naveen:

The most interesting things I learned at HOPE X.
I attended 2600’s Hackers on Planet Earth (HOPE) conference this past weekend at the Hotel Pennsylvania. This is my third time going – and their tenth time running it since 1994. This was an especially great year with a big turnout, not only because it was the tenth anniversary, but also because big names like Ellsberg and Snowden spoke there, the latter via video conference. The biggest talks were so packed that not only was it standing-room-only in the main halls, but the overflow rooms were too. Here are few things I learned.
Some halal carts in NYC are said to be fitted with surveillance devices. “Twelve halal carts in NYC are said to actually be undercover surveillance apparatus: recording, and tracking wifi/ez pass signals - #hopex”
Black-bag cryptanalysis is the name given to burglary via some trojan horse installed on a target device (or a device to which the target is connected). In the case of a mobile phone, it could mean an attack via some spoofed charger that is used to get malware onto your phone or your apps. Think about that the next time you plug your iPhone into a hotel’s alarm/speaker kit. This is why with newer releases of iOS, you’ll notice a “Trust the currently connected computer?” alerts every time you plug it into something that is asking for full data.
There are numerous backdoors and potential surveillance loopholes on iOS, like the packet scanner, pcapd, which runs by default on all devices. It is said that perhaps these are for diagnostics and trouble-shooting purposes, but the author took a different view and wrote it all up in a paper and a talk.
There was a funny “How to Rickroll the Chromecast” talk. The idea is to deauth the existing WiFi connection on a Chromecast and let it become its own hotspot to which your rogue device sends commands (the, *ahem*, Rickmote Controller). Then have it play Astley’s ‘Never Gonna Give You Up’ video. The whole prank is a great hat tip to Wozniak’s TV jammer box.
PGP is still too hard for normal people and probably other types of connections too beyond just “am I connected via HTTPS?”. When Snowden was trying to communicate with Glenn Greenwald, Glenn couldn’t figure out how to read the encrypted email. So, of course, Snowden made a HOWTO video.
IMSI-catchers are probably more numerous around the world than one thinks. It allows for a man-in-the-middle attack by essentially acting as a fake mobile tower. It not only allows one to log IMSI numbers as they go by (and how many times one is in the area), but force a mobile phone connected to it to make calls without encryption (thereby, allowing one to record the raw audio). In fact, I just realized that the femtocell that I have at home to give me more bars on AT&T has an IMSI whitelist to let only known phones on. It no doubt easily knows everyone else that’s in the room at any time too.
We are at an intersection of two languages: legalese and technology. And if you’re going to “poke the bear” (either play around in or work in this space), you’d better full well understand both. A lot of the big talks weren’t too technical in nature but actually touch more upon the language and interpretation of law. What is privacy and what things are private and what things aren’t and who should say what is and what isn’t?

naveen:

The most interesting things I learned at HOPE X.

I attended 2600’s Hackers on Planet Earth (HOPE) conference this past weekend at the Hotel Pennsylvania. This is my third time going – and their tenth time running it since 1994. This was an especially great year with a big turnout, not only because it was the tenth anniversary, but also because big names like Ellsberg and Snowden spoke there, the latter via video conference. The biggest talks were so packed that not only was it standing-room-only in the main halls, but the overflow rooms were too. Here are few things I learned.

Some halal carts in NYC are said to be fitted with surveillance devices. “Twelve halal carts in NYC are said to actually be undercover surveillance apparatus: recording, and tracking wifi/ez pass signals - #hopex

Black-bag cryptanalysis is the name given to burglary via some trojan horse installed on a target device (or a device to which the target is connected). In the case of a mobile phone, it could mean an attack via some spoofed charger that is used to get malware onto your phone or your apps. Think about that the next time you plug your iPhone into a hotel’s alarm/speaker kit. This is why with newer releases of iOS, you’ll notice a “Trust the currently connected computer?” alerts every time you plug it into something that is asking for full data.

There are numerous backdoors and potential surveillance loopholes on iOS, like the packet scanner, pcapd, which runs by default on all devices. It is said that perhaps these are for diagnostics and trouble-shooting purposes, but the author took a different view and wrote it all up in a paper and a talk.

There was a funny “How to Rickroll the Chromecast” talk. The idea is to deauth the existing WiFi connection on a Chromecast and let it become its own hotspot to which your rogue device sends commands (the, *ahem*, Rickmote Controller). Then have it play Astley’s ‘Never Gonna Give You Up’ video. The whole prank is a great hat tip to Wozniak’s TV jammer box.

PGP is still too hard for normal people and probably other types of connections too beyond just “am I connected via HTTPS?”. When Snowden was trying to communicate with Glenn Greenwald, Glenn couldn’t figure out how to read the encrypted email. So, of course, Snowden made a HOWTO video.

IMSI-catchers are probably more numerous around the world than one thinks. It allows for a man-in-the-middle attack by essentially acting as a fake mobile tower. It not only allows one to log IMSI numbers as they go by (and how many times one is in the area), but force a mobile phone connected to it to make calls without encryption (thereby, allowing one to record the raw audio). In fact, I just realized that the femtocell that I have at home to give me more bars on AT&T has an IMSI whitelist to let only known phones on. It no doubt easily knows everyone else that’s in the room at any time too.

We are at an intersection of two languages: legalese and technology. And if you’re going to “poke the bear” (either play around in or work in this space), you’d better full well understand both. A lot of the big talks weren’t too technical in nature but actually touch more upon the language and interpretation of law. What is privacy and what things are private and what things aren’t and who should say what is and what isn’t?

Hello, Fast Forward Labs!

fastforwardlabs:

I’m very pleased to introduce Fast Forward Labs.

Fast Forward Labs is an independent data technology research lab. We focus on taking technologies that are just becoming possible, and making them useful.

We believe that the existing research structures are failing in 2014. We offer companies…


“We are living in a culture entirely hypnotized by the illusion of time, in which the so-called present moment is felt as nothing but an infinitesimal hairline between an all-powerfully causative past and an absorbingly important future. We have no present. Our consciousness is almost completely preoccupied with memory and expectation. We do not realize that there never was, is, nor will be any other experience than present experience. We are therefore out of touch with reality. We confuse the world as talked about, described, and measured with the world which actually is. We are sick with a fascination for the useful tools of names and numbers, of symbols, signs, conceptions and ideas.”
-Alan Watts


“We are living in a culture entirely hypnotized by the illusion of time, in which the so-called present moment is felt as nothing but an infinitesimal hairline between an all-powerfully causative past and an absorbingly important future. We have no present. Our consciousness is almost completely preoccupied with memory and expectation. We do not realize that there never was, is, nor will be any other experience than present experience. We are therefore out of touch with reality. We confuse the world as talked about, described, and measured with the world which actually is. We are sick with a fascination for the useful tools of names and numbers, of symbols, signs, conceptions and ideas.”

-Alan Watts

(Source: illuminatizeitgeist, via msg)

cloudyskiesandcatharsis:

Lovely Literary Art Prints featuring quotes By Famous Authors by Evan Robertson

thelushbunny:

#814 - “Indeed our hearts are golden treasures, but a true tragedy would be to conceal your inner gold because you are afraid of someone stealing it or it falling and breaking. There is no love in fear. The great wisdom of the ages always tells us the more we Love the more of it you receive. Love is not a giving or a taking, it is a state of being - a one way street of allowing, accepting and holding a space for all things to be exactly as they are.  Fear not that your heart will be broken or stolen. Love becomes love. Give it away with no exception of return and soon you will be having a love affair with the whole world.” — Jackson Kiddard

thelushbunny:

#814 - “Indeed our hearts are golden treasures, but a true tragedy would be to conceal your inner gold because you are afraid of someone stealing it or it falling and breaking. There is no love in fear. The great wisdom of the ages always tells us the more we Love the more of it you receive. Love is not a giving or a taking, it is a state of being - a one way street of allowing, accepting and holding a space for all things to be exactly as they are.  Fear not that your heart will be broken or stolen. Love becomes love. Give it away with no exception of return and soon you will be having a love affair with the whole world.” — Jackson Kiddard

Stop acting like the president takes an oath to keep us safe, when his job is to protect and defend the Constitution. Doing so keeps the American project safe. Past generations fought monarchies, slaveholders, and Nazis to win, expand, and protect that project. And we’re so risk-averse — not that we’re actually minimizing risk — that we’re “balancing” the very rights in our Constitution against a threat with an infinitesimal chance of killing any one of us? That makes about as much sense as the 5,000 American lives lost when the same ruling class that built the national-security state found it prudent to preempt a perceived threat from Iraq. And we still trust them?
http://www.theatlantic.com/politics/archive/2013/06/all-the-infrastructure-a-tyrant-would-need-courtesy-of-bush-and-obama/276635/ (via factoidlabs)

Join the Fight (EFF)

gregcohn:

We’re asking individuals to email Congress right away to tell them in the strongest possible terms that you do not consent to dragnet domestic surveillance. Tell your elected officials that you object to this mass domestic spying program. Demand that they initiate a full-scale, public investigation immediately with the results of the investigation made public as much as possible. Demand that the public officials responsible for this program are held to account. Click here to speak out now.

a shield can shelter and protect. moved with great force, it can also crush, or - edgewise - cleave. make fewer assumptions.

opal: Sample Graph Traversal Patterns in Opal

losangelesindustries:

Over the course of our work on Opal, there have been a few graph traversal patterns that have shown themselves to be repeatably useful. While these will not likely be generalizable to all domains, they map well to our current data set and its modeling within the graph.

The key patterns that will…

(Source: losangelesindustries)

Identity at Mozilla: Persona is distributed. Today.

mozidentity:

With Persona, you can log into web sites using the email address of your choice. The first time you use an email, our servers send you a confirmation link. By following that link, you confirm your identity to Persona, which then vouches for your ownership of that email address.

Of course, in the…