Tuesday

The Smart Phone Device That Can Steal Your ATM PIN

Technology can obviously bring huge benefits to society as a whole, but sometimes it can work the wrong way - at least when it's in the wrong hands.  Which is unfortunately the case with the amazing little gadget that has been recently released which works with the iPhone 5.

It's called the FLIR ONE and it's one of the wonderful little devices that you desperately want to have but just have to work out a justification for buying one. It's basically a device which can turn your iPhone into a fully fledged infrared personal thermal image camera.  So instead to trying to explain that, a picture will probably demonstrate exactly what it does.


As can be seen you simply point it and you can see all the different temperatures of everything around you.  It basically works by detecting the wavelength of infra red light being reflected, this varies with the temperature and so the FLIR ONE is able to detect the relative temperatures and display or take photos of them.

It's pretty neat, but unfortunately (or fortunately depending on your point of view). it has a rather impressive criminal potential, which maybe already being exploited.  You see this device if pointed at an ATM machine has the potential to identify the relative temperatures of the keys on the machine.   This temperature is of course caused by the fingers of the person who used the machine last.  Hence it can be used to identity the key presses that constitute your PIN number from the residual heat from your fingers.

There have already been demonstrations of how this might work, but it always involved large clunky infra red equipment, which would be rather difficult to conceal.  But imagine how much easier it is to just queue up behind people and then simply take a quick thermal photo before moving on.

Of course, they still need your card to actually be able to steal your cash, but the technology for that has been around for years certainly in the murkier areas of the web and the Darknet.  All you need if a $50 RFID reader and a $300 card magnetizing device and you have everything you need to steal and clone a card details from anyone nearby carrying an RFID enabled card.

So there you are a complete kit for creating a duplicate card and stealing the PIN number all for about $750. What's worse it involves little technical knowledge and all the gear can fit into a small bag !!!

Monday

Russian Media Scores Own Goal

Media companies throughout the world are beginning to learn that some of the dubious practices they have taken part in over the years, don't really work in the modern, digital age.   The days where a newspaper or a TV station can effectively control the news feed are virtually gone.

There is the odd exception, places like North Korea are still living in the 20th century thanks to a digital lock down and a paranoid dictatorship.   They also seem slightly insane, just recently announcing to the population that the North Korean Football team had reached the World Cup Final (despite not being there or even qualifying).


Here's the mocked up shot from the Youtube video with Kim Jong-Un receiving the plaudits in Rio.  We're not quite sure if it's really been released by the North Korean state media or if it's just a spoof.  Either eventuality is equally likely and indeed North Korea have done this before.

But for the rest of us, the truth is out there and tends to be fairly accessible despite the best efforts of certain world Governments.  This is what the Russian State media have just found out, and are left looking even more guilty than when they started.

The allegations refer to the ill advised edit of a Wikipedia page recording the Malaysian Airlines (MH17) disaster which took the lives of 298 innocent people. The page described the disaster as being caused by
"by terrorists of the self-proclaimed Donetsk People's Republic with Buk system missiles, which the terrorists received from the Russian Federation."
However about an hour later the Wiki page was changed to
"the plane was shot down by Ukrainian soldiers."
Nice little subtle change which completely shifts the blame from Russian State supported rebels to Ukranian soldiers. The problem was that whoever did it, rather amateurishly did it from a computer owned by the All-Russia State television and Radio Broadcasting Company. Like the vast majority of websites, all IP addresses are logged and recorded and indeed on Wikipedia they are even publicly displayed which is how a Twitter Bot picked up the edits.

Your IP address is linked to the computer you are using and unless you take steps to hide it and stay anonymous, such as using Identity Cloaker then it could potentially become public knowledge.  Wikipedia edits are always being highlighted in these situations from technically naive individuals trying to make sneaky changes.  Politicians, celebrities and media employees in all sorts of areas are always being caught, indeed I've seen a local footballer once being caught modifying the 'goals scored' stats on his own page!


Wednesday

Stormy - Deep Web Publisher Scheduled for September Release

TOR the privacy tool has always been one of the easiest ways to access the Deep Web.  It's not very hard to set up, and pretty soon you can be browsing through some of the murkiest stuff to exist on the digital highways.  Couple of minutes install and you can be flicking through adverts for assassins, drugs, firearms and assorted illegal stuff.

However although it's simple enough to do, actually publishing anything and more importantly ensuring your anonymity whilst doing it - is a little trickier.  But before anyone get's a bit upset about this, please remember that although it's true there are a lot of lowlifes on the Deep Web, it's also used by thousands of activists and people with a genuine concern about their privacy and safety.

Remember you might be perfectly safe, to sit at your Wordpress blog and proceed to slate your government perfectly safely.  That however is not possible in many, many places in the world, this site is full of examples of people imprisoned, tortured and even killed for daring to speak out against their particular Government. One of the saddest tales I always think is of Uncle SMS - which you can find here, who died in custody for allegedly send 'insulting texts' about the Thai Royal family.


It's difficult sometimes to maintain your privacy and anonymity, but when your liberty and your life are involved then it becomes an important issue.  So many people do the need the safety of the Deep (or Dark) Web, and the demand has slowly grown for a simple way to publish content on the anonymous network.

The Developers of the Tor Project have almost completed a tool to do just this, it's called Stormy 1.0 and we're getting pretty close to it's release in September 2014.  It's basically a point and click program which will allow you to publish content directly to the deep web network easily.  Although of course it's perfectly possible to publish directly to the Deep web, there are quite a few steps and messing up any of them could seriously affect your privacy - here's the How To if you're interested.

It's likely to become the preferred method of publishing for people like activists, whistle blowers and bloggers who want to remain anonymous.  It's certainly going to open up this powerful anonymity tool to those people with a need for privacy but perhaps without the technical skills required to accomplish it.

No download link yet, but the release date is the 15th September, it might be bundled with the standard TOR or perhaps with other VPN software, for all we know.  One thing is for sure it is sure to be very welcome for many across the world who value their privacy.