Category: Safety

Terrifying: President Claims He Was Unaware NSA Spying on Merkel

Last week it came to light that the NSA has been snooping on the personal mobile phone of German Chancellor Angela Merkel.

Following the revelation, President Obama spoke with an understandably angry Chancellor Merkel, and assured her that the United States is not monitoring her now, but wouldn’t comment on the past… Which means we were obviously monitoring her.

Obama Merkel

This is clearly messed up.

This isn’t 1939, and the leader of Germany isn’t Adolf Hitler. Chancellor Merkel is the leader of one of our closest allies… But believe it or not, this isn’t the scary part.

Two terribly possibilities

I’m not naive. Espionage and diplomacy are two sides of the same coin. They have been since the birth of nation-states. However, there are two possibilities here. Either…

President Obama knew this was happening, or he did not.

He claims he did not know that the NSA was spying on her.

If he knew

If the President knew that his spooks were spying on the Chancellor, this is scary because the implied paranoia is scary. Really scary.

It also means that he’s lying.

If he didn’t know

If the President was truly unaware of  the NSA’s snooping on the leader of Germany this is completely terrifying.

Every time a new NSA abuse has hit the press, Mr. Obama has claimed that he didn’t know what was going on, and would have to ask them what they were up to.

These abuses have been surfacing for half a year, and still the President isn’t up to speed?

It’s reached a point where it’s clear that the President is:

  • Playing dumb, and lying
  • He really has no control over the NSA

Both options are terrifying. The latter is much scarier.

It baffles me that the President doesn’t recognize how insane it is that the United States built such an expansive surveillance system that the President doesn’t even know when we’re spying on his allies.

The leadership of the NSA needs to be cleaned out, and a full audit of that system needs to happen. The American people shouldn’t be learning about these abuses through leaks, and the President of the United States sure as hell shouldn’t be learning his own administration’s behavior through leaks.

Something’s rotten in DC.

[Story via Techdirt, image via Politico]

Defeating Snapchat’s Privacy in 4 Easy Steps

Snapchat doesn’t fulfill on it’s promise. It can’t, and it won’t. Not now, and not in the foreseeable future.

Self-destructing pictures only work if another copy can’t be made.

The obvious problem: screen shots

They kind of solved the easy problem of screen-shots by logging and notifying the sender if one of the receivers takes a screen shot.

It doesn’t eliminate the threat that a photo can be stored, but it does mitigate the risk a fair amount.

Now onto the less obvious, and much larger problem…

Snapchat_logo

How to secretly copy a Snapchat pic

  1. Receive a Snapchat photo
  2. Take out a second phone/camera
  3. Open the Snapchat photo
  4. Take a picture of the screen with the second device
Not taken with Snapchat, but the principle is the same.
Not taken with Snapchat, but the principle is the same.

Et voila… You now have an undetectable, savable and resendable copy of the previously private Snapchat.

We live in a world full of cameras my friends. Never forget it.

Unopened Snapchats

If a Snapchat photo is unopened, it still lives on Snapchat’s servers, and can be turned over to the authorities. Which has happened about a dozen times.  

Dishonesty in the product

Let’s be real. There are a limited number of use-cases for self-destructing photos. Sending unimportant photos to friends, and sending really, really private photos to friends.

Snapchat sucks. It cannot do what it promises, because what it promises is not achievable through software. Full stop.

There is no such thing as a private photo delivery system.

If you don’t want people seeing a particular photo, then don’t take it, and certainly don’t send it to someone. Once you do send a private photo, the only security that remains is the integrity and respect of the receiver.

Your phone isn’t a sex toy. 

Practice safe computing.

(image via Wikipedia)

Device Security: Fingerprints vs Passwords

Apple’s announcement and release of the iPhone 5s raised an interesting question that many have asked me:

“Which is safer, Touch ID or  a pin code?”

The answer is, it depends on what you’re protecting yourself from.

touchid_hero

Pin codes 

They are a nuisance

Far too many people don’t use them, because they are annoying. A device that is devoid of security is already defeated.

Pin peeping

Someone can easily observe a user inputting a pin, and thus defeat the security.

Police prevention

It takes a massive amount of legal proceedings for the police to compel a person to turn over their password.

Fingerprint 

Police & fingerprints

The police can compel you to turn over your fingerprints. There isn’t enough legal precedent to ensure protection from the authorities.

Deep sleepers

If you’re a deep sleeper, someone could access your device with your fingerprint, and defeat your security while you’re dreaming.

Effortless security

The way Touch ID is setup, using your fingerprint as a password is effortless after initial setup.

Safe print storage?

The way Touch ID is architected, your fingerprint data should be secure. Even if it isn’t, the device isn’t storing your prints, it’s storing a mathematical translation of your prints. So, if someone defeats Apple’s security and accesses your print data, it’s not actually your print, it’s a looooooooooong string of seemingly random characters.

Other fingerprint enabled devices, I cannot speak for at this time.

That being said, I wouldn’t worry about this because we leave our fingerprints everywhere. If someone is motivated and wants to steal your prints and do bad things, it’s pretty much impossibly to prevent (hair follicles too).

The bottom-line

If you think you’ll be invoking your right to remain silent in the near-future… Go with a pin… And please don’t hurt anyone.

If you don’t trust the people under your roof… Go with a pin…  And maybe a lock on your door.

Your safest option would be to enable fingerprint security, and have a pin… But Apple doesn’t allow it. Two layers of security would be better than one.

That being said, pick one. Pin or print, it doesn’t matter. If you’re committed to security laziness, at least protect your device with a print. No security is a terrible idea.

Practice safe computing.

(Image via Apple)

Mother’s Day Weekend Tech Support!

It’s Mother’s Day weekend, and I’m sure many of you are traveling to spend time with loved ones. In addition to whatever wonderful things you’ve already planned, may I suggest a little tech support? A few minutes of effort can go a long way!

Try:

  • Updating your mom’s operating system
  • Updating her browser
  • Updating and running a virus scan

Those few things are almost effortless, and can go a long way towards protecting your mother’s machine from all manner of badness.

Practice safe computing by lending a helping hand!