see link for full story
http://gizmodo.com/a-new-bill-seeks-to- ... 1667136766" onclick="window.open(this.href);return false;
A New Bill Seeks to Ban FBI Backdoors in Hardware
Senator Ron Wyden (D-OR) is trying to pass a law that would make it impossible for state agencies to force electronics manufacturers into including backdoors in their products.
While the FBI head James Comey wants to force hardware manufacturers to make their products easier to spy on, Ron Wyden thinks otherwise. "Strong encryption and sound computer security is the best way to keep Americans' data safe from hackers and foreign threats,"
Can you name the "FBI Sensitive Informants working at the Berkmann Center for the Internet
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
http://whowhatwhy.com" onclick="window.open(this.href);return false;
see other link for full story
Regin: Top-tier espionage tool enables stealthy surveillance
An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.
Created: 23 Nov 2014 16:58:23 GMT • Updated: 27 Nov 2014 11:56:56 GMT • Translations available: 繁體中文, 日本語, 한국어, Português, Español
Symantec Security Response's picture
Symantec Security ResponseSYMANTEC EMPLOYEE
http://www.symantec.com/connect/blogs/r ... rveillance" onclick="window.open(this.href);return false;
An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.
It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.
As outlined in a new technical whitepaper from Symantec, Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage. Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.
View Inline Image
Figure 1. Regin’s five stages
Regin also uses a modular approach, allowing it to load custom features tailored to the target. This modular approach has been seen in other sophisticated malware families such as Flamer and Weevil (The Mask), while the multi-stage loading architecture is similar to that seen in the Duqu/Stuxnet family of threats.
Timeline and target profile
Regin infections have been observed in a variety of organizations between 2008 and 2011, after which it was abruptly withdrawn. A new version of the malware resurfaced from 2013 onwards. Targets include private companies, government entities and
see other link for full story
Regin: Top-tier espionage tool enables stealthy surveillance
An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.
Created: 23 Nov 2014 16:58:23 GMT • Updated: 27 Nov 2014 11:56:56 GMT • Translations available: 繁體中文, 日本語, 한국어, Português, Español
Symantec Security Response's picture
Symantec Security ResponseSYMANTEC EMPLOYEE
http://www.symantec.com/connect/blogs/r ... rveillance" onclick="window.open(this.href);return false;
An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.
It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.
As outlined in a new technical whitepaper from Symantec, Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage. Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.
View Inline Image
Figure 1. Regin’s five stages
Regin also uses a modular approach, allowing it to load custom features tailored to the target. This modular approach has been seen in other sophisticated malware families such as Flamer and Weevil (The Mask), while the multi-stage loading architecture is similar to that seen in the Duqu/Stuxnet family of threats.
Timeline and target profile
Regin infections have been observed in a variety of organizations between 2008 and 2011, after which it was abruptly withdrawn. A new version of the malware resurfaced from 2013 onwards. Targets include private companies, government entities and
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
see link for full Cyber Threat from taxpayer funded
FBI agents.
http://www.darkreading.com/fbi-calls-fo ... id/1318099" onclick="window.open(this.href);return false;
FBI Calls For Law Facilitating Security Information Sharing
Uniform breach notification laws and amendments to the Computer Fraud and Abuse Act are also on the list.
FBI officials are calling for updates to the US Computer Fraud and Abuse Act (CFAA) and for new legislation that encourages threat data information sharing and establishes a uniform federal standard for data breach notification.
In a statement before the Senate Committee on Banking, Housing, and Urban Affairs yesterday, Joseph M. Demarest, assistant director of the FBI's Cyber Division, described some of the bureau's recent successes and stressed the importance of information sharing. "And I cannot make the following statement frequently enough," he said. "The private sector is an essential partner if we are to succeed in defeating the cyber threat our nation confronts."
The federal government has been banging that drum for several years, urging the private sector to pass on threat intelligence voluntarily, and promising to reciprocate. The government has established several units to facilitate such communication: the Guardian Victim Analysis Unit, the Internet Crime Complaint Center (IC3), the Domestic Security Alliance Council, the National Cyber-Forensics and Training Alliance, the National Industry Partnership Unit, and the FBI Liaison Alert System (FLASH), which disseminated 34 critical threat alerts between April 2013 and July 2014.
There was, understandably, some resistance from organizations that weren't eager to spread around details of security failures. Now, however, Demarest reports that the IC3 alone receives approximately 800 complaints per day.
The FBI would support legislation that would establish a clear framework for sharing and reduce risk in the process, in addition to providing strong and straightforward safeguards for the privacy and civil liberties of Americans. US citizens must have confidence that threat information is being shared appropriately, and we in the law enforcement and intelligence communities must be as transparent as possible.
Demarest also described examples of how information sharing and collaboration efforts between American and foreign law enforcement entities -- including placing FBI cyberspecialists in "key international locations" -- have paid dividends. He cited the GameOver Zeus disruption in May and the November Silk Road 2.0 disruption that resulted in the seizure of more than 400 .onion addresses on the Tor network, along with the arrest of Blake Benthall, a.k.a. "Defcon," a Silk Road owner-operator.
A decade ago, for example, if an FBI agent tracked an Internet Protocol address to a criminal investigation, and if that IP address was located in a foreign country, this meant the effective end of the investigation. Since that time, however, the FBI has placed cyberspecialists in key international locations to facilitate the investigation of cybercrimes affecting the US.
Colby DeRodeff, chief strategy officer of ThreatStream, provides another reason for openness and collaboration. "The major challenge is the adversary has no obstacles when it comes to sharing and collaboration," he says. "Malware and attack methods, as well as credentials are available to even the most unsophisticated criminals with no legal teams or governing bodies restricting what can be done.
"With that said, obviously, as security has the upmost sensitivity, organizations want to collaborate but need secure methods in which to do so."
Demarest also pushed for amendments to the CFAA, which has not been
FBI agents.
http://www.darkreading.com/fbi-calls-fo ... id/1318099" onclick="window.open(this.href);return false;
FBI Calls For Law Facilitating Security Information Sharing
Uniform breach notification laws and amendments to the Computer Fraud and Abuse Act are also on the list.
FBI officials are calling for updates to the US Computer Fraud and Abuse Act (CFAA) and for new legislation that encourages threat data information sharing and establishes a uniform federal standard for data breach notification.
In a statement before the Senate Committee on Banking, Housing, and Urban Affairs yesterday, Joseph M. Demarest, assistant director of the FBI's Cyber Division, described some of the bureau's recent successes and stressed the importance of information sharing. "And I cannot make the following statement frequently enough," he said. "The private sector is an essential partner if we are to succeed in defeating the cyber threat our nation confronts."
The federal government has been banging that drum for several years, urging the private sector to pass on threat intelligence voluntarily, and promising to reciprocate. The government has established several units to facilitate such communication: the Guardian Victim Analysis Unit, the Internet Crime Complaint Center (IC3), the Domestic Security Alliance Council, the National Cyber-Forensics and Training Alliance, the National Industry Partnership Unit, and the FBI Liaison Alert System (FLASH), which disseminated 34 critical threat alerts between April 2013 and July 2014.
There was, understandably, some resistance from organizations that weren't eager to spread around details of security failures. Now, however, Demarest reports that the IC3 alone receives approximately 800 complaints per day.
The FBI would support legislation that would establish a clear framework for sharing and reduce risk in the process, in addition to providing strong and straightforward safeguards for the privacy and civil liberties of Americans. US citizens must have confidence that threat information is being shared appropriately, and we in the law enforcement and intelligence communities must be as transparent as possible.
Demarest also described examples of how information sharing and collaboration efforts between American and foreign law enforcement entities -- including placing FBI cyberspecialists in "key international locations" -- have paid dividends. He cited the GameOver Zeus disruption in May and the November Silk Road 2.0 disruption that resulted in the seizure of more than 400 .onion addresses on the Tor network, along with the arrest of Blake Benthall, a.k.a. "Defcon," a Silk Road owner-operator.
A decade ago, for example, if an FBI agent tracked an Internet Protocol address to a criminal investigation, and if that IP address was located in a foreign country, this meant the effective end of the investigation. Since that time, however, the FBI has placed cyberspecialists in key international locations to facilitate the investigation of cybercrimes affecting the US.
Colby DeRodeff, chief strategy officer of ThreatStream, provides another reason for openness and collaboration. "The major challenge is the adversary has no obstacles when it comes to sharing and collaboration," he says. "Malware and attack methods, as well as credentials are available to even the most unsophisticated criminals with no legal teams or governing bodies restricting what can be done.
"With that said, obviously, as security has the upmost sensitivity, organizations want to collaborate but need secure methods in which to do so."
Demarest also pushed for amendments to the CFAA, which has not been
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
http://www.theverge.com/2014/12/16/7401 ... -documents" onclick="window.open(this.href);return false;
Sony leaks reveal Hollywood is trying to break DNS, the backbone of the internet
A leaked legal memo reveals a plan for blacklisting pirate sites at the ISP level
By Russell Brandom on December 16, 2014
Sony leaks reveal Hollywood is trying to break DNS, the backbone of the internet
A leaked legal memo reveals a plan for blacklisting pirate sites at the ISP level
By Russell Brandom on December 16, 2014
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
http://www.upi.com/Top_News/US/2015/01/ ... 420494613/" onclick="window.open(this.href);return false;
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
Obama just killed the Open Internet
http://www.nydailynews.com/news/politic ... -1.2069544" onclick="window.open(this.href);return false;
FCC to have net neutrality vote on Feb. 26: Chairman
Chairman Tom Wheeler said the commission was exploring various approaches, including the President Obama-approved one that would potentially reclassify broadband Internet as a telecommunications service under Title II of the 1934 Communications Act.
Wednesday, January 7, 2015,
The vote for rules on net neutrality is now planned to take place on Feb. 26, FCC Chairman Tom Wheeler said Wednesday at the Consumer Electronics Show in Las Vegas.
Wheeler announced the date when speaking with Consumer Electronics Association President Gary Shapiro, during which he spoke about how the road to open Internet rules evolved since last spring.
The rules, which were proposed last May, previously would have banned Internet service providers (ISP) from slowing down web access to consumers, but would allow for content providers such as Netflix to pay for more reliable connections to those same consumers.
Wheeler said the commission was exploring various approaches, including one that would potentially reclassify broadband Internet as a telecommunications service under Title II of the 1934 Communications Act. Doing so, which President Obama called for in November, would allow ISPs to be overseen like current public utilities such as phone companies.
“Last summer we began investigating various approaches using Title II as a way to get to just and reason because it has the best protection," Wheeler said.
Wheeler said that Obama and the FCC have the same goals for possible Internet rules.
http://www.nydailynews.com/news/politic ... -1.2069544" onclick="window.open(this.href);return false;
FCC to have net neutrality vote on Feb. 26: Chairman
Chairman Tom Wheeler said the commission was exploring various approaches, including the President Obama-approved one that would potentially reclassify broadband Internet as a telecommunications service under Title II of the 1934 Communications Act.
Wednesday, January 7, 2015,
The vote for rules on net neutrality is now planned to take place on Feb. 26, FCC Chairman Tom Wheeler said Wednesday at the Consumer Electronics Show in Las Vegas.
Wheeler announced the date when speaking with Consumer Electronics Association President Gary Shapiro, during which he spoke about how the road to open Internet rules evolved since last spring.
The rules, which were proposed last May, previously would have banned Internet service providers (ISP) from slowing down web access to consumers, but would allow for content providers such as Netflix to pay for more reliable connections to those same consumers.
Wheeler said the commission was exploring various approaches, including one that would potentially reclassify broadband Internet as a telecommunications service under Title II of the 1934 Communications Act. Doing so, which President Obama called for in November, would allow ISPs to be overseen like current public utilities such as phone companies.
“Last summer we began investigating various approaches using Title II as a way to get to just and reason because it has the best protection," Wheeler said.
Wheeler said that Obama and the FCC have the same goals for possible Internet rules.
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
see link for full story
http://www.slate.com/articles/technolog ... _ever.html" onclick="window.open(this.href);return false;
DECODING THE TECH WORLD.
JAN. 7 2015 2:31 PM
Don’t Trust the FBI Yet
And don’t believe the skeptics, either. Here’s why the Sony hack remains as murky as ever.
Did the hack of Sony Pictures target The Interview? Did it even come from North Korea?
The Sony Pictures hack—whodunit? Everyone is certain it was either North Korea or not North Korea. Even as the United States imposes new sanctions on North Korea for allegedly hacking Sony Pictures, stealing 100 terabytes of data, and obliterating the movie studio’s internal systems (as I discussed in a previous piece), there remain serious questions as to who exactly was responsible.
http://www.slate.com/articles/technolog ... _ever.html" onclick="window.open(this.href);return false;
DECODING THE TECH WORLD.
JAN. 7 2015 2:31 PM
Don’t Trust the FBI Yet
And don’t believe the skeptics, either. Here’s why the Sony hack remains as murky as ever.
Did the hack of Sony Pictures target The Interview? Did it even come from North Korea?
The Sony Pictures hack—whodunit? Everyone is certain it was either North Korea or not North Korea. Even as the United States imposes new sanctions on North Korea for allegedly hacking Sony Pictures, stealing 100 terabytes of data, and obliterating the movie studio’s internal systems (as I discussed in a previous piece), there remain serious questions as to who exactly was responsible.
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
Media Channel
http://www.mediachannel.org/the-next-bi ... ty-debate/" onclick="window.open(this.href);return false;
The Next Big Turning Point in the Net Neutrality Debate
January 4, 2015
By Brian Fung via Washington Post
In recent weeks, momen
http://www.mediachannel.org/the-next-bi ... ty-debate/" onclick="window.open(this.href);return false;
The Next Big Turning Point in the Net Neutrality Debate
January 4, 2015
By Brian Fung via Washington Post
In recent weeks, momen
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
http://www.salon.com/2015/01/12/they_do ... o_dubious/" onclick="window.open(this.href);return false;
MONDAY, JAN 12, 2015 06:58 AM EST
“They don’t see what I see”: Why FBI’s claim against North Korea is so dubious
Is NK really the Sony hacker? Numerous tech security experts question it -- and given U.S. history, you should too
"They don't see what I see": Why FBI's claim against North Korea is so dubious
Whether he realizes it or not, James Comey, director of the Federal Bureau of Investigations, has made a rather brazen request of the American people. As he attempted to reinforce the government’s case that North Korea was responsible for the hacking of Sony Pictures Entertainment, he urged critics of the intelligence community’s position to remember that “they don’t have the facts that I have. They don’t see what I see.”
Considering the validity of the lingering questions about North Korea’s culpability — to say nothing of the unsavory recent history of our foreign policy establishment — Americans would be well-advised to not abandon their skepticism quite yet.
In a Monday Op-Ed in Time magazine, security technologist Bruce Schneier spoke for “many of us in the computer-security field” when he described the FBI’s evidence as “circumstantial and not very convincing.” For instance, as Schneier pointed out in an earlier article for the Atlantic, the use of the Korean language in the code from the attack is “easy to fake,” even though the FBI cited that as part of its proof. Marc Rogers, the principal security researcher at CloudFare and director of security operations at the annual hacker convention DefCon, also characterized the case against North Korea as “plausible … but not definitive.” Referring to the fact that the malware used against Sony was similar to software
MONDAY, JAN 12, 2015 06:58 AM EST
“They don’t see what I see”: Why FBI’s claim against North Korea is so dubious
Is NK really the Sony hacker? Numerous tech security experts question it -- and given U.S. history, you should too
"They don't see what I see": Why FBI's claim against North Korea is so dubious
Whether he realizes it or not, James Comey, director of the Federal Bureau of Investigations, has made a rather brazen request of the American people. As he attempted to reinforce the government’s case that North Korea was responsible for the hacking of Sony Pictures Entertainment, he urged critics of the intelligence community’s position to remember that “they don’t have the facts that I have. They don’t see what I see.”
Considering the validity of the lingering questions about North Korea’s culpability — to say nothing of the unsavory recent history of our foreign policy establishment — Americans would be well-advised to not abandon their skepticism quite yet.
In a Monday Op-Ed in Time magazine, security technologist Bruce Schneier spoke for “many of us in the computer-security field” when he described the FBI’s evidence as “circumstantial and not very convincing.” For instance, as Schneier pointed out in an earlier article for the Atlantic, the use of the Korean language in the code from the attack is “easy to fake,” even though the FBI cited that as part of its proof. Marc Rogers, the principal security researcher at CloudFare and director of security operations at the annual hacker convention DefCon, also characterized the case against North Korea as “plausible … but not definitive.” Referring to the fact that the malware used against Sony was similar to software
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
http://www.kval.com/news/tech/Wyden-obj ... l?mobile=y" onclick="window.open(this.href);return false;
Wyden objects to anti-terrorism rules for internet
s Jul 28, 2015
— Sen. Ron Wyden, an Oregon Democrat and skeptic of broad government surveillance, objected Tuesday to a bill that would have required social media and online sites like Google, Yahoo, Twitter and Facebook to alert federal authorities of any terrorist activity.
The proposal, by Sen. Dianne Feinstein, D-Calif., had been tucked into a broader bill authorizing intelligence programs throughout the 2016 budget year and became the subject of several private meetings on Capitol Hill between congressional staff and industry officials.
In a statement submitted into the Congressional Record, Wyden said the Senate had been asked on Tuesday to approve the intelligence authorization bill by unanimous consent. Doing so would bypass any debate. A spokesman for Senate Majority Leader Mitch McConnell, R-Ky., confirmed that leadership had hoped to pass the bill before the August recess, but that not all senators were on board.
Wyden said he would insist on a debate because of "very valid concerns" made by the technology industry.
"Internet companies should not be subject to broad requirements to police the speech of their users," Wyden said in the statement.
Feinstein argued that the requirement was nearly identical to one related to child pornography. But tech companies said the bill was so vague it would be almost impossible to determine whether they were meeting their legal obligation, or if they were on the hook if they miss a tweet, video or blog that hints of an attack. They said the result would probably be a deluge of tips to law enforcement, making it tougher for the government to find more valuable information.
"The FBI and the intelligence community have made it abundantly clear that the terrorist threat is severe and increasing, and that those directing, inspiring and carrying out attacks make heavy use of social media sites," Feinstein told The Associated Press in an emailed statement provided last week. "This provision will help get potentially actionable information to the agencies responsible for preventing attacks, without requiring companies to take any steps to monitor their sites they aren't already taking."
Wyden said the FBI director told Congress that technology companies are cooperative and helpful about alerting law enforcement to serious incidents.
"But I haven't yet heard any law enforcement or intelligence agencies suggest that this provision will actually help catch terrorists, and I take the concerns that have been raised about its breadth and vagueness seriously," Wyden wrote.
Since the 2013 disclosure of government surveillance by former contractor Edward Snowden, the tech industry has led an aggressive public push to limit surveillance requests and increase transparency, adopting more sophisticated encryption techniques despite opposition from the Justice Department. Their primary argument has been that consumers won't use technology they don't trust, and that unnecessary surveillance would hurt the industry.
At the same time, popular social media sites have become instrumental in helping terrorist groups expand their influence, despite widespread industry policies against posting
Wyden objects to anti-terrorism rules for internet
s Jul 28, 2015
— Sen. Ron Wyden, an Oregon Democrat and skeptic of broad government surveillance, objected Tuesday to a bill that would have required social media and online sites like Google, Yahoo, Twitter and Facebook to alert federal authorities of any terrorist activity.
The proposal, by Sen. Dianne Feinstein, D-Calif., had been tucked into a broader bill authorizing intelligence programs throughout the 2016 budget year and became the subject of several private meetings on Capitol Hill between congressional staff and industry officials.
In a statement submitted into the Congressional Record, Wyden said the Senate had been asked on Tuesday to approve the intelligence authorization bill by unanimous consent. Doing so would bypass any debate. A spokesman for Senate Majority Leader Mitch McConnell, R-Ky., confirmed that leadership had hoped to pass the bill before the August recess, but that not all senators were on board.
Wyden said he would insist on a debate because of "very valid concerns" made by the technology industry.
"Internet companies should not be subject to broad requirements to police the speech of their users," Wyden said in the statement.
Feinstein argued that the requirement was nearly identical to one related to child pornography. But tech companies said the bill was so vague it would be almost impossible to determine whether they were meeting their legal obligation, or if they were on the hook if they miss a tweet, video or blog that hints of an attack. They said the result would probably be a deluge of tips to law enforcement, making it tougher for the government to find more valuable information.
"The FBI and the intelligence community have made it abundantly clear that the terrorist threat is severe and increasing, and that those directing, inspiring and carrying out attacks make heavy use of social media sites," Feinstein told The Associated Press in an emailed statement provided last week. "This provision will help get potentially actionable information to the agencies responsible for preventing attacks, without requiring companies to take any steps to monitor their sites they aren't already taking."
Wyden said the FBI director told Congress that technology companies are cooperative and helpful about alerting law enforcement to serious incidents.
"But I haven't yet heard any law enforcement or intelligence agencies suggest that this provision will actually help catch terrorists, and I take the concerns that have been raised about its breadth and vagueness seriously," Wyden wrote.
Since the 2013 disclosure of government surveillance by former contractor Edward Snowden, the tech industry has led an aggressive public push to limit surveillance requests and increase transparency, adopting more sophisticated encryption techniques despite opposition from the Justice Department. Their primary argument has been that consumers won't use technology they don't trust, and that unnecessary surveillance would hurt the industry.
At the same time, popular social media sites have become instrumental in helping terrorist groups expand their influence, despite widespread industry policies against posting
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
https://www.fireeye.com/blog/threat-res ... _andr.html" onclick="window.open(this.href);return false;
Another Popular Android Application, Another Leak
August 19, 2015 | By Mariam Muntaha, Jimmy Su, Fuaad Ahmad | Mobile Threats, Threat Research
camera360logo
Many popular Android apps are leaking sensitive data. We have found that another popular Google play app, “Camera360 Ultimate,” not only enhances the users’ photos but also inadvertently leaks sensitive data, which gives malicious parties unauthorized access to users’ Camera360 Cloud accounts and photos.
UPDATE 9/15/15: We worked closely with the Camera360 team to address the personal information leaks that are described in this blog. The Camera360 team responded quickly and worked diligently to address the issues. In particular, their latest release of the Camera360 app version 7.0 no longer leaks password hash and email address to logcat. Camera360 has informed us that they will process a comprehensive check on all http portals and apply dynamic token refresh in October 2015. For the leaks affecting users of Camera360 v6.2.3 and versions before, code in previous versions can not be modified now so Camera360 is encouraging their users to update to avoid any possible hidden threats.
Prior to this discovery, FireEye researchers discovered SSL vulnerabilities in the widely used Camere360 app and many other popular applications. These vulnerabilities were exploitable by Man-in-the-Middle (MITM) attacks and posed a serious threat to user privacy.
Android app developers should take increased security measures to provide their customers with a more secure mobile experience.
Summary and introduction
Camera360 is a popular photo shooting and editing application. It has millions of users worldwide. It provides a free cloud service for storage of pictures. To use the cloud feature, users create a cloud account that can also be accessed via the website http://www.cloud.camera360.com" onclick="window.open(this.href);return false;.
Cloud access is protected by username and password. But when the app accesses the cloud, it leaks sensitive data, in unencrypted form, to Android system lo
Another Popular Android Application, Another Leak
August 19, 2015 | By Mariam Muntaha, Jimmy Su, Fuaad Ahmad | Mobile Threats, Threat Research
camera360logo
Many popular Android apps are leaking sensitive data. We have found that another popular Google play app, “Camera360 Ultimate,” not only enhances the users’ photos but also inadvertently leaks sensitive data, which gives malicious parties unauthorized access to users’ Camera360 Cloud accounts and photos.
UPDATE 9/15/15: We worked closely with the Camera360 team to address the personal information leaks that are described in this blog. The Camera360 team responded quickly and worked diligently to address the issues. In particular, their latest release of the Camera360 app version 7.0 no longer leaks password hash and email address to logcat. Camera360 has informed us that they will process a comprehensive check on all http portals and apply dynamic token refresh in October 2015. For the leaks affecting users of Camera360 v6.2.3 and versions before, code in previous versions can not be modified now so Camera360 is encouraging their users to update to avoid any possible hidden threats.
Prior to this discovery, FireEye researchers discovered SSL vulnerabilities in the widely used Camere360 app and many other popular applications. These vulnerabilities were exploitable by Man-in-the-Middle (MITM) attacks and posed a serious threat to user privacy.
Android app developers should take increased security measures to provide their customers with a more secure mobile experience.
Summary and introduction
Camera360 is a popular photo shooting and editing application. It has millions of users worldwide. It provides a free cloud service for storage of pictures. To use the cloud feature, users create a cloud account that can also be accessed via the website http://www.cloud.camera360.com" onclick="window.open(this.href);return false;.
Cloud access is protected by username and password. But when the app accesses the cloud, it leaks sensitive data, in unencrypted form, to Android system lo
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
The Big Secret That Makes the FBI’s Anti-Encryption Campaign a Big Lie
https://theintercept.com/2015/09/28/hacking/" onclick="window.open(this.href);return false;
Sep. 28 2015, 10:47 a.m.
To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy.
But that’s just not true.
In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it’s called hacking.
Hacking — just like kicking down a door and looking through someone’s stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant.
And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects’ devices. Doing so gives them the same access the suspects have to communications — before they’ve been encrypted, or after they’ve been unencrypted.
Government officials don’t like talking about it — quite possibly because hacking takes considerably more effort than simply asking a telecom provider for records. Robert Litt, general counsel to the Director of National Intelligence, recently referred to potential government hacking as a process of “slow uncertain one-offs.”
But they don’t deny it, either. Hacking is “an avenue to consider and discuss,” Amy Hess, the assistant executive director of the FBI’s Science and Technology branch, said at an encryption debate earlier this month.
The FBI “routinely identifies, evaluates, and tests potential exploits in the interest of cyber security,” bureau spokesperson Christopher Allen wrote in an email.
Hacking In Action
There are still only a few publicly known cases of government hacking, but they include examples of phishing, “watering hole” websites, and physical tampering.
Phishing involves an attacker masquerading as a trustworthy website or serv
https://theintercept.com/2015/09/28/hacking/" onclick="window.open(this.href);return false;
Sep. 28 2015, 10:47 a.m.
To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy.
But that’s just not true.
In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it’s called hacking.
Hacking — just like kicking down a door and looking through someone’s stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant.
And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects’ devices. Doing so gives them the same access the suspects have to communications — before they’ve been encrypted, or after they’ve been unencrypted.
Government officials don’t like talking about it — quite possibly because hacking takes considerably more effort than simply asking a telecom provider for records. Robert Litt, general counsel to the Director of National Intelligence, recently referred to potential government hacking as a process of “slow uncertain one-offs.”
But they don’t deny it, either. Hacking is “an avenue to consider and discuss,” Amy Hess, the assistant executive director of the FBI’s Science and Technology branch, said at an encryption debate earlier this month.
The FBI “routinely identifies, evaluates, and tests potential exploits in the interest of cyber security,” bureau spokesperson Christopher Allen wrote in an email.
Hacking In Action
There are still only a few publicly known cases of government hacking, but they include examples of phishing, “watering hole” websites, and physical tampering.
Phishing involves an attacker masquerading as a trustworthy website or serv
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
Revelations about the hack that allowed Greek politicians to be spied on in 2004 come at a time when the White House is set to announce its encryption policy
data
The only way to make sure our date is safe is to keep it encrypted.
http://www.theguardian.com/commentisfre ... -backdoors" onclick="window.open(this.href);return false;
Wednesday 30 September 2015 07.30 EDT
Just as it seems the White House is close to finally announcing its policy on encryption - the FBI has been pushing for tech companies like Apple and Google to insert backdoors into their phones so the US government can always access users’ data - new Snowden revelations and an investigation by a legendary journalist show exactly why the FBI’s plans are so dangerous.
One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk
In a meticulous investigation, longtime NSA reporter James Bamford reported at the Intercept Tuesday that the NSA was behind the notorious “Athens Affair”. In surveillance circles, the Athens Affair is stuff of legend: after the 2004 Olympics, the Greek government discovered that an unknown attacker had hacked into Vodafone’s “lawful intercept” system, the phone company’s mechanism of wiretapping phone calls. The attacker spied on phone calls of the president, other Greek politicians and journalists before it was discovered.
According to Bamford’s story, all this happened after the US spy agency cooperated with Greek law enforcement to keep an eye on potential terrorist attacks for the Olympics. Instead of packing up their surveillance gear, they covertly pointed it towards the Greek government and its people. But that’s not all: according to Snowden documents that Bamford cited, this is a common tactic of the NSA. They often attack the “lawful intercept” systems in other countries to spy on government and citizens without their knowledge:
Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable”, the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia and Siemens.
It’s the exact nightmare scenario security experts have warned about when it comes to backdoors: they are not only available to those that operate them “legally”, but also to those who can hack into them to spy without anyone’s knowledge. If the NSA can do it, so can China, Russia and a host of other malicious actors.
Advertisement
Adopter, convertible or skeptic: who are you when it comes to clean energy?
The White House is reportedly close to coming to a decision on their official policy on encryption. Despite the FBI and NSA’s best efforts to convince them that they should push for a law mandating backdoors - a catastrophe for human rights, cybersecurity and the US economy - the White House may be on the verge of openly condemning the FBI’s approach, according to the Washington Post.
This would be great news for everybody. However, they have yet to come to a final decision. To help them, the Electronic Frontier Foundation and a host of other groups (including Freedom of the Press Foundation, where I work) have launched a White House petition calling on the Obama administration to do the right thing on encryption: strongly support everyone’s right to use it.
Coming out strongly against such a mandate would be huge on multiple fronts for the Obama administration: it would send a strong message for human rights around the world, it would make it much harder for other governments to demand backdoors from US tech companies and it would also strengthen the US economy.
For the White House, it would ce
data
The only way to make sure our date is safe is to keep it encrypted.
http://www.theguardian.com/commentisfre ... -backdoors" onclick="window.open(this.href);return false;
Wednesday 30 September 2015 07.30 EDT
Just as it seems the White House is close to finally announcing its policy on encryption - the FBI has been pushing for tech companies like Apple and Google to insert backdoors into their phones so the US government can always access users’ data - new Snowden revelations and an investigation by a legendary journalist show exactly why the FBI’s plans are so dangerous.
One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk
In a meticulous investigation, longtime NSA reporter James Bamford reported at the Intercept Tuesday that the NSA was behind the notorious “Athens Affair”. In surveillance circles, the Athens Affair is stuff of legend: after the 2004 Olympics, the Greek government discovered that an unknown attacker had hacked into Vodafone’s “lawful intercept” system, the phone company’s mechanism of wiretapping phone calls. The attacker spied on phone calls of the president, other Greek politicians and journalists before it was discovered.
According to Bamford’s story, all this happened after the US spy agency cooperated with Greek law enforcement to keep an eye on potential terrorist attacks for the Olympics. Instead of packing up their surveillance gear, they covertly pointed it towards the Greek government and its people. But that’s not all: according to Snowden documents that Bamford cited, this is a common tactic of the NSA. They often attack the “lawful intercept” systems in other countries to spy on government and citizens without their knowledge:
Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable”, the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia and Siemens.
It’s the exact nightmare scenario security experts have warned about when it comes to backdoors: they are not only available to those that operate them “legally”, but also to those who can hack into them to spy without anyone’s knowledge. If the NSA can do it, so can China, Russia and a host of other malicious actors.
Advertisement
Adopter, convertible or skeptic: who are you when it comes to clean energy?
The White House is reportedly close to coming to a decision on their official policy on encryption. Despite the FBI and NSA’s best efforts to convince them that they should push for a law mandating backdoors - a catastrophe for human rights, cybersecurity and the US economy - the White House may be on the verge of openly condemning the FBI’s approach, according to the Washington Post.
This would be great news for everybody. However, they have yet to come to a final decision. To help them, the Electronic Frontier Foundation and a host of other groups (including Freedom of the Press Foundation, where I work) have launched a White House petition calling on the Obama administration to do the right thing on encryption: strongly support everyone’s right to use it.
Coming out strongly against such a mandate would be huge on multiple fronts for the Obama administration: it would send a strong message for human rights around the world, it would make it much harder for other governments to demand backdoors from US tech companies and it would also strengthen the US economy.
For the White House, it would ce
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
Couple of stories about taxes and how they are used
1.
Corruption Currents: FBI Seeks High School Students for Cyber Jobs
Wall Street Journal (blog)-19 hours ago
The FBI wants to recruit high school kids for its fight against cybercrime before they find private-sector jobs or fail background checks for smoking pot. (Financial ...
http://blogs.wsj.com/riskandcompliance/ ... yber-jobs/" onclick="window.open(this.href);return false;
2.
https://www.eff.org/" onclick="window.open(this.href);return false;
3.
http://www.defendingdissent.org/now/" onclick="window.open(this.href);return false;
4.
http://whowhatwhy.org/" onclick="window.open(this.href);return false;
1.
Corruption Currents: FBI Seeks High School Students for Cyber Jobs
Wall Street Journal (blog)-19 hours ago
The FBI wants to recruit high school kids for its fight against cybercrime before they find private-sector jobs or fail background checks for smoking pot. (Financial ...
http://blogs.wsj.com/riskandcompliance/ ... yber-jobs/" onclick="window.open(this.href);return false;
2.
https://www.eff.org/" onclick="window.open(this.href);return false;
3.
http://www.defendingdissent.org/now/" onclick="window.open(this.href);return false;
4.
http://whowhatwhy.org/" onclick="window.open(this.href);return false;
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
http://whowhatwhy.org/2015/10/02/the-pentagons-brain/" onclick="window.open(this.href);return false;
October 2, 2015 | Jeff Schechtman
The Pentagon’s Brain
In her last work, Annie Jacobsen gave us a look at Area 51. Now she talks to WhoWhatWhy’s Jeff Schechtman about the trove of government secrets connected to DARPA, the Defense Advanced Research Project Agency. That’s the secret military R&D labs that gave us the Internet, Agent Orange, drones, and advanced research into human cloning.
October 2, 2015 | Jeff Schechtman
The Pentagon’s Brain
In her last work, Annie Jacobsen gave us a look at Area 51. Now she talks to WhoWhatWhy’s Jeff Schechtman about the trove of government secrets connected to DARPA, the Defense Advanced Research Project Agency. That’s the secret military R&D labs that gave us the Internet, Agent Orange, drones, and advanced research into human cloning.
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
The largest group of child predators by profession is
law enforcement
see
http://www.copwatch.net/forums/" onclick="window.open(this.href);return false;
15 years ago attorney/author Andrew Vachss started
fundraising to hire and train wounded vets to
stop child pornographers.
http://archive.wbir.com/news/article/25 ... lsite=true" onclick="window.open(this.href);return false;
Google
Weiss Center Hero Corps
You know the answer to why he did this.
Now the predators. have monopolized their sickness
under the guise of fighting child porn
couple of reads from the whisper stream
Google driving while teenage female
apparently this reporter didn't
1.
http://www.click2houston.com/news/fbi-h ... y/35674978" onclick="window.open(this.href);return false;
FBI has new tactic to fight child pornography
Author: Robert Arnold, Investigative Reporter, [email protected]
Published On: Oct 05 2015 10:47:56 PM CDT
2.
Reports and Articles | Samuel Walker
samuelwalker.net/books/reports-and-articles/
Driving While Female: Sam Walker and Dawn Irlbeck are the authors of two reports on police sexual abuse of women, including teenage girls. Read the reports:.
[PDF]Police Sexual Abuse of Teenage Girls: A 2003 Update on “Driving ...
samuelwalker.net/wp-content/uploads/2010/06/dwf2003.pdf
by S Walker - 2003 - Cited by 3 - Related articles
on “Driving While Female” by the University of Nebraska at Omaha. ... This report found 72 cases of police officer sexual abuse of teenage girls (and some boys) ...
3.
Wounded warriors join fight against child porn
9:11 PM, Mar 4, 2013 | 0 comments
David Keith with the National Association to Protect Children thanks Debbie Weiss for her $1 million donation.
A $1 million gift will help a national group with an active base in Knoxville further its mission to protect children.
On Monday morning, Debbie Weiss of California announced the donation to the National Association to Protect Children (NAPC).
The money will help establish a high-tech center at NAPC headquarters in Downtown Knoxville.
The Weiss Center for Child Rescue and Protection Technology will focus on advancing technology to protect children.
For several years, NAPC has partnered with the Oak Ridge National Laboratory (ORNL).
Together, they have been able to improve technology that catches predators.
"They've produced incredible tools for law enforcement. They've got a thumb drive that recognizes child pornography. You stick it in the computer and it downloads the child porn in 15 minutes. It used to take weeks to do manually," said David Keith with NAPC.
But law enforcement needs help, which is how the Weiss Center decided its first mission.
The HERO (Human Exploitation Rescue Operatives) Child-Rescue Corps program will create 200 new jobs for wounded warriors.
Veterans will be trained and placed across the country, using technology created by ORNL.
"You've got so many young men and women who were possibly planning on making the military their career and who have had that career taken away from them," Master Sergeant Rich Robertson, a retired Army veteran.
Sgt. Robertson helped design the Hero Rescue Corps.
"These men and women need to be shown that they have valuable skills in the workplace," he
law enforcement
see
http://www.copwatch.net/forums/" onclick="window.open(this.href);return false;
15 years ago attorney/author Andrew Vachss started
fundraising to hire and train wounded vets to
stop child pornographers.
http://archive.wbir.com/news/article/25 ... lsite=true" onclick="window.open(this.href);return false;
Weiss Center Hero Corps
You know the answer to why he did this.
Now the predators. have monopolized their sickness
under the guise of fighting child porn
couple of reads from the whisper stream
Google driving while teenage female
apparently this reporter didn't
1.
http://www.click2houston.com/news/fbi-h ... y/35674978" onclick="window.open(this.href);return false;
FBI has new tactic to fight child pornography
Author: Robert Arnold, Investigative Reporter, [email protected]
Published On: Oct 05 2015 10:47:56 PM CDT
2.
Reports and Articles | Samuel Walker
samuelwalker.net/books/reports-and-articles/
Driving While Female: Sam Walker and Dawn Irlbeck are the authors of two reports on police sexual abuse of women, including teenage girls. Read the reports:.
[PDF]Police Sexual Abuse of Teenage Girls: A 2003 Update on “Driving ...
samuelwalker.net/wp-content/uploads/2010/06/dwf2003.pdf
by S Walker - 2003 - Cited by 3 - Related articles
on “Driving While Female” by the University of Nebraska at Omaha. ... This report found 72 cases of police officer sexual abuse of teenage girls (and some boys) ...
3.
Wounded warriors join fight against child porn
9:11 PM, Mar 4, 2013 | 0 comments
David Keith with the National Association to Protect Children thanks Debbie Weiss for her $1 million donation.
A $1 million gift will help a national group with an active base in Knoxville further its mission to protect children.
On Monday morning, Debbie Weiss of California announced the donation to the National Association to Protect Children (NAPC).
The money will help establish a high-tech center at NAPC headquarters in Downtown Knoxville.
The Weiss Center for Child Rescue and Protection Technology will focus on advancing technology to protect children.
For several years, NAPC has partnered with the Oak Ridge National Laboratory (ORNL).
Together, they have been able to improve technology that catches predators.
"They've produced incredible tools for law enforcement. They've got a thumb drive that recognizes child pornography. You stick it in the computer and it downloads the child porn in 15 minutes. It used to take weeks to do manually," said David Keith with NAPC.
But law enforcement needs help, which is how the Weiss Center decided its first mission.
The HERO (Human Exploitation Rescue Operatives) Child-Rescue Corps program will create 200 new jobs for wounded warriors.
Veterans will be trained and placed across the country, using technology created by ORNL.
"You've got so many young men and women who were possibly planning on making the military their career and who have had that career taken away from them," Master Sergeant Rich Robertson, a retired Army veteran.
Sgt. Robertson helped design the Hero Rescue Corps.
"These men and women need to be shown that they have valuable skills in the workplace," he
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
Journalist Convicted of Hacking, Accused FBI of Manipulating Evidence
Matthew Keys
Matthew Keys
https://www.washingtonpost.com/news/the ... -evidence/" onclick="window.open(this.href);return false;
A journalist convicted of hacking Wednesday claims the FBI provided misleading evidence in his case because he would not reveal a source, the Washington Post reports.
Matthew Keys, a former Reuters social media editor, was accused of providing login credentials to a group of hackers who broke into the Los Angeles Times’ networks to alter an online story.
“The FBI agent admitted on the stand to editing chat logs,” Matthew Keys said in an interview Wednesday night. “They presented this case with edited and misleading evidence and facts that told a brilliant story that was total bulls––t.”
Keys, who was found guilty on three counts of hacking, faces up to 25 years in prison when sentenced.
The Justice Department denied any wrongdoing.
Matthew Keys
Matthew Keys
https://www.washingtonpost.com/news/the ... -evidence/" onclick="window.open(this.href);return false;
A journalist convicted of hacking Wednesday claims the FBI provided misleading evidence in his case because he would not reveal a source, the Washington Post reports.
Matthew Keys, a former Reuters social media editor, was accused of providing login credentials to a group of hackers who broke into the Los Angeles Times’ networks to alter an online story.
“The FBI agent admitted on the stand to editing chat logs,” Matthew Keys said in an interview Wednesday night. “They presented this case with edited and misleading evidence and facts that told a brilliant story that was total bulls––t.”
Keys, who was found guilty on three counts of hacking, faces up to 25 years in prison when sentenced.
The Justice Department denied any wrongdoing.
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
White House agrees not to read your emails – kind of
Christian Science Monitor-October 12 2015
"We're not looking for volunteers, not looking to sneak in anywhere," testified FBI Director James Comey at a Senate hearing on Thursday, reports
http://www.csmonitor.com/Technology/201 ... ls-kind-of" onclick="window.open(this.href);return false;
Christian Science Monitor-October 12 2015
"We're not looking for volunteers, not looking to sneak in anywhere," testified FBI Director James Comey at a Senate hearing on Thursday, reports
http://www.csmonitor.com/Technology/201 ... ls-kind-of" onclick="window.open(this.href);return false;
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
https://www.techdirt.com/articles/20151 ... ture.shtml" onclick="window.open(this.href);return false;
Privacy
Tue, Oct 20th 2015 1:46pm
Apple Tells Judge FBI's Phone Unlocking Demands 'Burdensome' At Present, 'Impossible' In The Future
from the fresh-out-of-master-keys dept
Apple has entered its response to federal magistrate judge James Orenstein's request that the company explain whether or not unlocking an encrypted iPhone would be "burdensome." It was the judge calling the bluffs of everyone involved in the new Crypto War, but mainly the FBI's.
A key issue in the encryption debate, part of a larger discussion of what the FBI calls its “going dark” problem, is to what extent the government can force companies to provide “technical assistance” under current law.
In the Apple case, the government asserted its request “is not likely to place any unreasonable burden on Apple.”
Orenstein said, “I am less certain.”
The DOJ is attempting to use a 1789 act to unlock a phone running a 2013 operating system. Orenstein made several points in his order requesting Apple's participation, including the fact that the FBI's abuse of an old law was at odds with director James Comey's claim that he desired a "public debate" about encryption and public safety.
Apple's brief points out that "burdensome" may soon become indistinguishable from "impossible." As was noted earlier, this case concerns a phone running an older version of the iPhone's system software. Apple admits it can access a certain amount of data if the judge signs off on the All Writs order.
For these devices, Apple has the technical ability to extract certain categories of unencrypted data from a passcode locked iOS device. Whether the extraction can be performed successfully depends on the device itself, and whether it is in good working order. As a general matter, however, certain user-generated active files on an iOS device that are contained in Apple's native apps can be extracted. Apple cannot, however, extract email, calendar entries, or any third-party app data.
As for the question of whether this possibility veers into "burdensome" territory, Apple had this t
Privacy
Tue, Oct 20th 2015 1:46pm
Apple Tells Judge FBI's Phone Unlocking Demands 'Burdensome' At Present, 'Impossible' In The Future
from the fresh-out-of-master-keys dept
Apple has entered its response to federal magistrate judge James Orenstein's request that the company explain whether or not unlocking an encrypted iPhone would be "burdensome." It was the judge calling the bluffs of everyone involved in the new Crypto War, but mainly the FBI's.
A key issue in the encryption debate, part of a larger discussion of what the FBI calls its “going dark” problem, is to what extent the government can force companies to provide “technical assistance” under current law.
In the Apple case, the government asserted its request “is not likely to place any unreasonable burden on Apple.”
Orenstein said, “I am less certain.”
The DOJ is attempting to use a 1789 act to unlock a phone running a 2013 operating system. Orenstein made several points in his order requesting Apple's participation, including the fact that the FBI's abuse of an old law was at odds with director James Comey's claim that he desired a "public debate" about encryption and public safety.
Apple's brief points out that "burdensome" may soon become indistinguishable from "impossible." As was noted earlier, this case concerns a phone running an older version of the iPhone's system software. Apple admits it can access a certain amount of data if the judge signs off on the All Writs order.
For these devices, Apple has the technical ability to extract certain categories of unencrypted data from a passcode locked iOS device. Whether the extraction can be performed successfully depends on the device itself, and whether it is in good working order. As a general matter, however, certain user-generated active files on an iOS device that are contained in Apple's native apps can be extracted. Apple cannot, however, extract email, calendar entries, or any third-party app data.
As for the question of whether this possibility veers into "burdensome" territory, Apple had this t
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
two or three stories about FII agents
1.
FBI could be found in contempt in case of Utahn investigating ...
http://www.sltrib.com/news/1800717-155/ ... -trentadue.." onclick="window.open(this.href);return false;.
Saying he is “perplexed” by the FBI’s failure to ... the Murrah Building in Oklahoma City — information that Trentadue ... Agent Adam Quirk, ...
Judge to FBI: Go probe yourself on OKC bombing - WND
http://www.wnd.com/2014/08/judge-to-fbi ... ourself-on.." onclick="window.open(this.href);return false;.
Judge to FBI: Go probe yourself ... Agent Quirk had called him several times, ... Trentadue sued the FBI for alleged violations of the U.S. Freedom of Information Act
Criminal Violence as Political Theater: Standard Operating ...
beforeitsnews.com › Strange
Mar 13, 2015 · In a meeting with Salt Lake City attorney Jesse Trentadue in July 2011 ... his live-in girlfriend. ... Adam Quirk resigned from the FBI in ...
FBI Denies Witness Tampering In Oklahoma City Bombing Lawsuit ...
http://www.911truth.org/fbi-denies...ok ... ng-lawsuit" onclick="window.open(this.href);return false;
A federal judge has indicated that he wants an investigation into whether the FBI tampered with a witness in a trial regarding the Oklahoma City bombing.
They’ll Be Back: PATCON, Oklahoma City, and Jesse Trentadue’s ...
freedominourtime.blogspot.com/2014/11/theyll-be-back...
Nov 13, 2014 · Back at ya: FBI Special Agent Quirk. ... 1995, was working for the FBI," Trentadue said in an interview with Lew Rockwell. "The FBI had, I now know, ...
Did the FBI tamper with a witness in OKC bombing evidence ...
fox13now.com/2014/11/13/did-the-fbi-tamper-with-a...
Nov 13, 2014 · SALT LAKE CITY -- A federal judge has indicated he wants more investigation into allegations the FBI tampered with a witness in a trial over evidence and ...
2.
FBI agent John A. Yervelli arrested for public lewdness (driving without pants)
Posted on 2 January 2013 by M
Buffalo News: Driving without pants leads to charge against FBI agent (Dec 11 2012)
Troopers said they received a report from a truck driver that Special Agent John A. Yervelli made lewd gestures toward him while not wearing pants and driving on the Thruway in Eden. Yervelli, 48, of Lake View, faces up to 30 days in jail and a $500 fine if convicted of the misdemeanor charge … A source familiar with Yervelli’s work as a FBI agent said he is involved in at least one pending criminal case. He also was involved in a large-scale federal probe of narcotics, gun and gang activity on Buffalo’s West Side that resulted in federal charges against 27 people in 2010.
Press King: New Details on FBI Agent Driving without pants (Dec 12 2012)
Federal prosecutors conducting an internal review of criminal cases involving an FBI agent facing a charge of public lewdness got more than they bargained for. U.S. Attorney William J. Hochul Jr. ordered the review after Special Agent John A. Yervelli was arrested Friday night by state police. New details have emerged that Special Agent Alan Raines was traveling in the vehicle with Yervelli at the time of the incident.
3.
Battle Continues Over Information-Sharing Bill
Saturday Oct 24th 2015
http://mobile.eweek.com/security/battle ... -bill.html" onclick="window.open(this.href);return false;
The Cybersecurity Information Sharing Act pits privacy-focused consumer advocates against government efforts to open the door to information sharing.
Controversial legislation aimed at allowing companies to share cyber-attack information with government agencies continues to attract opposition, pitting privacy advocates and security experts against non-technical businesses and government agencies.
On Oct. 22, the Cybersecurity Information Sharing Act of 2015 (Senate Bill 754) advanced through the legislative process, with votes expected next week on the bill's proposed amendments. The bill promises liability protection for companies that share information about attacks with specific government agencies, but privacy advocates have criticized the legislation and proposed amendments as empowering surveillance and increasing the reach of the controversial Computer Fraud and Abuse Act.
"CISA is fundamentally flawed," Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, stated in a blog post on Oct. 22. "The bill's broad immunity clauses, vague definitions, and aggressive spying powers combine to make the bill a surveillance bill in disguise."
The bill, originally created by the bi-partisan chairs of the Senate Intelligence Committee, is legislators' latest attempt to create an information-sharing framework. However, security experts have argued that the bill's language could give the National Security Agency increased capabilities to collect information on U.S. citizens and allow defenders to take steps that could impact Internet infrastructure, without making the Internet appreciably more secure.
The debate underscores that privacy has become a major concern as the lessons learned from documents leaked by former NSA contractor Edward Snowden sink into the public consciousness.
Many businesses support the bill. In particular, the bill's provisions for protecting companies against lawsuits for providing data under the auspices of the act gained support from organizations representing retailers, the food service and grocery industry, health care management providers, insurance companies and physical security firms. In a letter to the U.S. Senate, the groups supported CISA and an additional amendment proposed by Senator Tom Cotton, R-Ark., which would eliminate liability for sharing information with the FBI and the Secret Service.
"A major barrier that prevents the business community from working together to combat these unprecedented attacks is the risk of costly frivolous lawsuits," the groups stated in their letter to the U.S. Senate. "We believe that Congress should enact legislation that gives businesses legal certainty that they have safe harbor against frivolous lawsuits when voluntarily sharing and receiving real-time threat indicators and defensive measures and taking actions to mitigate cyberattacks."
Yet most security professionals and privacy advocates are concerned that the bill gives businesses a legislative shield against lawsuits without making the Internet much safer. Seven out of eight well-known security experts did not think CISA would help defenders, according to a poll of 70 security "influencers" by the Christian Science Monitor.
Major technology companies—such as Apple, Microsoft and Twitter—had supported the information-sharing act until a grassroots effort put pressure on the companies. The campaign, led by FightForTheFuture.org, resulted in a reversal in the support for the bill by the Business Software Alliance and 23 major technology firms.
An industry organization representing technology and In
1.
FBI could be found in contempt in case of Utahn investigating ...
http://www.sltrib.com/news/1800717-155/ ... -trentadue.." onclick="window.open(this.href);return false;.
Saying he is “perplexed” by the FBI’s failure to ... the Murrah Building in Oklahoma City — information that Trentadue ... Agent Adam Quirk, ...
Judge to FBI: Go probe yourself on OKC bombing - WND
http://www.wnd.com/2014/08/judge-to-fbi ... ourself-on.." onclick="window.open(this.href);return false;.
Judge to FBI: Go probe yourself ... Agent Quirk had called him several times, ... Trentadue sued the FBI for alleged violations of the U.S. Freedom of Information Act
Criminal Violence as Political Theater: Standard Operating ...
beforeitsnews.com › Strange
Mar 13, 2015 · In a meeting with Salt Lake City attorney Jesse Trentadue in July 2011 ... his live-in girlfriend. ... Adam Quirk resigned from the FBI in ...
FBI Denies Witness Tampering In Oklahoma City Bombing Lawsuit ...
http://www.911truth.org/fbi-denies...ok ... ng-lawsuit" onclick="window.open(this.href);return false;
A federal judge has indicated that he wants an investigation into whether the FBI tampered with a witness in a trial regarding the Oklahoma City bombing.
They’ll Be Back: PATCON, Oklahoma City, and Jesse Trentadue’s ...
freedominourtime.blogspot.com/2014/11/theyll-be-back...
Nov 13, 2014 · Back at ya: FBI Special Agent Quirk. ... 1995, was working for the FBI," Trentadue said in an interview with Lew Rockwell. "The FBI had, I now know, ...
Did the FBI tamper with a witness in OKC bombing evidence ...
fox13now.com/2014/11/13/did-the-fbi-tamper-with-a...
Nov 13, 2014 · SALT LAKE CITY -- A federal judge has indicated he wants more investigation into allegations the FBI tampered with a witness in a trial over evidence and ...
2.
FBI agent John A. Yervelli arrested for public lewdness (driving without pants)
Posted on 2 January 2013 by M
Buffalo News: Driving without pants leads to charge against FBI agent (Dec 11 2012)
Troopers said they received a report from a truck driver that Special Agent John A. Yervelli made lewd gestures toward him while not wearing pants and driving on the Thruway in Eden. Yervelli, 48, of Lake View, faces up to 30 days in jail and a $500 fine if convicted of the misdemeanor charge … A source familiar with Yervelli’s work as a FBI agent said he is involved in at least one pending criminal case. He also was involved in a large-scale federal probe of narcotics, gun and gang activity on Buffalo’s West Side that resulted in federal charges against 27 people in 2010.
Press King: New Details on FBI Agent Driving without pants (Dec 12 2012)
Federal prosecutors conducting an internal review of criminal cases involving an FBI agent facing a charge of public lewdness got more than they bargained for. U.S. Attorney William J. Hochul Jr. ordered the review after Special Agent John A. Yervelli was arrested Friday night by state police. New details have emerged that Special Agent Alan Raines was traveling in the vehicle with Yervelli at the time of the incident.
3.
Battle Continues Over Information-Sharing Bill
Saturday Oct 24th 2015
http://mobile.eweek.com/security/battle ... -bill.html" onclick="window.open(this.href);return false;
The Cybersecurity Information Sharing Act pits privacy-focused consumer advocates against government efforts to open the door to information sharing.
Controversial legislation aimed at allowing companies to share cyber-attack information with government agencies continues to attract opposition, pitting privacy advocates and security experts against non-technical businesses and government agencies.
On Oct. 22, the Cybersecurity Information Sharing Act of 2015 (Senate Bill 754) advanced through the legislative process, with votes expected next week on the bill's proposed amendments. The bill promises liability protection for companies that share information about attacks with specific government agencies, but privacy advocates have criticized the legislation and proposed amendments as empowering surveillance and increasing the reach of the controversial Computer Fraud and Abuse Act.
"CISA is fundamentally flawed," Lee Tien, a senior staff attorney with the Electronic Frontier Foundation, stated in a blog post on Oct. 22. "The bill's broad immunity clauses, vague definitions, and aggressive spying powers combine to make the bill a surveillance bill in disguise."
The bill, originally created by the bi-partisan chairs of the Senate Intelligence Committee, is legislators' latest attempt to create an information-sharing framework. However, security experts have argued that the bill's language could give the National Security Agency increased capabilities to collect information on U.S. citizens and allow defenders to take steps that could impact Internet infrastructure, without making the Internet appreciably more secure.
The debate underscores that privacy has become a major concern as the lessons learned from documents leaked by former NSA contractor Edward Snowden sink into the public consciousness.
Many businesses support the bill. In particular, the bill's provisions for protecting companies against lawsuits for providing data under the auspices of the act gained support from organizations representing retailers, the food service and grocery industry, health care management providers, insurance companies and physical security firms. In a letter to the U.S. Senate, the groups supported CISA and an additional amendment proposed by Senator Tom Cotton, R-Ark., which would eliminate liability for sharing information with the FBI and the Secret Service.
"A major barrier that prevents the business community from working together to combat these unprecedented attacks is the risk of costly frivolous lawsuits," the groups stated in their letter to the U.S. Senate. "We believe that Congress should enact legislation that gives businesses legal certainty that they have safe harbor against frivolous lawsuits when voluntarily sharing and receiving real-time threat indicators and defensive measures and taking actions to mitigate cyberattacks."
Yet most security professionals and privacy advocates are concerned that the bill gives businesses a legislative shield against lawsuits without making the Internet much safer. Seven out of eight well-known security experts did not think CISA would help defenders, according to a poll of 70 security "influencers" by the Christian Science Monitor.
Major technology companies—such as Apple, Microsoft and Twitter—had supported the information-sharing act until a grassroots effort put pressure on the companies. The campaign, led by FightForTheFuture.org, resulted in a reversal in the support for the bill by the Business Software Alliance and 23 major technology firms.
An industry organization representing technology and In
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
DOJ Claims Apple Should Be Forced To Decrypt iPhones Because ...
Techdirt- Oct 26 2015
The filing cites three other cases in which the FBI used an All Writs order to compel the unlocking of an iPhone. Pointing to these, the DOJ argues that pas
https://www.techdirt.com/articles/20151 ... stem.shtml" onclick="window.open(this.href);return false;
Techdirt- Oct 26 2015
The filing cites three other cases in which the FBI used an All Writs order to compel the unlocking of an iPhone. Pointing to these, the DOJ argues that pas
https://www.techdirt.com/articles/20151 ... stem.shtml" onclick="window.open(this.href);return false;
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
http://www.theguardian.com/technology/2 ... eed-claims" onclick="window.open(this.href);return false;
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
http://cyberlaw.stanford.edu/" onclick="window.open(this.href);return false;
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
Teen who hacked CIA head going after FBI official
http://thehill.com/policy/cybersecurity ... i-official" onclick="window.open(this.href);return false;
11/05/15 10:15 AM EST
The teenaged hackers who exposed the personal email account of CIA head John Brennan are hacking into more government officials’ accounts in retaliation for the FBI investigation into their actions.
The group, which calls itself Crackas With Attitude, told Vice Motherboard Wednesday that they have hacked into FBI Deputy Director Mark Giuliano’s personal account.
A member known as Cracka told the publication that they had also obtained Giuliano’s phone number and called him.
“I called it and asked for Mark and he's like ‘I don't know you but you better watch your back’ and then he hung up and I kept calling and he was getting mad then he didn't pick up,” Cracka told Motherboard via online chat.
The FBI has not confirmed the group’s claims.
WikiLeaks last month posted a handful of documents stolen from Brennan’s personal email account by an apparent teenage hacker. According to reports, the hacker posed as an employee of Verizon and got access to Brennan's account from the telecom company.
The hackers told Motherboard Wednesday that they gained access to Giuliano’s account by breaking into a Comcast email account belonging to his wife and exploiting the information they found there.
Brennan’s documents are largely draft forms of agency memos and other notes. Nothing on the account appears to be classified, but one document does contain personal information about Brennan’s wife and family members, including addresses, birthdays and Social Security numbers.
Brennan lambasted both the hackers themselves and the media for suggesting that he was “doing something inappropriate or wrong or [in] violation of my security responsibilities” by using the personal account.
An unnamed law enforcement official previously told The New York Post that he expected officials to “make an example” out of the group to “deter people from doing this in the future.”
Cracka said the second hack on Guiliano wasn’t intended to acquire any specific information.
“We didn't target him for anything interesting, w
http://thehill.com/policy/cybersecurity ... i-official" onclick="window.open(this.href);return false;
11/05/15 10:15 AM EST
The teenaged hackers who exposed the personal email account of CIA head John Brennan are hacking into more government officials’ accounts in retaliation for the FBI investigation into their actions.
The group, which calls itself Crackas With Attitude, told Vice Motherboard Wednesday that they have hacked into FBI Deputy Director Mark Giuliano’s personal account.
A member known as Cracka told the publication that they had also obtained Giuliano’s phone number and called him.
“I called it and asked for Mark and he's like ‘I don't know you but you better watch your back’ and then he hung up and I kept calling and he was getting mad then he didn't pick up,” Cracka told Motherboard via online chat.
The FBI has not confirmed the group’s claims.
WikiLeaks last month posted a handful of documents stolen from Brennan’s personal email account by an apparent teenage hacker. According to reports, the hacker posed as an employee of Verizon and got access to Brennan's account from the telecom company.
The hackers told Motherboard Wednesday that they gained access to Giuliano’s account by breaking into a Comcast email account belonging to his wife and exploiting the information they found there.
Brennan’s documents are largely draft forms of agency memos and other notes. Nothing on the account appears to be classified, but one document does contain personal information about Brennan’s wife and family members, including addresses, birthdays and Social Security numbers.
Brennan lambasted both the hackers themselves and the media for suggesting that he was “doing something inappropriate or wrong or [in] violation of my security responsibilities” by using the personal account.
An unnamed law enforcement official previously told The New York Post that he expected officials to “make an example” out of the group to “deter people from doing this in the future.”
Cracka said the second hack on Guiliano wasn’t intended to acquire any specific information.
“We didn't target him for anything interesting, w
-
msfreeh
- Level 34 Illuminated
- Posts: 7718
Re: FBI Internet Control-What to Do
http://whowhatwhy.org/2015/11/05/cult-m ... ensorship/" onclick="window.open(this.href);return false;
Cult Movie Inspires Global Protest Against Internet Censorship
Anonymous to Commemorate Guy Fawkes Day with Hundreds of Events
Members of Anonymous with Guy Fawkes masks. Photo credit: Peter K. Levy / Flickr (CC BY-SA 2.0)
Members of Anonymous with Guy Fawkes masks. Photo credit: Peter K. Levy / Flickr (CC BY-SA 2.0)
Here’s something sure to raise “hackles” in corporate boardrooms everywhere: The hacker collective Anonymous is marching in cities around the world today in the name of a free Internet.
The more than 600 events scheduled coincide with Guy Fawkes Day, an English holiday that animates the plot of the popular anti-tyranny movie V for Vendetta. Guy Fawkes was a notorious rebel who tried to blow up the English Parliament in 1605.
The Free Flow of Information: Unstoppable
“This year you are invited to stand against censorship and tyranny, corruption, war, poverty,” Anonymous said in a video on the Million Mask March website. “Millions will unite around the globe on the 5th of November to make their voices heard and let the various governments of the world know that they’ll never stop the free flow of information.”
Most of the events will be held in the US and Europe. In London protesters will gather outside the Ecuadorian embassy, where Wikileaks founder Julian Assange has found temporary refuge from prosecution. Hacktivists see his prosecution as payback for his making public vast numbers of top-secret files. Another major demonstration is planned for Washington, DC.
Others actions are scheduled for remote areas like Greenland and even, purportedly, scientific stations in Antarctica.
Only a handful of events are planned in countries like Russia and China, which have a history of dealing harshly with protesters.
The Million Mask March website warns marchers to be prepared for government counter-measures.
“Don’t risk your safety. Depending upon your country, if you believe you must go with superhero costumes, flowers, peace signs and pink sunglasses, do it,” the site states. “Go with a buddy. Keep your cameras on, and never surrender your camera.”
“Governments Don’t Work for the Interest of the People”
While advising caution, Anonymous frames the rationale for the Million Mask March in the starkest terms.
“It must be clear by now that governments don’t work for the interest of the people, but for big banks and corporations,” the hacker collective says in the video. “Do you or your children really want to live in a world where the government spies on its own citizens and sees you as a potential terrorist or criminal?”
Anonymous also announced that it would release today the names of KKK members that it gathered from hacked websites and databases. This would be the group’s latest high-profile action.
Anonymous is credited with dozens of “hacktivist” activities — against a wide range of government and private entities that rouse its ire. Previous targets have included the governments of the US and Israel, the Church of Scientology, child pornography sites, major corporations and the rabidly anti-gay Westboro Baptist Church.
The hacker collective sees the Internet as “one of the last truly free vessels that we the citizens have access to” and it has come out against what they view as harmful to that freedom. This includes government initiatives such as the Stop Online Privacy Act, the Cyber Intelligence Sharing and Protection Act, and the Trans-Pacific Partnership.
Readers, tell us what you know about this “action” — and what you think of it. Share your thoughts in our Comments section below.
Related front page panorama photo credit: Guy Fawkes Night bonfire (Shane Global / Flickr – CC BY 2.0 )
Cult Movie Inspires Global Protest Against Internet Censorship
Anonymous to Commemorate Guy Fawkes Day with Hundreds of Events
Members of Anonymous with Guy Fawkes masks. Photo credit: Peter K. Levy / Flickr (CC BY-SA 2.0)
Members of Anonymous with Guy Fawkes masks. Photo credit: Peter K. Levy / Flickr (CC BY-SA 2.0)
Here’s something sure to raise “hackles” in corporate boardrooms everywhere: The hacker collective Anonymous is marching in cities around the world today in the name of a free Internet.
The more than 600 events scheduled coincide with Guy Fawkes Day, an English holiday that animates the plot of the popular anti-tyranny movie V for Vendetta. Guy Fawkes was a notorious rebel who tried to blow up the English Parliament in 1605.
The Free Flow of Information: Unstoppable
“This year you are invited to stand against censorship and tyranny, corruption, war, poverty,” Anonymous said in a video on the Million Mask March website. “Millions will unite around the globe on the 5th of November to make their voices heard and let the various governments of the world know that they’ll never stop the free flow of information.”
Most of the events will be held in the US and Europe. In London protesters will gather outside the Ecuadorian embassy, where Wikileaks founder Julian Assange has found temporary refuge from prosecution. Hacktivists see his prosecution as payback for his making public vast numbers of top-secret files. Another major demonstration is planned for Washington, DC.
Others actions are scheduled for remote areas like Greenland and even, purportedly, scientific stations in Antarctica.
Only a handful of events are planned in countries like Russia and China, which have a history of dealing harshly with protesters.
The Million Mask March website warns marchers to be prepared for government counter-measures.
“Don’t risk your safety. Depending upon your country, if you believe you must go with superhero costumes, flowers, peace signs and pink sunglasses, do it,” the site states. “Go with a buddy. Keep your cameras on, and never surrender your camera.”
“Governments Don’t Work for the Interest of the People”
While advising caution, Anonymous frames the rationale for the Million Mask March in the starkest terms.
“It must be clear by now that governments don’t work for the interest of the people, but for big banks and corporations,” the hacker collective says in the video. “Do you or your children really want to live in a world where the government spies on its own citizens and sees you as a potential terrorist or criminal?”
Anonymous also announced that it would release today the names of KKK members that it gathered from hacked websites and databases. This would be the group’s latest high-profile action.
Anonymous is credited with dozens of “hacktivist” activities — against a wide range of government and private entities that rouse its ire. Previous targets have included the governments of the US and Israel, the Church of Scientology, child pornography sites, major corporations and the rabidly anti-gay Westboro Baptist Church.
The hacker collective sees the Internet as “one of the last truly free vessels that we the citizens have access to” and it has come out against what they view as harmful to that freedom. This includes government initiatives such as the Stop Online Privacy Act, the Cyber Intelligence Sharing and Protection Act, and the Trans-Pacific Partnership.
Readers, tell us what you know about this “action” — and what you think of it. Share your thoughts in our Comments section below.
Related front page panorama photo credit: Guy Fawkes Night bonfire (Shane Global / Flickr – CC BY 2.0 )
