An anonymous reader writes: What's your approach to detecting and dealing with Android malware? I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal. There have been lots of stories lately about Android malware that remind me of the old saw about weather: everyone talks about it, but no one does anything about it. However, that can't be completely true, and before I reach a phone crisis, I'd like to get some sane, sage advice about diagnosing malware, and disposing of it, or at least mitigating its damage. When it comes to diagnosing, I don't know what software to trust. I've heard positive things from friends (and seen both positive reviews and terrible negative ones, raising even more meta questions about trust) about Malwarebytes, so I installed their mobile version. This dutifully scans my system, and reports no errors and malware. Which doesn't mean there isn't any, though I'd be happy to find out that I'm just being paranoid. The OS is stock (Motorola Nexus 6) and kept up to date. I have only very conventional apps, all downloaded from Google's Play store, and believe it or not I don't visit any dodgy websites on my phone, at least not intentionally. So: what's the most reliable way to get an accurate view of whether I am dealing with malware at all, and hopefully to eradicate it? Good malware hides well, I know, but is there any tool on the side of the righteous that is currently best at rooting it out? If I find a specific form of malware on my phone, how can I remove it?

An anonymous reader writes: I've carried a smart phone for several years, but for much of that time it's been (and I suspect this is true for anyone for whom money is an object) kept pretty dumb — at least for anything more data-intensive than Twitter and the occasional map checking. I've been using more of the smart features lately (Google Drive and Keep are seductive.) Since the data package can be expensive, though, and even though data is cheaper than it used to be, that means I don't check Facebook often, or upload pictures to friends by email, unless I'm in Wi-Fi zone (like home, or a coffee shop, etc). Even so, it seems I'm using more data than I realized, and I'd like to keep it under the 2GB allotment I'm paying for. I used to think half a gig was generous, but now I'm getting close to that 2GB I've paid for, most months.

This makes me a little paranoid, which leads to my first question: How accurate are carriers' own internal tools for measuring use, and do you recommend any third-party apps for keeping track of data use? Ideally, I'd like a detailed breakdown by app, over time: I don't think I'm at risk for data-stealing malware on my phone (the apps I use are either built-in, or plain-vanilla ones from Google's store, like Instagram, Twitter's official client, etc.), but of course really well-crafted malware would be tough to guard against or to spot. And even if they can be defeated, more and more sites (Facebook, for one) now play video just because I've rolled over a thumbnail. Read on for second part of the question.

cold fjord writes: Writing at Wired, Bruce Schneier states that he believes that China and Russia actually do have the Snowden documents, but that the path by which they got them may be different than what has been reported: "... The vulnerability is not Snowden; it's everyone who has access to the files. I've handled some of the Snowden documents myself, and even though I'm a paranoid cryptographer, I know how difficult it is to maintain perfect security. It's been open season on the computers of the journalists Snowden shared documents with since this story broke in July 2013. And while they have been taking extraordinary pains to secure those computers, it's almost certainly not enough to keep out the world's intelligence services. .... Which brings me to the second potential source of these documents to foreign intelligence agencies: the US and UK governments themselves. I believe that both China and Russia had access to all the files that Snowden took well before Snowden took them because they've penetrated the NSA networks where those files reside."

snydeq writes: Nothing is safe, thanks to the select few hacks that push the limits of what we thought possible, InfoWorld's Roger Grimes writes in this roundup of hacks that could make even the most sane among us a little bit paranoid. "These extreme hacks rise above the unending morass of everyday, humdrum hacks because of what they target or because they employ previously unknown, unused, or advanced methods. They push the limit of what we security pros previously thought possible, opening our eyes to new threats and systemic vulnerabilities, all while earning the begrudging respect of those who fight malicious hackers."

New submitter petherfile writes: According to Daniel Mathews, new laws passed in Australia (but not yet in effect) could criminalize the teaching of encryption. He explains how a ridiculously broad law could effectively make any encryption stronger than 512 bits criminal if your client is not Australian. He says, "In short, the DSGL casts an extremely wide net, potentially catching open source privacy software, information security research and education, and the entire computer security industry in its snare. Most ridiculous, though, are some badly flawed technicalities. As I have argued before, the specifications are so imprecise that they potentially include a little algorithm you learned at primary school called division. If so, then division has become a potential weapon, and your calculator (or smartphone, computer, or any electronic device) is a potential delivery system for it."

Mark Wilson writes While much of the news coming out of MWC 2015 has been dominated by Microsoft's Lumia 640, the Samsung Galaxy S6 Edge, and tablets from Sony, there's always room for something a little different. Following on from the security-focused Blackphone, Silent Circle used the Barcelona event to announce the follow-up — the Blackphone 2. The privacy-centric company has been working on the "world's first enterprise privacy platform" for some time now and the second generation Blackphone. As you would expect, there's a faster processor than before -- an 8-core beast -- as well as an upgraded 3GB RAM, a larger 5.5 inch screen and a bigger battery than before. Blackphone 2 has a $600 price tag and will be unleashed in July.

dcblogs writes The White House order last week lifting economic sanctions against Cuba specifically singles out technology, from telecommunication networks to consumer tech. There's much potential and many obstacles. Cuba has an educated population craving technology, but it has little income for new tech. The Cuban government wants to trade with the U.S., but is paranoid about the outside world and has limited Internet access to 5% to 10% of the population, at best. "The government has been very reluctant to have open Internet access," said Harley Shaiken, chairman of the Center for Latin American Studies at the University of California, Berkeley. But "there is real hunger for technology," and with the easing of the embargo, the government "will be facing new pressures," he said. The country needs a complete technology upgrade, including to its electric grid, and the money to finance these improvements. "Markets like Cuba, which will require a wholesale construction of new infrastructure, don't come along often, if ever," said Todd Thibodeaux, president and CEO of CompTIA, a tech industry trade group. "The flood of companies lining up to get in should be quite substantial," he said. Cuba has a population of about 11 million, about the same size as the Dominican Republic, which spends about $1 billion annually on technology and related services, according to IDC. But capital spending today on IT in Cuba may be no more than $200 million annually.

An anonymous reader writes: This summer, news broke that Facebook had conducted an experiment on some of their users, tweaking which posts showed up in their timeline to see if it affected the tone of their later posts. The fallout was extensive — Facebook took a lot of flack from users and the media for overreaching and violating trust. (Of course, few stopped to think about how Facebook decided what to show people in the first place, but that's beside the point.) Now, Wired is running a somewhat paranoid article saying Facebook can't help but experiment on its users. The writer says this summer's blowback will only show Facebook they need to be sneakier about it.

At the same time, a study came out from Ohio State University saying some users rely on social media to alter their moods. For example, when a user has a bad day, he's likely to look up acquaintances who have it worse off, and feel a bit better that way. Now, going on social media is going to affect your mood in one way or another — shouldn't we try to understand that dynamic? Is there a way Facebook can run experiments like these ethically? (Or Twitter, or Google, or any similarly massive company, of course.)

ericgoldman writes Some businesses are so paranoid about negative consumer reviews that they have contractually banned their customers from writing reviews or imposed fines on consumers who bash them. California has told businesses to stop it. AB 2365--signed by Governor Brown yesterday, and the first law of its kind in the nation--says any contract provisions restricting consumer reviews are void, and simply including an anti-review clause in the contract can trigger penalties of $2,500.

Nerval's Lobster writes The "Compubody Sock," which anyone with knitting skills can make at home, is a giant sock-hoodie-bag in which you place your laptop or tablet, along with your head and hands, giving you total privacy while freaking out anyone who happens to be sitting next to you. Designer Becky Stern told Forbes' Kashmir Hill that the Sock was meant more as commentary on privacy and device addiction; even so, considering how NSA employees reportedly drape themselves in hoods in order to thwart hidden cameras while typing in passwords, it's not outside the realm of possibility that an ultra-paranoid someone could find a practical use for a body sock. But that paranoid android better have expert knitting skills: putting together the Sock necessitates a whole lot of steps ("Purl 5, purl 2 together, purl 1, turn the work," etc.). Your other option, of course, is to simply avoid working on sensitive stuff in public.

UrsaMajor987 (3604759) writes I have a Asus Transformer tablet that I dropped on the floor. There is no obvious sign of damage but It will no longer boot. Good excuse to get a newer model. I intend to sell it for parts (it comes with an undamaged keyboard) or maybe just toss it. I want to remove all my personal data. I removed the flash memory card but what about the other storage? I know how to wipe a hard drive, but how do you wipe a tablet? If you were feeling especially paranoid, but wanted to keep the hardware intact for the next user, what would you do?

mpicpp (3454017) writes with news that Germany may be joining Russia in a paranoid switch from computers to typewriters for sensitive documents. From the article: Patrick Sensburg, chairman of the German parliament's National Security Agency investigative committee, now says he's considering expanding the use of manual typewriters to carry out his group's work. ... Sensburg said that the committee is taking its operational security very seriously. "In fact, we already have [a typewriter], and it's even a non-electronic typewriter," he said. If Sensburg's suggestion takes flight, the country would be taking a page out of the Russian playbook. Last year, the agency in charge of securing communications from the Kremlin announced that it wanted to spend 486,000 rubles (about $14,800) to buy 20 electric typewriters as a way to avoid digital leaks.

Ars Technica has spent some time with pre-production (but very nearly final) samples of the Blackphone, from Geeksphone and Silent Circle. They give it generally high marks; the hardware is mostly solid but not cutting edge, but the software it comes with distinguishes it from run-of-the-mill Android phones. Though it's based on Android, the PrivOS system in these phone offers fine grained permissions, and other software included with the phone makes it more secure both if someone has physical access to the phone (by encrypting files, among other things) and if communications between this phone and another are being eavesdropped on. A small taste: At first start up, Blackphone’s configuration wizard walks through getting the phone configured and secured. After picking a language and setting a password or PIN to unlock the phone itself, the wizard presents the option of encrypting the phone’s stored data with another password. If you decline to encrypt the phone’s mini-SD storage during setup, you’ll get the opportunity later (and in the release candidate version of the PrivOS we used, the phone continued to remind me about that opportunity each time I logged into it until I did). PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.

Qbertino (265505) writes I've been rummaging around on old backups and cleaning out my stuff and have once again run into my expert-like paranoid backups and keepsakes from back in the days (2001). I've got, among other things, a full set of Debian 3 CDs, an original StarOffice 6.0 CD including a huge manual in mint condition, Corel Draw 9 for Linux, the original box & CDs — yes it ran on a custom wine setup, but it ran well, I did professional design and print work with it.

I've got more of other stuff lying around, including the manuals to run it. Loki Softs Tribes 2, Kohan, Rune, and the original Unreal Tournament for Linux have me itching too. :-)

I was wondering if it would be possible to do an old 2001ish setup of a Linux workstation on some modern super cheap, super small PC (Raspberry Pi? Mini USB PC?), install all the stuff and give it a spin. What problems should I expect? VESA and Soundblaster drivers I'd expect to work, but what's with the IDE HDD drivers? How well does vintage Linux software from 2003 play with todays cheap system-on-board MicroPCs? What's with the USB stuff? Wouldn't the install expect the IO devices hooked on legacy ports? Have you tried running 10-15 year old Linux setups on devices like these and what are your experiences? What do you recommend?

A while ago you had a chance to ask John McAfee about his past, politics, and what he has planned for the future. As usual, John answered with extreme frankness, with some interesting advice for anyone stuck at a checkpoint in the third world. Below you can read all his answers to your questions.

wiredmikey writes: "Russian government officials have swapped their iPads for Samsung tablets to ensure tighter security, the telecoms minister told news agencies on Wednesday. Journalists spotted that ministers at a cabinet meeting were no longer using Apple tablets, and minister Nikolai Nikiforov confirmed the changeover "took place not so long ago." He said the ministers' new Samsungs were "specially protected devices that can be used to work with confidential information." This isn't the first time Russian powers have had concerns over mobile. In August 2012, Russia unveiled a prototype tablet with its own "almost Android" mobile OS that has the remarkably familiar feel of an Android but with bolstered encryption. In an even more paranoid move, this past July a Russian state service in charge of safeguarding Kremlin communications was looking to purchase an array of old-fashioned typewriters to prevent leaks from computer hardware."

Bennett Haselton writes with a bit of online detective work done with a little help from some (internet-distributed) friends: "A website that was temporarily inaccessible on my Comcast Internet connection (but accessible to my friends on other providers) led me to investigate further. Using a perl script, I found a sampling of websites that were inaccessible on Comcast (hostnames not resolving on DNS) but were working on other networks. Then I used Amazon Mechanical Turk to pay volunteers 25 cents apiece to check if they could access the website, and confirmed that (most) Comcast users were blocked from accessing it while users on other providers were not. The number of individual websites similarly inaccessible on Comcast could potentially be in the millions." Read on for the details.

An anonymous reader writes "From the Telegraph, 'He is vain, secretive, paranoid and jealous, prone to leering at young women and making frequent sexist jokes – and that's not the view of one of his many enemies, but of a friend ... A damning picture of Julian Assange ... has emerged in a detailed account by his ghostwriter. Assange behaves ... like an egotistical tyrant interested more in his own self-publicity than in changing the world. Worse still, he turns on his friends with increasing regularity ... Assange describes the Ecuadorean ambassador offering him diplomatic asylum as 'mad', 'fat' and 'ludicrous'. Even Assange's girlfriend, WikiLeaks researcher Sarah Harrison, grew increasingly frustrated at his behaviour. 'He openly chats girls up and has his hands on their a**e and goes nuts if I even talk to another guy,' she says. O'Hagan, who had hoped to find an anti-authoritarian rebel figure worthy of admiration, says he comes to regard Assange as someone who sacrificed the moral high-ground by attempting to evade trial over the rape charges.' — The Scotsman adds, 'Canongate director Jamie Byng yesterday hailed O'Hagan's account of the "impossibility of trying to ghost Assange's memoirs". He tweeted: "Andy O'Hagan's compelling, ring side account of Being (& being around) Julian Assange is smart, accurate and fair."'"

AthanasiusKircher writes "Environmental and health concerns about atrazine — one of the most commonly used herbicides in the U.S. — have been voiced for years, leading to an EU ban and multiple investigations by the EPA. Tyrone Hayes, a Berkeley professor who has spearheaded research on the topic, began to display signs of apparent paranoia over a decade ago. He noticed strangers following him to conferences around the world, taking notes and asking questions aimed to make him look foolish. He worried that someone was reading his email, and attacks against his reputation seemed to be everywhere; search engines even displayed ad hits like 'Tyrone Hayes Not Credible' when his name was searched for. But he wasn't paranoid: documents released after a lawsuit from Midwestern towns against Syngenta, the manufacturer of atrazine, showed a coordinated smear campaign. Syngenta's public relations team had a list of ways to defend its product, topped by 'discredit Hayes.' Its internal list of methods: 'have his work audited by 3rd party,' 'ask journals to retract,' 'set trap to entice him to sue,' 'investigate funding,' 'investigate wife,' etc. A recent New Yorker article chronicles this war against Hayes, but also his decision to go on the offensive and strike back. He took on the role of activist against atrazine, giving over 50 public talks on the subject each year, and even taunting Syngenta with profanity-laced emails, often delivered in a rapping 'gangsta' style. The story brings up important questions for science and its public persona: How do scientists fight a PR war against corporations with unlimited pockets? How far should they go?"

Nerval's Lobster writes "Snapchat isn't having the best 2014: less than a week after a cyber-security collective revealed an exploit that could allow hackers to swipe users' personal data from the messaging service, a couple hackers reportedly went right ahead and stole 4.6 million usernames and phone numbers, posting them as a downloadable database. It's easy to see why Snapchat's become so popular: the idea of messages that vaporize within a few seconds of opening holds a lot of appeal to not only the excessively paranoid, but also anyone who simply wants to keep their online footprint to a minimum. But as several security experts are pointing out, the idea of 'disappearing messages' was never a foolproof one. 'If you took a photo of your phone while the risky image was on screen, or took a screenshot, or dumped your phone's graphics RAM, or used basic forensic data recovery techniques to retrieve the "deleted" files after viewing them, or fetched the image through a session-logging web proxy,' Phil Ducklin wrote in a Jan. 1 posting on the Naked Security Website, 'then you'd quickly have realised that Snapchat's promises of "disappearing images" were fanciful.' For those who no longer trust Snapchat, but want that same vaporizing-message functionality, some alternatives exist, including Silent Circle (which offers a messaging app, for a subscription fee, that forces messages to self-destruct after a set period of time) and Wickr (features military-grade encryption — AES256, ECDH521, RSA4096, TLS — and the app-builders claim they don't have the keys to decrypt; messages vaporize after a set time)."