Author: m1k3y

What this means is that if provided a valid username/password pair by Google, law enforcement agencies can gain access to an Android device that is protected with a screen unlock pattern. As I understand it, this assistance takes the form of two password changes: one to a new password that Google shares with law enforcement, followed by another that Google does not share with the police. This second password change takes place sometime after law enforcement agents have bypassed the screen unlock, which prevents the government from having ongoing access to new email messages and other Google account-protected content that would otherwise automatically sync to the device.

It is my understanding, based on discussions with individuals who are familiar with Google’s law enforcement procedures, that the company will provide assistance to law enforcement agencies seeking to bypass screen unlock patterns, provided that the cops get the right kind of court order. The company insists on an anticipatory warrant, which the Supreme Court has defined as “a warrant based upon an affidavit showing probable cause that at some future time, but not presently, certain evidence of crime will be located at a specific place.”

Although a regular search warrant might be sufficient to authorize the police to search a laptop or other computer, the always-connected nature of smartphones means that they will continue to receive new email messages and other communications after they have been seized and searched by the police. It is my understanding that Google insists on an anticipatory warrant in order to cover emails or other communications that might sync during the period between when the phone is unlocked by the police and the completion of the imaging process (which is when the police copy all of the data off of the phone onto another storage medium).

Of the three screen lock methods available on Android (pattern, PIN, password), Google only offers a username/password based bypass for the pattern lock. If you’d rather that the police not be able to gain access to your device this way (and are comfortable with the risk of losing your data if you are locked out of your phone), I recommend not using a pattern-based screen lock, and instead using a PIN or password.

However, it’s important to understand that while locking the screen of your device with a PIN or password is a good first step towards security, it is not sufficient to protect your data. Commercially available forensic analysis tools can be used to directly copy all data off of a device and onto external media. To prevent against such forensic imaging, it is important to encrypt data stored on a device.

Since version 3.0 (Honeycomb) of the OS, Android has included support for full disk encryption, but it is not enabled by default. If you want to keep your data safe, enabling this feature is a must.

Unfortunately, Android currently uses the same PIN or password for both the screen unlock and to decrypt the disk. This design decision makes it extremely likely that users will pick a short PIN or password, since they will probably have to enter their screen unlock dozens of time each day. Entering a 16-character password before making a phone call or obtaining GPS directions is too great of a usability burden to place on most users.

Using a shorter letter/number PIN or password might be good enough for a screen unlock, but disk encryption passwords must be much, much longer to be able to withstand brute force attacks. Case in point: A tool released at the Defcon hacker conference this summer can crack the disk encryption of Android devices that are protected with 4-6 digit numeric PINs in a matter of seconds.

Hopefully, Google’s engineers will at some point add new functionality to Android to let you use a different PIN/password for the screen unlock and full disk encryption. In the meantime, users who have rooted their device can download a third-party app that will allow you to choose a different (and hopefully much longer) password for disk encryption.

Keeping the Government Out of Your Smartphone
Read more

I don’t have a map here to look at the geography, but the border between Israel and the West Bank is obviously right there, right next to Tel Aviv, which is the financial capital, the industrial capital of Israel, the center of Israel. It’s—what the border would be? Maybe seven miles from Tel Aviv to what would be the West Bank…The other side of the West Bank, the other side of what would be this new Palestinian state would either be Syria at one point, or Jordan. And of course the Iranians would want to do through the West Bank exactly what they did through Lebanon, what they did near Gaza. Which is that the Iranians would want to bring missiles and armament into the West Bank and potentially threaten Israel. So Israel of course would have to say, “That can’t happen. We’ve got to keep the Iranians from bringing weaponry into the West Bank.” Well, that means that—who? The Israelis are going to patrol the border between Jordan, Syria, and this new Palestinian nation? Well, the Palestinians would say, “Uh, no way! We’re an independent country. You can’t, you know, guard our border with other Arab nations.” And now how about the airport? How about flying into this Palestinian nation? Are we gonna allow military aircraft to come in and weaponry to come in? And if not, who’s going to keep it from coming in? Well, the Israelis. Well, the Palestinians are gonna say, “We’re not an independent nation if Israel is able to come in and tell us what can land in our airport.” These are problems—these are very hard to solve, all right? And I look at the Palestinians not wanting to see peace anyway, for political purposes, committed to the destruction and elimination of Israel, and these thorny issues, and I say, “There’s just no way.”

SECRET VIDEO: On Israel, Romney Trashes Two-State Solution | Mother Jones
Read more

“Someone also swatted my house,” he tells me, smiling. “It happens a lot to me. Well, the SWAT team was only once at my house, but lots of time with the local police department.” Swatting is a vicious prank where a hacker uses an internet call system to report a hostage situation, which scrambles local law enforcement to the victim’s doorstep.

“Through AOL, you can use AT&T Relay to call the SWAT. It’s for handicapped people. You have to sign up, but it’s easy to sign up. You just instant message the username AT&T Relay and then 911. They ask what’s your location, the emergency. That’s what they did to me. That’s what they did to my school too, because there’s less ways of getting caught.”

Cosmo shrugs at this, like it’s all perfectly normal stuff for a teenage boy. And the thing is, in 2012, it is perfectly normal for a bored teenage boy on the edge of delinquency. Instead of egging cars and swinging bats at mailboxes, he’s breaking into e-mail accounts.

Cosmo got into hacking via online gaming. He grew up on Xbox, and played others online competitively. One day, he was knocked offline mid-match, forfeiting the game. He discovered that this was done via a simple trick, where one gamer turns a script on his opponent’s IP address. He began using this same tactic himself. It was easy and required nothing more than off-the-shelf programs, like Cain and Able. It was a veil lifted.

Cosmo, the Hacker ‘God’ Who Fell to Earth | Gadget Lab | Wired.com
Read more

tribeofthestrange:

“I am not the God of your fathers. I am the hidden stone which breaks all hearts. We have to break your heart to let the light out.

(Gnostic Jesus, recounted in Grant Morrison’s Supergods, p.282)

Read more