Doomstead Diner Newz Channels => Cyber Security => Topic started by: RE on February 16, 2016, 07:05:37 PM

Title: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on February 16, 2016, 07:05:37 PM
http://appleinsider.com/articles/16/02/16/judge-orders-apple-to-access-iphone-belonging-to-san-bernadino-shooter (http://appleinsider.com/articles/16/02/16/judge-orders-apple-to-access-iphone-belonging-to-san-bernadino-shooter)

Judge orders Apple to access iPhone belonging to San Bernadino shooter

By Mikey Campbell   
Tuesday, February 16, 2016, 05:39 pm PT (08:39 pm ET)
A U.S. magistrate judge on Tuesday ordered Apple to comply with FBI requests to help extract data from an iPhone owned by one of the shooters involved in December's terrorist attack in San Bernardino, Calif.


Judge Sheri Pym informed Apple that it must provide specialized software that will allow law enforcement officials to thwart iPhone's built-in security measures, specifically a feature that automatically erases handset data after a certain number of unsuccessful login attempts, the Associated Press reports (via ABC News).

It is unclear whether the iPhone in question is running iOS 8 or iOS 9, both of which feature so-called "strong encryption" that even Apple can't break. The report is also vague on the level to which Apple must participate. From the AP's wording, it appears Apple could be forced to hand over a software package that might be copied and later applied to similarly locked devices, undermining the company's encryption efforts.

Today's ruling comes less than a week after FBI director James Comey said law enforcement technicians have attempted, but so far failed, to access information stored on an iPhone owned by the county, but used by Syed Rizwan Farook. Farook and his wife Tashfeen Malik fatally shot 14 people in a terrorist attack last year before being killed in an ensuing police shootout.

"We still have one of those killers' phones that we haven't been able to open," Comey said at a hearing of the Senate Intelligence Committee last week. "It has been two months now and we are still working on it."

The iPhone model in question has yet to be identified, but Apple's iOS operating system has for years provided password-based and remote data wipe options as part of its security suite. The ability to erase phone data is just one facet of a comprehensive encryption system built to secure a highly sensitive personal information, including passwords, contacts, biometric data, financial data and more. Apple took an extra step with end-to-end encryption in iOS 8, a protocol the company claims even it can't break.

Update: The Washington Post adds detail to today's court order, saying the phone in question is running Apple's latest iOS 9 operating system. Once the auto-wipe feature is deactivated, technicians can conduct a brute force attack to unlock the code, but it is not clear that Apple is capable of such a feat.
Title: Apple faces down the FBI & DoJ
Post by: RE on February 17, 2016, 02:49:53 AM
Apple is facing down the FBI & the DoJ.  This is about the first time I can support Apple on anything.

RE

http://www.macrumors.com/2016/02/17/cook-open-letter-backdoor-fbi-san-bernardino/ (http://www.macrumors.com/2016/02/17/cook-open-letter-backdoor-fbi-san-bernardino/)

Tim Cook: Apple Won't Create 'Backdoor' to Help FBI Access San Bernardino Shooter's iPhone

Wednesday February 17, 2016 1:35 am PST by Husain Sumra
Apple CEO Tim Cook has posted an open letter to Apple customers announcing that the company would oppose an order from a U.S. Federal judge to help the FBI access data on an iPhone 5c used by San Bernardino shooter Syed Farook. Cook says that this moment is one for public discussion, and that the company wants its customers to understand what's at stake.

appleresponse
Cook starts the letter noting that smartphones have become an essential part of people's lives and that many people store private conversations, photos, music, notes, calendars and both financial and health information on their devices. Ultimately, Cook says, encryption helps keep people's data safe, which in turn keeps people's personal safety from being at risk.

He then goes on to say that Apple and its employees were "shocked and outraged" by the San Bernardino attack and that Apple has complied with valid subpoenas and search warrants from federal investigators. Apple has also made engineers available to advise the FBI in addition to providing general advice on how they could go about investigating the case. However, Cook says that's where Apple will draw the line.

    We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

    Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

Cook says that while the government is suggesting that bypassing a feature that disables an iPhone after a certain number of failed password attempts could only be used once and on one device, that suggestion is "simply not true." He says that once created, such a key could be used over and over again. "In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks -- from restaurants and banks to stores and homes," Cook says.

The move, Cook says, would undermine Apple's decades of work on security advancements that keep its customers safe. He notes the irony in asking Apple's security engineers to purposefully weaken the protections they created. Apple says they found no precedent of an American company being forced to expose its customers, therefore putting them at a greater risk of attack. He notes that security experts have warned against weakening encryption as both bad guys and good guys would be able to take advantage of any potential weaknesses.

Finally, Cook says that the FBI is proposing what Apple calls an "unprecedented use" of the All Writs Act of 1789, which authorizes federal courts to issue all orders necessary or appropriate "in aid of their respective jurisdictions and agreeable to the usages and principles of law." The chilling effect of this use, Cook argues, would allow the government power to capture data from any device or to require Apple to create a data collection program to intercept a customer's data, potentially including infringements like using a phone's camera or microphone without user knowledge.

Cook concludes Apple's open letter by saying the company's opposition to the order is not an action they took lightly and that they challenge the request "with the deepest respect for democracy and a love for our country." Ultimately, Apple fears these demands would "undermine the very freedoms and liberty our government is meant to protect."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 17, 2016, 02:55:56 PM
I hope all iPhone users understand that if you fail at entering your password 10 times in a row, the OS will delete ALL your data!  While this is exactly what you want if you are a terrorist with incriminating evidence among that data, it might be more than an inconvenience to most users to have all their data and app settings deleted.

Two implications follow from this.  Either users will choose a password that is easy to remember and key in without mistakes (how about "123456" or "password" ?) rendering the password protection useless, or users will back up their data to somewhere else, protected with less security than iOS provides.

Anyway it is nice to have it confirmed once again that there is encryption that NSA can't crack.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on February 17, 2016, 03:43:19 PM
Anyway it is nice to have it confirmed once again that there is encryption that NSA can't crack.

I tend to agree with that, and it's the first thing I will give Apple the :emthup: for since the original Macintosh.

However, there is another camp on Zero Hedge and here with KD that maintains this is really just a Dog & Pony show and they ALREADY have a back door in to the iOS and they are just using this as a means to get it codified into law that all communications systems have to have a back door for Law Enforcement to go in for cases of "terrorism".

However, if they did that and made it explicit it would absolutely KILL iPhone sales.  Not so much here because you wouldn't have a choice, but in China and Russia.  Nobody over there would buy an Iphone if they knew that the NSA had a back door in, and Samsung and LG would build models for that market.  I'm sure some manufacturer would be willing to sacrifice the 330M potential customers of the FSoA market to provide phones to the 1.3B strong Chinese market instead.  That is a no-brainer.

Then of course there is the high likelihood that App developers would come up with aftermarket encryption systems that circumvent this.  You might say you can't do this because the OS could always have a keystroke recorder, but you could provide an external keyboard that does the encryption and then Bluetooth the already encrypted file over to the phone.  AS long as you can do the encryption on a clean not-web-connected device, I can't see a way to stop this, short of getting rid of BT connectivity.

What I did already in this regard was to install an Android version of GPG4USB on one of the phones I don't use, then after encrypting a file I can BT it over to the phone I do use, which also has GPG4USB on it to do the decryption on that phone if I need to.  I suppose at that point the phone could then send the decrypted file to the NSA unbeknownst to me though.

The Final Decryption Solution is to simply have a MicroComputer dedicated strictly to the task of encryption/decryption which you BT connect to the cell phone.  Only encrypted files go on the cell phone.  When you need to decrypt, you BT it over to the Microcomputer, decrypt and read, answer, encrypt and BT it back over to the phone for transmission over the 4G network or Wi-Fi.

In fact, such a MC/BT/GPG4USB Encryptor would be a nice project for you PY!  :icon_sunny:  It will need a small thumb keyboard, a small screen, BT connectivity and be battery operated.  Let me know when you have a model for Beta Testing!
Title: How to make a Bulletproof and unforgetable, EZ to retrieve password
Post by: RE on February 17, 2016, 04:24:46 PM

Two implications follow from this.  Either users will choose a password that is easy to remember and key in without mistakes (how about "123456" or "password" ?) rendering the password protection useless, or users will back up their data to somewhere else, protected with less security than iOS provides.

Nope. There is a way to make an uncrackable long password you cannot forget.

Here is how you do it.  Take any passage from the Bible or Shakespeare or just any old thing you can remember easily.  For this demonstration, I will use Save As Many As You Can to start the password construction process.

Now I will take that line and encrypt it with GPG4USB, NOT using the same Keys I use for other transmissions of information, it is totally separate from them and on another machine not web connected.  That comes out like this:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hQEMAxs2kIl20LzKAQgApIEMs9rG2AIXQy7tIxPIUQN6tjUfqOz/NX/pmHTR16l4
UsgI9G5NqIuelX4/4l9PCw+PIJPdB0esCZ7INevDSlgcuqFyLD+Om1zeJsFz5kFo
f9NeusoCMi+dE6m9DX8lM1jXy+TCKm9ByORI8MwHo6FLI/8MqOFcRoI6bdTNnvHF
nS6F47+Z6gFDL/VsrzR1167aClHZSMM3cXo+ntr56Dk1+JGaEHEeg4YV1hj4ZsSi
8yC22aoB/eQptzRyuSA8w2/prst0TGdEbv7S6OBTCw1gnDzqcorEUpriblcm/+IO
hPk5jlZfaYbfJGAuOu8fIFMOHoHMHpzEPSATMWUg5NJQAXndyRyFgNwms9bSVtuC
A3QzVRurN9KylWMS8G8U1RQJsS72qhGFa/+MWaAxLnclqEsrpH8VWRVWHpaQkaUN
t6NGiUyGHRmCIXepI30Qwxg=
=mfG1
-----END PGP MESSAGE-----


Now for my Password I use for secure accounts I will use the first line of this encryption.

hQEMAxs2kIl20LzKAQgApIEMs9rG2AIXQy7tIxPIUQN6tjUfqOz/NX/pmHTR16l4

You can't brute force this Password inside the next Million years.

Now, I will need to store this encrypted file on my computer in case I forget the sequence, which since it is really long I doubt I can remember.  So I take this file and store it in a new encrypted file with any old EZ to remember password at all, it could even be 12345.  In order to crack this, the Spook would need to have access to my computer and need to figure out which file of the thousands on my computer has my passwords in it, before he could even try to crack that one.

Obviously, I don't even have to always use the first line, I could choose the second one for some purposes, or a shorter sequence for others. Any randomly chosen 12 character sequence from this would be hard to crack, and that I could memorize easily.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 17, 2016, 05:58:31 PM
Quote
install an Android version of GPG4USB on one of the phones I don't use, then after encrypting a file I can BT it over to the phone I do use, which also has GPG4USB on it to do the decryption on that phone if I need to.

I would suggest not having GPG4USB on the second phone.  That means you need the first phone to encrypt and decrypt.  Since the first phone never goes online or makes a call, it could be even simpler than a standard phone - no camera, no GPS, no SIM slot, no OTG socket, no Android (Lubuntu instead).

This Samsung S390G sells on eBay for $8.50, excluding contract, but locked to Net10 (which you don't care about).  They must be subsidised by Net10 as a loss-leader, making them cheaper than cost.  Start by uninstalling all the junk apps you can, taping over the camera, putting epoxy in the OTG socket and SIM slot.

(https://palloy.earth/images/Samsung.S390G.png)

I don't know how you would go getting it through an airport.
Title: Re: How to make a Bulletproof and unforgetable, EZ to retrieve password
Post by: jdwheeler42 on February 17, 2016, 07:23:31 PM

Two implications follow from this.  Either users will choose a password that is easy to remember and key in without mistakes (how about "123456" or "password" ?) rendering the password protection useless, or users will back up their data to somewhere else, protected with less security than iOS provides.

Nope. There is a way to make an uncrackable long password you cannot forget.

Here is how you do it.  Take any passage from the Bible or Shakespeare or just any old thing you can remember easily.  For this demonstration, I will use Save As Many As You Can to start the password construction process.

Now I will take that line and encrypt it with GPG4USB, NOT using the same Keys I use for other transmissions of information, it is totally separate from them and on another machine not web connected.  That comes out like this:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hQEMAxs2kIl20LzKAQgApIEMs9rG2AIXQy7tIxPIUQN6tjUfqOz/NX/pmHTR16l4
UsgI9G5NqIuelX4/4l9PCw+PIJPdB0esCZ7INevDSlgcuqFyLD+Om1zeJsFz5kFo
f9NeusoCMi+dE6m9DX8lM1jXy+TCKm9ByORI8MwHo6FLI/8MqOFcRoI6bdTNnvHF
nS6F47+Z6gFDL/VsrzR1167aClHZSMM3cXo+ntr56Dk1+JGaEHEeg4YV1hj4ZsSi
8yC22aoB/eQptzRyuSA8w2/prst0TGdEbv7S6OBTCw1gnDzqcorEUpriblcm/+IO
hPk5jlZfaYbfJGAuOu8fIFMOHoHMHpzEPSATMWUg5NJQAXndyRyFgNwms9bSVtuC
A3QzVRurN9KylWMS8G8U1RQJsS72qhGFa/+MWaAxLnclqEsrpH8VWRVWHpaQkaUN
t6NGiUyGHRmCIXepI30Qwxg=
=mfG1
-----END PGP MESSAGE-----


Now for my Password I use for secure accounts I will use the first line of this encryption.

hQEMAxs2kIl20LzKAQgApIEMs9rG2AIXQy7tIxPIUQN6tjUfqOz/NX/pmHTR16l4

You can't brute force this Password inside the next Million years.

Now, I will need to store this encrypted file on my computer in case I forget the sequence, which since it is really long I doubt I can remember.  So I take this file and store it in a new encrypted file with any old EZ to remember password at all, it could even be 12345.  In order to crack this, the Spook would need to have access to my computer and need to figure out which file of the thousands on my computer has my passwords in it, before he could even try to crack that one.

Obviously, I don't even have to always use the first line, I could choose the second one for some purposes, or a shorter sequence for others. Any randomly chosen 12 character sequence from this would be hard to crack, and that I could memorize easily.

RE
Yes, but... it still is not easy to remember.

One option that is really underutilized is the passphrase.  Take that phrase from a passage in the Bible, a Shakespeare play, or your favorite Eminim rap for that matter, and use it directly.  I know they say to use a mix of letters, numbers, and symbols, and to never use words from the dictionary, but that is just talking about the strength of a given length of characters.  A phrase 32 letters long is about as hard to crack as a password of 7-8 random characters, but "We the People of the United States" is much easier to remember than "lk39udKJ".
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on February 17, 2016, 08:34:52 PM
Quote
install an Android version of GPG4USB on one of the phones I don't use, then after encrypting a file I can BT it over to the phone I do use, which also has GPG4USB on it to do the decryption on that phone if I need to.

I would suggest not having GPG4USB on the second phone.  That means you need the first phone to encrypt and decrypt.  Since the first phone never goes online or makes a call, it could be even simpler than a standard phone - no camera, no GPS, no SIM slot, no OTG socket, no Android (Lubuntu instead).

I don't know how you would go getting it through an airport.

If I actually HAD something to hide from the NSA I might consider something like that, but I don't.  I'm NOT a "terrorist", I'm an aging cripple in Alaska!  LOL.  I pose a threat to TPTB that is measured in the Negative Imaginary Numbers.  ::)  If they have a Spook assigned to watching me, they are seriously wasting taxpayer money.

I do these things as a thought experiment to see just how EZ it really is to circumvent this kind of bullshit.  Any REAL terrorist who is not a complete imbecile like the folks who occupied the Wildlife sanctuary should be able to think of these things too, it's not fucking Rocket Science.  Certainly, any decent size state even the fucking Iranians can do better than just using a stock Iphone  for secure communications.  ::)  Back in the day, we even had Iranians in the Blackboard club in Havemeyer, they may wear Towels on their heads but they're not all mathematical imbeciles.

Everything I write is perfectly suitable to put up unencrypted on a PG to R rated website.  Besides that, the total audience is relatively microscopic in the grand scheme of things, although decent enough by collapse website standards.  I don't worry at all about some Spooks listening to my rants, in fact I hope they do, it keeps them occupied and off somebody else's website!  I have much more concern about Hackers, Spammers and Trolls messing with my accounts, and for this I don't need to go completely nuts on the security end, reasonable stuff works well enough.  For this, just passing our passwords across the net end-to-end encrypted is quite sufficient I think.

The whole controversy does elucidate some important things though.  One of them here is that if it is indeed true that Apple does not already have a backdoor in place, Trump can scream all he likes and the DoJ can drop an injucntion on Apple, but they won't be able to break the encryption any better than the NSA can.  You can't force someone to break an unbreakable code if they set up the code protocols to make it unbreakable.  You can waterboard them and rape their children in from of them, they STILL could not help you.

This Newz Propaganda story is not about the CA case at all.  It's about future cases and trying to get such backdoors installed in FUTURE OP systems.  Which they may very well succeed in doing, but the encryption methodology is now well known and you don't need Apple or Samsung or LG or Motorola to do encryption for you automatically, although granted it's easier if it is part of the OP system.  All anybody needs is 3 things:

1 Web connected computer (phone)
1 Web unconnected computer (phone) with nothing on it but your own vetted encryptor
1 Bluetooth or USB connection between the two computers

Like Gunz, high power encryption technology is a secret already out of the bag.  It's available to just about everybody.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 17, 2016, 08:48:11 PM
If the passphrase is "We the peop.................", it is not very safe from the rest of it being guessed (just Google it).  Similarly the content of a PGP message consists only of the characters A-Z, a-z, 0-9, / and + (the Base64Encode set), so if you had to guess what comes after "hQEMAxs2kIl20LzKAQgApIEM" you are at least better off choosing from that 64 character set than if you had to choose from the full 256 character set.

So far better to use the full 256 character set.  Not all characters are printable/displayable/keyable, but they are with the use of colour and a simple convention on colour usage.  Passphrases can be up to 64 characters long (I think, will check), so the best passphrase should be 64 x 8 = 256 bits long with every bit being random, and could be stored in a file buried somewhere deep inside the OS files, like
/usr/lib/xorg/modules/extensions/libglx2.so with permissions 0644 and pointed at by a symlink in /opt/ . Then "cat /opt/xorg" outputs the password, copy-paste into GPG4USB to unlock your private key.

Of course the whole thing falls flat if your computer is compromised, and you should assume your computer is compromised if it has ever been out of your control, like left in a hotel room while you are out drinking ("evil maid" scenario), or taken away for examination by airport authorities (see "Fear and Loathing in Portland #8).

If I was a terrorist I would NEVER go through an airport.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 17, 2016, 09:15:12 PM
Quote
if it is indeed true that Apple does not already have a backdoor in place, Trump can scream all he likes and the DoJ can drop an injucntion on Apple, but they won't be able to break the encryption any better than the NSA can.

That's not the point.  The private keys are on file, encrypted by iOS, so if you can get iOS running, you can access the keys.  The roadblocks are the password to switch the iPhone on, and the passphrase to unlock the private key.  They can brute force the latter, but they can't brute force the iOS password - ten failed tries and it wipes everything.  NSA are asking for an iOS with the front door unlocked, not a backdoor.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on February 18, 2016, 02:16:44 AM

Of course the whole thing falls flat if your computer is compromised, and you should assume your computer is compromised if it has ever been out of your control, like left in a hotel room while you are out drinking ("evil maid" scenario), or taken away for examination by airport authorities (see "Fear and Loathing in Portland #8).


How about you bury your passphrase under one of the 1000s of pics you have in your computer, after you have encrypted the passphrase with a different key buried under another pic?  You could go several pictures deep with this and you would have to know the sequence of pics in order to do all the decryptions correctly.

I can't see how you could even automate that to brute force it.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on February 18, 2016, 03:27:56 AM
Of course the whole thing falls flat if your computer is compromised, and you should assume your computer is compromised if it has ever been out of your control, like left in a hotel room while you are out drinking ("evil maid" scenario), or taken away for examination by airport authorities (see "Fear and Loathing in Portland #8).

If I was a terrorist I would NEVER go through an airport.

Got this problem solved.

To make it much stronger, you can take a passphrase and do an old fashioned cypher on it.

Start with a phrase of 20 characters or less.

SAVEASMANYASYOUCAN

Next, substitute a 3 digit number for each letter, starting at a random number you remember, like 666 for A.

Now your original passphrase of 20 characters (actually 18 for the example) has 54 numbers.

Next make a rule for each succeeding letter, like -1 for the first digit, +3 for the last.  So B would be 569.  C would be 472.

So the word CAB would be

472666569

Now get Tricky and substitute Special Characters for a numbers that show up often.  For instance,  put the & or $ sign anywhere there is a 6 in alternating order.

Now it looks like

472&$&5$9

Finally, for the Piece de Resistance, Transpose a couple of numbers, like say the 2nd number from the beginning with the last number.

So now it looks like

492&$$&5$7

This completely bollixes up all the 3 number sequences through all 50-60 characters.

This is now your passphrase.

To be able to reconstruct it, all you have to remember is the original phrase, and your 3 rules for jumbling it up.  A brute force attack knows none of your rules, all it sees is an apparently random series of numbers and special characters.

On your trip through airport security, say they do go through your files and find something encrypted.  Put your encrypted stuff in your download folder.

You claim ignorance of the file.  “I have no idea what that is.  Maybe malware downloaded it, I don't know?”

Nowhere on your computer is there information stored on what the passphrase is or how it was constructed.  This only exists in your head, it can't be hacked out, only tortured out perhaps, but if you claim ignorance of the file to begin with, unless you are otherwise really suspect of nefarious deeds, they will probably not torture you to try to decrypt a file you claim to know nothing about.

The example above is just one way to do this sort of thing.  The point is you can generate a very long and complex passphrase with just a few simple rules you can remember, so you don't need to store the passphrase on your computer at all.  This locks up all files using this passphrase and there is no way to break it other than brute force (or torture of course).

RE

Title: New Password Construction Method
Post by: RE on February 18, 2016, 04:03:55 AM
OK, I just had a BRAINSTORM on how to create an unnbreakable passwprd or phrase requiring only ONE rule you need to remember!

Here is a password constructed with the NEW method  :icon_sunny:

2X#c4V%b6N&m

This is an extremely simplified one to see if any of the other cyber security paranoids here can figure out the methodology, which can be altered in numerous ways to make your own rule.  I would NEVER use the rule I used for this one, it's just too EZ once you understand the concept.

I am interested to see if anyone can even guess the concept.  I set this one up with a rule that makes it possible to figure out the concept, if not the password.

Good Luck!

RE
Title: FBI asked San Bernardino to reset the password for shooter’s phone backup
Post by: RE on February 20, 2016, 11:42:57 PM
Never forget "The Cloud" is out there copying everything.

(http://www.marlabs.com/sites/default/files//cloud-computing-2.png)

RE

https://www.washingtonpost.com/world/national-security/fbi-asked-san-bernardino-to-reset-the-password-for-shooters-phone-backup/2016/02/20/21fe9684-d800-11e5-be55-2cc3c1e4b76b_story.html (https://www.washingtonpost.com/world/national-security/fbi-asked-san-bernardino-to-reset-the-password-for-shooters-phone-backup/2016/02/20/21fe9684-d800-11e5-be55-2cc3c1e4b76b_story.html)

National Security
FBI asked San Bernardino to reset the password for shooter’s phone backup

(https://img.washingtonpost.com/rf/image_1484w/2010-2019/WashingtonPost/2016/02/21/National-Security/Images/05173006-708.jpg?uuid=NNKnpNguEeW-VSzDweS3aw)
The Justice Department is in high-stakes battle with Apple over whether the government can use the courts to force Apple to create software to help it unlock a customer’s iPhone. (Erik S. Lesser/EPA)

By Ellen Nakashima and Mark Berman February 20 at 9:20 PM

In the chaotic aftermath of the shootings in San Bernardino, Calif., in December, FBI investigators seeking to recover data from the iPhone of one of the shooters asked a technician in the California county to reset the phone’s iCloud password.

But that action foreclosed the possibility of an automatic backup to the Apple iCloud servers that might have turned up more clues to the origins of the terrorist attack that killed 14 people.

“The county and the FBI were working together cooperatively to obtain data, and at the point when it became clear the only way to accomplish the task at hand was to reset the iCloud password, the FBI asked the county to do so, and the county complied,” David Wert, a spokesman for San Bernardino County, said in an email.

The Justice Department disclosed the apparent misstep in a court filing Friday, which is part of a larger, high-stakes battle over whether the government can use the courts to force Apple to create software to help it unlock a customer’s iPhone — in this case, one used by Syed Rizwan Farook. Farook, a county health worker, and his wife were killed in a firefight with police hours after the Dec. 2 attack.

[Why Apple is in a historic fight with the government over one iPhone.]
Apple chief executive Tim Cook, shown here in a 2013 appearance before a Senate committee, has pledged to fight an order to help the federal government access data officials believe is stored on the iPhone linked to the San Bernardino terrorists. (Shawn Thew/EPA)

“This was happening hours after the worst terror attack since 9/11, and there were still credible reports of a third shooter,” said a federal law enforcement official, speaking on the condition of anonymity to discuss an ongoing investigation. “It was a very dynamic time, and the number one priority was figuring out what happened and if there were more attacks coming.”

According to senior Apple executives, the FBI’s first call to Apple for help came on Saturday, Dec. 5, at 2.46 a.m. With a subpoena, the bureau obtained subscriber data and other details. On Sunday, the FBI, with a warrant, obtained data from Farook’s iPhone that had been backed up to iCloud. That backup contained information only through Oct. 19, six weeks before the attack.

The same Sunday, the FBI asked the county for help in retrieving data from the phone, Wert said in an interview. “So the county said we could get to the information on the cloud if we changed the password or had Apple change the password,” he said. “The FBI asked us to do that, and we did.”

It is not clear why the FBI needed to reset the password if it was able to obtain the backed-up data from Apple.

Nonetheless, by resetting the password, the county, which owned Farook’s phone, and the FBI eliminated the possibility of seeing whether additional data beyond Oct. 19 might be recovered from the phone through the auto-backup feature, experts said.

The FBI in a court filing said Farook “may have disabled” the auto-backup. But, tech experts said, there might be other reasons the phone did not back up: It was not near a WiFi network it was familiar with, such as his home or workplace, or it was not turned on long enough to back up. With the password changed, it is impossible to know.

“Even though it has been reported that the iCloud backups were disabled, there still is data that may have been recoverable,” said security expert Dan Guido, chief executive of Trail of Bits. Depending on the phone’s settings, it might have synched notes, emails, address books — perhaps geolocation data — with the company’s network.
Why Apple refuses to hack into the San Bernardino shooter's iPhone
Play Video1:32
Apple CEO Tim Cook released a statement arguing against the FBI's recent order to hack into the San Bernardino shooter's iPhone 5c. See why he and Apple are refusing to do so. (Jhaan Elker/The Washington Post)

In a statement Saturday night, an FBI spokesperson said the bureau’s goal “was, and still is,” to extract as much evidence as possible from the phone. Tests previously conducted by the FBI showed that “direct data extraction” from Apple’s mobile devices often yields more data than an iCloud backup, the spokesperson said.

“Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible” without Apple’s help, the spokesperson said.

The showdown between Apple and the government arises out of the FBI’s inability to recover data from Farook’s phone, especially for the weeks prior to the attack. The Justice Department on Tuesday got a federal judge to order Apple to build software to override an auto-wipe feature on the phone that deletes data after 10 failed tries to enter a password. The FBI could then try to crack the phone’s password by “brute force,” making many attempts without risking the wiping of the data.

Apple chief executive Tim Cook said the firm would challenge the order, warning that it would set a “chilling” precedent that could lead to more invasive requests for data. On Friday, the Justice Department fired back, charging that Apple’s stance was motivated by “marketing” concerns as it promotes itself as a protector of consumer privacy.
Title: Apple to argue First Amendment rights in FBI decryption battle
Post by: RE on February 24, 2016, 02:51:13 AM
http://appleinsider.com/articles/16/02/24/apple-to-argue-first-amendment-rights-in-fbi-decryption-battle (http://appleinsider.com/articles/16/02/24/apple-to-argue-first-amendment-rights-in-fbi-decryption-battle)

Apple to argue First Amendment rights in FBI decryption battle

By Mikey Campbell   
Tuesday, February 23, 2016, 10:17 pm PT (01:17 am ET)
As expected, Apple intends to argue its First Amendment rights as part of a multi-pronged legal strategy designed to flout a court order compelling the company unlock an iPhone linked to last year's San Bernardino shootings.

(http://photos2.appleinsidercdn.com/gallery/15988-12551-15944-12507-15924-12483-iphone-5c-color-lineup-l-l-l.jpg)

Theodore Boutrous, Jr., one of two high-profile attorneys Apple hired to handle its case, said a federal judge overstepped her bounds in granting an FBI motion that would force the company to create a software workaround capable of breaking iOS encryption, reports the Los Angeles Times.

Specifically, U.S. Magistrate Judge Sheri Pym last week ordered Apple to help FBI efforts in unlocking an iPhone 5c used by San Bernardino shooting suspect Syed Rizwan Farook, a directive that entails architecting a bypass to an iOS passcode counter. Government lawyers cited the All Writs Act of 1789 as a legal foundation for its request, a statute leveraged by the FBI in at least nine other cases involving iOS devices.

While the act itself is 227 years old, lawmakers have updated the document to cover a variety of modern concerns, most recently as applied to anti-terrorism operations. In essence, All Writs is a purposely open-ended edict designed to imbue federal courts with the power to issue orders when other judicial tools are unavailable.

A 1977 Supreme Court reading of the All Writs Act is often cited by law enforcement agencies to compel cooperation, as the decision authorized an order that forced a phone company's assistance in a surveillance operation. In Apple's case, however, there is no existing technology or forensics tool that can fulfill the FBI's ask, meaning Apple would have to write such code from scratch.

"The government here is trying to use this statute from 1789 in a way that it has never been used before. They are seeking a court order to compel Apple to write new software, to compel speech," Boutrous told The Times. "It is not appropriate for the government to obtain through the courts what they couldn't get through the legislative process."

Boutrous intimated that the federal court system has already ruled in favor of treating computer code as speech. In 1999, a three-judge panel of the 9th U.S. Circuit Court of Appeals, which covers California, ruled that source code relating to an encryption system was indeed protected under the umbrella of free speech. That opinion was later rendered moot, however, meaning there is no direct legal precedent to support Apple's arguments.

The comments expressed by Boutrous echo those of Apple CEO Tim Cook, who earlier this week called for the government to drop its demands and instead form a commission or panel of experts "to discuss the implications for law enforcement, national security, privacy and personal freedoms."

Apple is scheduled to file its response to last week's order on Friday.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on February 24, 2016, 08:51:31 AM
Assume (for a moment) that the San Bernardino shootings were in fact sponsored by the deep state to cultivate hatred for Moslems so plans to aggressively redraw the political boundaries of the Middle East garner popular support.  Then info in this cell phone is made up, is part of the plan, and the Apple brouhaha is nothing more than theatre.

Theatre to give any untraceable information revealed validity.  The authenticity of digital bits can't be verified but having to go through complicated layers of security and procedures to extract them will give them the smell of reality.  Paper documents can be examined, x-rayed, and put under a microscope.  Forgeries can be detected.  Not so with digital bits who's authenticity must be taken on faith.

The moment of pretending is over now.  The thought experiment of assuming the San Bernardino shootings are a false flag is finished.  Now go out in the field and chomp on some more grass.

(http://il4.picdn.net/shutterstock/videos/2671787/thumb/1.jpg)
Title: Apple Is Said to Be Trying to Make It Harder to Hack iPhones
Post by: RE on February 24, 2016, 05:00:27 PM
Bottom line: As long as there is a means to reset passwords without the user's permission, you can't have a secure system.  The user has to give up the feature of having the manufacturer be able to reset the password for secure data.

Data could be isolated from the OP system though with a separate password structure, so the phone op system could be updated without violating the security of data held on the phone.

However, trusting any of these companies or Da Goobermint to tell the truth on what is isolated and what is secure is a fool's game.

If you have data you don't want accessed by anyone, do analog encryption with a good cypher.  It's a bit tedious, but it is unbreakable.

RE

http://www.nytimes.com/2016/02/25/technology/apple-is-said-to-be-working-on-an-iphone-even-it-cant-hack.html?_r=0 (http://www.nytimes.com/2016/02/25/technology/apple-is-said-to-be-working-on-an-iphone-even-it-cant-hack.html?_r=0)

Apple Is Said to Be Trying to Make It Harder to Hack iPhones

By MATT APUZZO and KATIE BENNERFEB. 24, 2016

(http://static01.nyt.com/images/2016/02/25/business/25security1/25security1-master675.jpg)
New York police officers stood guard during a demonstration outside the Apple store on Fifth Avenue on Tuesday.

WASHINGTON — Apple engineers have already begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.

If Apple succeeds in upgrading its security — and experts say it almost surely will — the company would create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year’s San Bernardino, Calif., rampage. The F.B.I. would then have to find another way to defeat Apple security, setting up a new cycle of court fights and, yet again, more technical fixes by Apple.

The only way out of this back-and-forth, experts say, is for Congress to get involved. Federal wiretapping laws require traditional phone carriers to make their data accessible to law enforcement agencies. But tech companies like Apple and Google are not covered, and they have strongly resisted legislation that would place similar requirements on them.

“We are in for an arms race unless and until Congress decides to clarify who has what obligations in situations like this,” said Benjamin Wittes, a senior fellow at the Brookings Institution.

Companies have always searched for software bugs and patched holes to keep their code secure from hackers. But since the revelations of government surveillance made by Edward J. Snowden, companies have been retooling their products to protect against government intrusion.

Apple built its recent operating systems to protect customer information. As its chief executive, Timothy D. Cook, wrote in a recent letter to customers, “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

But there is a catch. Each iPhone has a built-in troubleshooting system that lets the company update the system software without the need for a user to enter a password. Apple designed that feature to make it easier to repair malfunctioning phones.

In the San Bernardino case, the F.B.I. wants to exploit that troubleshooting system by forcing Apple to write and install new software that strips away several security features, making it much easier for the government to hack into the phone. The phone in that case is an old model, but experts and former Apple employees say that a similar approach could also be used to alter software on newer phones. That is the vulnerability Apple is working to fix.

Apple officials alluded to this in a conference call last week when a journalist asked why the company would allow firmware — the software at the heart of the iPhone — to be modified without requiring a user password. One executive replied that it was safe to bet that security would continue to improve, and someone close to the company confirmed this week that Apple engineers had begun work on a solution even before the San Bernardino attack. A company spokeswoman declined to comment on what she called rumors and speculation.

Independent experts have offered possible solutions in both public forums and private, informal conversations with the company over the last few weeks. “There are probably 50 different ideas we have all sent to Apple,” said Jonathan Zdziarski, a security researcher.

Apple regularly publishes security updates and gives credit to researchers who hunt for bugs in the company’s software. “Usually, bug reports come in an email saying, ‘Dear Apple Security, we’ve discovered a flaw in your product,’ ” said Chris Soghoian, a technology analyst with the American Civil Liberties Union. “This bug report has come in the form of a court order.”

The court order to which Mr. Soghoian referred was issued last week by a federal judge magistrate, and tells Apple to write and install the code sought by the F.B.I. Apple has promised to challenge that order. Its lawyers have until Friday to file its opposition in court.

In many ways, Apple’s response continues a trend that has persisted in Silicon Valley since Mr. Snowden’s revelations. Yahoo, for instance, left its email service unencrypted for years. After Mr. Snowden revealed how the National Security Agency exploited the company, the company quickly announced plans to encrypt email. Google similarly moved to fix a vulnerability that the government was using to hack into company data centers.

(http://static01.nyt.com/images/2016/02/25/business/25security2/25security2-articleLarge.jpg)
James B. Comey Jr., director of the F.B.I., said the government is not seeking a skeleton key to iPhones. Credit Drew Angerer for The New York Times

Apple’s showdown with the Justice Department is different in one important way. Now that the government has tried to force Apple to hack its own code, security officials say, the company must view itself as the vulnerability. That means engineers will have to design a lock they absolutely cannot break.

The owner of the phone, San Bernardino County gave it's consent to Apple to open the phone. I guess there won't be any repercussions if we...
MDCooks8 4 minutes ago

So as Apple continues to strength encryption, doesn't this send a message that currently there is a way in, that both law enforcement and...
HAL 4 minutes ago

Do you not see what the logical conclusion will be ? If man builds machines that by design man cannot ultimately control, how long will it...

“This is the first time that Apple has been included in their own threat model,” Mr. Zdziarski said. “I don’t think Apple ever considered becoming a compelled arm of the government.”

The F.B.I. director, James B. Comey Jr., signaled this week that he expected Apple to change its security, saying that the phone-cracking tool the government sought in the San Bernardino case was “increasingly obsolete.” He said that supported the government’s argument that it was not seeking a skeleton key to hack all iPhones.

Apple, though, says the case could set a precedent for forcing company engineers to write code to help the government break any iPhone. “The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Mr. Cook said in his letter.

The heated back-and-forth between the government and technology companies is, at least in part, a function of the Obama administration’s strategy. The White House has said it will not ask Congress to pass a law requiring tech companies to give the F.B.I. a way to access customer data. That has left the Justice Department to fight for access one phone at a time, in court cases that often go unnoticed.

While it is generally accepted that Silicon Valley’s tech giants can outgun the government in a technical fight, the companies do face one important limitation. Security features often come at the expense of making products slower or clunkier.

Apple’s brand is built around creating products that are sleek and intuitive. A security solution that defeats the F.B.I. is unworkable if it frustrates consumers. One of the impediments to encrypting all the data in Apple’s iCloud servers, for instance, has been finding a way to ensure that customers can easily access and recover photos and other information stored there.

“Telling a member of the public that they’re going to lose all the family photos they’ve ever taken because they forgot their password is a really tough sell,” Mr. Soghoian said. “A company wants to sell products to the public.”

Matt Apuzzo reported from Washington and Katie Benner from San Francisco.

Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 24, 2016, 09:31:09 PM
If the encryption is done by anybody else other than by you, then the encryption is not secure.  But that needn't be difficult or clunky to use, if the OS is written in the right way.  Linux's LUKS encrypted file system needs a separate password each time the OS is booted, and if it is not given, the unencrypted files are not mounted (not available).  Once the password is entered, the encryption becomes invisible and the unencrypted files become usable in the usual way.

If the password (that unlocks the encryption private keys) is known to anyone else, or is written down, or recorded in a file on the computer or another device, then Governments can ultimately get it and break the encryption.  So it has to be a random string of keyable characters and memorized.

On my keyboard the 94 character set is:
`1234567890-=~!@#$%^&*()_+qwertyuiop[]\QWERTYUIOP{}|asdfghjkl;'ASDFGHJKL:"zxcvbnm,./ZXCVBNM<>?
and I would guess many people wouldn't even know the names of some of those characters, so wouldn't use them.
However all we really want is a string of bits, so considering those bits grouped in 6s, we only need the alphanumeric set:
A-Z, a-z, 0-9

So a string 12 characters long has 62^12 = 3.2262667624e+21 combinations. 
If the NSA could brute-force passwords at the rate of a trillion per second, it would take 149 years to run through them all.  On average, 75 years to get a hit.

<?php
$hash = file_get_contents( "/LUKS/hashed-password" );
$input = "p7Gh4Mk3dE2b";
if(hash_equals($hash, hash(SHA256, base64_decode($input), true))) { print "We're in !"; }
?>

Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on February 24, 2016, 10:08:57 PM
I agree with most of what you said except this part:

sable in the usual way.

If the password (that unlocks the encryption private keys) is known to anyone else, or is written down, or recorded in a file on the computer or another device, then Governments can ultimately get it and break the encryption.  So it has to be a random string of keyable characters and memorized.


The fact is you don't have to memorize a string of characters.  You just need to memorize a couple of rules that allow you to generate the same string of characters every time you use those rules.  I can generate a character string with 10100 possibilities with just a couple of rules, and that is not counting jacking in nonsense random characters to the string.

As long as it is you and only you who knows the rules, it is unbreakable.  As soon as tyou pass on the rules to somebody else, your security is highly compromised for numerous reasons, not the least of which is your best friend and most trusted confidant is liekly to spill the beans if he is tortured enough or bribed enough, or both.  So you can't ever use the same passwords and same rules with any trusted confidant, each one has to have a separate set of rules.

To keep all those rules tidy, you need another file only YOU know the password for,again generated in such a way it is one-time-pad compliant and cannot be broken.

You can further layer this by encrypting again the rule sets, so that even if the first layer was broken after 150 years of supercomputer time, they would have to start all over again with the next layer.  Jack in a few thousand nonsense files into the encrypted folder, and the decryptor is in a world of shit.

The big trick here on the analog level is to be able to generate complex passwords that you can decrypt easily if you know the rules.  That's the trick I set up.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 24, 2016, 10:35:50 PM
Yes, but all the obfuscation is unnecessary.  You have to remember SOMETHING, and that something has a corresponding number of bits of information associated with it, after all the flim-flam and redundant stuff has been eliminated.  A 12 character alphanumeric string has 72 bits of information.  If your method uses less, then it will be easier to remember, but it won't be as secure.  The hash(SHA256, ...) function has all the obfuscation you need already built into it, no need to add more.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on February 24, 2016, 10:47:26 PM
Yes, but all the obfuscation is unnecessary.  You have to remember SOMETHING, and that something has a corresponding number of bits of information associated with it, after all the flim-flam and redundant stuff has been eliminated.  A 12 character alphanumeric string has 72 bits of information.  If your method uses less, then it will be easier to remember, but it won't be as secure.  The hash(SHA256, ...) function has all the obfuscation you need already built into it, no need to add more.

How do you eliminate the flim-flam if you have no idea what is flim flam and what is not?

Of course you must remember SOMETHING, the trick is to make the something you have to remember quite easy, but what it generates is exceedingly complex.  A HASH function can do this for you, but it requires a computer to do it.  I am working entirely analog, no digital help at all.  I can encode everything without ever even turning on the computer, and only keyboard in AFTER I have encoded.  It's completely unbreakable, short of torturing me.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on February 25, 2016, 12:24:28 AM
A personal layer of encryption.

Choose three or more commonly used characters and assign them numbers. Train yourself to translate on the fly something like this.

Grizzly Bears shit in the woods.

By a few simple rules.

Choose 'h-7' 'r-3' and 'i-2' as a representative choice of simple rules.  You pick your own rules and practice using them privately.  Leave no evidence.  You memorize these and use them consistently.

Now if you need a pass-phrase you translate on the fly.

Grizzly Bears shit in the woods.

becomes:

Gr2zzly Bea3s s72t 2n the woods.

Unless someone is watching your keyboard they won't know how to enter your password even if they found

Grizzly Bears shit in the woods.

on a scrap of paper.

A key-logger could expose your rules so the system isn't perfect but all that would do is reduce you to average security.  The same level of security you would have under the same circumstances if you used no rules at all, just the pass phrase.  The procedure adds an extra layer of security as long as you keep the secret of your rules.  A good idea would be to add some rules beyond simple number substitution.

The thought occurs that if you had a comprehensive enough set of rules your original phrase might be well disguised.  It would be difficult to guess and without a copy of the original pass phrase rather difficult to decode.

As a pure system what I am describing is flawed but on top of existing security it provides another layer a snoop would have to deal with.  Someone would have to be highly motivated to learn your secrets which you can effortlessly employ with your memorized rules.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 25, 2016, 12:49:05 AM
The flim-flam in using alphanumerics as if they were a string of random bits is the fact that 2 bits of the 8 are not being used (always 0).  By passing them thru base64_decode($input, $output) this compacts the data to use all the bits.  It is the number of random bits that gives the degree of difficulty on decryption.

Any paper and pencil method can be programmed to be done on a computer as well.  Doing rule-based manipulations are what computers are really good at, and way more accurate than people.  But they need some input to get started with.  So hash(SHA256, $input) takes all its randomness as $input (a string of random bits) and the manipulations are all standardised, public and well-tested, and have no randomness in them.  There are other hash functions, like hash(SHA-128, ...) but the same kind of thing applies.

So lets call your method hash(RE, ...) and the same thing will apply to it.  You are saying you are "remembering the rule", but really you are applying a generalised rule, with specific rule values plugged in, and those values representing the randomness in the process.   

It is far easier to have all the randomness up front, and all the rules fixed, with no randomness in the rules.  Then you can assess the randomness more easily.

Either way, if the randomness amounts to 10100, which is about 330 bits, then it far too unbreakable, and one way or another you are having to remember too much.  Somehow though, I think your estimate is too high, maybe because your method is so convoluted that its hard to gauge the true randomness of it.  Without the actual rules, I can't say more, but the principle won't change.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 25, 2016, 12:54:15 AM
Quote
Gr2zzly Bea3s s72t 2n the woods.

Er, it that my password?
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on February 25, 2016, 04:49:08 AM
Any paper and pencil method can be programmed to be done on a computer as well.

Of course.  The point of doing your encryption by hand PRIOR to using a computer is there is no way to compromise it.  No keystroke recorder, no remote screen sensor, nada.

Quote
Either way, if the randomness amounts to 10100, which is about 330 bits, then it far too unbreakable, and one way or another you are having to remember too much.  Somehow though, I think your estimate is too high, maybe because your method is so convoluted that its hard to gauge the true randomness of it.  Without the actual rules, I can't say more, but the principle won't change.

No, there is very little I have to remember, I just need to have pencil and paper to be able to do the encoding/decoding.  I can make that process quicker by making my Secret Decoder Device.  ;D  Of course, I then need to destroy my SDD immediately after doing an encoding or decoding, because if found it would simplify (although not reveal) the process of encoding.  In terms of estimating the randomness, you are right that it's hard to do but in terms of possibilities it depends entirely on how long the string is.  With no idea of the rule set, all the computer can do is brute force go through every possibility.  For a 64 character string with 62 choices for each character (upper case, lower case and numbers), that is 6264, or 5 X 10114.  In fact it's more than that because you don't have to use all 64 characters, you have to add in all the possibilities for shorter strings contained within the 64 characters.  I can in fact add in special characters to make an even bigger set, but why bother?  It's already basically unbreakable.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on February 25, 2016, 08:07:27 AM
Quote
Gr2zzly Bea3s s72t 2n the woods.

Er, it that my password?

Yes that is what you would actually type but all you have to remember is 'Grizzly Bears shit in the woods' because you will be so good at making your personal substitutions that you easily make the substitutions as you type using rules not written down or recorded anywhere and which nobody else knows.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 25, 2016, 01:53:05 PM
K-dog
If that is an actual example, I think I can tell what your original string was and what the substitution rules were quite easily.  It would only make sense if the original string was itself a random string, and then the substitution rules would be unnecessary.

That makes me think I have misunderstood the nature of the problem you are trying to solve.  One problem is encrypting a string of plaintext, and having someone else decrypt it - OpenPGP (implemented by GPG4USB or Gpa) seems to be the best solution for that.  A second problem is entering a password to match an existing password on file, and creating that password in the first place - this might be the password that protects your OpenPGP private key.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on February 25, 2016, 02:25:36 PM
Quote
RE: With no idea of the rule set, all the computer can do is brute force go through every possibility

Every possibility of what?  I've lost track of the problem you are trying to solve (if you ever stated it clearly).  Are these "jumbles" examples of what you are talking about, or is that something different?  I am trying to follow you, but you seem to be jumping about, as well as being mysterious, which should be unnecessary (I would have thought).

I'll buy one of your SDDs - you can take the money out of my 'writing on screen' app earnings.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on March 02, 2016, 12:14:38 AM
As I mentioned, one way to break this system by Brute Force would be through parallel processing, taking Mirror Copies of the hard drive and then running them each through a Supercomputer.

It seems somebody is reading Diner suggestions and now Apple themselves suggested exactly this tactic to the FBI.  ::)

There is little doubt in my mind now that Apple could crack this in an instant, they certainly have the hardware codes for the device to do it. They also now hint their own code can be broken through parallel processing, which the FBI certainly knows how to do, so their protestations they can't break the phone security are also a crock of shit.

This is a total Dog & Pony Show.

RE

http://www.pcworld.com/article/3039743/security/the-fbi-should-try-to-unlock-a-shooters-iphone-without-apples-help-a-lawmaker-says.html (http://www.pcworld.com/article/3039743/security/the-fbi-should-try-to-unlock-a-shooters-iphone-without-apples-help-a-lawmaker-says.html)

The FBI should try to unlock a shooter's iPhone without Apple's help, a lawmaker says
It may be possible for investigators to make multiple copies of the hard drive on an iPhone used by the San Bernardino mass shooter.
160301 fbi comey   
James Comey, director of the FBI, speaks at a House Judiciary Committee hearing in Washington, D.C., on March 1, 2016. Credit: USG/IDGNS

8Comments
Grant Gross
IDG News Service

    Mar 1, 2016 3:22 PM

The FBI might be able to copy the hard drive of an iPhone used by a mass shooter without triggering the device’s auto-erase functions, thus eliminating the agency’s need to take Apple to court, a company executive said Tuesday.

Instead of forcing Apple to help defeat the iPhone password security that erases the device’s contents after 10 unsuccessful attempts, it may be possible to make hundreds of copies of the hard drive, said Bruce Sewell, Apple’s senior vice president and general counsel.

Apple doesn’t know the condition of the iPhone used by San Bernardino mass shooter Syed Rizwan Farook, so it’s unclear if mirroring the hard drive would work, but it’s possible, Sewell said during a congressional hearing.

The suggestion that the FBI attempt to copy the iPhone’s hard drive first came from Representative Darrell Issa, a California Republican and former car-alarm entrepreneur.

The design of the older model iPhone 5c may allow investigators to remove its hard drive and make multiple copies, Issa said. Investigators could then run 10 password attempts on each copy until they found the correct password, he said.

“The FBI is the premier law enforcement organization, with laboratories that are second to none in the world,” Issa told FBI Director James Comey. “Are you testifying today that you and/or contractors that you employ could not achieve this without demanding that an unwilling partner do it?”

The FBI has explored other options and found none that it believes will work without Apple’s assistance in defeating the password protection, Comey said. “We have engaged all parts of the U.S. government” to find ways to gain access to information on the phone without Apple’s help, he said. “If we could have done this quietly and privately, we would have done it.”

Sewell and Comey both faced tough questions during the hearing, which was focused on the pending court case and on smartphone encryption. Both men largely repeated their talking points from the long-running debate on device encryption, but lawmakers seemed split on whether Apple should honor the FBI’s request and Magistrate Judge Sheri Pym’s Feb. 16 order requiring the company to comply.

Apple has resisted the court order and called for Congress to set encryption policy, but it hasn’t proposed any specific actions, noted Representative Jim Sensenbrenner, a Wisconsin Republican. If Congress acted, it might force Apple to aid in similar investigations.

“I don’t think you’re going to like what’s going to come out of Congress,” Sensenbrenner said. “All you’ve been doing is saying, ‘no, no, no, no.’”

Apple ultimately will follow the law, Sewell said. “What we’re asking for, Congressman, is a debate on this,” he said. “I don’t have a proposal, I don’t have a solution for it, but what I think we need to do is give this an appropriate and fair hearing.”
‘Evidence-free zones’

Critics of Apple’s position suggested the company is ignoring public safety issues.

Apple and Google, by enabling encryption by default on smartphones running their OSes, are, in effect, setting a U.S. policy that values customer privacy over national security and criminal prosecutions, said Cyrus Vance Jr., district attorney for New York County in New York.

Smartphone security and encryption will eventually lead to a serious problem when entire segments of suspects’ lives are shielded from police, Comey told lawmakers.

“I have colleagues and others who are advocating for these evidence-free zones,” added Representative Trey Gowdy, a South Carolina Republican. “There are just going to be compartments of life where [law enforcement agencies] are precluded from going to find evidence of anything ... no matter how compelling the government’s evidence is.”

Several other lawmakers questioned the FBI’s demands, saying a court order requiring Apple to write new code to defeat the phone’s security could lead to hundreds of similar requests. Vance, the New York prosecutor, said his office is now in possession of 205 locked smartphones that could be used as evidence in criminal cases.
"“There’s already a door on that phone,” FBI Director James Comey said. “Essentially, we’re asking Apple, ‘Take the vicious guard dog away, let us pick the lock.’”"

Criminals will find ways to exploit mandated holes in encryption, said Representative Zoe Lofgren, a California Democrat. While the FBI worries about “a world where everything is private, it may be that the alternative is nothing is private,” she said.

During the hearing, Comey acknowledged the FBI made a mistake when it asked San Bernardino County, the owner of the phone, to change the password soon after the mass shooting there in December.
World Tech Update
FBI director admits mistake in San Bernardino iCloud reset   (1:30)

Comey disputed the suggestion that the FBI was asking for an encryption key or a backdoor into the phone. “There’s already a door on that phone,” he said. “Essentially, we’re asking Apple, ‘take the vicious guard dog away, let us pick the lock.’”
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 02, 2016, 06:15:58 AM
Quote
taking Mirror Copies of the hard drive and then running them each through a Supercomputer.

That's just a guess from "a California Republican and former car-alarm entrepreneur", not what Apple says.  We know that apart from the hard drive, there is a TPM chip which holds the phone's hardware ID.  You need both the password AND the ID, AND the algorithm by which they entangled to create the encryption key (an AES key).  And the ID won't be stored in the chip in the clear, it will be hashed somehow.

So there are two brute forces necessary, plus the entanglement algorithm.  Now the FBI must know all that, and yet they can't achieve it.  Suspicious? - not really.

What is suspicious is that this case is a clear-cut Islamic terrorism case (well, seems to be anyway).  It is the perfect case to take to court as a test case.  Once they can get the court to say "yes", it will set a precedent for forcing Apple to break other phones, and Google too.  They might bring the case even if they know the drive contains no useful data.





Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on March 02, 2016, 09:04:31 AM
Quote
What is suspicious is that this case is a clear-cut Islamic terrorism case (well, seems to be anyway).

All the behind the scenes nudges, man-made production of extraordinary luck and financial help dispensed by shadowy figures in backpacks will pay off once the Supreme Court ruling comes down that encrypted communications may be cracked without warrant.  O-man has to stuff a deep state lackey on the bench first but that is icing on the cake.

Don't get me wrong, Syed Rizwan Farook and his wife died thinking they were real terrorists and indeed they were.  But seriously if you are an American Moslem you don't get to go to Saudi Arabia and bring back a wife without being put under extreme and surreptitious scrutiny.  The logical end of this obvious fact is that you are not going to be able to pull off a terrorist massacre without it being sanctioned first.

If a few people have to die that is a small price to pay to get the legal sanction of being able to legally de-encrypt encrypted communications at will.  I don't think that way but the deep state does.  This dog and pony show suggests that the FBI does indeed already have the ability to unlock this phone but they want to be able to do it legally so the results or whatever they claim the results to be can be used as they wish.  It would have been easy for the FBI to get this phone unlocked if it was done surreptitiously.  Apple and all other corporations cooperate with the government and they are under a fiducial obligation to do so

In the next to impossible scenario of Apple executives ignoring their fiducial responsibilities there are ways to get them to cooperate which leave no trace.  It can be as simple as having to get up at 3 AM to answer the door to get a pizza you did not order.  That by itself would not do it but half a dozen such 'random incidents' will let you know that you are an insect and the FBI is a flyswatter hanging over your head and you had better do what they say or you may find your mortgage payments have been paying for a house that someone else owns.

In future situations the door will be open for the FBI to plant whatever incriminating evidence on your phone they wish and it will be up to you to explain how the encrypted child porn or whatever got there.  From our men in black's point of view this is the real driving reason behind all this i-Phone nonsense.

(http://i.imgur.com/egOEsIA.png)
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Eddie on March 02, 2016, 09:26:39 AM
http://www.youtube.com/v/uDfcDn55Luw&fs=1
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on March 02, 2016, 01:28:05 PM
http://www.youtube.com/v/uDfcDn55Luw&fs=1

It is not a theory if you have experienced a 3 AM pizza delivery and another half dozen coincidences in a short period of time.  Tell me Eddie, would you be so quick to imply insanity if you had gotten the crank 'you're going to die' phone call?  The pizza delivery example I made up.  The phone call I have not.  When you get three totally unrelated credit cards cancelled to be re-issued in a single day for security reasons having nothing to do with you will you be so quick to imply insanity?  You have zero credit issues, all your bills are paid so what is the explanation.  Yeah, people get struck by lightning too.

Army units patrol the web to troll blogs and make comments so as to inhibit dissent under the banner of national security and if you find out about it you will be harassed in exactly the manner I have described.  That is not a theory, that is my personal experience.

Yet what can I say.  The country swallowed the Boston bombing incident hook line and sinker and is willing to let a somewhat innocent young man die for their sins. With this history, believing that you can go to Saudi Arabia and get a wife without being under severe scrutiny afterwards isn't so hard to believe.

Do you believe in flying pigs too?
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 02, 2016, 03:12:13 PM
http://thehackernews.com/2016/03/fbi-iphone-unlock.html (http://thehackernews.com/2016/03/fbi-iphone-unlock.html)
New York Judge Rules FBI Can't Force Apple to Unlock iPhone
March 01, 2016
Mohit Kumar
 
Apple - 1; The FBI - 0

Apple Won a major court victory against the Federal Bureau of Investigation (FBI) in an ongoing legal battle similar to San Bernardino.

In a New York case, a federal magistrate judge has ruled in favor of Apple, rejecting the U.S. government’s request to force Apple to help the FBI extract data from a locked iPhone.

[more]


But now there is proposed legislation in France to fine Apple/etc €1 million for every phone they refuse to unlock:
http://thehackernews.com/2016/03/france-apple-iPhone-unlock.html (http://thehackernews.com/2016/03/france-apple-iPhone-unlock.html)

and in Brazil:
http://thehackernews.com/2016/03/facebook-brazil-whatsapp.html (http://thehackernews.com/2016/03/facebook-brazil-whatsapp.html)
Facebook's Vice President Arrested in Brazil for Refusing to Share WhatsApp Data
March 01, 2016
Wang Wei
 
Apple is not the only technology giant battling against authorities over a court order; Facebook is also facing the same.

Brazil’s federal police arrested Facebook Latin America Vice President for failing to comply with court orders to help investigators in a drug trafficking case that involves WhatsApp, a popular messaging app owned by Facebook that has over 100 Million users in Brazil.

[more]


and don't forget that Saudi Arabia and India tried to force Blackberry to open their phones a few years ago, on pain of being excluded from the market.  Blackberry refused and exited those markets.

So far they are only targeting service providers like Apple, who make everything easy for the user by doing everything for you.  This doesn't stop you from doing it all yourself, like downloading GPG4USB, and doing the extra step of encrypting and Copy/Paste into your regular email app.  Better download (https://www.gpg4usb.org/download.html) your copy of GPG4USB now, while you can, even if you don't use it.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Eddie on March 02, 2016, 03:21:07 PM
Hey, Conspiracy Theory is one of my favorite movies. I was just going for a little humor.

I believe that there is a lot of skullduggery in the world, and most of it is being carried out by the Deep State and their various alphabet soup governmental agencies. I make it a point personally not to put myself in a position to be a target. It's pointless, imho.

That is not to say that any of us is safe from being fucked with, fucked over, or just outright eliminated, given the current milieu.

I'm not sure what I think about whether the San Bernardino attacks were "sanctioned", whether they might have been a false flag operation, or whether the perpetrators were just judged not to be a likely threat by any agencies that had prior knowledge of the shooters.

There are just too many possible motives by various players.

http://www.youtube.com/v/WABKStvx6B0&fs=1
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on March 02, 2016, 08:26:48 PM

I'm not sure what I think about whether the San Bernardino attacks were "sanctioned", whether they might have been a false flag operation, or whether the perpetrators were just judged not to be a likely threat by any agencies that had prior knowledge of the shooters.

There are just too many possible motives by various players.


The preponderance of evidence says false flag.  Yes there are a myriad of possibilities which is why I have a strong opinion but still an opinion without certitude.

The idea that a Moslem American would go to Saudi Arabia and bring back a radical bride without experiencing significant surveillance is ridiculous.  Once surveilled this particular couple would have been found to be radical and further scrutiny would have been implemented at which point their heavy consumption of Ammo would certainly have been observed.

Most everyone lives in la-la land and imagines our three letter agencies operate ethically and responsibly.  Why; I imagine it is because they want to believe in truth, justice and goodness.  But the fact is some of our three letter agencies kill people.  My opinion is based on experience. 

The San Bernardino couple had an i-Phone which means they were eavesdropped on.  It is routine to turn an i-Phone into a bug remotely for surveillance and the only way you will know you are being listened in on is if 'they' do things to let you know you are being bugged for purposes of intimidation or if you detect the battery drain.  Both of these things happened to me.  The FCC has a rule that says if you design a phone with a hardware on-off switch you won't get the phone approved for use.  On-off switches must be soft switches implemented via software so the switch can be operated remotely.  The reason is so that your phone can be turned on and you can be observed any time that homeland security wants to listen to you.

Consider for a moment the implications of I-Phones being used as bugging devices.  The implications point to false flag or such extreme incompetence as to be impossible.

When I discovered I was under actual physical surveillance because of my knowledge about blogging army units the shocking thing was not that I was actually under surveillance.  The shocking thing was to realize how long I had been under surveillance.  I had been under surveillance for several months before I had even learned about the army units because this man had been watching me for that long.

(http://chasingthesquirrel.com/pics/DavidLRiches.png)

He went by the name of David L Riches.  I suspect he was Secret Service though he may have been FBI.  We had a conversation in which he implicated himself beyond any doubt.  He is one of three 'agents' I spoke too.  Another it turned out had gone to high school with a friend of mine and that agent had told my friend that he had been hired by Homeland Security.  My friend had known him when he had been unemployed and related to me how happy he had been to tell my friend about his new job.  The third was a woman in black business suit and white shirt who was pretending to be a reporter for the Renton Reporter, a local newspaper.  All three sported the jet black business suit with a china white shirt bleached so bright it hurt your eyes.

I have been surveilled, harassed and manipulated and I don't like it.  This is not a movie, this is my life.  The only good thing about my 'Conspiracy Theory' is I'm better looking than Mel Gibson.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on March 02, 2016, 08:47:11 PM
The FCC has a rule that says if you design a phone with a hardware on-off switch you won't get the phone approved for use.  On-off switches must be soft switches implemented via software so the switch can be operated remotely.  The reason is so that it can be turned on and you can be observed any time that homeland security wants to listen to you.

Take out the battery, store it in a Faraday Cage and cover the microphone with Gorilla Tape.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on March 02, 2016, 08:57:31 PM
The FCC has a rule that says if you design a phone with a hardware on-off switch you won't get the phone approved for use.  On-off switches must be soft switches implemented via software so the switch can be operated remotely.  The reason is so that it can be turned on and you can be observed any time that homeland security wants to listen to you.

Take out the battery, store it in a Faraday Cage and cover the microphone with Gorilla Tape.

RE

Cookie tins make great Faraday cages but I no longer bother.  I'm not up to no good or I certainly would.  It is a hassle to use a Faraday cage because you can't receive phone calls when the phone is canned in a can like Prince Albert.

(https://images.duckduckgo.com/iu/?u=http%3A%2F%2Fvip.vast.org%2FVIP2012%2FFaradayCage%2FCookie_Tin.jpg&f=1)

Gorilla tape over the microphone is a good idea but don't count on it.  The microphones are pretty good.

Also:

If you react to them you are playing their game.  They want you to be so paranoid you become ineffective and resemble a crazy person.  They have been playing the game of keeping people quiet for a long time and you are a 'newbie' at it.  If they can get you to react then everyone you talk to will think you are looney-tunes because considering you crazy and emotionally unbalanced is the far far easier thing for them to do.  If you show any of the stress you have been put under, which is just about impossible not to do then you confirm that suspicion.  You will engender confirmation bias simply by breathing.  The best thing to do is ignore 'agent' harassment and get on with your life.  Forget about being a whistle-blower, you won't be believed and mostly nobody cares anyway.  It is a humiliating depressing and cruel experience.  No movie you want to be in.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 02, 2016, 11:43:04 PM
Why "take out the battery" AND anything?  Taking out the battery is enough on its own.

Living in an area without cell phone coverage would be enough too.

I'm not absolutely sure about this, but the phone shouldn't work without a SIM card - maybe if the XXX make special arrangements with a local carrier it would.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Eddie on March 03, 2016, 06:24:35 AM
Is it just smart phones that carry the risk of being listened to, or is it the same with older phones without computers? I get by fine with an old flip phone. I'll be sad when I can't get one anymore. I guess that day is coming.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on March 03, 2016, 06:37:35 AM
Is it just smart phones that carry the risk of being listened to, or is it the same with older phones without computers? I get by fine with an old flip phone. I'll be sad when I can't get one anymore. I guess that day is coming.

Older phones are even more suceptible to listening in, they have no encryption whatsoever.  They can be easily spoofed with fake cell towers and the like.  The only advantage they have is you likely do not store much information on them other than perhaps a list of contacts.  That is mostly what the FBI is after on your phone is your contacts.  Older phones have no way to encrypt your contacts information.  Unless you do the encryption Analog of course.  :icon_sunny:

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on March 03, 2016, 07:55:12 AM
At least with older phones that don't have GPS so your location is a bit more secure.  Not much because cell towers still can locate you, but enough perhaps to make it too hard for you to be easily gang stalked.

Gang stalking was developed by the Brits after the Falkland Islands war to keep veteran malcontents from bitching about their lack of veteran benefits.  I discovered in my online harassment (they went Full Monty on me) that American spooks and British spooks are two sides of the same coin.  Their friendship is so tight they might as well be having gay sex.  Consequently gang stalking was tried out on me and it freaked me out pretty well when it happened.  I did not even know at all what gang stalking was until it happened to me.  Somehow I saw a reference to gang stalking as I was surfing for info on government harassment and 'necessity' being the mother of both invention, discovery and rapid learning made the link jump right out. 

I followed the link and found out what gang stalking was and immediately understood what was happening to me.  My phone was also being used as a tracking device and already knowing my habits allowed 'agents' be be put in place to obviously watch me before I arrived at places I frequent.  This totally makes you paranoid but once my phone went into the cookie tin they were no longer able to track me with such precision and the gang stalking altogether stopped.  In my case the stalking was being done by agents of homeland security so no members of 'the community' were duped into participating.  Makes sense since the whole point was to keep my knowledge away from 'the community' in the first place.

(https://images.duckduckgo.com/iu/?u=https%3A%2F%2Felijah1757.files.wordpress.com%2F2014%2F09%2Fmodern-day-stalking-3.jpg%3Fw%3D547%26h%3D387&f=1)

From my experience if you become a targeted individual having an old flip phone would certainly be less stressful because the capability of using the phone as a weapon against you is somewhat reduced.

And for Jesus Christ’s sake, if you are somewhere and a total stranger leans over to you and says:

"I'd like to put a bullet through Obama's head!"


don't agree!

I answered by saying "I think that would be going a bit too far."
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Eddie on March 03, 2016, 08:26:47 AM
I answered by saying "I think that would be going a bit too far."

Good call.
Title: Encryption's a thing of the past in Amazon's Fire OS 5
Post by: RE on March 04, 2016, 04:47:54 AM
Looks like Amazon is trying to get out of the way here of the litigation juggernaut by removing encryption entirely.

The writing is on the wall.  Digital Encryption is being systematically eliminated.  You will need to know Diner Analog Encryption ™ to secure your data.

RE

http://www.digitaltrends.com/mobile/amazon-encryption-fire-os-news/ (http://www.digitaltrends.com/mobile/amazon-encryption-fire-os-news/)

Encryption's a thing of the past in Amazon's Fire OS 5
By Williams Pelegrin — March 4, 2016

(http://icdn5.digitaltrends.com/image/amazon-fire-hd-8-front-angle-640x0.jpg)

In the latest Fire OS 5 software update for its Kindle Fire tablets, Amazon has removed device encryption. First highlighted on Amazon’s support website, the matter has since captured the interest of many. Why? Because encryption is a hot topic thanks to Apple’s continuing battle with the FBI, making Amazon’s timing — and relative silence about the update — either an unfortunate coincidence, or a carefully timed move.

Encryption is offered by Apple on iOS, and by Google on Android software (where it’s an option on some versions), but for Fire OS 5 hardware, there isn’t an option. It’s no longer offered at all.

Related: Apple vs. the FBI: a complete timeline of the war over tech encryption

As expected, not every customer was thrilled with the update:

There are a few things to note, the first being that the update only applies to Fire tablets currently running Fire OS 5, Amazon’s own take on Android 5.0 Lollipop. In addition, if you’re coming from an older version of Fire OS and had your Fire tablet encrypted, the update essentially breaks that encryption. As such, your only options are to either not update and keep your encryption at the cost of not getting future security patches, or install the update and have the encryption broken.

This move couldn’t have come at a more inopportune time, given Apple’s very public support of encryption as it battles with the FBI. Perhaps even more strange is that Amazon, alongside other companies, filed an amicus brief voicing support for Apple. The online retailer has also stated that its line of always-listening Echo devices are strongly encrypted, which is why it’s so strange to see Amazon backtrack on encryption for its Fire tablets.

In a effort to explain, Amazon PR manager Robin Handaly told Digital Trends, “In the fall, when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using. All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”

Amazon’s statement has done little to assuage its customers’ frustrations over the update, with the company likely facing plenty of scrutiny in the coming days for such a decision.

Read more: http://www.digitaltrends.com/mobile/amazon-encryption-fire-os-news/#ixzz41wBL2878 (http://www.digitaltrends.com/mobile/amazon-encryption-fire-os-news/#ixzz41wBL2878)
Follow us: @digitaltrends on Twitter | digitaltrendsftw on Facebook
Title: Is the FBI Case against Apple Faling Apart?
Post by: RE on March 05, 2016, 09:34:29 AM
http://21stcenturywire.com/2016/03/03/battle-over-privacy-why-the-fbis-case-against-apple-is-falling-apart/ (http://21stcenturywire.com/2016/03/03/battle-over-privacy-why-the-fbis-case-against-apple-is-falling-apart/)

BATTLE OVER PRIVACY: Why the FBI’s Case Against Apple is Falling Apart
March 3, 2016 By Shawn Helton

(http://21stcenturywire.com/wp-content/uploads/2016/02/APPLE-VS-FBI-21WIRE-SLIDER.jpg)

This week a House Judiciary Committee began overseeing details of a US Federal Court case between tech company Apple and the FBI.

On February 16th, Apple CEO Tim Cook publicly rejected a court order to decrypt an iPhone said to be connected to the San Bernardino mass-shooting case from December of 2015.

The House Judiciary Committee listened to the controversial case between tech titan Apple and the FBI a day after Magistrate Judge James Orenstein of New York, struck down a federal court order pressuring Apple to help access encrypted data in a separate case involving illegal drug trafficking.

The landmark decision made by Judge Orenstein stated that the All Writs Act of 1789 (also used as the FBI’s main argument in the Apple/San Bernardino case) “does not permit a court to order companies to pull encrypted data off a customer’s phone or tablet, “ according to a recent article from The Washington Post.

The Post continued by discussing Orenstein’s lengthy argument against the FBI’s order against Apple in the drug related case:

“In a 50-page opinion disdainful of the government’s arguments, Orenstein found that the All Writs Act does not apply in instances where Congress had the opportunity but failed to create an authority for the government to get the type of help it was seeking, such as having firms ensure they have a way to obtain data from encrypted phones.”

In addition, The Post outlined some of the social engineering aspects involved in the lead up to the FBI drug case overseen by Judge Orenstein, a case which has arguably been a part of an overarching back drop concerning the larger San Bernardino case:

“The Brooklyn case began last fall when Orenstein, one of a handful of magistrates across the country who are activists in the surveillance debate, received the government’s application to issue an order to Apple.”

While Apple has previously helped the federal government with some 70 phone cases since 2008, Judge Orenstein examined several problems with the FBI’s use of the All Writs Act:

“In an Oct. 9 ruling, Orenstein identified what he thought was a problem with the government’s argument. Though prosecutors cited a 1985 decision that found that the All Writs Act is a source of authority to issue writs “not otherwise covered by statute,” he said they failed to cite another part of the decision that found that the act does not authorize the issuance of “ad hoc writs whenever compliance with statutory procedures appears inconvenient or less appropriate.”

The new ruling in the FBI drug case will likely have a heavy impact on the eventual ruling in the San Bernardino/Apple court order, as it directly questions the heart of the government’s argument to gain easier access to encrypted consumer data.

It’s also interesting to note, that it was the FBI who put themselves in this position regarding the San Bernardino phone as they reportedly ordered the password to be reset via iCloud shortly after the apparent mass shooting.

You have to wonder why the agency would have ordered a new password almost immediately following the highly dramatic scene in San Bernardino…

APPLE-VS-FBI-21WIRE-SLIDER
‘INVENTIONS OF REALITY?’ – Is this latest “privacy crisis” a manufactured drama or a legitimate battle for those in the tech industry? (Photo illustration 21WIRE)

What’s interesting here, is that ABC news reported on December 3rd, a day after the apparent shooting, “Sources say mobile phones, hard drives, virtually anything with digital memory that was associated with the alleged shooters — Syed Farook and Tashfeen Malik — was smashed.”

Adding to that, we’ve mentioned a number of times here at 21WIRE, that none of the eyewitness testimony mentioned seeing a female shooter at the scene of the Inland Regional Center in the aftermath of the San Bernardino shooting.

A Right to Privacy

In our previous article detailing the ongoing encryption saga between Apple and the FBI, we stated that there are no guarantees in the security world, especially if a digital master-key were to be created, as this would potentially make it easier for invaders (either the government, or various hackers) mining for data moving forward into the future.

In a recent Guardian article, some of those involved in the technology and security sector offered their thoughts regarding the government’s continued encroachment on individual privacy:

Dan Kaminsky, the security expert who made his name with the discovery that one of the most basic parts of the internet, the domain name system, was vulnerable to fraud – disagrees: “Feds want final authority on engineering decisions, and their interests don’t even align with fighting the vast bulk of real-world crime.”

Kaminsky further explained why Apple’s security measures already help law enforcement, “If my iPhone is stolen, my emails stay unread, my photos stay unviewed, and I don’t need to notify anyone that the secrets they entrusted me with are going to show up on the internet tomorrow.”

Continuing, The Guardian interviewed former FBI agent Michael German, currently at judicial think-tank the Brennan Center. The following is a portion of that interview:

“After 9/11, you had this concept of total information awareness. The intelligence community was very enamoured of the idea that all information was available. Much like the NSA, they wanted to see it all, collect it all, and analyse it all.”

Additionally, there are many who believe weaker encryption may pose an even bigger security risk globally.

In many ways, it appears as though federal agencies are seemingly searching for the right crisis to push public opinion in favor of the state when it comes to security.

This is at the core of the perpetual privacy and security battle post 9/11…

(http://www.brookings.edu/~/media/events/2014/10/16%20going%20dark%20technology%20privacy%20comey%20fbi/20141016_james_comey/20141016_james_comey_16x9.jpg)
‘TARGETING PRIVACY’ – FBI Director James Comey speaking at the Brookings Institution in October of 2014 about Going Dark. (Photo link brookings)

Shining a Light on the FBI ‘Going Dark’

Last September, The Washington Post published an article entitled,“Obama faces growing momentum to support widespread encryption, ” and within its contents, perhaps the true nature of the security/privacy issue was laid bare (hat tip saperetic):

“Privately, law enforcement officials have acknowledged that prospects for congressional action this year are remote. Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”

There is value, he said, in “keeping our options open for such a situation.”

Interestingly, in October of 2014, FBI Director James B. Comey, explained while speaking at the Brookings Institution he was “focused on trying to get the law changed” so that tech companies would have to comply with law enforcement to unlock data on various devices.

Continuing, he outlined the current security agenda concerning the FBI, “We have the legal authority to intercept and access communications and information pursuant to a court order, but we often lack the technical ability to do that.”

The Brookings speech from 2014, appeared in stark contrast with a recent emotionally driven op-ed Comey wrote for Lawfare entitled “We Could Not Look the Survivors in the Eye if We Did Not Follow this Lead.” Here’s a passage from that piece, that clearly displays the conflicting message of the FBI director:

“We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it. We don’t want to break anyone’s encryption or set a master key loose on the land.”

The Guardian refers to this as a “two-pronged approach” on the public’s senses – as one tone from the FBI comes across as caring and the other seems more focused on the greater, nationalistic implications of encryption.

Think good cop/bad cop hovering over you in an interrogation room and you’d be getting very warm.

This is the kind of psychological drama that has prompted some in media to think that the law enforcement agency has been exploiting the public in the wake of tragedy, in order to increase security measures.

This is absolutely something to watch.

So, what are we to make of the FBI’s claims of going dark in the digital age?

It has long since been claimed that intelligence agencies fear going dark in the age of high-tech gadgetry. This idea is vastly overblown and not rooted in reality, especially when you consider the many revelations concerning NSA spying, collection of bulk metadata and other tracking programs such as the IMSI catcher, otherwise known as Stingray (Stingray acts as cell tower locking onto all devices in a certain area) intercepts phone calls, texts, as well as your location.

The very notion that law enforcement will somehow be condemned eternally to outdated methods to catch criminals in the future – is patently absurd.

Furthermore, the concept and presentation of the FBI’s “going dark” scenario is nothing more than a talking point used to increase a police state apparatus within the United States.

Don’t Panic

On February 1st, a group of experts published report regarding the current status of law enforcement and their ability to keep up with the demands of crime solving in the world today. The lengthy report entitled “Don’t Panic” was compiled by The Berkman Center for Internet & Society at Harvard University.

Here’s a passage below examining the FBI’s catchy mantra, ‘Going Dark’:

The U.S. intelligence and law enforcement communities view this trend with varying degrees of alarm, alleging that their interception capabilities are “going dark.” As they describe it, companies are increasingly adopting technological architectures that inhibit the government’s ability to obtain access to communications, even in circumstances that satisfy the Fourth Amendment’s warrant requirements.

Encryption is the hallmark of these architectures. Government officials are concerned because, without access to communications, they fear they may not be able to prevent terrorist attacks and investigate and prosecute criminal activity. Their solution is to force companies to maintain access to user communications and data, and provide that access to law enforcement on demand, pursuant to the applicable legal process.

However, the private sector has resisted. Critics fear that architectures geared to guarantee such access would compromise the security and privacy of users around the world, while also hurting the economic viability of U.S. companies. They also dispute the degree to which the proposed solutions would truly prevent terrorists and criminals from communicating in mediums resistant to surveillance.

While the report states that encryption is a difficult issue for law enforcement, all sorts of digital data is unencrypted and therefore can be accessed via a search warrant if there is cause – not to mention the spying capabilities of a plethora of smart devices also available for review.

Below is FBI Director (former Senior Vice President at Lockheed Martin) discussing the idea that the government is Going Dark…

In an article entitled “Here’s Why the FBI Went After Apple When It Did,” Fortune magazine revealed that on February 9th, DOJ head Loretta Lynch requested “an extra $38 million to help the FBI development workarounds on data encryption, bringing the total budget of what it calls “project Going Dark” to $69 million.”

Will the FBI continue to develop “encryption workarounds” in the event that they lose their battle with Apple over the San Bernardino case?

In Summary

Regardless of how you shape the court battle between Apple and the FBI, this is about the government wanting a more direct route into personal devices moving ahead.

For Apple, this is a very important issue as a dip in consumer confidence, could be a crushing blow to the tech company’s overall brand.

It’s important to remember anomaly ridden events such as the San Bernardino shooting and the suspicious events in Garland, Texas, of last year, in addition to other inconvenient truths concerning the government’s role in manufacturing its own terror plots – which have ironically prompted calls for greater national security, while continuing to appropriate large funds to federal agencies.

You have to wonder, has the FBI’s case against Apple fallen apart?
Title: iPhone theatre
Post by: K-Dog on March 05, 2016, 08:04:59 PM
(http://davidmackguide.com/portfolio/kabuki/masks/images/kabuki-box-front-large.jpg)

If Apple wants to sell phones they will play by the rules.  There is no other option for them.  Their product is well regulated and pretending there are other options only is done because it fools a lot of people and keeps these same people well sedated.  Not cooperating with the government would cost Apple money.  That is not going to happen and if anyone were playing that game they would be summarily canned.

Would anyone have the balls to call foul if it were later revealed that Apple unlocked the phone on the first day they were asked and all this is faux legal theatre; a put-on?  I doubt it.

(http://images.funadvice.com/photo/image/old/3975/coppertonead.jpg)

Title: The FBI Case against Apple is a shiny object; a distraction. Nothing more.
Post by: K-Dog on March 05, 2016, 08:32:40 PM

It’s important to remember anomaly ridden events such as the San Bernardino shooting and the suspicious events in Garland, Texas, of last year, in addition to other inconvenient truths concerning the government’s role in manufacturing its own terror plots – which have ironically prompted calls for greater national security, while continuing to appropriate large funds to federal agencies.

And lets not forget the Boston Bombing. The bolded part of the quote above in RE's republished article which I located at Global Research (Also reprinted there from 21st Century Wire) links to this gem from SALON.

 http://www.salon.com/2011/09/29/fbi_terror/ (http://www.salon.com/2011/09/29/fbi_terror/)

Quote
The FBI has received substantial criticism over the past decade — much of it valid — but nobody can deny its record of excellence in thwarting its own Terrorist plots.  Time and again, the FBI concocts a Terrorist attack, infiltrates Muslim communities in order to find recruits, persuades them to perpetrate the attack, supplies them with the money, weapons and know-how they need to carry it out — only to heroically jump in at the last moment, arrest the would-be perpetrators whom the FBI converted, and save a grateful nation from the plot manufactured by the FBI.

What if they were a bit late in their calculation of when 'the last moment' was?  If they were then faux theatre around the unlocking of a phone makes total sense. A distraction yes, but if they do win against Apple the FBI will have taken another of our freedoms.  Something gained but nothing ventured, icing on the cake.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 05, 2016, 08:56:55 PM
Why on earth would they take it to court then, and give media interviews that shine a light on the counter-arguments?  Don't they also stand to lose a lot of new sales if it is known that their unbreakable encryption is able to be bypassed just by patching the code that calls the "wipe data" function to make it not wipe?

When we are dealing with "conspiracy theories", I am quite prepared to think the worst of USG, or the highest cap corporate entity in the world, but I also look for the least bad interpretation, and if they are way different, have to reserve judgement.  The "facts" as reported by the MSM are almost always garbled or just plain wrong, and this must taken into account as well.

It's the same with foreign policy - everyone assumes that the US is in control of absolutely everything, and can order compliance from their allies, but if you look at Saudi and Turkish non-compliance with US wishes, you can see that there is a power-struggle going on between the allies.  Why did Saudi reject the seat on the UNSC that the US lobbied so hard for? - probably because it would have shown them up to be divided on key issues, like the UN-sponsored Iranian nuclear talks.

Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on March 05, 2016, 09:04:29 PM
Why on earth would they take it to court then, and give media interviews that shine a light on the counter-arguments?  Don't they also stand to lose a lot of new sales if it is known that their unbreakable encryption is able to be bypassed just by patching the code that calls the "wipe data" function to make it not wipe?


To get people to ask 'why on earth'; to create confusion and obfuscate issues.  They would not loose anything in sales because people will believe foolishly that since they are not fundamental Moslem terrorists their data is safe and the government is not going to take them to court and reveal their dirty laundry.  The truth is that our data could already be available to the FBI and people are being made to feel secure by this court circus when in fact they are already compromised.
Title: Now Encryption will be BACK on Kindle!
Post by: RE on March 05, 2016, 09:34:56 PM
Just a few days after the revelation that Amazon was removing Encryption from their Kindles, now the newz is it will be BACK in a future Kindle Op system!  ::)

According to the article, all of this has nothing to do with the Apple-FBI case.  Right.

RE

http://www.macworld.com/article/3040865/security/encryption-will-return-to-fire-tablets-amazon-says.html (http://www.macworld.com/article/3040865/security/encryption-will-return-to-fire-tablets-amazon-says.html)

Amazon's bringing encryption back to its Fire tablets
The company says it will reintroduce device encryption in a future update to Fire OS after removing it last fall.

(http://core3.staticworld.net/images/article/2014/09/kindletablets-100441535-large.jpg)
Credit: Amazon

Nick Mediati | @dtnick
PCWorld

    Mar 5, 2016 11:17 AM

A few days ago, we all awoke to the realization that Amazon had removed device encryption features from Fire OS 5—the operating system powering its Fire tablets—when it debuted last fall. After considerable controversy, though, the company says it will reintroduce device encryption in an upcoming software update.

“We will return the option for full disk encryption with a Fire OS update coming this spring,” the company said in a statement.

The story behind the story: In Fire OS 4 and earlier, you could encrypt your Fire tablet and set it to require you to enter a PIN in order to unlock your device. Additionally, you could set your device to erase itself after 30 incorrect passcode guesses.

Although recent debate on encryption has centered on issues involving law enforcement, removing device encryption has more practical implications, too. for instance, by encrypting your tablet and setting it to automatically erase after a certain number of incorrect guesses, you can prevent a thief from gaining access to your personal information—addresses, phone numbers, calendar events, you name it.
Not related to the Apple-FBI case

Encryption has been a hot topic of discussion in the wake of Apple’s ongoing legal dispute with the FBI—a case in which the FBI wants Apple to remove several passcode encryption safeguards from a particular iPhone 5c. With that in mind, it’s important to note that Amazon’s original decision to remove device encryption had nothing to do with any legal case.

Instead, as IDG News Service’s Blair Hanley Frank noted on Friday, the company decided various “enterprise features”—including device encryption—from Fire OS 5 because they went largely unused. According to that report, the lack of encryption in Fire OS 5 only became apparent “because Amazon just allowed older tablets—the Kindle Fire HDX 8.9 and the Fire HD 6/7—to upgrade from Fire OS 4.”
Title: DOJ: Overturn iPhone Unlocking Decision
Post by: RE on March 08, 2016, 10:38:30 AM
http://www.pcmag.com/article2/0,2817,2500475,00.asp (http://www.pcmag.com/article2/0,2817,2500475,00.asp)

DOJ: Overturn iPhone Unlocking Decision

    By Stephanie Mlot
    March 8, 2016 10:30am EST
    5 Comments

The government argues the iPhone 5s in question runs an older operating system that has been cracked before.

(http://www3.pcmag.com/media/images/438951-iphone-5s.jpg?thumb=y&width=740&height=426)
iPhone 5s

The U.S. Justice Department has asked a New York federal court to overturn a recent ruling that protects Apple from having to unlock an iPhone involved in a drug case.

Last week, a Brooklyn judge rejected the government's request to compel Cupertino to crack an iPhone 5s seized in 2014 from accused drug trafficker Jun Feng, who eventually pleaded guilty to conspiracy. Despite the guilty plea, however, the government claimed access to his phone was still necessary, because it might lead to criminal accomplices.

"Ultimately, the question to be answered in this matter, and in others like it across the country, is not whether the government should be able to force Apple to help it unlock a specific device," Magistrate Judge James Orenstein said at the time. "It is instead whether the All Writs Act resolves that issue and many others like it yet to come. I conclude that it does not."

The move was welcomed by the tech titan, which is also fighting a very public battle against the FBI over its request to access an iPhone 5c used by a terrorist in the San Bernardino attack.

In the New York case, prosecutors filed a 45-page brief on Monday, arguing that Feng's iPhone 5s runs an older operating system—iOS 7—that Apple has agreed to breach in the past.

"This case in no way upends the balance between privacy and security," prosecutors wrote in the new filing, as reported by The Wall Street Journal. Judge Orenstein's ruling "goes far afield of the circumstances of this case and sets forth an unprecedented limitation on federal courts' authority," the brief said.

Apple disagrees. "Judge Orenstein ruled the FBI's request would 'thoroughly undermine fundamental principles of the Constitution' and we agree," a company spokesman said in a statement. "We share the judge's concern that misuse of the All Writs Act would start us down a slippery slope that threatens everyone's safety and privacy."
//Related Articles

    Apple, FBI Take iPhone Encryption Fight to Capitol Hill

Cupertino boss Tim Cook has referenced that same slippery slope in the tech titan's fight with the FBI, claiming that the requested iOS backdoor will inevitably end up in the wrong hands. Apple is even willing to take its fight to the Supreme Court, where it would have the support of numerous industry heavyweights.

Apple is due back in court on the San Bernardino case on March 22.

The DOJ did not immediately respond to PCMag's request for comment.
Title: U.S. Says It May Not Need Apple’s Help to Unlock iPhone
Post by: RE on March 21, 2016, 09:30:20 PM
A "3rd Party" can crack the I-phone securitybut the FBI & NSA can't?  ???  :icon_scratch:

RE


U.S. Says It May Not Need Apple’s Help to Unlock iPhone


By KATIE BENNER and MATT APUZZOMARCH 21, 2016



RIVERSIDE, Calif. — The Justice Department said on Monday that it might no longer need Apple’s assistance in opening an iPhone used by a gunman in the San Bernardino, Calif., rampage last year.

The disclosure led a judge to postpone a court hearing over the issue and temporarily sidesteps what has become a bitter clash with the world’s most valuable company.

In a new court filing, the government said an outside party had demonstrated a way for the F.B.I. to possibly unlock the phone used by the gunman, Syed Rizwan Farook. The hearing in the contentious case — Apple has loudly opposed opening the iPhone, citing privacy concerns and igniting a heated debate — was originally set for Tuesday.

While the Justice Department must test this method, if it works “it should eliminate the need for the assistance from Apple,” it said in its filing. The Justice Department added that it would file a status report by April 5 on its progress.

The change is a reprieve in the clash that has erupted over how and when the authorities should use the troves of digital data collected and stored by tech companies. The two sides have traded barbs over the issue since last month, when Apple received a court order demanding that the company weaken the security of the iPhone so law enforcement officials could gain access to the data in it.

The case has been viewed as a watershed moment in the debate over privacy and security.

Apple had opposed the court order, arguing that it would be a slippery slope that could force the company to open many iPhones, thus compromising the privacy of its customers and the strength of its product security. President Obama said this month that the law enforcement authorities must be able to legally collect information from smartphones and other devices, adding that he opposed the stance on encryption taken by tech companies like Apple.

The chief executive of Apple, Timothy D. Cook, said that the company did not expect to be at odds with the government over iPhone encryption, but that it would not back down. By REUTERS on Publish Date March 21, 2016. Photo by Marcio Jose Sanchez/Associated Press. Watch in Times Video »

Late on Monday, Judge Sheri N. Pym, the federal magistrate judge in the United States District Court for the Central District of California who was set to hold the hearing, agreed to grant the Justice Department’s motion to postpone the hearing.

The emergence of a potential third-party method to open the iPhone was a surprise, as the government said more than a dozen times in court filings that it could open the phone only with Apple’s help. The F.B.I. director, James B. Comey Jr., also reiterated that point several times during a hearing before Congress on March 1.

The new method could forestall, but is unlikely to entirely head off, a showdown between Silicon Valley and the Justice Department over encryption.

“This will only delay an inevitable fight over whether the government can force Apple to break the security of its devices,” said Alex Abdo, a lawyer with the American Civil Liberties Union, an advocacy group.

For the Justice Department, cracking the iPhone would be a mixed blessing. While it would give investigators access to data that they see as crucial to a terrorism investigation, it would cut short the encryption debate that the F.B.I. had been trying to start for years before the Apple case came along.

While contentious, the Apple case neatly crystalized that debate in a way that abstract discussions never had. The court fight, regardless of its outcome, would have increased the likelihood that Congress took up legislation to address the issue. Shelving the San Bernardino case could remove a sense of immediacy on the topic.

The case could flare anew in court if the third-party method for opening the iPhone falters. In a conference call late Monday, a federal law enforcement official, who spoke to reporters on the condition of anonymity, said the government legally had to explore all outside methods of opening up the iPhone. If the government exhausted those options, then it could turn back to the courts to compel Apple to help open the device.
Breaking Down Apple’s iPhone Fight With the U.S. Government

The technology company has been locked in a major legal battle against law enforcement officials over privacy and security.

The law enforcement official declined to name the outside party that approached investigators with a possible method for opening the phone. He said that investigators were cautiously optimistic about getting data from the phone, but that further testing is required.

The government has been using the All Writs Act, a legal statute that dates to 1789, as a key underpinning of its case.

“The issue at hand is whether the government can use the All Writs Act to force an unwilling third party, Apple, to create what it claims is a back door,” said Joseph DeMarco, a former federal prosecutor who filed a brief on behalf of law enforcement groups that supported the Justice Department in this case. “ But if it can find a willing third party to break into the phone, then the All Writs Act argument is moot.”

In a statement, Melanie Newman, a spokeswoman for the Justice Department, said the F.B.I. had continued to work on ways to gain access to the contents of the iPhone used by Mr. Farook, even as the fight between Apple and the government was unfolding.

A senior Apple executive, who spoke to reporters on the condition of anonymity late Monday, said should the government fail to unlock the phone and continue its fight with the company, Apple would want to know more about the outside party that has claimed it can break into the iPhone, in order to learn what methods could circumvent the company’s security features. The executive said that Apple had no knowledge of what capability the government might soon have and that it learned about it on Monday.

In the meantime, Apple has continued to repeat its message of privacy. At a product event on Monday at the company’s Cupertino, Calif., headquarters, Timothy D. Cook, Apple’s chief executive, emphasized a philosophy of helping to protect users’ data.

“This is an issue that impacts all of us and we will not shrink from this responsibility,” Mr. Cook said.
Correction: March 21, 2016

An earlier version of this article misstated the surname of a Justice Department spokeswoman. She is Melanie Newman, not Newsom.
Title: Five theories why the FBI postponed a major hearing in case against Apple
Post by: RE on March 22, 2016, 01:01:02 AM
Theory 6:  They've been able to decrypt this phone from the get-go, and are worried that if they keep going with this people will realize this.

RE

http://www.latimes.com/business/technology/la-fi-tn-apple-fbi-theories-20160321-snap-htmlstory.html (http://www.latimes.com/business/technology/la-fi-tn-apple-fbi-theories-20160321-snap-htmlstory.html)

Five theories why the FBI postponed a major hearing in case against Apple

(http://www.trbimg.com/img-56f0b08f/turbine/la-1458614410-snap-photo/900/900x506)
A four-digit passcode on an iPhone 5c has foiled the FBI from fully investigating the San Bernardino terrorism investigation. (Carolyn Kaster / Associated Press)
By Paresh DaveContact Reporter

    FBI Apple Inc. McAfee, Inc. Apple iPhone

A federal court on Monday signed off on the Justice Department's request to cancel a major hearing in a months-long battle with Apple Inc. over obtaining personal data from the iPhone of one of the San Bernardino shooters.

Prosecutors said the government needed time to test "a possible method for unlocking [Syed Rizwan] Farook’s iPhone" that they received from "an outside party" on Sunday. If they deem the method works -- and can ensure it won't damage the smartphone's memory -- it would no longer need Apple's help in the San Bernardino case. The FBI must provide a status update by April 5.

So what gives?

The general public and cybersecurity experts have been throwing ideas the FBI's way for several weeks, and experts said it's unlikely that someone devised a new technical workaround at the last moment. Could there be more to the 11th-hour postponement than the Justice Department is saying?

Here are some theories.
The FBI is giving the ACLU's method a try -- at last.

Daniel Kahn Gillmor, a technology fellow at the ACLU, laid out two weeks ago what's considered among the most plausible ways to unlock Farook's iPhone 5c. The phone is guarded by a four-digit passcode, but the FBI bears the risk of making the contents of the device permanently inaccessible if it incorrectly guesses the passcode too many times.

Gillmor suggested the FBI could copy a special portion of the phone's memory that counts the number of passcode entries. Constantly restoring the copy could get the agency around the limit on guesses.

The ACLU said Gillmor's method, or some variation of it, might be the one the FBI is considering. If true, it suggests that the FBI "either doesn't understand the technology well enough or wasn't telling us the full truth earlier when it said that only Apple could break into the phone," ACLU staff attorney Alex Abdo said in a statement.

"Either possibility is disconcerting," he said.
The FBI is bluffing because it needs more time -- or wants the case to die down.

Members of the Obama administration quietly have expressed reservation about the case against Apple, according to reports. Meanwhile, other federal agencies including the Department of Defense don't want to see encryption technology weakened.

Polls show Americans remain divided on the issue -- suggesting the FBI has not yet won over the general public.

Add to those concerns the last-minute cancelation and there's fodder for conspiracy theorists to wonder whether the FBI might be backing down in what has been an acrimonious battle with the world's most valuable company by market capitalization.

The NSA stepped in.

FBI Director James Comey told Congress that his investigators exhausted every possible idea they had to get help from other government agencies, including the National Security Agency. When it comes to computer hacking, experts say the NSA is years ahead of the FBI.

Fearing the court would rule against the FBI, perhaps Comey made one last plea for help to the NSA -- and came away with the goods.

There's no publicly known vulnerability to disable the core security on the iOS 9 operating system that's installed on Farook's phone, but top hackers say the NSA is one of the few organizations in the world that would have its hands on such software if it were to exist.

Apple tipped off the FBI.

Apple attorneys said Monday that they have no idea what the FBI got its hands on and didn't offer any guesses. The company also declined to say whether it has investigated the feasibility of the ACLU method or any other iPhone hacking ideas raised in recent weeks. But given Apple's desire to fix all threats to the security of its products, it makes sense the company would be among the first to know of any flaws.

If Apple found a loophole that unlocked a phone without requiring company engineers to do the government's bidding, it may have reason to share it with the FBI. Doing so could remove the pressure from the case while ensuring there is no legal precedent allowing authorities to force Apple to unravel its own security measures in future investigations.

Such a tip could come voluntarily through Apple employees or an intermediaries.

John McAfee, or someone like him, cracked the iPhone.

Coming up with a new hacking tool in such a high-profile case would be a remarkable feat for any hacker -- one that could warrant bragging rights, future job opportunities and perhaps a hefty consulting fee from the FBI.

Difficult as it may be, hackers who spend their time looking for these types of vulnerabilities have good reason to concentrate entirely on this case.

John McAfee, a pioneering entrepreneur in computer security who has a history of making bold claims, has already said he can decrypt the phone if given the chance. He didn't immediately respond to a request for comment.

The Justice Department didn't name the outside party but said it's "cautiously optimistic" about the idea.

paresh.dave@latimes.com
Title: Apple gets short-term win, but new mysterious FBI unlocking method looms
Post by: RE on March 22, 2016, 03:40:46 AM
4 digit security password?  WTF in their right mind concerned about security would use such a short password? ???  :icon_scratch:

RE

http://arstechnica.com/tech-policy/2016/03/apple-gets-short-term-win-but-new-mysterious-fbi-unlocking-method-looms/ (http://arstechnica.com/tech-policy/2016/03/apple-gets-short-term-win-but-new-mysterious-fbi-unlocking-method-looms/)

Apple gets short-term win, but new mysterious FBI unlocking method looms
Law professor: "The issue probably has been deferred, not resolved."


John Karakatsanis
Apple's encryption battle

    FBI says it might be able to break into seized iPhone, judge cancels order to aid decryption [Updated]
    Apple defends crypto fight against government during launch event
    Why are so few Android phones encrypted, and should you encrypt yours?
    Apple fires back: “Government is adept at devising new surveillance techniques”
    FBI v. Apple is a security and privacy issue. What about civil rights?

View all…

RIVERSIDE, Calif.—Less than 24 hours before a highly anticipated Tuesday court session where prosecutors and Apple lawyers would have squared off here in federal court, government attorneys suddenly got a judge to vacate that hearing and stay an unprecedented court order that would have forced Apple to aid investigators' efforts to unlock and decrypt an iPhone linked to a 2015 terrorist attack. In a court filing Monday, federal authorities cited a newly discovered "unlocking method" that it hopes won't require Apple's help.

The sudden and unexpected postponement essentially means an immediate victory for Apple—the company doesn’t have to comply with the government’s demands to create a customized version of iOS. But the new government filing also raises more questions than it answers, such as the reach of the government's decryption capabilities.

Melanie Newman, a spokeswoman for the Department of Justice, said in a statement sent to Ars that the government only learned of this new unlock technique this weekend.

"We must first test this method to ensure that it doesn’t destroy the data on the phone, but we remain cautiously optimistic," she wrote. "That is why we asked the court to give us some time to explore this option."

In a Monday evening call with reporters, Apple lawyers told Ars that they had absolutely no information on the government's claims.

Apple attorneys also said on the call that the company was engaged in a "constant battle" with those that would attempt to circumvent the company's security flaws. They added that the company hopes to better understand what the supposed vulnerability is, and if the case continues, the firm will insist in court on knowing everything possible about it.

Tuesday's hearing would have been filled with top-notch lawyers, not to mention attorneys representing friends of the court (amicus curae), including terrorism victims, cryptographers, and many others. Apple was set to enter the Riverside courtroom with a legal team lead by a former solicitor general of the United States, who represented plaintiffs in a landmark Supreme Court case that legalized gay marriage in March 2013. The government would have countered with a number of top prosecutors, including one who previously was involved in a sextortion case a few years ago.
An arms race continues

Andrew Crocker, an attorney at the Electronic Frontier Foundation, pointed out that while the public still doesn’t know what decryption capabilities the FBI and other federal agencies have, it is known that the government retains zero-days for their own purposes.

Further Reading
FBI admits it uses stingrays, zero-day exploits

The "queen of domestic surveillance" inches closer to hot-button topics.
He said he think's "it’s possible" that the DOJ would try to bring a similar case again. "But part of the reason they didn’t want to have this reason was that they couldn’t say in good faith that they had tried all the other alternatives," he told Ars.

Jennifer Granick, the director of civil liberties at the Stanford Center for Internet and Society, said that these new government decryption capabilities are not good for privacy and ever-expanding government surveillance.

"The DOJ doesn't want bad precedent, and I think Apple had the better side in this argument," she told Ars. "Being able to hack helps DOJ for a while. Apple could upgrade beyond the capability. It might also be expensive, meaning harder to do than making Apple do it."

Meanwhile, Fred Cate, a law professor at Indiana University, told Ars that while the decision to vacate is "good news," it represents a clear escalation in the security struggle.

"As a practical matter, if the FBI’s new technique works, it likely means that Apple will add more protection to its devices, which is a good thing for consumers, and the FBI will be back in court in the future asking a judge to compel Apple to help the government defeat Apple’s improved security," he told Ars. "So the issue probably has been deferred, not resolved."

The legal fracas began last month when the government obtained an unprecedented court order, citing an obscure 18th-century statute known as the All Writs Act. The case, popularly known as “FBI v. Apple,” asked the judge to decide if the government could force Apple to create a new customized version of iOS.

Prosecutors told the judge they needed this new version of iOS as a way to get into the seized iPhone 5C, which was used by Syed Rizwan Farook, one of the terrorists involved in the December 2015 attack in San Bernardino. The iOS 9 phone is encrypted with a four-digit passcode, and investigators are afraid that if they enter the wrong passcode 10 times, it will auto-delete all the data on the phone. The new customized iOS demanded from Apple would remove that lockout feature, and it would enable the government to brute force passcodes until it could get in.

The government is now required to provide a status report to the federal magistrate judge by April 5.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 22, 2016, 03:31:34 PM
All "von Neumann architecture" computers' programs are a series of computer instructions held as data bytes, just like ordinary data (numbers and strings of characters), but interpreted differently.  These data bytes, grouped in 4s (32-bit) or 8s (64-bit), are called machine codes.  There is a very low level computer language called Assembler, which corresponds directly with machine codes.  It is possible to write programs in Assembler, but it is very slow and tedious and more error-prone than writing in a high level language like C or PHP.

When an program is "built" from source code, that source code is translated from C into Assembler, which equals data bytes.  This is done by another program called a compiler. "gcc" is a common compiler today.  One Assembler instruction is PEEK(n, rx), which means get the contents of the byte at location n and put in in register x, and another is POKE(n, rx) which means put the contents of register x in data location n.  When n is a machine code, this effectively changes the program.

So all the FBI have to do is work out n for the instruction that says "if (count of failed password tries = 10) then (delete all data) otherwise (try again)", work out where the byte that contains the number "10" is, and MOV(rx, 100) POKE(n, rx) , and you can now do 100 tries instead of 10.  Or for unlimited tries, simply replace the whole lot with "GOTO try again". 

This is called patching.  I used to work on ICL 1900 computers, where the Assembler was called PLAN, and I used to program a lot in PLAN, and worked out patches all the time.  To someone who could only program in FORTRAN (C wasn't invented then), this was like magic, but it was really quite straightforward once you know the language and if you have the source code.  Without the source code, or if the program was written in a high level language, then the job becomes VERY time-consuming, but it can still be done.

Dis-assembly is the reverse of assembly, and takes a string of bytes in memory and prints it out interpreting it as Assembler instructions.  Most of the time the output will be rubbish, because the data is not instructions, but eventually you will hit on the right place and find what n is.

When I heard John McAfee on the radio a month ago claiming to be able to hack the Apple phone, he said he would do it like this, but I see from website reports that he said something else.  (Conspiracy theory forming!)

So I reckon someone has worked out what Apple's C source code must have said, and how that translates into machine code, and found where in the data store it is (the all-important n), and how to patch it to get unlimited password tries.  I would be very surprised if the FBI couldn't do that themselves, even if they had to employ some Assembler programmers especially for it.  Ed Snowden thinks so too.

Here is a simple "Hello World" program in Assembler, which is about as far as I have got with it.  A typical OS these days has over 1 billion lines of code like this.  As you can see, working with this stuff would drive you mad if you didn't have the aptitude for it.  When I retired in 1980, I had the longest experience in PLAN in the world (13 years), which perhaps explains why I am mad like I am :

Code: [Select]
BITS 64
SECTION .data
Hello: db "Hello world!",10
len_Hello: equ $-Hello
SECTION .text
global _start
_start:
mov rax,1 ; write syscall (x86_64)
mov rdi,1 ; fd = stdout
mov rsi,Hello ; *buf = Hello
mov rdx,len_Hello ; count = len_Hello
syscall
mov rax,60 ; exit syscall (x86_64)
mov rdi,0 ; status = 0 (exit normally)
syscall
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on March 22, 2016, 04:03:36 PM
All "von Neumann architecture" computers' programs are a series of computer instructions held as data bytes, just like ordinary data (numbers and strings of characters), but interpreted differently.  These data bytes, grouped in 4s (32-bit) or 8s (64-bit), are called machine codes.  There is a very low level computer language called Assembler, which corresponds directly with machine codes.  It is possible to write programs in Assembler, but it is very slow and tedious and more error-prone than writing in a high level language like C or PHP.

When an program is "built" from source code, that source code is translated from C into Assembler, which equals data bytes.  This is done by another program called a compiler. "gcc" is a common compiler today.  One Assembler instruction is PEEK(n, rx), which means get the contents of the byte at location n and put in in register x, and another is POKE(n, rx) which means put the contents of register x in data location n.  When n is a machine code, this effectively changes the program.

So all the FBI have to do is work out n for the instruction that says "if (count of failed password tries = 10) then (delete all data) otherwise (try again)", work out where the byte that contains the number "10" is, and MOV(rx, 100) POKE(n, rx) , and you can now do 100 tries instead of 10.  Or for unlimited tries, simply replace the whole lot with "GOTO try again"...

As you point out here in more detail than I could have done, the FLAW in this security system is in the machine code.  The system is dependent on stopping repeated tries to defend against a Brute Force crack. Once you find the code that stops repeated tries, a typical brute force attack will work, and damn quick with a 4 digit password!

You want a real secure encryption?  Use a password of say 2056 characters, 210.  Pick your favorite novel, pages 27 maybe, then hash that for your password.

All they need to do to make a secure system is to allow really BIG passwords.  Then even Brute Force won't work to crack it.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: jdwheeler42 on March 22, 2016, 04:28:41 PM
Here is a simple "Hello World" program in Assembler, which is about as far as I have got with it.  A typical OS these days has over 1 billion lines of code like this.  As you can see, working with this stuff would drive you mad if you didn't have the aptitude for it.  When I retired in 1980, I had the longest experience in PLAN in the world (13 years), which perhaps explains why I am mad like I am :

Now, try rewriting it in this language: https://en.wikipedia.org/wiki/Brainfuck  :evil4:
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 22, 2016, 05:18:09 PM
The Apple user can change the number of digits in the password (I don't know the upper limit), and also change from just digits to alphanumeric or all 95 ASCII symbols.  12 symbols (9512 = 5.4e+23) should be enough.

Brainfuck:
minimalist, but difficult to write and debug - that's why I prefer PHP:

Code: [Select]
<?php
print "Hello World!".PHP_EOL;
?>

A Turing machine is itself minimalist, so von Neumann architecture is used nowadays.  I did try to learn minimalist Z80 Assembler at one time, with the instruction set LOAD, ADD, AND, OR, XOR, JZ, JC, JV  which is Turing-complete (IIRC).  A few programs I wrote ran on my Amstrad 6128.  Then I got an IBM PC with Windows 3.0 and a mouse, and the world changed forever.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 23, 2016, 03:40:01 PM
But if FBI have had a contract with Celebrite since 2013, then they have already tried and failed to crack it.

https://www.rt.com/usa/336948-fbi-israel-crack-iphone/ (https://www.rt.com/usa/336948-fbi-israel-crack-iphone/)
FBI using Israeli firm to crack San Bernardino iPhone without Apple
23 Mar, 2016

Cellebrite, an Israeli mobile forensic software company, is aiding the Federal Bureau of Investigation in its quest to unlock the iPhone used by one of the San Bernardino shooters, Israeli media reported.

The FBI has been contracting with Cellebrite to break through a locked iPhone, “according to experts in the field familiar with the case,” according to Ynet, online outlet of the Israeli newspaper Yedioth Ahronot.

This would be a step in a much different direction in the FBI’s ongoing battle with Apple over the device belonging to Syed Farook, one of the perpetrators of December’s massacre in San Bernardino, California, that left 14 people dead.

Cellebrite, considered a global leader in the field of digital forensics, hasn’t officially commented on their involvement with the FBI. However, The Verge reported the company has had a sole-source contract with the Bureau since the 2013, specifically to help with data extraction – the very task at hand in the San Bernardino case. 
Title: Why few hackers are lining up to help FBI crack iPhone encryption
Post by: RE on March 23, 2016, 07:15:03 PM
http://www.latimes.com/business/technology/la-fi-tn-apple-hackers-20160323-snap-htmlstory.html (http://www.latimes.com/business/technology/la-fi-tn-apple-hackers-20160323-snap-htmlstory.html)

Why few hackers are lining up to help FBI crack iPhone encryption

(http://www.trbimg.com/img-56f316cf/turbine/la-1458771658-snap-photo/900/900x506)
A demonstrator outside of the the Apple store in New York City last month expresses support for the company's refusal to give authorities a backdoor into devices. (Bryan Thomas / Getty Images)
By Paresh DaveContact Reporter

    FBI Apple iPhone Apple Inc.

When the FBI said it couldn't unlock the iPhone at the center of the San Bernardino shooting investigation without the help of Apple, the hackers at DriveSavers Data Recovery took it as a challenge.

Almost 200 man hours and one destroyed iPhone later, the Bay Area company has yet to prove the FBI wrong. But an Israeli digital forensics firm reportedly has, and the FBI is testing the method.

Finding a solution to such a high-profile problem would be a major feat — with publicity, job offers and a big payday on the line. But, in fact, the specialists at DriveSavers are among only a few U.S. hackers trying to solve it. Wary of the stigma of working with the FBI, many established hackers, who can be paid handsomely by tech firms for identifying flaws, say assisting the investigation would violate their industry's core principles.

Some American security experts say they would never help the FBI, others waver in their willingness to do so. And not all of those who would consider helping want their involvement publicized for risk of being labeled the hacker who unhinged a backdoor to millions of iPhones.

“The FBI has done such a horrible job of managing this process that anybody in the hacking community, the security community or the general public who would openly work with them would be viewed as helping the bad guys,” said Adriel Desautels, chief executive of cybersecurity testing company Netragard. “It would very likely be a serious PR nightmare.”

Much of the security industry's frustration with the FBI stems from the agency's insistence that Apple compromise its own security. The fact that the FBI is now leaning on outside help bolsters the security industry's belief that, given enough time and funding, investigators could find a workaround — suggesting the agency's legal tactics had more to do with setting a precedent than cracking the iPhone 5c owned by gunman Syed Rizwan Farook.

Some like Mike Cobb, the director of engineering at DriveSavers in Novato, Calif., wanted to be the first to find a way in. Doing so could bring rewards, including new contracts and, if desired, free marketing.

“The bragging rights, the technical prowess, are going to be considerable and enhanced by the fact that it's a very powerful case in the press,” said Shane McGee, chief privacy officer for cybersecurity software maker FireEye Inc.

Altruism could motivate others. Helping the FBI could further an inquiry into how a husband-and-wife couple managed to gun down 14 people, wound many others and briefly get away.

Another positive, McGee said, is that legal liability is low: While unauthorized tampering with gadgets has led to prison time, it's legal as long as people meddle with iPhones they own — and the court order helps too.

But top security experts doubt the benefits are worth the risk of being seen as a black sheep within their community.

Hackers have said they don't want to touch the San Bernardino case “with a 10-foot pole because the FBI doesn't look the like good guy and frankly isn't in the right asking Apple to put a back door into their program,” Desautels said. The assisting party, if ever identified, could face backlash from privacy advocates and civil liberties activists.

“They'd be tainted,” Desautels said.

The unease in the hacker community can be seen through Nicholas Allegra, a well-known iPhone hacker who most recently worked for Citrix.

Concerned an FBI victory in its legal fight with Apple would embolden authorities to force more companies to develop software at the government's behest, Allegra had dabbled in finding a crack in iPhone 5c security. If successful, he hoped his findings would lead the FBI to drop the Apple dispute.

But he has left the project on the back burner, concerned that if he found a solution, law enforcement would use it beyond the San Bernardino case.

“I put in some work. I could have put more in,” he said. But “I wasn't sure if I even wanted to.”

Companies including Microsoft, United Airlines and Uber encourage researchers and even hackers to target them and report problems by dangling cash rewards.

HackerOne, an intermediary for many of the companies, has collectively paid $6 million to more than 2,300 people since 2013. Boutique firms and freelancers can earn a living between such bounties and occasionally selling newly discovered hacking tools to governments or malicious hackers.

But Apple doesn't have a bounty program, removing another incentive for tinkering with the iPhone 5c.

(http://www.trbimg.com/img-56f318a7/turbine/la-fi-tn-cellebrite-20160323/600).
Parole agents use a Cellebrite and a laptop to check a sex offender's mobile phone, thumb drives and laptop for pornographic material during a sweep in April 2014. (Irfan Khan / Los Angeles Times)

Still, Israeli firm Cellebrite is said to have attempted and succeeded at defeating the device's security measures.

The company, whose technology is heavily used by law enforcement agencies worldwide to extract and analyze data from phones, declined to comment. The FBI has said only that an “outside party” presented a new idea Sunday night that will take about two weeks to verify. Apple officials said they aren't aware of the details.

Going to the FBI before going to the company would violate standard practice in the hacking community. Security researchers almost always warn manufacturers about problems in their products and services before sharing details with anyone else. It provides time for a issuing a fix before a malicious party can exploit it.

“We've never disclosed something to the government ahead of the company that distributed the hardware or software,” McGee said. “There could be far-reaching consequences.”

Another drawback is that an iPhone 5c vulnerability isn't considered a hot commodity in the minds of many hackers, who seek to one-up each other by attacking newer, more widely used products. The 5c model went on sale in 2013 and lacks a fingerprint sensor. Newer iPhones are more powerful and have different security built into them. Only if the hack could be applied to contemporary iPhones would it be worth a rare $1-million bounty, experts say.

The limited scope of this case is why many hackers were taken back by a court order asking for what they consider broadly applicable software to switch off several security measures. Instead, experts wanted the FBI to invest in going after the gunman's specific phone with more creativity. In other words, attack the problem with technology, not the courts.

“If you have access to the hardware and you have the ability to dismantle the phone, the methodology doesn't seem like it would be all that complex,” Desautels said.

Two years ago, his team tried to extract data from an iPad at the request of a financial services company that wanted to test the security of the tablets before offering them to employees. Netragard's researcher failed after almost a month; he accidentally triggered a date change within the software that rendered the iPad unusable. But Desautels said cracking the iPad would have been “possible and trivial” for someone with more time and a dozen iPads to mess with.

The same, he imagines, would be true for an iPhone. The FBI, though, has said it had exhausted all known possibilities.

Taking Apple to court generated attention about the problem and “stimulated creative people around the world to see what they might be able to do,” FBI Director James Comey said in a letter to the Wall Street Journal editorial board Wednesday. Not “all technical creativity” resides within government, he said.

The plea worked, grabbing the interest of companies like DriveSavers, which gets about 2,000 gigs a month to retrieve photos, videos and notes from phones that are damaged or belong to someone who died. But despite all of the enticements in the San Bernardino case, they've worked to unlock an iPhone 5c only intermittently.

They've made progress. Cobb's team can spot the encrypted data on an iPhone 5c memory chip They're exploring how to either alter that data or copy it to another chip. Both scenarios would allow them to reset software that tracks invalid password entries. Otherwise, 10 successive misfires would render the encrypted data permanently inaccessible.

Swapping chips requires soldering, which the iPhone isn't built to undergo multiple times. They have an adapter that solves the issue, and about 300 old iPhones in their stockpile in case, as one already has, the device gets ruined.

Had they been first to devise a proposed solution, DriveSavers “absolutely” would have told the FBI because their method doesn't present extraordinary security risks, Cobb said.

But whether it would want to be publicly known as the code cracker in the case, Cobb said that would be “a much bigger, wider conversation” to ponder.
Title: Apple kabuki
Post by: K-Dog on March 24, 2016, 07:46:08 AM
More kabuki.

(https://images.duckduckgo.com/iu/?u=http%3A%2F%2Fsobre-japon.com%2Fwp-content%2Fuploads%2FKABUKI.jpg&f=1)

The encoded flash files could have already been downloaded into a supercomputer to be thrashed with passport cracking routines until they give up their secrets.  I'll assume the government has access to the right tools for the job of opening the I-phone and 'bonding out' the appropriate flash chips.  I don't think that assumption is much of a stretch but if they have any trouble they can ask the Israelis for help.

Secrets the F.B.I. already knows but like a daddy playing Santa Claus on Christmas this show is for your amusement.  The show must go on.

(http://hackedgadgets.com/wp-content/uploads/2013/11/Gold-Wire-Bonding_3.jpg)

The amusing thing, knowing nothing about how electronics are assembled (I most certainly do, it is my profession) the guys in the black robes issuing the legal rulings take themselves seriously, not understanding in their August courtrooms that they are servants and patsies of empire.

Do you really think the knowledge to read out the data is proprietary to Apple?  Apple did not make the I-phone.  The I-phone was made in China by subcontractors (Foxconn) using standard components.  The design is far from secure. 

A thinking person should realize that this theatre is a dot of data that suggests false flag.  Theatre would not be part of any real investigation.  This theatre is an insult to any authentic search for justice.
Title: Re: Apple kabuki
Post by: jdwheeler42 on March 24, 2016, 11:25:47 AM
The encoded flash files could have already been downloaded into a supercomputer to be thrashed with passport cracking routines until they give up their secrets.  I'll assume the government has access to the right tools for the job of opening the I-phone and 'bonding out' the appropriate flash chips.  I don't think that assumption is much of a stretch but if they have any trouble they can ask the Israelis for help.

Secrets the F.B.I. already knows but like a daddy playing Santa Claus on Christmas this show is for your amusement.  The show must go on.

The amusing thing, knowing nothing about how electronics are assembled (I most certainly do, it is my profession) the guys in the black robes issuing the legal rulings take themselves seriously, not understanding in their August courtrooms that they are servants and patsies of empire.

Do you really think the knowledge to read out the data is proprietary to Apple?  Apple did not make the I-phone.  The I-phone was made in China by subcontractors (Foxconn) using standard components.  The design is far from secure. 

A thinking person should realize that this theatre is a dot of data that suggests false flag.  Theatre would not be part of any real investigation.  This theatre is an insult to any authentic search for justice.
Someone, I think it might have been on the Market Ticker, explained what is really going on.  This isn't kabuki, this is legal drama.  It never was about getting the information off the phone.  It is about getting the information off the phone in a manner that preserves it beyond reasonable doubt.  The FBI wants a method that they can use in court as evidence.  Many hacker schemes fail that legal criterion.
Title: Re: Apple kabuki
Post by: K-Dog on March 24, 2016, 01:19:08 PM
The encoded flash files could have already been downloaded into a supercomputer to be thrashed with passport cracking routines until they give up their secrets.  I'll assume the government has access to the right tools for the job of opening the I-phone and 'bonding out' the appropriate flash chips.  I don't think that assumption is much of a stretch but if they have any trouble they can ask the Israelis for help.

Secrets the F.B.I. already knows but like a daddy playing Santa Claus on Christmas this show is for your amusement.  The show must go on.

The amusing thing, knowing nothing about how electronics are assembled (I most certainly do, it is my profession) the guys in the black robes issuing the legal rulings take themselves seriously, not understanding in their August courtrooms that they are servants and patsies of empire.

Do you really think the knowledge to read out the data is proprietary to Apple?  Apple did not make the I-phone.  The I-phone was made in China by subcontractors (Foxconn) using standard components.  The design is far from secure. 

A thinking person should realize that this theatre is a dot of data that suggests false flag.  Theatre would not be part of any real investigation.  This theatre is an insult to any authentic search for justice.
Someone, I think it might have been on the Market Ticker, explained what is really going on.  This isn't kabuki, this is legal drama.  It never was about getting the information off the phone.  It is about getting the information off the phone in a manner that preserves it beyond reasonable doubt.  The FBI wants a method that they can use in court as evidence.  Many hacker schemes fail that legal criterion.

Explain to me then what they need evidence for.  I agree this is legal drama and they would like the legal precedent set but that also means they already have the contents of the phone.  With the actors/perpetrators/pawns and patsys dead there is no need for evidence because there is nobody to bring to court.  No way to even get to court without someone to try and while they play kabuki the 'valuable evidence' sits in a sealed evidence bag.  If the investigation is important at all that means the info has already been downloaded. 

If they have the contents they will have no trouble getting a court to sign off on any warrants leads on the phone produce.  That assumes of course that they even bother with warrants before they put someone else under a microscope.  I can attest from personal experience that they do not bother.

Your troll on Market Ticker was spinning a legal fiction and has had little experience with law.  At the least they are merely ignorant about what it means for an FBI agent to testify under oath.  At the most they are a player in the chess game in which only one side knows a game is being played.

Title: Re: Apple kabuki
Post by: Surly1 on March 25, 2016, 03:17:16 AM
The encoded flash files could have already been downloaded into a supercomputer to be thrashed with passport cracking routines until they give up their secrets.  I'll assume the government has access to the right tools for the job of opening the I-phone and 'bonding out' the appropriate flash chips.  I don't think that assumption is much of a stretch but if they have any trouble they can ask the Israelis for help.

Secrets the F.B.I. already knows but like a daddy playing Santa Claus on Christmas this show is for your amusement.  The show must go on.

The amusing thing, knowing nothing about how electronics are assembled (I most certainly do, it is my profession) the guys in the black robes issuing the legal rulings take themselves seriously, not understanding in their August courtrooms that they are servants and patsies of empire.

Do you really think the knowledge to read out the data is proprietary to Apple?  Apple did not make the I-phone.  The I-phone was made in China by subcontractors (Foxconn) using standard components.  The design is far from secure. 

A thinking person should realize that this theatre is a dot of data that suggests false flag.  Theatre would not be part of any real investigation.  This theatre is an insult to any authentic search for justice.
Someone, I think it might have been on the Market Ticker, explained what is really going on.  This isn't kabuki, this is legal drama.  It never was about getting the information off the phone.  It is about getting the information off the phone in a manner that preserves it beyond reasonable doubt.  The FBI wants a method that they can use in court as evidence.  Many hacker schemes fail that legal criterion.

I thought tht part of the agenda was encryption: bad, law enforcement: good. To generate support for corpstate's assault on encryption products, because anyting that transacts beyond th reach of the panopticon is terrorism by definition.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on March 25, 2016, 08:32:49 AM
Quote
Anything that transacts beyond the reach of the panopticon is terrorism by definition.

Yes, everyone involved in AI wants a piece of the action and encryption is a thorn in the side of liquid surveillance.  Not enough goodies to go around means some get none and the way to decide who gets what and maximize docility is to develop computational algorithms which surveil without human interaction via big data.  Encryption stops big data and must be eliminated from the social organism.  Motivation and choice are ignored as big data extracts network connections and the terrorist becomes defined merely as data point outliers who don't fit in.  Unforeseen by Orwell or Huxley in their dystopian future visions is that the watchers and the watched would not define separate social classes but that social inequity would become institutionalized by computers which by the use of AI algorithms would manage social structure guaranteeing that those who have keep what they have and that the impoverished remain impoverished.

The singularity will never be but the "Will of Landru" shall emerge. 

(https://images.duckduckgo.com/iu/?u=http%3A%2F%2F4.bp.blogspot.com%2F-0c7oLc-aUB4%2FUZFZJT6XXiI%2FAAAAAAAAeBE%2FveM1MfFDQFY%2Fs1600%2Farchons6.png&f=1)

This new vision of our emerging dystopian future was first articulated in "The Return of the Archons" Star Trek. episode #21 which aired February 9, 1967.

Those hired by the Department of Homeland Security and the Army to monitor the internet will find what they believed to be secure employment is employment which will now be replaced by autonomous cyber systems as they rejoin the ranks of the watched and are replaced by machines.

The chewy center of the panopticon becomes inhabited by silicon brains devoid of humanity.

******

While this may seem farfetched it is less farfetched than the notion that the FBI actually need the contents of that phone.
Title: More 'Will of Landru'.
Post by: K-Dog on March 25, 2016, 08:53:08 AM
I just heard that mass media currently is complaining that hospital privacy laws in Belgium are preventing them access to information they need to spin a wider web of fear.  Mass media wants to sensationalize the injuries of the Belgium attack victims but bad 'privacy laws' are being made part of the story as it prevents mass media exploitation of victim injuries.

Encription is privacy and privacy must be eliminated so big data can triumph and control.  Big data is the soup du jour and mass media factotums have gotten the memo.  Privacy shall belong to the elite only.  That hospital patients should have privacy is not to be allowed in the panopticon.  Their social standing is too low.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 28, 2016, 05:01:35 PM
It's over.  It certainly was a melodrama, but there is still no proof that Apple was part of it - in fact they clearly lost out of it, and would never have taken part in the melodrama if they had known its outcome.  Now they have to work out a way of migrating the old OS to the newer one, which already has better encryption, or else offer everyone a cheap upgrade to a new phone and OS.  And OS 7 will no doubt be even better, and OS 8 ...  "Get the latest new thing, which is so much better than the old latest new thing."

http://www.zerohedge.com/news/2016-03-28/us-drops-case-against-apple-after-fbi-successfully-hacks-terrorists-iphone (http://www.zerohedge.com/news/2016-03-28/us-drops-case-against-apple-after-fbi-successfully-hacks-terrorists-iphone)
US Drops Case Against Apple After FBI Successfully Hacks Terrorist's iPhone
Tyler Durden
03/28/2016

Dear Tim Cook, the DoJ and FBI will no longer require your assistance in unlocking the iPhone of Syed Farook who, along with his wife Tashfeen Malik, murdered more than a dozen people at an employee holiday party in San Bernardino last December.

    U.S. DROPS APPLE CASE AFTER SUCCESSFULLY ACCESSING IPHONE DATA

As we outlined last week, Israel's Cellebrite, a provider of mobile forensic software, was set to assist the Feds in their attempt to unlock the iPhone. “The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple,” the Justice Department said in a filing (embedded below). Here's the mainstream media line from The New York Times:

    Yet law enforcement’s ability to unlock an iPhone through an alternative method raises new uncertainties, including questions about the strength of Apple’s security on its devices. The development also creates potential for new conflicts between the government and Apple. Lawyers for Apple have previously said that the company would want to know the method used to crack open the device. The government may make that method classified.

    “From a legal standpoint, what happened in the San Bernardino case doesn’t mean the fight is over,” said Esha Bhandari, a staff attorney at the American Civil Liberties Union. She noted that the government generally goes through a process whereby it decides whether to disclose information about certain vulnerabilities so that manufacturers can patch them.

    “I would hope they would give that information to Apple so that it can patch any weaknesses,” she said, “but if the government classifies the tool, that suggests it may not.”

Right. Or this could all be nonsense. That is, Apple may have just made America an unwitting participant in an iPublicity stunt, as it were. As we suggested just five days ago, "the entire Apple 'stand' for privacy and consumer rights might be one big theatrical spectacle as both parties involved clearly were aware the iPhone can be penetrated with the right tools." Here's AP:

    The FBI says it successfully used a mysterious technique without Apple's help to break into an iPhone linked to the gunman in a California mass shooting.

    The surprise development effectively ends a pitched court battle between Apple and the Obama administration.

    The government told a federal court Monday without any details that it accessed data on gunman Syed Farook's iPhone and no longer requires Apple's assistance. Farook and his wife died in a gun battle with police after killing 14 people in San Bernardino, California, in December.

    Apple did not immediately comment on the development.

    A U.S. magistrate last month ordered Apple to provide the FBI with software to help it hack into Farook's work-issued iPhone. The order touched off a debate pitting digital privacy rights against national security concerns.

So just like that, it's all over. No hard feelings. And all of this on the heels of what is almost sure to go down as one of the biggest product launch flops in company history. The timing of it all certainly leaves us with more questions than answers.

306201341 DOJ Requests SB iPhone Order Vacated
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Eddie on March 28, 2016, 05:22:23 PM
I''d bet they didn't get jack shit off that phone, as far as useful info for "fighting terrorists".

All that hacking to get his iTunes playlist and few phone numbers that have already been disconnected.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on March 28, 2016, 05:35:02 PM
Another possibility here is that the FBI is just BLUFFING that they hacked the phone.  Are they revealing any significant data they got off the phone?  Nope.  Have they made any arrests based on data hacked from said phone?  Nope.

Pure Theater, designed to soften up the public for less privacy based on the ever-present "terrorist threat" and gobs of child pornography stored on smart phones.

Far as the terrorists go, if they are on a suicide bombing mission, WTF would you leave a working phone behind when you push the button?  Have a little slot in your bomb vest to drop the phone into when you blow yourself up, and blow it to smithereens!  Good luck to the FBI reassembling the melted chips.

RE
Title: Ultimate Smart Phone Security
Post by: RE on March 28, 2016, 06:13:51 PM
Just put a Self Destruct Button on the device that wipes all the fucking data!


Even if you don't wanna kill yourself, when cornered by the Gestapo you hit the self-destruct button!

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on March 28, 2016, 07:56:17 PM
I used to test flash memory for an MP3 player prototype.  Removing the flash chips from a phone and reading them out so password cracking software can have at the flash contents is no big deal with the right tools.  The chips I tested were the same kind of chips used in I-phones. 

You can bet your last dollar this was not the first time the FBI wanted to read flash memory contents.  This being true they already had procedures in place for what to do so they did not need any outside help to begin with.  This whole brouhaha was a total distraction to keep our eyes off whatever balls they really have in play.

If I could have done it, and I certainly could have, then there was no reason to bring Cellebrite or anyone else in.  Once the files are in a supercomputer it is only a matter of time before passwords are found.

Which MP3 Player was it you may wonder.  This was the one:

(https://images.duckduckgo.com/iu/?u=http%3A%2F%2Fwww.techny.com%2Fwp-content%2Fuploads%2F2011%2F03%2Fzune-4G.jpg&f=1)

So the question is, why the theatre?  Having to 'unlock' the phone was just plain stupid but if one does not have a BSEE degree, which I do, how would you know that.  You wouldn't.

One way it might be done is to dissolve the flash chip black epoxy package in solvent.  The bare silicon chips could then be re-bonded with a wire bonder.  I have used wire bonding equipment myself and it is very easy to use.  Line up the cross-hairs and press a button.  That is about all there is too it and I used to remove old wire bonds with a wooden skewer.  The same kind of skewer used for meat kebabs which are sold in grocery stores everywhere.  A gentle push sideways under a microscope is all it takes and it is amazing how delicate and precise your hands can be when working under a microscope.  The pointed tip makes the perfect tool.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 28, 2016, 10:11:03 PM
Nobody was claiming that they couldn't read flash memory, or the TPM chip either.  They had to read both, obviously.  Then they had to "un-hash" the password from the memory and the phone's ID from the TPM, combine them somehow, and use that as the key to decrypt the filestore (encrypted in AES-256).  Since un-hash is difficult, if not impossible, especially when the result is just a random string of bits, and there are two un-hashes to be done, they could have worked out how long a time it would take (on average) to crack it, and how much it would cost in terms of computer resources.

Quote
"Once the files are in a supercomputer it is only a matter of time before passwords are found." 

Yes, but it might be millions of years away. 

AES gives 2256 level of protection, so why would the Apple key-generating algorithm have less protection than that? - it might have, but then that would make it the thing to target, not the AES encryption.

Then they would have compared that solution with: the public embarrassment of having to go to Apple and admit they couldn't decrypt it themselves, and asking for help, which they knew would be denied, then going to court and getting a ruling against Apple, or not, but with the future pay-off that they could then use the method to crack any iPhone 5c - maybe 100 million phones in the whole world.

And it was Farook's work phone, which he didn't destroy, not his terrorist phone, which he did destroy, so it probably didn't have anything of interest in it anyway.  And they had the iCloud backup from six months ago, which showed nothing.

OK, so considering all that, they had a difficult decision to make, and chose to go the court route AND Cellebrite, and keeping open the option of simply declaring that they had cracked it and got something useful from it, without ever saying what.

And we will NEVER know the truth, but that won't stop anybody from pontificating on the issue.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on March 29, 2016, 09:05:54 AM
Palloy, I was talking to someone last week about password cracking algorithms.  There are some programs which do a very good job and produce excellent results.  The trick is not to have to try every possibility but to make intelligent guesses.  Combine an advanced password cracking algorithm with a supercomputer which has a few thousand threads of execution running on multiple cores and your millions of years might only be twenty minutes.

Guessing 'Praise Allah' in Arabic is not that hard to do.  I guessed 'Praise Allah' right here right now and all I have to do now is translate it.

But these technical details detract from the original point.  The FBI did not need Apple to unlock the phone.  The whole point of unlocking allegedly was so they could try multiple passwords on the phone.  Using an unlocked phone and hand entry it could indeed take millions of years to find a password.  A locked phone only allowed three attempts but unlocking it really could not have helped much.

By pointing out the AES gives 2 to the 256th power of unique combinations you actually have made the point that the whole Apple FBI drama was theatre because unlocking the phone was giving the FBI nothing the FBI did not already have.  Also Apple does not have any special ability to unhash a hash that the FBI does not already have and hashes are not unhashed anyway.  Candidate passwords are hashed and then compared to a known hash.  Hashing generally goes in only one direction.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 29, 2016, 08:21:53 PM
Guessing passwords would only work against unsophisticated users (which is most people, but not Al Qaeda operatives), so yes it COULD only take 20 minutes, but with a decent password it could easily take 10 years on a machine costing $10,000 / day to run.  Maybe they can afford the $36,500,000 , but 10 years is an impractical wait-time.

By writing "un-hash" (in quotes) I was taking a short-cut for our non-technical readers - hash is indeed a one way function.  Hashes can be worked out in advance to save time (rainbow tables), but then again it is easy to change a hashing algorithm and the number of times the hash is repeated on itself, and the seeding algorithm, so Apple can make it as complicated as they like, until the algorithm has more than 2256 solutions, at which point it is stronger than AES-256 and not the most vulnerable point.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on March 31, 2016, 02:52:41 PM
Google can remotely reset the password on Android phones.   :o
"We carefully scrutinize subpoenas and court orders to make sure they meet both the letter and spirit of the law," a Google spokesman said in a statement.
Oh well, that's all right then - carry on!   :o :o

There's not enough information here to fully understand the implications of this, but it means that if you switch on your Android phone and it is already unlocked, you should destroy it.  Definitely do NOT take it home and sync it over your wifi/bluetooth/USB(OTG) link to your PC.

http://thehackernews.com/2016/03/unlock-google-android.html (http://thehackernews.com/2016/03/unlock-google-android.html)
Google has also been Ordered to Unlock 9 Android Phones
March 30, 2016
Swati Khandelwal

The legal battle between Apple and the FBI (Federal Bureau of Investigation) over a locked iPhone that belonged to one of the San Bernardino shooters may be over, but the Department of Justice (DoJ) are back in front of a judge with a similar request.

The American Civil Liberties Union (ACLU) has discovered publicly available court documents that revealed the government has asked Google’s assistance to help the Feds hack into at least nine locked Android smartphones citing the All Writs Act.

Yes, Apple is not the only company facing government requests over privacy and security — Google is also in the list.

The Google court documents released by the ACLU show that many federal agencies have been using the All Writs Act – the same ancient law the DoJ was invoking in the San Bernardino case to compel Apple to help the FBI in the terrorist investigation.

Additionally, the ACLU also released 54 court cases in which the federal authorities asked Apple for assistance to help them access information from a locked iPhone. However, this is the first time it has confirmed that Google has also received such requests.

All the cases appear to be closed, and the company is believed to have complied with all of the court orders. As in the majority of cases, Google was required to reset the passwords or bypass the lock screens of Samsung, HTC phones, Kyocera and Alcatel, among a number of other unidentified Android devices.

Unlike Apple, Google Can Reset Android Devices Remotely

In 2015, the New York District Attorney revealed that Google can remotely reset Android device password, in case a court demands access to it.

In other words, unlike Apple, Google has technical abilities to reset device passcode for about 74% of Android users (~Billions) running all versions older than Android 5.0 Lollipop that does not have full disk encryption.

Google had been ordered for technical assistance by many federal agencies over several cases including:

    The Department of Homeland Security (DHS) in an investigation of an alleged child pornographer in California.
    The FBI in the investigation of an alleged cocaine dealer, who go by the name “Grumpy,” in New Mexico.
    The Bureau of Land Management in the investigation of an alleged marijuana grow operation in Oregon
    The Secret Service in an unknown court case in North Carolina.

However, Google said none of the cases required the company to write new backdoored software for the federal government.

    "We carefully scrutinize subpoenas and court orders to make sure they meet both the letter and spirit of the law," a Google spokesman said in a statement. "However, we have never received an All Writs Act order like the one Apple recently fought that demands we build new tools that actively compromise our products’ security….We would strongly object to such an order."

No doubt, 1789 All Writs Act is being misused as a tool against encryption, which was never intended to allow the government to dictate software design.
Title: WSJ goes the Full Bernays in Apple-FBI Encryption Case
Post by: RE on April 04, 2016, 03:02:18 AM
OMFG.  Can you write more blatant propaganda than this?  The FBI Hacking your phone is a GOOD thing!  ::)

The WSJ has reached a new low.

RE

http://www.wsj.com/articles/why-the-fbi-breach-of-the-iphone-is-a-win-for-users-1459742402 (http://www.wsj.com/articles/why-the-fbi-breach-of-the-iphone-is-a-win-for-users-1459742402)

Why the FBI Breach of the iPhone Is a Win for Users
Experts say ‘lawful hacking’ helps make software more secure

(https://si.wsj.net/public/resources/images/BN-NJ403_KEYWOR_M_20160403153823.jpg)
Advocates say lawful hacking is an alternative to, and preferable to, creating a new ‘backdoor’ into the system. Above, protesters outside court in March. Photo: Frederic J. Brown/Agence France-Presse/Getty Images

By Christopher Mims
April 4, 2016 12:00 a.m. ET

There was only one way for the court battle between the Federal Bureau of Investigation and Apple Inc. over access to the data on a killer’s phone could end well for everyday Americans. Luckily, the FBI achieved it.

With the help of outside hackers, whose identity remains a mystery, the FBI successfully circumvented Apple’s much-touted security. In the process, the agency did exactly what defenders of encryption and digital privacy have advocated for some time. It is called “lawful hacking,” which is another way to describe law enforcement exploiting weaknesses in a security process.

Advocates say lawful hacking is an alternative to, and preferable to, creating a new “backdoor” into the system. An author of a recent paper on the subject, Columbia University professor and cybersecurity expert Steven Bellovin, says “I don’t have any problem with what the FBI did. The whole premise of lawful hacking is there are vulnerabilities.”

Here is why that is a good thing: It makes software more secure. Bugs are often discovered by “white hat” hackers who share them with the software’s creator so they can be patched, typically before the flaw is even disclosed. This isn’t a purely benevolent system; it works because these hackers, or their employers at universities or cybersecurity companies, want the money from bug “bounties,” or the publicity that comes with finding an exploit, and because everyone, including hackers, is vulnerable to undisclosed exploits.

This dynamic is so well-established that it played out quietly in the background as the FBI-Apple dispute raged. Researchers at Johns Hopkins University last month revealed a flaw in Apple’s iMessage texting program that could have allowed law-enforcement agents or hackers to decrypt photos or videos attached to messages as they moved over the Internet. The researchers disclosed the bug to Apple, which devised a patch.

We also saw the process at work in 2014 with a bug called Heartbleed, which jeopardized the encryption scheme used on much of the Internet. The flaw was first reported by a researcher at Google; a fix was quickly devised and deployed by those responsible for the open-source code in which it was found.

In that case, the White House made an unprecedented disclosure about how the federal government decides whether or not to share a vulnerability with the companies responsible for fixing them. The National Security Agency, for example, has said it discloses 91% of the vulnerabilities it discovers, but probably only after it has used them for its own purposes. Officials said they decide whether to disclose a flaw by weighing factors including whether the vulnerability poses a threat to national security, the likelihood that someone else has found it, the value of the intelligence that could be gathered if it is used, and whether it can be patched.

Given the publicity around the iPhone dispute, Shane McGee, chief privacy officer of cybersecurity firm FireEye Inc., says it is now open season on Apple’s iOS operating system among hackers, who are often driven by ego as much as lucre.

There is a big caveat in the Apple case, however. For now, at least, the FBI won’t disclose the bug to Apple, which means Apple can’t fix it. That is bad for Apple’s privacy-focused brand and could be bad for users, since others who learn of the flaw could exploit it for nefarious purposes. We don’t know how likely that is, because we don’t know how the FBI gained access to the phone; its method could require physical access to a device, plus a lot of time and money, making other exploits less likely.

The FBI and Apple declined to comment.

Whatever happens with this bug, and this phone, the struggle between breaking into software and securing software will only intensify. As FireEye’s Mr. McGee points out, Apple is already working to make the next version of iOS even more impenetrable by the government and Apple itself.

The possibility that Apple could create a device that it would be unable to breach even if ordered by a court must keep those in law enforcement awake at night. And yet we seem headed to a world in which even the most draconian edict couldn’t force Apple to unravel the laws of mathematics at the heart of its own encryption.

In a world of ever-multiplying threats—including multimillion-dollar bank heists carried out from a keyboard—increased security is an unqualified win for all Apple users.

It won’t necessarily come easily, however. Absent action from Congress—which lawmakers have said is unlikely in a polarizing election year—the battle between Apple and the FBI seems destined to continue ad infinitum. Which, paradoxically, is evidence that the system is working.

It may be in the nature of this dispute that it can never end. And that may be the only satisfactory “resolution” we can hope for.

Write to Christopher Mims at christopher.mims@wsj.com
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: g on April 04, 2016, 03:11:05 AM
Quote
OMFG.  Can you write more blatant propaganda than this?  The FBI Hacking your phone is a GOOD thing!  ::)

The WSJ has reached a new low.

RE

That's that lump of shit Murdoch you can thank for that.

He destroyed Baron's as well, my favorite financial weekly. It's only good as an ass wiper now.  :-[
Title: Re: WSJ goes the Full Bernays in Apple-FBI Encryption Case
Post by: RE on April 04, 2016, 04:31:57 AM
Murdoch is Mordor in the Newz Biz for sure, but even if he doesn't own the rag, all the rest of the MSM is just the same.  It's all total PROPAGANDA.

(http://mediad.publicbroadcasting.net/p/kalw/files/201505/Propaganda-feature-image.jpg)

RE
Title: A minor Bernays fuckification. Pavlov's dog style.
Post by: K-Dog on April 04, 2016, 07:53:36 AM
Quote
-- the battle between Apple and the FBI seems destined to continue ad infinitum. Which, paradoxically, is evidence that the system is working.   Christopher Mims

Evidence the system is working all right but what system?  The system of spooks who feel the need to watch everything I do and harass me is working yes. Is the system that is suppose to keep us 'safe' working?  Obviously not since they spend altogether too much time fucking with me.

(http://chasingthesquirrel.com/pics/fuckification.png)

What you are looking at is evidence of a minor fuckification by the deep state intended to make me paranoid and ineffective; hopefully something to make me go off like a crazy man and make myself look like a fool.  'They'  have put a man in the middle between my computer and the internet to watch and control my web surfing experience.  What 'they' do if you are a problem child such as moi, as they did in this case, is hijack the results of your web searches and put anything they want on the results page.  This is not the first time I have experienced this.  Specifically what you are looking at is the result of an alleged duckduckgo search.

The 'awsome superdidooper high tec stuff kinda person' is ME.  Which is established because my duckduckgo (the search engine that does not share your identity) search goes on to say kdog does not believe this is a word.

This is true my search for shiznatical was to see if the word was real or not.  As 'they' obviously saw me doing this 'they' responded.

If you had any doubts the terror state is quite real!

Title: Re: A minor Bernays fuckification. Pavlov's dog style.
Post by: g on April 04, 2016, 08:48:13 AM
Quote
-- the battle between Apple and the FBI seems destined to continue ad infinitum. Which, paradoxically, is evidence that the system is working.   Christopher Mims

Evidence the system is working all right but what system?  The system of spooks who feel the need to watch everything I do and harass me is working yes. Is the system that is suppose to keep us 'safe' working?  Obviously not since they spend altogether too much time fucking with me.

(http://chasingthesquirrel.com/pics/fuckification.png)

What you are looking at is evidence of a minor fuckification by the deep state intended to make me paranoid and ineffective; hopefully something to make me go off like a crazy man and make myself look like a fool.  'They'  have put a man in the middle between my computer and the internet to watch and control my web surfing experience.  What 'they' do if you are a problem child such as moi, as they did in this case, is hijack the results of your web searches and put anything they want on the results page.  This is not the first time I have experienced this.  Specifically what you are looking at is the result of an alleged duckduckgo search.

The 'awsome superdidooper high tec stuff kinda person' is ME.  Which is established because my duckduckgo (the search engine that does not share your identity) search goes on to say kdog does not believe this is a word.

This is true my search for shiznatical was to see if the word was real or not.  As 'they' obviously saw me doing this 'they' responded.

If you had any doubts the terror state is quite real!




This is what I get with shiznatical


Scroll down




     
       
         
       
     
     
       
         
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
                                                                                                                                                                                                                           Top Definition
kdog
one who is the shiznatical.. and yes shiznatical is a word
don't go to infinity and beyond.. try bed bath and beyond ;)
by snoop leigh January 23, 2004
15
23
Buy the mug
Random Word
20 Words related to Kdog

    khalia a blackedout bronin cougar drunk grammar geek harry khaliakinz kk krishna kristin krysha kutie life's life's a party only-child-itis shitfaced shronin waldo

2
K-dog
An asshole, mainly of the canine variety. Often seen committing random acts of fuckery. Acts hood, but is really a pussy. Scared of vacuums, Swiffers, and other small household appliances.
That asshole K-dog ate the crunchy bits off of my Chic-Fil-A biscuit! What an asshole!
by e92 August 10, 2014
7
16
Buy the mug
3
Kdog
Originates from the name " Kira" which in turn translates to "princess wonderful". Any kdog you meet will literally bring dah boys out. But their is only one kdog cause Shes one of a kind. She also doesn't Fuck around with ratchet bitch ass gyuri people. Any people that question her, she'll dance on peoples heads with her pair of red heels. She is thirsty for Niels D.......lightful personality ;D ~~~~ No but seriously she will cut your hair off and wear it for Mardi gras 2014.
Kdog: GYURI GET YOU NASTY ASS CAMEL TOE OUTTA THE KITCHEN !!
Bystanders: Whoa !! THT gyuri Bitch just got kdogged 0:

Gyuri: OMG wow Im a goddess !!
Kdog: Fuck off mole. Go die in a hole !!
by johyun April 16, 2013
8
17
Buy the mug
4
k dog
an asshole that has sex with sluts while dating you
dude, k slept with a while he was dating her! he pulled a total k dog!
by @nonym0u$ February 14, 2008
14
25
Buy the mug
5
k-dog
A mine sniffing dolphin who works for the Navy. A dolphin with a stupid camera on it's fin who looks for mines.
That K-dog can sure find mines!
by Keith (I'm no friggin dolphin!) Dowling April 08, 2003
43
54
Buy the mug
Ten Words Trending Now

    truffle butter
    fuck boy
    thot
    netflix and chill
    dabbing
    dab
    tubgirl
    sapiosexual
    dabbin'
    alabama hot pocket

Alphabetical List

    Kdog
    kdoggin
    k-dogging
    K-dogg special
    k doke
    k doks
    K.D.O.L.
    kdolf
    K-Don
    K-DOOKy
    k dord
    kdorkas
    K Dot
    k dot kid
    kdough
    K'd out the frame
    kdown
    KDP
    kdphi
    kdpt
    kdquality
    K/D Quit
    KDR
    KDrama
    Kdrama addict
    k-drama fever
    k/d ratio
    KD Ratio
    KDR Dick Rider
    KDS
    kdslash
    KD Smothering
    k-dst
    KDT
    KDU
    K-dub
    K-Dub Project
    KDubz
    K-Dude
    Kdumpster

© 1999-2016 Urban Dictionary ®
jobs   terms of service   privacy
remove   feedback
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: RE on April 04, 2016, 09:05:20 AM
I never knew SHIZNATICAL was a word!  :o  William F. Buckley Jr. used to use words I never heard of before though, so I do realize that some words are out of my common vocabulary but do exist.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: g on April 04, 2016, 09:24:29 AM
I never knew SHIZNATICAL was a word!  :o  William F. Buckley Jr. used to use words I never heard of before though, so I do realize that some words are out of my common vocabulary but do exist.

RE

Here is Shiznat    :laugh:



     
       
         
       
     
     
       
         
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
         
         
           
         
         
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
           
             
           
         
  Top Definition
ShizNat
From 2004 onwards, ShizNat also refers to the lesbian couple in the anime Mai Hime. ShizNat is the abbreviation for Shizuru and Natsuki.
That lesbian stalker just went shiznat over her prey.
by papa lolita April 26, 2006
537
96
Buy the mug
Random Word
20 Words related to ShizNat

    shit shiznatical braz crap gulosh poop shiz shiznats shiznits shizzeur shizzle slumpo slumpy slut butt dawg ho shizzy ugly slut white trash

2
Shiznats
Replacement word for "shit". Used around pious friends and up-tight adults that really need to get a life.
HOLY SHIT- er... I mean, HOLY SHIZNATS!
by the hugable ninja February 12, 2009
5
6
Buy the mug
3
shiznat
something of great quality
this food is the shiznat!
by spencer December 22, 2002
57
97
Buy the mug
4
shiznat
Meaning tight. Came from a group of teens who stuck together thru hard times renaming themselves to fight the system known as Shiznat101.
Your party is the shiznat
by dudeman October 25, 2004
22
85
Buy the mug
5
Shiznat
Something freaking awesome.not shiznit though thats just plain gay.this word is used by many rappers and sexy awesome people like me!!!
That Pimping band lower OuTake is the shiznat!!!fo sho
by Chad Green May 01, 2004
20
88
Buy the mug
6
Shiznat
some may say this word means the shit. however, that was the 80's. my band means it as cool, or awesome. shiznit is a stupid mispronunciation of this word and anyone who says it should be condemned to a life of misery.
person #1: wow! that's the shiznat!

person #2: yeah that is the shiznit!

person #1: it's shizNAT u idiot!

*person #2 is condemned to a life of missery
by dan April 16, 2004
60
131
Buy the mug
Ten Words Trending Now

    truffle butter
    fuck boy
    thot
    netflix and chill
    dabbing
    dab
    tubgirl
    sapiosexual
    dabbin'
    alabama hot pocket

Alphabetical List

    ShizNat
    shiznatalicious
    Shiznatch
    shiznatical
    shiznatti
    shiznatz
    Shiznaught
    shiznaw
    shiznay
    shiznay in the biznay
    shiznaz
    shiznazer
    shiznazz
    Shizneezy
    shiz-neh
    Shiznel
    Shizneotae
    shizness
    shiznet
    shiznettel
    shiznetti
    shiznetz
    Shiznex
    shizney
    shiZni
    shiznia
    Shizniagliocci
    shiz-nibbler
    shiznibitz
    Shiznic
    shiz nicholson
    shiznicity
    shiznick
    Shiznickel
    shiznickle
    shiznickumitch
    shiznicov
    shiznid
    shiznig
    Shizniggit

© 1999-2016 Urban Dictionary ®
jobs   terms of service   privacy
remove   feedback

     
     

   
Title: Re: A minor Bernays fuckification. Pavlov's dog style.
Post by: K-Dog on April 04, 2016, 12:55:01 PM
Quote
-- the battle between Apple and the FBI seems destined to continue ad infinitum. Which, paradoxically, is evidence that the system is working.   Christopher Mims

Evidence the system is working all right but what system?  The system of spooks who feel the need to watch everything I do and harass me is working yes. Is the system that is suppose to keep us 'safe' working?  Obviously not since they spend altogether too much time fucking with me.

(http://chasingthesquirrel.com/pics/fuckification.png)

What you are looking at is evidence of a minor fuckification by the deep state intended to make me paranoid and ineffective; hopefully something to make me go off like a crazy man and make myself look like a fool.  'They'  have put a man in the middle between my computer and the internet to watch and control my web surfing experience.  What 'they' do if you are a problem child such as moi, as they did in this case, is hijack the results of your web searches and put anything they want on the results page.  This is not the first time I have experienced this.  Specifically what you are looking at is the result of an alleged duckduckgo search.

The 'awsome superdidooper high tec stuff kinda person' is ME.  Which is established because my duckduckgo (the search engine that does not share your identity) search goes on to say kdog does not believe this is a word.

This is true my search for shiznatical was to see if the word was real or not.  As 'they' obviously saw me doing this 'they' responded.

If you had any doubts the terror state is quite real!


GO what's with you stomping on me?  This is just like when Clusterfuck Nation was a comment thread with no nesting and when I posted something there that was a strong criticism of the status quo long comments of Chinese language gibberish would be posted so people could not see my comments without a lot of scrolling up which we both know most people won't do!

RE, is that all you have to say?  Did your dictionary refer to you in definitions by name when you looked up William F Buckly's big words?

Reality isn't what it used to be!
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: agelbert on April 04, 2016, 12:55:46 PM
K-Dog, you have definitely stirred up GO to new heights of internetus fastidiousos detailous searchesous.   

(http://cdn.meme.am/instances/57678793.jpg)
(http://www.desismileys.com/smileys/desismileys_2544.gif)




  (http://www.pic4ever.com/images/5yjbztv.gif)
Title: Re: WSJ goes the Full Bernays in Apple-FBI Encryption Case
Post by: monsta666 on April 04, 2016, 01:12:45 PM
OMFG.  Can you write more blatant propaganda than this?  The FBI Hacking your phone is a GOOD thing!  ::)

http://www.wsj.com/articles/why-the-fbi-breach-of-the-iphone-is-a-win-for-users-1459742402 (http://www.wsj.com/articles/why-the-fbi-breach-of-the-iphone-is-a-win-for-users-1459742402)

Why the FBI Breach of the iPhone Is a Win for Users
Experts say ‘lawful hacking’ helps make software more secure

In all fairness to the article (if you can ignore the provocative and somewhat click-bait nature of the headline) it makes the notable (perhaps somewhat naive) caveat that a FBI hack is good for the public PROVIDED the FBI disclose the vulnerability of the software/hardware to Apple. The so called white-hat hackers are hackers that purposely look for faults in software so they can report it to the companies in question and get a financial reward for their diligence.

With that said I have no doubts this article is still a puff piece to the FBI as it does not even scrutinise the lack of action on the part of the FBI to release this vulnerability to Apple. In addition it does not even explore the idea that this hack, and more important, behaviour could be abused by government authorities to needlessly monitor the public. Still all those points do not completely negate the argument that finding exploits and publishing them through the correct channels is a disservice to the public. In fact security through obscurity is less secure than a more transparent feedback process in the long-run and if the FBI fail to act then this exploit will be found by black-hackers who will use it for nefarious purposes. Indeed the article itself does explicitly say that the failure to state this weakness will be bad for the public from a security standpoint. The issue of privacy is not touched.
Title: Re: A minor Bernays fuckification. Pavlov's dog style.
Post by: RE on April 04, 2016, 03:19:52 PM
RE, is that all you have to say?  Did your dictionary refer to you in definitions by name when you looked up William F Buckly's big words?

I never bothered looking them up.  If I couldn't figure out what he meant from context, I forgot about it.  You never heard those words again anyhow.

RE
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on April 04, 2016, 04:09:48 PM
Quote
Monsta: In all fairness to the article (if you can ignore the provocative and somewhat click-bait nature of the headline) it makes the notable (perhaps somewhat naive) caveat that a FBI hack is good for the public PROVIDED the FBI disclose the vulnerability of the software/hardware to Apple.

Agreed.  However what the FBI was doing was not white-hat hacking, which is finding bugs in the software for the sake of making the software better - they were hacking the phone of a strongly-suspected suicide bombing team.  Even the most open and privacy-conscious government could have legislation that says that, on successful application to a suitable court, they could be allowed to do this.  It wouldn't be blanket surveillance, but highly targeted surveillance.

Quote
RE: I never knew SHIZNATICAL was a word!

It's not.  Urban Dictionary allows anyone to post a new word, and anonymous users are allowed.  The banter over "K-dog" is entirely consistent with it all being about someone/something entirely different from our K-dog.

K-dog, if there is a MitM between you and duckduckgo.com, the fingerprint of the certificate you get with the search results will NOT be:
SHA-256 Fingerprint: 5E:2A:79:C8:CC:10:F7:AB:CE:75:A3:EC:87:C3:B7:F8:7C:94:FA:55:37:99:10:55:A7:49:62:DD:16:68:10:AE
A few other people could report on what they get, to confirm this -
go to https://duckduckgo.com , click on the padlock in the address box, and follow the links to View Certificate

A much more likely scenario is that you have a rootkit on your system.  On Linux "rkhunter" is only going to find something if it starts off with a known clean system, and scanned before and after each kernel update.  This is a real pain, but without it, you can't complain.  There's a new Ubuntu coming out April 21 - do a fresh install, not an upgrade, and install rkhunter as the very first thing, then scan with --propupd to set it up.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: g on April 04, 2016, 05:12:09 PM
Quote
GO what's with you stomping on me? [/b] This is just like when Clusterfuck Nation was a comment thread with no nesting and when I posted something there that was a strong criticism of the status quo long comments of Chinese language gibberish would be posted so people could not see my comments without a lot of scrolling up which we both know most people won't do!

Not so K-Dog, you got it wrong.

Read your post said to myself. :icon_scratch: :icon_scratch: :WTF:

Typed your crazy word in myself to see what I would get.

Up pops urban dictionary with the word K-Dog as the first reply.

Then posted the entire page as shown to me after deleting a bunch of nothing on the side bar of same page which created the large void in both postings.

Then RE chimed in with his post and I grinned remembering Buckley and his verbosity.

Then decided to try the root word Shiznat ,in response to RE.  Same result Urban dictionary pops up and I posted page presented.

Made no comment about various definitions.  Viewed the entire exercise as a waste of time, akin to DOODLING.

               
                                                (https://tse3.mm.bing.net/th?id=OIP.Md7608e517c28ef4dace8ddef76bc3b09o0&pid=15.1)
                                                                         JUST DOODLING


                                                           

Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: g on April 04, 2016, 05:39:20 PM
K-Dog, you have definitely stirred up GO to new heights of internetus fastidiousos detailous searchesous.   

(http://cdn.meme.am/instances/57678793.jpg)
(http://www.desismileys.com/smileys/desismileys_2544.gif)




  (http://www.pic4ever.com/images/5yjbztv.gif)

 :exp-grin: :exp-grin: :exp-laugh: :exp-laugh:

Not so this time Agelbert.

While always up for a nice friendly verbal spar where only ball kicking and vicious vitriol are allowed, as you can see I was merely wasting a bit of time and doing a bit of Doodling.  ;D

                                                 
Don't Piss on me
Don't Piss on me
    :D
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on April 04, 2016, 07:34:19 PM
It sure would be nice to get paid for doodling. ;D
Title: Deep State Dogging
Post by: K-Dog on April 04, 2016, 09:07:21 PM
Palloy,

Where did you get these numbers?

SHA-256 Fingerprint: 5E:2A:79:C8:CC:10:F7:AB:CE:75:A3:EC:87:C3:B7:F8:7C:94:FA:55:37:99:10:55:A7:49:62:DD:16:68:10:AE

You did not get them from me.  I don't see them anywhere.  Certainly they were not on the snippet I took from this.

(http://chasingthesquirrel.com/pics/shiznatical.png)

Upon clicking the personalized link I got the same definition everyone else did.  The text below the link description had nothing to do with the actual link contents.  The funny definition was also only good for a single page load.  Upon reload everything was normal.  Good thing I snagged it when I did.  Homeland security pixels have a way of disappearing as I know very well.

Would a 'rootkit' show discrepancies between surf results obtained from a proxy server and results gotten going directly to a web address as I was experiencing at the time? 

Regardless of your answer, someone is kicking the dog and that is my point.  Funny search results are not the only thing that is happening to me.  Please don't say it must be some other K-Dog.  That's insulting.  I am currently experiencing having to have three of my credit cards cancelled and reissued because they have been 'compromised'.  This is something of course which can happen to anyone, one card at a time, maybe even two cards at a time, but not three.  Those odds are really low.

What K-Dog was seeing without going through a proxy server.

(http://chasingthesquirrel.com/pics/K-dogUrbanDictionary.png)

What K-Dog was seeing going through a proxy server.

(http://chasingthesquirrel.com/pics/K-dogUrbanDictionary2.png)

At this point I think the intent was that I should be shaking in my boots.  Problem is I've already been there and done that.  I have the T-shirt.

(http://40.media.tumblr.com/e09d3bd485c9bed2faf1957e9c11ab75/tumblr_mp0pavvW9d1rkji00o1_500.jpg)

I hope I don't rate an urban drone.






Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: Palloy on April 04, 2016, 09:35:50 PM
K-dog, when you go to https://duckduckgo.com , you can find out if you are talking to the right server by clicking on the green padlock in the browser's address box.  A drop down list will appear, click on the right arrow opposite "secure connection", click on "more information", click on "View Certificate". Then you will see the fingerprint of the certificate that is claiming to be the certificate of DuckDuckGo.

If there is no Man in the Middle, your SHA-256 fingerprint will match the one I posted.  If it is different, that confirms a MitM attack or something needing further investigation.

I'm not saying you are paranoid, but you admitted yourself that talking about it makes you SOUND paranoid.  I'm not saying the Urban Dictionary isn't about you, I'm saying it COULD be about something else, or COULD be a stalker-troll you have picked up from elsewhere, not necessarily CIA.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: K-Dog on April 04, 2016, 10:58:18 PM
K-dog, when you go to https://duckduckgo.com , you can find out if you are talking to the right server by clicking on the green padlock in the browser's address box.  A drop down list will appear, click on the right arrow opposite "secure connection", click on "more information", click on "View Certificate". Then you will see the fingerprint of the certificate that is claiming to be the certificate of DuckDuckGo.

If there is no Man in the Middle, your SHA-256 fingerprint will match the one I posted.  If it is different, that confirms a MitM attack or something needing further investigation.

I'm not saying you are paranoid, but you admitted yourself that talking about it makes you SOUND paranoid.  I'm not saying the Urban Dictionary isn't about you, I'm saying it COULD be about something else, or COULD be a stalker-troll you have picked up from elsewhere, not necessarily CIA.

Thanks for the info about duckduckgo.

The problem with a stalker-troll theory is how is a stalker troll able to hack my web surfing, compromise my credit cards and mess with my cell phones all at the same time?

I think this is what did it most recently, this line about the army units and homeland security which I know for a fact to be true and which I was impish enough to bark out loud because it fit the following embedded comment so perfectly:

Those hired by the Department of Homeland Security and the Army to monitor the internet will find what they believed to be secure employment is employment which will now be replaced by autonomous cyber systems as they rejoin the ranks of the watched and are replaced by machines.

Quote
Anything that transacts beyond the reach of the panopticon is terrorism by definition.

Yes, everyone involved in AI wants a piece of the action and encryption is a thorn in the side of liquid surveillance.  Not enough goodies to go around means some get none and the way to decide who gets what and maximize docility is to develop computational algorithms which surveil without human interaction via big data.  Encryption stops big data and must be eliminated from the social organism.  Motivation and choice are ignored as big data extracts network connections and the terrorist becomes defined merely as data point outliers who don't fit in.  Unforeseen by Orwell or Huxley in their dystopian future visions is that the watchers and the watched would not define separate social classes but that social inequity would become institutionalized by computers which by the use of AI algorithms would manage social structure guaranteeing that those who have keep what they have and that the impoverished remain impoverished.

The singularity will never be but the "Will of Landru" shall emerge. 

(https://images.duckduckgo.com/iu/?u=http%3A%2F%2F4.bp.blogspot.com%2F-0c7oLc-aUB4%2FUZFZJT6XXiI%2FAAAAAAAAeBE%2FveM1MfFDQFY%2Fs1600%2Farchons6.png&f=1)

This new vision of our emerging dystopian future was first articulated in "The Return of the Archons" Star Trek. episode #21 which aired February 9, 1967.

Those hired by the Department of Homeland Security and the Army to monitor the internet will find what they believed to be secure employment is employment which will now be replaced by autonomous cyber systems as they rejoin the ranks of the watched and are replaced by machines.

The chewy center of the panopticon becomes inhabited by silicon brains devoid of humanity.

******

While this may seem farfetched it is less farfetched than the notion that the FBI actually need the contents of that phone.

When Edward Snowden outed the extent to which surveillance was going on everyone took the view that only surveillance was happening.  I had already experienced some harassment by then and I knew there was a lot more than just looking going on.  How much more is the question; and that is a question I can't answer.  I can only relate what has happened to me. 

I had discovered from studying tracking ball URLs that a lot of seemingly ordinary people were defending the status-quo making comments and suppressing dissent using the Department of Defence Network and I had blogged about it.  Now those same URLs only say United States and don't foolishly advertise the hidden spooks and the propagandists who inhabit the internet to curtail dissent and quell meaningful discussion as they most certainly do.  The security leak was plugged.

As to sounding paranoid, I really don't care so much because I know I can't persuade anybody.  The raw truth is too hard to accept unless you have been personally involved with these homeland security cretins as I have.  I am driven to speak my truth, that is all.  They will not bully me.

Upon stopping to reflect upon human nature it becomes obvious that the large surveillance effort the American deep state has put into place could never be content to only look.  The power to take action using the information they can acquire is too hard to resist and the American Government has a long history of manipulating public opinion behind the scenes. 

As Donald Trump said of one protester: 'I'd like to punch him in the face'.  It would be a safe guess to say that there are plenty of people with this same attitude patrolling the internet rooting out terror with Obama's blessing right now.  With a few keystrokes lives can be changed, possibly ruined; and no doubt some have.  In the war on terror there will be casualties and the definition of terror can be highly subjective and self serving.

It would have been nice if 'they' had decided that I am too vocal to poke with a stick and gone away but that was not to be.  I am someone who is responsible for 'fuckery' instead of being the thoughtful person I am who just happens to disagree with the dominant paradigm.  For good reason.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: g on April 05, 2016, 02:46:06 AM
Quote
Upon stopping to reflect upon human nature it becomes obvious that the large surveillance effort the American deep state has put into place could never be content to only look.  The power to take action using the information they can acquire is too hard to resist and the American Government has a long history of manipulating public opinion behind the scenes. 

That is dogma and an irrefutable statement IMO.
Title: Re: Judge orders Apple to access iPhone belonging to San Bernadino shooter
Post by: g on April 05, 2016, 02:56:41 AM
It sure would be nice to get paid for doodling. ;D

Yes, It is also a free mild medication for stress, getting one's mind off problems for a while, rebooting the brain and starting anew refreshed as well.

                                                (http://d26qwpdz6hr740.cloudfront.net/doodles/51f8041c4cfb45e262000001/image.png)
Title: NY Bill to require drivers to submit phones for testing in accidents
Post by: RE on April 12, 2016, 01:59:14 PM
"Let me see your License, Registration, Insurance Card...and your PHONE!"

RE

http://appadvice.com/post/a-new-york-bill-would-require-drivers-involved-in-an-accident-to-submit-their-phone-for-testing/710803 (http://appadvice.com/post/a-new-york-bill-would-require-drivers-involved-in-an-accident-to-submit-their-phone-for-testing/710803)

A New York bill would require drivers involved in an accident to submit their phone for testing
The technology supposedly doesn't access any private information
by Brent Dirks
April 12, 2016

Cellebrite is back in the news once again. The Israeli mobile forensic software company, which more than likely assisted the FBI with cracking into an iPhone 5c used by a San Bernardino shooter, is behind interesting new legislation in New York.
The “textalyzer”
The “textalyzer”

As first reported by Ars Technica, the bill would require drivers involved in an accident to submit their phone for testing to determine if it was being used before the incident. The “textalyzer” would supposedly not access any private information:

    In a bid to get around the Fourth Amendment right to privacy, the textalyzer allegedly would keep conversations, contacts, numbers, photos, and application data private. It will solely say whether the phone was in use prior to a motor-vehicle mishap. Further analysis, which might require a warrant, could be necessary to determine whether such usage was via hands-free dashboard technology and to confirm the original finding.

Anyone who refuses to submit their phone for testing would have their driver’s license immediately suspended.
A major problem
A major problem
Even though distracted driving is known to be as dangerous as driving while intoxicated, 67 percent of U.S. drivers still use their phones while behind the wheel.

The bill was heavily lobbied for by the group Distracted Operators Risk Casualties, or DORCs. It has been dubbed “Evan’s Law” in memory of 19-year-old Evan Lieberman.

His father, Ben, is a co-founder of the group.

“The general public knows distracted driving is a problem, but if people knew the extent of the damage caused by this behavior, they would be amazed,” said Lieberman. “With our current laws, we’re not getting accurate information because the issue is not being addressed at the heart of the problem—with the people causing the collisions.

“I have often heard there is no such thing as a breathalyzer for distracted driving—so we created one. Respecting drivers’ personal privacy, however, is also important, and we are taking meticulous steps to not violate those rights.”

Even though distracted driving is known to be as dangerous as driving while intoxicated, 67 percent of U.S. drivers still use their phones when behind the wheel.
An imperfect solution?
An imperfect solution?

While distracted driving is obviously a problem on the road, I question whether Cellebrite’s technology is a true solution.

I think the technology needs to more widely publicized so we can understand exactly how the company can tell if the phone was being used without accessing any information. And how will they be able to determine whether a driver was texting or if their phone was in a cradle simply streaming music to a stereo via Bluetooth?
Title: Re:NY Bill
Post by: Eddie on April 12, 2016, 02:17:39 PM
The bill was heavily lobbied for by the group Distracted Operators Risk Casualties, or DORCs. It has been dubbed “Evan’s Law” in memory of 19-year-old Evan Lieberman. His father, Ben, is a co-founder of the group.

Just what we need, another law.

 Evan Lieberman was killed when another 19 year old driver fell asleep at the wheel and hit him head-on. Although the father wanted to make it about talking on a cell phone, it wasn't.

http://www.usatoday.com/story/news/nation/2013/05/29/ny-father-fights-distracted-driving/2370837/ (http://www.usatoday.com/story/news/nation/2013/05/29/ny-father-fights-distracted-driving/2370837/)