DefCon to Feds: We need space in our relationship

There's an annual security conference in Las Vegas called DefCon. They talk about all sorts of security vulnerabilities, many of which were pretty much unknown to the general public until they were disclosed at this event. For example, last year someone built a radio-controlled airplane that was a cellular repeater, except it intercepted all cell calls in its area and logged the information. Now after we've learned about PRISM, it seems kind of quaint.

They also played a game called Spot The Fed. If you saw someone whom you thought were FBI or some other TLA, you could accuse them and put them up on the stage for group interrogation. It was all good fun.

Until this year.

The organizer of DefCon, Jeff Moss, posted the following on the DefCon web site:

“For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.”

I'm sure there will be some Feds there, but they'll be a lot more careful about how they interact with the attendees.

http://krebsonsecurity.com/2013/07/def-con-to-feds-stay-home-this-year/

License plate scanners are becoming pervasive

This bothers me because it's cheap to keep this data indefinitely. This article shows the data retention policies of various agencies that use them, and they vary from 'discard immediately after comparing to a stolen or wanted list' to 'keep forever and let anyone in the department browse the information.' I know El Paso, TX has them, but they're not on the list. The thing that I hate is that in many cases this information is being shared with both the Feds and private industry: repo agents are getting ahold of it.

I'm just waiting for the news breach that the cell phone companies have been giving our location data to the Feds. It's one thing for you to be followed by law enforcement if you're a suspect in a case and they have probable cause, it's another thing for this data to be swept up on everybody. As the revelations of PRISM have shown, it's not difficult to build detailed information on people simply with the metadata.

I think it's time to look in to or build a license plate frame surrounded by infrared LED lights.

http://www.wired.com/threatlevel/2013/07/license-plate-readers/

Great sadness! The H security site is shutting down!

The H is a computer security and news site out of Germany that I have found quite informative, unfortunately the owners have been unsuccessful in monetizing it and they've decided that it is time to close the doors. They were a pretty good news source, and I'm very sad to see them go.

http://www.h-online.com/open/news/item/The-H-is-closing-down-1920027.html


Here's a list of some of their favorite news stories, including the one that speculated that Skype could be listened to by Microsoft and government agencies long before PRISM was revealed.

http://www.h-online.com/features/The-Final-H-Roundup-1919816.html

Low wage workers "encouraged" to use payroll debit cards instead of checks or direct deposit

A lot of employees at Walgreens, Taco Bell, McDonalds, etc. don't make a lot of money. Banks have invented a new tool to make more money: payroll credit cards. The employer credits the money to the account, the employee has immediate access to their money without the hassle and fees of depositing or cashing their checks. The only problem is that pretty much anything they do with the card results in a fee being charged against their fairly small take-home pay.

And because the cards are a recent invention, there's pretty much no regulations against it.

The employers frequently offer direct deposit, but put a mountain of paperwork in the way to avoid the card. The other problem is that low-wage workers frequently have no credit history or too many bounced checks to open a real bank account.

I guess there's nothing more fun than exploiting the poor.

http://www.nytimes.com/2013/07/01/business/as-pay-cards-replace-paychecks-bank-fees-hurt-workers.html?pagewanted=all&_r=0