The computer you are sitting at right now probably has a microphone. It probably also has a camera looking at you this moment. Is it sending sound and pictures from inside your house to the PRISM program at NSA?
Who knows? But one thing is for sure — the technology is sitting there, on your desk. Welcome to Winston’s world.
Yesterday we crossed a line. What once seemed kooky is now happening. I figured this would be a fight for a future generation, but it is ours. The frightening future has arrived.
But no war, no threat, no nothing justifies the National Security Agency obtaining a direct pipeline to the Skype chats of every American. What possible justification is there for the government watching granddad talk to his grandkids in real time back in Laurel, Maryland?
Think it can’t happen? It already has.
John Sexton on Breitbart asks: What if it is not just metadata the NSA is collecting?
The claim being made in public right now is that the NSA used section 215 of the Patriot Act to collect metadata on phone calls. However there is some evidence that the NSA is actually recording the content of phone calls.
Last week I published a clip of actor Shia LaBeouf claiming, on the Jay Leno show, that an FBI consultant on the movie Eagle Eye had played him a 2 year old clip of a private phone conversation. I noted at the time that this claim had to be taken with a grain of salt given that LaBeouf was on TV to promote a film about government monitoring of communications. But given that secret information sometimes leaks to Hollywood before the rest of us, it seemed worth mentioning.
But LaBeouf is not the only person who has made this claim about the NSA having access to private calls. Just last month former FBI counter-terrorism expert Tim Clemente appeared on the Erin Burnett show on CNN to discuss the Boston marathon bombing. The discussion turned to the possibility of charges against Tsarnaev’s wife. Burnett wondered if it would be possible to prove complicity given that there would be no way to know what they talked about on the phone. Here’s the exchange (audio is faint so you may need to turn it up)…
But that’s not all.
Even the most innocent, commonplace snapshots that you take with your smartphone can contain metadata that reveals personal information about your family.
“Smart appliances” including electrical meters, automotive systems such as OnStar, and other devices with embedded computers can be used to collect and extract information about your activities.
How about making sure that the politically disfavored classes will freeze in the dark? Bureaucrat-controlled thermostats are on the way.
Nakedsecurity urges computer users to log out of their profiles when finished with their activities. And don’t have the computer store your passwords. If you’re afraid you’ll forget a password and lock yourself out, you can always write your passwords on a piece of paper and lock it up in a safe that you own.
Nudists beware: Spy drones can see what you’re wearing (or not wearing) from 17500 feet.
Living in a rural area won’t keep you safe from totalitarian spying. Twitchy has the story on that:
Having so many different Obama administration scandals demanding the public’s attention all at once almost works in the administration’s favor; before the full implications of one scandal sink in, another one erupts. While the NSA has managed to bump the IRS from the headlines this week, it’s worth noting that the Environmental Protection Agency is busy doing its part to erode what’s left of the public’s trust in the government.
The Free Beacon reported this week that 24 senators signed a letter demanding to know why the EPA leaked the personal information of more than 80,000 farms, includes names, phone numbers and personal addresses, to left-wing environmental groups like Earth Justice, the Pew Charitable Trust and the Natural Resources Defense Council. Ten states caught sending the personal data recalled it for redaction and then resent it; Montana and Nebraska, however, ended up mistakenly resending the personal information.
TechCrunch: Smile! Hackers Can Silently Access Your Webcam Right Through The Browser (Again)
…A new proof of concept is making the rounds today that demonstrates how a hacker can snap pics off your webcam, right through the browser, with no consent required.
Well, technically, you are giving consent. You just wouldn’t know it.
Outlined by security consultant Egor Homakov, the hack brings in a few old tricks to work around Flash’s requirement that a user explicitly grants a website permission before it can access their camera or microphone.
Without going into to much detail, the demo uses a bunch of fancy CSS/HTML trickery to render Flash’s permission prompt in a transparent layer, placing the now invisible “Allow” button directly above something the user is likely to click — like, say, the “Play” button on a video.
The basic technique, dubbed Clickjacking, is nothing new. I’d actually generally avoid writing about things like this, if it were new, to keep the word from spreading before the companies got a chance to fix it — but these techniques are already very well known in the hacking world. In fact, a post on Adobe’s security blog suggests that they fixed the bug (or a similar one) way back in 2011. “No user action or Flash Player product update are required,” it reads.
And yet… it still works. We tested the proof of concept on the latest build of Chrome for Mac, and it pulled from our webcam without issue or any visible prompt. Others have found the exploit to work on IE10, but it seems to be patched on the most recent releases of Safari and Firefox. When it works, the only evidence that the camera was ever accessed is a near instant and oh-so-easy-to-miss blink of the LED indicator.
[UPDATE: Google has acknowledged and fixed the bug in Chrome with version 27.0.1453.116, released six days after our initial report on 6/13]
You can test the proof of concept yourself here (Heads Up: If you consider girls in bikinis to be NSFW, that link is NSFW. Also, it’ll take a picture of you, though the author claims he’s not storing them — but clarifies that someone could, if they wanted).
If your browser doesn’t visibly render the permission box and clicking the play button snaps a picture of you, your browser fails the test. If it shows the permission box or blocks the click, you’re safe (from this specific exploit, at least).
The Conversation Prism (2010 version) by Brian Solis and JESS3:
The grabbermint is watching and collecting it all
We stay tuned.