Monthly Archives: September 2015

UK GCHQ stashes away 50+ billion records a day on people.

Posted on by
Reply

By 2010, GCHQ stated it was logging “30bn metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion.”GCHQ has since “developed new population scale analytics for multi-petabyte cluster,” which allows “population scale target discovery.”In a vision document for 2013, its aim was to have created “the world’s biggest SIGINT engine to run cyber operations and to enable IA, Effects and SIGINT … [as well as] to perform CNE exfiltration, eAD, beaconry, and geo-location.”

Source: Blighty’s GCHQ stashes away 50+ billion records a day on people. Just let that sink in • The Register

Minority Report Predictive Policing hits US

Posted on by
Reply

The strategy, known as predictive policing, combines elements of traditional policing, like increased attention to crime “hot spots” and close monitoring of recent parolees. But it often also uses other data, including information about friendships, social media activity and drug use, to identify “hot people” and aid the authorities in forecasting crime.

Source: Police Program Aims to Pinpoint Those Most Likely to Commit Crimes

This is very worrying. Reading the article it seems they are handling it well – they are inviting potential purpetrators in and explaining what’s going on, hoping to shock them. If a crime is committed, everyone in the predictive chain is picked up and they sling the book at them for everything they can find. Fair enough, they shouldn’t have been breaking the law anyway and if they get picked up for it because they were in an associative chain is just as good as if they get picked up due to any other reason.

However, if you are friends with a criminal, you may get invited to the courts again and again and again, even if you did nothing wrong yourself – the same problem no-fly lists have: false positives. Another thing is that you need to troll through huge amounts of personal data in order to get these predictive models to work. This means that people and organisations could (in practice shows they do!) misuse their access to your personal data.

The article has some figures on how well this does compared to traditional policing and other predictive models, but the jury is still out on that really. It needs longer and more testing.

Lenovo, still spying on all PCs

Posted on by
Reply

Following up Lenovo’s blunders regarding the Superfish malware and altered BIOS, Michael Horowitz at ComputerWorld reports that a refurbished ThinkPad he bought includes Lenovo spyware under the guise of “Customer Feedback”. After some digging around, he found the following in a support document: “Lenovo says here that all ThinkPad, ThinkCentre and ThinkStation PCs, running Windows 7 and 8.1, may upload ‘non-personal and non-identifying information about Lenovo software application usage’ to 112.2o7.net.”

Source: Lenovo Collects Usage Data On ThinkPad, ThinkCentre and ThinkStation PCs – Slashdot

Official: North America COMPLETELY OUT of new IPv4 addresses

Posted on by
Reply

In the past few minutes, ARIN – the non-profit that oversees the allocation of IP addresses in North America – confirmed the available pool of the 32-bit network addresses is totally depleted. Last night, the team estimated there were just 1,024 IPv4 addresses left in its pool – dregs, in other words. Now that’s all gone.

Now’s the time to move to over to IPv6, ARIN boss tells El Reg

Source: Official: North America COMPLETELY OUT of new IPv4 addresses

5.6m, not 1.1m fingerprint images of us gov security cleared people stolen

Posted on by
Reply

WASHINGTON — The number of people applying for or receiving security clearances whose fingerprint images were stolen in one of the worst U.S. government data breaches is now believed to be 5.6 million, not 1.1 million as first thought, the Office of Personnel Management announced Wednesday.

The agency was the victim of what the U.S. believes was a Chinese espionage operation that affected an estimated 21.5 million current and former federal employees or job applicants. The theft could give Chinese intelligence a huge leg up in recruiting informants inside the U.S. government, experts believe. It also could help the Chinese identify U.S. spies abroad, according to American officials.

Military.com

​Dutch MOD, P&W sign contract to stand up F135 maintenance site

Posted on by
Reply

The Dutch Ministry of Defence has formalised an agreement with Pratt & Whitney to establish an organic F135 engine maintenance, repair, overhaul and upgrade (MRO&U) shop at the Royal Netherlands Air Force’s Woensdrecht Logistics Centre with the goal of supporting Lockheed Martin F-35 operations by 2019.

Source: ​Dutch MOD, P&W sign contract to stand up F135 maintenance site

Cheap thermal imagers can steal user PINs

Posted on by
Reply

A British infosec company has found that cheap thermal imaging accessories for smartphones can be used to glean personal identification numbers entered on push-button security devices on bank ATMs..

Thermal imaging devices used to be bulky and expensive, but Sec-Tec told iTnews they can now be bought cheaply as compact iPhone accessories – for instance, the FLIR One, which retails for US$249 (A$340).

The company tested several PIN pads in ATMs, locks and safes with the thermal imagers and found they could “leak” the digits entered by legimate users for longer than a minute after use.

Cheap thermal imagers can steal user PINs

The Sensel Morph – finally a replacement Fingerworks Touchstream!

Posted on by
Reply

These guys have launched a wildly succesfull kickstarter to produce what is basically a large touchpad. You can print 3D overlays which magnetically lock into place. Programming new overlays shouldn’t be too tough. It’s sensitive enough to detect paint brushes. Now let’s hope it can be a keyboard with the pinch and zoom and multifinger gestures the guys at Fingerworks invented before it was bought up (and then commercially killed) by Apple!

https://www.kickstarter.com/projects/1152958674/the-sensel-morph-interaction-evolved

Estimating the reproducibility of psychological science – not doing too well…

Posted on by
Reply

Yet again a major study looks at reproducing results (in this case only in psychological studies) and finds that the strength of the results is much lower than published.

Expect this to happen for economics, political science, etc as well.

Reproducibility is a defining feature of science, but the extent to which it characterizes current research is unknown. We conducted replications of 100 experimental and correlational studies published in three psychology journals using high-powered designs and original materials when available. Replication effects were half the magnitude of original effects, representing a substantial decline. Ninety-seven percent of original studies had statistically significant results. Thirty-six percent of replications had statistically significant results; 47% of original effect sizes were in the 95% confidence interval of the replication effect size; 39% of effects were subjectively rated to have replicated the original result; and if no bias in original results is assumed, combining original and replication results left 68% with statistically significant effects. Correlational tests suggest that replication success was better predicted by the strength of original evidence than by characteristics of the original and replication teams.

Source: Estimating the reproducibility of psychological science

Philips Hue – strip lighting connected to wifi that changes colour

Posted on by
Reply

Philips Hue combines brilliant LED light with intuitive technology. Then puts it in the palm of your hand.Together, the bulbs, the bridge and the app will change the way you use light. Forever. Experiment with shades of white, from invigorating blue/white to cozy yellow/white. Or play with all the colors in the spectrum.

Source: Meet hue | The system

Basically it comes in all shapes and sizes and can turn your house into a nightclub. You run it from your mobile or you can automate the on and off through a website. It plugs into your normal fittings and you have to buy a controller (bridge) that can handle 50 bulbs.

Ex-Secret Service agent who siphoned almost $1m worth of Bitcoin from Silk Road takes plea deal

Posted on by
Reply

The US Department of Justice (DoJ) said Bridges admitted to using a seized administrator account on Silk Road in order to lift Bitcoin from various accounts and deposit them into his own wallet. He then sold off the Bitcoin on the Mt Gox exchange between March and May of 2013 and came away with $820,000 in cash.

Bridges also admitted to lying to investigators and working to obstruct others who were investigating both Silk Road and his own actions.

Source: Ex-Secret Service agent who siphoned Bitcoin from Silk Road takes plea deal

Apply Magic Sauce – Cambridge University Prediction API that takes your Facebook likes and creates a predictive psych-demographic profile

Posted on by
Reply

his is a prediction of your psycho-demographic profile based on your Facebook Likes. It uses a snapshot of your digital footprint to visualise how others perceive you online and therefore may not be an entirely accurate picture of who you really are. You could take more psychometric tests as well and compare the results!

Source: Apply Magic Sauce – Prediction API – Test

Translucent Li-ion Battery Charges Itself by Using Sunlight, could be used as smartphone screen

Posted on by
Reply

A Japanese research group prototyped a translucent lithium-ion (Li-ion) rechargeable battery that can charge itself by using sunlight.

With the battery, the group aims to realize a “smart window,” which is an almost transparent window that functions both as a large-area rechargeable battery and as a photovoltaic cell (when the window receives sunlight, it is pigmented, lowering light transmittance).

The group is led by Mitsunobu Sato, president of Kogakuin University and professor at the Department of Applied Physics, School of Advanced Engineering of the university. The battery was exhibited at Innovation Japan 2015, a trade show that took place from Aug 27 and 28, 2015, in Tokyo.

Source: Translucent Li-ion Battery Charges Itself by Using Sunlight

381 Wikipedia editors ban hammered for extorting article subjects to pay “protection money”

Posted on by
Reply

Wikipedia is no stranger to scandals, but a quiet update on its administrators’ announcement board reveals a big problem. The site’s CheckUser team recently banned 381 editors’ accounts for “undisclosed paid advocacy.” In other words, these Wikipedians were secretly shilling for brands and even resorting to extortion.

The scam is relatively straightforward. Using sockpuppet accounts, the fraudster editors would create complete but unpublished articles about anything from Bitcoin casinos to rock bands. They’d then approach the subject of the article and offer to publish it for a fee. If the subject agreed, the page would go live, and the Wikipedia editors would then offer the subject of the article an insurance policy of sorts. For about $30 a month, they’d “protect the article from vandalism and prevent its deletion.” That’s kind of like how you can pay off the mafia so that you don’t get robbed.

Source: Wikipedia Bans Hundreds of Editors Who Extorted Users for Cash

‘Archaeology on steroids’: huge ritual arena discovered near Stonehenge

Posted on by
Reply

Researchers find hidden remains of massive Neolithic stone monument, thought to have been hauled into position more than 4,500 years ago

Source: ‘Archaeology on steroids’: huge ritual arena discovered near Stonehenge

Archaeologists have discovered the remains of a massive stone monument buried under a thick, grassy bank only two miles from Stonehenge.

The hidden arrangement of up to 90 huge standing stones formed part of a C-shaped Neolithic arena that bordered a dry valley and faced directly towards the river Avon.

Researchers used ground-penetrating radar to image about 30 intact stones measuring up to 4.5m tall. The fragments of 60 more buried stones, or the massive foundation pits in which they stood, reveal the full extent of the monument.

How Ashley Madison Hid Its Fembot Con From Users and Investigators

Posted on by
Reply

The developers at Ashley Madison created their first artificial woman sometime in early 2002. Her nickname was Sensuous Kitten, and she is listed as the tenth member of Ashley Madison in the company’s leaked user database. On her profile, she announces: “I’m having trouble with my computer … send a message!”

Source: How Ashley Madison Hid Its Fembot Con From Users and Investigators

AI starts here!

Microsoft pushes 3GB Windows 10 to your PC even if you don’t want to upgrade — here’s how to stop it

Posted on by
Reply

After a concerned Windows user wrote in to the Inquirer, reports blew up this week that Microsoft is downloading Windows 10 installation files onto users’ machines without them reserving a copy of the new operating system. We reached out to the company to set the record straight; we confirmed that this occurs when Automatic Updates is enabled, and that this is nothing new — it’s been happening since Windows 10 launched on July 29.

Source: Microsoft will download Windows 10 even if you don’t want to upgrade — here’s how to stop it

3GB is a huge amount of bandwidth, especially if you’re on a metered connection!