Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

August 3, 2016

How foreign governments spy using PowerPoint and Twitter

Filed under: Cybersecurity,Security — Patrick Durusau @ 12:34 pm

How foreign governments spy using PowerPoint and Twitter by Ron Deibert.

From the post:

News of the alleged Russian hack of the Democratic National Committee’s computers has riveted the world. But for many, this kind of behavior is a daily reality.

Take, for example, Syrian Nour Al-Ameer. A former vice president of the Syrian National Council, Al-Ameer was arrested and sent to infamous Adra prison in Damascus, where she was brutally tortured. Upon release, she became a refugee, fleeing to relative safety in Turkey.

Or so she thought.

Al-Ameer is a net savvy activist, and so when she received a legitimate looking email containing a PowerPoint attachment addressed to her and purporting to detail “Assad Crimes,” she could easily have opened it. Instead, she shared it with us at the Citizen Lab.

As we detail in a new report, the attachment led our researchers to uncover an elaborate cyberespionage campaign operating out of Iran. Among the malware was a malicious spyware, including a remote access tool called “Droidjack,” that allows attackers to silently control a mobile device. When Droidjack is installed, a remote user can turn on the microphone and camera, remove files, read encrypted messages, and send spoofed instant messages and emails. Had she opened it, she could have put herself, her friends, her family and her associates back in Syria in mortal danger.

Our organization has been documenting these type of targeted digital attacks against civil society for years. We’ve found that these organizations are assaulted by state-based cyberespionage the same way that governments and industry are. But they’re far less equipped to deal, and receive significantly less attention from policymakers.

A great post that quickly becomes disappointing because Ron cites only the usual suspects, China, Ethiopia, Latin America, Russia, Sudan, and the United Arab Emirates as governments that spy on civil society.

The United States has confessed to spying on its citizens. Illegally.

You can argue the United States hasn’t murdered its citizens on the basis of illegal surveillance (that we know of), but it has overthrown governments and inflicted hundreds of thousands of casualties upon civilian populations based on its spying efforts.

Every citizen, of all countries, deserves robust defenses against spying governments.

All governments, no exceptions.

Tor 0.2.8.6 is released!

Filed under: Cybersecurity,Security,Tor — Patrick Durusau @ 10:32 am

Tor 0.2.8.6 is released!

From the webpage:

Tor 0.2.8.6 has been released! You can download the source from the Tor website. Packages should be available over the next week or so.

Tor 0.2.8.6 is the first stable version of the Tor 0.2.8 series.

The Tor 0.2.8 series improves client bootstrapping performance, completes the authority-side implementation of improved identity keys for relays, and includes numerous bugfixes and performance improvements throughout the program. This release continues to improve the coverage of Tor’s test suite.

Below is a list of the changes since Tor 0.2.7. For a list of only the changes that are new since 0.2.8.5-rc, please see the ChangeLog file.

Government agencies are upgrading and so should you.

Interactive 3D Clusters of all 721 Pokémon Using Spark and Plotly

Filed under: Clustering,Plotly,Spark,Visualization — Patrick Durusau @ 10:26 am

Interactive 3D Clusters of all 721 Pokémon Using Spark and Plotly by Max Woolf.

721-pokemon-460

My screen capture falls far short of doing justice to the 3D image, not to mention it isn’t interactive. See Max’s post if you really want to appreciate it.

From the post:

There has been a lot of talk lately about Pokémon due to the runaway success of Pokémon GO (I myself am Trainer Level 18 and on Team Valor). Players revel in the nostalgia of 1996 by now having the ability catching the original 151 Pokémon in real life.

However, while players most-fondly remember the first generation, Pokémon is currently on its sixth generation, with the seventh generation beginning later this year with Pokémon Sun and Moon. As of now, there are 721 total Pokémon in the Pokédex, from Bulbasaur to Volcanion, not counting alternate Forms of several Pokémon such as Mega Evolutions.

In the meantime, I’ve seen a few interesting data visualizations which capitalize on the frenzy. A highly-upvoted post on the Reddit subreddit /r/dataisbeautiful by /u/nvvknvvk charts the Height vs. Weight of the original 151 Pokémon. Anh Le of Duke University posted a cluster analysis of the original 151 Pokémon using principal component analysis (PCA), by compressing the 6 primary Pokémon stats into 2 dimensions.

However, those visualizations think too small, and only on a small subset of Pokémon. Why not capture every single aspect of every Pokémon and violently crush that data into three dimensions?

If you need encouragement to explore the recent release of Spark 2.0, Max’s post that in abundance!

Caveat: Pokémon is popular outside of geek/IT circles. Familiarity with Pokémon may result in social interaction with others and/or interest in Pokémon. You have been warned.

File Organization and Naming – Practical Tip

Filed under: Research Methods — Patrick Durusau @ 9:44 am

naming-organization-460

Daily morning mantra Hell!

More like a cover for the keyboard that has to be removed every morning!

Or make that the passphrase for your screensaver.

How’s your file organization/naming practice?

QML: A Functional Quantum Programming Language

Filed under: Functional Programming,Quantum — Patrick Durusau @ 9:29 am

QML: A Functional Quantum Programming Language

From the post:

QML is a functional language for quantum computations on finite types. The language introduces quantum data and quantum control structures, and integrates reversible and irreversible quantum computation. QML is based on strict linear logic, hence weakenings, which may lead to decoherence, have to be explicit.

The design of QML is guided by its categorical semantics: QML programs are interpreted as morphisms in the category FQC of Finite Quantum Computations. This provides a constructive semantics of irreversible quantum computations realisable as quantum gates. The relationships between the category FQC and its classical reversible counterpart, FCC (Finite Classical Computations), are also explored.

The operational semantics of QML programs is presented using standard quantum circuits, while a denotational semantics is given using superoperators.

This research has been supported by the EPSRC, via the MathFIT initiative, grant number GR/S30818/01. We are also involved in the EPSRC research network on the Semantics of Quantum Computation (QNET).

Having closely read Commercial National Security Algorithm Suite and Quantum Computing FAQ from the NSA, or it more popular summary, NSA Warns of the Dangers of Quantum Computing by Todd Jaquith, I know you are following every substantive publication on quantum computing.

By “substantive publication” I mean publications that have the potential to offer some insight into the development or use of quantum computers. The publications listed here qualify as “substantive” by that criteria.

With regard to the “dangers” of quantum computing, I see two choices:

  1. Reliance on government agencies who “promise” to obey the law in the future (who have broken laws in the past), or
  2. Obtain the advantages of quantum computing before such government agencies. (Or master their use more quickly.)

Unless you view “freedom” as being at the sufferance of government, may I suggest pursuit of #2 as much as interest and resources permit?

First Draft – July Fake News Quiz

Filed under: Journalism,News,Reporting — Patrick Durusau @ 8:52 am

First Draft – July Fake News Quiz by Alastair Reid.

You think you keep up with current events?

Or can read a story, critically, to separate fact from fiction?

Hopefully you will do better than I did this month!

Enjoy!

PS: It just occurred to me that this is an excellent resource for secondary school teachers who are teaching students to keep up with the news. Pass this along on education/teaching channels.

August 2, 2016

Vendors, Targets, Both?

Filed under: Cybersecurity,Security — Patrick Durusau @ 6:46 pm

The Transparency Toolkit has created the Surveillance Industry Index, which as of today (August 2, 2016), has 2350 entries.

Remembering the security incidents that have plagued some security firms, I wonder if this is a list of vendors, targets or perhaps both?

Yet another example of what is called “reader response” theory in action.

Enjoy!

Update: Data for the Surveillance Industry Index.

Will make your scanning of the vendors marginally easier.

After all, how much can you trust them, their products or services if they can’t keep you out?

August 1, 2016

Whose Chose Trump and Clinton?

Filed under: Graphics,Politics,Visualization — Patrick Durusau @ 8:52 pm

If you have been wondering who is responsible for choosing Trump and Clinton as the presidential nominees in 2016, you will find Only 9% of America Chose Trump and Clinton as the Nominees by Alicia Parlapiano and Adam Pearce quite interesting.

Using a fixed grid on the left hand side of the page that represents 324 million Americans, 1 square = 1 million people, the article inscribes boundaries on the grid for a series of factual statements.

For example, the first statement after the grid reads:

103 million of them are children, noncitizens or ineligible felons, and they do not have the right to vote.

For that statement, the grid displays:

chose-trump-clinton-460

An excellent demonstration that effective visualization requires a lot of thought and not necessarily graphics that jump and buzz with every movement of the mouse.

Successive statements reduce the area of people who voted in the primaries and even further by who voted for Trump or Clinton.

Eventually you are left with the 9% who chose the current nominees.

To be safe, you need 5% of the voting population to secure the nomination. Check the voting rolls for who votes in primaries and pay them directly. Cheaper than media campaigns and has the added advantage of not annoying the rest of the electorate with your ads.

If that sounds “undemocratic,” tell me what definition of democracy you are using where 9% of the population chooses the candidates and a little more than 30% will choose the winner?

iTunes Prohibits Development of WMDs

Filed under: Humor — Patrick Durusau @ 3:52 pm

apple-wmds-460

I feel certain that if I were planning on developing a weapon of mass destruction, a device that could only be used to cause widespread death and suffering, fear of violating the iTunes EULA would end my efforts in that direction.

Would be WMD developing tyrants should take fair warning to stay off of iTunes. Apple lawyers will gobble you up!

The Apple EULA.

Law Enforcement Shouldn’t Be Omniscient

Filed under: Cryptography,Cybersecurity,Encryption — Patrick Durusau @ 3:37 pm

Andy Greenberg’s introduction to the genius behind Signal, Meet Moxie Marlinspike, The Anarchist Bringing Encryption To All Of Us, is a great read.

Just a sample to get you going:


For any cypherpunk with an FBI file, it’s already an interesting morning. At the very moment the Cryptographers’ Panel takes the stage, Apple and the FBI are at the height of a six-week battle, arguing in front of the House Judiciary Commit­tee over the FBI’s demand that Apple help it access an encrypted ­iPhone 5c owned by San Bernardino killer Syed Rizwan Farook. Before that hearing ends, Apple’s general counsel will argue that doing so would set a dangerous legal precedent, inviting foreign govern­ments to make similar demands, and that the crypto-cracking software could be co-opted by criminals or spies.

The standoff quickly becomes the topic of the RSA panel, and Marlinspike waits politely for his turn to speak. Then he makes a far simpler and more radical argument than any advanced by Apple: Perhaps law enforcement shouldn’t be omniscient. “They already have a tremendous amount of information,” he tells the packed ballroom. He points out that the FBI had accessed Farook’s call logs as well as an older phone backup. “What the FBI seems to be saying is that we need this because we might be missing something. Obliquely, they’re asking us to take steps toward a world where that isn’t possible. And I don’t know if that’s the world we want to live in.”

Marlinspike follows this remark with a statement that practically no one else in the privacy community is willing to make in public: that yes, people will use encryption to do illegal things. And that may just be the whole point. “I actually think that law enforcement should be difficult,” Marlinspike says, looking calmly out at the crowd. “And I think it should actually be possible to break the law.”

I don’t find Marlinspike’s:

I think it should actually be possible to break the law.

surprising or shocking.

Nearly everyone in law enforcement and government agrees with Marlinspike, it all depends on whose laws and for what purpose?

Murder is against the law in North Korea but several governments would applaud anyone who used encryption to arrange slipping a knife between the ribs of Kim Jong-un.

Those same governments and their citizens use encryption to carry on industrial espionage, spying on military research, trade or government negotiations, etc.

I’m happy with non-omniscient law enforcement.

How about you?

Torturing Iraqi Prisoners – Roles for Heroes like Warrant Officer Hugh Thompson?

Filed under: Games,Politics,Video — Patrick Durusau @ 2:53 pm

Kaveh Waddell pens a troubling story in A Video Game That Lets You Torture Iraqi Prisoners, which reads in part:


What if there were a way to make sense of state-sanctioned torture in a more visceral way than by reading a news article or watching a documentary? Two years ago, that’s exactly what a team of Pittsburgh-based video-game designers set out to create: an experience that would bring people uncomfortably close to the abuses that took place in one particularly infamous prison camp.

In the game, which is still in development, players assume the role of an American service member stationed at Camp Bucca, a detention center that was located near the port city of Umm Qasr in southeast Iraq, at an undetermined time during the Iraq War. Throughout the game, players interact with Iraqi prisoners, who are clothed in the camp’s trademark yellow jumpsuits and occasionally have black hoods pulled over their heads. The player must interrogate the prisoners, choosing between methods like waterboarding or electrocution to extract information. If an interrogation goes too far, the questioner can kill the prisoner.

Players also have to move captives around the prison camp, arranging them in cell blocks throughout the area. Camp Bucca is best known for incubating the group of fighters who would go on to create ISIS: The group’s leader, Abu Bakr al-Baghdadi, was held there for five years, where he likely forged many of the connections that make up the group’s network today. The developers say they chose to have the player wrestle with cell assignments to underscore the role of American prison camps in radicalizing the next generation of fighters and terrorists.

The developers relied on allegations of prisoner abuse in archived news articles and a leaked Red Cross report to guide their game design. While there were many reports of prisoner abuse at Camp Bucca, they were never so widespread as to prompt an official public investigation.

I find the hope that the game will convey:

“the firsthand revulsion of being in the position of torturer.”

unrealistic in light of the literature on Stanley Milgram’s electric-shock studies.

In the early 1960’s Milgram conducted a psychology experiment where test subjects (who were actors and not harmed) could be shocked by student volunteers, under the supervision of an experimenter. The shocks went all the way to 450 volts and a full 65% of the volunteers when all the way to 450 with the test subject screaming in pain.

Needless to say, the literature on that experiment has spanned decades, including re-enactments, some of which includes:

Rethinking One of Psychology’s Most Infamous Experiments by Cari Romm.

The Game of Death: France’s Shocking TV Experiment by Bruce Crumley.

Original materials:

Obedience to Authority in the Archive

From the webpage:

Stanley Milgram, whose papers are held in Manuscripts and Archives, conducted the Obedience to Authority experiments while he was an assistant professor at Yale University from 1961 to 1963. Milgram found that most ordinary people obeyed instructions to give what they believed to be potentially fatal shocks to innocent victims when told to do so by an authority figure. His 1963 article[i] on the initial findings and a subsequent book, Obedience to Authority and Experimental View (1974), and film, Obedience (1969), catapulted Milgram to celebrity status and made his findings and the experiments themselves the focus of intense ethical debates.[ii] Fifty years later the debates continues.

The Yale University Library acquired the Stanley Milgram Papers from Alexandra Milgram, his widow, in July 1985, less than a year after Milgram’s death. Requests for access started coming in soon after. The collection remained closed to research for several years until processed by archivist Diane Kaplan. In addition to the correspondence, writings, subject files, and teaching files often found in the papers of academics, the collection also contains the data files for Milgram’s experiments, including administrative records, notebooks, files on experimental subjects, and audio recordings of experimental sessions, debriefing sessions, and post-experiment interviews.

The only redeeming aspect of the experiment and real life situations like My Lai, is that not everyone is willing to tolerate or commit outrageous acts.

Hopeful the game will include roles for people like Warrant Officer Hugh Thompson who ended the massacre at My Lai by interposing his helicopter between American troops and retreating villagers and turned his weapons on the American troops.

Would you pull your weapon on a fellow member of the service to stop torturing of an Iraqi prisoner?

Would you use your weapon on a fellow member of the service to stop torturing of an Iraqi prisoner?

Would you?

Survey says: At least 65% of you would not.

Audiogram (New York Pubic Radio)

Filed under: Audio,Media,Video — Patrick Durusau @ 1:18 pm

Audiogram from New York Public Radio.

My interest in Audiogram was sparked by the need to convert an audio file into video, so the captioning service at YouTube would provide a rough cut at transcribing the audio.

From the post:

Audiogram is a library for generating shareable videos from audio clips.

Here are some examples of the audiograms it creates:

Why does this exist?

Unlike audio, video is a first-class citizen of social media. It’s easy to embed, share, autoplay, or play in a feed, and the major services are likely to improve their video experiences further over time.

Our solution to this problem at WNYC was this library. Given a piece of audio we want to share on social media, we can generate a video with that audio and some basic accompanying visuals: a waveform of the audio, a theme for the show it comes from, and a caption.

For more on the backstory behind audiograms, read this post.

I hope to finish the transcript I obtained from YouTube later this week and will be posted it, along with all the steps I took to produce it.

Hiding either the process and/or result would be poor repayment to all those who have shared so much, like New York Public Radio.

Threats Against Democracy – Try Threats Against “Innocent” Users

Filed under: Cybersecurity,Humor,Porn,Security — Patrick Durusau @ 12:50 pm

After posting about truth telling being a threat to democracy, in the eyes of some, I encountered: Facebook Phishing Scam Using Pornographic Images to Steal Login Data, which reads in part:

There is no way to stop cyber criminals from stealing login credentials of innocent social media users — Recently, one of the HackRead’s writers found a Facebook phishing scam targeting users and stealing their login data. What makes this phishing scam dangerous is the fact that apparently non of the phishing filters have detected any wrongdoing with the links used in this campaign.

Cyber criminals behind this scam have three motives one is to steal users’ login credentials, the second is to get some likes on their Facebook page and third is to profit financially. It starts with scammers posting a link in the comments section of several Facebook groups with a large thumbnail of a nude girl but to make it look like a legit link scammers also mention that video already got hundreds of comments, shares plus thousands of views. The description on the link goes something like this ”groups teen-girl-japannese-18-[retracted]–010 Click HERE to view video recorded 2.381 Likes, 749 Comments, 9.185 Views, 571 Share.”

Now there’s a serious security issue!

Taking advantage of users who are surfing Facebook for porn.

Talk about fishing (sorry) in the shallow end of the security pool.

Hard to say what other access could be leveraged using Facebook logins of such users.

Nuclear launch computers, remote admin at NSA, White House switchboard, free pizza line at Papa Johns. I take that back, Papa Johns probably has better OpSec than the others I mentioned. (That’s sarcasm for all the literalists in the crowd.)

Phishing With Pornography would make a great book title but I don’t know what sort of animal(s) should go on the cover. (Something from National Lampoon perhaps?)

Suggestions?

PS: If you think this indicates I have little sympathy for victims of pornography-based phishing schemes, take a point for your house.

Truth Telling as “National Security Threat Against Democracy”

Filed under: Cybersecurity,Government,Politics,Security — Patrick Durusau @ 12:23 pm

You already know I consider “…the Russians are coming, the Russians are coming…” claims in connection with the DNC hack to have, err, less than a firm factual basis (being polite).

Bruce Schneier, who needs no introduction to anyone concerned about computer security issues, has a quite different take on those claims.

Bruce writes:

Russia has attacked the U.S. in cyberspace in an attempt to influence our national election, many experts have concluded. We need to take this national security threat seriously and both respond and defend, despite the partisan nature of this particular attack.

There is virtually no debate about that, either from the technical experts who analyzed the attack last month or the FBI which is analyzing it now. The hackers have already released DNC emails and voicemails, and promise more data dumps.

While their motivation remains unclear, they could continue to attack our election from now to November — and beyond.

If you have read those “expert” reports carefully, you will remember that despite positive claims of Russian responsibility, the attribution dissolves into “…we have seen this before… (no offers of what has been seen before),” and “…this is characteristic of … (again, no data)” and similar statements.

Perhaps Bruce trusts these experts in the absence of data that connects all the dots.

But in any event, what do you make of his claim that truth telling about the DNC is “…a national security threat against our democracy…?”

So far as I know, no one has denied the documents leaked about the DNC. Given the time lapse and subsequent events, I take it that everyone accepts the documents are a truthful report of the emails and documents of the DNC.

People have been embarrassed, people have resigned, the public has been slightly disabused of any idealistic notions about the political process, a rare interjection of truth into the political process has occurred, but I’m not seeing “…a national security threat against our democracy….”

How can anyone, Bruce included, claim that truth telling ever rises to the level of a “…a national security threat against our democracy….”

I’m probably old-fashioned but I was taught that truth telling was the basis for meaningful democracy, not a threat to it.

Would you deprive voters of truthful information based on its point of origin?

Shouldn’t voters (who are voting after all) be allowed to decide what weight they will or will not give even truthful information?

PS: Attacks on voting machines and election mechanisms are in a different (criminal) category from the disclosure of truthful information. But we should be thankful that foreign powers haven’t adopted the US practice of assassination to influence elections.

« Newer Posts

Powered by WordPress