Court rules Stingray use Without a Warrant Violates Fourth Amendment

The Washington DC Court of Appeals overturned a Superior Court conviction of a man who was located by police using a cell-site simulator, or Stingray. The court ruled that the defendant’s Fourth Amendment rights were violated when law enforcement tracked down the suspect using his own cell phone without a warrant.

Stingrays work by pretending to be a cell tower and once they’re brought close enough to a particular phone, that phone pings a signal off of them. The Stingray then grabs onto that signal and allows whoever’s using it to locate the phone in question. These sorts of devices are used by a number of different agencies including the FBI, ICE, the IRS as well as police officers. However, those agencies will no longer be able to (legally) use the devices.

Continue reading

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs

Bleeping Computer reports that Google engineer Ivan Fratric ran security tests on the 5 most popular web browsers. The test found 17 security bugs in Safari’s DOM engine, the worst of any of the 5 web browsers tested.

NOTE: “DOM” stands for Document Object Model, a platform and language-neutral interface that will allow programs and scripts to dynamically access and update the content, structure and style of documents. A “DOM engine” is that piece of software which takes a parsed XML or HTML document into something that is readable on your computer’s screen.

Fratric took today’s top five browsers — Chrome, Firefox, Internet Explorer, Edge, and Safari — and subjected them to 100 million fuzz tests with Domato.

Continue reading

Google Chrome Most Resilient Against Attacks, Researchers Find

Researchers have analyzed Google Chrome, Microsoft Edge, and Internet Explorer, and found Chrome to be the most resilient against attacks.

The researchers assessed these barriers, and concluded that:

  • Chrome is the most resilient against attacks due to a tight lockdown of components, separation of duties, and greater identifiable vendor efforts for automated vulnerability discovery.
  • The security level of Internet Explorer is decreased due to a weakened sandbox (Protected Mode).
    Microsoft Edge is more hardened against exploitation than Internet Explorer due to the stronger sandboxing and the absence of dangerous legacy technologies.
  • Chrome supports more modern web technologies that might increase attack surface such as WebAssembly and HTML5 features.
  • Reaching dangerous legacy functionality from Microsoft Edge is easier than in Chrome. For example a fallback to Internet Explorer is suggested by the Edge UI on certain websites by default.

Continue reading

Shonin Streamcam Wearable Camera: Is that a good thing? Or a bad thing?

I don’t know if this is protection for your own privacy and your body or if it is an invasion of privacy for you and everyone around you. I’ll let you decide.

You know those bodycams that many police officers wear? Those are frequently in the news. Law enforcement wants them, many politicians are pushing for them, and communities that already have a strong police presence in their neighborhoods are demanding that the police get cameras now. Civil-rights groups are advocating for them. The White House is funding them.

Now a start-up company wants to sell you a personal bodycam that you can wear. Is that a good thing? Or a bad thing?

You decide. The Shonin Streamcam Wearable Camera is being funded on a KickStarter campaign at: https://www.kickstarter.com/projects/shonin/shonin.

Why Free VPNs are not a Risk Worth Taking

I have written often about the wisdom of always using a VPN to keep your online activities private. (See http://bit.ly/2fucq1F for my past VPN articles.) Now David Gewirtz has written an article telling why someimes you get what you pay for or, even worse, what you didn’t pay for.

Gewirtz writes, “TANSTAAFL. If you’ve read your Heinlein, you know it’s an acronym for ‘There ain’t no such thing as a free lunch.'”

Continue reading

Governments are using a Microsoft Zero-Day Vulnerability to Spy on Windows Computers

Government hackers were using a previously-unknown vulnerability in Microsoft’s .NET Framework, a development platform for building apps, to hack targets and infect them with spyware, according to security firm FireEye. The firm revealed the espionage campaign on Tuesday, on the same day Microsoft patched the vulnerability. According to FireEye, the bug, which until today was a zero-day, was being used by a customer of FinFisher, a company that sells surveillance and hacking technologies to governments around the world.

Details may be found at http://bit.ly/2f6rsO9.

ArmorVPN: The Easiest Way to Use a VPN & Protect Privacy

In my opinion, everyone should use a Virtual Private Network (VPN) when accessing the Internet. Quoting from the information about ArmorVPN on the Kickstarter web site:

“Every day around the world people use the internet for a variety of tasks. It has truly revolutionized life for billions of people. Though it is incredibly easy to use it’s not always safe. A shockingly large number of people are tracked for advertising purposes and monitored for any number of reasons by their own government—even though they are doing nothing wrong. The need for security and privacy increases as we access the internet more and more through smart phones, tablets, streaming services, and smart home devices. There are a few ways to accomplish this, the most trusted being a virtual private network, or VPN.”

In fact, VPN software and hardware has become a “growth industry” in recent years as spying by hackers, criminals, governments, and corporations alike continues to increase. You can now find dozens of solutions that use VPNs to help protect your privacy online. One of the newest, and easiest to implement, solutions is called ArmorVPN.

ArmorVPN is a bit of hardware contained in a small box. It contains everything you need to protect the online activities of your computers, cell phone, streaming TV device, game console, and more. It works with Windows, Macintosh, Android, Apple iOS, and Linux. In fact, the operating system(s) used are unimportant; the ArmorVPN device will work with any device that is capable of communicating on the Internet. If your cell phone is capable of placing calls over the Internet (typically called a VoIP phone), you can even make voice calls with it.

Continue reading