Monday, September 23, 2013

Sunday, September 22, 2013

Security & Hacking: "Chaos Computer Club breaks Apple TouchID"



URL for Youtube above is http://youtu.be/HM8b8d8kSNQ

Link to the Chaos Computer Club's article (in English) about the hack is http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid

Their article links to earlier one about making fake fingerprints http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?language=en

I would like to see more detail about how many failed attempts they had, because it is supposed to require passcode after 5 failed attempts, phone restart, or 48 hours without unlocking.

Passcode is also required to setup/enable or edit fingerprint reader.

For more on Apple's Touch ID see:

Wednesday, September 18, 2013

Dinnerbone visits Minecrack!




Vechz gets a pleasant terrifying surprise!

For more of Vechz's VOD's see his Youtube Channel http://www.youtube.com/user/Vechz?feature=watch

For more on Mindcrack https://www.youtube.com/user/MindCrackNetwork/about and http://www.reddit.com/r/mindcrack/ are good places to start!

Dinnerbone can be found at http://dinnerbone.com/blog/, or @Dinnerbone  , or
https://twitter.com/Dinnerbone when he isn't terrifying helpless Vechz ^_^


Tuesday, September 10, 2013

Microsoft Windows Patch Tuesday again!

That time again, if your interested in key points to this update, see Brian Krebs summary of this Patch Tuesday http://krebsonsecurity.com/2013/09/adobe-microsoft-push-critical-security-fixes-2/

NSA News: "Declassified court documents highlight NSA violations"

Sourcehttp://apps.washingtonpost.com/g/page/world/declassified-fisa-court-documents-on-intelligence-collection/447/

Storyhttp://www.washingtonpost.com/world/national-security/declassified-court-documents-highlight-nsa-violations/2013/09/10/60b5822c-1a4b-11e3-a628-7e6dde8f889d_story.html

Snippet from story above:
"“The court finds that the government’s failure to ensure that responsible officials adequately understood the NSA’s alert list process, and to accurately report its implementation to the court, has prevented for more than two years both the government and the FISC from taking steps to remedy daily violations,” Walton wrote. "

Really disturbing, and shows how blatantly NSA officials, Senator Feinstein, and President Obama have been lying when they claim no serious or intentional violations.

Direct quote from President Obama:
"And if you look at the reports, even the disclosures that Mr. Snowden's put forward, all the stories that have been written, what you're not reading about is the government actually abusing these programs and, you know, listening in on people's phone calls or inappropriately reading people's emails." ~http://www.washingtonpost.com/politics/transcript-president-obamas-august-9-2013-news-conference-at-the-white-house/2013/08/09/5a6c21e8-011c-11e3-9a3e-916de805f65d_story_4.html
Then consider this tweet, https://twitter.com/csoghoian/status/377440206284406785:
"Ex-FBI general counsel Valerie Caproni, fan of surveillance backdoors, confirmed by Senate to be federal judge in NY. "
Note that Valerie Caproni was nominated by President Barack Obama, based on her excellent record in the FBI I assume, from Wikipedia
House Judiciary Committee Chair John Conyers, Jr's statement:  "Today’s hearing showed that the FBI broke the law on telephone records privacy and the General Counsel’s Office, headed by Valerie Caproni, sanctioned it and must face consequences.  I call upon FBI Director Mueller to take immediate action to punish those who violated the rules, including firing them from the agency. This must include the FBI Office of General Counsel, headed by Valerie Caproni, which the IG testified today had approved [the] continued use of exigent letters and provided legal advice that was inconsistent with federal law. Between 2003 and 2006, the FBI improperly obtained personal telephone record information from U.S. telephone companies for more than 5,500 phone numbers, including private details protected by federal law. "

I am seeing a pretty consistent pattern here, and it certainly isn't a positive one.


Sources & Additional information:




Update on John Hopkins University and NSA blog posts

"I just received a very kind formal apology from the Interim Dean of JHU Whiting School of Engineering."  Matthew Green ~https://twitter.com/matthew_d_green/status/377491743870291968

Andrew Douglas, the interim Dean involved, wrote a very manner (to use a SC2/Korean phrase) apology, he also released a copy to the press.

A copy of the apology can be read at http://arstechnica.com/security/2013/09/university-apologizes-for-censoring-crypto-prof-over-anti-nsa-post/.

I know from personal experience how hard it is to admit your wrong about something serious and apologize.

Andrew Douglas, Ph.D. has earned my respect by the way he dealt with this issue, once he realized a mistake had been made.

As I have stated before, everyone makes mistakes, only foolish people fail to learn from them.

I like to think wise people learn from the mistakes of others, so they have opportunity to make their own original mistakes.

Nerd News: iPhone 5S Good, Bad, & Big Brother

Full details at Ars live blog of Apple's event http://live.arstechnica.com/apple-september-10-event/

Apple has updated their website as well, details about iPhone 5S at http://www.apple.com/pr/library/2013/09/10Apple-Announces-iPhone-5s-The-Most-Forward-Thinking-Smartphone-in-the-World.html and front splash page comparing all the iPhones http://www.apple.com/iphone/compare/

I like the fingerprint reader, I just hope it is executed securely!

Apple says fingerprint data stays on device, never leaves it.

They have added a chip that tracks all motion of the phone even when asleep though, "Every iPhone 5s includes the new M7 motion coprocessor that gathers data from the accelerometer, gyroscope and compass..." source

"The M7 motion coprocessor continuously measures your motion data, even when the device is asleep, and saves battery life for pedometer or other fitness apps that use the accelerometer all day.source

Though Apple says that is for fitness apps & such, it makes me think of http://en.wikipedia.org/wiki/Inertial_navigation_system.

Which would let them map your house, office, and everywhere else you hang out, if the sensors were accurate enough, and I bet that data does go to Apple's servers.

I know Google and Apple have both been working on mapping inside of buildings already.

See http://www.ecommercetimes.com/story/77635.html for more on that.

Thursday, September 5, 2013

Nerd News: Paypal likes to freeze accounts it seems

Article today at Ars about Paypal freezing Mailpile's account http://arstechnica.com/business/2013/09/paypal-freezes-45000-of-mailpiles-crowdfunded-dollars/

Paypal has frozen Notch's, the Master of Minecraft, Paypal account at least twice before, according to his blog posts: (15 Jun 2009) I wonder why I used paypal.. & (10 Sep 2010) Working on a Friday update, crying over paypal.

If you live in US or Australia you can buy Minecraft Prepaid cards from many stores, I blogged details at http://cliffsesportcorner.blogspot.com/2013/08/minecraft-prepaid-pc-mac-cards-in-usa.html

I am not a fan of Paypal, I have blogged about the reasons before, see Paypal Make It Right!

Just click on Paypal or Minecraft labels to see all my posts on those topics, labels can also be found in cloud at left side of blog, or at bottom left of every post.

Wednesday, September 4, 2013

Nerd News: Samsung September 4, 2013 Event & Live Stream


[Note: if you start embedded live stream before event, it will display a countdown timer]

Live Stream link https://www.youtube.com/user/SAMSUNGmobile

If rumors are correct we will get to see new Galaxy Note 3!

We might also see a new Smartwatch.

As I blogged about a year ago http://cliffsesportcorner.blogspot.com/2012/09/nerd-news-samsung-october-24-2012-event.html I was really interested in the Note 2, unfortunately I couldn't fit that into my budget until a few months ago, so I decided to wait for Note 3, got a cheap Nokia Lumia 521 (WP8) to tide me over, since my Blackberry was failing.

Of course Google dropped price on the Nexus 4 week after I went with the Lumia 521, seems like the way it always goes for me T_T

I am hoping we see a Google Play edition of the Note 3, really really want that.