NSA whistleblower: No software is ‘safe from surveillance’

A former NSA official said the agency has "more resources" for surveillance than the average user can ever hope to defend against.

William Binney doesn’t have a membership card to the small group of which he’s a part — people who have spoken out against the National Security Agency, and been left relatively unscathed — but at least he has the next best thing, a valid passport.

The former National Security Agency official, who spent three decades of his life in espionage — and is said to have been one of the reasons why Edward Snowden took and handed thousands of classified documents to journalists two years ago — still talks about his time in the intelligence community.

“The biggest threat to US citizens is the US government,” said Binney in a Reddit “ask me anything” session.

Which in itself would be a bold claim if it weren’t for the most recent revelations, which we can thank his whistleblowing “successor” for.

The NSA, once called the “No Such Agency” for its clandestine and secretive operations, has been embroiled in a string of intelligence-gathering and law-bending practices that have not only ensnared much of the world’s communications, but also the data belonging to Americans — the same people the agency is tasked with protecting.

One of those operations included developing cyberweapons based on hardware and software security vulnerabilities.

“I don’t think any software is safe from surveillance,” said Binney, in response to a question about free and open-source operating systems and software, such as Linux.

A few days earlier, the NSA, known for exploiting vulnerabilities in software, said in more than 90 percent of cases it would disclose flaws, with the exception of when “national security reasons” outweigh the public good. The NSA did not say when it would disclose those flaws, however, leaving open the possibility that they are used before they are turned over to be fixed.

Binney’s comments run contrary to how many see, in particular, open-source software, which many regard as more secure than closed-off systems, like Windows.

Ladar Levison, founder of Lavabit, the encrypted email service said to have been used by Snowden prior to his departure from the US, said in phone conversation earlier this year that although he distrusts some US software, “you don’t have to distrust everything.”

“The true problem is that you don’t know what can be trusted and what can’t. I personally find myself seeking open platforms, systems, and tools, where I can go in and look — or at least if not myself, one of my peers,” he said.

Other open-source developers, like Cryptocat developer Nadim Kobeissi, have also said that open-source code makes it near-impossible to include backdoors.

To read more and the full story follow this link to ZD Net.

WIFI Alliance Introduces 802.11ah

For the last decade or so, wireless networking has been entirely about short range, high speed communications. The type of networking needed by an Internet of things is fundamentally incompatible with WiFi, and the reason for this is due to the frequencies used by WiFi networking gear. 2.4 and 5 GHz are very fast, but cannot penetrate through walls as easily as lower frequencies.

This week the WiFi alliance introduced IEEE 802.11ah into the WiFi spec. It’s called WiFi HaLow (pronounced like angel’s headwear), and unlike other versions of 802.11, WiFi HaLow uses low frequencies for low bandwidth but a much larger range.

WiFi HaLow uses the 900 MHz ISM band to communicate, divided into 26 channels. The bandwidth is low – a mere 100 kbps, but the range is huge: one kilometer, or about four times the approximate range of 802.11n.

This is not the only WiFi spec aimed at the Internet of Things. In 2014, the WiFi alliance introduced 802.11af, a networking protocol operating in unused TV whitespace spectrum between 54 and 790 MHz. 802.11af has a similar range as 802.11ah – about one kilometer – but products and chips utilizing 802.11af have been rare and hard to find.

For more information and the original story follow this link hackaday.com

Chinese Marketing Firm Spreads Adware to Promote Its App Portfolio

A Chinese company that markets itself as a mobile app promoter has been cheating its clients by deploying adware to install their apps on unsuspecting victims.

The company, named NGE Mobi/Xinyinhe, activating in China and Singapore, has been using popular apps, repackaged with the malicious adware code, which it distributes through unofficial Android app stores.

When users install these apps on their smartphones, the adware comes to life, collects information about the device, sends it to a C&C server, and then waits for new commands.

The adware can gain root access and boot persistence

When the server answers, the app moves to install a root backdoor and a series of system daemons that allow it to survive system reboots.

Here is where the fun begins, because once the adware is firmly implanted on the victim’s phone, it starts serving apps and ads, all from NGE Mobi/Xinyinhe’s portfolio.

As FireEye found out in their research, most of the times pornographic apps and ad interstitials are displayed on the user’s home screen, all harmless but very annoying.

Currently, the adware has been found on Android versions ranging from 2.3.4 to 5.1.1. with the most infected users in countries like Russia, China, Brazil, Argentina, Egypt, Spain, France, Germany, Sweden, Norway, Saudi Arabia, Indonesia, India, the UK, and the US.

The NGE adware campaign was first observed in August and has grown at a constant pace ever since.

The adware can be hijacked to deliver more dangerous malware

What’s even worse, as FireEye researchers point out, is that the adware’s creators were extremely careless when they put together the malicious code.

Because the C&C server communications are carried out via blind HTTP channels, a second attacker could easily intercept these transmissions.

Since the adware gains root privileges and boot persistence over all infected devices, another attacker could use this to serve much more dangerous apps compared to silly adult apps and ads.

The first example that comes to mind is when the second attacker adds infected phones to a botnet and uses them to carry out DDOS attacks. Worse scenarios are when attackers decide to go snooping through your private pictures or install ransomware on your phone.

For more information and more photos follow this link to Softpedia

Yes, the FCC might ban your operating system

prpl.works

Over the last few weeks a discussion has flourished over the FCC’s Notification of Proposed Rule Making (NPRM) on modular transmitters and electronic labels for wireless devices. Some folks have felt that the phrasing has been too Chicken-Little-like and that the FCC’s proposal doesn’t affect the ability to install free, libre or open source operating system. The FCC in fact says their proposal has no effect on open source operating systems or open source in general. The FCC is undoubtedly wrong.

I want to make something entirely clear: I believe the FCC has the best of intentions. I believe they want to protect the radio spectrum and implement the E-LABEL Act as required by Congress. I believe they want to protect innovation in the technology industry. I also believe that their proposal harms innovation, endangers the free, libre and open source community and is generally anti-user.

View original post 3,946 more words

Boeing’s laser hunts for drones

Boeing's compact laser weapons system disables a moving, untethered unmanned aerial vehicle in a test on August 3, 2015. Credit: Boeing

Boeing’s portable drone-destroying laser system is one step closer to the battlefield after a recent test.

Earlier this month in California, Boeing’s second-generation, compact-laser weapons system disabled a moving, untethered drone. That’s important because enemies can easily acquire commercially available drones — also known as unmanned aerial vehicles (UAVs) — and use them to deliver explosives or perform reconnaissance. 

Using a laser of up to two kilowatts, the weapons system can focus on a target located at a tactical distance up to “many hundreds of meters“ away, according to a Boeing video of the technology. 

It took only a few seconds for the drone to ignite and crash. The laser is typically aimed at the tail of the drone because, once that section of the drone is disabled, it becomes impossible to control the drone, according to Dave DeYoung, director of laser and electro-optical systems at Boeing.

Boeing's two-kilowatt compact laser weapons system is fired at a target in a lab causing it to almost instantly ignite in a test on August 26, 2015.

Sometimes it doesn’t make sense to fire a missile, which may range in cost from $30,000 to $3 million, at a drone that may cost a few thousand dollars, he said in an interview.

It costs “a couple of dollars” for each firing of the new laser weapons system, he said. 

“It’s not an either-or situation,” he said. “There will be instances when missiles make sense.”

One of the drawbacks of using lasers, DeYoung said, is that light, unlike a missile, keeps going. The Boeing weapon uses a safeguard to make sure there is a clear line of sight both to and beyond the target. 

For more information and the original story plus more images and a video follow this link to Computerworld.

New Android Malware Sprouting Like Weeds

Information stored on an Android smartphone or tablet is vulnerable to almost 4,900 new malware files each day, according to a report G Data SecurityLabs released Wednesday.

Cybercriminals’ interest in the Android operating system has grown, the firm’s Q1 2015 Mobile Malware Report revealed.

“The report suggests that Android devices are becoming a bigger target for the bad guys and more profitable than in previous years,” said Andy Hayter, security evangelist for G Data.

The number of new malware samples in the first quarter increased 6.4 percent (440,267) from the fourth quarter of last year (413,871). The number of malware strains rose by 21 percent compared with the first quarter of 2014 (316,153).

More than 2 million new Android malware strains are likely to surface this year, G Data security predicted.

Just the Start

The 2 million figure is very realistic, due to the increasing use of Android devices for banking and shopping online, G Data suggested.

“The report shows that the OS has a bigger market share than the others, and thus is more interesting to security researchers and malware authors alike. Also, a lot of vendors offer Android devices varying in quality standards, but that is not a problem of the OS itself, but rather of the vendor in question,” Hayter told LinuxInsider.

Google introduced premium SMS Checks last year. After that, the malware models started to spread out, he noted.

“Before that time there were a few very active malware families, such as SMS FakeInstaller,” Hayter said. “Since then there are lots of small families.”

Financially Motivated

At least 41 percent of consumers in Europe and 50 percent in the U.S. use a smartphone or tablet for their banking transactions. Plus, 78 percent of Internet users make purchases online.

The new malware files have a financial foundation, according to the G Data report. At least half of all Android malware now in circulation includes banking Trojans, SMS Trojans and similar malware components.

The actual percentage of malware-infected Android apps easily could be higher, the researchers warned. They only studied malware with a direct financial purpose — many other types of cases might exist.

For example, a malware program might install apps or steal credit card data as an additional process after a payment is made. Because that type of malware would not seem to be financially motivated, it would not have been included in the report’s statistics.

Thin Dividing Line

Free Android apps offer particularly attractive attack vectors to cybercriminals. Many apps, especially free apps, rely on advertising to fund their development.

Bad apps can hide themselves in the background or conceal functions from users. Bad apps also can send legitimate apps’ data to additional advertising networks.

Apps that do such things — like programs running on PC OSes — are called “Potentially Unwanted Programs,” or PUPs. The report categorizes such apps as adware, noting that they often hide in manipulated or fake apps that are installed from sources other than the Google Play Store.

Malware Magnet

Android is a derivative of Linux, an operating system generally considered less likely to be targeted by viruses and malware. However, Android is less rigorous and less secure than other mobile platforms, said Rob Enderle, principal analyst at the Enderle Group.

“There is much more sideloading, which means there is a far easier path to getting viruses on Android devices than any other mobile platform,” he told LinuxInsider.

Google historically has been less focused on security and customer satisfaction than firms that are more closely tied to user revenue, Enderle said. Another reason for Android’s vulnerability is that mobile platforms generally don’t run security software.

Historically, they have been somewhat protected because of their tight ties to curated stores, “but now that smartphones have PC-like performance, they are becoming a magnet for malware,” noted Enderle.

“Google’s lack of focus on this problem, reminiscent of Microsoft’s similar mistake in the late 1990s — which resulted in their having to rethink their OS and create Windows XP — has created a massive exposure for Android users,” he said.

To read more follow this link to Linux Insider.

Power beamed to camera via ambient wi-fi signals

The power beaming system used modified wi-fi routers and hubs

Wi-fi signals have been used to beam power to a surveillance camera.

The battery-free camera was modified so it could scavenge power from ambient wi-fi signals, store it and then use it to take photos.

The experiment was one of several by US researchers looking at ways to use wi-fi as a power source.

The team behind the project believes its techniques will be useful for powering the many devices expected to form the “internet of things”.

Adding noise

The system, known as power-over-wi-fi, has been developed by PhD student Vamsi Talla and colleagues at the Sensor Systems Lab at the University of Washington in Seattle.

The team realised that the energy contained in ambient wi-fi signals that are now ubiquitous often came close to the operating voltages required by a variety of low power devices.

Unfortunately, because wi-fi signals are broadcast in bursts across different frequencies the required amount of energy was only available too intermittently to be useful.

To fix this, the research team modified standard wi-fi hotspots and routers to broadcast noise when a channel was not being used to send data. This meant the power of the wi-fi signals stayed constant and, though low, was high enough to power some components.

Adding the noise did little to slow data rates across hotspots, said the team.

The team used the power beaming system to run a temperature sensor and a small surveillance camera that both sat several metres away from a wi-fi hotspot.

The low-power camera gathered energy from wi-fi and stored it in a capacitor that prompted the camera to take a picture when it was charged. By leaching off the ambient radio signals, the camera gathered enough energy every 35 minutes to take a snap.

In a paper detailing their work, Mr. Talla and colleagues said it had the potential to help power the small, low-power sensors and actuators that are expected to become common in homes and workplaces as part of the internet of things.

“The ability to deliver power wirelessly to a wide range of autonomous devices and sensors is hugely significant,” said a story about the research in MIT’s Technology Review. ” Powi-fi could be the enabling technology that finally brings the internet of things to life.”

Please follow this link to BBC News for the original story.

Compact light source improves CT scans

The Compact Light Source by Palo Alto-based Lyncean Technologies Inc. generates X-rays suitable for advanced tomography. The car-sized device is a miniature version of football-field-sized X-ray generators known as synchrotrons and it emerged from basic research at SLAC in the late 1990s and early 2000s.
Credit: Lyncean Technologies Inc.

A new study shows that the recently developed Compact Light Source (CLS) — a commercial X-ray source with roots in research and development efforts at the Department of Energy’s SLAC National Accelerator Laboratory — enables computer tomography scans that reveal more detail than routine scans performed at hospitals today. The new technology could soon be used in preclinical studies and help researchers better understand cancer and other diseases.

With its ability to image cross sections of the human body, X-ray computer tomography (CT) has become an important diagnostic tool in medicine. Conventional CT scans are very detailed when it comes to bones and other dense body parts that strongly absorb X-rays. However, the technique struggles with the visualization and distinction of “soft tissues” such as organs, which are more transparent to X-rays.

“Our work demonstrates that we can achieve better results with the Compact Light Source,” says Professor for Biomedical Physics Franz Pfeiffer of the Technical University of Munich in Germany, who led the new study published April 20 in the Proceedings of the National Academy of Sciences. “The CLS allows us to do multimodal tomography scans — a more advanced approach to X-ray imaging.”

More than One Kind of Contrast

The amount of detail in a CT scan depends on the difference in brightness, or contrast, which makes one type of tissue distinguishable from another. The absorption of X-rays — the basis for standard CT — is only one way to create contrast.

Alternatively, contrast can be generated from differences in how tissues change the direction of incoming X-rays, either through bending or scattering X-ray light. These techniques are known as phase-contrast and dark-field CT, respectively.

“Organs and other soft tissues don’t have a large absorption contrast, but they become visible in phase-contrast tomography,” says the study’s lead author, Elena Eggl, a researcher at the Technical University of Munich. “The dark-field method, on the other hand, is particularly sensitive to structures like vertebrae and the lung’s alveoli.”

Shrinking the Synchrotron

However, these methods require X-ray light with a well-defined wavelength aligned in a particular way — properties that conventional CT scanners in hospitals do not deliver sufficiently.

For high-quality phase-contrast and dark-field imaging, researchers can use synchrotrons — dedicated facilities where electrons run laps in football-stadium-sized storage rings to produce the desired radiation — but these are large and expensive machines that cannot simply be implemented at every research institute and clinic.

Conversely, the CLS is a miniature version of a synchrotron that produces suitable X-rays by colliding laser light with electrons circulating in a desk-sized storage ring. Due to its small footprint and lower cost, it could be operated in almost any location.

“The Large Hadron Collider at CERN is the world’s largest colliding beam storage ring, and the CLS is the smallest,” says SLAC scientist Ronald Ruth, one of the study’s co-authors. Ruth is also chairman of the board of directors and co-founder of Palo Alto-based Lyncean Technologies Inc., which developed the X-ray source based on earlier fundamental research at SLAC. “It turns out that the properties of the CLS are perfect for applications like tomography.”

More Modes, Finer Detail

In the recent study, the researchers reported the first “multimodal” CT scan with the CLS: They recorded all three imaging modes — absorption, phase contrast and dark field — at the same time. Using a total of 361 two-dimensional X-ray images of an infant mouse taken from different directions, the scientists generated cross-section images of the animal.

“The absorption images only show bones and air-filled organs,” Eggl says. “However, the phase-contrast and dark-field images reveal much more detail, showing different organs such as the heart and liver. We can even distinguish different types of fat tissue, which is not possible with absorption-based CT scans.”

Using a standard sample of chemically well-defined liquids, the scientists also demonstrated that they could not only visualize but also quantify differences in their properties — information that can be applied to various body tissues and that is only obtained when combining all three tomography modes.

Implications for Cancer, Materials

The success of this research, which was done on a CLS prototype, has led to the commissioning of the first commercial device.

The researchers’ next goal is to use the CLS for phase-contrast and dark-field CT in preclinical studies — an approach that could help visualize cancer. “We work closely together with two clinics to study tumors,” Eggl says. “One of our plans is to image breast tissue samples and also entire breasts after mastectomy to better understand the clinical picture of breast cancer.”

Besides medical applications, multimodal tomography could also open up new possibilities in materials science, for instance, in studies of extremely durable and light-weight carbon fibers and other fibrous materials, where the X-ray absorption contrast provides little information.

Please follow this link to Science Daily for the original story.

For vast majority of seniors who own one, a smartphone equals ‘freedom’

When it comes to tech adoption, seniors generally lag behind their younger counterparts. But for Americans ages 65 and older who own a smartphone, having one in their pocket is a liberating experience.

Asked if they feel that their phone represents “freedom” or “a leash,” 82% of smartphone-owning seniors described their phone as freeing, compared with 64% of those ages 18 to 29. By contrast, 36% of adult smartphone owners under the age of 30 described their phone as a leash, double the 18% of adults ages 65 and older who chose this term to describe their phone.

Similarly, when asked to describe their smartphone as “connecting” or “distracting,” older users are significantly more likely to choose “connecting” as the best descriptor. On the other hand, younger smartphone users are twice as likely as older adults to view their phone as “distracting” (37% vs. 18%).

Our survey did not directly ask why users chose the terms that they did, but differences in usage patterns may play a role. Younger adults tend to use their phones for a far wider range of purposes (especially social networking and multimedia content) and are much more likely to turn to their phone as a way to relieve boredom and to avoid others around them.

Older adults, by contrast, tend to use their phones for a narrower range of purposes – especially basic communication functions such as voice calling, texting and email. For young adults, smartphones are often the device through which they filter both the successes and annoyances of daily life – which could help explain why these users are more likely to report feeling emotions about their phone ranging from happy and grateful to frustrated or angry during a weeklong survey.

It is true, overall, that older Americans are less likely to be online, have broadband at home or own a mobile device. The same applies to smartphones: Only a quarter (27%) of adults ages 65 and older own them, compared with 85% of 18- to 29-year-olds, according to a Pew Research Center report released earlier this month.

A previous Pew Research study found that lower adoption rates of new technologies are often related to barriers seniors face when adopting them. These include medical conditions that make it difficult for older Americans to use certain technologies or devices. Skepticism about the benefits of technology and lack of digital literacy are other deterrents cited by older adults.

But that’s not to say older Americans aren’t broadening their digital experiences. In 2014, for the first time, more than half of online seniors indicated that they use Facebook: 56% of online adults ages 65 and older do so, up from 45% a year earlier. Internet use and broadband adoption continue to climb among older adults, and although there remains a wide age gap in smartphone ownership, the proportion of older adults who own a smartphone has increased by 8 percentage points since early 2014. Plus, older Americans who are internet adopters tend to have highly positive attitudes about the impact of online access on their lives, including the access that smartphones give them.

For more information and the original story follow this link to Pew Research Center.

A New High-Speed MRI Technique Is Fast Enough To Record Someone Singing

It’s a remarkable technology capable of looking inside a human being, but magnetic resonance imaging—or MRI—machines are finicky and require a patient to remain absolutely still while it does its thing. But researchers at the University of Illinois have found a way to capture up to 100 frames per second on an MRI machine allowing them to record patients in motion.

The need for a faster MRI technique arose when a faculty member at the University of Illinois’ Beckman Institute for Advanced Science and Technology wanted to study how the muscles of the larynx worked in elderly patients while singing, in an attempt to help give them more powerful and pronounced voices. The problem with using MRI machines was that they could only capture images at around ten frames per second which was far too slow to study what was going on with the 100 or so muscles required to sing.

So Zhi-Pei Liang, an electrical and computer engineering professor at the institute, worked with his team to develop a new methodology to extract more frames from an MRI machine—which is a far cheaper solution than trying to rebuild and redesign one of the incredibly expensive devices from the ground up. Here’s how the new technique they came up with is described in an issue of Magnetic Resonance in Medicine:

An imaging method is developed to enable high-speed dynamic speech imaging exploiting low-rank and sparsity of the dynamic images of articulatory motion during speech. The proposed method includes: (a) a novel data acquisition strategy that collects spiral navigators with high temporal frame rate and (b) an image reconstruction method that derives temporal subspaces from navigators and reconstructs high-resolution images from sparsely sampled data with joint low-rank and sparsity constraints.

To read the full story and for more information please follow this link to Gizmodo.