock line. In this configuration, it is on Digital Pin 3.
        Green is Data, and is on Digital Pin 2.
*/

void setup() {
  //Pin 2 is Data, and is bidirectional.
  //Pin 3 is Clock, and is an output.
  pinMode(2, OUTPUT);
  pinMode(3, OUTPUT);
  Serial.begin(115200);
}

int readdata(int control)
{

  int i,j=0,k=control;
  int bitcount=0;

  for(i=0;i<8;i++)
  {
    j<<=1;
    digitalWrite(2,HIGH);
    digitalWrite(3,LOW);
    delay(2);
    if(digitalRead(2)==HIGH)
      j|=1;
    digitalWrite(3,HIGH);
    delay(2);
  }
  for(i=0;i<16;i++)
  {
    if(k&0x8000)
      digitalWrite(2,HIGH);
    else
      digitalWrite(2,LOW);
    digitalWrite(3,LOW);
    delay(2);
    digitalWrite(3,HIGH);
    delay(2);
    k<<=1;
  }
  j^=0xFF;
  switch(j&0x70)
  {
    case 0x10:
    case 0x20:
    case 0x40:
      switch(j&0x8F)
      {
        case 0x80:
        case 0x08:
        case 0x04:
        case 0x02:
        case 0x01:
          return j;
        default:
          return 0;
      }
    default:
      return 0;
  }

  return 0;
}

void printchar(char A, char B, char C, int D)
{
  switch(D)
  {
    case 1:
      Serial.println(C);
      break;
    case 2:
      Serial.println(B);
      break;
    case 4:
      Serial.println(A);
      break;
  }
}

void loop() {
  int i;
  static unsigned int j=0x80;
  static int k=0,l;
  static int m=0;
  digitalWrite(13, HIGH);   // set the LED on
  i=readdata(j | l);

  m++;
  if(m==4)
  {
    m=0;
    j>>=1;
    if(j==4)
      j=0x8000;
    if(j==0x0200)
      j=0x80;
  }

  if(k==0)
  {
    switch(i&0x8F)
    {
      case 0x80:
        printchar('F','E','P',(i&0x70)>>4);
        break;
      case 0x08:
        printchar('*','0','#',(i&0x70)>>4);
        break;
      case 0x04:
        printchar('7','8','9',(i&0x70)>>4);
        break;
      case 0x02:
        printchar('4','5','6',(i&0x70)>>4);
        break;
      case 0x01:
        printchar('1','2','3',(i&0x70)>>4);
        break;

    }
  }
  if((k!=i)&&(k==0))
    l=1;
  else
    l=0;
  k=i;

  delay(20);
}

/*
if(Serial.available()) {
    int inByte = Serial.read();
    if(inByte == 'H')
    {
        digitalWrite(2,HIGH);
        digitalWrite(3,LOW);
        delay(3);
    }
    else
    {
       digitalWrite(2,LOW);
        digitalWrite(3,LOW);
        delay(3);
    }
    if(digitalRead(2)==LOW)
          Serial.println("LOW");
        else
          Serial.println("HIGH");
   digitalWrite(3,HIGH);
        delay(3);
  }
  */

Filed under: arduino hacks, home hacks, security hacks

SOURCE Hack a Day

How can you make sure that you’ll never share your password with anyone, even under threat of bodily harm, or other illegal and illegal type of coercion? The answer is simple: don’t actually know your…

SOURCE Help Net Security – News

Researchers reverse-engineered iris codes to create synthetic eye images that tricked an iris-recognition system into thinking they were authentic. Can you tell if this is the real image or the synthetic one? All images courtesy of Javier Galbally

LAS VEGAS — Remember that scene in Minority Report when the spider robots stalk Tom Cruise to his apartment and scan his iris to identify him?

Things could have turned out so much better for Cruise had he been wearing a pair of contact lenses embossed with an image of someone else’s iris.

New research being released this week at the Black Hat security conference by academics in Spain and the U.S. may make that possible.

The academics have found a way to recreate iris images that match digital iris codes that are stored in databases and used by iris-recognition systems to identify people. The replica images, they say, can trick commercial iris-recognition systems into believing they’re real images and could help someone thwart identification at border crossings or gain entry to secure facilities protected by biometric systems.

The work goes a step beyond previous work on iris-recognition systems. Previously, researchers have been able to create wholly synthetic iris images that had all of the characteristics of real iris images — but weren’t connected to real people. The images were able to trick iris-recognition systems into thinking they were real irises, though they couldn’t be used to impersonate a real person. But this is the first time anyone has essentially reverse-engineered iris codes to create iris images that closely match the eye images of real subjects, creating the possibility of stealing someone’s identity through their iris.

“The idea is to generate the iris image, and once you have the image you can actually print it and show it to the recognition system, and it will say ‘okay, this is the [right] guy,’” says Javier Galbally, who conducted the research with colleagues at the Biometric Recognition Group-ATVS, at the Universidad Autonoma de Madrid, and researchers at West Virginia University.

SOURCE Threat Level

Laugh-Out-Loud Cats #2019, a photo by Ape Lad on Flickr.

SOURCE HOBOTOPIA