teknoPolitik

main blog site: teknoPolitik.com

Obama administration says the world’s servers are ours

US says global reach needed to gut “fraudsters,” “hackers,” and “drug dealers.”

by  - July 14 2014, 11:12am PDTby  - July 14 2014, 11:12am PDT

Microsoft, Sandyford, Co. Dublin

Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland.

In essence, President Barack Obama’s administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It’s a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border.

A magistrate judge has already sided with the government’s position, ruling in April that “the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.” Microsoft appealed to a federal judge, and the case is set to be heard on July 31.

In its briefs filed last week, the US government said that content stored online doesn’t enjoy the same type of Fourth Amendment protections as data stored in the physical world. The governmentcited (PDF) the Stored Communications Act (SCA), a President Ronald Reagan-era regulation:

Overseas records must be disclosed domestically when a valid subpoena, order, or warrant compels their production. The disclosure of records under such circumstances has never been considered tantamount to a physical search under Fourth Amendment principles, and Microsoft is mistaken to argue that the SCA provides for an overseas search here. As there is no overseas search or seizure, Microsoft’s reliance on principles of extra-territoriality and comity falls wide of the mark.

Microsoft said the decision has wide-ranging, global implications. “Congress has not authorized the issuance of warrants that reach outside US territory,” Microsoft’s attorneys wrote. “The government cannot seek and a court cannot issue a warrant allowing federal agents to break down the doors of Microsoft’s Dublin facility.”

The Redmond, Washington-based company said its consumer trust is low in the wake of the Edward Snowden revelations. It told the US judge presiding over the case that “[t]he government’s position in this case further erodes that trust and will ultimately erode the leadership of US technologies in the global market.”

Companies like Apple, AT&T, Cisco, and Verizon agree. Verizon said (PDF) that a decision favoring the US would produce “dramatic conflict with foreign data protection laws.” Apple and Ciscosaid (PDF) that the tech sector is put “at risk” of being sanctioned by foreign governments and that the US should seek cooperation with foreign nations via treaties, a position the US said is not practical.

The Justice Department said global jurisdiction is necessary in an age when “electronic communications are used extensively by criminals of all types in the United States and abroad, from fraudsters to hackers to drug dealers, in furtherance of violations of US law.”

The e-mail the US authorities are seeking from Microsoft concerns a drug-trafficking investigation. Microsoft often stores e-mail on servers closest to the account holder.

The senior counsel for the Irish Supreme Court wrote in a recent filing that a US-Ireland “Mutual Legal Assistance Treaty” was the "efficient" avenue (PDF) for the US government to obtain the e-mail held on Microsoft’s external servers.

Orin Kerr, a Fourth Amendment expert at George Washington University, said, “The scope of the privacy laws around the world is now a very important question, and this is the beginning of what may be a lot of litigation on the question. So it’s a big case to watch.”

Is James Holmes aka “The Batman Shooter” lawyer/family rep.. also happen to be on the Sandy Hook school board?  Hmm.. inquiring minds want to know!

Is James Holmes aka “The Batman Shooter” lawyer/family rep.. also happen to be on the Sandy Hook school board?  Hmm.. inquiring minds want to know!

Android-based Pwn Phone is prepared to do evil for your network’s own good

Hands on: Pwnie Express takes Ars through its new Android phone for white hat hackers.

image
The Pwn Phone, with its external Wi-Fi adaptor case jacked into its USB port, is prepared to do evil for your network’s own good.

Mobile technology has made it possible for people to do an amazing amount with tablets and smartphones within the workplace—including hacking the living daylights out of the corporate network and other people’s devices. Pwnie Express is preparing to release a tool that will do just that. Its Pwn Phone aims to help IT departments and security professionals quickly get a handle on how vulnerable their networks are in an instant. All someone needs to do is walk around the office with a smartphone.

Pwnie Express’ Kevin Reilly gave Ars a personal walk-through of the latest Pwn Phone, the second generation of the company’s mobile penetration testing platform. While the 2012 first-generation Pwn Phone was based on the Nokia N900 and its Maemo 5 Linux-based operating system, the new phone is based on LG Nexus 5 phone hardware. However, it doesn’t exactly use Google’s vanilla Android.

“What we’ve done is taken Android 4.4 Kit Kat and recompiled the kernel,” said Reilly. “On the backend, it runs our own derivative of Kali Linux, called Pwnix. Essentially it’s running a full-blown Debian OS on the back-end of Android.“

One of the benefits of the recompiled Android kernel is that the Pwn Phone can act as a USB host, just as PCs do. That makes it possible for the Pwn Phone to use external USB adaptors for Wi-Fi, Bluetooth, and Ethernet in addition to its built-in Wi-Fi and Bluetooth adapters. The external adapters for Wi-Fi and Bluetooth extend the Pwn Phone’s attack range and capabilities, and the Ethernet adaptor allows the device to jack straight into a facility’s local wired network for additional attacks.

The result is that the Pwn Phone can handle most of the functions of bulkier, less easily concealed security testing tools at a fraction of the weight—and with even less of the potential suspicion. This new generation of the Pwn Phone (and its larger cousin, the Pwn Pad) also makes it a whole lot easier for people without a great deal of penetration testing experience to quickly get up to speed and dig into potential vulnerabilities. Using the new Pwn devices can quickly convince you that it’s important to turn Wi-Fi off on your phone when you’re in a public place.

The Pwn Phone comes with a total of 103 network monitoring and attack tools loaded, 26 of which have been configured for launch by touch from the device’s home screen. While all the tools run in a terminal window and have a character-based interface upon launch, some of the 26 touch-optimized tools require just one touch to execute. Others have been given menu-driven interfaces to reduce the amount of thumb-typing required to launch them effectively.

One of those “one-touch” penetration testing tools is EvilAP, a tool for creating a “malicious” Wi-Fi access point that can detect and respond to the Wi-Fi probe requests sent by devices as they look for previously used wireless access points. EvilAP can use the phone’s wireless broadband connection or another network to then pass through network requests while the phone’s user launches other attacks on the traffic. (These can include SSL Strip “man-in-the-middle” attacks against secure Web sessions.)

image
Enlarge / SSL Strip running on the Pwn Phone.

Other tools in the touch collection include: the network mapping tool Nmap; Strings Watch (a tool that watches for text within packets); the Tshark and Tcpdump packet analysis tools; the Metasploit and dSploit penetration testing toolkits; and the Kismet and Airodump wireless network monitoring tools.

Of course, if you’d rather not do any thumb typing at all while wandering around a targeted area for stealth purposes, a good portion of Pwn Phone’s functionality can be controlled remotely. Just as with Pwnie Express’ other penetration hardware, the Pwn Phone can be configured using Web-based administration tools over one of the six covert channels provided in the phone’s toolset to connect through the network being tested or through its wireless broadband connection. And a remote terminal session to the phone can be opened via a reverse-SSH connection back to a PC. That means security surveys can be done without the Pwn Phone-carrying foot soldier ever pulling the phone out of his or her pocket. A remote security pro can even handle the whole show without leaving home.

Data collected by the tools—such as logs for packet captures from Tshark (the text-based version of the WireShark packet capture tool) and captured text from the Strings Watch packet monitoring tool—are stored in the phone’s 32 gigabytes of local storage. If you need to make all the data go away quickly, there’s a one-touch application that restores the phone to factory settings. It’ll wipe away any sign that the phone might have been up to no good.

These are all capabilities that Pwnie Express already offers in a slightly larger form factor: the Pwn Pad 2014, based on Google’s Nexus 7 tablet and Android 4.2 (“Jelly Bean”). The only real difference between the Pwn Phone and the Pwn Pad is form factor and price. The Pwn Phone will sell for around $1,295, while the Pwn Pad is priced at $1,095. Of course, if you’d rather piece together your own Pwn Phone on an existing Nexus 5, there will eventually be a community version of the software available for download.

Google files patent for smart contact lenses with tiny camera: What you should know

Google Smart Lense

Google is looking to continue its advances in wearable tech, with their announcement of a patent pending for contact lenses that can help the vision-impaired.
(Photo : Google)

Google is continuing to push forward on the wearable technology, announcing it has filed a patent for contact lenses that have a tiny camera on them, making Google Glass seemingly appear archaic even before its general public launch later this year. Having a camera on your eye may not be a thing of science fiction and Google believes it can take the world there.

The company says it has a patent pending for what would see contact lenses with a small camera and sensors placed into the lens that could be controlled simply by blinking. This, Google believes, would assist the blind in managing their daily lives as well as allow those who can see to take pictures by just looking at what they want to record.

Don’t get your hopes up just yet, as the patent pending is still only a hypothetical future tech, with the patent taking from the controversial Google Glass head wear and the company’s tear-scanning contact lenses.

The idea driving the future contact lenses is the blind and vision-impaired. The company hopes that the lenses can assist them in crossing roads and managing blockages in their path by sending signals to an accompanying smartphone that warns of pending problems.

Although Google had submitted the patent in 2012, the company only revealed the new technology idea on April 15 as its Glass was being given a one-day sale across the country and continues to change public perception of the glasses which have sparked attacks and isolation for those wearing them.

The proposed lenses could enable those not vision-impaired the opportunity to view the world in a completely different manner, changing focus and using a wider view of the world, all through blinking and thinking.

Like Google Glass, the new contact lenses could provide even more turmoil in the realm of privacy, with those who have attacked Glass as infringing on one’s right to privacy - Glass users can take video and images through simple voice commands - coming out in full forced against the proposed lenses. It could continue to create major schisms in the public over Google and its future-thinking technologies.

Even still, the techies across the globe are likely whetting their appetites for a new, vastly futuristic product that could continue to change the technology that we could one day be wearing on our heads, or in our eyes.

Responsive Web Design: A Quick Overview

What is Responsive Web Design?

The term, “Responsive” and “Adaptive” have been thrown around quite a bit this past year as it has become that “catch phrase” everyone uses, but very few seem to understand.  I am writing this in hopes that everyone here at BWA once and for all understand what responsive sites are, and why they are the new “Standard” in HTML web development.

You can create a flexible website that fits beautifully on any device, rather than having to create and maintain separate versions for each device.”

Within the field of Web Design/Development, we’re quickly getting to the point of being unable to keep up with the endless new resolutions and devices being offered by new consumer electronics products.  When in the past as web developers we were only responsible for developing for 1 form factor.  That being the desktop.  As time went on with the release of mobile browsers the requests for a “mobile ready” website became the standard.  During the first generation of devices, back when we were only dealing with 2-3 different mobile devices it made sense to just design a completely different site and style sheet for the mobile phone.  But over time more devices came to market, the resolutions became more varied and more complex.  Standards are set by device adaption rates.  So it took time before new standards in resolutions and display qualities to be set by the market.  Eventually with a saturation of new devices, the old way of doing a mobile site became unrealistic because you would essentially be a designing and building 5 separate sites which wouldn’t necessarily guarantee that your site would render correctly on future devices released.

in order to counter the lack of control we have with handset manufactures and standards bodies themselves it was in the best interest of the industry to develop a new way of developing mobile ready websites.  “Responsive” frameworks such as Twitter’s Bootstrap were released to the public for developers to utilize in future web development.

The Concept of Responsive Web Design

"Recently, an emergent discipline called “responsive architecture” has begun asking how physical spaces can respond to the presence of people passing through them. Through a combination of embedded robotics and tensile materials, architects are experimenting with art installations and wall structures that bend, flex, and expand as crowds approach them. Motion sensors can be paired with climate control systems to adjust a room’s temperature and ambient lighting as it fills with people. Companies have already produced “smart glass technology” that can automatically become opaque when a room’s occupants reach a certain density threshold, giving them an additional layer of privacy.” - http://alistapart.com/article/responsive-web-design

Websites that “Bend, Flex, and expand as crowds approach them”

Unlike in the past where we created Pixel Perfect representations of a website from a photoshop compilation the new way of doing things is to keep things “Fluid”.  Rigid constraints in your designs are not advised.  We have seen this influence cascade over a lot of the new websites out there.  Sites today need to be creatively designed to bend and flex to unforeseen future devices that have yet to be released to the market, but will obviously be used in the future to render sites on.  Today in web development and design we not only have to contend with the limitations of the desktop browser, but also ensure that the site will render in a readable manner for devices that range from Television browser, mini-tablets, full-size tablets, E-Readers, Phablets, and Mobile phones.

Responsiveness Starts at the Design Stage, not the Development Stage

It’s unfair to require developers to try and adapt non-responsive designs into a responsive website.  Therefore its very important that companies start to introduce “Developer Driven Design” into their creative work flows.  A designer can no longer just get by with design, they have to understand the technology building their designs in order to correctly design for that technology.  For example, it would be unfair to ask a designer to mock up an iPhone app, and then expect a developer to turn it into a working Android app that looks the same.  This just is impossible to do if doing the process backwards.  Designers need to understand how Responsive sites work, and why they are the way they are.  That way expectations aren’t set that are unrealistic for responsive website development.

It is important that these new “Responsive Concepts” are thought of from the beginning of the creative process and carried through to the development stage.  Developers like myself expect to receive “Responsive designs” from creative.  Sure we can work our magic at times to adapt certain non-responsive designs into a responsive format, but we are limited by the capabilities of all the moving parts!  The CMS down the version of jQuery being used can regretfully have very strict requirements that prohibit the seamless adaption of non-responsive designs into responsive designs.  It is vitally important that everyone come to the same conclusions when asked to define what “Responsive” actually means, and is.  Otherwise, miscommunication will continue to plague us as we move forward.

Responsive versus Native WebApp, and Native App

Responsive Websites are defined as HTML5/CSS/Javascript built sites that are accessible through a standard HTTP browser.

Native WebApps are defined as being an HTML5/CSS/Javascript app built using a mobile application framework such as PhoneGap which compiles browser based web technologies into a native application package that can be distributed through an AppStore, but also can be accessed via browser.  More or less, you have two front-ends that are using a common API and backend.

Native Apps are defined as being mobile applications built in either Android Java or Apple’s Objective C.  These applications execute faster on mobile devices because their is a layer of abstraction taken out of the equation.

We can Mash it Up!

Responsive sits, Native WebApps, and Native Apps can all co-exist together because they can be all submitting and saving data to a common database through a common API.  However, it needs to be understood that you are literally deploying two completely different technologies when doing so.  1 being web based scripting languages like HTML/CSS/Javascript, and the other being proprietary versions of Java and Objective C.

Going Forward

There have been 200+ page books solely devoted to the concept of “Responsive Web Design” so its really impossible for me to cover every aspect of this in one email.  However, the only way to really learn this is to read, and learn it.  So I have included a couple links below that give very detailed and also not-so detailed summaries of what Responsive is.

Resources to be read and understood by all!

Smashing Magazine’s Guidelines for Responsive Web Design - http://coding.smashingmagazine.com/2011/01/12/guidelines-for-responsive-web-design/

A List Apart’s Write up on Responsive Web Design

http://alistapart.com/article/responsive-web-design

Why 2013 Is The Year of Responsive Web Design

http://mashable.com/2012/12/11/responsive-web-design/

Beginner’s Guide to Responsive Web Design

http://blog.teamtreehouse.com/beginners-guide-to-responsive-web-design

Why User Responsive Web Design? - Video

https://www.youtube.com/watch?v=iSY38POjLYc

Currency 2.0 - Bitcoin

As far as money is concerned, much of the headline press over the past five years has focussed on how little of it is floating about these days. But despite the headlines something else has been happening in the world of money, something more fundamental is being engineered and entirely new models for the representation, storage and transfer of currency are being proposed, prototyped and adopted. A new paradigm is fast emerging with potentially profound implications, offering opportunity and risk in equal measure. Welcome to Bitcoin.

Born in 2008, and representing a new generation of digital currency, Bitcoin enables people anywhere to store and transfer payments though a global decentralised peer-to-peer network. Transactions do not pass through any financial institution and Bitcoin is not owned or controlled by any company or government; it is opensource, borderless, and accessible to any internet user. Transactions are processed near instantly at close to zero cost and cannot be blocked, seized or interfered with. 

Bitcoin 101 – your 30 second introduction!

  • Bitcoin is a decentralised virtual currency; it lives on the internet and can be stored or transferred between users without relying on the processing infrastructure of any third party.
  • User accounts are held as digital wallets on smartphones/computers; each wallet is represented by an address, and holds the key to access funds linked to that address.
  • Bitcoin is a crypto-currency, with simple but extremely secure encryption techniques controlling the ability of users to access and move currency.
  • There are around 12 million Bitcoins in existence today and only 21 million will ever exist, new Bitcoins are released gradually through a process designed to reward network users for validating and  processing transactions, which are then stored within an ever growing public ledger known as the blockchain and which contains every transaction ever processed. 
  • Each Bitcoin is divisible into 100 million units, at all times each unit is allocated to an owner (or wallet address) within the blockchain, and can only be moved when authorised by the owner using a unique private key.
  • Bitcoin is a deflationary currency: this is radically different from most traditional fiat currency models which typically experience consistent inflation as a result of new monetary supply.
  • For more info on the basics of Bitcoin, just check out some of the infographics on Twitter.

Five years on, the fledgling currency is gaining traction. Stats for just one of the many available digital wallet applications show over 3.5 million downloads, the value of a Bitcoin has appreciated over 1000% in the past year, and the platform network boasts more than twice the dedicated processing power than the top 500 supercomputers in the world, combined.

Smart money

People are getting excited, and it’s not just the geeks. Venture capital likes disruptive technology, and Bitcoin is the poster child for disruptive potential. Bitcoin presents an entirely new model for the way in which money is denominated, issued, stored, exchanged, received, monitored and controlled. Widespread adoption would redefine consumer behaviours in traditionally hard-to-penetrate markets and the race to claim what may become a lucrative new landscape is well underway.

Adoption is currently highest in the US, UK, Germany and China. However, emerging regulatory obstacles are likely to produce a short term deceleration in growth amongst western markets. Legislation must adapt to ensure the usage and taxation policy toward Bitcoin denominated trade and earnings is clear and enforceable, as well as to guarantee consumer security within the marketplace as it evolves at tremendous speed. Finally it must keep pace with new forms of criminal activity perhaps best exemplified by the anonymous Silk Road, until recently a thriving anonymous marketplace for prohibited goods, with trade denominated entirely in Bitcoin.

Far more interesting is the emergence of Bitcoin technology amongst less developed communities such as Kenya, where access to traditional bank accounts is limited and the past decade has seen explosive adoption of new mobile phone-based payment services such as M-PESA. Kenya’s population is primed for the type of solution offered by Bitcoin, and the recent launch of a phone-based Bitcoin wallet providing direct integration with M-PESA accounts provides a platform for widespread adoption amongst communities in which there is genuine need for accessible, ultra-low cost capabilities.

What about traditional banks?

If Bitcoin were to achieve the mainstream adoption some believe it is capable of, the implications to retail banking would be seismic, with declining demand for traditional banking services (cash storage, payment, balance checks, international transfers and foreign exchange to name a few) as consumer behaviour shifts toward alternative technology.

To survive such a transition retail banking institutions should embrace new technology and redefine their value proposition for tomorrow’s market, emphasis must shift away from exclusive ownership of customer accounts and associated transactional activity, towards lightweight, collaborative and community-driven operating models supported by new value added products and services. Beyond this organisations must leverage all the power of social community and learn how to harness the big data goldmine that is the blockchain to deliver truly powerful social finance capabilities.

Watch this space

The future of Bitcoin is far from certain. Its risk profile is still enormous and the currency is simply not ready for widespread adoption today. For now though it’s not the price of Bitcoin we should be watching but the real case studies of economic value emerging from those who choose to try it. It’s a money game after all and, regulatory hurdles aside, the survival of Bitcoin will ultimately be determined the true economic value it offers.

Tyler Welmans
Tyler is an emerging technology evangelist with a background in business analysis and customer experience transformation across the public sector, private sector and FSI industries.

Connect with Tyler on Twitter and Linked In

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

This is my brain on Technology and Politics. The two things that make our world go around!

twitter.com/TeknoPolitik

view archive



About Us

Ask me anything