cover photo

Sophie

sophie@hub.somaton.com

Facebook. The social networking service that gives a whole new meaning to the word "security"

Sophie
  
Abuse of 2FA for text message spam.
Facebook Notification Spam Has Crossed the Line

Image/photo


The spamming has even extended to those who sign up for two-factor authentication—which is a great way to turn people off to that extra layer of security.


Facebook’s new efforts often feel so annoying because it’s easy to forget that it's not just a social network, but a for-profit advertising business. The new notifications and features aren’t really that at all—they’re spam and marketing campaigns.

Who would have thought...?
Sophie
  
I will let you know, if there is one, Haakon! Can't make any promises, though...
Manuel
  
Me too :-/
Sophie
  last edited: Wed, 31 Jan 2018 11:47:58 +0100  
Haha, yes Manuel!

I will totally brag about it on Hubzilla and spam everbody's timlines! winking face
Detecting Drone Surveillance with Traffic Analysis

Sophie
  
Schneier on SecuritySchneier on Security wrote the following post Wed, 24 Jan 2018 12:28:32 +0100
Detecting Drone Surveillance with Traffic Analysis
Detecting Drone Surveillance with Traffic Analysis

This is clever:
Researchers at Ben Gurion University in Beer Sheva, Israel have built a proof-of-concept system for counter-surveillance against spy drones that demonstrates a clever, if not exactly simple, way to determine whether a certain person or object is under aerial surveillance. They first generate a recognizable pattern on whatever subject­ -- a window, say -- someone might want to guard from potential surveillance. Then they remotely intercept a drone's radio signals to look for that pattern in the streaming video the drone sends back to its operator. If they spot it, they can determine that the drone is looking at their subject.

In other words, they can see what the drone sees, pulling out their recognizable pattern from the radio signal, even without breaking the drone's encrypted video.

The details have to do with the way drone video is compressed:
The researchers' technique takes advantage of an efficiency feature streaming video has used for years, known as "delta frames." Instead of encoding video as a series of raw images, it's compressed into a series of changes from the previous image in the video. That means when a streaming video shows a still object, it transmits fewer bytes of data than when it shows one that moves or changes color.

That compression feature can reveal key information about the content of the video to someone who's intercepting the streaming data, security researchers have shown in recent research, even when the data is encrypted.

Research paper and video.
Alexandre Hannud Abdo
  
Clever... clever...
For those wondering

Sophie
  
https://blog.cryptographyengineering.com/2018/01/10/attack-of-the-week-group-messaging-in-whatsapp-and-signal/

Matthew Green on WhatsApp and Signal group messaging:

If all you want is the TL;DR, here’s the headline finding: due to flaws in both Signal and WhatsApp (which I single out because I use them), it’s theoretically possible for strangers to add themselves to an encrypted group chat. However, the caveat is that these attacks are extremely difficult to pull off in practice, so nobody needs to panic. But both issues are very avoidable, and tend to undermine the logic of having an end-to-end encryption protocol in the first place. (Wired also has a good article.)
[...]

So the main lesson here is: test, test, test. This is a strong argument in favor of open-source applications and frameworks that can interact with private-garden services like Signal and WhatsApp. It lets us see what the systems are getting right and getting wrong.

The second lesson — and a very old one — is that cryptography is only half the battle. There’s no point in building the most secure encryption protocol in the world if someone can simply instruct your client to send your keys to Mallory. The greatest lesson of all time is that real cryptosystems are always broken this way — and almost never through the fancy cryptographic attacks we love to write about.
Dutch press kicking ass

Sophie
  
Dutch Reporters Stun Trump’s Ambassador by Pressing Him to Admit He Lied About “No-Go Zones”
Dutch reporters simply ignored a plea from the new United States ambassador, Pete Hoekstra, to forget all about the fact that there is video of him lying about their country in 2015. In the video, he insisted that parts of the Netherlands have been surrendered to Islamist radicals that supposedly rule over “no-go zones” for non-Muslims, where Dutch politicians have been set on fire.
[...]
“This is the Netherlands; you have to answer questions.”

Image/photo
Haakon Meland Eriksen (Parlementum)
  
Image/photo
mrjive
  
“This is the Netherlands; you have to answer questions.”


boom! :)
Manuel (con la inmensa minoría...)
  
Image/photo
backups

Sophie
  
I have been waaaay too loose with making backups in the past, and would like to find an easy to handle solution for Linux and OSX double boot. I think I have to address those two seperately, and while I am at it, I would like to make encrypted backups only from now on.

I would gladly like to hear your opinions on the following questions:

Does anyone have experience with a similar setup? Linux double boot with something else?

Has anyone ever tried restic?
https://github.com/restic/restic

How many backups and in which places do you have?
Sophie
  
thanks for the quick reply, that sounds very transparent... still have to decide though, if I am going to use a closed source app on my Linux ;-)
Andrew Manning
  
To be clear, I am not encouraging you to do so. I'm just sharing what has been working well for me. If they are legitimate, it feels nice to be supporting a company with the right values concerning data privacy. They do have some source code open on GitHub if you take a look.
Sophie
  
No worries! Thanks for sharing! Very much appreciated!
Sophie
  
New Project Veritas Dossier Compiles Photos of James O’Keefe’s Known Associates

Image/photo


The Washington Post got lucky. If James O'Keefe's operative had used a fake name, the newspaper would have had a harder time exposing them.
Sicherheit - zu Lasten der Grundrechte

Sophie
  last edited: Sat, 16 Dec 2017 19:51:32 +0100  
ccc timelineccc timeline wrote the following post Fri, 15 Dec 2017 18:33:17 +0100
ccc: Automatische Gesichtserkennung, flächendeckend an Bahnhöfen und Flughäfen http://www.tagesschau.de/inland/gesichtserkennung-141.html


Ich frage mich, wer bei den Europäischen Innenministern so derartig für Überwachung lobbyiert, wäre mal eine interessante Recherche. So viel Dumpfbackentum aus allen Ecken...

Seit Monaten filmen Kameras am Berliner Südkreuz die Reisenden. Das Projekt zur Gesichtserkennung ist ein Liebling von Minister de Maizière und wurde nun verlängert. Bedenken von Datenschützern wischt er beiseite - dabei fehlt jegliche Rechtsgrundlage.
Die gesetzliche Grundlage will Innenminister de Maizière erst noch schaffen, dann will er die Gesichtserkennung möglichst flächendeckend an Bahnhöfen und Flughäfen einführen
Sophie
  
Seltsam, irgendwie zerreißt es den Original post.
Maria Karlsen
  
I think you are missing a [/share] at the end of the post.
Sophie
  
Thanks! I accidentally deleted that.
Tracking und Microtargeting im Wahlkampf

Sophie
  
Ist Facebook-Tracking mit "sensiblen Daten" erlaubt?

Image/photo


Facebook hat im Nationalratswahlkampf auf sensible Daten wie die politische Einstellung der User zugegriffen. Doch ist das erlaubt? Dazu gibt es verschiedene Rechtsansichten.
[...]
Von der österreichischen Datenschutzbehörde war nach mehrmaligen Anfragen allerdings nur eine Standard-Antwort zu bekommen: „Wie Sie wissen, gibt die Datenschutzbehörde außerhalb konkreter Verfahren keine Stellungnahme ab, weil dies das Ergebnis eines möglichen Verfahrens präjudizieren könnte“, heißt es. Anders als in Belgien, Spanien, Frankreich, Niederlande und Deutschland darf die Datenschutzbehörde nämlich nur aktiv werden, wenn ein konkretes Verfahren eingeleitet wird.


[sarcasm]Ob da nicht was falsch läuft mit der österreichischen Daten*schutz*behörde?[/sarcasm]
Sophie
  
Und der verlinkte Artikel ist auch ziemlich spannend, über einen Vortrag auf der Privacyweek:

Digitaler Wahlkampf: Von Microtargeting bis zu Dark Posts

Image/photo


Digital-Experte Tom Thaler erzählt, wie Parteien bei der Nationalratswahl digitale Fußabdrücke auf Facebook strategisch gesammelt und zur Kampagnensteuerung ausgewertet haben.

Facebook Pixel zum Tracking
Laut Thaler wurden die Personen, die in die Zielgruppe „noch zu überzeugen“ fallen, aber nicht nur auf Facebook angesprochen, obwohl Facebook rund 90 Prozent des digitalen Wahlkampfes und täglich ein hohes, „bis zu fünfstelliges Budget“ ausgemacht habe.

„Ich selektiere eine Zielgruppe und die verfolge ich auf jeder Plattform. Egal wo. Wenn jemand gerade auf Tinder ist, dann halt dort. Sich auf nur eine Plattform zu konzentrieren, ist 90er-Jahre-Style. Ich mache eine Kampagne und erreiche eine Person dort, wo sie sich gerade aufhält“, meint Thaler. Dazu wird ein Marketing-Tool namens „Facebook Pixel“ eingesetzt.
Good Morning World

Sophie
  
I am very much enjoying a slow morning with music.



Dave Douglas - Poses (Rufus Wainwright Cover)
by Jazz Covers on YouTube
Manuel
  
Good morning, Sophie! To name you is to invoke wisdom :-)
Sophie
  
:-)
HA!

Sophie
  
TIME Person of the Year 2017: The Silence Breakers

Image/photo

The voices that launched the movement against sexual harassment
Maria Karlsen
  
Image/photo
Sandzwerg
 
sandzwerg favourited a status by sophie@hub.somaton.com
Manuel
  
Image/photo
Looking for an html5 player

Sophie
  last edited: Tue, 28 Nov 2017 22:49:55 +0100  
Ok, you smart people out there, a -possibly stupid- question:

Is there such a thing as a html5 player that works without javascript? Specifically, I am looking for a Wordpress plugin I could use for my new website.

You have my everlasting gratitude for any recommendations.

#wordpress
Mike Macgirvin
 
The <video> and <audio> HTML5 tags bring up a native player without any javascript required.
Alexandre Hannud Abdo
  
Is your intent to play videos hosted on your site? In that case, can't you simply use the <video> tag with wordpress, no plugins or javascript required?
Sophie
  
Yes, I was probably making things too complicated - I was sure I need a plugin to play audio on my soon-to-be-wordpress-site. Looking through the listed plugins, I could only find stuff that requires javascript.

I would also like to embed videos from Vimeo, but I might not do that, because I think there is no js free solution to that. I still have to decide upon that.

Thanks @mike and @Alexandre Hannud Abdo !
Sophie
  
So here is another *really* cool project, this time not a friend of mine, badass tenor player Ben Wendel in duo with 12 different musicians, over the course of twelve months.

The Seasons - YouTube

Image/photo

Working... Working... Loading playlists......
mrjive
  
Image/photo
Tune In!

Sophie
  
For anyone in the mood for some free improv from Amsterdam: the farewell to Huub is now being broadcasted (longtime curator at bimhuis, the fanciest Jazz venue in Amsterdam).


Radio | BIMHUIS | Amsterdam | Jazz, Impro, World Music

Image/photo


BIMHUIS Radio is het online radioplatform van het BIMHUIS. Regelmatig worden er concerten vanuit het BIMHUIS live uitgezonden.
Sophie
  
Mann will mit Rakete beweisen, dass die Erde flach ist

Image/photo


Mit einer selbstgebastelten Rakete, in der sich der Verschwörungstheoretiker Mike Hughes in die Luft schießt, will dieser den Beweis erbringen, dass die Erde eine Scheibe ist. [...] Das 20.000 Dollar teure Konstrukt soll Hughes mit per Wasserdampf-Antrieb und bis zu 800 km/h in eine Höhe von 550 Metern bringen.


Mir fallen da etliche Berge ein, die weit höher sind als 550m, kommt auch um einiges billiger, so eine Wanderung-
bling bling
 from Diaspora
Vielleicht fliegt er aber nah am Scheibenrand hoch und will ni vom Tellerrand fallen. Geht quasi lieber auf Nummer sicher. Macht Sinn! Und Berge sind eigentlich alte Baumstümpfe!

Aber am Ende kriegt er ne menge Aufmerksamkeit und paar Dollars, die ihm sein Hobby möglich machen. Da lacht er am Ende alle aus^^
Sophie
  
Amazon Creates Classified US Cloud - Schneier on Security

Image/photo

Amazon has a cloud for US classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified data was able to do it.                    Tags: Amazon, cloud computing, intelligence, national security poli...
My friend Rob

Sophie
  


Old Route 66 and Bagdad Cafe and how things don't always go well.
by Real Rob On The Road on YouTube

This is my old friend Rob Armus, who I met and played with when we were both still living in Amsterdam. What a warm person. Originally from the US, he is on a busking tour with his partner Dana. They do a vlog every once in a while.
Bin grad a bissl sprachlos

Sophie
  
G20-Überwachungstechnik filmt weiter: Großer Bruder Telemichel

Image/photo

Zum G20-Gipfel baute die Hamburger Polizei die Überwachungsinfrastruktur aus. Nun ist klar: Damals installierte Kameras sollen weiter filmen.
This is wrong on so many levels

Sophie
  
Iran Is Sending Afghan Children To Fight for Assad in Syria

Image/photo


Afghan refugees in Germany told The Intercept how they fled their adopted home of Iran to avoid being sent to Syria to fight and die for Bashar al-Assad.
Sophie
  
Discovered only today

Got Zot — Mike Macgirvin – We Distribute – Medium

Image/photo

An interview with the creator of Friendica, Hubzilla, and the Zot protocol.