The Daily Parker

Politics, Weather, Photography, and the Dog

First Monday of October

The United States Supreme Court began their term earlier today, in person for the first time since March 2020. Justice Brett Kavanagh (R) did not attend owing to his positive Covid-19 test last week.

In other news:

So how did facebook.com disappear from root DNS, the day after 60 Minutes aired a segment on Haugen?

Monday lunchtime reading

Just a couple today, but they seem interesting:

And wow, did the Chicago Bears have a bad game yesterday.

Late morning things of interest

So these things happened:

And finally, break out the Glühwein: Chicago's Christkindlmarket will return to Daley Plaza and Wrigleyville this winter.

Thank you, T-Mobile

I've just spent the last 45 minutes transferring all my auto-pay accounts to a new credit card after my bank notified me that someone in Berlin tried to use my old card to buy something on a French website. Since this happened just a couple of days after T-Mobile once again lost control of millions of customer records, I assume that's how my card number wound up with a European criminal.

Or maybe it came from one of the companies whose accounts I just had to update? According to C-Net, "T-Mobile says there's no indication any consumer financial data, such as credit card or other payment information, was compromised." Uh huh.

Until companies have to endure real consequences for their own crappy security, this will continue to happen.

How is it already 4pm?

I have opened these on my Surface at work, but I'll have to read them at home:

Finally, Empirical Brewery has a new line of beer that supports Tree House Cats at Work. I'll try some and let you know.

Happy birthday, Gene

Eugene Wesley Roddenberry would have been 100 years old todayStar Trek and NASA have a livestream today to celebrate.

In other news:

Finally, sometime today I hope to finish reading Joe Pinsker's interview with author Oliver Burkeman about how not to get sucked into things that waste your time, like the Internet.

Vaccines, climate change, and trains

Those topics led this afternoon's news roundup:

  • The Intergovernmental Panel on Climate Change released its 6th periodic report on the state of the planet, and it's pretty grim. But as Josh Marshall points out, "Worried about life on earth? Don’t be. Life’s resilient and has a many hundreds of millions of years track record robust enough to handle and adapt to anything we throw at it. But the player at the top of the heap is the first to go."
  • Charles Blow has almost run out of empathy for people who haven't gotten a Covid-19 jab. Author John Scalzi takes a more nuanced view, at least distinguishing between the people who peddle the lie and those who merely buy it.
  • A research group has discovered how they can own your locked-down computer in about 30 minutes with a few tools, but at least they also tell you how to lock it down better.
  • Almost half of Amtrak's $66 billion cash infusion will go to making New York City more navigable. I want my HSR to Milwaukee, dammit!
  • Sometime last week, a Russian capsule accidentally fired a thruster, sending the International Space Station into a 540-degree roll.

Finally, long-time police reporter Radley Balko exposes the lie that keeps innocent people in jail.

Facing limitations of security software

Via Bruce Schneier, researchers have developed software that can bamboozle facial-recognition software up to 60% of the time:

The work suggests that it’s possible to generate such ‘master keys’ for more than 40% of the population using only 9 faces synthesized by the StyleGAN Generative Adversarial Network (GAN), via three leading face recognition systems.

The paper is a collaboration between the Blavatnik School of Computer Science and the school of Electrical Engineering, both at Tel Aviv.

StyleGAN is initially used in this approach under a black box optimization method focusing (unsurprisingly) on high dimensional data, since it’s important to find the broadest and most generalized facial features that will satisfy an authentication system.

This process is then repeated iteratively to encompass identities that were not encoded in the initial pass. In varying test conditions, the researchers found that it was possible to obtain authentication for 40-60% with only nine generated images.

The paper contends that ‘face based authentication is extremely vulnerable, even if there is no information on the target identity’, and the researchers consider their initiative a valid approach to a security incursion methodology for facial recognition systems.

Hey, humans have evolved for 20,000 years or longer to recognize faces, and we make mistakes all the time. Maybe security software just needs more time?

Inside the Anom phone

Via Bruce Schneier, Motherboard got ahold of a pair of Anom phones, which the FBI and Australian Federal Police used to take down a bunch of criminal networks earlier this year:

Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn't an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app.

After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries. They said they contacted the Australian Federal Police (AFP) in case the phone or the person who sold it was of interest to them; when the AFP didn't follow up, the person agreed to sell the phone to Motherboard for the same price they paid. They said they originally bought it from a site similar to Craigslist.

Anom started when an FBI confidential human source (CHS), who had previously sold devices from Phantom Secure and another firm called Sky Global, was developing their own product. The CHS then "offered this next generation device, named 'Anom,' to the FBI to use in ongoing and new investigations," court documents read.

In June the FBI and its law enforcement partners in Australia and Europe announced over 800 arrests after they had surreptitiously been listening in on Anom users' messages for years. In all, authorities obtained over 27 million messages from over 11,800 devices running the Anom software in more than 100 countries by silently adding an extra encryption key which allowed agencies to read a copy of the messages. People allegedly smuggling cocaine hidden inside cans of tuna, hollowed out pineapples, and even diplomatic pouches all used Anom to coordinate their large-scale trafficking operations, according to court documents.

 

That's some cool and scary shit. I'm glad they got all those criminals, but what happens when the people targeted are political dissidents? As Schneier has discussed at length, there is no such thing as a zero-trust environment.

The NSA has a sense of humor

After Fox network blowhard Tucker Carlson whined that the National Security Agency, the US intelligence service tasked with spying on communications outside the US, had tapped his phones, the agency clapped back on Twitter:

TPM's Cristina Cabrera reports, "Carlson doubled down on his accusation shortly afterward on his program, saying the NSA’s statement 'an entire paragraph of lies written purely for the benefit of the intel community’s lackeys at CNN and MSNBC.'"

The NSA is just having a bit of sport with Carlson, but one can't know for sure. First, the NSA would never admit to spying on anyone. But second, even if the NSA were spying on him, wouldn't Carlson want to know which overseas friend of his would have attracted the agency's attention, and why?

In related news, the Manhattan District Attorney appears ready to charge the Trump Organization and its CFO with tax crimes tomorrow morning. Stay tuned!