document
[https://www.documentcloud.org/documents/25260...],
as of December 2022 law enforcement in the country could rent spyware for
Γé¼150 a day, regardless of which vendor they used, and without the large
acquisition costs which would normally be prohibitive. > > As a result,
thousands of spyware operations have been carried out by Italian
authorities in recent years, according to a report
[https://irpimedia.irpi.eu/en-italian-spyware-...]
from Riccardo Coluccini, a respected Italian journalist who specializes in
covering spyware and hacking.
Italian spyware is cheaper and easier to use, which makes it more widely
used. And Italian companies have been in this market for a long time.
** *** ***** ******* *********** *************
** STEVE BELLOVINΓÇÖS RETIREMENT TALK
------------------------------------------------------------
[2024.11.20]
[https://www.schneier.com/blog/archives/2024/1...]
Steve Bellovin is retiring. HereΓÇÖs
[https://www.cs.columbia.edu/~smb/blog/2024-05...] his
retirement talk, reflecting on his career and what the cybersecurity field
needs next.
** *** ***** ******* *********** *************
** SECRET SERVICE TRACKING PEOPLEΓÇÖS LOCATIONS WITHOUT WARRANT
------------------------------------------------------------
[2024.11.21]
[https://www.schneier.com/blog/archives/2024/1...]
This feels important
[https://www.404media.co/email/f459caa7-1a58-4...]:
> The Secret Service has used a technology called Locate X which uses
location data harvested from ordinary apps installed on phones. Because
users agreed to an opaque terms of service page, the Secret Service
believes it doesnΓÇÖt need a warrant.
** *** ***** ******* *********** *************
** THE SCALE OF GEOBLOCKING BY NATION
------------------------------------------------------------
[2024.11.22]
[https://www.schneier.com/blog/archives/2024/1...]
Interesting analysis
[https://www.lawfaremedia.org/article/how-geob...]:
> We introduce and explore a little-known threat to digital equality and
freedomwebsites geoblocking users in response to political risks from
sanctions. U.S. policy prioritizes internet freedom and access to
information in repressive regimes. Clarifying distinctions between free and
paid websites, allowing trunk cables to repressive states, enforcing
transparency in geoblocking, and removing ambiguity about sanctions
compliance are concrete steps the U.S. can take to ensure it does not
undermine its own aims.
The paper: ΓÇ£Digital Discrimination of Users in Sanctioned States: The Case
of the Cuba Embargo
[https://www.usenix.org/conference/usenixsecur...]ΓÇ¥:
> Abstract: We present one of the first in-depth and systematic end-user
centered investigations into the effects of sanctions on geoblocking,
specifically in the case of Cuba. We conduct network measurements on the
Tranco Top 10K domains and complement our findings with a small-scale user
study with a questionnaire. We identify 546 domains subject to geoblocking
across all layers of the network stack, ranging from DNS failures to
HTTP(S) response pages with a variety of status codes. Through this work,
we discover a lack of user-facing transparency; we find 88% of geoblocked
domains do not serve informative notice of why they are blocked. Further,
we highlight a lack of measurement-level transparency, even among HTTP(S)
blockpage responses. Notably, we identify 32 instances of blockpage
responses served with 200 OK status codes, despite not returning the
requested content. Finally, we note the inefficacy of current improvement
strategies and make recommendations to both service providers and
policymakers to reduce Internet fragmentation.
** *** ***** ******* *********** *************
** SECURITY ANALYSIS OF THE MERGE VOTING PROTOCOL
------------------------------------------------------------
[2024.11.25]
[https://www.schneier.com/blog/archives/2024/1...]
Interesting analysis: An Internet Voting System Fatally Flawed in Creative
New Ways [https://arxiv.org/pdf/2411.11796].
> Abstract: The recently published ΓÇ£MERGEΓÇ¥ protocol is designed to be used
in the prototype CAC-vote system. The voting kiosk and protocol transmit
votes over the internet and then transmit voter-verifiable paper ballots
through the mail. In the MERGE protocol, the votes transmitted over the
internet are used to tabulate the results and determine the winners, but
audits and recounts use the paper ballots that arrive in time. The
enunciated motivation for the protocol is to allow (electronic) votes from
overseas military voters to be included in preliminary results before a
(paper) ballot is received from the voter. MERGE contains interesting ideas
that are not inherently unsound; but to make the system trustworthy -- to
apply the MERGE protocol -- would require major changes to the laws,
practices, and technical and logistical abilities of U.S. election
jurisdictions. The gap between theory and practice is large and
unbridgeable for the foreseeable future. Promoters of this research project
at DARPA, the agency that sponsored the research, should acknowledge that
MERGE is internet voting (election results rely on votes transmitted over
the internet except in the event of a full hand count) and refrain from
claiming that it could be a component of trustworthy elections without
sweeping changes to election law and election administration throughout the
U.S.
** *** ***** ******* *********** *************
** WHAT GRAYKEY CAN AND CANΓÇÖT UNLOCK
------------------------------------------------------------
---
* Origin: High Portable Tosser at my node (618:500/14.1)
|
Computer Support/Help/Discussion... 
