Readings: Rpi Copy-Paste Warning, Printing Memory on Paper, WSJ Hacked

Reddit/thejh: Beware copy/paste from a web page to the (Raspberry Pi) command lineHadn’t thought of this, but a good point.

CEN: Researchers Print Electronic Memory On Paper – “Electronics printed on paper promise to be cheap, flexible, and recyclable, and could lead to applications such as smart labels on foods and pharmaceuticals or as wearable medical sensors. Many engineers have managed to print transistors and solar cells on paper, but one key component of a smart device has been missing—memory.” – Fantastic step forward and, if the war on ubiquitous computing continues, as much of a game-changer as 3D printing processes are to gun control.

Ars Technica: WSJ website hacked, data offered for sale for 1 bitcoin – “The hacker was offering what he claimed was user information and server access credentials that would allow others to “modify articles, add new content, insert malicious content in any page, add new users, delete users, and so on,” Andrew Komarov, chief executive officer of cybersecurity firm IntelCrawl, told The Wall Street Journal.” – SQLi attack, supposedly. Would be interesting to see the results of malicious content served to WSJ readers. Juicier targets and at the same time likely lower-hanging fruit among them given the likelihood that a financier is well-versed in information security.

One of the Lowly

“Becoming belongs to the heights and is full of torment. How can you become if you never are? Therefore you need your bottommost, since there you are. But therefore you also need your heights, since there you become.

To be that which you are is the bath of rebirth. In the depths, being is not an unconditional persistence but an endlessly slow growth. You think you are standing still like swamp water, but slowly you flow into the sea that covers the earth’s greatest deeps, and is so vast that firm land seems only an island imbedded in the womb of the immeasurable sea.”

Carl Jung, “One Of The Lowly,” Liber Novus/Red Book

Readings: BTK and OpSec, Facebook gets fugitive nabbed, Driverless Car Fearmongering

grugq: Don’t Take OPSEC Advice From the Police – “In his letters to police, Rader asked if his writings, if put on a floppy disk, could be traced or not. The police answered his question in a newspaper ad posted in the Wichita Eagle saying it would be safe to use the disk.” – I knew the serial killer known as “BTK” was caught over data found on a disk he had sent in; had no idea it was after he had apparently asked for and received advice from the police on whether it was traceable. (Also, if you’re interested in operational security and similar issues, grugq’s tumblr is a fantastic trove of information.

Ars Technica: On the lam for decades, fugitive’s Facebook account dooms him – ‘US Attorney Melinda Haag’s office in San Francisco said the 61-year-old fugitive was apprehended “after the US Department of State’s Bureau of Diplomatic Security researched social media websites and found Legaspi’s Facebook page. The Royal Canadian Mounted Police used the information to apprehend Legaspi.”‘ – I have no words.

Verge: The FBI is worried driverless cars will be used as bombs

Criminals could use driverless cars to evade law enforcement, shoot cops from the back of the vehicle, and “conduct tasks that require use of both hands or taking one’s eyes off the road which would be impossible today,” according to an internal report obtained by The Guardian. The last concern was outlined in a section called “multitasking.”

Another fear is that criminals will pack a driverless car with explosives and program it to drive itself into a target.

Sigh.

Readings: Cryptolocker Redemption, Third Intel Leaker, WiFi as X-Ray

BBC: Cryptolocker victims to get files back for free – “Now, security firms Fox-IT and FireEye – which aided the effort to shut down the Gameover Zeus group – have created a portal, called Decrypt Cryptolocker, via which any of the 500,000 victims can find out the key to unlock their files.” – Some surprising numbers in there, including the fact that only 1.3% of victims paid up. I would’ve expected it to be higher.

Schneier: The US Intelligence Community has a Third LeakerSchneier has a brief, convincing argument for not just the second leaker being talked about now but a third.

Verge: Robots can use Wi-Fi as X-ray vision – “Their method works by having two autonomous robots make their way around an unknown structure, with one sending a signal off to another. Eventually, the receiver will collect enough data about where the signal is strong and weak to build a two-dimensional picture of what it’s been looking at.” – An interesting idea to come across with the Signal Strength image still in my head. Serious implications for privacy.

Readings: Brazil Gyno Teacher Tests, Open Access Surveillance Oops, Xiaomi Phones Home

Telegraph: Brazil anger over gynaecological tests for teachers – “Women’s rights advocates in Brazil have denounced requirements by the country’s most populous state for prospective female teachers to submit to gynaecological exams or prove their virginity in order to work.” – I have no words.

Forbes: Whoops, Anyone Could Watch California City’s Police Surveillance Cameras – “The cameras used a proprietary mesh protocol to communicate but were not password-protected. Hoffman and Kinsey said that the protocol was fairly easily reverse-engineered and that tapping into the network was then easy, requiring no specialized hardware, and allowing anyone to have a police-eye’s view of the town.” – Police department became aware of the problem, subsequently “secured” the mesh network through WEP encryption…which has been entirely broken for years. This is why we can’t have nice things, Law Enforcement.

TNW: Xiaomi makes its cloud messaging service optional for users following security concerns – “However, a recent report from F-Secure highlighted that the service appears to share a range of information with a server in China — including the device’s IMEI number, customer’s phone number, phone contacts and text messages received. The idea of sharing such data to a server in China, where it could be open to access from the government, naturally raised some concerns, particularly since there was no way to opt out.” – Given that Huawei got blackballed for much less, I wonder if this has closed off the US market to Xiaomi.