SOURCE:  Kim Zetter for wired.com

STINGRAYS, A SECRETIVE law enforcement surveillance tool, are one of the most controversial technologies in the government’s spy kit. But prosecutors and law enforcement agencies around the country have exerted such great effort to deceive courts and the public about stingrays that learning how and when the technology is used is difficult. 

This week, the government even went so far as to assert in a court filing (.pdf) that articles published by WIRED and other media outlets that expose the deception “are full of unproven claims by defense attorneys and advocates [and] are not proper proof of anything.”

So what do we know? “Stingray” is the generic commercial term for a device otherwise known as an IMSI catcher. The stingray impersonates a legitimate cell tower to trick nearby mobile phones and other wireless communication devices, like air cards, into connecting to them and revealing their international mobile subscriber identity (IMSI) number. More importantly, though, the device also collects information that can point to a mobile device’s location.

By moving the stingray around a geographical area and gathering a wireless device’s signal strength from various locations in a neighborhood, authorities can pinpoint where the device is being used with more precision than with data obtained from a mobile network provider’s fixed tower location.

Although use of the spy technology goes back at least 20 years—the FBI used a primitive version of a stingray to track former hacker Kevin Mitnick in 1994—their use of it has grown in the last decade as mobile phones and devices have become ubiquitous. Today, they’re used by the military and CIA in conflict zones—to prevent adversaries from using a mobile phone to detonate roadside bombs, for example—as well as domestically by federal agencies like the FBI, DEA and US Marshals Service, and by local law enforcement agencies.

Stingrays have the ability to also capture call record data—such as the numbers being dialed from a phone—and some also have the ability to record the content of phone calls, as

SOURCE:  Kris Holt for technewsworld.com

In our pitcher this week are an elegant pen for recording your doodles, a spin on the smart light switch, and a new home for Amazon's Alexa personal assistant.

As always, the ratings denote only how much I'd like to check out each item in meatspace -- these are not reviews.

Sketching Pretty

This column very recently highlighted the latest physical note-capturing systemfrom Evernote. Orée's Stylograph (pictured above) does something very similar, although much more stylishly.

The Stylograph pen, which is made of copper, can transmit your scrawls and doodles to an iOS or Android device. It houses an accelerometer and a camera on the tip to capture what you're noting.

You can get two days of use from an hour's charge, and if you're away from your smartphone or tablet as you're sketching or writing, you can store the data and transfer it later. You can export your handiwork to PDF so you can mold it further digitally.

There are some limitations, in that you must use stone mineral paper with almost-invisible markings, which is available only in A5 size. Additional paper costs US$25 per 190 pages.

The Stylograph retails at $300, which is $100 more than Evernote's Smart Writing Set sells for, but you can refill it with standard D1 ballpoint capsules. Also, the paper blocks are $5 cheaper than Evernote's.

It doesn't seem to me that the Stylograph is a tool anyone needs to survive, but it sure is pretty and, dare I say it, more than a touch classier than furiously typing out notes on a smartphone in class or at a meeting. That is, if you care about keeping up appearances. For a reporter, it'd sure beat scribbling in shorthand using a cheap gel pen.

Smart Switches for Newbies

Confession time: I'm not the handiest person in the world. A couple of years back, I bought a dimmer switch for my living room, but my wiring didn't match that given in the

Bob Wallace, former CIA Station Chief in Seattle covering Alaska and later Director of the Office of Technical Service, gave a major address on the history of CIA activities in Alaska from the early 50's to the post technolgies of the present day. Detailing  a graphic picture of Cold War activities that saw attempts to put personnel "on the ground" to the now high tech world of espionage. In the early years the Soviet culture of secrecy was all encompassing...as the Iron Curtain was very effective and the (U.S.) was blind to Soviet military capabilities according to Wallace. However, after the emergence of the integrated circuit the world of espionage took on new life. Wallace talked about the U-2 plane, satellites, U.S. and Soviet underwater submarines and commication systems that sprang up across Alaska, the DEW line and their impacts.

 

For more details about the conference contact Bob Wallace at: This email address is being protected from spambots. You need JavaScript enabled to view it.. Wallace has co-authored numerous books with CIA Historian, H. Keith Melton. including "SPYCRAFT: The Secret History of the CIA's Spytech's from Communism to Al-Qaeda", "The Official C.I.A. Manual of Trickery and Deception" and more recently the interactive "Spy Sites of New York" and "Spy Sites of Philadelphia". These books and other related espionage books are available through the Artemus website:  www.artemuscg.com.

Most of the information that I have seen on the heartbleed vulnerability is fear, uncertainty and doubt.  There is no shortage of companies with a sales pitch or "experts" who don't really know which end of the cord to plug into the wall..... most with a strong opinion telling us what to worry about.


Take a deep breath.  Here are some things that will help you relax.  I'd like to debunk some of the myths of heartbleed.

Myth 1: Most of the Internet is vulnerable!  No.  

Actually Microsoft products, sites that have upgraded SSL, sites that don't encrypt traffic, sites that do encrypt traffic but don't use OpenSSL,...  by far most of the Internet --  are not affected.  See the status of the top 100 sites at:
 
Note that Yahoo.com has now been fixed.
 

Myth 2:  Change your password immediately!  Perhaps. 
 
It won't help if the site you want to go to has had no vulnerability or if they haven't yet patched the OpenSSL vulnerability.  You can check to see what the situation is using the sitehttps://lastpass.com/heartbleed/ (mouseover to check the link to make sure it goes where you think it does.)  Despite being from a company that is using the Heartbleed for advertising this site has a useful evaluator.  It can tell you what sites like google.com are OK but has a misleading warning on sites with no SSL vulnerability like wali.org.  
 

Myth 3:  Criminals have been harvesting our passwords using this vulnerability!  False.  
 
If that were true there would have been an obvious spike in credit card fraud, black market listing of email accounts and passwords.  No large scale exploitation is obvious.
 

Myth 4:  Our computers will be invaded soon!  Of course not.  
 
Hey, it is a vulnerability that only affects secure websites, etc.  It has nothing to do with someone invading my computer....  Unless it allows someone to discover that all my passwords are the same and they are the name of my dog Fido (oops, shouldn't let that information out).
 

Myth 5:  When heartbleed is fixed our risks will go down!  Keep dreaming.  
 
The major attack vectors in use today are phishing emails and malicious code on websites.  They are in fact the major risk in the current heartbleed situation.  Have you received an email from "yourbank.com" saying to "click here" to fix this problem?  Watch out.
 

Fact:  Using a password manager to have a different complex password for each site is always a good idea.  Maybe this is the time to start.  The one that I use and recommend is free from http://sourceforge.net/projects/keepass/?source=directory
 

These tips are aimed at taking headaches out of computer operation.  I recommend stuff that I use.  The goal is to prevent disasters without the usual fear/uncertainty/doubt that some folks spread.  
 
 
If you have questions, contacts us at This email address is being protected from spambots. You need JavaScript enabled to view it..