Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re detecting/creating (Score 1) 71

by terbo (#48712729) Attached to: New App Detects Government Stingray Cell Phone Trackers

The primary methods of detecting IMSI-Catchers and Fake BTS's is described here (pdf), and due to the variety of manufacturers' baseband interfaces, there wasn't an easy way to uniformly detect these devices.

IMSI-Catcher doesn't seem to work on my old, non-GSM Android, but I've also found OsmocomBB to be interesting; it's an open source GSM broadband implementation that seems to work on some older, cheap phones, like some motorola candy bars; check out Catcher Catcher for more info.

In terms of the IMSI Catcher devices themselves, I've seen estimations of $20 to $1500 to make one, from using cheap RTL-SDR devices to a full SDR (~$400-1500) to run a full fake GSM BTS.

The legal usage of IMSI-Catchers doesn't seem clear to me. It is essentially a MiTM attack, which at least android devices seem to go out of their way to ignore. The law enforcement usage seems worded in ways that would just confuse 50+ year old judges. And they have to go far out of the way to make sure that you don't notice an interruption in service, by forwarding any on-going communications to their intended recipients and tunneling them back, if they go are run over time and don't disassociate.

I haven't seen any estimation on how often these things are used. Besides, hacked femtocell's are probably also responsible for a lot of these rogue BTS's; I wonder if that would be discovered with such detection methods?

Comment: Re:Who cares (Score 1) 168

by terbo (#48222887) Attached to: Austin Airport Tracks Cell Phones To Measure Security Line Wait

Modern IOS versions randomize the MAC used for passive wifi scans. I'd imagine android is also doing the same.

Its been said that this is how they have changed IOS 8, however
I've only noticed that they have decreased the number of beacons it sends greatly;
the same MAC is used for the probes; and given the ability to profile devices passivly [pdf],
the MAC may not be the only thing to worry about.

If you have a wireless card that can go into monitor (radio promisc) mode,
you can see all of the probes constantly travelling around us:

tshark -i mon0 -R 'wlan.fc.type_subtype eq 4' -T fields -e -e wlan_mgt.ssid -e radiotap.dbm_antsignal -e frame.time -E separator=, -E quote=d

Thing is the penetration of these monitoring techniques is difficult to
ascertain, I've been looking for them when I visit big retailers, but
according to people like Glenn Wilkinson and Brendan O'Connar,
these may be fairly easy to setup and in wide use surreptitiously.
(Authors of Snoopy and CreepyDOL)

+ - The Pentagon as Silicon Valley's Incubator

Submitted by Anonymous Coward
An anonymous reader writes: The Times has an article about how people coming out of the Pentagon are helping create a boom in technology start-ups. From the article: 'In the last year, former Department of Defense and intelligence agency operatives have headed to Silicon Valley to create technology start-ups specializing in tools aimed at thwarting online threats. Frequent reports of cyberattacks have expanded the demand for security tools, in both the public and private sectors, and venture capital money has followed. In 2012, more than $1 billion in venture financing poured into security start-ups, more than double the amount in 2010, according to the National Venture Capital Association.'

Comment: Life, the lesson (Score 1) 813

by terbo (#41144601) Attached to: How Long Do You Want To Live?

I'd say getting to see my grand kids would be the ultimate.
Telling them a few of the things I had seen first hand.

Beyond that, immortality seems silly, some come here
to learn lessons, but want to stay in school, apparently.

Health and longevity have been simple, good thoughts,
good diet, good exersize, and good company.


+ - Google users sue company over 'deceptive' privacy changes->

Submitted by
terbo writes: "Three Google users have filed a lawsuit against Google Inc. over changes to its privacy policy that combines user information across a number of company services." A Google blog post responds "our updated Privacy Policy makes our privacy practices easier to understand, and it reflects our desire to create a seamless experience for our signed-in users.", “The rapid innovation in technology, which is wonderful, must not also become an open invitation to violate people’s privacy .." voiced a Senator calling for a privacy change.
".. it was revealed that Android Apps can copy photos without explicit user permission, iphone and now google android phones give access to users photo libraries when given access to the locational services. ", "The reasoning behind Android’s ability to let app developers access personal smartphone photos without permission is understandable, but it actually goes against a core Android design principle." says a blog addressing the problem."

Link to Original Source

All great discoveries are made by mistake. -- Young