Mike Gerwitz

Activist for User Freedom

summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Gerwitz <mtg@gnu.org>2017-10-18 01:58:04 -0400
committerMike Gerwitz <mtg@gnu.org>2017-10-18 01:58:04 -0400
commit30e064ab0b320b7dc75c4be575ae630ced4cc429 (patch)
treed29a3848fbc858d3f71b686c087afce0056bb026
parentbb93ca240ccf7d16c638ed6b92adf18858e86b04 (diff)
downloadsapsf-more-refs.tar.gz
sapsf-more-refs.tar.bz2
sapsf-more-refs.zip
More references, WIPmore-refs
-rw-r--r--sapsf.bib481
1 files changed, 481 insertions, 0 deletions
diff --git a/sapsf.bib b/sapsf.bib
index b50596e..74623d0 100644
--- a/sapsf.bib
+++ b/sapsf.bib
@@ -1229,3 +1229,484 @@
url = {http://www.businessinsider.com/ford-exec-gps-2014-1},
urldate = {2017-03-21},
}
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%% POST-PRESENTATION %%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+@online{verizon-spyware,
+ author = {Budington, Bill
+ and Gillula, Jeremy
+ and Tummarello, Kate},
+ title = {The {First Horseman} of the Privacy Apocalypse Has Already Arrived:
+ {Verizon} Announces Plans to Install Spyware on All Its
+ {Android} Phones},
+ organization = {Electronic Frontier Foundation},
+ date = {2017-03-30},
+ url = {https://www.eff.org/deeplinks/2017/03/first-horseman-privacy-apocalypse-has-already-arrived-verizon-announces-plans},
+ urldate = {2017-03-30},
+ tags = {advertising, appflash, geolocation, location, mobile, privacy,
+ spyware, tracking, verizon},
+ annotation = {Less than 48~hours after Congress recended Internet privacy
+ protections, Verizon intends to install spyware on users'
+ Android devices},
+}
+
+@online{sec-https-mitm,
+ author = {Durumeric, Zakir
+ and Ma, Zane
+ and Springall, Drew
+ and Barnes, Richard
+ and Sullivan, Nick
+ and Bursztein, Elie
+ and Bailey, Michael
+ and Halderman, J.~Alex
+ and Paxson, Vern},
+ title = {The Security Impact of HTTPS Interception},
+ doi = {10.14722/ndss.2017.23456},
+ date = {2017},
+ organization = {University of Michigan
+ and University of Illinois Urbana-Champaig,
+ and Mozilla
+ and Cloudflare
+ and Google
+ and University of California Berkeley
+ and International Computer Science Institute},
+ url = {https://zakird.com/papers/https_interception.pdf},
+ urldate = {2017-04-02},
+ tags = {https, mitm, security, privacy, antivirus, detection,
+ cryptography},
+}
+
+@online{eff:smart-meter,
+ author = {Gullo, Karen
+ and Williams, Jamie},
+ title = {An {Illinois} Court Just Didn’t Get It: We Are Entitled to Expect
+ Privacy In Our Smart Meter Data, Which Reveals What’s
+ Going On Inside Our Homes},
+ organization = {Electronic Frontier Foundation},
+ date = {2017-03-01},
+ url = {https://www.eff.org/deeplinks/2017/03/illinois-court-just-didnt-get-it-we-are-entitled-expect-privacy-our-smart},
+ urldate = {2017-04-02},
+ tags = {iot, personal data, privacy, fourth amendment, court,
+ illinois, district court, naperville, court of appeals,
+ seventh circuit, privacy international}
+}
+
+@online{register:w10-privacy,
+ author = {Thomson, Lain},
+ title = {Put down your coffee and admire the sheer amount of data
+ {Windows 10 Creators Update} will slurp from your {PC}},
+ subtitle = {Official list of phoned-home info revealed by {Microsoft}},
+ organization = {The Register},
+ date = {2017-04-06},
+ url = {https://web.archive.org/save/https://www.theregister.co.uk/2017/04/06/microsoft_windows_10_creators_update/},
+ urldate = {2017-04-07},
+ annotation = {Archive.org link used because The~Register blocks
+ Tor~users unless they execute proprietary JavaScript.},
+}
+
+@online{nsa:windows-0day,
+ author = {Biddle, Sam},
+ title = {Leaked {NSA} Malware Threatens {Windows} Users Around the World},
+ organization = {The Intercept},
+ date = {2017-04-14},
+ url = {https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/},
+ urldate = {2017-04-15},
+ tags = {0day, esteemaudit, fuzzbunch, malware, nsa, oddjob, security,
+ shadow brokers, tailored access operations, tao, windows,
+ zippybeer},
+}
+
+@online{bk-not-ok-google,
+ author = {Titcomb, James},
+ title = {Not OK, Google: Burger King advert designed to hijack Google Home
+ speakers backfires},
+ organization = {Yahoo!},
+ date = {2017-04-13}
+ url = {https://m.yahoo.com/w/legobpengine/finance/news/not-ok-google-burger-king-084506757.html?.intl=us&.lang=en-us},
+ urldate = {2017-04-16},
+ tags = {burger king, comercial, google, google home, privacy, security,
+ whopper, wikipedia},
+}
+
+@online{ms:windows-diagnostic,
+ author = {Lich, Brian},
+ title = {Windows 10, version~1703 Diagnostic Data},
+ organization = {Microsoft},
+ date = {2017-04-05},
+ url = {https://technet.microsoft.com/itpro/windows/configure/windows-diagnostic-data},
+ urldate = {2017-04-20},
+ tags = {privacy, security, windows, what the fuck, surveillance,
+ exfiltrate},
+}
+
+@online{guardian:uber-godview,
+ author = {Hern, Alex},
+ title = {Uber employees `spied on ex-partners, politicians
+ and {Beyoncé}'},
+ subtitle = {Cab startup’s former forensic investigator Samuel Ward
+ Spangenberg claims he was fired from the company after
+ blowing whistle on lack of security},
+ organization = {The Guardian},
+ date = {2016-12-13},
+ url = {https://www.theguardian.com/technology/2016/dec/13/uber-employees-spying-ex-partners-politicians-beyonce},
+ urldate = {2017-04-26},
+}
+
+@online{fpcentral,
+ url = {https://fpcentral.irisa.fr/},
+}
+
+@online{sensor-side-channel,
+ url = {https://blogs.ncl.ac.uk/security/author/b2031864/},
+}
+
+@online{ambient-light,
+ url = {https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/},
+}
+
+@online{arixv:airgap-scanner,
+ url = {https://arxiv.org/abs/1703.07751},
+}
+
+@online{bloomberg:pacemaker-st-jude,
+ url = {https://www.bloomberg.com/news/articles/2016-08-25/carson-block-takes-on-st-jude-medical-with-claim-of-hack-risk},
+}
+
+@online{silverpush-unmasked,
+ url = {https://github.com/MAVProxyUser/SilverPushUnmasked},
+}
+
+% specifically, see references
+@online{ss7,
+ url = {https://en.wikipedia.org/wiki/Signalling_System_No._7#Protocol_security_vulnerabilities},
+}
+
+@online{ars:hajime-botnet,
+ url = {https://arstechnica.com/security/2017/04/a-vigilante-is-putting-huge-amount-of-work-into-infecting-iot-devices/},
+}
+
+% oh, imagine that
+@online{intel:me-priv-escal,
+ url = {https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr},
+}
+
+% no password needed!
+@online{ars:intel-amt,
+ url = {https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/},
+}
+
+@online{eff:intel-amt,
+ url = {https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it},
+}
+
+@online{eff:nhtsa-v2v,
+ url = {https://www.eff.org/deeplinks/2017/05/danger-ahead-governments-plan-vehicle-vehicle-communication-threatens-privacy},
+}
+
+@online{nyt:ransom-world,
+ url = {https://mobile.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html?smprod=nytcore-iphone&smid=nytcore-iphone-share&_r=1&referer=https://www.rt.com/news/388153-thousands-ransomeware-attacks-worldwide/},
+}
+
+@online{lat:google-offline,
+ url = {http://www.latimes.com/business/technology/la-fi-tn-google-ads-tracking-20170523-story.html},
+}
+
+@online{giz:ice-imsi,
+ url = {https://gizmodo.com/ice-agents-are-using-stingray-surveillance-tech-to-capt-1795377902},
+}
+
+@online{eff:vep-patch,
+ url = {https://www.eff.org/deeplinks/2017/05/congress-imperfect-start-addressing-vulnerabilities},
+}
+
+@online{xato:windows-spying,
+ url = {https://xato.net/windows-spying-and-a-twitter-rant-19203babb2e7},
+}
+
+@online{insider-surveillance,
+ url = {https://insidersurveillance.com/about-us/},
+}
+
+@online{ccc:iris,
+ url = {https://www.ccc.de/en/updates/2017/iriden},
+}
+
+@online{eff:aadhaar,
+ url = https://www.eff.org/deeplinks/2017/05/aadhaar-ushering-commercialized-era-surveillance-india,
+}
+
+@online{twitter:theresa-may-human-rights,
+ url = {https://twitter.com/theresa_may/status/872181737933217794},
+}
+
+@online{ars:uk-afr,
+ url = {https://arstechnica.com/tech-policy/2017/06/police-automatic-face-recognition/},
+}
+
+@online{theage:turnball-crypto-war,
+ url = {http://www.theage.com.au/federal-politics/political-news/how-the-turnbull-government-plans-to-access-encrypted-messages-20170609-gwoge0.html},
+}
+
+@online{tfreak:russia-tor-vpn,
+ url = {https://torrentfreak.com/bill-to-ban-vpns-unmask-operators-submitted-to-russias-parliament-170609/},
+}
+
+@online{bleep:malware-intel-me,
+ url = {https://www.bleepingcomputer.com/news/security/malware-uses-obscure-intel-cpu-feature-to-steal-data-and-avoid-firewalls/},
+}
+
+@online{guardian:brandis-hw-backdoor,
+ url = {https://www.theguardian.com/technology/2017/jun/12/george-brandiss-salvo-in-cryptowars-could-blow-a-hole-in-architecture-of-the-internet},
+}
+
+@online{p1sec:volte,
+ url = {https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf}
+}
+
+@online{ucsd:getoffmycloud,
+ url = {https://cseweb.ucsd.edu/~hovav/dist/cloudsec.pdf},
+}
+
+@online{ncc:time-trial,
+ url = {https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/TimeTrial.pdf},
+}
+
+@online{upguard:rnc-analytics,
+ url = {https://www.upguard.com/breaches/the-rnc-files}
+}
+
+@online{bbc:eu-e2e-enc,
+ url = {http://www.bbc.com/news/technology-40326544}
+}
+
+@online{krebs:petya,
+ url = {https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/}
+}
+
+@online{threatpost:petya,
+ url = {https://threatpost.com/complex-petya-like-ransomware-outbreak-worse-than-wannacry/126561/}
+}
+
+@online{securelist:petya,
+ url = {https://securelist.com/schroedingers-petya/78870/}
+}
+
+@online{wired:cia-wifi-tracking,
+ url = {https://www.wired.com/story/wikileaks-cia-wifi-location-tracking}
+}
+
+@online{china-apple-user-data,
+ url = {https://www.hongkongfp.com/2017/06/08/china-uncovers-massive-underground-network-apple-employees-selling-customers-personal-data/}
+}
+
+@online{sat-observation,
+ url = {https://satelliteobservation.wordpress.com/2017/06/04/signal-intelligence-101-sigint-targets/}
+}
+
+@online{aclu:student-spy-laptops,
+ url = {https://www.aclu.org/blog/speak-freely/rhode-island-some-schools-think-they-have-right-spy-students-school-laptops}
+}
+
+@online{eff:student-spy-report-2017,
+ url = {https://www.eff.org/wp/school-issued-devices-and-student-privacy}
+}
+
+@online{aclu:school-privacy-report,
+ url = {http://riaclu.org/images/uploads/ACLU_1-1_School_Privacy_Report_Final.pdf}
+}
+
+@online{ars:cia-cherryblossom,
+ url = {https://arstechnica.com/security/2017/06/advanced-cia-firmware-turns-home-routers-into-covert-listening-posts/}
+}
+
+@online{vault7:cherryblossom,
+ url = {https://wikileaks.org/vault7/document/SRI-SLO-FF-2012-177-CherryBlossom_UsersManual_CDRL-12_SLO-FF-2012-171/}
+}
+
+@online{aes-tempest,
+ url = {https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf}
+}
+
+@online{brennan:foreign-interfere,
+ url = {https://www.brennancenter.org/sites/default/files/publications/Foreign\%20Interference_0629_1030_AM.pdf},
+}
+
+@online{myshadow,
+ url = {https://myshadow.org/},
+}
+
+@online{motherboard:apple-bug-bounty,
+ url = {https://motherboard.vice.com/en_us/article/gybppx/iphone-bugs-are-too-valuable-to-report-to-apple},
+}
+
+@online{eff:australia-pm-e2e-ban,
+ url = {https://www.eff.org/deeplinks/2017/07/australian-pm-calls-end-end-encryption-ban-says-laws-mathematics-dont-apply-down},
+}
+
+@online{eff:cbp-remote-content,
+ url = {https://www.eff.org/deeplinks/2017/07/cbp-responds-sen-wyden-border-agents-may-not-search-travelers-cloud-content},
+}
+
+@online{engadget:roomba-map,
+ url = {https://www.engadget.com/2017/07/24/roomba-irobot-sell-digital-maps-home/},
+}
+
+@online{nytimes:sweden-ibm-breach,
+ url = {https://www.nytimes.com/2017/07/25/world/europe/ibm-sweden-data-outsourcing.html},
+}
+
+@online{cell-tracking-how,
+ url = {https://thehftguy.com/2017/07/19/what-does-it-really-take-to-track-100-million-cell-phones/},
+}
+
+@online{threatpost:adups,
+ url = {https://threatpost.com/android-sypware-still-collects-pii-despite-outcry/127042/},
+}
+
+@online{threatpost:rad-mon-nopatch,
+ url = {https://threatpost.com/vulnerable-radiation-monitoring-devices-wont-be-patched/126967/},
+}
+
+@online{ars:lipizzan,
+ url = {https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts/},
+}
+
+@online{sophos:sms-exfiltrate,
+ url = {https://nakedsecurity.sophos.com/2017/07/27/dont-want-your-smss-stolen-dont-download-these-android-apps/},
+}
+
+@online{psmag:resturaunt-surveil,
+ url = {https://psmag.com/economics/your-favorite-restaurants-are-surveilling-you},
+}
+
+@online{wapo:google-shop-track,
+ url = {https://www.washingtonpost.com/news/the-switch/wp/2017/05/23/google-now-knows-when-you-are-at-a-cash-register-and-how-much-you-are-spending/?utm_term=.5959c4d7b4f0},
+}
+
+@online{wapo:google-shop-track-fed,
+ url = {https://www.washingtonpost.com/news/the-switch/wp/2017/07/30/googles-new-program-to-track-shoppers-sparks-a-federal-privacy-complaint/},
+}
+
+@online{voting-crack-defcon,
+ url = {https://blog.horner.tj/post/hacking-voting-machines-def-con-25},
+}
+
+@online{electrek:keenlab-tesla-again,
+ url = {https://electrek.co/2017/07/28/tesla-hack-keen-lab/},
+ tags = {vehicle},
+}
+
+@online{keenlab:tesla-again,
+ url = {http://keenlab.tencent.com/en/2017/07/27/New-Car-Hacking-Research-2017-Remote-Attack-Tesla-Motors-Again/},
+ tags = {vehicle},
+}
+
+@online{ars:zerodium-mobile,
+ url = {https://arstechnica.com/information-technology/2017/08/wanted-weaponized-exploits-that-hack-phones-will-pay-top-dollar/},
+}
+
+@online{zdnet:accuweather-spy,
+ url = {http://www.zdnet.com/article/accuweather-still-shares-precise-location-with-advertisers-tests-reveal/},
+}
+
+@online{delete-fb,
+ url = {http://www.deletefacebook.com/},
+}
+
+@online{techcrunch:voting-dre-decommission,
+ url = {https://techcrunch.com/2017/09/08/virginia-dre-voting-machines-hack/},
+}
+
+@online{eff:dhs-lawsuit,
+ url = {https://www.eff.org/press/releases/eff-aclu-media-conference-call-today-announce-lawsuit-over-warrantless-phone-and},
+}
+
+@online{dolphinattack,
+ title = {DolphinAttack: Inaudible Voice Commands},
+ url = {https://endchan.xyz/.media/50cf379143925a3926298f881d3c19ab-applicationpdf.pdf},
+}
+
+@online{vice:facial-obscured,
+ title = {{AI} Will Soon Identify Protesters With Their Faces Partly Concealed},
+ url = {https://motherboard.vice.com/en_us/article/mbby88/ai-will-soon-identify-protesters-with-their-faces-partly-concealed},
+}
+
+@online{eff:ios-wifi-off,
+ title = {{iOS} 11’s Misleading “Off-ish” Setting for {Bluetooth} and {Wi-Fi} is Bad for User Security},
+ url = {https://www.eff.org/deeplinks/2017/10/ios-11s-misleading-ish-setting-bluetooth-and-wi-fi-bad-user-security},
+}
+
+@online{apolice:google-home-mini,
+ title = {Google is nerfing all {Home Minis} because mine spied on everything I said 24/7},
+ url = {http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/},
+ notes = {It does not matter whether these types of devices have bugs,
+ deliberate or not: the point is that such things are
+ possible, and then can indeed be used as surveillance devices.}
+}
+
+@online{reuters:symantic-code-review,
+ title = {Exclusive: {Symantec} {CEO} says source code reviews pose unacceptable risk},
+ url = {http://www.reuters.com/article/us-usa-cyber-russia-symantec/exclusive-symantec-ceo-says-source-code-reviews-pose-unacceptable-risk-idUSKBN1CF2SB},
+}
+
+@online{oneplus-spyware,
+ url = {https://www.chrisdcmoore.co.uk/post/oneplus-analytics/},
+}
+
+@online{reuters:equifax-tp-scripts,
+ title = {Equifax says systems not compromised in latest cyber scare},
+ url = {http://www.reuters.com/article/us-equifax-breach/equifax-takes-down-web-page-after-reports-of-new-hack-idUSKBN1CH2F3},
+ notes = {Surprise, you can't trust third-party scripts.}
+}
+
+% ethics
+@online{motherboard:pornhub-ai,
+ title = {Facial Recognition for Porn Stars Is a Privacy Nightmare Waiting to Happen},
+ subtitle = {The underlying tech being used by Pornhub could one day be
+ used by more nefarious actors to identify amateur and
+ unwitting porn models},
+ url = {https://motherboard.vice.com/en_us/article/a3kmpb/facial-recognition-for-porn-stars-is-a-privacy-nightmare-waiting-to-happen},
+}
+
+% ethics
+@online{gizmodo:facebook-sex-workers,
+ title = {How Facebook Outs Sex Workers},
+ url = {https://gizmodo.com/how-facebook-outs-sex-workers-1818861596},
+}
+
+% ethics
+@online{pew:automation,
+ title = {Automation in Everyday Life},
+ subtitle = {Americans express more worry than enthusiasm about coming
+ developments in automation---from driverless vehicles to a
+ world in which machines perform many jobs currently done by
+ humans},
+ url = {http://www.pewinternet.org/2017/10/04/automation-in-everyday-life/},
+}
+
+@online{techcrunch:uk-social-media,
+ title = {UK spies using social media data for mass surveillance},
+ author = {Lomas, Natasha},
+ url = {https://techcrunch.com/2017/10/17/uk-spies-using-social-media-data-for-mass-surveillance/},
+ urldate = {2017-10-18},
+ archive = {https://web.archive.org/web/20171018053036/},
+}
+
+@online{medium:telco-tracking,
+ title = {Want to see something crazy? Open this link on your phone with WiFi turned off.},
+ author = {philipn},
+ url = {https://medium.com/@philipn/want-to-see-something-crazy-open-this-link-on-your-phone-with-wifi-turned-off-9e0adb00d024},
+ urldate = {2017-10-18},
+ archive = {https://web.archive.org/web/20171018053425/},
+}
+
+@online{krackattacks,
+ title = {Key Reinstallation Attacks},
+ subtitle = {Breaking {WPA2} by forcing nonce reuse},
+ url = {https://www.krackattacks.com/},
+ urldate = {2017-10-18},
+ archive = {https://web.archive.org/web/20171018050741/},
+}