Security researchers claimed to have cloned the thumbprint of the German Defense Minister by photographing her hand at a press conference.
In a presentation at the annual Chaos Computer Club hacker gathering in Hamburg, Germany, biometrics specialist Jan Krisller – known in the community as “Starbug” – explained how he’d taken a variety of photographs of Ursula von der Leyen when she gave a press briefing in October.
Krisller used a lens with a focal length of 200mm and shot the snaps from six feet away, he said. He then used commercial fingerprint software from Verifinger to map out the contours of the Minister’s thumbprint.
To get that into something that could be used on a biometric scanner, Krisller employed the same technique he demonstrated at the conference last year, where he successfully defeated Apple’s TouchID fingerprint lock. The technique, first used in the Gummi Bear attack of 2002, employs digital photographs, flexible materials, and laser printers to create false fingerprints.
Category: Uncategorized
Catcalling royalty
Obama Administration Reverses Bush Policy, Says U.S. Torture Ban Applies Abroad
It seems that Obama has actually affirmed that torture is not legal, even if done outside the US, and even if done during a war. It remains to be seen if this changes anything, or if it means another loophole will be used.
In contrast to positions previously taken by the U.S. government, the delegation will affirm that U.S. obligations under Article 16, which prohibits cruel, inhuman, or degrading treatment or punishment, do not apply exclusively inside the territorial United States. The delegation in Geneva will make clear, consistent with the text, negotiating history, and the Senate ratification process, that U.S. obligations under Article 16 (as well as under other provisions of the Convention with the same jurisdictional language) apply in places outside the United States that the U.S. government controls as a governmental authority. The delegation will also make clear our conclusion that the United States currently exercises such control at the U.S. Naval Station at Guantanamo Bay, Cuba, and over all proceedings conducted there, and with respect to U.S.-registered ships and aircraft.
ISPs Removing Their Customers’ Email Encryption
Recently, Verizon was caught tampering with its customer’s web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers’ data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1
By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco’s PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
The $9 Billion Witness: Meet JPMorgan Chase’s Worst Nightmare
She tried to stay quiet, she really did. But after eight years of keeping a heavy secret, the day came when Alayne Fleischmann couldn’t take it anymore.
“It was like watching an old lady get mugged on the street,” she says. “I thought, ‘I can’t sit by any longer.'”
Fleischmann is a tall, thin, quick-witted securities lawyer in her late thirties, with long blond hair, pale-blue eyes and an infectious sense of humor that has survived some very tough times. She’s had to struggle to find work despite some striking skills and qualifications, a common symptom of a not-so-common condition called being a whistle-blower.
Fleischmann is the central witness in one of the biggest cases of white-collar crime in American history, possessing secrets that JPMorgan Chase CEO Jamie Dimon late last year paid $9 billion (not $13 billion as regularly reported – more on that later) to keep the public from hearing.
Catcalling is for Genetic Refuse
So lets do an experiment: We have an attractive woman, perhaps wearing attire that is specifically designed to attract male attention. She walks down the street, and she gets all kinds of male attention. Then, she’s all pissed off that guys pay attention.
Fair enough.
I agree that a woman should be allowed to walk around with non-verbal cues that scream “I WANT TO BE FUCKED RIGHT NOW” and still, it is a desirable cultural norm that we don’t actually get to fuck her, nor get to treat her like she’s just there for the fucking (I mean, unless that’s what she wants). Consider me a feminist, I guess.
Now, does she have a right to an existence without hearing guys hoot, holler, and catcall? Meh, maybe. I’m a little on the fence about it.
Which means that I don’t really mind the anti-catcalling crowd exercising its First Amendment right to protest and criticize this practice. I just think they’re making everyone dumber with their approach.
But, sorry to mansplain it ladies, you’re doing it wrong.
Mobile Providers: No One Has Complained* About Our Service, So Net Neutrality Shouldn’t Apply To Us
From our innovation economy to the free exchange of ideas, the United States is a shining example to the world of the promise of an open Internet. It is widely embraced by policymakers, innovators and consumers alike, particularly with respect to mobile broadband. We remain the global leader in mobile innovation and have embraced openness across the ecosystem. So much so, that not a single formal complaint against wireless providers has been made to the Federal Communications Commission since it first adopted open Internet rules in 2010.
Oh, really? First of all, that last sentence is so ridiculous that it deserves a special callout for just how blatantly dishonest it is. You know why there’s been no formal complaint to the FCC against wireless providers under its 2010 open internet rules? Because those rules never applied to wireless in the first place. This was one of the major loophole/problems with the 2010 rules: they explicitly carved out wireless providers. So the reason why there haven’t been any formal complaints against wireless providers is because you couldn’t make a formal complaint under those rules. To use that as the example of “nothing to see, move along now” is ridiculous — and totally dishonest.
The American Government Tried to Kill James Risen’s Last Book
James Risen’s new book on war-on-terror abuses comes out tomorrow, and if you want to find a copy it shouldn’t be hard to obtain. As natural as that seems, it almost wasn’t the case with the Risen’s last book, “State of War,” published in 2006. Not only did U.S. government officials object to the publication of the book on national security grounds, it turns out they pressured Les Moonves, the CEO of CBS, to have it killed.
The campaign to stifle Risen’s national security reporting at the Times is already well-documented, but a 60 Minutes story last night provided a glimpse into how deeply these efforts extended into the publishing world, as well. After being blocked from reporting on the NSA’s warrantless surveillance program for the paper of record, Risen looked into getting these revelations out through a book he was already under contract to write for Simon & Schuster, a book that would look at a wide range of intelligence missteps in the war on terror.
In response, it seems, the government once again went straight to the top in order to thwart him.
5,000 Domains Seized Based On Sealed Court Filing; Confused Domain Owners Have No Idea Why
This is a shining example of why law enforcement shouldn’t be able to force others to do their bidding without a court order
In the past, we’d been fairly worried about governments seizing website domains with little or no notice, but it’s perhaps equally, if not more, troubling when it’s done by private individuals and companies. This was one of our concerns with the original version of SOPA, which included a “private right of action.” But, even though SOPA never became law (and the private right of action was dropped fairly early on), it appears that some courts are still allowing this to happen. Just a couple of months ago, we wrote about a troubling ruling in an Oregon district court that let a Filipino entertainment company seize a bunch of domains, in a process that was done under seal. In the past, we’ve seen other brands, like Chanel do the same thing. Louis Vuitton has also tried seizing domains.
The latest such example seems especially troubling because no one has any idea what’s fully happening, but it appears to involve Chan Luu, a jewelry and clothing retailer. The Internet Commerce Association notes that approximately 5,000 domains appear to have been seized, handed over to a private “receiver” who is now trying to sell those domains — for no clear reason.
Anatomy of a Non-Denial Denial
This is what I would cal weasel-talk….
The non-denial denial is an art that takes many forms in official Washington.
The basic idea is that when you or your organization are accused of doing something that you did in fact do, you respond with what sounds like a denial, but really isn’t.
You issue a very narrowly-crafted denial involving a lot of hairsplitting, while avoiding the central claim. Or you dismiss the accusation as unworthy of response. Or you deny something else: You raise a straw man accusation and deny that; or – possibly best yet — you take advantage of a poorly worded question.
The press typically interprets it as a denial, and since you are a credible figure, it moves on.
And if the accusation against you is ever irrefutably proven, then you point out that you never really denied it. Since you didn’t technically lie, the press, again, moves on.