Profile cover photo
Profile photo
Sean M
About
Sean's posts

Post has shared content
Dangers of RFID Devices

Malicious actors can scan RFID-enabled products pretty easily and for a relatively small cost. The demo featured here only required several hundred dollars of equipment. Small change if they managed to defraud only a few credit cards.

Thankfully, most RFID credit cards use a one-time security code so a fraudster would only have one chance to use the scanned card. However, other RFID-enabled products, such as identity cards, are unlikely to have similar safeguards protecting your data.

What can you do? Use RFID protection sleeves or wallets. But, don't go cheap and research the market, because there are a lot of bad options being sold. You can also hack together your own protections for cheap.

In fact, contactless cards do offer one security feature traditional cards don't: Along with the card's 16-digit number and expiration date, the cards are set to offer up a one-time CVV code with every scan. Those codes can only be used for one transaction, and have to used in the order they're generated. If a payment processor detects multiple transactions with the same code or even codes being used to make transactions in the wrong order, it will disable the card. So a contactless card scammer can only use each stolen number once, and if the victim of a the scam uses the card again before the thief has time to make a fraudulent payment, all transactions on the card will be blocked.

Post has shared content
Open Observatory of Network Interference (OONI) - Mobile Versions Available

App links in original post.

OONI is a free software project under the Tor Project umbrella, has released "ooniprobe", an Android and iOS app designed to measure internet censorship and performance. Specifically, it runs active tests to

- measure blocking of websites ("web connectivity" test)
- detect middleboxes ("http invalid request line" test)
- measure network speed and performance ("NDT" test)
---- Forwarded message from Simone Basso <bassosimone@gmail.com> ---

Date: Sat, 11 Feb 2017 01:00:40 +0100
From: Simone Basso <bassosimone@gmail.com>
Subject: ooniprobe mobile: Tor project's app to measure censorship and
performance
To: lauren

ROME, Italy - the Open Observatory of Network Interference (OONI), a
free software project under the Tor Project umbrella, has released
"ooniprobe", an Android and iOS app designed to measure internet
censorship and performance. Specifically, it runs active tests to

- measure blocking of websites ("web connectivity" test)
- detect middleboxes ("http invalid request line" test)
- measure network speed and performance ("NDT" test)

The app is the mobile implementation of the ooniprobe tool for Unix like
systems, available since 2012. The web connectivity test uses as input
URL from a test list co-maintained by the OONI project and the
University of Toronto's Citizen's Lab. The engine of the apps,
measurement-kit, is co-developed by OONI and the Nexa Center at Internet
& Society at Politecnico di Torino.

More info here: https://ooni.torproject.org/post/ooni-mobile-app/

Play Store:
https://play.google.com/store/apps/details?id=org.openobservatory.ooniprobe

App Store: https://itunes.apple.com/US/app/id1199566366

Thank you!

--
Simone Basso
https://nexa.polito.it/people/sbasso



Post has attachment
This Humble Bundle covers the spectrum of subjects and "hacks", or creative tinkering.

The Humble Book Bundle: Hacks presented by O'Reilly

Can you hack it? Hack, noun: a short dry cough; a rough or irregular cutting stroke; a usually creative solution to a computer hardware or programming problem or limitation. Well, O'Reilly is back at Humble, and they brought a whole library of creative solutions! Cough sold separately.

Pay $1 or more for_Perl Hacks, BSD Hacks, Mind Hacks, Gaming Hacks, and Kinect Hacks_.

Pay $8 or more and you’ll also get_Baseball Hacks, Car PC Hacks, IRC Hacks, Astronomy Hacks, Raspberry Pi Hacks, Statistics Hacks, and Home Theater Hacks_.

Pay $15 or more for all of that plus_HTML5 Hacks, Excel Hacks 2ed, Retro Gaming Hacks, and SQL Hacks_.

Pay $1 or more. Together, these books would cost over $385. Here at Humble Bundle, though, you name your price of $1 or more!

Read them anywhere. These books are available in PDF, ePUB, and MOBI formats, meaning you can read them anywhere at any time. (Gaming Hacks is only available in ePUB.) Instructions and a list of recommended reading programs can be found here.

Support charity. Choose where the money goes – between the publisher, O'Reilly; MSF (Doctors Without Borders); EFF (Electronic Frontier Foundation); Code for America; and, if you'd like, a fourth charity of your choice via the PayPal Giving Fund. For details on how this works, click here. If you like what we do, you can leave us a Humble Tip too!

Post has attachment
Beware DRM

DRM requires the ability to retrieve decryption keys for protected content. A malicious actor can acquire keys that silently "phone home" and reveal the user's identity.

The linked method is only listed as affecting Windows, but DRM is cross-platform so don't expect to be safe.

Via +Pieterjan Denys​

Post has shared content
Let's see what the Senate does this time... 
The House has passed the Email Privacy Act. Now the fight heads to the Senate.

Post has attachment
Facial Recognition is Getting Creepy/Scary Powerful

This is not restricted to Facebook.

Now imagine you take a selfie in a crowded place. Like an airport or a train station. There are some people walking on the background. Hundreds of them. Some of them facing the camera. Guess what: the Facebook’s AI has just spotted them.

Post has attachment
Rap Back has been advertised by the FBI as an effort to target individuals in “positions of trust,” such as those who work with children, the elderly, and the disabled. According to a Rap Back spokesperson, however, there are no formal limits as to “which populations of individuals can be enrolled in the Rap Back Service.” Civil liberties advocates fear that under Trump’s administration the program will grow with serious consequences for employee privacy, accuracy of records, and fair employment practices.

Post has attachment
Hunting for evidence, Secret Service unlocks phone data with force or finesse

The government needs more of this (technical capability), not backdoors.

At a dedicated phone forensics facility in Tulsa, Okla., the Secret Service breaks into about 40 phones a year that could contain valuable information related to criminal investigations.

(via https://www.schneier.com/blog/archives/2017/02/how_the_us_secr.html )

Post has attachment

Post has attachment
Permanently Enabled DRM in Google Chrome

Let Google know that you want control of your browser experience. Based on the Chromium tracker, it looks like the developers are already considering a way to restore control to users, but let's make sure they hold to that path and make it a priority.

Chromium issue: https://bugs.chromium.org/p/chromium/issues/detail?id=686430

FYI, +Lauren Weinstein​​
Wait while more posts are being loaded