01.15.14

Privacy Watch: Latest Stories

Posted in Action at 5:59 am by Dr. Roy Schestowitz

Summary: News regarding privacy from the weekend and so far this week

• Google begins to merge Google+, Gmail contacts

• Google links social network contacts to Gmail

• Man Jailed for Gmail Invite to Ex-Girlfriend

• Stephen Colbert urged to cancel speech for NSA-linked privacy firm RSA

  Privacy rights groups are calling on comedian Stephen Colbert to cancel his guest speaker appearance at a conference organised by RSA, the security firm accused of accepting millions from the National Security Agency to weaken encryption software.

• Ron Wyden: the future of NSA programs is being determined now

  A key US senator left one meeting at the White House with the impression that President Obama has yet to decide on specific reforms. “The debate is clearly fluid,” senator Ron Wyden of Oregon, a longtime critic of bulk surveillance, told the Guardian after the meeting. “My sense is the president, and the administration, is wrestling with these issues,” Wyden said.

• Advocacy groups plan day of protest against NSA surveillance

  The protest, called the Day We Fight Back, comes a month after the anniversary of Internet activist Aaron Swartz’s death. Swartz committed suicide last January while facing a 35-year prison sentence for hacking into a Massachusetts Institute of Technology network and downloading research articles.

  Among the organizations participating in the protest are Demand Progress, an activist group Swartz co-founded, as well as the Electronic Frontier Foundation, Free Press, Reddit and Mozilla.

• Introducing the TGM SecureDrop Vault

  Today The Global Mail introduces a new, secure way for sources to work with our journalists to expose wrongdoing. The TGM Vault is powered by SecureDrop, “an open-source whistleblower submission system”, managed by Freedom of the Press Foundation. The Vault is a discreet, private place to share information the public has a right to know about; think of it as the digital age equivalent of the parking garage where Bob Woodward met Deep Throat. It’s the most sophisticated of many ways sources can communicate with The Global Mail.

  [...]

  The code for SecureDrop was originally written by the late Aaron Swartz, a 26-year-old computer programmer and open-government activist who – facing prosecution for downloading paywalled academic research articles – committed suicide a year ago today, January 11, 2013. In creating SecureDrop, Swartz was assisted by Wired editor Kevin Poulsen and security expert James Dolan, who has continued to refine the program’s code with the Freedom of the Press Foundation. The Foundation continually audits and tests SecureDrop’s security.

• Hacking of MIT website marks first anniversary of Aaron Swartz’s death

  Saturday marked one year since the death of the internet activist Aaron Swartz. The 26-year-old, who was one of the builders of Reddit, killed himself in New York City on Friday 11 January 2013.

  At the time of his death, Swartz was facing trial over charges of hacking arising from the downloading of millions of documents from the online research group JSTOR. He faced up to 50 years in prison.

  On Saturday, the home page of the Massachusetts Institute of Technology was hacked, reportedly by the Anonymous group. Last year Swartz’s family accused MIT and government prosecutors of being complicit in his death.

• White House meets with privacy advocates to discuss NSA surveillance

• EU report reveals massive scope of secret NSA surveillance

• MEPs seek video link with Snowden for NSA spying probe

• NSA spy scandal dissuading firms from using the US cloud

• Snowden NSA Leaks: India’s Election Commission Dumps Google

• Former NSA Officials Detail Failures of Agency Programs in Memo to Obama

  The details of the THINTHREAD development and the decision by senior NSA officials eventually to discard it are part of a new memo sent to President Barack Obama by a group of former agency officials, some of whom were directly involved in the system’s development. The memo, signed by William Binney, Thomas Drake, Edward Loomis and J. Kirk Wiebe, asks Obama to meet with the former intelligence officers to discuss the recent NSA revelations and the recommendations of the president’s own review group on how to fix the agency.

• NSA makes final push to retain most mass surveillance powers

• Privacy as last line of defense: Snowden’s revelations changed the world in 2013

  For the actions of Snowden have indeed laid bare the fact that we are living in a global crisis of civilization. To date it is estimated that we have only seen about 1 percent of the documents he disclosed – the merest hint of the tip of a monstrous iceberg. What further horrors await us in 2014 and beyond?

• France Inter radio interview at CCC

• FBI Director ‘Confused’ By Reports Calling Snowden A Hero

  FBI Director Jim Comey says he’s “confused” by reports that characterize NSA contractor Edward Snowden as a “whistleblower” or a “hero” because, he says, all three branches of America’s government have approved the bulk collection of U.S. phone records, one of the most important revelations in Snowden’s cascade of leaks.

• Jesse ‘The Mind’ Ventura: Snowden A Patriot, Hero

  Edward Snowden is a hero and a patriot says ex-Minnesota governor and wrestling star Jesse Ventura.

• E.U. Panel Invites Snowden to Testify on Privacy Breaches

  A European Parliament committee has invited Edward J. Snowden, the former National Security Agency contractor who has leaked classified government documents and is now in hiding in Russia, to testify via video link as part of an investigation into how to protect the privacy of European citizens.

• Hackers gain ‘full control’ of critical SCADA systems

• GPG, subkeys, the genius of it!

• Opinion: Social security without the surveillance

  This past year has been the one when it finally came out in the open that we’re all under surveillance – on the internet, on the phone – 24 hours a day.

• Two decades on, we must preserve the internet as a tool of democracy

  Some 25 years after Sir Tim Berners-Lee wrote his proposal, the challenge is to protect rights to privacy and freedom of opinion online

• EU Parliament committee report

• European Parliamentary rapporteur denounces NSA/GCHQ spying as illegal

• NSA Snooping Triggers Foreign Business Flight From US Cloud Services

  A survey conducted by Vancouver, British Columbia-based web hosting service PEER 1 finds that a quarter of Canadian and UK businesses are looking outside of US borders for data storage. Companies outside of the US are leery of using data services hosted in the country due to the spying activities of the US National Security Agency (NSA).

• Obama legacy on line with NSA

• Internet chieftains press Obama over NSA spy swoops

  Bosses from Internet giants including Twitter and Facebook Tuesday pressed President Barack Obama for reforms of US spy agency snooping, adding to rising heat from the courts and American allies.

• The Gang Of Eight: Chris Hedges and William Binney on Obama NSA Guidelines

  Chris Hedges and NSA whistle-blower William Binney tell Paul Jay, in his “Reality Asserts Itself” program, that there should be accountability, including the President himself, for the criminal practices used by the NSA against the American people.

• Aaron Swartz’s spirit animates NSA protest movement a year after his death

  One year ago today, internet activist and technologist Aaron Swartz ended his life. For over a year, Swartz had been fighting a brutal federal case stemming from his sneaky placement of a laptop in an MIT wiring closet, which pilfered stores of academic articles from the JSTOR database. The goal: give 4.8 million scholarly articles to the masses, which Swartz argued was humanity’s birthright in his “Guerrilla Open Access Manifesto“:

• Goodman: The FBI, the NSA and a long-held secret revealed

  This week, more news emerged about the theft of classified government documents, leaked to the press, that revealed a massive, top-secret surveillance program. No, not news of Edward Snowden and the National Security Agency, but of a group of anti-Vietnam war activists who perpetrated one of the most audacious thefts of government secrets in U.S. history, and who successfully evaded capture, remaining anonymous for more than 40 years. Among them: two professors, a day-care provider and a taxi driver.

• RSA Show Boycott Spreads in Wake of NSA Allegations

• NSA Leaks Continue to Pose Challenges for U.S. Firms

  One nation asks for new parts on two satellites for fear of U.S. eavesdropping. Other companies spend money to show that their products do not contain “spycraft.”

• Letter: Edward Snowden is a whistleblower

  Edward Snowden revealed that the NSA routinely lied to Congress, which is a serious federal crime. These revelations make him a whistleblower who should be protected under U.S. law.

• Former NSA worker whistleblower in finest U.S. tradition

  Snowden is by definition a whistleblower because his revelations have inspired widespread public ire, curiosity, debate and political action. It appears that citizens needed to know what the NSA was hiding. Snowden is simply more famous than the nuclear plant workers and the documents he leaked were more highly classified. He is also more vulnerable to severe punishment because he worked in the U.S. intelligence industry.

  [...]

  My wish is for the custodians of these documents to deliver bundles – or megabytes – to good reporters.

• Aaron Swartz documentary clip reveals his thoughts on the ‘spying program’ & the NSA (video)

  One year after the death of Aaron Swartz, a group of Internet activists joined up to protest against what they call “mass suspicionless surveillance.”

• Spying on Congress

  Sen. Bernie Sanders, I-Vt., wrote to Gen. Keith Alexander, director of the National Security Agency, and asked plainly whether the NSA has been or is now spying on members of Congress or other public officials.

  The senator’s letter was no doubt prompted by the revelations of Edward Snowden to the effect that the federal government’s lust for personal private data about all Americans and many foreigners knows no bounds and its respect for the constitutionally protected and statutorily enforced right to privacy is nonexistent.

• Snowden evidence to European Parliament risks damaging EU-US relations

  The decision by the European Parliament’s Committee on Civil Liberties to invite ex-CIA worker Edward Snowden to give evidence by video link from Moscow on the US National Security Agency (NSA) mass surveillance of EU citizens has divided MEPs amid fears of damaging US-EU relations.

• More DHS-funded Police Surveillance Cameras; No Drop in Crime

  Thousands of surveillance cameras are showing up in cities across the country without a corresponding reduction in crime. Citizens are taking notice of this fact of the federal takeover of local police, and they are speaking out.

  On January 8, for example, the Texas Civil Rights Project-Houston issued a statement on its Facebook page criticizing their city’s participation in the construction of the surveillance state.

• The Source of the Section 702 Limitations: Special Needs?

• The EU Parliamentary Inquiry’s Report on Mass Surveillance

  After about five months of hearings and investigating, the European Parliament’s civil liberties committee has published its report on the revelations about mass surveillance leaked by the American former National Security Agency contractor Edward Snowden.

• NSA Phone Spying is Useless in Preventing Terrorist Attacks, Study Says

  As you probably suspected, the NSA’s massive phone record collection “has had no discernible impact on preventing acts of terrorism,” according to a new study. In fact—and perhaps more interestingly—the agency’s real problem isn’t a lack of information. It’s an excess of secrecy.

• NSA snooping fails to prevent terrorist attacks, watchdog group says

• Here’s Another Analysis of How Useless the NSA’s Metadata Collection Program Is

• NSA mass surveillance pretty useless in battle against terrorism – research

• NSA Surveillance Rarely Useful, Study Shows

• NSA ‘Spying Stopped Terrorism’ Claims ‘Overblown and Misleading’

  The NSA’s controversial spying programs have had “no discernible impact on preventing acts of terrorism,” a new study by the New America Foundation has claimed.

• John McCain seeks congressional investigation into ‘broken’ NSA

• Edward Snowden worked at US Embassy in Delhi as NSA contractor: Report

  He stayed there till September 9 while he took classes, and then returned for one more night at the Hyatt before leaving India on September 11, the school was quoted as saying.

• Revealed: NSA whistleblower Edward Snowden worked at U.S. embassy in India

• Researcher describes ease to detect, derail and exploit NSA’s Lawful Interception

• NSA Goes From Saying Bulk Metadata Collection ‘Saves Lives’ To ‘Prevented 54 Attacks’ To ‘Well, It’s A Nice Insurance Policy’

• MLK: Also a victim of NSA surveillance

  Martin Luther King Jr. day is being celebrated on January 20th 2014 amid heated debate on massive dragnet surveillance by the National Security Agency (NSA). Ironically, he was himself a victim of NSA surveillance as unveiled by declassified documents in September last year. Dr. King’s status as an NSA target has been known since the 1970s; nevertheless, this was probably the first time that the U.S. government had declassified it.

• EU parliamentary inquiry finds NSA and GCHQ snooping activities ‘illegal’

  The investigation ruled that activities of NSA and GCHQ have ‘profoundly shaken’ the faith between countries that believed themselves supporters.

• I Spent Two Hours Talking With the NSA’s Bigwigs. Here’s What Has Them Mad

  My expectations were low when I asked the National Security Agency to cooperate with my story on the impact of Edward Snowden’s leaks on the tech industry. During the 1990s, I had been working on a book, Crypto, which dove deep into cryptography policy, and it took me years — years! — to get an interview with an employee crucial to my narrative. I couldn’t quote him, but he provided invaluable background on the Clipper Chip, an ill-fated NSA encryption runaround that purported to strike a balance between protecting personal privacy and maintaining national security.

  [...]

  Why the turnaround? Apparently, the rep told me, Crypto has some fans at Fort Meade. But my professional credentials were obviously not the sole reason for the invite. The post-Snowden NSA has been forced to adopt a more open PR strategy. With its practices, and even its integrity, under attack, its usual Sphinx-like demeanor would not do.

• Congress Defers to President on NSA Reform

  Congress’s decline from the Founders’ vision as “first among equals” in government to an echo chamber of the unitary executive, has been a slow but steady process. In the process we have seen a steady stream of unconstitutional wars and civil liberties abuses at home. Nowhere is this decline more evident than in the stark contrast between the Congressional response to intelligence agencies’ abuses during the post-Watergate era and its response to the far more serious NSA abuses uncovered in recent years.

• NSA revelations prompt Canadian, UK businesses to reconsider US cloud

  As revelations of the US’s widespread digital intelligence gathering techniques continue to populate headlines worldwide, non-US businesses’ trust in American providers of cloud services continues to plummet. A study published at the end of last week suggests one in four Canadian and UK businesses are moving their data outside the US in a bid to evade the NSA’s watchful eye, a significant increase on results reported just six months ago.

• Out in the Open: An NSA-Proof Twitter, Built With Code From Bitcoin and BitTorrent

  When mass political protests erupted throughout Brazil in June, Miguel Freitas did what countless others did: He followed the news on Twitter. Tweets revealed information he couldn’t get anywhere else, including the mainstream media. “Brazilian media is highly concentrated,” says Freitas, an engineer based in Rio de Janeiro. “I have been able to read news that a lot of friends never heard about.”

• Ten Myths About the NSA, Debunked

• NSA apologists misunderstand true privacy

  Maintaining the public’s side of that equation means that the public must be in a continuing state of rebellion against the forces working against the public interest. That’s where whistleblowers such as Edward Snowden come in.

• 500 Years of History Shows that Mass Spying Is Always Aimed at Crushing Dissent

  While the Fourth Amendment [of the U.S. Constitution] was most immediately the product of contemporary revulsion against a regime of writs of assistance, its roots go far deeper. Its adoption in the Constitution of this new Nation reflected the culmination in England a few years earlier of a struggle against oppression which had endured for centuries. The story of that struggle has been fully chronicled in the pages of this Court’s reports, and it would be a needless exercise in pedantry to review again the detailed history of the use of general warrants as instruments of oppression from the time of the Tudors, through the Star Chamber, the Long Parliament, the Restoration, and beyond.

• Posting a child’s life for the world to see is a privacy issue

• Top Secret NSA in 1953: We Need Better Spies, Please

  More than a half-century before Edward Snowden slipped out the door with the National Security Agency’s most closely held secrets, a panel convened by the then-fledgling agency warned of a Soviet nuclear attack and said there was a big vulnerability in the NSA’s ability to see it coming: its own people.

• NSA phone data collection ‘not essential’, judiciary chair says – live

• With NSA review ‘near completion,’ German media hold little hope of ‘no spy’ deal

  The White House has said that its review of NSA spying in the aftermath of Edward Snowden’s revelations is “near completion,” but reports in Germany suggest several of Berlin’s demands are already off the table.

• Germans abandon hope of US ‘no-spy’ treaty

• Stalemate in US-Germany talks over ‘no spy’ agreement – report

• Phone companies wary of change to NSA spying

  Telephone companies are quietly balking at the idea of changing how they collect and store Americans’ phone records to help the National Security Agency’s surveillance programs. They’re worried about their exposure to lawsuits and the price tag if the U.S. government asks them to hold information about customers for longer than they already do.

• You Had One Job to Do: The NSA Doesn’t Actually Stop Terrorism

  For supporters of the National Security Agency’s surveillance program, the monitoring of American phone and web activity is a cheap price to pay for keeping our country safe from terrorist attacks. But how many terrorists attacks does the NSA’s eavesdropping actually prevent? Seeing as the intelligence organization is spending time and money listening to the German chancellor’s cell phone calls, it’s a little hard to believe that they are also shutting down terrorist cells around the globe.

• Privacy Advocates Want Colbert to Cancel a Speech at an NSA-Linked Company

  Stephen Colbert has done tons of sarcastic and critical segments about the NSA (“The more I learn the safer I feel,” he said in October), but now he’s being called on to put those words into action. Colbert is scheduled to speak at an annual conference organized by security firm RSA, but privacy advocates are agitating for him to withdraw because of reports that the NSA paid RSA $10 million to weaken one of its own encryption algorithms.

• If You Want Obama to Rein In the NSA, You’re About to Be Disappointed

  The president will embrace some surveillance reforms, but he’s not about to scale back the national security state.

• The Presidential Task Force on the NSA, A Diversionary Tactic Not Meant to Uncover All The Wrongdoing

  What seems par for the course in America, after a serious trauma affects the nation such as the Kennedy assassination or 9/11 or now over revelations of government wrongdoing exposed by Edward Snowden’s whistleblowing of the NSA’s collection of electronic communications of just about everyone here and abroad, what usually happens is the president calls for a commission to investigate.

  Call it something to soothe the public’s anguish, (Kennedy and 9/11) or indignation over violation of people’s privacy rights (NSA) but in reality these commissions are a sideshow, a diversionary tactic where the investigation isn’t thorough and complete and the truth behind the wrongdoing is far from being discovered.

  As to the latest commission, a presidential task force looking into the NSA’s data mining operation, has recently concluded there is no evidence in any instance where the NSA’s snooping operations prevented a terrorist attack. None!

• NSA official: mass spying has foiled one (or fewer) plots in its whole history

  During an NPR interview, the NSA’s outgoing deputy director John C Inglis — the top civilian official in the NSA hierarchy — admitted that the NSA’s mass surveillance program had foiled a total of one terrorist plot (an attempt to wire some money to al-Shabaab in Somalia) in its entire history. But he doesn’t want to get rid of his agency’s program of spying on everything every American does, because it’s an “insurance policy” in case someone tries the kind of terrorist attack that it might foil.

• February 11 Will Be A Bad Day For The NSA But A Good Day For Freedom

  Edward Snowden revealed last summer that the U.S. is conducting mass surveillance of our internet activity, and now the internet is fighting back. On Feb. 11, a collection of popular sites and activist groups are staging a mass protest against the National Security Administration (NSA) and the blanket, warrantless spying that they do in the name of security.

• NSA’s Preference for Metadata

  A slide from material leaked by ex-NSA contractor Edward Snowden to the Washington Post, showing what happens when an NSA analyst ·tasks· the PRISM system for information about a new surveillance target.

  [...]

  Former NSA Director Michael Hayden long ago made it clear that – given the rapid changes in networked communications and associated technologies – NSA needed to master the “net.” There was no mistaking the intent. He even said he consulted with large Internet companies and their experts in Silicon Valley.

• NSA Snooping Had ‘Minimal’ Impact On Fighting Terrorism

  The US National Security Agency’s (NSA) dragnet that drew in masses of ordinary citizens’ communications data only supplied “minimal” assistance in catching terrorists, according to a report from the New America Foundation.

• Did the NSA kill Hugo Chavez?

  Hugo Chavez was always a stone in the imperial shoe. Underestimated by analysts and consultants ‘Cold War mind’ in Washington, Chavez ended the influence and domination of the United States in Latin America in less than a decade. Transformed Venezuela from a dependent country and delivered to American culture and politics to be a sovereign, free, independent, dignified and proud of its roots, its history and its Indo-Afro-American culture.He rescued the control of strategic resources not only in Venezuela, but throughout Latin America, always with the banner of social justice. He promoted regional integration and the creation of organizations such as the Union of South American Nations (UNASUR), the Bolivarian Alliance for the Peoples of Our America (ALBA) and the Community of Latin American and Caribbean States (CELAC), among others. His stand against U.S. aggression hand gave an example and an inspiration to millions around the world, who viewed with hope the revolution in Venezuela and its regional expansion.

• Did the NSA kill Hugo Chavez?

  The leaked documents from the NSA by Edward Snowden revealed that President Chavez and his government were on the list of the six main targets of U.S. intelligence since at least 2007. Just one year ago, the White House created a special intelligence mission to Venezuela that reported directly to the National Director of Intelligence, above the CIA and 15 other intelligence agencies in the United States. A special mission was completely illegal, with great resources and capabilities. There were only two other missions that style: for Iran and North Korea. Venezuela include two enemy countries was held in Washington indicator of threat posed by Hugo Chavez to U.S. power.

• Reddit, Mozilla And Others To Protest NSA Spying, Honor Aaron Swartz On ‘The Day We Fight Back’

  A coalition of Internet activist groups has announced a worldwide day of solidarity and activism opposing the National Security Agency’s surveillance programs and honoring the memory of open-Internet activist Aaron Swartz.

• Brazilian hacker creates Twitter-like app shielded from NSA gaze

• Debunking the “NSA Mass Surveillance Could Have Stopped 9/11″ Myth

  It’s something that we’re hearing a lot, both from NSA Director General Keith Alexander and others: the NSA’s mass surveillance programs could have stopped 9/11. It’s not true, and recently two people have published good essays debunking this claim.

• Obama Would Have To Unveil ‘Black Budget’ For Spy Agencies Under New Bipartisan Bill

• Dangerous Ruling In Virginia Allows Cleaning Company To Identify Anonymous Yelp Critics

  Last year, we wrote about a troubling case in Virginia, in which a cleaning company, Hadeed Carpet Cleaning, sued seven anonymous Yelp reviewers in an attempt to discover who they were. Hadeed did not dispute the contents of the negative reviews, but rather said that, comparing the information to their own database, they could not identify the reviewers, and thus believed that they might not actually have been customers. Thus, Hadeed claims, the reviews would be defamatory since they didn’t actually represent the experiences of actual customers. Yelp fought back on behalf of its users, pointing out that the First Amendment protects anonymous speech. Yelp pointed out that 11 different states had adopted the so-called Dendrite rules concerning the high bar necessary to force a company to reveal anonymous commenters. The basic idea is that you need to really show that the law has almost certainly been broken before you can identify the individuals.

• Announcing Our New Freedom of the Press Foundation Board Member, Edward Snowden

  Edward Snowden said:

  It is tremendously humbling to be called to serve the cause of our free press. . . on FPF’s Board of Directors. The unconstitutional gathering of the communications records of everyone in America threatens our most basic rights, and the public should have a say in whether or not that continues. Thanks to the work of our free press, today we do, and if the NSA won’t answer to Congress, they’ll have to answer to the newspapers, and ultimately, the people.

Permalink Leave Your Comment      Send this to a friend

Mozilla Should Denounce Microsoft Windows, Not Just Proprietary Web Browsers

Posted in GNU/Linux, Google, Microsoft, Security, Windows at 5:54 am by Dr. Roy Schestowitz

Summary: Mozilla raises an important point by alluding to the fact that non-free (proprietary) software should be assumed to have back doors

SECURITY and privacy require freedom and control (by the user) from bottom to top, starting from the bootloader (NSA backdoors in bootloaders are now rumoured [1]). A British blogger in ZDNet, one whom UEFI Forum tried to silence or appease less than a couple of years back (as they did with other UEFI critics), continues to criticise UEFI, the Microsoft (notoriously strong NSA ally) promoted and Intel (as in intelligence) managed back doors-friendly BIOS replacement (UEFI facilitates remote bricking of computers, over the Internet).

Several months ago Tor was compromised through Firefox on Microsoft Windows. Firefox itself did not have back doors, but Windows has plenty of back doors (this month Microsoft already revealed several [2], which the NSA already knows about) and Mozilla’s own platform uses Linux, not Windows.

Yesterday there were quite a few headlines quoting Mozilla’s Brendan Eich, CTO and SVP of Engineering, for his warning about back doors [3-5], which are destroying any notion of information security in proprietary software [6].

With Mozilla diverging away from Windows (Firefox OS brings back memories of Netscape [7]) and signing major deals to bring this Linux-powered operating system to a lot of devices (not just phones [8-12]) we can hope that the whole stack, from bottom to top (hardware, operating system, applications) will be void of back doors. Let’s wish Mozilla good luck. Chrome, which has just had another major release [13,14] is proprietary (never mind the Chromium marketing) and it cannot be seen as a back doors-free substitute to Firefox and Firefox OS (the same goes for Chrome OS). As for Android, recall what company is behind it. There are already reports (in corporate press) about it being remotely hijacked by the FBI. Ubuntu, Tizen, and Sailfish OS (Jolla) might be other decent options, but we don’t know enough about them, at least not yet. WebOS is controlled by a very surveillance-happy company (LG), so we can assume, as the name suggests, that it transmits personal data over the Web/Internet. █

Related/contextual items from the news:

1. NSA’s backdoors are real — but prove nothing about BadBIOS

   Recent revelations about NSA hardware and firmware backdoors gives all the evidence that those who believe BadBIOS Trojans exist need to see. The spying technology has arrived. The only question is if the BadBIOS incident truly happened.

2. Microsoft Starts 2014 With Four Security Advisories

3. Mozilla Calls on World to Protect Firefox Browser From the NSA

   Brendan Eich is the chief technology officer of the Mozilla Foundation, the non-profit behind the Firefox web browser. Among many other things, he oversees the Firefox security team — the software engineers who work to steel the browser against online attacks from hackers, phishers, and other miscreants — and that team is about to get bigger. Much, much bigger.

4. Mozilla: Firefox Has No Government Backdoors

   Andreas Gal, Mozilla’s vice president of mobile and R&D, and Brendan Eich, CTO and SVP of Engineering, have updated Gal’s blog with a long entry about how Firefox users can trust Mozilla when it comes to government backdoors and user privacy.

   In the blog, they point out that due to laws in the U.S. and elsewhere, Web surfers must interact with Internet services knowing full well that even though cloud service companies want to protect user privacy, eventually one day those companies will be required to comply with laws. The government may acquire information that seems to violate privacy and could even force surveillance. Even more, the government can do so while enforcing gag orders on the service, leaving the consumer unaware.

5. Mozilla CTO Eich: If your browser isn’t open source (ahem, ahem, IE, Chrome, Safari), DON’T TRUST IT

   Mozilla CTO Brendan Eich has cautioned netizens not to blindly trust software vendors, arguing that only open-source software can be assured to be free from government-mandated surveillance code.

   “Every major browser today is distributed by an organization within reach of surveillance laws,” Eich wrote in a joint blog post with Mozilla research and development VP Andreas Gal on Saturday.

   Under those laws, Eich argued, governments could compel software companies to include surveillance code in their products. Worse, the vendors may not be able to admit to the public that such code exists when asked, because of gag orders.

   The Mozilla man argued that open-source software can help alleviate this risk because customers have the opportunity to review its source code and spot any potential backdoors.

6. RIP, information security, done in by backdoors and secret deals

   It seems that the very tools we use to secure our networks represent the greatest insider threat of all

7. Firefox OS: The Return of Microsoft’s Netscape Fears

   Back in the days before the release of Windows 95, just as the public was discovering the Internet as an alternative to private networks such as Prodigy and CompuServe, Netscape was the bomb. In those days, Microsoft didn’t supply any method for surfing the Internet, so people visited their local Egghead store, or other software outlets, to buy a shrink wrapped version of Netscape on floppy disks, which opened up a whole new world to computer users.

8. Linux-based Platform Coming to Low-cost Smartphones, Tablets, Smart TVs

9. Firefox Developers Continue Tuning ASM.js Performance

   ASM.js is the subset of JavaScript that is aimed for performance, easy to optimize, and is suitable for EmScripten to target in its converting of C/C++ code through LLVM and into this optimized JavaScript. EmScripten itself has been an incredibly interesting project.

10. Mozilla Reveals Plans to Take Firefox OS and HTML 5 to New Devices

11. Mozilla Expands Its Firefox OS Partners, Platforms

12. Firefox OS Tablets, TVs and More to Arrive This Year

13. Google Releases Chrome 32 Web Browser for Windows, Mac, Linux
    

14. Chrome 32 Has New Tab Indicators, Better Performance

    Google Chrome 32 features new tab indicators for sound / webcam / casting, automatic blocking of known malware files, a number of new apps and extension APIs, and numerous “under the hood” changes that promise to provide better stability and performance.

Permalink Leave Your Comment      Send this to a friend

Dr. Dobb’s and Forrester ‘Research’ (Microsoft-Funded) Tools of Microsoft Mass Propaganda

Posted in Deception, Microsoft at 5:19 am by Dr. Roy Schestowitz

Summary: Microsoft appears to be using its propaganda partners to paint a deceiving picture of itself

OUR contributor iophk has warned about what he called “product placement”, linking to some new puff piece titled “Microsoft on the ascent – it is cool to be a nerd”.

Looking at what it actually cites as a source, it is the Microsoft-funded (bribed) Forrester, a longtime propaganda tool (instrument of mass deception in exchange for money). The puff piece says: “Microsoft is the “most trusted and essential tech brand,” according to 4,551 US adults recently surveyed by Forrester Research. The survey gauges customer preference of one brand over others, their willingness to pay a premium, and other factors. Forrester called it a “surprise upset.””

This is probably yet another bogus survey, like the surveys Microsoft pays IDC to conduct (asking only circles of people who are already close to or affiliated with Microsoft). Microsoft must be very, very desperate for good publicity, especially with all those NSA scandals.

But it’s not just Forrester though. We previous showed all sorts of shady “think tanks” doing the same thing, calling Microsoft “most ethical company” or something along those lines. It’s objectively false; it’s propaganda. We sometimes see it coming even from Microsoft-funded publications and writers, who were all along technically wrong based on what we’re seeing now (Microsoft is on the decline).

Andrew Binstock, Dr. Dobb’s Executive Editor, is another example of it. Three years ago he and his publication were rebutted as follows: “I’ve subscribed to Dr Dobbs journal off and on for decades, probably for ten to 15 years in total. Wherever I turn in this house, I encounter stacks of old issues of DDJ, even though I’ve thrown away quite a number. A couple of years ago I stopped subscribing, since the main focus of DDJ was drifting away from my main focus, or vice versa, or both. Since Microsoft started buying up all the people central to the C++ evolution, then riddling their version of it with proprietary “extensions” (or rather limitations), that language has become more and more of a dead end and both I, and DDJ moved away from it. But during the years, I’ve often read parts of DDJ on the web and I do get the “Dr Dobbs Update” through email every now and then. The most recent arrived two days ago and had the weirdest “Editor’s Note” ever, at least as far as one would expect from DDJ.”

“The gist of the editor’s note is that Microsoft isn’t as bad as it’s often made out to be. Andrew Binstock, DDJ’s executive editor, takes great pains in the note to show that he is definitely not a classic Microsoft apologist…”

It has been noted (for years) by our readers that something changed in Dr. Dobb’s when it changed hands and suddenly become Microsoft-friendly, FOSS-hostile, and generally non-factual.

It’s not uncommon to see companies, publications, think tanks etc. receiving bribes (soft bribes) to produce propaganda for the payer, but with Microsoft it has become systematic, widespread, and overt. People cannot believe what they read anymore; it’s all lobbying and placements, like those which the network of climate change denial is behind. █

Permalink Leave Your Comment      Send this to a friend

“Normandy” is Not an Android Phone, It’s an Enhanced Surveillance Device

Posted in GNU/Linux, Microsoft at 5:03 am by Dr. Roy Schestowitz

Summary: Android from Nokia — like Android from Facebook — is all about spying and turning users into products

ABOUT a year ago, the Fusion centre which is Facebook (partly Microsoft-owned) claimed it had created an Android phone, integrating the deep surveillance (automatic upload, ID-tagging) with the phone (geo-tracking, back doors). This hardly proved that Microsoft’s camp was embracing Android, except the patent extortion attempts.

There are some fake ‘leaks’ right now claiming to show an Android phone from Nokia. What it really should be treated as is a Skype eavesdropping honeypot, where Microsoft is the middleman. It is not just Skype though. “Microsoft’s own Skype, Outlook, and Office integration” are mentioned. As Sosumi put it in IRC, “so Nokia going for android in order to coerce people into skype and outlook because Windows Mobile is way too heavy?” (he cited this article).

Ryan said: “Nobody should buy this phone. Microsoft is going to take over Nokia soon, so it should be obvious what they’ll do to people who buy this phone. They’ll either cut support for it entirely, or try to change it over to Windows Phone, which nobody really wants because it sucks.” (he cited this).

Ryan concludes: “It looks like it’s an Android-based firmware that Nokia has given a new user interface that looks like Windows Phone.”

MinceR said it’s “probably crippled to make Windows Phone look good.”

“Also,” he said, “anyone who had a clue fled the company long ago” (or got sacked by Elop and fellow moles from Microsoft).

“Normandy” is no friend of Android, FOSS, or Linux. “Normandy” should be shunned and people who think about buying it ridiculed, based on the facts alone. “Normandy” is a Trojan horse and a surveillance tool; it’s not a phone. █

Permalink Leave Your Comment      Send this to a friend

Lawyers’ Attacks on Free/Open Source Software (FOSS)

Posted in Free/Libre Software, Patents at 4:45 am by Dr. Roy Schestowitz

Summary: Leading and cutting-edge FOSS in jeopardy because of a culture of frivolous litigation

OpenStack, which SUSE and Microsoft were trying to make proprietary, recently got protection from OIN because “patent trolls invade the cloud” and as the President of the OSI, Simon Phipps, put it the other day in his post about OIN, “patent trolls target their next victim: Cloud computing”. He explains that “Cloud computing’s success has caught the attention of patent trolls — so the Open Invention Networks is gearing for battle” (although it cannot defend from trolls, only from other large companies with products).

According to this one report from last night, a “Patent Troll Sues The FTC” for standing in its way. To quote some background: “We’ve written a few times about patent troll MPHJ, a company which had a bunch of bizarrely named shell companies sending threatening letters to thousands of small businesses, demanding $1,000 per employee, if those companies happened to have a network connected scanner that had the common “scan to email” feature. MPHJ claimed it had a patent that covered this, and wanted to go after the end users with threats, in order to clean up on “settlements.” MPHJ had become one of the poster children for extreme patent trolls abusing the system, and various states had begun suing the company for threatening local businesses. In fact, just today, NY apparently settled with MPHJ — and revealed that MPHJ acquired its five patents for… $1.”

Let’s clarify that patent trolls (usually lawyers) are a huge problem that needs to go away. But trolls are not the only problem; we need more restrictions on patent law (probably necessitating intervention from SCOTUS [1], which historically did almost nothing to make patents saner). The sad thing is that some legal firms (i.e. lawyers) don’t give a damn about innovation; consider this very recent example [2] where a firm called for “crackdown” on FOSS “internet browsers and payment systems which facilitate illegal activity” (worse than trying to ban research tools like nmap and wget).

No all lawyers are evil, but putting aside those who serve public interests (not many), lawyers should be treated as one of the major threats to FOSS. █

Related/contextual items from the news:

1. Supreme Court looks to rein in top patent court with two new cases

2. O’Donovan calls for crackdown on internet browsers and payment systems which facilitate illegal activity

   Fine Gael TD for Limerick, Patrick O’ Donovan has called for tougher controls on the use of open source internet browsers and payment systems which allow users to remain anonymous in the illegal trade of drugs, weapons and pornography. Deputy O’Donovan has written to the Oireachtas Communications Committee, of which he is a member, asking it to investigate the matter.

Permalink Leave Your Comment      Send this to a friend

01.14.14

Kali Linux Improves GNU/Linux Security in the Age of Suspicionless Laptop Searches

Posted in GNU/Linux at 1:54 pm by Dr. Roy Schestowitz

Summary: A new release of Kali Linux facilitates users’ need to remotely wipe a disk, e.g. in case it falls into the wrong hands

IN A “BRAVE NEW WORLD” hounded by the NSA and its espionage-happy partners we need tools to protect ourselves. One is disk encryption, which helps prevent disk access upon confiscation of devices like laptops (in the US it is now legal to do laptop/tablet/phone searches without even suspicion [1,2]) and another may be remote nuking of data on one’s lost (or ‘detained’) laptop.

Kali Linux 1.0.6 has just been released [3-7], boasting a feature that can “nuke” an encrypted disk (assuming, for example, that the oppressor can make bit-by-bit copy of disk surface for code-breaking on a supercomputer at a later time).

This is a fantastic example of how GNU/Linux development advances to foil Orwellian regimes and forensics as a tool of oppression.

The NSA would of course tell us that only pedophiles and terrorists seek privacy. It could not be further from the truth. █

Related/contextual items from the news:

1. District Judge Upholds Government’s Right to Search Electronics at Border

2. Court Rules No Suspicion Needed for Laptop Searches at Border

   A federal court today dismissed a lawsuit arguing that the government should not be able to search and copy people’s laptops, cell phones, and other devices at border checkpoints without reasonable suspicion. An appeal is being considered. Government documents show that thousands of innocent American citizens are searched when they return from trips abroad.

   “We’re disappointed in today’s decision, which allows the government to conduct intrusive searches of Americans’ laptops and other electronics at the border without any suspicion that those devices contain evidence of wrongdoing,” said Catherine Crump, the American Civil Liberties Union attorney who argued the case in July 2011. “Suspicionless searches of devices containing vast amounts of personal information cannot meet the standard set by the Fourth Amendment, which prohibits unreasonable searches and seizures. Unfortunately, these searches are part of a broader pattern of aggressive government surveillance that collects information on too many innocent people, under lax standards, and without adequate oversight.”

3. Kali Linux 1.0.6 released. Cryptsetup has “nuclear option” integrated

4. Emergency Self Destruction of LUKS in Kali

5. A Kali Linux cryptsetup patch that can “nuke” an encrypted disk

6. Kali Linux 1.0.6 Released with LUKS Self-Destruction Feature

   Kali Linux 1.0.6 is the first release to introduce an amazing feature called “emergency self-destruction of LUKS,” which allows users to quickly nuke the entire installation in case of an emergency.

7. Developers mull adding data nuke to Kali Linux

   Kali Linux is an open-source operating system based on the popular BackTrack Linux suite, but backed and funded by Offensive Security. It can be set up to use full-disk encryption using a combination of Logical Volume Management (LVM) and Linux Unified Key Setup (LUKS).

Permalink Leave Your Comment      Send this to a friend

Indebted to Fedora, the GNU/Linux Factory

Posted in GNU/Linux, Red Hat at 1:29 pm by Dr. Roy Schestowitz

Summary: The contributions of Fedora to GNU/Linux put in some proper perspective

WHILE it is possible that Korora is better than Fedora, no project other than Debian contributes so much to GNU/Linux. Fedora is a contributions leader and its steward, Red Hat, employs a huge number of GNU/Linux developers.

A GTK3 version of Firefox is now coming through Fedora [1], a the aforementioned UX designer for GNOME is said to be working for Red Hat/Fedora [2], Fedora targets/tackles System z 64-bit [3] (kernel feature), and Fedora 21 has a lot of promise [4] (it is scheduled to be released later than expected [5,6]). Fedora is strong when it comes to hardware [7,8], software/repositories [9,10], and of course package/software management [11,12]. Fedora/Red Hat employed the inventor of Yum until he died and Yum got renamed.

To speak negatively about Fedora is to basically forget who it is that puts a lot of effort (and investment) into GNU/Linux development. Ubuntu (of Canonical), by contrast, mostly gets credit for gaining market share. █

Related/contextual items from the news:

1. GTK3 Version Of Firefox Up For Fedora Testing

   It’s taking a long time of the GTK3 port of Mozilla Firefox to be completed, but it’s now been made a bit easier for those wanting to test out GTK3 Firefox on Fedora Linux.

2. openSUSE Forum Back, Allan Day Interview, and Fedora Tidbits

   Allan Day, UX Designer on GNOME for Red Hat, has given an interview to Steven Ovadia over at My Linux Rig. Fedora’s Program Manager blogged on the upcoming Fedora 21 release cycle.

3. Fedora 20 Officially Released for IBM System z 64-Bit

   Dan Horák has announced on January 8 that the Fedora 20 (Heisenbug) Linux operating system is now available for download for the IBM System z (s390x) 64-bit systems.

4. Nameless Fedora 21 Linux Is an Opportunity for Growth

   Typically, Red Hat’s Fedora Linux distribution has two colorfully named releases a year, but that likely won’t be the case in 2014. However, that’s no reason for concern.
   The Red Hat-sponsored Fedora Linux community recently celebrated its 10th anniversary, capping off a decade of releases and evolution. In 2014, Fedora could be in store for its biggest evolution since the project’s creation, with fewer releases and even a new naming strategy.

5. Fedora 21 Won’t Be Released Before August

6. Where’s Fedora 21 schedule?

   Is Fedora 21 going to be released in the old model way, or new one? Hard to answer right now. But there’s one date – F21 is not going to be released earlier than in August (and I’d say late August). See FESCo ticket. What’s the reason? As otherwise we would try to hit May timeframe? Short answe: we want to give the opportunity to the teams that are smashed by release windmills to work on tooling.

7. AMD Radeon R9 270 in Fedora 20 experience

   A week ago I’ve bough MSI Radeon R9 270 GAMING 2G. It’s an upper mid-range card and most new games should run on it reasonably well on high details. In Fedora there are two choices – you can either use the default open-source radeonsi driver, or you can install proprietary catalyst driver. I have tried general system functionality and also a lot of games (through Steam) on both drivers.

8. Ubuntu 13.10 vs. Fedora 20 Benchmarks

9. Fedora Utils: An overview

   I was a happy Ubuntu user, until Gnome Shell arrived! It was new, it was shiny. And it provided all those things that I needed. I mostly used the compiz expo plugin to switch between tasks. I would set-up my top-left corner as a hot corner to trigger expo and use docky for my favourite apps. When I tried Gnome Shell 3.2, it was quite similar, expect the dock was on left. But that didn’t hamper my experience. I initially used docky and awn, but finally got rid of it.

10. EPEL 7 Development

11. Fedora’s Yum Replacement Ready For User Testing

    DNF, the next-generation yum package manager spearheaded by the Fedora project, is now ready for end-user testing ahead of its expected use out-of-the-box by Fedora 22.

12. Fedora Users Still Have Mixed Feelings Over DNF

    While DNF isn’t the default package manager on Fedora Linux installations until at least Fedora 22, there’s still many mixed reservations about this intended replacement to Yum.

Permalink Leave Your Comment      Send this to a friend

Korora Claimed Better Fedora Than Fedora, and It’s Growing!

Posted in GNU/Linux, Red Hat at 12:53 pm by Dr. Roy Schestowitz

Summary: A promising Fedora derivative releases a GNU/Linux distribution just weeks after Red Hat

Korora 20 was recently released [1], following the promising footsteps of Fedora 20. Some say that Korora is better than Fedora [2], not just because of the new fantastic Web site [3] but also technical merit in the distribution itself [4]. Techrights has not tested Korora, but the founder and principal developer of Korora (there are now two, plus one who is a tester and support administrator) is a longtime supporter and at times contributor of ours. He is a man of principles and his site uses encryption (SSL) by default, diverting all unencrypted requests to HTTPS. █

Related/contextual items from the news:

1. Korora 20 Fedora Remix “Peach” Now Available

2. Meet Korora 20 – It’s like Fedora, but Better

   Korora, a Fedora Remix distribution with tweaks and extras to make the system “just work” out of the box, which aims to provide a complete and easy-to-use system for general computing, is now at version 20.

   Korora 20 has been dubbed “Peach” and is based on Fedora 20 “Heisenbug.” The developers followed closely the Fedora 20 cycle, so it’s only natural that Korora is a stable version.

3. Korora 20 (Peach) released with a side of website refreshments

   This release brings with it a significant amount of work by the team and community to bring not two but ”five desktops” that have been shaped for a genuine Korora experience. The additions of Cinnamon, MATE and Xfce represent the growth of our community and their contributions. Thank you to all who have contributed to make this possible.

4. Korora 20 (Peach) hand-on: Even better than I expected

Permalink Leave Your Comment      Send this to a friend