Police
FBI seize one of Instapaper’s servers (incorrectly!)
Jun 23rd
In this connected world where people have their data and information spread across a wealth of services, servers and databases we’re all rightly worried about hacking attempts and how safe that data is. Sometimes even the best will in the world cant help though, as Instapaper has been unfortunate enough to have one of their servers confiscated under a warrant that was being served on someone they were just unlucky enough to share data centre space with! Instapaper is a site and mobile app combo that allows it’s users to save interesting or lengthy articles for later reading at home, on the mobile device or simply when it would be more convenient.
Absolute full credit must be given to Instapaper though for immediately making an announcement to it’s users informing them of what had transpired, what this meant to the service, and which data would now be in the hands of the FBI. More credit again to the fact that their passwords are stored as SHA1 hashes, rather than simply being the actual password as has been the problem in far too many recent data breaches.
From the post, outlining what is now in the hands of the FBI:
Possibly most importantly, though, the FBI is now presumably in possession of a complete copy of the Instapaper database as it stood on Tuesday morning, including the complete list of users and any non-deleted bookmarks. (“Archived” bookmarks are not deleted. “Deleted” bookmarks are hard-deleted out of the database immediately.)
Instapaper stores only salted SHA-1 hashes of passwords, so those are relatively safe. But email addresses are stored in the clear, as is the saved content of each bookmark saved by the bookmarklet.
The server also contained a complete copy of the Instapaper website codebase, but not the codebase of the iOS app.
Linked Facebook, Twitter, or Tumblr accounts only store their respective OAuth keys. Linked Evernote accounts only store the Evernote email-in address. Linked Pinboard accounts, however, store plaintext usernames and encrypted passwords, and the encryption keys are present in the website source code on the server.
So the FBI now has illegal possession of nearly all of Instapaper’s data and a moderate portion of its codebase, and as far as I know, this is completely out of my control.
The rest of the post can be read by clicking here, and it certainly makes for interesting reading.
Bravo to Instapaper in how they have handled this, if only more companies would be as transparent and up front with their user base.
~Shepy
I know what you did last summer (iPhone GPS Tracking)
Apr 20th
Blog posts and new reports are starting to spread about a recently ‘discovered’ feature in iOS 4 that keeps a regular and continuous log of the GPS fix of your device, at all times. It doesn’t just use this information for location aware services, it’s not just for geotagging photos, this is permanent and retrievable log of all the GPS fixes your phone has had, stored on your phone with time stamps. As if that wasn’t bad enough, this log is also stored in an unencrypted format.
I’ve mentioned here before about how little trust I have for logging exact co-ordinates of anything to any kind of permanent or shared information, but this takes it one step further. At least with all of the technologies and uses that I have discussed so far, you have the option to select not to record or share this information, they are ‘opt in’ features. This isn’t, this is enabled by default and has no option to disable it and does it without your knowledge.
Personally I think this is a massive violation of privacy, and could potentially lead to a lot of problems later down the line, to give a few examples:
- You are suspected in a crime, the police demand and seize your phone. They can legally demand that you had over the key to any encrypted information that you have, under threat of imprisonment, so you can bet your life they can demand this information in the name of evidence.
- You make a claim on your insurance, but they think you may have been going too fast. They demand this file as proof of your location and time stamp (which can be used to factor velocity and trajectory) and refuse to pay out on the insurance without it.
- You are undergoing divorce proceedings, accused of extra curricular activities. The opposing lawyer requests to submit this log into evidence of your whereabouts. Lets say you’ve been to an ‘adult’ store, it bears no relevance in this case, but you can be sure it would be used to bring your credibility into question.
- You lose your rucksack, it has your phone, your wallet and your house keys in it. If you’re unlucky enough not to have any security on your phone then the person who has your house keys and work’s keyswipe card now also has a log that shows two clear clusters of activity around your workplace and home, they know where they keys are for and where they keypass works. Fancy spending a few hours explaining to your boss why they just had 4 laptops stolen and yours is the only keycard used to access the building that night?
- You know that app that you gave permission to access and change files on the storage of your device, and full internet access so it can store it’s pictures and upload them to the net for you to share? Yeah, you also just gave that app the opportunity to send a copy of this file back to wherever it likes for whatever use is so desired.
These are just the first ones I can think of off the top of my head, you can be sure there are more. If ever there was a reason to get rid of your apple device, and get something more open then this is surely it. This log is even included in the default set for device backup when you chose to do so, as prompted so often, by iTunes. Get a new device, or have to restore your current one for some reason and the log gets restored to the device and continues to log further.
I look forward to seeing what the justification for this is from Apple. Whilst I can understand the need to perhaps cache this information to prevent drain on the battery of constant GPS fixes from various apps, anything more than a 15 minute buffer is entirely overkill and without reason.
You can find more information about this through any one of a number of sites and news sources (google link)
~Shepy
Mounted police charge protesters
Nov 26th
Whilst I don’t agree with a lot of the goings on at the student protests lately, which often have just degraded into outright vandalism, there is an acceptable level of reaction from the police, and this goes far beyond that.
Today I saw a @paul_a_smith retweeting a link from @arlloyd which was an article, with video on the guardian site showing mounted police charging on the protestors, one of whom is pregnant (and though they had no way of knowing that, they should assume the possiblity of potential risks such as this). Here is the video from the article:
httpv://www.youtube.com/watch?v=rgxwTF-qeAo&feature=player_embedded
While some of the damage and material loss caused by the protest is deplorable, nothing warrants these people being charged by officers mounted on horses. For the Met Police to then deny that the crowd were charged shows a level of incompetency and underhandedness that is simply unacceptable.
In my opinion, there should be an external investigation which covers:
- Why the order was given to charge
- What risk assessment was done prior to the order
- Why the charge was hidden and denied afterwards
- What injury was caused by this charge
- How will those responsible be brought to task (criminal or professional).
The original article on the Guardian website can be found here for anyone wanting to read more.
~Shepy
Court short
Aug 12th
Well, as you all know yesterday was the big day for the court appearance for Rookinella and her cohorts.
As some people had noticed, the online listings for Forfar showed that they were not listed to be in court there. None of the other local courts showed them listed either, but a wee bit digging soon turned up the fact that they had just been re-assigned to Arbroath from Forfar, which was more or less the same distance from where I was on Tuesday, so I decided to have a look along anyway.
Round about 9:15 the merry bunch arrived, and as had been promised on one of the urbex sites, Rookinella offered me a chocolate orange. I had no interest in it, but as there was a homeless guy sitting on the next bench along so I said she should just give it to the tramp. She didnt pass it to the homeless guy, but she did unwrap it and eat some, so I guess a tramp got it in the end, just not the one I was thinking of.
Anyway, the day was somewhat of a damp squib court-wise, as the group were sent away after about an hour or so after court opened session for the day, meaning for those coming from Brighton a 1,000+ mile round trip to not even bother appearing in court. Summons for them to return to Arbroath will be in the post for them to re-attend soon however, so I’ve set a script monitoring the Arbroath listings for their appearance and other methods checking also, so assuming I’m free around the time of the new date then I’ll no doubt make a second visit.
The famous five at Arbroath Court
~Shepy
Shhh, dont tell anyone about Rookinella
Jul 20th
This is a cross post from a private forum:
(Begin Quote)
Im not sure if im meant to tell everyone what has gone on… then again i dont care.
Rookinella and her band of merry men were caught inside Stracathro hospital this week gone, and got arrested for being found in an enclosed space and for intent to steal. Now keep this quiet, this is strictly between you and I, because Rookinella (Lucy Sparrow) probably does not want this information getting back to her parents (Same situation, would you want your parents to find out?), so whatever you do please dont tell anyone (Like Mark Sparrow, her dad). Anyway, the upshot of it is that they have to attend court on the 11th of August, now i personally think that with previous convictions such swag hags as Rookinella are probablly caking it right now, but that is just personal opinion. Anyway, they have to attend the Forfar Sheriff court on the 11th August to have the final sentence handed down to them. Now normally we would have to rely on those involved to report back on the proceedings of the day, but miracle or miracles i find myself otherwise engaged locally to forfar around that time, so selflessly i am willing to attend court and report back full and factual information to the urbex community as a whole on the proceedings of the day.
~Shepy
P.S. I realise this is a private forum and therefore not indexed by google, for this reason i have cross posted this to my own google indexed blog.
(End Quote)
Hunted by police helicopter
Jul 4th
A couple of friends and I were out exploring last night, a magnificent old building constructed in 1808 as a college and seminary in County Durham. After having explored the site for a little over two hours we headed towards our exit and heard a helicopter flying above.
Quickly we ducked back into the building and decided to wait it out and have a cigarette while we waited for the thing to pass overhead so we were not seen exiting the place. After a bit of discussion we agreed that it was unlikely they would send out a helicopter for us, a couple of trespassers and after waiting for 15 minutes and still no signs of the helicopter moving on any, we decided to just exit anyway. One set of ninja manoeuvres to get out quickly and we walked clear of the building and started taking our external shots of the place. The helicopter was hovering close to the place, but not quite over it so we assumed it was perhaps there for something going on over at the road nearby.
After we had our external shots we walked over to exit the fence surrounding the place to find two police officers waiting, and it hit home rather quickly that indeed the helicopter was there for us.
Luckily it was just a case of us explaining to them that we were just there taking photographs, and to back this up i always carry a little printed 12 page booklet with some examples of my previous urbex pictures, and showed the officers the pictures in our cameras to show we had just been doing the same. They took our details and carried out a couple of quick PNC checks whilst having a chat with us about the dangers inherent to the hobby etc and then sent us on our merry way, at which point we saw two police vans sitting over at the end of the building around the corner.
Now I’m used to police attention whilst exploring, often security or a busy body in the area will call them out and we will be questioned, which has lead to me being arrested on a couple of occasions and then being released after questioning. I can understand this entirely, and in a way am quite thankful for it as it helps to prevent the pikies from stealing the lead from the roofs, the copper from the floors and generally just trashing these places that we like to visit.
I do however think that the helicopter was a bit excessive, especially as we had parked our car about a quarter mile from the site, and it was the farmer near to where we had parked who had called in the incident to the police. They knew where our vehicle was, they had the name and address of the owner from a vehicle check no doubt, so why then would they need to send out a helicopter to look for us as well as the two vehicle sand four officers? Whilst I appreciate that they will not have been able to find or see us due to the fact we were in the building, they knew exactly where we would head once we left the building, so they could have simply caught us at that point.
A quick search of google turned up the following information for the cost of a police helicopter for one year; £1,216,542 for 1294 flights, but unfortunately due to the varying nature of the duration of these flights these figures can not be used to calculate the cost per hour of a helicopter to the force. I did manage to find however that if a helicopter is called in by a neighbouring county’s police force then it would be charged at £1,500 per hour. These figures are also based on 05-06 data, so presumably due to increasing fuel charges this figure is now much greater. Working on that figure though, and the half hour stated by one of the officers that they were at the site, they have spent at least £750 to keep a helicopter in the air to look for us at a site no bigger than a football field, and could have easily stopped us for questioning or whatever else they pleased when we returned to the car. It all just seems a little wasteful and keen to use the helicopter to me.
Anyway, we were let go without arrest or charge, and the explore was really quite enjoyable and turned out some nice pictures, so ultimately it was quite a good explore for us. Pictures to come soon.
~Shepy