March 31st 2016

There are days that not only change everything about your future, but also how you see everything from the past.

Days that are the start of something brilliantly new and breathtakingly wonderful.

Days where you get to finally see what is truly important, and watch the trivial burn away to nothing.

Days you are genuinely, soulfully happy.

Days you wish would never end.

Today, March 31st, 2016, is that day for me.

Don’t use your 3D printer for secret projects without the radio blasting

If you’re using a 3D printer to prototype your awesome ideas, you better have the radio blasting nearby before the plastic starts flowing.

According to an article on GCN, an amazing discovery by the University of California showed that a basic smartphone could “record the acoustic signals coming from a 3-D printer’s nozzle and reverse-engineer the object being printed.”

The article says the main problem is that “once the process (or 3D printing) starts, emissions produced by the printer create acoustic signals that contain information that can indicate the location of the nozzle” on the printer.

That’s just nuts. You spend months working on a project designing it to perfect spec and finally get to the production stage, only to get it swiped by someone nearby with a open phone line as it prints!

The researchers say professional 3D printers need to “think about ways to jam the acoustic signals, such as a white-noise device”, but for my money, a big speaker blasting industrial music near the 3D printers should be good enough security.

Who knew Ministry and Nine Inch Nails were good for corporate security?

Much ado about nothing : why no law enforcement agency needs a “master backdoor”

The FBI has made no secret recently about their “need” to get into a recent terrorists’ iPhone, and have currently demanded the source code for the entire iPhone system in order to access a particular device as part of their investigation.

Here’s the problem. There’s already a legal system in place for problems like this.

When a law enforcement agency has a warrant, they get the right to obtain the stated information from that specific individual or group that is listed in the warrant. For example, if there is a warrant for John Doe to open the safe in his home, John Doe has to to open the safe in his home. If John Doe refuses to act on a legally served warrant. he is jailed until he does surrender the information and fully complies with the warrant.

There’s no onus on the safe company to provide a master key. There’s no mandate for all homes to have a master key on their deadbolt so warrants can be served. It is the legal obligation of the individual(s) named in the warrant to surrender the specifically stated information to law enforcement or face severe criminal consequences.

Think about how many times you have heard about reporters being jailed for refusing to disclose their sources. How many times informants are jailed for refusing to disclose their sources. There is no trial or judge for these people, and there is no release for them until they disclose what is specifically stated in the warrant. It is a perpetual prison for the individuals that does not end without compliance or a complete overturn of the original warrant.

If the FBI has a warrant to search the terrorist’s phones and they have refused to disclose their password, then the FBI can indefinitely hold the terrorists until they disclose the password needed to access their devices.

So what’s the problem here? Wasn’t that the original intent? Jail these vermin and wait them out.

The problem is too many politicians and knee-jerk reactionaries haven’t thought the reasons a “master password” or “law enforcement backdoor” is like putting a master key for all home deadbolts in place. Sure, a master key will give you the ability to get into any door you want, but then the “oh no, Godzilla!” part is if that master key gets out, it can be used by ANYONE. Anywhere. Anytime. You can’t control who copies it. You can kiss EVERYTHING that master key is attached to goodbye forever.

Like I ranted earlier, there’s no resetting a embedded backdoor and/or “master password” software on systems without “hands on” access. Once it’s out, there’s no way to erase it, no way to change it and no way to block it. Once a master password is out in the open, it’s fair game. To everyone.

Even if the government manages to keep a master password on a For-Your-Eyes-Only-Roger-Moore level, look how often the government itself gets hacked. The IRS. The FBI. Take your pick. Target A-1 is going to be that master password, and whatever hacker finds it will gain peer immortality.

A master password on a mass-produced consumer device is a critical national security risk. This idea needs to die right now.

 

“AFTER THE POST” EDIT: For argument’s sake, let’s say a master password / backdoor does get installed in the iPhone system to “keep us safe”.

  • Does every law enforcement agency get the master password / backdoor? All the way down to the local two-officer town level?
  • Who is to judge the need of an investigation to get the master password / backdoor? Will it be for all investigations? Or just ones of a certain type?
  • How can the use of this master password / backdoor be tied to properly issued warrants and not abused as part of a “fishing” investigation?
  • What happens when a law enforcement individual leaves their employer and enters the private sector? Does their knowledge of this master password / backdoor cease to exist for them? What restrictions could possibly be put in place to ensure they do not use the master password / backdoor for their own benefit?
  • Will this master password / backdoor be shared with foreign countries? If so, how?
  • Can the use of a master password / backdoor to obtain information in a criminal case be used in a civil case?

Spectorsoft is changing their name to VERIATO

Spectorsoft just announced in an email to all their corporate users they are changing their name to VERIATO. 

According to the FAQ on the Spectorsoft website “The company has not been acquired, and there has been no change in control… You will not need to repurchase your software… You will not need to reinstall your software… Your agreement with us does not change once we become Veriato. It is a name change; the legal entity you are doing business with has not changed.”

Looking at their trademark filing history, this has been in the works since July 2015.

 I wonder if this is a re-org to expand services like Google’s recent switch, or if this is a re-classification of business to deal with some international law restricting their software’s service/purpose.