TBR News May 1, 2015
The Voice of the White House
Washington, D.C. April 30, 2015: “As the rioting in Baltimore quiets, information is emerging that the dead prisoner had suffered injuries earlier in a car accident and, accocrding to statements by other prisoners in the police van, was attempting to injure himself. Once the rioting died down in Ferguson, it emerged that the police gunshot victim was walking down the center of a street and when told by a police officer in a car, he attacked the officer, punching him in the face. A Federally supervised autopsy disclosed that the dead man had been shot, at close range, in the front and witnesses who testified that the officer shot the man when he was running away, admitted they lied. Perhaps before the American, and foreign, media make loud noises about such indicents that they try to wait until the facts emerge before basicicially instigating riots, lootings and burnings.”
Freddie Gray ‘died from head injury in police van’
May 1, 2015
BBC News
Freddie Gray died when his head struck a bolt in a Baltimore police van, a local US TV news station has reported.
Citing police sources, ABC7 News said that an injury to Gray’s head matched the shape of a bolt in the van.
Gray suffered a fatal spine injury while in police custody, sparking two weeks of protests in Baltimore which turned violent earlier this week.
His death is the latest in a series of police killings in the US which have sparked rioting and national debate.
Baltimore police have admitted that Gray was not secured in the van by a seatbelt, against department policy, and that he requested medical attention while being transported in the van but was denied.
Video footage filmed by a passerby showed a visibly distressed Gray being handcuffed on the ground pushed into the back of the van. Police said he ran after seeing two officers, who chased him and arrested him when they found a switchblade-style knife in his trousers.
Gray lapsed into a coma following the journey on 12 May and died a week later.
Maryland medical examiner’s office has refused to comment on cause of death while the investigation is ongoing.
New footage discovered
The van transporting Gray made a previously undisclosed fourth stop while en route to the police station, police revealed on Thursday.
Previously, police had said the van made three stops, including one to put him in leg irons and another to pick up different prisoner.
The fourth stop was captured on a CCTV camera outside a Korean food shop.
The shop’s owner, Jung Hyun Hwang told the Associated Press news agency that police officers visited last week to make a copy of the recording – which was later lost when the shop was looted during the riots.
Mr Hwang said he had not viewed the recording and did not know what it showed.
Police said the footage was discovered during a view of public and private CCTV cameras in the area.
According to the police timeline of the arrest, the van took 30 minutes to take Gray to the police station, where paramedics were called.
Investigators have now handed over their inquiry into Gray’s death to the state’s attorney’s office.
The city’s top prosecutor, Marilyn Mosby, will now decide whether to take the case to a grand jury to seek an indictment of any of the six officers involved.
Five of the six officers involved in the arrest gave statements to investigators the day Gray was injured. All six have been suspended.
A separate investigation by the US department of justice is also under way.
After two nights of violent protests, Baltimore’s streets were relatively calm on Thursday. The city is still under a curfew requiring people to be off the streets by 22:00 (02:00 GMT).
The swaggering idiot returns: George W. Bush emerges from artistic exile to rehab his disastrous legacy
George W. Bush is back, and he’s concerned that the foreign policy catastrophes he helped create aren’t being fixed
April 27, 2015
by Simon Maloy
Salon
Arguably the best thing George W. Bush ever did for his party was to keep quiet in the years following his presidency. Winning elections in a political environment shaped by Bush’s legacy – a bloody and unpopular conflict in Iraq and a cratering economy – was difficult enough. The last thing Republicans needed was W. out in the public eye smirking and drawling about staying the course. So he exiled himself to the ranch in Crawford and took up painting.
But Bush’s political hermit act couldn’t last forever. His brother’s likely entrance into the 2016 presidential race guaranteed that we’d hear from him sooner rather than later, and it’s only natural that after years of self-imposed silence, Bush would feel the urge to get out there and talk politics again. And so this past weekend, Bush spoke to a Republican donor conference in Las Vegas about the Middle East and served up some harsh critiques of his successor’s foreign policy. It was classic Bush, in that he seemingly refused to consider for even a moment that much of what we’re dealing with in the Middle East are the unintended consequences of his own epic policy failures.
According to a transcript of Bush’s remarks provided to Bloomberg’s Josh Rogin, Bush came down hard on Barack Obama for ruining all the good work he and his administration had done in Iraq:
Bush then went into a detailed criticism of Obama’s policies in fighting the Islamic State and dealing with the chaos in Iraq. On Obama’s decision to withdraw all U.S. troops in Iraq at the end of 2011, he quoted Senator Lindsey Graham calling it a “strategic blunder.” Bush signed an agreement with the Iraqi government to withdraw those troops, but the idea had been to negotiate a new status of forces agreement to keep U.S. forces there past 2011. The Obama administration tried and failed to negotiate such an agreement.
It was a “strategic blunder,” according to Bush, because he’d made everything right in Iraq with the surge, which he offered up as a great example of commander-in-chiefing: “When the plan wasn’t working in Iraq,” Bush said, “we changed.”
That’s a sanitized retelling of how the surge came about. The “plan” in Iraq had not been working for years, as evidenced by the ever-rising death tolls of American troops and Iraqi civilians. But Bush, as you might recall, was something of a stubborn man, and he stuck with the “plan,” insisting all along that it was working, even as the country fell apart before our eyes. Also, anyone who questioned the “plan” was immediately slimed by Bush, Karl Rove, and/or Dick Cheney as a traitorous, terrorist-appeasing, cut-and-run coward. The surge happened in 2007, four years after the war had begun and shortly after the political damage wrought by “staying the course” had cost the Republicans control of Congress in 2006.
And the surge itself failed to accomplish its primary goal of enabling political reconciliation amongst the factions within the Iraqi government. The regime the
Bush administration left in Iraq was hopelessly corrupt and presided over by a wannabe authoritarian strongman who repressed Iraqi Sunnis to consolidate his own power. But according to Bush, forcing the Iraqis to agree to a residual force of a couple of thousand U.S. troops would have kept the sectarian government in line and kept a lid on the violence – a fanciful notion that was contradicted by the entire history of the Iraq war up to that point.
Bush also had a few words on the bad hombres of the Islamic State:
Bush said he views the rise of the Islamic State as al-Qaeda’s “second act” and that they may have changed the name but that murdering innocents is still the favored tactic. He defended his own administration’s handling of terrorism, noting that the terrorist Khalid Sheikh Mohammed, who confessed to killing Wall Street Journal reporter Daniel Pearl, was captured on his watch: “Just remember the guy who slit Danny Pearl’s throat is in Gitmo, and now they’re doing it on TV.”
The Islamic State and Al Qaeda are actually two distinct entities who don’t like each other all that much, but if we must go by this dodgy framework, then the Islamic State is actually Al Qaeda’s third act. The first act was just plain old Al Qaeda. The second act was Al Qaeda in Iraq, which didn’t exist until George W. Bush invaded Iraq and gave regular Al Qaeda the chance to set up a new franchise. The Islamic State grew out of Al Qaeda in Iraq, and the group’s sophistication owes much to the fact that the Bush administration disbanded Saddam Hussein’s army and made freelancers out of Hussein’s intelligence officers, who took their talents to the various jihadist movements.
Anyway, one could go on and on in this vein. It’s silly to think that Bush would ever cop to the enduring failures of his disastrous Iraq adventure, but he at least had the good sense to keep his mouth shut. Now he’s out there defending the Bush record and letting it be known that he’s very concerned about how all the catastrophes he helped author are playing out.
Antarctica’s sinister Blood Falls could be a sign of life on Mars
April 29, 2015
RT
Antarctica’s Blood Falls could be home to microorganisms similar to alien life on Mars. New data shows that beneath McMurdo Dry Valleys, earth’s coldest and driest place, lies salty water that may support previously unknown ecosystems.
This region is best known for the eerie Blood Falls, an outflow of an iron oxide-tainted plume of saltwater. Scientists previously thought that red algae gave this bloody ooze its dramatic color, but later it was proven to be due only to iron oxides.
Scientists have discovered that brines (salt solutions) form extensive aquifers below glaciers, lakes and within permanently frozen soil. According to the National Science Foundation (NSF), the brines may also play a major role in modern biological processes in the Dry Valleys, named so because of their extremely low humidity as well as lack of snow or ice cover.
“These unfrozen materials appear to be relics of past surface ecosystems and our findings provide compelling evidence that they now provide deep subsurface habitats for microbial life despite extreme environmental conditions,” the study’s lead author, Jill Mikucki, an assistant professor of microbiology at the University of Tennessee, was quoted as saying.
It’s hoped that the new data might shed light on whether similar conditions exist elsewhere in the solar system. The Dry valleys ecosystem – home only to microscopic animal and plant life – closely resembles, during the Antarctic summer, conditions on the surface of Mars.
“Over billions of years of evolution, microbes seem to have adapted to conditions in almost all surface and near-surface environments on Earth. Tiny pore spaces filled with hyper-saline brine staying liquid down to -15 Celsius may pose one of the greatest challenges to microbes,” a glaciologist and coauthor at the University of California, Slawek Tulaczyk, said.
According to Tulaczyk, the electromagnetic data gathered by researchers indicates that “margins of Antarctica may shelter a vast microbial habitat, in which limits of life are tested by difficult physical and chemical conditions.”
The team also found evidence that brines flow towards the Antarctic coast from roughly 18 kilometers inland, eventually discharging into the Southern Ocean, a biologically rich body of water that encircles Antarctica.
Researchers think it’s possible that nutrients from microbial weathering in those deep brines affect near-shore biological productivity in the ocean. Meanwhile, the vast majority of Antarctica’s coastal margins remain unexplored.
Researchers managed to gather their groundbreaking data using a novel, helicopter-borne electromagnetic sensor, developed in Denmark, to penetrate the surface of large swathes of terrain. The project took many years of developing the best mapping technology in the world. The results shed new light on the history and evolution of the Dry Valley landscape, which during the height of the southern summer has free flowing rivers and streams.
The research was published in the journal Nature Communications.
Encrypting Your Laptop Like You Mean It
April 27, 2015
by Micah Lee
The Intercept
Time and again, people are told there is one obvious way to mitigate privacy threats of all sorts, from mass government surveillance to pervasive online tracking to cybercriminals: Encryption. As President Obama put it earlier this year, speaking in between his administration’s attacks on encryption, “There’s no scenario in which we don’t want really strong encryption.” Even after helping expose all the ways the government can get its hands on your data, NSA whistleblower Edward Snowden still maintained, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”
But how can ordinary people get started using encryption? Encryption comes in many forms and is used at many different stages in the handling of digital information (you’re using it right now, perhaps without even realizing it, because your connection to this website is encrypted). When you’re trying to protect your privacy, it’s totally unclear how, exactly, to start using encryption. One obvious place to start, where the privacy benefits are high and the technical learning curve is low, is something called full disk encryption. Full disk encryption not only provides the type of strong encryption Snowden and Obama reference, but it’s built-in to all major operating systems, it’s the only way to protect your data in case your laptop gets lost or stolen, and it takes minimal effort to get started and use.
If you want to encrypt your hard disk and have it truly help protect your data, you shouldn’t just flip it on; you should know the basics of what disk encryption protects, what it doesn’t protect, and how to avoid common mistakes that could let an attacker easily bypass your encryption.
If you’re in a hurry, go ahead and skip to the bottom, where I explain, step-by-step, how to encrypt your disk for Windows, Mac OS X, and Linux. Then, when you have time, come back and read the important caveats preceding those instructions.
What disk encryption guards againstIf someone gets physical access to your computer and you aren’t using disk encryption, they can very easily steal all of your files.
It doesn’t matter if you have a good password because the attacker can simply boot to a new operating system off of a USB stick, bypassing your password, to look at your files. Or they can remove your hard disk and put it in a different computer to gain access. All they need is a screwdriver, a second computer, and a $10 USB enclosure.
Computers have become an extension of our lives and private information continually piles up on our hard disks. Your computer probably contains work documents, photos and videos, password databases, web browser histories, and other scattered bits of information that doesn’t belong to anyone but you. Everyone should be running full-disk encryption on their laptops.
Encrypting your disk will protect you and your data in case your laptop falls into the wrong hands, whether because you accidentally left it somewhere, because your home or office was burglarized, or because it was seized by government agents at home or abroad.
It’s worth noting that no one has privacy rights when crossing borders. Even if you’re a U.S. citizen entering the United States, your Constitutional rights do not apply at the border, and border agents reserve the right to copy all of the files off of your computer or phone if they choose to. This is also true in Canada, and in other countries around the world. If you plan on traveling with electronic devices, disk encryption is the only way you have a chance at protecting your data if border agents insist on searching you. In some situations it might be in your best interest to cooperate and unlock your device, but in others it might not. Without disk encryption, the choice is made for you: the border agents get all your data.
What disk encryption is useless against
There’s a common misconception that encrypting your hard disk makes your computer secure, but this isn’t entirely true. In fact, disk encryption is only useful against attackers that have physical access to your computer. It doesn’t make your computer any harder to attack over a network.
All of the common ways people get hacked still apply. Attackers can still trick you into installing malware. You can still visit malicious websites that exploit bugs in Flash, or in your web browser, or in your operating system’s font or image rendering engines, or countless other ways. When you visit benevolent websites, network attackers can still secretly make them malicious by modifying them in transit. Attackers can still exploit services running on your computer, such as network file sharing, iTunes playlist sharing, or your BitTorrent client, to name a few.
And of course, disk encryption doesn’t do anything to stop internet surveillance. Spy agencies like NSA, who tap into the fiber optic cables that make up the backbone of the internet, will still be able to spy on nearly everything you do online. An entirely different category of encryption is needed to fix that systemic problem.
The different ways you can get hacked or surveilled are too numerous to list in full. In future posts I’ll explain how to reduce the size of your probably-vast attack surface. But for now it’s important to know that disk encryption only protects against a single flavor of attack: physical access.
How it works
The goal of disk encryption is to make it so that if someone who isn’t you has access to your computer they won’t be able to access any of your files, but instead will only see scrambled, useless ciphertext.
Most disk encryption works like this. When you first power your computer on, before your operating system can even boot up, you must unlock your disk by supplying the correct encryption key. The files that make up your operating system are on your encrypted disk, after all, so there’s no way for your computer to work with them until the disk is unlocked.
In most cases, typing your passphrase doesn’t unlock the whole disk, it unlocks an encryption key, which in turn unlocks everything on the disk. This indirection allows you to change your passphrase without having to re-encrypt your disk with a new key, and also makes it possible to have multiple passphrases that can unlock the disk, for example if you add another user account to your laptop.
This means that your disk encryption passphrase is potentially one of the weakest security links. If your passphrase is “letmein”, a competent attacker will get past your disk encryption immediately. But if you use a properly generated high-entropy passphrase like “runge wall brave punch tick zesty pier”, it’s likely that no attacker, not even the NSA or Chinese intelligence, will ever be able to guess it.
You have to be extremely careful with strong disk encryption that can only be unlocked with a passphrase you’ve memorized. If you forget the passphrase, you get locked out of your own computer, losing your data forever. No data recovery service can help you, and if you give your machine to the FBI they won’t be able to access your files either. Because that’s kind of the point of disk encryption.
Once your computer is on and you’ve entered your passphrase, your disk encryption is completely transparent to you and to the applications on your computer. Files open and close as they normally would, and programs work just as they would on an unencrypted machine. You won’t notice any performance impact.
This means, however, that when your computer is powered on and unlocked, whomever is sitting at it has access to all your files and data, unencumbered by encryption. So if you want your disk encryption to work to its full potential, you need to lock your screen when your computer is going to be on while you’re away, and, for those times when you forget to lock it, to set it to lock automatically after, say, 10 minutes of idling.
It’s also important that you don’t have any other users on your system that have weak passwords or no passwords, and that you disable the guest account. If someone grabs your laptop, you don’t want them to be able to login at all.
Attacks against disk encryption
There are a few attacks against disk encryption that are tricky to defend against. Here are some precautions you can take.
Power off your computer completely (don’t just suspend it) when you think it’s at risk of falling into someone else’s hands, like right before going through customs when entering a new country. This defends against memory-based attacks.
Computers have temporary storage called RAM (otherwise known as memory) which you can think of as scratch paper for all of your software. When your computer is powered on, your software is constantly writing to and deleting from parts of your RAM. If you use disk encryption, as soon as you successfully unlock your encrypted disk the encryption key is stored in RAM until you power your computer off. It needs to be—otherwise there would be no way to encrypt and decrypt files on the fly as you use your computer.
But unfortunately, laptops have ports that have direct memory access, or DMA, including FireWire, USB, and others. If an attacker has access to your computer and your disk is unlocked (this is true even if your laptop is suspended), they can simply plug a malicious device into your computer to be able to manipulate your RAM. This could include directly reading your encryption keys or injecting commands into your operating system, such as closing the screen lock program. There is open source software called Inception that does just this using a FireWire cable and a second laptop, and there’s plenty of commercial hardware available too, like this one, or this one. It’s worth noting that new versions of Mac OS X uses a cool virtualization technology called VT-d to thwart this type of DMA attack.
But there are other ways for an attacker to learn what’s in your RAM. When you power your computer off, everything in RAM fades into nothingness. But this doesn’t happen immediately; it takes a few minutes, and an attacker can make it take even longer by physically freezing the RAM. An attacker with physical access to your powered-on computer can use a screwdriver to open the case of your computer and then use an upside-down can of compressed air to freeze your RAM (as in the image above). Then they can quickly cut the power to your computer, unplug your RAM, plug the RAM into a different computer, and dump all of the data from RAM to a disk. By sifting through that data, they can find a copy of your encryption key, which can then be used to decrypt all of the files on your hard disk. This is called the cold boot attack, and you can see a video of it in action here.
The key takeaway is that while your encrypted disk is unlocked, disk encryption doesn’t fully protect your data. Because of this, you may consider closing all your work and completely shutting down your computer at the end of the day rather than just suspending it.
It’s also important to make sure your laptop is always physically secure so that only people you trust ever have access to it. You should consider carrying your laptop with you wherever you go, as inconvenient as that may be, if your data is extremely important to you. When traveling, bring it with you in a carry-on bag instead of checking it in your luggage, and carry it with you rather than leaving it in a hotel room. Keep it with a trusted friend or locked in a safe when you can’t babysit it yourself.
This is all to defend against a different type of disk encryption attack known, in somewhat archaic language, as the “evil maid” attack. People often leave their laptops in their hotel room while traveling, and all it takes is one hotel housekeeper/elite hacker to foil your disk encryption.
Even when you use full disk encryption you normally don’t encrypt 100% of your disk. There’s a tiny part of it that remains in plaintext. The program that runs as soon as you power on your computer, that asks you to type in your passphrase and unlocks your encrypted disk, isn’t encrypted itself. An attacker with physical access to your computer could modify that program on the tiny part of your disk that isn’t encrypted to secretly do something malicious, like wait for you to type your passphrase and then install malware in your operating system as soon as you successfully unlock the disk.
Microsoft BitLocker does some cool tricks to make software-based evil maid attacks considerably harder by storing your encryption key in a special tamper-resistant chip in your computer called a Trusted Platform Module, or TPM. It’s designed to only release your encryption key after confirming that your bootloader hasn’t been modified to be malicious, thwarting evil maid attacks. Of course, there are other attacks against TPMs. Last month The Intercept published a document about the CIA’s research into stealing keys from TPMs, with the explicit aim of attacking BitLocker. They have successfully done it, both by monitoring electricity usage of a computer while the TPM is being used and by “measuring electromagnetic signals emanating from the TPM while it remains on the motherboard.”
You can set up your Linux laptop to always boot off of a USB stick that you carry around with you, which also mitigates against evil maid attacks (in this case, 100% of your disk actually is encrypted, and you carry the tiny unencrypted part around with you). But attackers with temporary access to your laptop can do more than modify your boot code. They could install a hardware keylogger, for example, that you would have no way of knowing is in your computer.
The important thing about evil maid attacks is that they work by tampering with a computer without the owner’s knowledge, but they still rely on the legitimate user to unlock the encrypted disk. If someone steals your laptop they can’t do an evil maid attack against you. Rather than stealing it, the attacker needs to secretly tamper with it and return it to you without raising your suspicions.
You can try using bleeding-edge tamper-evidence technology such as glitter nail polish to detect if someone has tampered with your computer. This is quite difficult to do in practice. If you have reason to believe that someone might have maliciously tampered with your computer, don’t type your passphrase into it.
Defending against these attacks might sound intimidating, but the good news is that most people don’t need to worry about it. It all depends on your threat model, which basically is an assessment of your situation to determine how paranoid you really need to be. Only the most high-risk users need to worry about memory-dumping or evil maid attacks. The rest of you can simply turn on disk encryption and forget about it.
What about TrueCrypt?
TrueCrypt is popular disk encryption software used by millions of people. In May of 2014, the security community went into shock when the software’s anonymous developers shut down the project, replacing the homepage with a warning that, “Using TrueCrypt is not secure as it may contain unfixed security issues.”
TrueCrypt recently underwent a thorough security audit showing that it doesn’t have any backdoors or major security issues. Despite this, I don’t recommend that people use TrueCrypt simply because it isn’t maintained anymore. As soon as a security bug is discovered in TrueCrypt (all software contains bugs), it will never get fixed. You’re safer using actively developed encryption software.
How to encrypt your disk in Windows
BitLocker, which is Microsoft’s disk encryption technology, is only included in the Ultimate, Enterprise, and Pro versions of Windows Vista, 7, 8, and 8.1, but not the Home version which is what often comes pre-installed on Windows laptops. To see if BitLocker is supported on your version of Windows, open up Windows Explorer, right-click on C drive, and see if you have a “Turn on BitLocker” option (if you see a “Manage BitLocker” option, then congratulations, your disk is already encrypted, though you may want to finish reading this section anyway).
If BitLocker isn’t supported in your version of Windows, you can choose to upgrade to a version of Windows that is supported by buying a license (open Control Panel, System and Security, System, and click “Get more features with a new edition of Windows”). You can also choose to use different full disk encryption software, such as the open source program DiskCryptor.
BitLocker is designed to be used with a Trusted Platform Module (TPM), a tamper-resistent chip that is built into new PCs that can store your disk encryption key. Because BitLocker keys are stored in the TPM, by default it doesn’t require users to enter a passphrase when booting up. If your computer doesn’t have a TPM (BitLocker will tell you as soon as you try enabling it), it’s possible to use BitLocker without a TPM and to use a passphrase or USB stick instead.
If you only rely on your TPM to protect your encryption key, your disk will get automatically unlocked just by powering on the computer. This means an attacker who steals your computer while it’s fully powered off can simply power it on in order to do a DMA or cold boot attack to extract the key. If you want your disk encryption to be much more secure, in addition to using your TPM you should also set a PIN to unlock your disk or require inserting a USB stick on boot. This is more complicated, but worth it for the extra security.
Whenever you’re ready, try enabling BitLocker on your hard disk by right-clicking on C drive and choosing the “Turn on BitLocker” option. First you’ll be prompted to make a backup of your recovery key, which can be used to unlock your disk in case you ever get locked out.
I recommend that you don’t save a copy of your recovery key to your Microsoft account. If you do, Microsoft—and by extension anyone Microsoft is compelled to share data with, such as law enforcement or intelligence agencies, or anyone that hacks into Microsoft’s servers and can steal their data—will have the ability to unlock your encrypted disk. Instead, you should save your recovery key to a file on another drive or print it. The recovery key can unlock your disk, so it’s important that it doesn’t fall into the wrong hands.
Follow the rest of the simple instructions and reboot your computer. When it boots up again, your disk will begin encrypting. You can continue to work on your computer while it’s encrypting in the background.
Once your disk is done encrypting, the next step is to set a PIN. This requires tweaking some internal Windows settings, but it shouldn’t be too hard if you follow the instructions to the dot.
Click Start and type “gpedit.msc” and press enter to open the Local Group Policy Editor. In the pane to the left, navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
In the pane to the right, double-click on “Require additional authentication at startup.” Change it from “Not Configured” to “Enabled”, and click OK. You can close the Local Group Policy Editor.
Now open Windows Explorer, right-click on drive C, and click “Manage BitLocker”.
In the BitLocker Drive Encryption page, click “Change how drive is unlocked at startup”. Now you can choose to either require a PIN while starting up, or requiring that you insert a USB flash drive. Both work well, but I suggest you use a PIN because it’s something that you memorize. So if you get detained while crossing a border, for example, you can choose not to type your PIN to unlock your drive, however you can’t help it if border agents confiscate your USB flash drive and use that to boot your computer.
If you choose to require a PIN, it must be between 4 and 20 numbers long. The longer you make it the more secure it is, but make sure you choose one that you can memorize. It’s best if you pick this PIN entirely at random rather than basing it on something in your life, so avoid easily guessable PINs like birthdates of loved ones or phone numbers. Whatever you choose make sure you don’t forget it, because otherwise you’ll be locked out of your computer. After entering your PIN twice, click Set PIN.
Now reboot your computer. Before Windows starts booting this time, you should be promped to type your PIN.
Finally, open User Accounts to see all of the users on your computer, confirm that they all have passwords set and change them to be stronger if necessary. Disable the guest account if it’s enabled.
How to encrypt your disk in Mac OS X
FileVault, Apple’s disk encryption technology for Macs, is simple to enable. Open System Preferences, click on the Security & Privacy icon, and switch to the FileVault tab. If you see a button that says “Turn Off FileVault…”, then congratulations, your disk is already encrypted. Otherwise, click the lock icon in the bottom left so you can make changes, and click “Turn On FileVault…”.
Next you will be asked if you want to store a copy of your disk encryption recovery key in your iCloud account.
I recommend that you don’t allow your iCloud account to unlock your disk. If you do, Apple — and by extension anyone Apple is compelled to share data with, such as law enforcement or intelligence agencies, or anyone that hacks into Apple’s servers and can steal their data — will have the ability to unlock your encrypted disk. If you do store your recovery key in your iCloud account, Apple encrypts it using your answers to a series of secret questions as an encryption key itself, offering little real security.
Instead, choose “Create a recovery key and do not use my iCloud account” and click Continue. The next window will show you your recovery key, which is twenty-four random letters and numbers. You can write this down if you wish. The recovery key can unlock your disk, so it’s important that it doesn’t fall into the wrong hands.
Once you click Continue you will be prompted to reboot your computer. After rebooting, FileVault will begin encrypting your hard disk. You can continue to work on your computer while it’s encrypting in the background.
With FileVault, Mac OS X user passwords double as passphrases to unlock your encrypted disk. If you want your passphrase to survive guessing attempts by even the most well-funded spy agencies in the world, you should follow the instructions here to generate a high-entropy passphrase to use to login to your Mac.
Go back to System Preferences and this time click on the Users & Groups icon. From there you should disable the guest account, remove any users that you don’t use, and update any weak passwords to be strong passphrases.
How to encrypt your disk in Linux
Unlike in Windows and Mac OS X, you can only encrypt your disk when you first install Linux. If you already have Linux installed without disk encryption, you’re going to need to backup your data and reinstall Linux. While there’s a huge variety of Linux distributions, I’m going to use Ubuntu as an example, but setting up disk encryption in all major distributions is similar.
Start by booting to your Ubuntu DVD or USB stick and follow the simple instructions to install Ubuntu. When you get to the “Installation type” page, check the box “Encrypt the new Ubuntu installation for security,” and then click Install Now.
On the next page, “Choose a security key,” you must type your encryption passphrase. You’ll have to type this each time you power on your computer to unlock your encrypted disk. If you want your passphrase to survive guessing attempts by even the most well-funded spy agencies in the world, you should follow the instructions here.
Then click Install Now, and follow the rest of the instructions until you get to the “Who are you?” page. Make sure to choose a strong password—if someone steals your laptop while it’s suspended, this password is all that comes between the attacker and your data. And make sure that “Require my password to log in” is checked, and that “Log in automatically” is not checked. There is no reason to check “Encrypt my home folder” here, because you’re already encrypting your entire disk.
And that’s it.
Correction: This post originally gave an incorrect date for when the TrueCrypt project was shut down. April 27 12:35 pm ET.
Israel struck Gaza shelters – UN report
April 27, 2015
BBC News
At least 44 Palestinians were killed by “Israeli actions” while sheltering at seven UN schools during last summer’s war in Gaza, a UN inquiry has found.
UN Secretary General Ban Ki-moon said he deplored the deaths and stressed that UN facilities were “inviolable”.
The inquiry also found that three empty UN schools were used by Palestinian militants to store weapons, and that in two cases they likely fired from them.
The 50-day conflict claimed the lives of more than 2,260 people.
At least 2,189 were Palestinians, including more than 1,486 civilians, according to the UN. On the Israeli side, 67 soldiers were killed along with six civilians.
Utmost gravity’
In November, Mr Ban announced that an independent board of inquiry would look into 10 incidents at schools run by the UN agency for Palestine refugees, Unrwa, between 8 July and 26 August 2014.
Both Israel and Hamas, the militant group that dominates Gaza, said they would co-operate with the probe headed by the retired Dutch general Patrick Cammaert.
At least 227 Palestinians sheltering at UN facilities were injured as a result of Israeli actions
Although the board of inquiry’s full 207-page report will remain private, the UN released a summary of its findings on Monday.
In one incident, a girls’ school was hit by 88 mortar rounds fired by the Israeli military, the summary said. Another girls’ school was struck by an anti-tank projectile, while a third was hit by a missile.
At a fourth girls’ school, the inquiry found, “no prior warning had been given by the government of Israel of the firing of 155mm high explosive projectiles on, or in the surrounding area of the school”.
“It is a matter of the utmost gravity that those who looked to them for protection and who sought and were granted shelter there had their hopes and trust denied,” Mr Ban wrote in a cover letter accompanying the summary.
He also expressed dismay that Palestinian militant groups would put UN schools at risk by using them to hide arms.
The inquiry found no warning was given before 155mm projectiles were fired towards one school
The report found that weapons were stored at three schools, although they were not being used as shelters at the time. The inquiry found that Palestinian militants had probably fired from two schools, which Mr Ban said was “unacceptable”.
“United Nations premises are inviolable and should be places of safety, particularly in a situation of armed conflict,” he warned. “I will work with all concerned and spare no effort to ensure that such incidents will never be repeated.”
A spokesman for the Israeli foreign ministry, Emmanuel Nahshon, said in response: “All of the incidents attributed by the report to Israel have already been subject to thorough examinations, and criminal investigations have been launched where relevant.”
“Israel makes every effort to avoid harm to sensitive sites, in the face of terrorist groups who are committed not only to targeting Israeli civilians but also to using Palestinian civilians and UN facilities as shields for their terrorist activities.”
There was no immediate comment from Hamas or the Palestinian Authority.
Experts had long warned that Nepal was ripe for disaster
April 27, 2015
by Joel Achenbach
The Washington Post
A massive block of Earth’s crust, roughly 75 miles long and 37 miles wide, lurched 10 feet to the south Saturday over the course of 30 seconds. Riding atop this block of the planet was the capital of Nepal — Kathmandu — and millions of Nepalese.
That’s the description of Saturday’s earthquake from University of Colorado geologist Roger Bilham, a world-renowned expert on Himalayan earthquakes. The 7.8-magnitude earthquake that flattened historic buildings in Kathmandu and has taken more than a thousand lives is the latest release of built-up strain from the collision of two of Earth’s tectonic plates.
The Indian plate is inexorably sliding, in a halting, ground-shaking fashion, northward, beneath the much larger Eurasian plate. The process has created the lofty Tibetan plateau and pushed up mountains that reach nearly 30,000 feet above sea level. The Himalaya front can produce earthquakes that are much more powerful than the one on Saturday — such as the 8.2-magnitude earthquake that hit Nepal in 1934.
But this one was relatively shallow, which intensifies the surface shaking, and its epicenter was closer to Kathmandu than the 1934 temblor.
“The earthquake ruptured under the city, very close to the city, so this is as bad as our worst-case scenario, probably,” Bilham said.
As news reports filtered in, experts predicted the death toll will mount steadily.
“I expect that there’s devastation scattered all around Nepal that we’re not even glimpsing at this point,” said Susan Hough, a geologist with the U.S. Geological Survey who has made multiple trips to Nepal.
The news bulletin of the massive quake hit Hough and colleagues hard. Theirs can be a frustrating profession, because they know there are natural disasters and humanitarian crises about to happen somewhere — but they can’t predict precisely where and when. This one, however, had been long anticipated.
For years now, experts on seismic hazard have kept a list of cities most vulnerable to a catastrophic earthquake. Kathmandu has always been high on that list.
Geology, urbanization, architecture and building codes have increased the vulnerability of the Nepalese, experts say, and the only major unknown has been the timing of the disaster.
“We knew it was going to happen. We saw it in ’34,” Hough said. “The earthquakes we expect to happen do happen.”
Scientists, engineers and government officials have worked in recent years on retrofitting schools and hospitals to make them sturdier in a temblor. But at the same time, civil unrest has pushed more people into urban areas, where they inhabit newly constructed, unreinforced-masonry buildings that in many cases are not designed to withstand the strong motion of a quake.
Another problem: Buildings often have what engineers call a “soft first story,” because merchants want open spaces to sell their wares and there are fewer sturdy walls to limit the shaking in an earthquake.
“It was clearly a disaster in the making that was getting worse faster than anyone was able to make it better,” Hough said. “You’re up against a Himalayan-scale problem with Third World resources.”
Bilham agreed: “The message has not been ignored, it’s just that the scope of the reconstruction required to strengthen all the buildings in Kathmandu is so enormous.”
The orthodoxy among seismologists is that earthquakes don’t kill people; buildings kill people.
The challenge of improving building codes has become all the more urgent in an era when urbanization is surging in many parts of the world, including in the Kathmandu Valley.
“It seems that the rural-to-urban migration of people has resulted in really rapid construction of housing which, as far as I can see from my visits, has been unregulated and is just very, very vulnerable,” said Brian Tucker, founder and president of GeoHazards International, a nonprofit devoted to reducing casualties from natural disasters.
On Saturday, he recalled a conversation in the late 1990s with a Nepalese government minister who told him, “We don’t have to worry about earthquakes anymore, because we already had an earthquake.” That was a reference to the 1934 quake.
“I took him to the window and had him look out and said, ‘As long as you see those Himalaya Mountains there, you will know that you will continue to have earthquakes,’” Tucker said.
Nepal quake ‘followed historic pattern’
April 27, 2015
by Kate Ravilious Science writer
BBC News
Nepal’s devastating magnitude-7.8 earthquake on Saturday was primed over 80 years ago by its last massive earthquake in 1934, which razed around a quarter of Kathmandu to the ground and killed over 17,000 people.
This latest quake follows the same pattern as a duo of big tremors that occurred over 700 years ago, and results from a domino effect of strain transferring along the fault, geologists say.
The researchers discovered the likely existence of this doublet effect only in recent weeks, during field work in the region.
Saturday’s quake, which struck an area in central Nepal, between the capital Kathmandu and the city of Pokhara, has had a far-reaching impact.
More than 4,000 people have lost their lives, with victims in Bangladesh, India, Tibet, and on Mount Everest, where avalanches were triggered.
Death tolls and casualty figures are likely to rise over the coming days, and the risk of landslides on slopes made unstable by the quake mean that the danger is far from passed.
Trench investigations
In a sadly prescient turn of events, Laurent Bollinger, from the CEA research agency in France, and his colleagues, uncovered the historical pattern of earthquakes during fieldwork in Nepal last month, and anticipated a major earthquake in exactly the location where Saturday’s big tremor has taken place.
Down in the jungle in central southern Nepal, Bollinger’s team dug trenches across the country’s main earthquake fault (which runs for more than 1,000km from west to east), at the place where the fault meets the surface, and used fragments of charcoal buried within the fault to carbon-date when the fault had last moved.
Ancient texts mention a number of major earthquakes, but locating them on the ground is notoriously difficult.
Monsoon rains wash soils down the hillsides and dense jungle covers much of the land, quickly obscuring earthquake ruptures.
Bollinger’s group was able to show that this segment of fault had not moved for a long time.
“We showed that this fault was not responsible for the great earthquakes of 1505 and 1833, and that the last time it moved was most likely 1344,” says Bollinger, who presented his findings to the Nepal Geological Society two weeks ago.
Previously, the team had worked on the neighbouring segment of fault, which lies to the east of Kathmandu, and had shown that this segment experienced major quakes in 1255, and then more recently in 1934.
When Bollinger and his colleagues saw this historic pattern of events, they became greatly concerned.
“We could see that both Kathmandu and Pokhara would now be particularly exposed to earthquakes rupturing the main fault, where it likely last did in 1344, between the two cities,” explains Paul Tapponnier, from the Earth Observatory of Singapore, who was working with Bollinger.
When a large earthquake occurs, it is common for the movement to transfer strain further along the earthquake fault, and this seems to be what happened in 1255.
Over the following 89 years, strain accumulated in the neighbouring westerly segment of fault, finally rupturing in 1344.
Now, history has repeated itself, with the 1934 fault transferring strain westwards along the fault, which has finally been released today, 81 years later.
And, worryingly, the team warns there could be more to come.
“Early calculations suggest that Saturday’s magnitude-7.8 earthquake is probably not big enough to rupture all the way to the surface, so there is still likely to be more strain stored, and we should probably expect another big earthquake to the west and south of this one in the coming decades,” says Bollinger.
Five Disturbing Things You Didn’t Know About Forensic “Science”
April 25, 2015
by Jordan Smith
The Intercept
Last week, The Washington Post revealed that in 268 trials dating back to 1972, 26 out of 28 examiners within the FBI Laboratory’s microscopic hair comparison unit “overstated forensic matches in a way that favored prosecutors in more than 95 percent” of the cases. These included cases where 14 people have since been either executed or died in prison.
The hair analysis review — the largest-ever post-conviction review of questionable forensic evidence by the FBI — has been ongoing since 2012. The review is a joint effort by the FBI, Innocence Project and the National Association of Criminal Defense Lawyers. The preliminary results announced last week represent just a small percentage of the nearly 3,000 criminal cases in which the FBI hair examiners may have provided analysis. Of the 329 DNA exonerations to date, 74 involved flawed hair evidence analysis.
While these revelations are certainly disturbing — and the implications alarming — the reality is that they represent the tip of the iceberg when it comes to flawed forensics.
In a landmark 2009 report, the National Academy of Sciences concluded that, aside from DNA, there was little, if any, meaningful scientific underpinning to many of the forensic disciplines. “With the exception of nuclear DNA analysis … no forensic method has been rigorously shown to have the capacity to consistently, and with a high degree of certainty, demonstrate a connection between evidence and a specific individual or source,” reads the report.
There is one thing that all troubling forensic techniques have in common: They’re all based on the idea that patterns, or impressions, are unique and can be matched to the thing, or person, who made them. But the validity of this premise has not been subjected to rigorous scientific inquiry. “The forensic science community has had little opportunity to pursue or become proficient in the research that is needed to support what it does,” the NAS report said.
Nonetheless, courts routinely allow forensic practitioners to testify in front of jurors, anointing them “experts” in these pattern-matching fields — together dubbed forensic “sciences” despite the lack of evidence to support that — based only on their individual, practical experience. These witnesses, who are largely presented as learned and unbiased arbiters of truth, can hold great sway with jurors whose expectations are often that real life mimics the television crime lab or police procedural.
But that is not the case, as the first results from the FBI hair evidence review clearly show. And given the conclusions of the NAS report, future results are not likely to improve. What’s more, if other pattern-matching disciplines were subjected to the same scrutiny as hair analysis, there is no reason to think the results would be any better. For some disciplines the results could even be worse. Consider the examples below:
1. Bite-mark analysis is based on two falsehoods and has wrongfully convicted at least 24 people
“Hair comparison analysis is practically DNA compared to bite mark analysis,” says Chris Fabricant, director of strategic litigation for the Innocence Project. Bite-mark analysis — generally the practice of identifying alleged bite marks on human skin and then matching the pattern left behind to a person’s dentition — relies on two basic assumptions: One, that human dentition, like DNA, is unique; and two, that human skin is a good medium for transferring and preserving a bite-mark impression. But as it turns out, neither is true, according to research conducted by Mary Bush, a professor of dentistry at the State University of New York at Buffalo, who, with her team, has conducted the only actual scientific inquiries into the practice in decades.
Indeed, some of the harshest criticism contained in the NAS report focuses on bite-mark evidence, and concludes that there is no scientific underpinning to the discipline. In a recent four-part series on bite-mark analysis, The Washington Post’s Radley Balko described how forensic odontologists — dentists who profess expertise in bite-mark analysis (and who are qualified as such by the American Board of Forensic Odontology) not only reject the NAS’s conclusion, but actively attack anyone who dares to criticize the field. Two examples: In 2013, ABFO leadership orchestrated an aggressive — and ultimately unsuccessful — plan to expel their own colleague, Dr. Michael Bowers, from membership within the American Academy of Forensic Sciences, which would have hamstrung Bowers from testifying against the practice in court. His crime: being a vocal critic of bite-mark “science.” In 2014, speaking at an ABFO dinner, Manhattan prosecutor Melissa Mourges, a strident supporter of bite-mark evidence, not only derided Mary Bush’s work, but also peppered her remarks with petty insults about Bush’s physical appearance.
Of course, as it is with hair analysis — and, really, any of the questionable forensic disciplines critiqued by the NAS — the utter lack of a scientific foundation has done nothing to keep bite-mark evidence out of the courtroom. To date, DNA has exonerated 24 individuals sent to prison on bite-mark evidence.
2. Dexter lied to you about blood spatters. They sow chaos and confusion.
In the popular Showtime series Dexter, serial killer of serial killers Dexter Morgan has a day job with the Miami police, where he works as a blood-spatter analyst. The episodes show him expertly analyzing sprays of blood on walls or drops on floors, quickly — and reliably — arriving at a concrete theory of the crime that, more often than not, leads the PD’s homicide detectives to swift resolution.
If only it were that easy.
While there is some actual science involved in bloodstain-pattern analysis — knowledge of the physics of fluids is helpful, as is an understanding of the pathology of wounds — the sheer number of variables involved in the creation of any given bloodstain makes reaching any definitive conclusion about the circumstances of its origin difficult at best. “The uncertainties associated with bloodstain pattern analysis are enormous,” the NAS report concluded.
Yet for defendants, as with other forensic disciplines, the conclusions of a bloodstain “expert,” can mean the difference between living free or behind bars. The NAS report warns that while science supports “some aspects” of bloodstain-pattern analysis — whether blood “spattered quickly or slowly” for example — some experts “extrapolate far beyond what can be concluded.” This risk was powerfully demonstrated in the bizarre case of Warren Horinek, a former Fort Worth, Texas police officer who, based solely on the conclusions of a blood pattern expert, was convicted and sentenced to 30 years in prison for the 1995 murder of his wife — a death that the police, medical examiner, and prosecutor all concluded was actually suicide.
Horinek remains in prison.
3. Worn shoes and tires can land you on death row, but there’s no evidence they’re unique
Among the most common pattern-matching evidence found at crime scenes are shoe prints and tire tracks. Although, generally speaking, soles and tire treads are decidedly not unique, since both are mass produced — 299 million tires were sold in the U.S. in 2013 alone — a combination of factors allegedly transform these common items into unique pieces of evidence for courtroom purposes. Uniqueness is derived from the degradation of these items from normal wear and tear, cuts, scrapes or other factors.
There are several problems with this type of evidence — not least of which is the fact that while the evidence found at a crime scene remains static, fixed in time, shoe and tire wear is continuous, meaning in part that unless you can immediately match a shoe or tire to a crime scene, the potential probative value of that evidence could quickly be irretrievably lost. But more concerning is that there is no science demonstrating that any particular marks are actually unique, nor are there any standards for how many unique characteristics it takes to declare a match between object and evidence. There is “no defined threshold that must be surpassed, nor are there any studies that associate the number of matching characteristics with the probability that the impressions were made by a common source,” reads the NAS report. “Experts in impression evidence will argue that they accumulate a sense of those probabilities through experience, which may be true. However it is difficult to avoid biases in experience-based judgments, especially in the absence of a feedback mechanism to correct an erroneous judgment.”
Indeed, spurious shoe print evidence offered by an FBI examiner helped to send Charles Irvin Fain to death row for the 1982 kidnapping, rape and murder of a 9-year-old girl in Idaho. According to the examiner, wear on Fain’s shoes matched wear patterns in shoe prints connected to the crime — and those wear patterns, the expert concluded, were created by a person with a particular gait. The perpetrator would “have to have the same characteristic walk as the individual who owned those shoes,” the expert testified.
DNA testing ultimately led to Fain’s release from prison in 2001 after spending 18 years on death row.
4. No two fingerprints are alike? That is the question
Perhaps no area of forensics is more familiar to people — or outside DNA, more believed to be infallible — than fingerprint examination. The practice has been around for more than a century, and its ubiquity and repetition, combined with the mere passage of time, has helped to cement fingerprint matching’s reputation. The problem is that this practice, too, is an entirely subjective endeavor — and it is only recently that there has been any serious scientific inquiry into its validity. “No two prints are alike,” experts will say, but there’s no actual proof that is true.
Importantly, fingerprints collected from crime scenes are often only partial prints, distorted, smudged, or generally “noisy,” as one group of investigators, seeking to formulate error rates for fingerprint examination, wrote last year. And that’s where problems can happen: Consider the case of Brandon Mayfield, the Oregon lawyer who was falsely accused of participation in the 2004 Madrid, Spain train bombings based on a fingerprint collected from a bag containing detonation devices. The FBI later admitted it bungled the print match.
Fortunately, there are ongoing efforts underway within the discipline’s community of experts to validate forensic fingerprint examinations. Jennifer Mnookin, a UCLA law professor and lead investigator into fingerprint error rates, says that leaders in the field have begun to embrace the emerging “research culture” that the area is taking on. “At this point it’s not that the work is done,” she says. “It isn’t. But compared to bite marks…to handwriting [analysis], there is now a growing body of research looking at these questions [of validity and reliability] in a way that didn’t exist 10 to 15 years ago.”
5. The FBI trained an army of local hair-analysis charlatans
Although it is certainly a good thing that the FBI agreed to undertake a review of the work of its hair examiners — and then to clearly and publicly declare the miserable results — there is a deeper and even more troubling truth about the hair analysis revelations: There are potentially tens of thousands of additional cases out there that will not necessarily ever be reviewed. That’s because the FBI examiners for 25 years provided training to hundreds of hair examiners across the country — training that included the demonstrably, scientifically-flawed language that has been exposed in the current, and ongoing FBI case review.
Whether all of the state cases will ever be identified let alone reviewed, remains to be seen.
For Timothy Bridges, the stakes couldn’t be much higher. Bridges was convicted and sentenced to life in prison for the beating and rape of an 83-year-old woman in Charlotte, NC, in the spring of 1989. The victim (who died of unrelated causes before Bridges trial), variously described her attacker and denied that she was raped. Ultimately, Bridges, who had wavy shoulder-length hair — which is how the victim once described her attacker — was charged with the crime. There was no DNA to connect Bridges to the crime and he was not a match for a bloody palm print found at the scene (that print was never matched to anyone). But there were two hairs collected that an FBI-trained examiner testified not only were “likely” Bridges, but also that there was a very low chance they could belong to anyone else: The “likelihood of two Caucasian individuals having indistinguishable head hair is very low,” expert Elinos Whitlock testified — the very sort of language unsupported by science and found in the faulty cases identified in the current FBI review.
Bridges appealed his conviction, arguing in part that there was no scientific basis to Whitlock’s testimony. In 1992, the state appeals court disagreed: “We find no reversible error,” the court ruled, concluding that testimony by a “properly qualified witness on hair identification” was admissible.
Bridges is currently seeking a new trial and the state is reportedly reviewing the matter.