TekThing 126 – Best Nintendo Switch Accessories, Free Music Servers, Chocolatey Package Server, Soldering Irons!

Top 5 Nintendo Switch Accessories, Free Music Servers, Install Windows Apps With Chocolatey, Soldering Iron Picks!
——
02:28 Best Nintendo Switch Accessories!!!
Looking for the best accessories for your Nintendo Switch? Find out why Shannon’s uses these 5 items every day with her Switch:
Anker PowerCore+ 20100 USB-C, Belkin DuraTek Kevlar USB-C to USB-C cable, Nintendo Switch Pro Controller, HORI Nintendo Switch Screen Protector, and the Nintendo Switch Console Case – Zelda Style
http://amzn.to/2rl2zPU
http://amzn.to/2rl80yx
http://amzn.to/2rl3HmP
http://amzn.to/2rkxLOu
http://amzn.to/2rlqezN

10:31 Free Music Servers
Anonymous writes, “As the father of 2 teenage boys we have desktops, tablets, laptops, phones, game consoles, iPhones, iPads, etc.. our digital music library that is starting to get pretty big. Is any software or hardware combo that can work on all or most of my household items to share the music and play lists, without costing much if possible?” Find out what we’d use in the video!
https://play.google.com/store/music?hl=en
https://www.plex.tv/
http://www.universalmediaserver.com/
https://www.howtogeek.com/215400/how-to-turn-your-computer-into-a-dlna-media-server/
http://www.thewindowsclub.com/turn-windows-10-computer-dlna-streaming-server

16:57 Chocolatey Package Manger
“Install any program in seconds with a quick command.” OK, command line install, apt get style, for Windows apps… let’s install and review the Chocolatey Package Server! (No, it’s not the same as Windows Package Manger!)
https://chocolatey.org/
https://blogs.technet.microsoft.com/packagemanagement/2015/04/28/introducing-packagemanagement-in-windows-10/

23:45 Awesome Soldering Irons!
@skywisefahr tweets, “Have a quick question. What soldering station do you use in the shop/on the truck/in the field? (friend killed a Weller)” What works in the truck/in the field is kind of silly to use in the shop ’cause electricity from the wall is a lot cheaper and more convenient than the cans of butane a portable iron uses… watch the video for our picks of workshop tools like Weller’s WES51 and WLC100, Hakko’s FX888D, and 508, why everybody should own Hakko’s 599B-02 Solder Tip Cleaning Wire, and portable options, like the Power Probe PPSK and Portasol P-50!
https://twitter.com/skywisefahr/status/861437304950452225
http://amzn.to/2qLJ6ex
http://amzn.to/2pEKRtO
http://amzn.to/2qLw3cQ
http://amzn.to/2pPjHfM
http://amzn.to/2qLwaFi
http://amzn.to/2rkU6MV
http://amzn.to/2pPBDXA
——
Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn’t be able to make the show for you every week!
https://www.patreon.com/tekthing
——
EMAIL US!
ask@tekthing.com
——
Amazon Associates: http://amzn.to/2gm9Egf
Subscribe: https://www.youtube.com/c/tekthing
——
Website: http://www.tekthing.com
RSS: http://feeds.feedburner.com/tekthing
THANKS!
HakShop: https://hakshop.myshopify.com/
——
SOCIAL IT UP!
Twitter: https://twitter.com/tekthing
Facebook: https://www.facebook.com/TekThing
Reddit: https://www.reddit.com/r/tekthingers
——

Source: Security news


Source: Zologic

Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached

Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential security breaches and attacks in process.

You can use Anomali Reports with lots of data sources with Anomali Link. We also have a number of SIEM integrations including Arcsight, QRadar, and Splunk too. In this post I’ll show you how to use Anomali Reports with Splunk in 3 simple steps.

1. Sign up for a free Anomali Reports account

You can sign up for a free account at: https://reports.anomali.com/registration

Once you’ve signed up you’ll be assigned a username and API key.

2. Download and configure the Anomali Link Splunk App

You can download the latest version of the Anomali Link Splunk App from: https://splunkbase.splunk.com/app/3151/

Once downloaded, install the app on a standalone Splunk Search Head in the normal way. Once installed on Splunk you will be prompted to configure the settings for the app.

Select “Anomali Reports” as the destination.

If you are a Splunk Enterprise Security customer or a Anomali Threatstream Customer (with the Threatstream Splunk App installed) you can use the relevant data model. Otherwise select “Do not use any data model”. Selecting this option relies on your Splunk events being tagged with either tag=web or tag=network. Read more about configuring Splunk tags here.

You must then add the “Username” and “API Key” generated during step 1 when you created your account. Leave the other fields as the defaults.

Finally, test the connection between Splunk and Anomali Reports works correctly by selecting “Check Anomali Link Status” on https://reports.anomali.com/report-download . You should see a success message like the screenshot above.

3. Your first report, of many

Splunk events will now be sent to Anomali Reports for matching against known threats. All you need to do is sit tight, we’ll email you when your report is ready. You’ll be able to view it online or download it in PDF and CSV formats to share.

Your Threat Analysis Report will contain potential threats we’ve identified within your environment including:

  • Malware domains and hashes
  • C2 domains
  • DDOS IPs
  • + much more

Need some help?

If you have any questions or suggestions about Anomali Reports, please do let me know via the Anomali Forum: https://forum.anomali.com/

If you’re not a Splunk user, sign up for a free Anomali Reports account for detailed instructions on connecting to other data sources and SIEM integrations: https://reports.anomali.com/registration


Source: Honeypot Tech

Make with Minecraft Pi in The MagPi 58

Hey folks, Rob here! What a busy month it’s been at The MagPi HQ. While we’ve been replying to your tweets, answering questions on YouTube and fiddling with our AIY Voice Project kits, we’ve managed to put together a whole new magazine for you, with issue 58 of the official Raspberry Pi magazine out in stores today.

The front cover of The MagPi 58

The MagPi 58 features our latest Minecraft Pi hacks!

Minecraft Pi

The MagPi 58 is all about making with Minecraft Pi. We’ve got cool projects and hacks that let you take a selfie and display it in the Minecraft world, play music with Steve jumping on a giant piano, and use special cards to switch skins in an instant. It’s the perfect supplement to our Hacking and Making in Minecraft book!

AIY Voice Projects

It’s been great to see everyone getting excited over the last issue of the magazine, and we love seeing your pictures and videos of your AIY Voice projects. In this issue we’ve included loads of ideas to keep you going with the AIY Projects kit. Don’t forget to send us what you’ve made on Twitter!

Issue 57 of The MagPi, showing the Google AIY Voice Projects Kit

Show us what you’ve made with your AIY Voice Projects Kit

The best of the rest in The MagPi 58

We’ve also got our usual selection of reviews, tutorials, and projects. This includes guides to making file servers and electronic instruments, along with our review of Adafruit’s Joy Bonnet handheld gaming kit.

A page from The MagPi 58 showing information on 'Getting Started with GUIs'

You can get started with GUIs in The MagPi 58

You can grab the latest issue in stores in the UK right now, from WHSmith, Sainsburys, Asda, and Tesco. Copies will be arriving very soon in US stores, including Barnes & Noble and Micro Center. You can also get a copy online from our store, or digitally via our Android or iOS app. Don’t forget, there’s always the free PDF as well.

We hope you enjoy the issue! Now if you’ll excuse us, we need a nap after all the excitement!

The post Make with Minecraft Pi in The MagPi 58 appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic

Ransomware- A Tech or Human Problem?

If you hadn’t heard of ransomware before WanaCry, you’ve heard of it now. Ransomware is a specially designed piece of malware that blocks a user’s access to their files or even to the system itself. It is able to bypass many security controls because its behavior isn’t inherently malicious- it denies access to and encrypts data as a normal security application would. The issue is that the wrong person is in control.

Regaining access involves paying the ransom within an allotted period of time through bitcoin, a crypto-currency that eludes tracking by cybersecurity researchers or law enforcement agencies. Those who fall victim are typically encouraged by security vendors not to pay the ransom. There are two main reasons for this- victims can’t be sure that payment will actually allow them to access their data, and success for hackers encourages further crime.

Ransomware can take many forms:

  • Lockscreen – Locks your screen and prevents users from accessing the system. In this case the files are not encrypted.
  • Encryption – Encrypts and changes your files so that the owners can’t access their files. This is also known as cryptoransomware, and is the most widespread. It is also probably today’s most worrisome cyberthreat due to its commonality and destructive nature
  • Mobile device ransomware – Infects cell-phones (typically Android) through “drive-by downloads” or fake apps.
  • Master Boot Record (MBR) – Interrupts a computer’s normal boot up process displaying a ransomware message.

The most recent wave of ransomware, “Wana Decrypt0r 2.0” (a.k.a Wanacry) appeared on Friday, May 12th, and quickly spread across the globe. It appears to be the first case of worm functionality integrated into a piece of ransomware itself. It has been determined that the ransomware spreads on its own by scanning for systems vulnerable to MS17-010 (a vulnerability within Microsoft’s SMB protocol) and then using that exploit to deliver the ransomware to that system (for a full breakdown of Wanacry’s origin, methodology, and current status, check out Anomali’s page, Wanacry).

Unfortunately, incidents like Wanacry are only going to become more prolific and complex. Advanced tactics such as mutating hashes make it nearly impossible for traditional signature-based detection to effectively warn of malware, bringing into question the effectiveness of the usual first line of defense, antivirus software. This isn’t to say that people shouldn’t invest or trust in antivirus software, but rather that one line of defense is no longer adequate.

Another reason we’ll see increased incidents of ransomware is that it’s no longer limited to those who have the technical ability to develop it. Packages are advertised on the Dark Web with assurances of untraceable technology and even recommended ransom prices. So-called “script kiddies” can purchase and deploy malicious software at will.

The scope of targets for ransomware is also growing. Industries such as healthcare were thought to be off-limits due to the potentially fatal consequences, but a rise in attacks has shown otherwise. Blocking access to a hospital’s information is quite literally a matter of life and death, but adversaries know that blocking access to critical information can be more disruptive to a business than releasing private information. When lives are endangered organizations are that much more likely to pay.

So there’s one thing we know for certain- ransomware is here to stay and it’s constantly evolving. The natural follow-up question is “what can we do?”. The exact measures will depend on the kind of system you’re trying to protect. Many of these prevention tactics you’ve heard – backup your data in the Cloud and on an external hard drive, update your systems and patch vulnerabilities, and watch where you click.

Collaboration across organizations and individuals is also a highly effective method of prevention and mitigation. Different groups have different areas of expertise, and sharing experience or research on various types of ransomware helps to dilute their effectiveness.

Our technical capabilities will also inevitably progress as adversaries improve theirs. What isn’t guaranteed to progress is the public’s understanding of these attacks. This is critical because few if any ransoms could ever succeed without taking advantage of human behaviors. Social engineering isn’t a new concept but it is a continuously problematic element. A company can invest thousands and thousands of dollars into advanced security systems, but if one single person clicks a phishing email, everything grinds to a screeching halt. An individual might click a suspicious link without thinking twice simply because it looks like what they’d expect to find.

Preventing the next Wanacry will require more than just following best practices- it will necessitate a more-widespread understanding of cybersecurity at the individual level. As technology becomes more ingrained within our lives, so too should our knowledge of how those systems can be abused. This is especially important as other systems become more common and inevitably vulnerable, such as with mobile phones and the Internet of Things (IOT). As always, prevention is the best cure.


Source: Honeypot Tech

4 Reasons the Vulnerability Disclosure Process Stalls

The relationship between manufacturers and researchers is often strained. Here’s why, along with some resources to help.
Source: Vulnerabilitys & Threats

The Pi Who Loved Me

Fancy yourself as James Bond? In honour of national treasure Roger Moore, we think it’s high time we all became a little more MI5 and a little less MIDoneYet?

James Bond GIF

It’s been a while and M is worried you’re a little…rusty. Best head back to training: go and see Q. He has everything you need to get back in shape, both physically and mentally, for the challenges ahead!

Training Camp

Q here. Good to have you back.

James Bond Q

First things first: we need to work on your skills and get you ready for your next assignment. Let’s start with your reaction times. Quick reactions are critical in handling stealthy situations and avoiding detection.

Head into my office and grab a Raspberry Pi, an LED, and a button to build your own Python Quick Reaction Game. Not only will it help you brush up on your quick thinking, it’ll also teach you how to wire a circuit, use variables, and gather information. This could be key in getting you out of some sticky situations further down the line if you find yourself without one of my gadgets.

James Bond Q

Though speaking of…have you seen our See Like a Bat echolocation device? I’m rather proud of it, even if I do say so myself. Now, even in the darkest of times, you can find your way through any building or maze.

Gathering Intel

We’ll need you to gather some important information for us. But what can you do to make sure no one steals your secret intel? We’d like you to build a Secret Agent Chat Generator to encrypt information. Once you have completed it, send the information to M via this Morse Code Visual Radio.

To do this, you’ll need a Morse Code key. You can find them online or at your local war museum, though they may not care for your taking theirs. But we’re spies. And spies are experts in taking forbidden artefacts. After all, this is what your Laser Tripwire training was for. Oh, you haven’t completed it yet?

James Bond GIF

Well, get to it. Time’s a-wasting!

Locks and Detection

You’re done? Good. Back to the intel.

Until you can find a Morse Code key, why not hide the information in this Sense HAT Puzzle Box. It’s a wonderful tool to help you learn how to create loops and use conditional statements and functions to create ‘locks’.

You’ll also need to…wait…did you hear that? Someone is listening in, I’m sure of it. Check the Parent Detector to see who is trying to spy on us.

Surveillance

James Bond GIF

Are they gone? Good. Phew, that was a close one. We can’t be so careless in the future. Let’s set up a Raspberry Pi Zero Time-Lapse Camera for constant surveillance of the training camp. You could also attach the camera to your glasses. No one will notice, and you’ll be able to record images of your missions – vital for debriefing.

James Bond seal of approval

Right. That’s all from me. Report back to M for your mission. And remember, this blog post will self-destruct in five…wait, wrong franchise.

Good luck!

Roger Moore GIF

Puns

Other Raspberry Pi/James Bond puns include:

  • Live and Let Pi
  • MoonBaker
  • GoldenPi – Starring Pi-s Brosnan
  • Pifall
  • You Only Live Pi-ce
  • Tomorrow Never Pis
  • Pi Another Day
  • Pi-monds Are Forever
  • For Your Pis Only

Any more?

The post The Pi Who Loved Me appeared first on Raspberry Pi.


Source: RaspberryPi – IOT Anonimo

Source: Privacy Online


Source: Zologic

Commission launches public consultation on Database Directive

The Database Directive, adopted in 1996, aims at encouraging the development of databases through appropriate legal protection and the use of data. The Commission launches today a consultation to understand better how the Database Directive is used, to evaluate its impact on users and to identify possible needs of adjustment. Since the entry into force of the Directive, the database market, and more generally the role of data in the economy, has evolved. The Commission has recently presented several initiatives to boost the European data economy. 
Source: Know your digital rights – respect your privacy

Source: Privacy Online


Source: Zologic

The Best $100 Waterproof Bluetooth Speaker?! UE Wonderboom vs UE Roll 2 – TekThing Short

Ultimate Ears just came out with the new Wonderboom Waterproof Bluetooth Speaker, but is it good enough to upgrade? We compare the UE Boom 2, Roll 2, and Wonderboom to find out which is best!

Wonderboom: http://amzn.to/2ppq8dr
Roll 2: http://amzn.to/2r5zbfH
Boom 2: http://amzn.to/2qxzu6Q

——
——
Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn’t be able to make the show for you every week!
https://www.patreon.com/tekthing
——
EMAIL US!
ask@tekthing.com
——
Amazon Associates: http://amzn.to/2gm9Egf
Subscribe: https://www.youtube.com/c/tekthing
——
Website: http://www.tekthing.com
RSS: http://feeds.feedburner.com/tekthing
THANKS!
HakShop: https://hakshop.myshopify.com/
——
SOCIAL IT UP!
Twitter: https://twitter.com/tekthing
Facebook: https://www.facebook.com/TekThing
Reddit: https://www.reddit.com/r/tekthingers
——

Source: Security news


Source: Zologic

Government Hacking: Evidence and Vulnerability Disclosure in Court

Location

United States

On April 5, CIS and Mozilla hosted the final event in a series of discussions designed to identify and debate important policy issues related to the practice of government hacking. This event focused on evidentiary issues and court disclosure of vulnerabilities. Participants included a computer security researcher, a federal public defender, and a judge. The following summarizes the issues discussed during the event.

 

When law enforcement remotely accesses and searches computers, it presumably does so to collect evidence for use in criminal prosecutions. Doing so, however, raises evidentiary and procedural questions that have gone relatively underexplored in policy debates over government hacking.

 

How can we ensure that judges understand enough about how a hacking tool works to meaningfully authorize and oversee its use and ensure it complies with the law? Are the details of hacking techniques material to the case? If so, does the defendant have a right to obtain those details in discovery? If yes, can protective measures uphold that right while letting the case move forward, or will dismissal sometimes be more appropriate? What about the vendor and its users, who will not get notice of vulnerabilities exploited by investigators? If a presumption of disclosure evolves, what does that mean for government hacking’s robustness as an investigative tool?

 

  1. Background

 

In recent years, the Federal Bureau of Investigation (FBI) has used “network investigative techniques” (NITs) on at least two occasions to identify computer users masking their IP addresses by using the Tor web browser. In one, the FBI deployed a NIT against visitors to the “Playpen” child-pornography server that it had seized.

 

The Playpen operation has spawned well over a hundred prosecutions nationwide. In dozens of them, the defendants have challenged the use of the NIT, seeking (to varying degrees of success) to exclude evidence derived from the NIT and to compel the government to disclose details of how it worked. As panelist Nicholas Weaver explained here and here, the NIT comprises several components, two of which the government refuses to disclose to defendants: the vulnerability and the exploit.

 

Law enforcement may use hacking not only to identify a computer user, but also for other purposes such as: (1) to collect evidence stored on the computer; (2) to collect evidence going forward (through keystroke monitors, the camera, or the microphone); and/or (3) to disable functionality (such as full-disk encryption) that might impede evidence-gathering if the computer is seized. The Playpen cases don’t represent all of these goals, but they provide a framework for discussing issues that will reliably come up when prosecutors use evidence that was collected remotely. They cannot, however, resolve those issues for government hacking more generally.

 

  1. How Do We Educate Courts about Government Hacking Techniques?

 

Courts overseeing government hacking need to understand the technique at both the investigatory stage and during a prosecution.

 

At the investigative phase, when applying for a warrant or other judicial authorization, investigators must explain the hacking technique to the issuing judge. Done properly, this requires an extensive search warrant declaration by a technically-competent affiant. However, the Department of Justice has argued, sometimes successfully, that no warrant is needed to install a NIT to collect users’ IP addresses. And for other forms of judicial authorization, the government’s burden is lower, giving the court less opportunity to learn about and evaluate the technique.

 

Further, the ex parte issuance of warrants means no opposing side to contest the government’s application—which judges often accept without question. This is a problem if the government’s account is inaccurate, misleading, or incomplete, as can happen with novel forms of surveillance (such as Stingray cell phone trackers). The Playpen NIT warrant application described the NIT accurately, but without detailing its components. It is not clear the issuing judge understood she was authorizing the FBI to (in lay terms) put malware on thousands of computers globally.

At the prosecution phase, a robust adversarial process should help educate the court and the jury. However, in the Playpen cases, prosecutors have resisted turning over some information about the hacking technique to the defense team. The government’s decisions about whether to provide certain information in discovery will constrain the court’s and the jury’s understanding of the hacking technique, and whether the evidence obtained pursuant to it can be relied on. That means disclosure in discovery is particularly important to a well-functioning court process.

  1. Should All Information About Exploits Be Disclosed to the Defense?

 

The Case For Disclosure.

 

Defendants have asserted that the Sixth Amendment and Federal Rule of Criminal Procedure 16 entitle them to extensive information about the Playpen NIT. Revealing exploit details may lead to admissible evidence relevant to whether the government has proved its case beyond a reasonable doubt. The information could also corroborate, or rebut, a law enforcement agent’s testimony about the hacking technique. Specifically, such information could help determine whether:

 

  • flaws in the exploit code, or careless FBI execution of it, affected the integrity of data on the machine or data transmitted back to the FBI as evidence,

  • law enforcement deliberately exceeded the scope of the warrant, falsified data on the machine, or otherwise deceived the court,

  • the government’s techniques enabled subsequent unauthorized access by a third party who planted incriminating evidence—either by later re-use of the same vulnerability, or because the government’s exploit made the computer more vulnerable to hacking (both known risks of government hacking).

 

The Case Against Disclosure.

 

In the Playpen cases, the government has acknowledged that some hacking can create risks of third-party access to the defendant’s machine, but has contended (without revealing details) that this particular NIT exploit did not do so, and thus need not be disclosed to the defense. Judges have generally agreed, meeting with skepticism the theory that a third party may have planted child-exploitation images on a defendant’s machine when it is undisputed that he visited the Playpen site.

 

Playpen prosecutors also have argued (for example, in Darby and Gaver) that it is sufficient for them to provide the payload information (IP address and other unique identity information) and data connecting the payload to the defendant’s computer. The strength of this argument will vary depending on the particular tool in question, how it operates, and the information that hacking technique was designed to collect.

 

The government has also asserted a “law-enforcement privilege” against disclosure. As revealed in public filings, the government asserts that disclosure would harm the public interest by diminishing the NIT’s effectiveness in future investigations. That is, once disclosed, the flaw will be patched and the government won’t be able to use it reliably anymore. In the Michaud Playpen case, the court held that the NIT exploit details were both privileged and material to the defense. The government ultimately dropped the case. But Michaud is unusual: most courts (including that same judge in another Playpen case) have found the defense was not entitled to disclosure.

 

Another option is classification. After the Playpen cases began, the government, citing national security, classified parts of the NIT: “portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool.” Under the Classified Information Procedures Act (CIPA), which governs use of classified information in criminal proceedings, prosecutors won’t disclose classified information to defense counsel or experts unless they get a security clearance.

 

Given defendants’ Rule 16 and Sixth Amendment rights, the government’s concerns about ongoing viability of its vulnerability arsenal, and courts’ limited ability to understand each remote search tool in the absence of a robust adversarial process, how should courts fairly and reliably assess the discoverability of government hacking techniques? This is a question that deserves far more scholarly attention.

 

  1. Potential Solution: Protective Measures for Limiting Disclosure

 

Disclosure subject to protective measures would seem to provide a middle ground between the all-or-nothing “disclose or dismiss” options. The defense gets the exploit evidence, and the government gets reassurances that it will not be divulged beyond the defense team. Several available protective measures include:

 

  • Restrictions on the circumstances in which the defense expert may review the exploit code: in a secure FBI facility, eyes-only (no note-taking), etc.

  • Issuance of a protective order (PO), prohibiting anyone who signs it from revealing info disclosed to them under the PO, except as the PO permits.

  • For classified exploits, the CIPA-required security clearance entails an in-depth background check for trustworthiness and stringent restrictions on information disclosure, subject to potential civil and criminal liability. (As an example, some Guantanamo detainees’ attorneys got security clearances.)

 

The government rejected a middle-ground approach in Michaud. It chose dismissal instead, indicating that the value to it of keeping at least this NIT absolutely secret outweighs the value of imprisoning someone accused of a heinous crime. Why deem these protective measures inadequate? The penalties for violation are steep. True, with so many Playpen cases pending, the government might think leaks more likely if dozens of defense teams review the exploit code. Yet outside experts with clearances are no less trustworthy than the FBI agents working on these cases.

 

Another shortcoming of this middle-ground approach is that it will not let a vendor whose product is affected learn what vulnerability the government exploited. The government explicitly wants to keep the vendor from getting the information it needs to patch the vulnerability. Thus, while POs could be an appropriate solution for accommodating defense and government interests in a court case, they would not resolve the security tradeoffs that government hacking inevitably entails.

 

  1. The Future of Government Hacking

 

At minimum, the practice of government hacking must be accompanied by appropriate safeguards for defendants in order to constitute a valid evidence collection technique. Those safeguards must include access to information material to preparation of the defense. The Playpen cases that have considered the issue mostly have not required disclosure, but that won’t control future cases. Especially where law enforcement uses more intrusive access tools, or collects more delicate information, courts will have to determine discoverability case-by-case.

 

A bright-line rule for disclosure of vulnerabilities and exploits would lead to predictable, consistent outcomes in court and help the government decide when to use a particular technique, knowing a judge may order it disclosed. But agreement on such a rule currently seems unlikely. We will continue to see courts assessing discoverability, and possible dismissal in at least some cases if disclosure is ordered.

Even if disclosure won’t consistently be required, in future the government may have to adjust its hacking techniques and accept their limited life span. Once aware of NIT use by law enforcement, criminals may take evasive measures, such as turning off JavaScript (which browser-based exploits typically require). As Drs. Blaze, Bellovin, and Clark recommended in their paper Keys Under Doormats, disclosure serves many crucial purposes and should be considered part and parcel of remote hacking. Their concern was for computer security, but disclosure also safeguards defendants’ constitutional rights and the accuracy of the criminal adjudicatory process. 

Previous events in this series explored the changes to Rule 41 of the Federal Rules of Criminal Procedure; the Vulnerabilities Equities Process; and the security risks of government hacking. Video recordings of all four events are available on the respective event pages and on CIS’s YouTube channel. We’d like to thank our panelists for taking part in this event, the Stanford Cyber Initiative for providing funding, and our friends at Mozilla for their tireless work helping to coordinate this event series.

Focus Areas: 
Related Projects: 


Source: Cyber Law

Source: Privacy Online


Source: Zologic

The Intimacy of Connected Vehicles

This post was originally published on Core77.

Currently, most of the attention on connected vehicles is focused on the technology that lets cars drive themselves. However, in the near future, the industry will need to broaden its focus to include what is arguably just as important: the passenger. At Intel, we’ve been working on technology platforms that will allow cars to actually drive themselves for some time. More recently, our UX team has turned to designing, prototyping, and testing a number of experiences for how passengers will operate connected vehicles, how passengers will feel safe and confident during a trip, and how these connected systems will communicate clearly, so passengers will understand what an connected vehicle is doing, and why.

Much of this work has led us to spend quite a bit of time inside vehicles—incorporating new technologies and new interactions to understand what should be optimized on our platforms—and in this process, we’ve started thinking about the ways in which the physical interiors of connected vehicles may need to change. So I’d like to share a few initial thoughts as we begin to form hypotheses about what will be important in these new physical interiors.

One aspect of car ownership we often take for granted is the relationship between driver and passenger. With the exception of picking up a hitchhiker, a driver knows his or her passengers—family members, friends, co-workers, acquaintances—and because of this, there’s a familiarity that lets people share such a small space. And even with taxis and ride hailing services, a front seat/back seat separation exists between driver and passengers, where passengers who share a ride almost always know each other. However, with ride hailing services introducing reduced-rate “pool” options, strangers are now riding in the backs of cars together. And with driverless “mobility-on-demand” services likely to be one of the first ways connected vehicles enter the market, we will likely see an increase in the number of passengers who don’t know each other, sharing rides regularly in vehicles without a driver.

Of course, most people have experience sharing rides with strangers. Buses, subways, airplanes, and trains are just some of the ways we travel together. But although we’re often shoulder-to-shoulder, the relatively large interiors, and larger number of people traveling together, make it easy for us to assume a certain degree of anonymity. It’s easier for us to keep to ourselves in the midst of the crowd. But with connected vehicles, the interiors are much smaller and hold far fewer people. It’s the closeness of the space—the intimacy— that will be a significant challenge for designers. These interior environments will need to address a number of competing needs. How will they accommodate groups of strangers, and also groups who know each other? How will they provide space for being social and for keeping to oneself? How will they create experiences that promote sharing while also safeguarding individual privacy? And all of these situations will undoubtedly be heightened with no human driver to help set context or mediate interactions.

So, the intimate nature of connected vehicles will most likely lead to a significant rethinking of vehicle interiors, prompting car companies to innovate in a variety of ways. But when it comes to designing how people will share these close spaces with each other, we’ve identified three general challenges that seem particularly important for designers to tackle first:

 

Being together & being apart

From one ride to the next, we see an ever-shifting need to be social or private. Some people will want to sit side-by-side, others across from each other, still others will want to sit in a small circle to share or socialize—all while other passengers may want their own more private, personal spaces. All of this means that seating will have to become much more changeable, flexible, and adaptable. How might seats be combined or separated? Can they be brought out or stowed away, to create more or less space? In what ways could seats be reconfigured into individual or shared seating?

 

New ways to create privacy

In such intimate spaces, the pressure to have some sort of social interaction with other passengers, even a brief hello, may be substantial. In some contexts, passengers will want to engage, but in others they may want to keep to themselves. Currently, people use headphones or stay heads-down in a book to signal that they are “unavailable” for conversation, but physical aspects of the interior might also be designed to help create discrete spaces. How might partitioning be incorporated into the environment? Could lighting be used to signal a need for privacy? What interior layouts will let passengers use their mobile devices without someone looking over their shoulder?

 

The ebb and flow of our devices

If one of the main value propositions for connected vehicles is to free up driving time for other activities, then passengers will likely use their mobile devices for chatting, texting, watching content, or being productive. This means that vehicle interiors must account for the various needs we have with our mobile devices. What physical areas (device “cup holders”?) will enable us to charge, view, and use our devices hands-free? How will the space accommodate the bags, cases, power cords, stands, headphones, and other peripherals we bring with our devices? And how will the space make it easy for us to remember our devices, so we don’t leave them behind at the end of a trip?

Again, these three challenges look at the interiors of connected vehicles as shared environments, much like taxis or ride-hailing vehicles, where passengers may or may not know each other. Many in the industry believe that connected vehicles will first hit the market as fleets of “robot-taxis”. This is likely because the value propositions of connected vehicles seem familiar and well-aligned with the current “anytime, anywhere” promise of ride-hailing services. For personally-owned connected vehicles, other interior design needs will arise, and many aspects of the above challenges may not apply at all.

It will be interesting to see all of the ways these interiors will come to be, as the industry marches on and connected vehicles become a reality. In a few short years, we might take a ride, if we’re confident they are safe and trustworthy. And we might continue riding in them, if the interiors are designed with our needs, comfort, and privacy in mind.

To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit intel.com/IoTLinkedInFacebook and Twitter.

 

The post The Intimacy of Connected Vehicles appeared first on IoT@Intel.


Source: Network News