Category Archives: Risk management


Shhh… Counting the Damages of Google “Right to be Forgotten”

Still counting (Please see my 2 earlier columns on the topic):

Google has removed over 440,000 links over Europeans’ ‘right to be forgotten’ requests


Google has published data that reveals how many search results it has removed in response to European citizens’ requests, after an EU court granted them the ‘right to be forgotten’ last May.

The ruling stated that Google must act on users’ requests to remove ‘irrelevant’ and ‘outdated’ links in searches for their names. The company began reviewing requests last June.

To date, it has received 348,085 requests and evaluated more than 1.2 million links for removal. Of those, it has removed 441,032 URLs. Google opted not to remove 608,169 more URLs; the rest are pending review or require additional information.

The top 10 sites Google removed links from represent nine percent of all the requests it received. Facebook tops the list at a little over 10,000 URLs removed, followed by Profile Engine with nearly 8,000 URLs. The site crawls Facebook to help users find people and had a search deal with the social network, which expired in 2010.

Google Groups, YouTube, Google+ and Twitter also feature on the list with a few thousand removed links each.

Google’s link removal only affects search results on its European sites. It was ordered by EU watchdogs as well as a French regulatory body to apply the right to be forgotten across its global sites, but Google has resisted the requests so far.

In July, a consumer advocacy group in the US wrote to the Federal Trade Commission (FTC) to have the agency investigate why Google hasn’t extended this option to users in the country — but nothing has come of it as yet.

You can find more information about Google’s link removal efforts, including a countrywise break-up of URLs removed, on this page.

European privacy requests for search removals [Google Transparency Report]


Shhh… European Parliament Supports Snowden

(Above) Photo Credit: Wired

The following from the New York Times:

European Parliament Urges Protection for Edward Snowden

OCTOBER 29, 2015

BRUSSELS — The European Parliament narrowly adopted a nonbinding but nonetheless forceful resolution on Thursday urging the 28 nations of the European Union to recognize Edward J. Snowden as a “whistle-blower and international human rights defender” and shield him from prosecution.

On Twitter, Mr. Snowden, the former National Security Agency contractor who leaked millions of documents about electronic surveillance by the United States government, called the vote a “game-changer.” But the resolution has no legal force and limited practical effect for Mr. Snowden, who is living in Russia on a three-year residency permit.

Whether to grant Mr. Snowden asylum remains a decision for the individual European governments, and none have done so thus far.

Still, the resolution was the strongest statement of support seen for Mr. Snowden from the European Parliament. At the same time, the close vote — 285 to 281 — suggested the extent to which some European lawmakers are wary of alienating the United States.

Many European citizens have expressed sympathy for Mr. Snowden and criticism of eavesdropping and wiretapping by the United States and its closest intelligence-sharing allies, which include Britain and Canada.

The resolution calls on European Union members to “drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties.”

In June 2013, shortly after Mr. Snowden’s leaks became public, the United States charged him with theft of government property and violations of the Espionage Act of 1917. By then, he had flown to Moscow, where he spent weeks in legal limbo before he was granted temporary asylum and, later, a residency permit.

Four Latin American nations have offered him permanent asylum, but he does not believe he could travel from Russia to those countries without running the risk of arrest and extradition to the United States along the way.

The White House, which has used diplomatic efforts to discourage even symbolic resolutions of support for Mr. Snowden, immediately criticized the resolution.

“Our position has not changed,” said Ned Price, a spokesman for the National Security Council in Washington.

“Mr. Snowden is accused of leaking classified information and faces felony charges here in the United States. As such, he should be returned to the U.S. as soon as possible, where he will be accorded full due process.”

Jan Philipp Albrecht, one of the lawmakers who sponsored the resolution in Europe, said it should increase pressure on national governments.

“It’s the first time a Parliament votes to ask for this to be done — and it’s the European Parliament,” Mr. Albrecht, a German lawmaker with the Greens political bloc, said in a phone interview shortly after the vote, which was held in Strasbourg, France. “So this has an impact surely on the debate in the member states.”

The resolution “is asking or demanding the member states’ governments to end all the charges and to prevent any extradition to a third party,” Mr. Albrecht said. “That’s a very clear call, and that can’t be just ignored by the governments,” he said.

Mr. Albrecht said the close vote on the matter reflected the divide between a progressive, pro-civil-liberties wing of the Parliament and a centrist, conservative wing.

Wolfgang Kaleck, a German civil rights lawyer who founded the European Center for Constitutional and Human Rights and represents Mr. Snowden, praised the resolution.

“It is an overdue step, and we urge the member states to act now to implement the resolution,” he said in a statement.

James Kanter reported from Brussels, and Sewell Chan from London.


Shhh… Chinese Hackers Target Samsung Mobile Pay Technology

Check out the Lifars article below:

Chinese Hackers Target Samsung Mobile Pay Technology

OCTOBER 8, 2015

A group of Chinese hackers had breached LoopPay, a subsidiary of Samsung and now the technology gearing Samsung’s new mobile payment system, earlier this year. Samsung insists that its payment system remains unaffected.

A New York Times report has revealed that a group of hackers known as the Codoso Group or the Sunshock Group by those keeping tabs on them – had breached LoopPay’s computer network as early as in March, this year. LoopPay was originally acquired by Samsung in February this year for over $250 million.

Massachusetts-based startup LoopPay was acquired by Samsung in February to deliver the tech required for the hardware giant’s Samsung Pay mobile payments system. Similar to Apple Pay and Google Wallet, Samsung Pay is meant to bring mobile NFC (Near field communications) technology to its popular roster of phones used all around the world.

LoopPay, however, has a significant advantage in the way it works by using magnetic secure transmission (MST) that works with old payment systems without the need for new infrastructure.

It is believed that the hackers were after the company’s unique technology.

LoopPay only became aware of the breach in late August when an independent organization came across the company’s data while looking into a separate investigation.

In conducting their own investigation since the revelation, Samsung and LoopPay executives are adamant that no customer payment information nor personal devices were infected. Furthermore, they claim all infected machines have been discarded.

In a statement, Darlene Cedres, Samsung’s chief privacy officer told the NYT:

“We’re confident that Samsung Pay is safe and secure. Each transaction uses a digital token to replace a card number.

“The encrypted token combined with certificate information can only be used once to make a payment. Merchants and retailers can’t see or store the actual card data.”

Samsung Pay was launched on September 28 in the U.S. and can now be used by the company’s flagship phones such as the Galaxy S6 and the Note 5 to make payments at retail outlets.

Since the news of the breach, Samsung once again appeased concerns by claiming that the hackers, while having accessed LoopPay undetected for five months, accessed email, file servers and printing from the company’s corporate network.

“Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay office network, which is a physically separate network from Samsung Pay.”


Shhh… Paris Attack: Facebook Activates “Safety Check” tool

Remember the Safety Check feature Facebook launched last year? Facebook activated the tool during the Paris attack Friday.


Shhh… Facebook “Photo Magic” Scans All Your Photos

More from the Independent:

Facebook ‘Photo Magic’ tool scans through all of users’ phone camera pictures, before they’re uploaded

Users have probably already given permission for the app to scan through their phone
Andrew Griffin @_andrew_griffin

Facebook is to release a new ‘Photo Magic’ tool that will scan through the pictures on its users’ cameras to tell them which photos to share.

The tool, which will be integrated with Facebook Messenger, is intended to help people find old pictures and share them with the people that are in them. But it will also mean that all of the pictures on a persons’ phone are being sent up to Facebook’s servers.

Users will have to let Facebook Messenger see their pictures so that the Photo Magic tool can work. But most users have probably already done that — a pop-up tells them to do so when they first share a picture.

On Android, the app scansthe pictures as soon as they are taken, offering a push notification that advises users to send the photo to the people that are in it. On iOS that process is slightly slower, since Apple is more restrictive about how much and how often an app can see pictures.

Users can either opt out of the facial recognition tool, or turn off the notification.

Facebook Messenger boss David Marcus confirmed that the feature was “testing in Australia” and would be rolling out in the US soon. It’s unlikely that it will come to the UK or the rest of Europe any time soon, since the EU has stopped people from operating facial recognition software that doesn’t allow people to explicitly opt in.

The tool is in testing on Android in Australia and will be rolling out on iOS later. In both cases it will likely be added with an update rather than requiring the downloading of a new app.


Shhh… Betraying Yourself on Ebay?

Check out this story from Naked Security:

Are you (inadvertently) selling your personal data on eBay?
by Lisa Vaas on October 9, 2015

We might well think we’re properly erasing data from gadgets before we sell them or dump them, but in fact we’re leaving smears of personal data lingering that can lead to identity theft.

According to a recent analysis of 122 second-hand mobile phones, flash drives and mechanical hard drives – bought from eBay, and between May and August 2015 – 35% of the phones and 48% of the drives had residual data that was simple to recover, including email, texts, call logs, videos and photos.

Take the analysis with a grain of salt: it was done by Blancco Technology Group, which offers what it calls secure erasure services that it guarantees will ensure data sterilization, along with data-recovery specialist Kroll Ontrack.

Still, PR aroma aside, there are plenty of studies that back up the findings.

Naked Security has talked before about the danger of sensitive information falling into the wrong hands because of unsafe disposal of hard drives.

We’ve even seen the details of a million bank customers sold on eBay on a hard drive costing £35.

It’s not like we’re not at least trying to wipe our hardware before we sell it – it’s just that we aren’t doing a very good job.

The Blancco/Kroll Ontrack analysis found that inadequate attempts to wipe hardware were found on 57% of the phones with data, and on 75% of the hard and flash drives with data.

Enough residual data was found on two of the phones – both running Android – to identify previous owners. Such data could easily be used for identity theft if it falls into the wrong hands.

The iPhones, in contrast, got a clean bill of health. The authors said that performing a factory reset on an iPhone is an adequate precaution, but the same can’t be said for Android phones.

When analyzing 20 handsets, including Android models from HTC, LG, Motorola and Samsung, the study found data left behind that included 2153 e-mails and 10,838 texts or instant messages.

Bank data was among the sensitive data that could have been exposed.

The study found that a range of data-erasure methods had been used on the hardware, including “quick format” tools as well as exhaustive methods that overwrite the entirety of a data-storage device with fresh data one or more times in order to obliterate old data.

The study found quick-format attempts on 61% of devices that still contained data, with 81% of the quick-format drives still having residual data.

On four of the drives, users had only put their information in the trash: a method that hides the data from view but doesn’t purge it, thus making it easy to recover.

According to the study, buying used gear is on the rise. More people are selling used data-storing devices, and more residual data is getting passed on to new owners along with the sold items.

The study says that some 35% of consumers in the US, Canada, the UK and Australia will recycle, sell, donate or trade in their mobile devices every two to three years.

Early adopters are on an even tighter update cycle: 17% swap out their mobile devices more frequently – often on a yearly basis – as the latest, greatest, shiniest new gadgets are released.

If the data on your hard drive was properly encrypted, of course, then you wouldn’t need to worry about what happens next to your hardware, given that a would-be identity thief wouldn’t be able to detangle the gobbledygook.

Don’t make it easy for the criminals. If you’re dumping old hardware, make sure you dispose of it appropriately and ensure that any data contained on the drives is either securely wiped or was strongly encrypted in the first place.


Shhh… How Your Friendly Local Law Enforcement Officer is Watching You

We have read a lot about the surveillance state. The Electronic Frontier Foundation has an interesting article on 6 ways your friendly local law enforcement is watching you.


Shhh… New Plan Allows UK Police to Read Your Internet Search History

From the

Police Will Be Able To Read Everyone’s Internet Search History Under New Plan

November 1, 2015 by John Vibes

UK Police are asking the government for new surveillance powers to be able to view the internet search history of every single person in the country.

Richard Berry, the National Police Chiefs’ Council spokesman told The Guardian that “We want to police by consent, and we want to ensure that privacy safeguards are in place. But we need to balance this with the needs of the vulnerable and the victims. We essentially need the ‘who, where, when and what’ of any communication – who initiated it, where were they and when did it happened. And a little bit of the ‘what’, were they on Facebook, or a banking site, or an illegal child-abuse image-sharing website?.

“Five years ago, [a suspect] could have physically walked into a bank and carried out a transaction. We could have put a surveillance team on that but now, most of it is done online. We just want to know about the visit,” he added.

It is likely that police are already looking at your online activity, but just want the power to do it legally. As we learned from whistleblower Edward Snowden, governments are very interested what their citizens are doing online, and they do have the technology to spy on every telephone call and internet communication.

Police in the UK have been attempting to reach for these powers through legislation for years, but they have been blocked on multiple occasions. This new effort proves that they will not be giving up on getting legal permission for their spying programs.

MP David Davis told The Guardian “It’s extraordinary they’re asking for this again, they are overreaching and there is no proven need to retain such data for a year.”

Home Secretary Theresa May will announce the specifics of the plan during a meeting about the Government’s new surveillance bill in the House of Commons on Wednesday.

“I’ve said many times before that it is not possible to debate the balance between privacy and security, including the rights and wrongs of intrusive powers and the oversight arrangements that govern them without also considering the threats that we face as a country,” May said.

“They include not just terrorism from overseas and home-grown in the UK, but also industrial, military and state espionage.They include not just organized criminality, but also the proliferation of once physical crimes online, such as child sexual exploitation. And the technological challenges that that brings. In the face of such threats we have a duty to ensure that the agencies whose job it is to keep us safe have the powers they need to do the job,” she added.

The fearmongers in the UK are government are hoping that the bill will pass this time around, ushering in a new era of legalized mass surveillance.


Shhh… Another Major UK Hack – Vodafone

It was just over a week after the hack on TalkTalk Telecom Group Plc, Vodafone Group Plc. said criminals have accessed the account details of some close to 2,000 customers in the UK. Find out more from The Telegraph and Bloomberg.


Shhh… Surveillance Techniques – How Spies Meet Secretly

Here’s an interesting read from RogueInfo:

Arranging Secret Meetings

Posted on September 28, 2015 How-To Guides

This article teaches you how to check for surveillance before you meet with a clandestine contact. You’ll learn a protocol that will beat security services like the FBI, BATF, DEA, and others. The method is particularly effective against standard police surveillance. It also works against the so-called inspection teams of the IRS.

Tradecraft origins. The method described in this article was originally devised in 1943-1944 by countersurveillance expert Anthony Blunt for Britain’s MI.5. Unfortunately for the British, Blunt was a deep-cover agent for the KGB.

Six years later, Blunt taught the protocol to his new KGB controller, Yuri Modin. Together they perfected the technique as it is known today. They successfully thwarted MI.5 surveillance for three years, sometimes even meeting daily to exchange information and top secret documents. In effect, Blunt was using his inside knowledge of MI.5’s surveillance techniques to beat them at their own game.

Proliferation. This countersurveillance method has since been adopted by Israel’s Mossad, Germany’s BND, Russia’s KGB (now the SVR), the American CIA, and many others. The protocol is taught by intelligence agencies to their controllers – these are the intelligence officers who manage and meet with deep cover agents in foreign countries. The method is also being used today by resistance movements and urban guerrilla groups.

When this countersurveillance protocol is methodically applied, it is extremely difficult for a security service to breach your security.

Step-by-step instructions

Here’s a hypothetical situation. Assume that you and I wish to meet clandestinely. We wish to ensure that our meeting is not observed by a surveillance team.

You and I have previously agreed upon a place, date, and time. In addition, we are familiar with each other’s appearance – we can recognize each other on sight.

Step 1

You and I independently arrive at the previously agreed-upon general location. Rather than fixing a specific location, we agree to be only in the general vicinity. This is an important principle.

This might be a large park, a residential district, etc. The location must be outdoors and free of video surveillance cameras. It should also be selected with the intention of thwarting telephoto lenses.

You and I should each know the area well. The location should provide reasonable cover for each of us being there – strolling in the park, walking through a residential area to a bus stop, convenience store, etc.

Step 2

You and I will eventually make eye contact at some distance from each other. We do this discretely, so others are unaware. I use a pre-arranged signal to alert you that I have spotted you. Perhaps I’ll throw my jacket over my shoulder, or remove and clean my sunglasses, etc. The signal must be a natural movement that does not attract unwanted attention.

Safety first. Even though you and I have seen each other, we do NOT approach each other. This is an important safety valve. If either of us has grown a tail we do not want to compromise the other person.

BACKGROUND – The phrase grown a tail is spy-talk for being under surveillance. The phrase is somewhat inaccurate, because they don’t just follow you, they often surround you.

Step 3

When you see my signal you simply walk off. Then I follow you in order to ensure that you’re not being watched. I carefully check for the presence of a floating-box foot surveillance team. I check for agents at fixed observation posts. I also watch for drive-by support from a floating-box vehicle surveillance team.

BACKGROUND – In particular, I may follow you, I may walk parallel to you, I may occasionally walk ahead of you. The goal is simply to be nearby so I’m in a position to detect surveillance around you. I always remain at a distance from you, of course, never approaching too closely.

Step 4

When I have satisfied myself that you are clean, I again signal you. Perhaps I re-tie my shoe laces.

Step 5

Now we reverse roles and this time it is I who simply walks off. You begin to follow me in order to ensure that I’m not being watched. You check for floating-box foot surveillance, fixed observation post foot surveillance, and drive-by support by a vehicle surveillance team.

What to look for. You carefully watch for persons who are pacing me or moving parallel with me. You check for persons loitering at positions with a good line-of-sight to my location. You watch for an ongoing pattern of people coming and going that results in someone always being in a position to monitor me. You watch for vehicles dropping someone off ahead of me.

Step 6

When you are satisfied that I am clean, you signal me that I’m not being watched. (On the other hand, if you suspect that a surveillance team is in the vicinity, you simply abort the operation and walk away.)

BACKGROUND – You must trust your instincts, because if something seems not quite right it’s better to be safe than sorry. Many people are surprised to learn that it is not difficult to detect a surveillance team watching someone else. This is the subtle elegance of Blunt’s countersurveillance system. And the goons are helpless against it.

Step 7

You and I can now approach each other and meet. After our discussion we agree upon the date, time, and location of our next clandestine meeting – as well as two backup plans in case the meeting is thwarted by surveillance. If we are unable to meet at the first venue we will use our fallback position and we will meet at the same time and place one week later. If we are unable to make that meeting happen, we will shift to a previously agreed-upon failsafe plan and we will meet at a different location at an agreed-upon date and time.

Neither you nor I writes down the particulars of our next meeting. We commit the details to memory.

BACKGROUND 1 – If you have any documents to give me, I will not accept those documents until the final moments of our meeting. I will have already started making my getaway when I accept the documents. This reduces the chance of discovery and arrest by a surveillance team that has managed to elude our countersurveillance protocol. If the security service acts too quickly, they will have no evidence against me, because the documents have not yet been passed to me.

BACKGROUND 2 – The best agents never mix discussion and documents. If a document is to be passed, no discussion occurs. The entire contact takes only a moment – the perfect brushpass. The principle is simple. It is foolhardy to stand around holding incriminating documents.

Spook talk

Spies in North America call this seven-step protocol for countersurveillance drycleaning. In Europe, it is called parcours de sécurité – a French phrase which can be translated as security run or security circuit.


Shhh… That Spying CISA Bill Passes Senate with No Privacy Protection

(Above) Photo Credit: KitGuru

More on this CISA Bill, a domestic spying bill designed really to invade your privacy than protect national security.


Shhh… Assange: Snail Mail to Thwart Spies

Julian Assange’s advice to journalists in a RT coverage:

Want to thwart govt spies? Use snail mail, Assange says

Published time: 25 Oct, 2015 01:27

Wikileaks founder Julian Assange advised journalists to use the regular postal service instead of email to avoid government surveillance, while talking about how to protect information sources and whistleblowers in an interview with a Belgian newspaper.

“Journalists are treated by intelligence services as spies,” Assange told the Belgian daily Le Soir in an interview on Saturday. “The same methods used against spies are used against journalists, and now journalists must learn counter-espionage methods to protect their sources.”

“My recommendation, for people who don’t have 10 years’ experience in cryptography, is to return to old methods [and] use the traditional postal service,” he added.


He also suggested other methods to avoid spying and protect confidentiality, such as meeting with the sources at conferences or “in any place where someone spying [on you] from outside the… building cannot see that you are meeting with your source.”

He claimed that, although improvements in both legislation and technologies were needed to improve protection for whistleblowers, the latter still played a greater role.

“If there is an opportunity for intelligence agencies, governmental investigative services or transnational private companies to intercept your communication with a source, they will do it regardless of whether the law allows them to do it or not,” he said.

“The development of electronic surveillance makes technical protection increasingly difficult.”

In another interview to the Belgian daily L’Echo, Assange promised to release a new batch of documents from CIA chief John Brennan’s personal email account on Monday.

“These documents are awaited by many human rights activists and lawyers, but also people who were tortured,” Assange told the daily.


Shhh… UK Broadband TalkTalk Hacked with Ransom Demand

Here’s everything you need to know about the TalkTalk cyber breach.

U.K. broadband company TalkTalk hacked, gets ransom demand

By Kevin Collier
Oct 23, 2015, 4:20pm CT | Last updated Oct 23, 2015, 4:25pm CT

TalkTalk, a British Internet and phone provider, is the latest major company to suffer from a massive hack.

And its customers’ information is maybe being held ransom. “We have been contacted by an individual or group purporting to be the hacker,” Chief Executive Dido Harding told the BBC, “looking for money.” TalkTalk didn’t immediately respond to the Daily Dot’s request for more information about that request.

The company openly admits it’s still reeling from the attack, and is otherwise short on details, but announced Thursday that the attackers could have accessed the names, addresses, birthdays, contact information, TalkTalk accounts, and financial information of any number of its approximately 4 million customers.

The actual attack occurred Wednesday, the company said. London’s Metropolitan Police Cyber Crime Unit got involved Thursday, and TalkTalk is offering a year’s worth of credit-monitoring services to victims, which is fast becoming an industry standard response.

Otherwise, TalkTalk has little to offer its customers besides some generic advice. “If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation,” it says. That was good advice to anyone in the world before the TalkTalk hack, however, and will remain so for the foreseeable future.


Shhh… Cybersecurity Bill CISA Criticized

Check out more from the ComputerWorld article below:

Google, Facebook and peers criticize CISA bill ahead of Senate consideration

The US legislation would allow government agencies and companies to share cyberthreat data

By John Ribeiro
IDG News Service | Oct 16, 2015 3:23 AM PT

A trade group representing Facebook, Google, Yahoo and other tech and communications companies has come down heavily against the Cybersecurity Information Sharing Act of 2015, a controversial bill in the U.S. that is intended to encourage businesses to share information about cyberthreats with the government.

The Computer & Communications Industry Association claims that the mechanism CISA prescribes for the sharing of cyberthreat information does not adequately protect users’ privacy or put an appropriate limit on the permissible uses of information shared with the government.

The bill, in addition, “authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties,” the CCIA said in a blog post Thursday.

CISA, which would give businesses immunity from customer lawsuits when they share cyberthreat data with the government, is due for consideration by the U.S. Senate in the coming weeks.

Critics of the bill are concerned that the provisions of the bill could be used by companies to hand over customers’ personal data to government intelligence agencies such as the National Security Agency. Cyberthreat information-sharing may not have prevented several recent attacks on government agencies, according to experts.

Civil rights groups opposed to the bill got an unexpected ally in the U.S. Department of Homeland Security, which warned in July about the privacy implications of the bill.

The authorization in CISA to share cyberthreat data with any federal agency, notwithstanding any other provision of law, could impact key privacy provisions, including those in the Stored Communications Act that limit the disclosure of the content of electronic communications to the government by providers, wrote Alejandro N. Mayorkas, deputy secretary of the DHS in a letter to Senator Al Franken, a Democrat from Minnesota, who opposes the legislation.

DHS also warned that the proposed information sharing system with multiple agencies would slow down responses to a cyberthreat, and advocated a more centralized mechanism for sharing data through the National Cybersecurity and Communications Integration Center (NCCIC), a non-law enforcement, non-intelligence center focused on network defense activities, that would scrub private information from the data before sending it to other agencies.

The tech industry holds that current rules already permit companies to share cyberthreat indicators with the government, and “should not be discounted as useful existing mechanisms.” CCIA approves of the goal of building a more robust mechanism for information sharing, but does not want it to come at the expense of user privacy.

A privacy group last month started an online protest, called YouBetrayedUs, after a letter by the BSA | The Software Alliance of software vendors to Congress appeared to endorse CISA. The letter had urged action by the House of Representatives and the Senate on five pending legislative efforts, including CISA, but BSA later clarified that it had not endorsed any specific legislation in its current form. “The letter clearly was a mistake and doesn’t imply CISA support. We need to clarify. I’m against it,” Marc Benioff, CEO of said in a tweet.


Shhh… Snowden on BBC: I Know How to Keep a Secret Safe

The best part of being sort of a marked man is that you don’t have to think about tomorrow. Instead you just live for today – Snowden.


Shhh… Guards Stand-Down on Julian Assange But…

So the round-the-clock guard outside the London’s Ecuadorian embassy where WikiLeaks founder Julian Assange took refuge the last 3 years and cost British taxpayers over $20 million has finally ended Monday but…


Shhh… Steganography on Linux: The Art of Concealment

You would probably welcome this more easily if you are a Linux user – check out this How To Forge article:

How to do image steganography on Linux

Steganography is the ancient art of the information concealment. People have found numerous methods to achieve this such as “invisible” inks, messages hidden in objects, and the famous “null cipher”. The word “steganography” comes from the Greek words “steganos” and “graphy” which means “impenetrable writing”. The years have passed and steganography has evolved into a sophisticated part of cryptography. Using the same basic principles that people utilized in their cryptographic efforts during the past, we can now perform similar feats on our Linux operating systems.

Choice of Tools

In this tutorial, I will use the OpenStego tool to perform the steganography. Thankfully, there are quite a lot of options that Linux users can choose from in this particular field with some of them being the command line Steghide and OutGuess, or the GUI Steganography Studio and Steg.

Data Hiding

First you need to download the latest version of the program from Git. As I use Ubuntu, I downloaded the .deb file. If you’re using Ubuntu as well, you can install the package by opening a terminal in the /Downloads folder and giving the following command: “sudo dpkg -i openstego_0.6.1-1_amd64.deb”
The way OpenStego achieves the hiding of the data is by embedding them inside a carrier file which can be an image file. Lets suppose that I have a document that I want to pass to another person without anyone else even noticing that it is there. The original document doesn’t need to be encrypted as it will be hidden inside an image file. OpenStego names those as “Message File” and “Cover File”.


The image file can be a .bmp, .gif, .jpeg, or .png. Select the two files by pressing the “file navigation” buttons on the right of each entry box and then set the name and location of an output file. Finally, setting a password is important as this is the only information that you need to share with the recipient who also has to use OpenStego to extract the hidden data. Finally, press the “Hide Data” on the lower right and you’re done.


The two pictures look identical, but the second one contains a hidden document in it. The only thing that could blow this cover is the fact that people believe that there is always a hidden message in Led Zeppelin material.


The second thing that you can do with OpenStego is to watermark the file with a unique signature so that the recipient ensures that the file is coming from a trusted source. To do this, press the “Digital Watermarking” option on the left and then choose the “Generate Signature”. Then you can add a passphrase and set the name and location of the signature file that will be created upon the pressing of the “Generate Signature” button on the right.


The next step is to embed the watermark into the files. Select the signature file, the files to be watermarked, and finally set the name and location of the output files.


The recipient then may verify the watermark by selecting the original signature file and the file to be checked. If the score is higher than 70%, then it’s a good enough match.