Readings: Rpi Copy-Paste Warning, Printing Memory on Paper, WSJ Hacked

Reddit/thejh: Beware copy/paste from a web page to the (Raspberry Pi) command lineHadn’t thought of this, but a good point.

CEN: Researchers Print Electronic Memory On Paper – “Electronics printed on paper promise to be cheap, flexible, and recyclable, and could lead to applications such as smart labels on foods and pharmaceuticals or as wearable medical sensors. Many engineers have managed to print transistors and solar cells on paper, but one key component of a smart device has been missing—memory.” – Fantastic step forward and, if the war on ubiquitous computing continues, as much of a game-changer as 3D printing processes are to gun control.

Ars Technica: WSJ website hacked, data offered for sale for 1 bitcoin - “The hacker was offering what he claimed was user information and server access credentials that would allow others to “modify articles, add new content, insert malicious content in any page, add new users, delete users, and so on,” Andrew Komarov, chief executive officer of cybersecurity firm IntelCrawl, told The Wall Street Journal.” – SQLi attack, supposedly. Would be interesting to see the results of malicious content served to WSJ readers. Juicier targets and at the same time likely lower-hanging fruit among them given the likelihood that a financier is well-versed in information security.

One of the Lowly

“Becoming belongs to the heights and is full of torment. How can you become if you never are? Therefore you need your bottommost, since there you are. But therefore you also need your heights, since there you become.

To be that which you are is the bath of rebirth. In the depths, being is not an unconditional persistence but an endlessly slow growth. You think you are standing still like swamp water, but slowly you flow into the sea that covers the earth’s greatest deeps, and is so vast that firm land seems only an island imbedded in the womb of the immeasurable sea.”

Carl Jung, “One Of The Lowly,” Liber Novus/Red Book

Readings: BTK and OpSec, Facebook gets fugitive nabbed, Driverless Car Fearmongering

grugq: Don’t Take OPSEC Advice From the Police – “In his letters to police, Rader asked if his writings, if put on a floppy disk, could be traced or not. The police answered his question in a newspaper ad posted in the Wichita Eagle saying it would be safe to use the disk.” – I knew the serial killer known as “BTK” was caught over data found on a disk he had sent in; had no idea it was after he had apparently asked for and received advice from the police on whether it was traceable. (Also, if you’re interested in operational security and similar issues, grugq’s tumblr is a fantastic trove of information.

Ars Technica: On the lam for decades, fugitive’s Facebook account dooms him – ‘US Attorney Melinda Haag’s office in San Francisco said the 61-year-old fugitive was apprehended “after the US Department of State’s Bureau of Diplomatic Security researched social media websites and found Legaspi’s Facebook page. The Royal Canadian Mounted Police used the information to apprehend Legaspi.”‘ – I have no words.

Verge: The FBI is worried driverless cars will be used as bombs

Criminals could use driverless cars to evade law enforcement, shoot cops from the back of the vehicle, and “conduct tasks that require use of both hands or taking one’s eyes off the road which would be impossible today,” according to an internal report obtained by The Guardian. The last concern was outlined in a section called “multitasking.”

Another fear is that criminals will pack a driverless car with explosives and program it to drive itself into a target.

Sigh.

Readings: Cryptolocker Redemption, Third Intel Leaker, WiFi as X-Ray

BBC: Cryptolocker victims to get files back for free – “Now, security firms Fox-IT and FireEye – which aided the effort to shut down the Gameover Zeus group – have created a portal, called Decrypt Cryptolocker, via which any of the 500,000 victims can find out the key to unlock their files.” – Some surprising numbers in there, including the fact that only 1.3% of victims paid up. I would’ve expected it to be higher.

Schneier: The US Intelligence Community has a Third LeakerSchneier has a brief, convincing argument for not just the second leaker being talked about now but a third.

Verge: Robots can use Wi-Fi as X-ray vision – “Their method works by having two autonomous robots make their way around an unknown structure, with one sending a signal off to another. Eventually, the receiver will collect enough data about where the signal is strong and weak to build a two-dimensional picture of what it’s been looking at.” – An interesting idea to come across with the Signal Strength image still in my head. Serious implications for privacy.

Readings: Brazil Gyno Teacher Tests, Open Access Surveillance Oops, Xiaomi Phones Home

Telegraph: Brazil anger over gynaecological tests for teachers – “Women’s rights advocates in Brazil have denounced requirements by the country’s most populous state for prospective female teachers to submit to gynaecological exams or prove their virginity in order to work.” – I have no words.

Forbes: Whoops, Anyone Could Watch California City’s Police Surveillance Cameras – “The cameras used a proprietary mesh protocol to communicate but were not password-protected. Hoffman and Kinsey said that the protocol was fairly easily reverse-engineered and that tapping into the network was then easy, requiring no specialized hardware, and allowing anyone to have a police-eye’s view of the town.” – Police department became aware of the problem, subsequently “secured” the mesh network through WEP encryption…which has been entirely broken for years. This is why we can’t have nice things, Law Enforcement.

TNW: Xiaomi makes its cloud messaging service optional for users following security concerns – “However, a recent report from F-Secure highlighted that the service appears to share a range of information with a server in China — including the device’s IMEI number, customer’s phone number, phone contacts and text messages received. The idea of sharing such data to a server in China, where it could be open to access from the government, naturally raised some concerns, particularly since there was no way to opt out.” – Given that Huawei got blackballed for much less, I wonder if this has closed off the US market to Xiaomi.

Mark 39

“The B-52 [over North Carolina] was carrying two Mark 39 hydrogen bombs, each with a yield of 4 megatons. As the aircraft spun downward, centrifugal forces pulled a lanyard in the cockpit. The lanyard was attached to the bomb release mechanism. When the lanyard was pulled, the locking pins were removed from one of the bombs. The Mark 39 fell from the plane. The arming wires were yanked out, and the bomb responded as though it had been deliberately released by the crew above a target. The pulse generator activated the low-voltage thermal batteries. The drogue parachute opened, and then the main chute. The barometric switches closed. The timer ran out, activating the high-voltage thermal batteries. The bomb hit the ground, and the piezoelectric crystals inside the nose crushed. They sent a firing signal. But the weapon didn’t detonate.”

Eric Schlosser, Command and Control: Nuclear Weapons, the Damascus Accident, and the Illusion of Safety

Readings: Ebola Papers, Check Your Science, Zimbardo’s Ugly Problems

reddit: Understand the Dynamics of Ebola EpidemicsFor the bored, curious, and comorbidly morbid, a handful of open-access papers on Ebola (mostly epidemiological in nature) available in this reddit thread. Possibly made more relevant by an index patient in Sierra Leone disappearing from the hospital, and the top Sierra Leonan ebola virologist coming down with the virus.

Also reddit: A toxicology professor from McGill did an AMA (“Ask Me Anything”) on his research into electromagnetic radiation and health effects. Redditors ripped apart his shoddy science and he basically refused to answer a single hard question.

BPS Research Digest: What the textbooks don’t tell you – one of psychology’s most famous experiments was seriously flawed

The SPE was criticised back in the 70s, but that criticism has noticeably escalated and widened in recent years. New details to emerge show that Zimbardo played a key role in encouraging his “guards” to behave in tyrannical fashion. Critics have pointed out that only one third of guards behaved sadistically (this argues against the overwhelming power of the situation). Question marks have also been raised about the self-selection of particular personality types into the study. Moreover, in 2002, the social psychologists Steve Reicher and Alex Haslam conducted the BBC Prison Study to test the conventional interpretation of the SPE. The researchers deliberately avoided directing their participants as Zimbardo had his, and this time it was the prisoners who initially formed a strong group identity and overthrew the guards.

Article goes on to talk about how the Stanford Prison Experiment is covered in top US psychology textbooks, which is less than inspiring. While I was studying the SPE was certainly regarded as a staple in psych education, a bit of a monolith. I should’ve known better!

Readings: Tea Party Congressman Is An Idiot, Tasers and Suicide Bombers, The More Media Changes

FP: Freshman Congressman Mistakes Senior Government Officials for Foreigners – “In an intensely awkward congressional hearing of the House Foreign Affairs Committee on Thursday, freshman Rep. Curt Clawson misidentified two senior U.S. government officials as representatives of the Indian government.” – Tea partier from Florida. Shocker.

Speaking of shockers, from the Journal of Forensic Sciences: Sensitivity of TATP to a TASER Electrical Output – “A series of experiments were performed to evaluate and document the effect of a TASER (“stun gun”) on triacetone triperoxide (TATP), an easily manufactured explosive used often in IEDs and suicide bombing vests…The TATP reacted in 17/17 tests when the TASER arced through the TATP and 0/4 times when the TATP was configured in such a way that the TATP was not subjected to the electrical arc. Based on the experimental data, TATP will readily explode in a variety of configurations by a TASER or similar device.” – The lesson here: don’t tase suspected suicide bombers, it’ll likely end up worse than tasing someone after they’ve been dosed with alcohol-based pepper spray (hint: they immolate).

And this fantastic find from @AdrienneLaF: ‘Complaints @nytimes had about the telegraph in 1858: “superficial, sudden, unsifted, too fast for the truth…”‘ –

BtbI6vZCAAAt8VV

Readings: Gameover Botnet Interview, Memory-Enhancing Implants, Snowpiercer Release

Krebs: Backstage with the Gameover Botnet Hijackers – “Defending a system that is as complex as this one is very hard. Complexity is the enemy of security. I won’t go into specifics, but let’s just say there are examples in the code where they clearly overreacted and introduced features that we could later use against them.” – An interesting lesson in the midst of a great interview, and a lesson that can be applied pretty broadly. Overreaction is an enemy in just about every field I can think of.

Ars Technica: Human memory-saving devices get $37.5m research boost from DARPA – “Both will initially work with people with epilepsy who have been given implants to locate where their seizures originate. The researchers will reuse the data gathered during this process to monitor other brain activity, such as the patterns that occur when the brain stores and retrieves memories.”

Verge: Post-apocalyptic thriller ‘Snowpiercer’ available for download just two weeks after release – ‘He added: “The motto at Radius is ‘a screen is a screen is a screen’ … We’re screen-agnostic, and as consumer habits change, film audiences today are becoming screen-promiscuous. Starting Friday, 85 million-plus consumers will have access to Snowpiercer on VOD. The film will be more widely available than every other film on screen this weekend combined. One way or the other, we’re going to find you somewhere.”‘ – Incredibly smart tactic on their part. Multi-platform releases that focus on accessibility and timeliness are a great step toward a really thriving digital future.