Wednesday, July 31, 2013
Tuesday, July 30, 2013
Who the fuck are these monsters?
Lawsuit Claims Cops Let Police Dog Rip Apart Sleeping Woman’s Leg, Joked That Dog Deserved "A Slurpee!" http://rinf.com/alt-news/breaking-news/lawsuit-claims-cops-let-police-dog-rip-apart-sleeping-womans-leg-joked-that-dog-deserved-a-slurpee/54100/
Robbing the poor so the rich can stay rich
Source: USA Today Depositors at bailed-out Cyprus' largest bank will lose 47.5% of their savings exceeding 100,000 euros ($132,000), the government said Monday. The figure comes four months after Cyprus agreed on a 23 billion-euro ($30.5 billion) rescue package with its euro partners and the International Monetary Fund. In exchange for a 10 billion euro loan, deposits worth more than the insured limit of 100,000 euros at the Bank of Cyprus and smaller lender Laiki were raided in a so-called bail-in to prop up the country's teetering banking sector. The savings raid prompted Cypriot authorities to impose restrictions on money withdrawals and transfers for all banks to head off a run. Christopher Pissarides, the Nobel laureate who heads the government's economic advisory body, forecast Monday that the bank controls could be in place for another two years. "The (economy) has absorbed the initial shock and is moving ahead. We see things improving," he told reporters after talks with Cyprus President Nicos Anastasiades Monday.
Judge fires longtime court employee for providing ...
Refreshing News: Judge fires longtime court employee for providing ...: A Kansas City man freed from prison three decades after being wrongfully convicted of rape considers Sharon Snyder his “angel” for giving ...
Update: Police officers accused of armed robbery released
http://www.myfoxdetroit.com/story/22949343/breaking-news-police#ixzz2aJMSYmc6
Fairy Tales Are Dangerous
In a real world in which you and I must live fairy tales are dangerous dangerous because they are untrue anything which is untrue is dangerous and it is all the more dangerous when the fairy tale is accepted as reality simply because it has an official seal of approval or because 'honorable' men announce you must believe it or because powerful elements of the press tell you the fairy tale is true Jim Garrison http://www.spartacus.schoolnet.co.uk/JFKgarrison.htm
“Just look around in here if you wanna see how bad it is out there,”
http://www.motherjones.com/politics/2012/02/mac-mcclelland-free-online-shipping-warehouses-labor?page=1
Monday, July 29, 2013
The individual with complete control of all his assets is the only truly wealthy person in a kleptocracy.
Correspondent Jeff W. recently posed a deeply insightful question: are we investing or are we really just trying to dodge thieves? This question slices right through the carefully cultivated illusion of trust and prosperity and plunges straight into the heart of our cartel-state financial system. Here are Jeff's initial thoughts on the question: -------------------------------------------------------------------------------- "As we try to preserve capital and earn a return on it, are we investing today or are we really just trying to dodge thieves? First of all I question how much real investing is going on in America today. We continue to lose manufacturing in this country, so in manufacturing, disinvestment is what is going on. People speak of investing in houses, but today’s McMansions, if you look at how they are built, do not qualify as long-term investments. They are built more to allow their owners to participate in a real estate asset bubble rather than to live in and enjoy for generations (which is the purpose houses would be built for in a sane and honest world). Investments in strip malls and big-box stores do not increase the wealth of the nation. When you have enough retailing, it is enough. You don’t need any more. Adding more retail space is malinvestment. A lot of retail space that is being added now will have to close down if The Federal Reserve ever starts tapering in a serious way. So there is reason to suspect that not very much productive investment is really taking place in American at all. Regardless of that, investors still have to dodge the ubiquitous thieves who are swarming all over the landscape. If you leave your money parked in cash, you will lose it to inflation. As you have pointed out, each person experiences a differing inflation rate; for some people, today’s rate could easily be 10%-15%. That’s how much they lose if they stay in cash. If you buy commodities futures, you are at the mercy of the thieves who suppress prices with massive naked shorting. Price manipulation is a form of stealing, and many precious metal investors have been victimized lately by the thieves who do it. If you buy bonds, you are likely buying at the top of a bubble. Running Ponzis in the form of asset bubbles is, of course, another kind of theft. How about stocks? Looking at the disinvestment going on in the U.S., an investor might think that Chinese stocks would be the way to go. That’s where manufacturing is booming. But if an investor were to go that route in recent years, he would also have been burned. I believe that Chinese stocks, like commodity prices, have been manipulated in recent years by the Powers That Be. Does it make sense that Chinese stocks should have lost 40% of their value since 2010 if their economy is growing 8-10% a year? Does it make sense that U.S. stocks should have gone up as they have? The whole investment environment today stinks of price manipulation. So the skill we need today is not traditional investing skill; it is thief-dodging skill. It consists of knowing the thieves’ techniques and whom they are targeting, of knowing the bad neighborhoods to avoid, knowing how to avoid being a target, trying to stay one jump ahead of them as they target new victim groups. These are skills people had back in the Dark Ages, and as we enter a new Dark Ages, these are skills we need again. Millions of middle class Americans are being wiped out by thieves, and millions more will be wiped out as trends continue. But those who can successfully dodge the thieves can continue to maintain some civilized standards as they hope for better days." -------------------------------------------------------------------------------- Thank you, Jeff, for posing a thought-provoking question and commentary. How do we avoid thieves when the financial system itself is theft? The obvious answer is to peel away from the crowd of lemmings running full tilt for the cliff edge of asset bubbles. This requires substituting skepticism for blind faith. Please glance at this chart and ask yourself if this bubble is different and boom will not be followed by bust for the first time in human history: The first step to avoid losing to thieves is avoid being a mark in the thieves' game.To some degree, this may mean absorbing a smaller, known loss (inflation by holding cash) to avoid the thieves' high-risk asset-bubble games where a potential loss of 40% of one's capital is not just possible but the unstated purpose of the game. Another is to remove as many assets as possible from exposure to the thieves' systems. This means withdrawing your capital from Too Big to Fail Banks, pulling capital out of Wall Street, and limiting the amount of cash you hold in any one bank to limit losses from "bail-ins" where your cash is stolen to pay off banking-sector thieves. The cartel-state debtocracy indentures the unwary with debt. Debt is the thieves' poisoned-sugar method of addiction and servitude. The high from debt is like the high from crack cocaine: it seems so "cheap" at first, and then the addiction kicks in and withdrawal becomes impossibly painful. Welcome to the Thieves' Den of Debtocracy. Since the system yokes those with high earned incomes into teams of tax donkeys, one way to minimize one's time on the tax donkey team is to reduce one's earned income, either by working less or by deploying one of the vanishingly few incontestably legal tax shelters open to the lower 99.9% (for example, socking away money for retirement). The cartel-state Den of Thieves will naturally skim and steal what is most easily stolen, which is money and assets held in their own systems (banks, Wall Street, Treasury bonds, etc.). This explains the popularity of the coffee-tin/glass-jar bank in kleptocracies: the cost to the authorities of trying to locate and confiscate millions of coffee-tin banks is prohibitive, and prone to marginal returns. Stealing money from depositors via a "bail-in" is effortless and essentially cost-free to the state, as is requiring all retirement funds be invested in Treasury bonds ("for your own good," of course). No matter how desperate the cartel-state thieves are for more cash, they know that confiscating the serfs' tools and land without the cover of taxes and debt would trigger revolt. So assets that are physical objects or immaterial assets such as human and social capital are beyond the easy reach of the cartel-state thieves. Taxes and debt are the two methods used for wholesale thievery via confiscation.Can't pay your mortgage or property taxes? Oops, your assets, land and home are confiscated. The ideal situation is not have a mortgage or any other debt, as debt is what gives the thieves leverage over you. The only protection against wholesale theft via suddenly higher property taxes is a limit on annual tax increases (a.k.a. Prop 13). Our financial system is structurally a kleptocracy. The less exposure one has to Wall Street and the financial debtocracy, the lower one's exposure to the thieves. It's called opting out, or voluntary poverty. Poverty is of course a relative term. If all one's assets are real-world possessions and immaterial assets such as skills, personal integrity and networks of trusted associates, one is indeed poor in financial assets. But if control of one's assets is the only real measure of wealth, then the individual with complete control of all his assets is the only truly wealthy person in a kleptocracy.
MessiahMews Blogs: Blogger I've Had it With This Piece of Shit Servic...
MessiahMews Blogs: Blogger I've Had it With This Piece of Shit Servic...: As each day, week, month, and years go by, Blogger gets worse and worse. The new dashboard and editing screen has always sucked.
And mor...
And mor...
Sunday, July 28, 2013
Friday, July 19, 2013
The guy who gave the world the cover story about arabs doing flight instruction turns out to be CIA pilot and convicted drug trafficer...
http://www.madcowprod.com/2013/03/28/rudi-dekkers-and-the-american-oligarchy/#more-3394
The agency is all things that lie, steal, drug, and degrade.
Why is this story being censored?
Concerns about adverse health effects from wireless smart meters due to the pulsed microwave radiation that is emitted 24/7 by these meters, up to 190,000 pulses a day - acute effects (insomnia, headaches, nausea, anxiety and depression, fatigue and memory/concentration problems) and chronic effects (including increased risk of cancer, infertility, dementia, immune system dysfunction, damage to fetuses); environmental damage from wireless smart meters - RF radiation affecting bees, plants, trees, birds etc and the inherent energy-inefficiency of wireless technology: cybersecurity problems - leaving homes and communities vulnerable to hacking of their smart meters; privacy issues - concerning the masses of real-time data on energy usage collected by the utility company which gives a detailed picture of family life inside a home with a smart meter, who will have access to that data, and how that data will be used; and the specter of higher bills resulting from smart meters - as has been the experience in Canada where 80% of Smart Meter users complain of higher bills within a year of installation, often more that 50% higher.
TO FIX THIS PROBLEM: AKE A BOX OF ALUMINUM FOIL AND CREATE A SQUARE, 2 LAYERS DEEP, 4X4 FEET AROUND AND DIRECTLY OVER THE LOCATION OF THE METER ON THE OUTSIDE WALL, but on the inside wall... THEN GO OUTSIDE AND WRAP THE METER ON ALL SIDES TWICE WITH FOIL, EXCEPT WHERE THE FRONT IS, SO THEY CAN STILL READ IT. HAT WILL BLOCK 90% OF THE RF COMING INTO THE HOME. AND IT ONLY COSTS A FEW BUCKS.
What you are doing is creating a faraday shield and foil (which is being scheduled by congress to be banned, btw) is perfect for blocking these meters, blinding cell phones, shielding your cards in your wallet, etc. Get ye to it at once.
They hate that you are blocking the cancer machine. But you have that right to protect yourself and your family. Do it while you can.
Let's face it. They are trying every vector to kill us all off. Chemtrails, fluoride in the water, Fukushima, frankenfood, dumber meters, cell phone towers. They want us dead, dead, dead. Fight back. Any way you legally can.
TO FIX THIS PROBLEM: AKE A BOX OF ALUMINUM FOIL AND CREATE A SQUARE, 2 LAYERS DEEP, 4X4 FEET AROUND AND DIRECTLY OVER THE LOCATION OF THE METER ON THE OUTSIDE WALL, but on the inside wall... THEN GO OUTSIDE AND WRAP THE METER ON ALL SIDES TWICE WITH FOIL, EXCEPT WHERE THE FRONT IS, SO THEY CAN STILL READ IT. HAT WILL BLOCK 90% OF THE RF COMING INTO THE HOME. AND IT ONLY COSTS A FEW BUCKS.
What you are doing is creating a faraday shield and foil (which is being scheduled by congress to be banned, btw) is perfect for blocking these meters, blinding cell phones, shielding your cards in your wallet, etc. Get ye to it at once.
They hate that you are blocking the cancer machine. But you have that right to protect yourself and your family. Do it while you can.
Let's face it. They are trying every vector to kill us all off. Chemtrails, fluoride in the water, Fukushima, frankenfood, dumber meters, cell phone towers. They want us dead, dead, dead. Fight back. Any way you legally can.
License plate data not just for cops: Private comp...
Refreshing News: License plate data not just for cops: Private comp...: License plate recognition technology developed for law enforcement and embraced by the auto repossession industry is being opened to wider...
AZ Student Sues School For Suspension For Daring T...
Wake up America: AZ Student Sues School For Suspension For Daring T...: By Susan Duclos A Pima Community Collegein Arizona is being sued by student , Terri Bennett, for allegedly labeling her a “bigot” and pun...
Detroit Files bankruptcy
This is by design. They need to kill off all those pensions, so the middle class in Michigan has no future, ever.
And know this. It won't end here. One after another, cities will do this to kill off their middle class residents. It's not enough to move all our factories overseas and keep wages at the worst of slum levels. They HAVE TO kill off all those pensioners, too. TO do that, they have to BK the city, and - like Hostess and the twinkie thing - get rid of the unions and destroy pensions. Several cities have been doing this for the last five years, but Detroit is the biggest so far. The cops can scam only such much dough in fees and tickets, but that's all.
That's what this is about. It's the point.
They are murdering America and this is how its done. With money.
The middle class has been slowly dying since Bush I. It's in ICU now and the priests are administering last rights.
And know this. It won't end here. One after another, cities will do this to kill off their middle class residents. It's not enough to move all our factories overseas and keep wages at the worst of slum levels. They HAVE TO kill off all those pensioners, too. TO do that, they have to BK the city, and - like Hostess and the twinkie thing - get rid of the unions and destroy pensions. Several cities have been doing this for the last five years, but Detroit is the biggest so far. The cops can scam only such much dough in fees and tickets, but that's all.
That's what this is about. It's the point.
They are murdering America and this is how its done. With money.
The middle class has been slowly dying since Bush I. It's in ICU now and the priests are administering last rights.
Understand this about the stock market: High Frequency Trading and Algorythms run the whole thing now...
And if you're not in the game, you are outside of it and you CAN piggy back, but the real money is made in moments on buy and sell orders on very brief minor upticks and downs. That's how they do it. The old way of going long, shorts, and all that is passe.
It has been almost 2 years since FINRA started to get 'serious' about thinking about looking into an investigation of (get our point) high-frequency trading and dark pools but it seems, as the WSJ reports, this time they are more specific. In Sept 2011 FINRA noted "there's something that's troubling us in the marketplace," and it seems now that FINRA has spent the time since understanding the jargon they have some questions, "who is responsible for the automatic shut off or kill switch," asking firms how they avoid "quote bursts and stuffing" that create confusion for other investors and potentially distort the market, and approving a plan to force dark pools (15% of all stock trading) to disclose and detail trading activity on their platforms. Of course, we've seen this kind of bluster before and they did nothing then but hope springs eternal.
Via WSJ,
Regulators are ratcheting up their focus on the complex computer systems deployed by high-frequency trading firms, with an eye on whether the systems have adequate safeguards against chaotic trading that can destabilize markets and harm investor confidence.
The Financial Industry Regulatory Authority is conducting a probe of high-speed firms' trading algorithms - the computer formulas that juggle the firms' rapid-fire trades - and the controls surrounding their trading technology, according to an examination letter sent to about 10 firms this week and reviewed by The Wall Street Journal.
The widening look at high-speed algorithms was sparked by Finra's recent investigations of high-speed trading mishaps,
Finra is asking questions about how firms handle malfunctions, including whether they use so-called kill switches that automatically stop trading as well as "who is responsible for the automatic shut off or kill switch." It is also asking for instances of algorithm malfunctions "which had a material impact to the Firm or any instances in which the algorithm's malfunction caused a market disruption."
Another focus is on malfunctioning algorithms, known as "algos gone wild," that can jam exchanges with multiple buy and sell orders. This so-called "quote stuffing" can create confusion for other investors and potentially distort the market. Finra asks about what type of risk controls are built into algorithms designed to prevent "quote stuffing and quote bursts."
Finra is also increasing its scrutiny of "dark pools," private trading venues, frequently operated by sophisticated computer systems that don't disclose investors' buy and sell orders. Last week, the regulator approved a plan to require dark pools to disclose and detail trading activity on their platforms, a move that would give it the clearest view yet into the private markets that account for about 15% of all stock trading, triple the total five years ago
However, in light of ever-decreasing volumes of real traders, ever-increasing dependence of Fed liquidity and asset price divergence from any fundamental reality, perhaps it is the unintended consequence of a regulator getting serious that removes one of the only legs left in the bull market's stool - the low-volume momentum ignition-driven algo-based melt-up.
It has been almost 2 years since FINRA started to get 'serious' about thinking about looking into an investigation of (get our point) high-frequency trading and dark pools but it seems, as the WSJ reports, this time they are more specific. In Sept 2011 FINRA noted "there's something that's troubling us in the marketplace," and it seems now that FINRA has spent the time since understanding the jargon they have some questions, "who is responsible for the automatic shut off or kill switch," asking firms how they avoid "quote bursts and stuffing" that create confusion for other investors and potentially distort the market, and approving a plan to force dark pools (15% of all stock trading) to disclose and detail trading activity on their platforms. Of course, we've seen this kind of bluster before and they did nothing then but hope springs eternal.
Via WSJ,
Regulators are ratcheting up their focus on the complex computer systems deployed by high-frequency trading firms, with an eye on whether the systems have adequate safeguards against chaotic trading that can destabilize markets and harm investor confidence.
The Financial Industry Regulatory Authority is conducting a probe of high-speed firms' trading algorithms - the computer formulas that juggle the firms' rapid-fire trades - and the controls surrounding their trading technology, according to an examination letter sent to about 10 firms this week and reviewed by The Wall Street Journal.
The widening look at high-speed algorithms was sparked by Finra's recent investigations of high-speed trading mishaps,
Finra is asking questions about how firms handle malfunctions, including whether they use so-called kill switches that automatically stop trading as well as "who is responsible for the automatic shut off or kill switch." It is also asking for instances of algorithm malfunctions "which had a material impact to the Firm or any instances in which the algorithm's malfunction caused a market disruption."
Another focus is on malfunctioning algorithms, known as "algos gone wild," that can jam exchanges with multiple buy and sell orders. This so-called "quote stuffing" can create confusion for other investors and potentially distort the market. Finra asks about what type of risk controls are built into algorithms designed to prevent "quote stuffing and quote bursts."
Finra is also increasing its scrutiny of "dark pools," private trading venues, frequently operated by sophisticated computer systems that don't disclose investors' buy and sell orders. Last week, the regulator approved a plan to require dark pools to disclose and detail trading activity on their platforms, a move that would give it the clearest view yet into the private markets that account for about 15% of all stock trading, triple the total five years ago
However, in light of ever-decreasing volumes of real traders, ever-increasing dependence of Fed liquidity and asset price divergence from any fundamental reality, perhaps it is the unintended consequence of a regulator getting serious that removes one of the only legs left in the bull market's stool - the low-volume momentum ignition-driven algo-based melt-up.
Thursday, July 18, 2013
Death chips in appliances, Cellphones, Electronic anything fix the problem of lagging sales due to dead economy
Give us all your money or we will kill your car |
That's why they added a digital anything to everything. The death chip dies after a set time. so many uses; so many turn ons; so many days... Then it dies, after giving vague failure warnings to the consumer.
It's called planned obsolescence.
It forces the consumer to upgrade, especially after warrany expiration. So what if you cannot afford a new dishwasher or coffee pot. Get one, cuz the old one is now DOA. And by old, I mean about 14 months.
You see boys and girls, several years ago, an electrical engineer discovered the death chip in a Hewlett Packard printer. His printer quit and he took it apart to fix it. Nothing was wrong. Then he found the chip, developed a software patch to disable it and his printer worked fine from then on. Further investigation revealed DEATH CHIPS in nearly ALL modern products; each set to their own death cycles.
But hey, go ahead and get that new smarphone. Comes complete with 24 hour surveillance by local and federal law enforcement on where you go, what you say, who you see and what you do. And you pay for it. The microphone is always on, as is the video, and always sending back to black servers off-shore and in Virginia. Oh, and with Finspy, even local sheriffs can use your phone to spy on you and they don't go to jail. But, wow, you are sooo cool with that new Iphone and hip; you gotta be like all your network friends and get in on the spy game loop, right? Sure you do. A good citizen always surrenders their intimate moments with steroid jacked thugs so they can feel all powerful.
CURRENT Fukushima radiation map as measured by satellites (summer 2013)
" On July 5, radiation levels at Fukushima were what passes for "normal," which means elevated and dangerous, but stable, according to measurements by the owner, the Tokyo Electric Power Company (TEPCO). " On July 8, radiation levels had jumped about 90 times higher, as typically reported. TEPCO had no explanation for the increase. " On July 9, radiation levels were up again from the previous day, but at a slower rate, about 22 per cent. TEPCO still had no explanation. " On July 10, Japan's Nuclear Regulation Authority (NRA) issued a statement saying that the NRA strongly suspects the radioactive water is coming from Fukushima's Reactor #1 and is going into the Pacific.
Be sure to breath deeply and get your cesium, strontium, iodine, and plutonium jolt so Big Pharma and Big Med can make a fortune off your cancer.
FUKUSHIMA (fuck-oo-sheema) |
Be sure to breath deeply and get your cesium, strontium, iodine, and plutonium jolt so Big Pharma and Big Med can make a fortune off your cancer.
where there is steam, there is....
http://www.zerohedge.com/news/2013-07-18/steam-rising-again-fukushima-reactor ....population reduction http://www.zerohedge.com/news/2013-07-18/steam-rising-again-fukushima-reactor
where there is steam, there is....
....population reduction http://www.zerohedge.com/news/2013-07-18/steam-rising-again-fukushima-reactor
Wednesday, July 17, 2013
Curing Hypothyroidism
Juicing and Raw Foods: Curing Hypothyroidism: It is estimated that around 10 million Americans suffer from hypothyroidism, with it most often striking women. It is a condition whereby t...
Tuesday, July 16, 2013
The new owners of Hostess have leaner operating costs now that they're no longer using unionized workers.
Now we understand why they killed the company then brought it back. To get rid of people earning a LIVING WAGE and replacing them with slave-wages. Shut the company down; fire everybody; restart company; keep union out. Bingo. You are making more money than ever and the same workers now have to contend with wages that cannot ever support a minimal life, EVER. And this is how it is done these days.
Monday, July 15, 2013
A form of of malware exists that could enable government agencies and others to use your own mobile devices to spy on you. The malware is called Finfisher or FinSpy, and it is actually marketed to law enforcement and intelligent agencies by a shadowy company called Gamma International.
Gamma markets Finfisher as an “IT intrusion” software; that’s a polite term for hacking. The scary thing about Finfisher is that a variant of it called FinSpy can actually take over smartphones, including both iPhones and phones running Windows Mobile. Marketing Video for Government Hacking A Gamma Group marketing video first uncovered by WikiLeaks and now dug up here on Storyleak shows an agent using a package of tools called the FinIntrusion Kit to use Wi-Fi to hack into email, social media, and other accounts. This relays all the information from the accounts, including Skype, to an operative at a police headquarters. The operative can also download all of the target’s files into a police computer. The video also indicates that Gamma Group offers training for police in these techniques. The most frightening part of the video is the FinSpy Mobile product overview. The video shows that FinSpy Mobile can be used to take over a BlackBerry smart phone and relay all of the information from it back to headquarters. http://www.storyleak.com/finfisher-malware-can-spy-on-you-smartphone/#ixzz2Z8dFRWjK
Sunday, July 14, 2013
Teenagers poured gasoline on boy walking home from school and set him on fire
http://www.nydailynews.com/teenagers-poured-gasoline-boy-walking-home-school-set-fire-cops-article-1.1033062
Thursday, July 11, 2013
Wednesday, July 10, 2013
Monday, July 8, 2013
TSA Conducted Pat Downs On Family Members of Plane Crash Victims on San Francisco flight that crashed on 7-6-13 (you can't get the bodies until we strip search you!)
These people are not flying on planes. In fact, they are there to get their family that survived or make funeral arrangements. They were, however, treated as terrorists upon arriving and eye-witnesses were physically prevented by cops from speaking to anyone, especially the press.
Why Not The NIV Bible?
The NIV Bible is riddled with errors and in my opinion, some of them are deliberate. Let’s document that.
One example brings us to Isaiah 14:12.
KJV – “How art thou fallen from heaven, O Lucifer, son of the morning! how art thou cut down to the ground, which didst weaken the nations!” – Isaiah 14:12
NIV – “How you have fallen from heaven, morning star, son of the dawn! You have been cast down to the earth, you who once laid low the nations!” – Isaiah 14:12
Notice, in the KJV Bible it is very specific with whom we are talking about, “Lucifer”. Satan and Christ are both known as the "Morning Star" so why remove the word “Lucifer” when it makes it abundantly clear who we are discussing?
Let us look at one more example. This time we are going to look at Ezekiel 13:16-20.
In the KJV, God says He is against those daughters who are false prophets, who teach the people to fly to save their souls.
In the NIV, this has been changed to capturing birds. A tremendous difference that alters the meaning of the topic at hand (I encourage the reader to cover the entire chapter to get the context).
http://brandontward.blogspot.com/2013/05/why-we-use-king-james-bible.html
One example brings us to Isaiah 14:12.
KJV – “How art thou fallen from heaven, O Lucifer, son of the morning! how art thou cut down to the ground, which didst weaken the nations!” – Isaiah 14:12
NIV – “How you have fallen from heaven, morning star, son of the dawn! You have been cast down to the earth, you who once laid low the nations!” – Isaiah 14:12
Notice, in the KJV Bible it is very specific with whom we are talking about, “Lucifer”. Satan and Christ are both known as the "Morning Star" so why remove the word “Lucifer” when it makes it abundantly clear who we are discussing?
Let us look at one more example. This time we are going to look at Ezekiel 13:16-20.
In the KJV, God says He is against those daughters who are false prophets, who teach the people to fly to save their souls.
In the NIV, this has been changed to capturing birds. A tremendous difference that alters the meaning of the topic at hand (I encourage the reader to cover the entire chapter to get the context).
http://brandontward.blogspot.com/2013/05/why-we-use-king-james-bible.html
850 Laid Off from Chicago School System, 3,783 in ...
News Forage: 850 Laid Off from Chicago School System, 3,783 in ...: Build a Prison Close a School: 54 schools closed in Chicago (88% black), 23 closed in Philadelphia (81% black), 26 in New York (60% bla...
Sunday, July 7, 2013
Saturday, July 6, 2013
Friday, July 5, 2013
No Manufacturing Jobs But More Waiters And Bartenders Than Ever
I used to make a living wage, but now can I take your order? BTW, they pay me less than minimum wage, so in essence, I live on the tips - of which the restaraunt gets 25% off the top...or I'm fired. |
http://www.zerohedge.com/news/2013-07-05/no-manufacturing-jobs-more-waiters-and-bartenders-ever
A Massachusetts police force is pressing criminal ...
Refreshing News: A Massachusetts police force is pressing criminal ...: Joshua Garcia, 8, survived a car crash into a river, swam ashore, walked a mile barefoot to his home, woke up his mother and asked her to...
What they fear: non-cooperation in their fascist reality
A reader comments:
As I drove around yesterday while I worked my mind tried to wrap itself around just how bad things have gotten. For example, the people on the radio reminded me how every holiday has become an excuse to glorify the military rather than just keeping it to Memorial Day. Then I went around a bend and saw several Officer Fascists doing their protect and serve (aka harass and fine) routine.
Further in my travels I saw a Harley gathering and it made me think. Which is the thing you would least like to see behind you when driving because it has the greatest chance of a negative outcome?
1. A very old person who can barely see over the wheel (Been drivin' a fore you were born, boy.)
2. A crusty motorcycle gang (they want to be left alone)
3. A teen girl talking on her cellphone (she's not watching the road)
4. Officer Fascist (bring me a victim...preferably someone young and weak)
I concluded that of those choices, Officer Fascist has the greatest potential to ruin my day if he's behind me while I'm driving.
-------------------------
(Related: Gandhi on Tolstoy)
To Gandhi, Johannesburg, Transvaal, South Africa.
KOCHETY. 7th September 1910.
I received your journal, Indian Opinion, and was glad to see what it says of those who renounce all resistance by force, and I immediately felt a wish to let you know what thoughts its perusal aroused in me.
The longer I live-especially now when I clearly feel the approach of death-the more I feel moved to express what I feel more strongly than anything else, and what in my opinion is of immense importance, namely, what we call the renunciation of all opposition by force, which really simply means the doctrine of the law of love unperverted by sophistries. Love, or in other words the striving of men's souls towards unity and the submissive behaviour to one another that results therefrom, represents the highest and indeed the only law of life, as every man knows and feels in the depths of his heart (and as we see most clearly in children), and knows until he becomes involved in the lying net of worldly thoughts. This law was announced by all the philosophies- Indian as well as Chinese, and Jewish, Greek and Roman. Most clearly, I think, was it announced by Christ, who said explicitly that on it hang all the Law and the Prophets. More than that, foreseeing the distortion that has hindered its recognition and may always hinder it, he specially indicated the danger of a misrepresentation that presents itself to men living by worldly interests- namely, that they may claim a right to defend their interests by force or, as he expressed it, to repay blow by blow and recover stolen property by force, etc., etc. He knew, as all reasonable men must do, that any employment of force is incompatible with love as the highest law of life, and that as soon as the use of force appears permissible even in a single case, the law itself is immediately negatived. The whole of Christian civilization, outwardly so splendid, has grown up on this strange and flagrant- partly intentional but chiefly unconscious-misunderstanding and contradiction. At bottom, however, the law of love is, and can be, no longer valid if defence by force is set up beside it. And if once the law of love is not valid, then there remains no law except the right of might. In that state Christendom has lived for 1,900 years. Certainly men have always let themselves be guided by force as the main principle of their social order. The difference between the Christian and all other nations is only this: that in Christianity the law of love had been more clearly and definitely given than in any other religion, and that its adherents solemnly recognized it. Yet despite this they deemed the use of force to be permissible, and based their lives on violence - so that the life of the Christian nations presents a greater contradiction between what they believe and the principle on which their lives are built: a contradiction between love which should pre scribe the law of conduct, and the employment of force, recognized under various forms-such as governments, courts of justice, and armies, which are accepted as necessary and esteemed. This contradiction increased with the development of the spiritual life of Christianity and in recent years has reached the utmost tension.
The question now is, that we must choose one of two things-either to admit that we recognize no religious ethics at all but let our conduct of life be decided by the right of might; or to demand that all compulsory levying of taxes be discontinued, and all our legal and police institutions, and above all, military institutions, be abolished.
This spring, at a scripture examination in a Moscow girls' school, first their religious teacher and then an archbishop who was also present, questioned the girls on the ten commandments, especially on the sixth. After the commandments had been correctly recited the archbishop sometimes put a question, usually: 'Is it always and in every case forbidden by the law of God to kill?' And the unfortunate girls, misled by their instructor, had to answer and did answer: 'Not always, for it is permissible in war and at executions.' When, however, this customary additional question-whether it is always a sin to kill-was put to one of these unfortunate creatures (what I am telling you is not an anecdote, but actually happened and was told me by an eyewitness) the girl colored up and answered decidedly and with emotion - 'Always!' And despite all the customary sophistries of the archbishop, she held steadfastly to it-that to kill is under all circumstances forbidden even in the Old Testament, and that Christ has not only forbidden us to kill, but in general to do any harm to our neighbor. The archbishop, for all his majesty and verbal dexterity, was silenced, and victory remained with the girl.
Yes, we may write in the papers of our progress in mastery of the air, of complicated diplomatic relation, of various clubs, of discoveries, of all sorts of alliances, and of so-called works of art, and we can pass lightly over what that girl said. But we cannot completely silence her, for every Christian feels the same, however vaguely he may do so. Socialism, Communism, Anarchism' Salvation Armies, the growth of crime, freedom from toil, the increasingly absurd luxury of the rich and increased misery of the poor, the fearfully rising number of suicides-are all indications of that inner contradiction which must and will be resolved. And, of course, resolved in such a manner that the law of love will be recognized and all reliance on force abandoned. Your work in the Transvaal, which to us seems to be at the end of the earth, is yet in the centre of our interest and supplies the most weighty practical proof, in which the world can now share, and not only the Christian but all the peoples of the world can participate.
I think it will please you to hear that here in Russia, too, a similar movement is rapidly attracting attention, and refusals of military service increase year by year. However small as yet is with you the number of those who renounce all resistance by force, and with us the number of men who refuse any military service-both the one and the other can say: God is with us, and God is mightier than man.
In the confession of Christianity-even a Christianity deformed as is that taught among us-and a simultaneous belief in the necessity of armies and preparations to slaughter on an ever-increasing scale, there is an obvious contradiction that cries to heaven, and that sooner or later, but probably quite soon, must appear in the light of day in its complete nakedness. That, however, will either annihilate the Christian religion, which is indispensable for the maintenance of the State, or it will sweep away the military and all the use of force bound up with it-which the State needs no less. All governments are aware of this contradiction, your British as much as our Russian, and therefore its recognition will be more energetically opposed by the governments than any other activity inimical to the State, as we in Russia have experienced and as is shown by the articles in your magazine. The governments know from what direction the greatest danger threatens them, and are on guard with watchful eyes not merely to preserve their interests but actually to fight for their very existence.
Yours etc., LEO TOLSTOY.
Thursday, July 4, 2013
Abortion by witchcraft
Some time in the 1950′s, Bishop Fulton J. Sheen was sitting on an airplane and the woman next to him refused a meal by the stewardess. He asked her if she was a Catholic who was fasting because it was Friday, and she said that she was actually a satanist who was fasting because they wanted more abortions.
http://www.theblaze.com/stories/2013/07/02/watch-abortion-supporters-chant-hail-satan-while-pro-life-activists-sing-amazing-grace-outside-texas-capitol/
The coven arrives shouting "Hail Satan!" |
http://www.theblaze.com/stories/2013/07/02/watch-abortion-supporters-chant-hail-satan-while-pro-life-activists-sing-amazing-grace-outside-texas-capitol/
Uncovering Android Master Key That Makes 99% of Devices Vulnerable
Written By Jeff Forristal, Bluebox CTO
The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.
While the risk to the individual and the enterprise is great (a malicious app can access individual data, or gain entry into an enterprise), this risk is compounded when you consider applications developed by the device manufacturers (e.g. HTC, Samsung, Motorola, LG) or third-parties that work in cooperation with the device manufacturer (e.g. Cisco with AnyConnect VPN) – that are granted special elevated privileges within Android – specifically System UID access.
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
How it works:
The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature.
All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn’t been tampered with or modified. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.
Details of Android security bug 8219321 were responsibly disclosed through Bluebox Security’s close relationship with Google in February 2013. It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates). The availability of these updates will widely vary depending upon the manufacturer and model in question.
The screenshot below demonstrates that Bluebox Security has been able to modify an Android device manufacturer’s application to the level that we now have access to any (and all) permissions on the device. In this case, we have modified the system-level software information about this device to include the name “Bluebox” in the Baseband Version string (a value normally controlled & configured by the system firmware).
How to get more details:
Technical details of the issue, and related tools/material, will be released as part of my Black Hat USA 2013 talk. During the talk, I will review the bug, including how it was found, and how it works. After the talk, we will post a follow-up post to our blog with a link to materials from the talk and you can track this information via @BlueboxSec
Recommendations
Device owners should be extra cautious in identifying the publisher of the app they want to download.
http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/
The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.
While the risk to the individual and the enterprise is great (a malicious app can access individual data, or gain entry into an enterprise), this risk is compounded when you consider applications developed by the device manufacturers (e.g. HTC, Samsung, Motorola, LG) or third-parties that work in cooperation with the device manufacturer (e.g. Cisco with AnyConnect VPN) – that are granted special elevated privileges within Android – specifically System UID access.
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
How it works:
The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature.
All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn’t been tampered with or modified. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.
Details of Android security bug 8219321 were responsibly disclosed through Bluebox Security’s close relationship with Google in February 2013. It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates). The availability of these updates will widely vary depending upon the manufacturer and model in question.
The screenshot below demonstrates that Bluebox Security has been able to modify an Android device manufacturer’s application to the level that we now have access to any (and all) permissions on the device. In this case, we have modified the system-level software information about this device to include the name “Bluebox” in the Baseband Version string (a value normally controlled & configured by the system firmware).
How to get more details:
Technical details of the issue, and related tools/material, will be released as part of my Black Hat USA 2013 talk. During the talk, I will review the bug, including how it was found, and how it works. After the talk, we will post a follow-up post to our blog with a link to materials from the talk and you can track this information via @BlueboxSec
Recommendations
Device owners should be extra cautious in identifying the publisher of the app they want to download.
http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/
Wednesday, July 3, 2013
How algorithms rule the world
How algorithms rule the world - The Hindu
On August 4, 2005, the police department of Memphis, Tennessee, made so many arrests over a three-hour period that it ran out of vehicles to transport the detainees to jail. Three days later, 1,200 people had been arrested across the city — a new police department record. Operation Blue Crush was hailed a huge success.
Larry Godwin, the city’s new police director, quickly rolled out the scheme and by 2011 crime across the city had fallen by 24 per cent. When it was revealed Blue Crush faced budget cuts earlier this year, there was public outcry. “Crush” policing is now perceived to be so successful that it has reportedly been mimicked across the globe, including in countries such as Poland and Israel. In 2010, it was reported that two police forces in the U.K. were using it, but their identities were not revealed.
Crush stands for “Criminal Reduction Utilising Statistical History”. Translated, it means predictive policing. Or, more accurately, police officers guided by algorithms. A team of criminologists and data scientists at the University of Memphis first developed the technique using IBM predictive analytics software. Put simply, they compiled crime statistics from across the city over time and overlaid it with other datasets - social housing maps, outside temperatures etc — then instructed algorithms to search for correlations in the data to identify crime “hot spots”. The police then flooded those areas with highly targeted patrols.
“It’s putting the right people in the right places on the right day at the right time,” said Dr. Richard Janikowski, an associate professor in the department of criminology and criminal justice at the University of Memphis, when the scheme launched. But not everyone is comfortable with the idea. Some critics have dubbed it “Minority Report” policing, in reference to the sci-fi film in which psychics are used to guide a “PreCrime” police unit.
The use of algorithms in policing is one example of their increasing influence on our lives. And, as their ubiquity spreads, so too does the debate around whether we should allow ourselves to become so reliant on them — and who, if anyone, is policing their use. Such concerns were sharpened further by the continuing revelations about how the U.S. National Security Agency (NSA) has been using algorithms to help it interpret the colossal amounts of data it has collected from its covert dragnet of international telecommunications.
“For datasets the size of those the NSA collect, using algorithms is the only way to operate for certain tasks,” says James Ball, the Guardian’s data editor and part of the paper’s NSA Files reporting team. “The problem is how the rules are set: it’s impossible to do this perfectly. If you’re, say, looking for terrorists, you’re looking for something very rare. Set your rules too tight and you’ll miss lots of, probably most, potential terror suspects. But set them more broadly and you’ll drag lots of entirely blameless people into your dragnet, who will then face further intrusion or even formal investigation. We don’t know exactly how the NSA or GCHQ use algorithms — or how extensively they’re applied. But we do know they use them, including on the huge data trawls revealed in the Guardian.”
From dating websites and City trading floors, through to online retailing and internet searches (Google’s search algorithm is now a more closely guarded commercial secret than the recipe for Coca-Cola), algorithms are increasingly determining our collective futures. “Bank approvals, store cards, job matches and more all run on similar principles,” says Mr. Ball. “The algorithm is the god from the machine powering them all, for good or ill.”
But what is an algorithm? Dr. Panos Parpas, a lecturer in the quantitative analysis and decision science (“quads”) section of the department of computing at Imperial College London, says that wherever we use computers, we rely on algorithms: “There are lots of types, but algorithms, explained simply, follow a series of instructions to solve a problem. It’s a bit like how a recipe helps you to bake a cake. Instead of having generic flour or a generic oven temperature, the algorithm will try a range of variations to produce the best cake possible from the options and permutations available.”
Dr. Parpas stresses that algorithms are not a new phenomenon: “They’ve been used for decades — back to Alan Turing and the codebreakers, and beyond - but the current interest in them is due to the vast amounts of data now being generated and the need to process and understand it. They are now integrated into our lives. On the one hand, they are good because they free up our time and do mundane processes on our behalf. The questions being raised about algorithms at the moment are not about algorithms per se, but about the way society is structured with regard to data use and data privacy. It’s also about how models are being used to predict the future. There is currently an awkward marriage between data and algorithms. As technology evolves, there will be mistakes, but it is important to remember they are just a tool. We shouldn’t blame our tools.”
The “mistakes” Dr. Parpas refers to are events such as the “flash crash” of May 6, 2010, when the Dow Jones industrial average fell 1,000 points in just a few minutes, only to see the market regain itself 20 minutes later. The reasons for the sudden plummet has never been fully explained, but most financial observers blame a “race to the bottom” by the competing quantitative trading (quants) algorithms widely used to perform high-frequency trading. Scott Patterson, a Wall Street Journal reporter and author of The Quants, likens the use of algorithms on trading floors to flying a plane on autopilot. The vast majority of trades these days are performed by algorithms, but when things go wrong, as happened during the flash crash, humans can intervene.
“By far the most complicated algorithms are to be found in science, where they are used to design new drugs or model the climate,” says Dr. Parpas. “But they are done within a controlled environment with clean data. It is easy to see if there is a bug in the algorithm. The difficulties come when they are used in the social sciences and financial trading, where there is less understanding of what the model and output should be, and where they are operating in a more dynamic environment. Scientists will take years to validate their algorithm, whereas a trader has just days to do so in a volatile environment.”
Most investment banks now have a team of computer science PhDs coding algorithms, says Dr. Parpas, who used to work on such a team. “With City trading, everyone is running very similar algorithms,” he says. “They all follow each other, meaning you get results such as the flash crash. They use them to speed up the process and to break up big trades to disguise them from competitors when a big investment is being made. They will run new algorithms for a few days to test them before letting them loose with real money. In currency trading, an algorithm lasts for about two weeks before it is surpassed by a new one. In equities, which is a less complicated market, they will run for a few months before a new one replaces them. It takes a day or two to write a currency algorithm. It’s hard to find out information about them because, for understandable reasons, they don’t like to advertise when they are successful. Goldman Sachs, though, has a strong reputation for having a brilliant team of algorithm scientists. PhD students in this field will usually be employed within a few months by an investment bank.”
How algorithms interpret “our” data?
The idea that the world’s financial markets — and, hence, the wellbeing of our pensions, shareholdings, savings etc — are now largely determined by algorithmic vagaries is unsettling enough for some. But, as the NSA revelations exposed, the bigger questions surrounding algorithms centre on governance and privacy. How are they being used to access and interpret “our” data? And by whom? Dr. Ian Brown, the associate director of Oxford University’s Cyber Security Centre, says we all urgently need to consider the implications of allowing commercial interests and governments to use algorithms to analyse our habits: “Most of us assume that ‘big data’ is munificent. The laws in the U.S. and U.K. say that much of this [the NSA revelations] is allowed, it’s just that most people don’t realise yet. But there is a big question about oversight. We now spend so much of our time online that we are creating huge data-mining opportunities.” Dr. Brown says that algorithms are now programmed to look for “indirect, non-obvious” correlations in data.
“For example, in the U.S., healthcare companies can now make assessments about a good or bad insurance risk based, in part, on the distance you commute to work,” he says. “They will identity the low-risk people and market their policies at them. Over time, this creates or exacerbates societal divides. Professor Oscar Gandy, at the University of Pennsylvania, has done research into ‘secondary racial discrimination’, whereby credit and health insurance, which relies greatly on postcodes, can discriminate against racial groups because they happen to live very close to other racial groups that score badly.”
Dr. Brown harbours similar concerns over the use of algorithms to aid policing, as seen in Memphis where Crush’s algorithms have reportedly linked some racial groups to particular crimes: “If you have a group that is disproportionately stopped by the police, such tactics could just magnify the perception they have of being targeted.”
Viktor Mayer-Schonberger, professor of internet governance and regulation at the Oxford Internet Institute, also warns against humans seeing causation when an algorithm identifies a correlation in vast swaths of data. “This transformation presents an entirely new menace: penalties based on propensities,” he writes in his new book, Big Data: A Revolution That Will Transform How We Live, Work and Think, which is co-authored by Kenneth Cukier, the Economist’s data editor. “That is the possibility of using big-data predictions about people to judge and punish them even before they’ve acted. Doing this negates ideas of fairness, justice and free will. In addition to privacy and propensity, there is a third danger. We risk falling victim to a dictatorship of data, whereby we fetishise the information, the output of our analyses, and end up misusing it. Handled responsibly, big data is a useful tool of rational decision-making. Wielded unwisely, it can become an instrument of the powerful, who may turn it into a source of repression, either by simply frustrating customers and employees or, worse, by harming citizens.”
Two real-life scenarios
Prof. Mayer-Schonberger presents two very different real-life scenarios to illustrate how algorithms are being used. First, he explains how the analytics team working for U.S. retailer Target can now calculate whether a woman is pregnant and, if so, when she is due to give birth: “They noticed that these women bought lots of unscented lotion at around the third month of pregnancy, and that a few weeks later they tended to purchase supplements such as magnesium, calcium and zinc. The team ultimately uncovered around two dozen products that, used as proxies, enabled the company to calculate a ‘pregnancy prediction’ score for every customer who paid with a credit card or used a loyalty card or mailed coupons. The correlations even let the retailer estimate the due date within a narrow range, so it could send relevant coupons for each stage of the pregnancy.”
Harmless targeting, some might argue. But what happens, as has already reportedly occurred, when a father is mistakenly sent nappy discount vouchers instead of his teenage daughter whom a retailer has identified is pregnant before her own father knows? Prof. Mayer-Schonberger’s second example throws up even more potential dilemmas and pitfalls: “Parole boards in more than half of all US states use predictions founded on data analysis as a factor in deciding whether to release somebody from prison or to keep him incarcerated.”
Christopher Steiner, author of Automate This: How Algorithms Came to Rule Our World, has identified a wide range of instances where algorithms are being used to provide predictive insights — often within the creative industries. In his book, he tells the story of a website developer called Mike McCready, who has developed an algorithm to analyse and rate hit records. Using a technique called advanced spectral de-convolution, the algorithm breaks up each hit song into its component parts — melody, tempo, chord progression and so on — and then uses that to determine common characteristics across a range of No 1 records. Mr. McCready’s algorithm correctly predicted — before they were even released - that the debut albums by both Norah Jones and Maroon 5 contained a disproportionately high number of hit records.
The next logical step — for profit-seeking record companies, perhaps — is to use algorithms to replace the human songwriter. But is that really an attractive proposition? “Algorithms are not yet writing pop music,” says Steiner. He pauses, then laughs. “Not that we know of, anyway. If I were a record company executive or pop artist, I wouldn’t tell anyone if I’d had a number one written by an algorithm.” Mr. Steiner argues that we should not automatically see algorithms as a malign influence on our lives, but we should debate their ubiquity and their wide range of uses. “We’re already halfway towards a world where algorithms run nearly everything. As their power intensifies, wealth will concentrate towards them. They will ensure the 1 per cent-99 per cent divide gets larger. If you’re not part of the class attached to algorithms, then you will struggle. The reason why there is no popular outrage about Wall Street being run by algorithms is because most people don’t yet know or understand it.”
But Mr. Steiner says we should welcome their use when they are used appropriately to aid and speed our lives. “Retail algorithms don’t scare me,” he says. “I find it useful when Amazon tells me what I might like. In the U.S., we know we will not have enough GP doctors in 15 years, as not enough are being trained. But algorithms can replace many of their tasks. Pharmacists are already seeing some of their prescribing tasks replaced by algorithms. Algorithms might actually start to create new, mundane jobs for humans. For example, algorithms will still need a human to collect blood and urine samples for them to analyse.” There can be a fine line, though, between “good” and “bad” algorithms, he adds: “I don’t find the NSA revelations particularly scary.
At the moment, they just hold the data. Even the best data scientists would struggle to know what to do with all that data. But it’s the next step that we need to keep an eye on. They could really screw up someone’s life with a false prediction about what they might be up to.” — © Guardian News & Media 2013
On August 4, 2005, the police department of Memphis, Tennessee, made so many arrests over a three-hour period that it ran out of vehicles to transport the detainees to jail. Three days later, 1,200 people had been arrested across the city — a new police department record. Operation Blue Crush was hailed a huge success.
Larry Godwin, the city’s new police director, quickly rolled out the scheme and by 2011 crime across the city had fallen by 24 per cent. When it was revealed Blue Crush faced budget cuts earlier this year, there was public outcry. “Crush” policing is now perceived to be so successful that it has reportedly been mimicked across the globe, including in countries such as Poland and Israel. In 2010, it was reported that two police forces in the U.K. were using it, but their identities were not revealed.
Crush stands for “Criminal Reduction Utilising Statistical History”. Translated, it means predictive policing. Or, more accurately, police officers guided by algorithms. A team of criminologists and data scientists at the University of Memphis first developed the technique using IBM predictive analytics software. Put simply, they compiled crime statistics from across the city over time and overlaid it with other datasets - social housing maps, outside temperatures etc — then instructed algorithms to search for correlations in the data to identify crime “hot spots”. The police then flooded those areas with highly targeted patrols.
“It’s putting the right people in the right places on the right day at the right time,” said Dr. Richard Janikowski, an associate professor in the department of criminology and criminal justice at the University of Memphis, when the scheme launched. But not everyone is comfortable with the idea. Some critics have dubbed it “Minority Report” policing, in reference to the sci-fi film in which psychics are used to guide a “PreCrime” police unit.
The use of algorithms in policing is one example of their increasing influence on our lives. And, as their ubiquity spreads, so too does the debate around whether we should allow ourselves to become so reliant on them — and who, if anyone, is policing their use. Such concerns were sharpened further by the continuing revelations about how the U.S. National Security Agency (NSA) has been using algorithms to help it interpret the colossal amounts of data it has collected from its covert dragnet of international telecommunications.
“For datasets the size of those the NSA collect, using algorithms is the only way to operate for certain tasks,” says James Ball, the Guardian’s data editor and part of the paper’s NSA Files reporting team. “The problem is how the rules are set: it’s impossible to do this perfectly. If you’re, say, looking for terrorists, you’re looking for something very rare. Set your rules too tight and you’ll miss lots of, probably most, potential terror suspects. But set them more broadly and you’ll drag lots of entirely blameless people into your dragnet, who will then face further intrusion or even formal investigation. We don’t know exactly how the NSA or GCHQ use algorithms — or how extensively they’re applied. But we do know they use them, including on the huge data trawls revealed in the Guardian.”
From dating websites and City trading floors, through to online retailing and internet searches (Google’s search algorithm is now a more closely guarded commercial secret than the recipe for Coca-Cola), algorithms are increasingly determining our collective futures. “Bank approvals, store cards, job matches and more all run on similar principles,” says Mr. Ball. “The algorithm is the god from the machine powering them all, for good or ill.”
But what is an algorithm? Dr. Panos Parpas, a lecturer in the quantitative analysis and decision science (“quads”) section of the department of computing at Imperial College London, says that wherever we use computers, we rely on algorithms: “There are lots of types, but algorithms, explained simply, follow a series of instructions to solve a problem. It’s a bit like how a recipe helps you to bake a cake. Instead of having generic flour or a generic oven temperature, the algorithm will try a range of variations to produce the best cake possible from the options and permutations available.”
Dr. Parpas stresses that algorithms are not a new phenomenon: “They’ve been used for decades — back to Alan Turing and the codebreakers, and beyond - but the current interest in them is due to the vast amounts of data now being generated and the need to process and understand it. They are now integrated into our lives. On the one hand, they are good because they free up our time and do mundane processes on our behalf. The questions being raised about algorithms at the moment are not about algorithms per se, but about the way society is structured with regard to data use and data privacy. It’s also about how models are being used to predict the future. There is currently an awkward marriage between data and algorithms. As technology evolves, there will be mistakes, but it is important to remember they are just a tool. We shouldn’t blame our tools.”
The “mistakes” Dr. Parpas refers to are events such as the “flash crash” of May 6, 2010, when the Dow Jones industrial average fell 1,000 points in just a few minutes, only to see the market regain itself 20 minutes later. The reasons for the sudden plummet has never been fully explained, but most financial observers blame a “race to the bottom” by the competing quantitative trading (quants) algorithms widely used to perform high-frequency trading. Scott Patterson, a Wall Street Journal reporter and author of The Quants, likens the use of algorithms on trading floors to flying a plane on autopilot. The vast majority of trades these days are performed by algorithms, but when things go wrong, as happened during the flash crash, humans can intervene.
“By far the most complicated algorithms are to be found in science, where they are used to design new drugs or model the climate,” says Dr. Parpas. “But they are done within a controlled environment with clean data. It is easy to see if there is a bug in the algorithm. The difficulties come when they are used in the social sciences and financial trading, where there is less understanding of what the model and output should be, and where they are operating in a more dynamic environment. Scientists will take years to validate their algorithm, whereas a trader has just days to do so in a volatile environment.”
Most investment banks now have a team of computer science PhDs coding algorithms, says Dr. Parpas, who used to work on such a team. “With City trading, everyone is running very similar algorithms,” he says. “They all follow each other, meaning you get results such as the flash crash. They use them to speed up the process and to break up big trades to disguise them from competitors when a big investment is being made. They will run new algorithms for a few days to test them before letting them loose with real money. In currency trading, an algorithm lasts for about two weeks before it is surpassed by a new one. In equities, which is a less complicated market, they will run for a few months before a new one replaces them. It takes a day or two to write a currency algorithm. It’s hard to find out information about them because, for understandable reasons, they don’t like to advertise when they are successful. Goldman Sachs, though, has a strong reputation for having a brilliant team of algorithm scientists. PhD students in this field will usually be employed within a few months by an investment bank.”
How algorithms interpret “our” data?
The idea that the world’s financial markets — and, hence, the wellbeing of our pensions, shareholdings, savings etc — are now largely determined by algorithmic vagaries is unsettling enough for some. But, as the NSA revelations exposed, the bigger questions surrounding algorithms centre on governance and privacy. How are they being used to access and interpret “our” data? And by whom? Dr. Ian Brown, the associate director of Oxford University’s Cyber Security Centre, says we all urgently need to consider the implications of allowing commercial interests and governments to use algorithms to analyse our habits: “Most of us assume that ‘big data’ is munificent. The laws in the U.S. and U.K. say that much of this [the NSA revelations] is allowed, it’s just that most people don’t realise yet. But there is a big question about oversight. We now spend so much of our time online that we are creating huge data-mining opportunities.” Dr. Brown says that algorithms are now programmed to look for “indirect, non-obvious” correlations in data.
“For example, in the U.S., healthcare companies can now make assessments about a good or bad insurance risk based, in part, on the distance you commute to work,” he says. “They will identity the low-risk people and market their policies at them. Over time, this creates or exacerbates societal divides. Professor Oscar Gandy, at the University of Pennsylvania, has done research into ‘secondary racial discrimination’, whereby credit and health insurance, which relies greatly on postcodes, can discriminate against racial groups because they happen to live very close to other racial groups that score badly.”
Dr. Brown harbours similar concerns over the use of algorithms to aid policing, as seen in Memphis where Crush’s algorithms have reportedly linked some racial groups to particular crimes: “If you have a group that is disproportionately stopped by the police, such tactics could just magnify the perception they have of being targeted.”
Viktor Mayer-Schonberger, professor of internet governance and regulation at the Oxford Internet Institute, also warns against humans seeing causation when an algorithm identifies a correlation in vast swaths of data. “This transformation presents an entirely new menace: penalties based on propensities,” he writes in his new book, Big Data: A Revolution That Will Transform How We Live, Work and Think, which is co-authored by Kenneth Cukier, the Economist’s data editor. “That is the possibility of using big-data predictions about people to judge and punish them even before they’ve acted. Doing this negates ideas of fairness, justice and free will. In addition to privacy and propensity, there is a third danger. We risk falling victim to a dictatorship of data, whereby we fetishise the information, the output of our analyses, and end up misusing it. Handled responsibly, big data is a useful tool of rational decision-making. Wielded unwisely, it can become an instrument of the powerful, who may turn it into a source of repression, either by simply frustrating customers and employees or, worse, by harming citizens.”
Two real-life scenarios
Prof. Mayer-Schonberger presents two very different real-life scenarios to illustrate how algorithms are being used. First, he explains how the analytics team working for U.S. retailer Target can now calculate whether a woman is pregnant and, if so, when she is due to give birth: “They noticed that these women bought lots of unscented lotion at around the third month of pregnancy, and that a few weeks later they tended to purchase supplements such as magnesium, calcium and zinc. The team ultimately uncovered around two dozen products that, used as proxies, enabled the company to calculate a ‘pregnancy prediction’ score for every customer who paid with a credit card or used a loyalty card or mailed coupons. The correlations even let the retailer estimate the due date within a narrow range, so it could send relevant coupons for each stage of the pregnancy.”
Harmless targeting, some might argue. But what happens, as has already reportedly occurred, when a father is mistakenly sent nappy discount vouchers instead of his teenage daughter whom a retailer has identified is pregnant before her own father knows? Prof. Mayer-Schonberger’s second example throws up even more potential dilemmas and pitfalls: “Parole boards in more than half of all US states use predictions founded on data analysis as a factor in deciding whether to release somebody from prison or to keep him incarcerated.”
Christopher Steiner, author of Automate This: How Algorithms Came to Rule Our World, has identified a wide range of instances where algorithms are being used to provide predictive insights — often within the creative industries. In his book, he tells the story of a website developer called Mike McCready, who has developed an algorithm to analyse and rate hit records. Using a technique called advanced spectral de-convolution, the algorithm breaks up each hit song into its component parts — melody, tempo, chord progression and so on — and then uses that to determine common characteristics across a range of No 1 records. Mr. McCready’s algorithm correctly predicted — before they were even released - that the debut albums by both Norah Jones and Maroon 5 contained a disproportionately high number of hit records.
The next logical step — for profit-seeking record companies, perhaps — is to use algorithms to replace the human songwriter. But is that really an attractive proposition? “Algorithms are not yet writing pop music,” says Steiner. He pauses, then laughs. “Not that we know of, anyway. If I were a record company executive or pop artist, I wouldn’t tell anyone if I’d had a number one written by an algorithm.” Mr. Steiner argues that we should not automatically see algorithms as a malign influence on our lives, but we should debate their ubiquity and their wide range of uses. “We’re already halfway towards a world where algorithms run nearly everything. As their power intensifies, wealth will concentrate towards them. They will ensure the 1 per cent-99 per cent divide gets larger. If you’re not part of the class attached to algorithms, then you will struggle. The reason why there is no popular outrage about Wall Street being run by algorithms is because most people don’t yet know or understand it.”
But Mr. Steiner says we should welcome their use when they are used appropriately to aid and speed our lives. “Retail algorithms don’t scare me,” he says. “I find it useful when Amazon tells me what I might like. In the U.S., we know we will not have enough GP doctors in 15 years, as not enough are being trained. But algorithms can replace many of their tasks. Pharmacists are already seeing some of their prescribing tasks replaced by algorithms. Algorithms might actually start to create new, mundane jobs for humans. For example, algorithms will still need a human to collect blood and urine samples for them to analyse.” There can be a fine line, though, between “good” and “bad” algorithms, he adds: “I don’t find the NSA revelations particularly scary.
At the moment, they just hold the data. Even the best data scientists would struggle to know what to do with all that data. But it’s the next step that we need to keep an eye on. They could really screw up someone’s life with a false prediction about what they might be up to.” — © Guardian News & Media 2013
Tuesday, July 2, 2013
Why are some private prisons allowed to pay their prisoners just a dollar a day to do jobs that other Americans could be doing?
#1 If the percentage of working age Americans that have a job is exactly the same as it was three years ago, then why is the government telling us that the "unemployment rate" has gone down significantly during that time?
#2 Why are some U.S. companies allowed to exploit disabled workers by paying them as little as 22 cents an hour?
#3 Why are some private prisons allowed to pay their prisoners just a dollar a day to do jobs that other Americans could be doing?
#4 Why is real disposable income in the United States falling at the fastest rate that we have seen since 2008?
#5 Why do 53 percent of all American workers make less than $30,000 a year?
#6 Why are wages as a percentage of GDP at an all-time low?
#7 Why are 76 percent of all Americans living paycheck to paycheck?
#8 Why are so many large corporations issuing negative earnings guidance for this quarter? Does this indicate that the economy is about to experience a significant downturn?
#9 Why is job growth at small businesses at about half the level it was at when the year started?
#10 Why are central banks selling off record amounts of U.S. debt right now?
#11 Why did U.S. mortgage bonds just suffer their biggest quarterly decline in nearly 20 years?
#12 Why did we just witness the largest weekly increase in mortgage rates in 26 years?
#13 Why has the number of mortgage applications fallen by 29 percent over the last eight weeks?
#14 Why has the number of mortgage applications fallen to the lowest level in 19 months?
#15 If the U.S. economy is recovering, why is the mortgage delinquency rate in the United States still nearly 10 percent?
#16 Why did the student loan delinquency rate in the United States just hit a brand new all-time high?
#17 Why is the sale of hundreds of millions of dollars of municipal bonds being postponed?
#18 What are the central banks of the world going to do when the 441 trillion dollar interest rate derivatives bubble starts to burst?
#19 Why is Barack Obama secretly negotiating a new international free trade agreement that will impose very strict Internet copyright rules on all of us, ban all "Buy American" laws, give Wall Street banks much more freedom to trade risky derivatives and force even more domestic manufacturing offshore?
#20 Why don't our politicians seem to care that the United States has run a trade deficit of more than 8 trillion dollars with the rest of the world since 1975?
#21 Why doesn't the mainstream media talk about how rapidly the U.S. economy is declining relative to the rest of the planet? According to the World Bank, U.S. GDP accounted for 31.8 percent of all global economic activity in 2001. That number dropped to 21.6 percent in 2011.
#22 Why is the percentage of self-employed Americans at a record low?
#23 What are we going to do if dust bowl conditions continue to return to the western half of the United States? If the drought continues to get even worse, what will that do to our agriculture?
#24 Why is the IRS spending thousands of taxpayer dollars on kazoos, stove top hats, bathtub toy boats and plush animals?
#25 Why did the NIH spend $253,800 "to study ways to educate Boston’s male prostitutes on safe-sex practices"?
#26 Why do some of the largest charities in America spend less than 5 percent of the money that they bring in on actual charitable work?
#27 Now that EU finance ministers have approved a plan that will allow Cyprus-style wealth confiscation as part of all future bank bailouts in Europe, is it only a matter of time before we see something similar in the United States?
#28 Why does approximately one out of every three children in the United States live in a home without a father?
#29 Why are more than a million public school students in the United States homeless?
#30 Why are so many cities all over the United States passing laws that make it illegal to feed the homeless?
#31 Why is government dependence in the U.S. at an all-time high if the economy is getting better? Back in 1960, the ratio of social welfare benefits to salaries and wages was approximately 10 percent. In the year 2000, the ratio of social welfare benefits to salaries and wages was approximately 21 percent. Today, the ratio of social welfare benefits to salaries and wages is approximately 35 percent.
#32 Why does the number of Americans on food stamps exceed the entire population of the nation of Spain?
#33 The number of Americans on food stamps has grown from 32 million to 47 million while Barack Obama has been occupying the White House. So why is Obama paying recruiters to go out and get even more Americans to join the program?
#34 Today, there are 56 million Americans collecting Social Security benefits. In 2035, there will be 91 million Americans collecting Social Security benefits. Where in the world will we get the money for that?
#35 Why has the value of the U.S. dollar fallen by over 95 percent since the Federal Reserve was created back in 1913?
#36 Why has the size of the U.S. national debt gotten more than 5000 times larger since the Federal Reserve was created back in 1913?
http://www.zerohedge.com/news/2013-07-01/36-tough-questions-about-us-economy-everyone-should-be-asking
#2 Why are some U.S. companies allowed to exploit disabled workers by paying them as little as 22 cents an hour?
#3 Why are some private prisons allowed to pay their prisoners just a dollar a day to do jobs that other Americans could be doing?
#4 Why is real disposable income in the United States falling at the fastest rate that we have seen since 2008?
#5 Why do 53 percent of all American workers make less than $30,000 a year?
#6 Why are wages as a percentage of GDP at an all-time low?
#7 Why are 76 percent of all Americans living paycheck to paycheck?
#8 Why are so many large corporations issuing negative earnings guidance for this quarter? Does this indicate that the economy is about to experience a significant downturn?
#9 Why is job growth at small businesses at about half the level it was at when the year started?
#10 Why are central banks selling off record amounts of U.S. debt right now?
#11 Why did U.S. mortgage bonds just suffer their biggest quarterly decline in nearly 20 years?
#12 Why did we just witness the largest weekly increase in mortgage rates in 26 years?
#13 Why has the number of mortgage applications fallen by 29 percent over the last eight weeks?
#14 Why has the number of mortgage applications fallen to the lowest level in 19 months?
#15 If the U.S. economy is recovering, why is the mortgage delinquency rate in the United States still nearly 10 percent?
#16 Why did the student loan delinquency rate in the United States just hit a brand new all-time high?
#17 Why is the sale of hundreds of millions of dollars of municipal bonds being postponed?
#18 What are the central banks of the world going to do when the 441 trillion dollar interest rate derivatives bubble starts to burst?
#19 Why is Barack Obama secretly negotiating a new international free trade agreement that will impose very strict Internet copyright rules on all of us, ban all "Buy American" laws, give Wall Street banks much more freedom to trade risky derivatives and force even more domestic manufacturing offshore?
#20 Why don't our politicians seem to care that the United States has run a trade deficit of more than 8 trillion dollars with the rest of the world since 1975?
#21 Why doesn't the mainstream media talk about how rapidly the U.S. economy is declining relative to the rest of the planet? According to the World Bank, U.S. GDP accounted for 31.8 percent of all global economic activity in 2001. That number dropped to 21.6 percent in 2011.
#22 Why is the percentage of self-employed Americans at a record low?
#23 What are we going to do if dust bowl conditions continue to return to the western half of the United States? If the drought continues to get even worse, what will that do to our agriculture?
#24 Why is the IRS spending thousands of taxpayer dollars on kazoos, stove top hats, bathtub toy boats and plush animals?
#25 Why did the NIH spend $253,800 "to study ways to educate Boston’s male prostitutes on safe-sex practices"?
#26 Why do some of the largest charities in America spend less than 5 percent of the money that they bring in on actual charitable work?
#27 Now that EU finance ministers have approved a plan that will allow Cyprus-style wealth confiscation as part of all future bank bailouts in Europe, is it only a matter of time before we see something similar in the United States?
#28 Why does approximately one out of every three children in the United States live in a home without a father?
#29 Why are more than a million public school students in the United States homeless?
#30 Why are so many cities all over the United States passing laws that make it illegal to feed the homeless?
#31 Why is government dependence in the U.S. at an all-time high if the economy is getting better? Back in 1960, the ratio of social welfare benefits to salaries and wages was approximately 10 percent. In the year 2000, the ratio of social welfare benefits to salaries and wages was approximately 21 percent. Today, the ratio of social welfare benefits to salaries and wages is approximately 35 percent.
#32 Why does the number of Americans on food stamps exceed the entire population of the nation of Spain?
#33 The number of Americans on food stamps has grown from 32 million to 47 million while Barack Obama has been occupying the White House. So why is Obama paying recruiters to go out and get even more Americans to join the program?
#34 Today, there are 56 million Americans collecting Social Security benefits. In 2035, there will be 91 million Americans collecting Social Security benefits. Where in the world will we get the money for that?
#35 Why has the value of the U.S. dollar fallen by over 95 percent since the Federal Reserve was created back in 1913?
#36 Why has the size of the U.S. national debt gotten more than 5000 times larger since the Federal Reserve was created back in 1913?
http://www.zerohedge.com/news/2013-07-01/36-tough-questions-about-us-economy-everyone-should-be-asking
The system that pretends to help you, is designed to destroy you
various comments
A friend's elderly mother just had a hysterectomy due to cancer. She was given a 3 page document requesting permission to share her biopsy info for research purposes. Further into the document it stated that the biopsy results could be used against her & her relatives for the purpose of insurance revokation & loss of employment.
With obamacare, insurance, IRS, medical records, business records, tax records, store purchases...all tie together in one database. AMERIKA USSA
------------------
I am not always stealing souls, but when I do, I use the E-verify system.
- William The Beasty
------------------------
Be a slave to the state or be a pauper.
------------------------
A friend's elderly mother just had a hysterectomy due to cancer. She was given a 3 page document requesting permission to share her biopsy info for research purposes. Further into the document it stated that the biopsy results could be used against her & her relatives for the purpose of insurance revokation & loss of employment.
With obamacare, insurance, IRS, medical records, business records, tax records, store purchases...all tie together in one database. AMERIKA USSA
------------------
I am not always stealing souls, but when I do, I use the E-verify system.
- William The Beasty
------------------------
Be a slave to the state or be a pauper.
------------------------
The Fed Is Paying Banks Not To Lend (thereby insuring the EXACT SAME SCENARIO that caused the great depression - a shrinkage of money credit to business)
Submitted by Michael Snyder of The Economic Collapse blog,
Did you know that U.S. banks have more than 1.8 trillion dollars parked at the Federal Reserve and that the Fed is actually paying them not to lend that money to us? We were always told that the goal of quantitative easing was to "help the economy", but the truth is that the vast majority of the money that the Fed has created through quantitative easing has not even gotten into the system. Instead, most of it is sitting at the Fed slowly earning interest for the bankers.
Back in October 2008, just as the last financial crisis was starting, Federal Reserve Chairman Ben Bernanke announced that the Federal Reserve would start paying interest on the reserves that banks keep at the Fed. This caused an absolute explosion in the size of these reserves. Back in 2008, U.S. banks had less than 2 billion dollars of excess reserves parked at the Fed. Today, they have more than 1.8 trillion. In less than five years, the pile of excess reserves has gotten nearly 1,000 times larger. This is utter insanity, and it will have very serious consequences down the road.
Posted below is a chart that shows the explosive growth of these excess reserves in recent years...
This explains why all of the crazy money printing that the Fed has been doing has not caused tremendous inflation yet. Most of the money has not even gotten into the economy. The Fed has been paying banks not to lend it out.
But now that big pile of money is sitting out there, and at some point it is going to come pouring in to the U.S. economy. When that happens, we could very well see an absolutely massive tsunami of inflation.
Posted below is a chart that shows the growth of the M2 money supply over the past several decades. It has been fairly steady, but imagine what would happen if you took the hockey stick from the chart above and suddenly added it to the top of this one...
The longer that the Federal Reserve continues to engage in quantitative easing and continues to pay banks not to lend that money out to the rest of us, the larger that inflationary time bomb is going to become.
In a recent article for the Huffington Post, Professor Robert Auerbach of the University of Texas explained the nightmarish situation that we are facing...
One reason that the excess reserves grew to an extraordinary level is that in October 2008, one month after the financial crisis when Lehman Brothers went bankrupt, the Bernanke Fed began paying interest on bank reserves. Although it has been 1/4 of 1 percent interest, this risk free rate was not low compared to the Fed's policy of keeping short-term market rates near zero. The interest banks received was and is an incentive to hold the excess reserves rather than lend to consumers and businesses in the risky environment of the major recession and the slow recovery.
The Bernanke Fed is now facing a $1.863 trillion time bomb, they helped to create, of excess reserves in the private banking system. If rates of interest on income earning assets (including bank loans to consumers and businesses) rise, the Fed will have to pay the banks more interest to hold their excess reserves.
If interest rates move up dramatically (and they are already starting to rise significantly), banks will have an incentive to take that money out of the Fed and start lending it out. Professor Auerbach suggests that this could cause an "avalanche" of money pouring into the economy...
Eighty five billion a month will seem tiny compared to the avalanche of the $1.863 trillion excess reserves exploding rapidly into the economy. That would devalue the currency, cause more rapid inflation and worry investors about a coming collapse.
So the Fed has kind of painted itself into a corner. If the Fed keeps printing money, they continue to grossly distort our financial system even more and the excess reserves time bomb just keeps getting bigger and bigger.
But even the suggestion that the Fed would begin to start "tapering" quantitative easing caused the financial markets to throw an epic temper tantrum in recent weeks. Interest rates immediately began to skyrocket and Fed officials did their best to try to settle everyone down.
So where do we go from here?
Unfortunately, as Jim Rogers recently explained, this massive experiment in financial manipulation is ultimately going to end in disaster...
I’m afraid that in the end, we’re all going to suffer perhaps, worse than we ever have, with inflation, currency turmoil, and higher interest rates.
The Fed and other global central banks have created the largest bond bubble in the history of the planet. If the Fed ends quantitative easing, the bond market is going to try to revert to normal.
That would be disastrous for the global financial system. The following is what Jim Willie told Greg Hunter of USAWatchdog.com...
Everything is dependent on Fed support. They know if they take it away, they’re going to create a black hole. The Treasury bond is the greatest asset bubble in history. It’s at least twice as large as the housing and mortgage bubble, maybe three or four times as large.
But even if the central banks keep printing money, they may not be able to maintain control over the bond market. In fact, there are already signs that they are starting to lose control. The following is what billionaire Eric Sprott told King World News the other day...
It’s total orchestration. And it’s orchestration because they might have lost control of the bond market. I find it such a juxtaposition that central banks on a daily basis buy more bonds today than they ever purchased, and interest rates are going up, which is almost perverted. I mean how can that happen?
They’ve lost control of the market in my mind, and that’s why they are so desperately trying to get us all to forget the word ‘taper.’ In fact, we probably won’t even hear the word ‘taper’ anymore because it has such a sickening reaction to people in the bond market, and perhaps even people in the stock market. They will probably do away with the word. But the system is totally out of control. And then we’ve got this quadrillion dollars of derivatives. It just blows blows my mind to think about what could really be going on behind the scenes.
Sprott made a really good point about derivatives.
The quadrillion dollar derivatives bubble could bring down the global financial system at any time.
And remember, interest rate derivatives make up the biggest chunk of that. Today, there are 441 trillion dollars of interest rate derivatives sitting out there. If interest rates begin skyrocketing at some point, that is going to create some absolutely massive losses in the system. We could potentially be talking about an event that would make the failure of Lehman Brothers look like a Sunday picnic.
We are moving into a time of great financial instability. People are going to be absolutely shocked by what happens.
Our financial system is a house of cards built on a foundation of risk, leverage and debt. When it all comes tumbling down, it should not be a surprise to any of us.
Did you know that U.S. banks have more than 1.8 trillion dollars parked at the Federal Reserve and that the Fed is actually paying them not to lend that money to us? We were always told that the goal of quantitative easing was to "help the economy", but the truth is that the vast majority of the money that the Fed has created through quantitative easing has not even gotten into the system. Instead, most of it is sitting at the Fed slowly earning interest for the bankers.
Back in October 2008, just as the last financial crisis was starting, Federal Reserve Chairman Ben Bernanke announced that the Federal Reserve would start paying interest on the reserves that banks keep at the Fed. This caused an absolute explosion in the size of these reserves. Back in 2008, U.S. banks had less than 2 billion dollars of excess reserves parked at the Fed. Today, they have more than 1.8 trillion. In less than five years, the pile of excess reserves has gotten nearly 1,000 times larger. This is utter insanity, and it will have very serious consequences down the road.
Posted below is a chart that shows the explosive growth of these excess reserves in recent years...
Bankers get fat; you get bankrupt |
But now that big pile of money is sitting out there, and at some point it is going to come pouring in to the U.S. economy. When that happens, we could very well see an absolutely massive tsunami of inflation.
Posted below is a chart that shows the growth of the M2 money supply over the past several decades. It has been fairly steady, but imagine what would happen if you took the hockey stick from the chart above and suddenly added it to the top of this one...
The longer that the Federal Reserve continues to engage in quantitative easing and continues to pay banks not to lend that money out to the rest of us, the larger that inflationary time bomb is going to become.
In a recent article for the Huffington Post, Professor Robert Auerbach of the University of Texas explained the nightmarish situation that we are facing...
One reason that the excess reserves grew to an extraordinary level is that in October 2008, one month after the financial crisis when Lehman Brothers went bankrupt, the Bernanke Fed began paying interest on bank reserves. Although it has been 1/4 of 1 percent interest, this risk free rate was not low compared to the Fed's policy of keeping short-term market rates near zero. The interest banks received was and is an incentive to hold the excess reserves rather than lend to consumers and businesses in the risky environment of the major recession and the slow recovery.
The Bernanke Fed is now facing a $1.863 trillion time bomb, they helped to create, of excess reserves in the private banking system. If rates of interest on income earning assets (including bank loans to consumers and businesses) rise, the Fed will have to pay the banks more interest to hold their excess reserves.
If interest rates move up dramatically (and they are already starting to rise significantly), banks will have an incentive to take that money out of the Fed and start lending it out. Professor Auerbach suggests that this could cause an "avalanche" of money pouring into the economy...
Eighty five billion a month will seem tiny compared to the avalanche of the $1.863 trillion excess reserves exploding rapidly into the economy. That would devalue the currency, cause more rapid inflation and worry investors about a coming collapse.
So the Fed has kind of painted itself into a corner. If the Fed keeps printing money, they continue to grossly distort our financial system even more and the excess reserves time bomb just keeps getting bigger and bigger.
But even the suggestion that the Fed would begin to start "tapering" quantitative easing caused the financial markets to throw an epic temper tantrum in recent weeks. Interest rates immediately began to skyrocket and Fed officials did their best to try to settle everyone down.
So where do we go from here?
Unfortunately, as Jim Rogers recently explained, this massive experiment in financial manipulation is ultimately going to end in disaster...
I’m afraid that in the end, we’re all going to suffer perhaps, worse than we ever have, with inflation, currency turmoil, and higher interest rates.
The Fed and other global central banks have created the largest bond bubble in the history of the planet. If the Fed ends quantitative easing, the bond market is going to try to revert to normal.
That would be disastrous for the global financial system. The following is what Jim Willie told Greg Hunter of USAWatchdog.com...
Everything is dependent on Fed support. They know if they take it away, they’re going to create a black hole. The Treasury bond is the greatest asset bubble in history. It’s at least twice as large as the housing and mortgage bubble, maybe three or four times as large.
But even if the central banks keep printing money, they may not be able to maintain control over the bond market. In fact, there are already signs that they are starting to lose control. The following is what billionaire Eric Sprott told King World News the other day...
It’s total orchestration. And it’s orchestration because they might have lost control of the bond market. I find it such a juxtaposition that central banks on a daily basis buy more bonds today than they ever purchased, and interest rates are going up, which is almost perverted. I mean how can that happen?
They’ve lost control of the market in my mind, and that’s why they are so desperately trying to get us all to forget the word ‘taper.’ In fact, we probably won’t even hear the word ‘taper’ anymore because it has such a sickening reaction to people in the bond market, and perhaps even people in the stock market. They will probably do away with the word. But the system is totally out of control. And then we’ve got this quadrillion dollars of derivatives. It just blows blows my mind to think about what could really be going on behind the scenes.
Sprott made a really good point about derivatives.
The quadrillion dollar derivatives bubble could bring down the global financial system at any time.
And remember, interest rate derivatives make up the biggest chunk of that. Today, there are 441 trillion dollars of interest rate derivatives sitting out there. If interest rates begin skyrocketing at some point, that is going to create some absolutely massive losses in the system. We could potentially be talking about an event that would make the failure of Lehman Brothers look like a Sunday picnic.
We are moving into a time of great financial instability. People are going to be absolutely shocked by what happens.
Our financial system is a house of cards built on a foundation of risk, leverage and debt. When it all comes tumbling down, it should not be a surprise to any of us.
Motorola Is Listening: If you're still unsure why I think this is a problem, ask yourself this: if you bought a desktop PC running Windows, then discovered two years later that the hardware manufacturer had installed modified versions of standard Windows software like Outlook Express and Internet Explorer which - without any indication to the user - sent your passwords to, and routed other traffic through servers owned by the PC manufacturer instead of connecting directly to the actual websites and mail servers, would you be OK with it? If not, then why are you when it's a phone instead of a desktop PC?
http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html
Motorola Is Listening
article by Ben Lincoln
In June of 2013, I made an interesting discovery about the Android phone (a Motorola Droid X2) which I was using at the time: it was silently sending a considerable amount of sensitive information to Motorola, and to compound the problem, a great deal of it was over an unencrypted HTTP channel.
If you're in a hurry, you can skip straight to the Analysis - email, ActiveSync, and social networking section - that's where the most sensitive information (e.g. email/social network account passwords) is discussed.
Update 2 (2013-07-02 @ 08:03) - potential device security concern
I realized this morning that there may be a more significant problem. See Potential (untested) device security concern, below.
Update 1 (2013-07-02 @ 05:30) - Android, the Droid X2, and Blur
This article has gotten a lot more attention than I expected.
A clarification I'd like to make (because there seems to be a lot of confusion about this) is that the Droid X2 does not use Motorola's "Blur"/"MotoBlur" user interface. That's one of the reasons I picked that model specifically back in 2011 - it seemed to be running something very close to the stock version of Android.
The email client, web browser, text-messaging app, and so on look like the ones that were included on the G1 I had previously, which is about as close to "stock Android" as you can get with a carrier-installed OS. Based on my research, it seems that they've all been modified to silently send data to and/or through the Blur web-service back-end, but there's no indication to the user that this is the case unless they do the sort of network capture that I did. There is no prompt to create or use a Blur user ID - the phone uses a randomly-generated Blur account for all of the behind-the-scenes activity described below.
I would be very interested in trying this same test with more recent Motorola phones, because there's definitely the perception out there that Blur has been phased out, and I think it's much more likely that it's just the UI on their phones that's been changed, as opposed to removing the underlying Blur functionality.
If you're still unsure why I think this is a problem, ask yourself this: if you bought a desktop PC running Windows, then discovered two years later that the hardware manufacturer had installed modified versions of standard Windows software like Outlook Express and Internet Explorer which - without any indication to the user - sent your passwords to, and routed other traffic through servers owned by the PC manufacturer instead of connecting directly to the actual websites and mail servers, would you be OK with it? If not, then why are you when it's a phone instead of a desktop PC?
Technical notes
The screenshots and other data in this article are more heavily-redacted than I would prefer in the interest of full disclosure and supporting evidence. There are several reasons for this:
There is a considerable amount of binary, hex-encoded, and base64-encoded data mixed in with the traffic. As I have not performed a full reverse-engineering of the data, it's hard for me to know if any of these values are actually sensitive at this time, or in the future when someone more thoroughly decodes the protocol.
My employer reminds its employees that publicly identifying themselves as employees of that organization conveys certain responsibilities upon them. I do not speak for my employer, so all information that would indicate who that employer is has been removed.
I would rather not expose my personal information more than Motorola has already.
Discovery
I was using my personal phone at work to do some testing related to Microsoft Exchange ActiveSync. In order to monitor the traffic, I had configured my phone to proxy all HTTP and HTTPS traffic through Burp Suite Professional - an intercepting proxy that we use for penetration testing - so that I could easily view the contents of the ActiveSync communication.
Looking through the proxy history, I saw frequent HTTP connections to ws-cloud112-blur.svcmot.com mixed in with the expected ActiveSync connections.
ActiveSync Configuration Information
ActiveSync configuration information being sent to Motorola's Blur service.
As of 22 June, 2013, svcmot.com is a domain owned by Motorola, or more specifically:
Motorola Trademark Holdings, LLC
600 North US Highway 45 Attn: Law Department
Libertyville IL 60048
US
internic@motorola.com +1.8475765000 Fax: +1.8475234348
I was quickly able to determine that the connections to Motorola were triggered every time I updated the ActiveSync configuration on my phone, and that the unencrypted HTTP traffic contained the following data:
The DNS name of the ActiveSync server (only sent when the configuration is first created).
The domain name and user ID I specified for authentication.
The full email address of the account.
The name of the connection.
As I looked through more of the proxy history, I could see less-frequent connections in which larger chunks of data were sent - for example, a list of all the application shortcuts and widgets on my phone's home screen(s).
Analysis - email, ActiveSync, and social networking
I decided to try setting up each of the other account types that the system would allow me to, and find out what was captured.
Facebook and Twitter
For both of these services, the email address and password for the account are sent to Motorola. Both services support a mechanism (oAuth) explicitly intended to make this unnecessary, but Motorola does not use that more-secure mechanism. The password is only sent over HTTPS, so at least it can't be easily intercepted by most third parties.
Most subsequent connectivity to both services (other than downloading images) is proxied through Motorola's system on the internet using unencrypted HTTP, so Motorola and anyone running a network capture can easily see who your friends/contacts are (including your friends' email addresses), what posts you're reading and writing, and so on. They'll also get a list of which images you're viewing, even though the actual image download comes directly from the source.
Facebook and Twitter data sent to Motorola's Blur service
Facebook password
Facebook friend information
Facebook wall post by friend
Facebook wall post by self
Silent Signon
Twitter password
Twitter following information
Twitter post
Twitter posts are also read through Blur
You know your software is trustworthy and has nothing to hide when it has a function called "silent signon".
Photobucket and Picasa
For both services, email address and password are sent to Motorola over HTTPS.
For Photobucket, username and image URLs are sent over unencrypted HTTP.
For Picasa, email address, display name, friend information, and image URLs are sent over unencrypted HTTP.
During my testing of Photobucket, the photo was uploaded through Motorola's system (over HTTPS). I was not able to successfully upload a photo to Picasa, although it appeared that the same would have been true for that service.
Photobucket and Picasa data sent to Motorola's Blur service
Photobucket password
Photobucket user ID and friend information
Picasa password
Picasa name and friend information
Photo uploads (to Facebook, Photobucket, etc.)
When uploading images, the uploaded image passes through Motorola's Blur servers, and at least some of the time is uploaded with its EXIF data intact. EXIF data is where things like GPS coordinates are stored.
The full path of the original image on the device is also sent to Motorola. For example, /mnt/sdcard/dcim/Camera/2013-06-20_09-00-00_000.jpg. Android devices name phone-camera images using the time they were taken with millisecond resolution, which can almost certainly be used as a unique device identifier for your phone (how many other people were taking a picture at exactly that millisecond?), assuming you leave the original photo on your phone.
Data sent to Motorola's Blur service when uploading photos
Full local path
EXIF data
Service username and tags
Youtube
Email address and password are sent to Motorola over HTTPS.
Email address is also sent to Motorola over unencrypted HTTP, along with some other data that I haven't deciphered.
I didn't have time to create and upload a video, so I'm not sure what else might be sent.
Youtube data sent to Motorola's Blur service
Youtube password
Email address
Exchange ActiveSync
Domain name, username, email address, and name of the connection are sent over unencrypted HTTP. When a new connection is created, the Exchange ActiveSync server's DNS name is also sent.
Exchange ActiveSync data sent to Motorola's Blur service
EAS initial setup
IMAP/POP3 email
Email address, inbound/outbound server names, and the name of the connection are sent over unencrypted HTTP. There is a lot of other encoded/encrypted data included which I haven't deciphered.
IMAP account data sent to Motorola's Blur service
IMAP configuration
One of the few screenshots I can leave some of the important details visible in - in this case, because the account in question is already on every spam list in the world.
Yahoo Mail
Email address is sent over unencrypted HTTP. This type of account seems to be handled in at least sort of the correct way by Motorola's software, in that a request is made for an access token, and as far as I can tell, the actual account password is never sent to Motorola.
Photobucket and Picasa data sent to Motorola's Blur service
Yahoo Mail address
Flickr
Similar to the Yahoo Mail results, but actually one step better - an explicit Flickr prompt appears indicating what permissions Motorola's system is asking for on behalf of the user.
Flickr
Permission screen
The Flickr integration behaves the way every other part of Motorola's Blur service should.
GMail/Google
Interestingly, no data seemed to be sent to Motorola about this type of account. Unfortunately, if anyone adds a Youtube or Picasa account, they've sent their GMail/Google+ credentials to Motorola anyway.
Also interestingly, while testing Picasa and/or Youtube integration, Motorola's methods of authenticating actually tripped Google's suspicious activity alarm. Looking up the source IP in ARIN confirmed the connection was coming from Motorola.
Google: on guard against suspicious vendors
Suspicious activity detected
Source of the suspicious activity confirmed
Firefox sync
No data seems to pass through Motorola's servers.
News / RSS
RSS feeds that are subscribed to using the built-in News application are proxied through Motorola's servers over unencrypted HTTP.
Photobucket and Picasa data sent to Motorola's Blur service
RSS / News sync
Other data
Every few minutes, my phone sends Motorola a detailed description of my home screen/workspace configuration - all of the shortcuts and widgets I have on it.
Home screen configuration and other data sent to Motorola's Blur service
Home screen configuration
Universal account IDs
"Universal account IDs"? Is that why I only see some data sent the very first time I configure a particular account on my phone?
Analysis - "check-in" data
As I was looking through the data I've already mentioned, I noticed chunks of "check-in" data which was a binary upload, and I thought I'd see if it was in some sort of standard compressed format. As it turns out, it is - the 0x1F8B highlighted below is the header for a block of gzip-compressed data.
GZip compressed-data header embedded in check-in data
GZip header (0X1F8B)
What is contained in this data are essentially debug-level log entries from the device. The battery drain and bandwidth use from having the phone set up like this must be unbelievable.
Most of the data that's uploaded is harmless or low-risk on its own - use statistics, and so on. However, this is another mechanism by which Motorola's servers are collecting information like account names/email addresses, and the sheer volume and variety of other data makes me concerned that Motorola's staff apparently care so much about how I'm using my phone. If this were a corporate-owned device, I would expect the owning corporation to have this level of system data collection enabled, but it concerns me that it's being silently collected from my personal device, and that there is no way to disable it.
Information that is definitely being collected
The IMEI and IMSI of the phone. These are referred to as MEID and MIN in the phone's UI and on the label in the battery compartment, but IMEI and IMSI in the logs. I believe these two values are all that's needed to clone a phone, if someone were to intercept the traffic.
The phone number of the phone, and carrier information (e.g. Verizon).
The barcode from inside the battery compartment.
Applications included with the device as well as installed by the user.
Statistics about how those applications are used (e.g. how much data each one has sent and received).
Phone call and text message statistics. For example, how many calls have been received or missed.
Bluetooth device pairing and unpairing, including detailed information about those devices.
Email addresses/usernames for accounts configured on the device.
Contact statistics (e.g. how many contacts are synced from Google, how many Facebook users are friends of the account I've configured on the device).
Device-level event logs (these are sent to Google as well by a Google-developed checkin mechanism).
Debugging/troubleshooting information about most activities the phone engages in.
Signal strengths statistics and data use for each type of radio included in the device. For example, bytes sent/received via 3G versus wifi.
Stack memory and register dumps related to applications which have crashed.
For Exchange ActiveSync setup, the server name and email address, as well as the details of the security policy enforced by that EAS server.
Information that may be being collected
The terms-of-use/privacy policy for the Blur service (whether you know you're using it or not) explicitly specify that location information (e.g. GPS coordinates) may be collected (see Speaking of that privacy policy..., below). I have not seen this in the data I've intercepted. This may be due to it being represented in a non-obvious format, or it may only be collected under certain conditions, or it may only be collected by newer devices than my 2-year-old Droid X2.
While I have no conclusive evidence, I did notice while adding and removing accounts from my phone that the account ID number for a newly-added account is always higher than that for any accounts that existed previously on the device, even if those accounts have been deleted. This implies to me that Motorola's Blur service may be storing information about the accounts I've "deleted" even though they're no longer visible to me. This seems even more likely given the references in the communication to "universalAccountIds" and "knownAccountIds" referenced by GUID/UUID-like values.
Check-in data being sent to Motorola
Application use stats
Basic hardware properties
Bluetooth headset use-tracking
Data use, SMS text, contact, and CPU stats
Label in the battery compartment of my phone
BlurID, IMEI and barcode (from label), IMSI and phone number
EAS setup information
EAS policy elements
Email and Disk Stats
Event logs (these are also captured by Google)
Image upload bug
Logging of newly-installed applications
Missed calls
I told you it was syncing every nine minutes!
Possible client-side SQL injection vulnerability
Radio and per-application stats (e.g. CPU use by app)
Register and stack memory dump
Sync App IDs: 10, 31, 80
Sync App IDs: 40, 70, 20, 2, 60, and 5
System panic auto-reboot
The "sync app ID" information will become more important in the section about XMPP. The system panic messge has all of the regular boot information as well as the reason for the OS auto-reboot (in my case, apparently there is a problem with the modem).
Analysis - Jabber / XMPP stream communication
In some of the check-in logs, I saw entries that read e.g.:
XMPPConnection: Preparing to connect user XXXXXXXXXXXXXXXX to service: jabber-cloud112-blur.svcmot.com on host: jabber-cloud112-blur.svcmot.com and port: 5222
XMPPConnectionManager I:onConfigurationUpdate: entered
XMPPConnectionManager I:onConfigurationUpdate: exiting
WSBase I:mother told us it's okay to retry the waiting requests: 0
NormalAsyncConnection I:Connected local addr: 192.168.253.10/192.168.253.10:60737 to remote addr: jabber-cloud112-blur.svcmot.com/69.10.176.46:5222
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Wrote out 212 bytes of data with 0 bytes remaining.
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Read 202 bytes into buffer
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Read 262 bytes into buffer
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Wrote out 78 bytes of data with 0 bytes remaining.
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Read 1448 bytes into buffer
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Read 2896 bytes into buffer
XMPPConnection I:Finished connecting user XXXXXXXXXXXXXXXX to service: jabber-cloud112-blur.svcmot.com on host: jabber-cloud112-blur.svcmot.com and port: 5222
By running a network capture, I was able to confirm that my phone was regularly attempting this type of connection. However, it was encrypted using TLS, so I couldn't see the content of the communication at first.
The existence of this mechanism made me extremely curious. Why did Motorola need yet another communication channel for my phone to talk to them over? Why were they using a protocol intended for instant messaging/chat? The whole thing sounded very much like a botnet (which often use IRC in this way) to me.
Intercepting these communications ended up being much more work than I expected. XMPP is an XML-based protocol, and cannot be proxied by an HTTP/HTTPS proxy, so using Burp Suite or ZAP was out. My first thought was to use Mallory, an intercepting transparent proxy that I learned about in the outstanding SANS SEC 642 class back in the March of 2013. Mallory is a relatively new tool, and is somewhat finnicky to get set up, but I learned a lot doing so. Unfortunately, XMPP is not a protocol that Mallory can intercept as of this writing.
The VM that I built to run Mallory on still proved useful in this case, as I was eventually able to hack together a custom XMPP man-in-the-middle exploit and view the contents of the traffic. If you'd like to know more about the details, they're in the Steps to reproduce - XMPP communication channel section further down this page.
This channel is at least part of the Motorola Blur command-and-control mechanism. I haven't seen enough distinct traffic pass through it to have a good idea of the full extent of its capabilities, but I know that:
The XMPP/Jabber protocol is re-purposed for command-and-control use. For example, certain types of message are sent using the field normally used for "presence" status in IM.
The values exchanged in the presence fields appear to be very short (five-character) base64-encoded binary data, followed by a dash, and then a sequence number. For example, 4eTO3-52, Ugs6j-10, or t2bcA-0. The base64 value appears to be selected at boot. The sequence number is incremented differently based on criteria I don't understand (yet), but the most common step I've seen is +4.
As long as the channel is open, the phone will check in with Motorola every nine minutes.
At least one type of Motorola-to-phone command exists: a trigger to update software by ID number.
At least three such ID numbers exist: 31, 40, and 70 (see the table below). Each of these trigger an HTTP post request to the blur-services-1.0/ws/sync API method seen in the previous section, and the same IDs are logged in the check-in data.
The stream token and username passed to the service are the "blurid" value (represented as a decimal number) which shows up in various places in the other traffic between the phone and Motorola.
ID Name Purpose Data Format Observed In Testing?
2 BlurSettingsSyncHandler Unknown JSON No
5 BlurSetupSyncHandler Unverified - called when a new type of sync needs to be added? gpb Yes
10 BlurContactsSyncHandler Syncs contact information (e.g. Google account contacts) gpb No
20 SNMailSyncHandler Unverified - probably syncs private messages from social networking sites gpb No
31 StatusSyncHandler Syncs current status/most-recent-post information from social networking sites gpb Yes
40 BlurSNFriendsSyncHandler Syncs friend information from social networking sites gpb Yes
50 NewsRetrievalService Syncs news feeds set up in the built-in Motorola app gpb Yes
60 AdminFlunkySyncHandler Unverified - sounds like some sort of remote-support functionality gpb No
70 FeedReceiverService Unknown gpb Yes
80 SNCommentsSyncHandler Syncs status/comment information from social networking sites gpb Yes
The "gpb" data format is how that type of binary encoding is referred to internally by the client logs. I believe it is similar (possibly identical) to Google's "protocol buffer" system.
Here is an example session, including the SYNC APP command being sent by the server. Traffic from the client is represented in red. Traffic from the server is coloured blue.
[Communication after this point takes place over the encrypted channel which the client and server have negotiated.]
4503600105521277 1-d052e26d5bbb5b4adce7965e3e248a331765623714 BlurDevice
{"Sync":{"APP":[{"d":"sync_app_id: 31\n","q":0}]}}
XMPP communication channel
XMPPPeek in action
App ID 31 (social networking status) sync
App ID 40 (friends) sync
App ID 50 (news) sync
App ID 80 (social networking comments and status) sync
A few examples of the sync operations triggered by the XMPP communication channel.
While I have seen very little sensitive data being sent as a result of this mechanism, Motorola's privacy policy/terms-of-service related to this system makes me more concerned. There is literally no reason I can think of that I would want my phone to check in with Motorola every nine minutes to see if Motorola has any new instructions for it to execute. Is there some sort of remote-control capability intended for use by support staff? I know there is a device-location and remote wipe function, because those are advertised as features of Blur (apparently even if you didn't explicitly sign up for Blur).
Speaking of that privacy policy...
I honestly can't remember if I explicitly agreed to any sort of EULA when I originally set up my phone. There are numerous "terms of service" and "privacy policy" documents on the Motorola website which all seem designed to look superficially identical, but this one in particular (the one for the actual "Motorola Mobile Services" system (AKA "Blur")) has a lot of content I really don't like, and which is not present in the other, similar documents on their site that are much easier to find. For example, it specifically mentions capturing social networking credentials, as well as uploading GPS coordinates from customers' phones to Motorola.
It is specific to "Motorola Mobile Services", and I know I didn't explicitly sign up for that type of account (which is probably why my phone is using a randomly-generated username and password to connect). I also know that even if I was presented with a lengthy statement which included statements about storing social media credentials, that happened when I originally bought the phone (about two years ago). Should I not have been at least reminded of this when I went to add a social networking account for the first time? Or at a bare minimum, should my phone not let me view any document I allegedly agreed to? The only reason I know of that particular TOS is because I found it referenced in a Motorola forum discussion about privacy concerns.
In any case, here are some interesting excerpts from that document (as of 22 June, 2013). All bold emphasis is mine. I am not a lawyer, and this is not legal advice.
Using the MOTOROLA MOBILE SERVICES software and services (MOTOROLA MOBILE SERVICES) constitutes your acceptance of the terms of the Agreement without modification. If you do not accept the terms of the Agreement, then you may not use MOTOROLA MOBILE SERVICES.
Motorola collects and uses certain information about you and your mobile device ... (1) your device's unique serial number ... (5) when your device experiences a software crash ... (1) use of hardware functions like the accelerometer, GPS, wireless antennas, and touchscreen; (2) wireless carrier and network information; (3) use of accessories like headsets and docks; (4) data usage ... Personal Information such as: (1) your email and social network account credentials; (2) user settings and preferences; (3) your email and social network contacts; (4) your mobile phone number; and (5) the performance of applications installed on your device. ... MOTOROLA MOBILE SERVICES will never collect the specific content of your communications or copies of your files.
The document makes a promise that the content of communications are not collected, but I have screenshots and raw data that show Facebook and Twitter messages as well as photos passing through their servers.
The agreement specifies "when your device experiences a software crash", not "memory dumps taken at the time of a software crash", which are what is actually collected.
Motorola takes privacy protection seriously.
MOTOROLA MOBILE SERVICES only collects personal information, social network profile data, and information about websites you visit if you create a MotoCast ID, use the preinstalled web browser and/or MOTOROLA MOBILE SERVICES applications and widgets like Messaging, Gallery, Music Player, Social Networking and Social Status. If you use non-Motorola applications for email, social networking, sharing content with your friends, and web browsing, then MOTOROLA MOBILE SERVICES will not collect this information. Even if you decline to use the preinstalled browser or the MOTOROLA MOBILE SERVICES applications and widgets, your device will continue to collect information about the performance of your mobile device and how you use your mobile device unless you choose to opt out.
In non-Motorola builds of Android, most/all of those components are still present, but none of them send data to Motorola. Some people might think it was extremely deceptive to add data collection to those components but not make user-visible changes to them that mentioned this. Oh, and of course the OS is still collecting massive amounts of data even if you don't use the modified basic Android functionality.
MOTOROLA MOBILE SERVICES only collects and uses information about the location of your mobile device if you have enabled one or more location-based services, such as your device's GPS antenna, Google Location Services, or a carrier-provided location service. If you turn these features off in your mobile device's settings, MOTOROLA MOBILE SERVICES will not record the location of your mobile device.
So what you're saying is that all I have to do to prevent Motorola from tracking my physical location is disable core functionality on my device and leave it off permanently? Awesome! Thanks so much!
The security of your information is important to Motorola.
When MOTOROLA MOBILE SERVICES transmits information from your mobile device to Motorola, MOTOROLA MOBILE SERVICES encrypts the transmission of that information using secure socket layer technology (SSL).
Except when it doesn't, which is most of the time.
However, no data stored on a mobile device or transmitted over a wireless or interactive network can ever be 100 percent secure, and many of the communications you make using MOTOROLA MOBILE SERVICES will be accessible to third parties. You should therefore be cautious when submitting any personally identifiable information using MOTOROLA MOBILE SERVICES, and you understand that you are using MOTOROLA MOBILE SERVICES at your own risk.
As a global company, Motorola has international sites and users all over the world. The personal information you provide may be transmitted, used, stored, and otherwise processed outside of the country where you submitted that information, including jurisdictions that may not have data privacy laws that provide equivalent protection to such laws in your home country.
You may not ... interfere with anyone's ... enjoyment of the Services
Uh oh.
That document does mention that anyone who wants to opt-out can email privacy@motorola.com. If you have any luck with that, please let me know.
Why this is a problem
While I'm sure there are a few people out there who don't mind a major multinational corporation collecting this sort of detailed tracking information related to where their phone has been and how it's been used, I believe most people would at least like to be asked about participating in this type of activity, and be given an option to turn it off.
I can think of many ways that Motorola, unethical employees of Motorola, or unauthorized third parties could misuse this enormous treasure trove of information. But the biggest question on my mind is this: now that it is known that Motorola is collecting this data, can it be subpoenaed in criminal or civil cases against owners of Motorola phones? That seems like an enormous can of worms, even in comparison to the possibilities for identity theft that Motorola's system provides for.
How secure is Motorola's Blur web service against attack? I'd be really interested to test this myself, but made no attempt to do so because I don't have permission and Motorola doesn't appear to have a "white hat"/"bug bounty" programme. It would be a tempting target for technically-skilled criminals, due to the large volume of Facebook, Twitter, and Google usernames and passwords stored in it.
The fact that the phone actively polls Motorola for new instructions to execute and then follows those instructions without informing its owner opens all of these phones up to automated takeover by anyone who can obtain a signing SSL certificate issued by one of the authorities in the trusted CA store on those phones. Some people may consider this far-fetched, but consider that certificates of that type have been mistakenly issued in the past, and the root certificate for at least one of the CA's responsible for that type of mistake (TURKTRUST) were installed on my phone at the factory.
Potential (untested) device security concern
I didn't make the connection until two days after posting the original version of this article, but I believe there is an even-more-significant problem with the way my device is behaving:
As discussed above, although the command-and-control and some of the device-to-Motorola communication take place over encrypted channels, most of the communication (at least in terms of number of connections to Motorola) is over unencrypted HTTP. That communication is triggered by commands sent over the (encrypted) XMPP channel.
Let me say that again, in a slightly different way:
Commands are being received over a trusted, encrypted channel, but those commands order the device to perform actions across an untrusted, unencrypted channel.
Theoretically, this should mean that it's possible to interfere with the unencrypted channel without having to compromise the encrypted channel at all. The only reason I can think of that this wouldn't work would be if Motorola's developers had used some sort of signing mechanism for the unencrypted HTTP traffic.
If no such additional protection exists, then it should be possible to set up a transparent proxy which forwards on SSL communication to Motorola without attempting to intercept it, while modifying or replacing the contents of the unencrypted HTTP communication. At a minimum (again, assuming there is no additional protection of the HTTP data) this should allow things like RSS feed and social media content to be changed before it reaches the user's phone.
If all of this actually works (and this is a big "if"), and such a transparent proxy is combined with e.g. Jasager, then an attacker could set up the Jasager wireless AP in a public place and simply wait for owners of Motorola devices to pass through the area. Anyone whose device received a sync command (over the encrypted XMPP channel) of the type that allowed the (currently theoretical) attack would have their device (or at least data on that device) automatically compromised.
My guess is that someone is already working on this (e.g. for causing grief for attendees at DefCon or Black Hat), but I thought I'd mention it in case no one else had made the same connection yet.
Again, this is entirely theoretical at this point. If I can find conclusive evidence either way, I'll make another update to this article.
Is there anything good to be found here?
Motorola does appear to be using reasonably-strong authentication for the oAuth login to their system - the username seems to be a combination of the IMEI and a random number (16 digits long[2], in the case of my phone's username), and the password is a 160-bit value represented as a hex string. This would be essentially impossible to attack via brute-force if the value really is random. Due to its length, I'm concerned it's a hash of a fixed attribute of the phone, but that's just a hunch. The non-oAuth components (e.g. XMPP) use the Blur ID as the username, and that is all over the place, e.g. in virtually every URL (HTTP and HTTPS) that the client accesses on the Blur servers.
When uploading images to social networking sites, the Motorola software on the phone sometimes strips the EXIF tags (including geolocation tags) before uploading the image to Motorola. So at least they can't always use that as another method for determining your location.
Finally, both the XMPP and HTTPS client components of the software do validate that the certificates used for encrypted communication were issued by authorities the phone is configured to trust. If the certificate presented to either component is not trusted, then no encrypted channel is established, and data which would be sent over it is queued until a trusted connection can be made. If someone wants to perform a man-in-the-middle attack, they're going to need to get their root CA cert loaded on the target phones, or obtain a signing cert issued by a trusted authority (e.g. TURKTRUST).
At least their software checks SSL cert validity
Untrusted cert - HTTPS client
Untrusted cert - XMPP client
Has anyone else discovered this?
In January of 2012, a participant in a Motorola pre-release test discovered that Motorola was performing device-tracking after a Motorola support representative mentioned that the tester had reset his phone "21 times", and a forum moderator directed him to the special, hard-to-find Motorola privacy policy discussed above.
To my knowledge, this article is the first disclosure of anything like the full extent of the data Motorola collects.
What I am going to do as a result of this discovery
As of 23 June 2013, I've removed my ActiveSync configuration from the phone, because I can't guarantee that proprietary corporate information isn't being funneled through Motorola's servers. I know that some information (like the name of our ActiveSync server, our domain name, and a few examples of our account-naming conventions) is, but I don't have time to exhaustively test to see what else is being sent their way, or to do that every time the phone updates its configuration.
I've also deleted the IMAP configuration that connected to my personal email, and have installed K-9 Mail as a temporary workaround.
I'm going to figure out how to root this phone and install a "clean" version of Android. That will mean I can't use ActiveSync (my employer doesn't allow rooted phones to connect), which means a major reason I use my phone will disappear, but better that than risk sending their data to Motorola.
I'll assume that other manufacturers and carriers have their own equivalent of this - recall the Carrier IQ revelation from 2011.
Which other models of Motorola device do this?
Right now, I have only tested my Droid X2. If you have a Motorola device and are technically-inclined, the steps to reproduce my testing are in the section below. If you get results either way and would like me to include them here, please get in touch with me using the Contact form. Please include the model of your device, the results of your testing, and your name/nickname/handle/URL/etc. if you'd like to be identified.
Steps to reproduce - HTTP/HTTPS data capture
There are a number of approaches that can be used to reproduce the results in this article. This is the method that I used. Of course, the same testing can be performed in order to validate that non-Motorola devices are or are not behaving this way.
Important: I strongly recommend that you do not modify in any way the data your phone sends to Motorola. I also strongly recommend that you do not actively probe, scan, or test in any way the Blur web service. The instructions on this page are intended to provide a means of passively observing the traffic to Motorola in order to understand what your phone may be doing without your knowledge or consent.
Connect a wireless access point to a PC which has at least two NICs.
Use Windows Internet Connection Sharing to give internet access to the wireless AP and its clients.
Set up an intercepting proxy on the PC. I used Burp Suite Professional for the first part of my testing, then switched to OWASP ZAP (which is free) for the rest, since I used a personal system for that phase. Make sure the proxy is accessible on at least one non-loopback address so that other devices can proxy through it.[1]
Configure a Motorola Android device to connect to the wireless AP, and to use the intercepting proxy for their web traffic (in the properties for that wireless connection).
Install the root signing certificate for the intercepting proxy on the Motorola Android device. This allows the intercepting proxy to view HTTPS traffic as well as unencrypted HTTP.
Power the Motorola Android device off, then back on. This seems to be necessary to cause all applications to recognize the new trusted certificate, and will also let you intercept the oAuth negotiation with Motorola./li>
Configure and use anything in the Account section of the device.
Use the built-in Social Networking application.
Take a picture and use the Share function to upload it to one or more photo-sharing services.
Leave the device on for long enough that it sends other system data to Motorola automatically.
Steps to reproduce - check-in data decompression
If you'd like to decompress one of these gzipped data packages, there are also a number of approaches available, but this is the one I used:
Export the raw (binary) request from your intercepting proxy's proxy history. In ZAP, right-click on the history entry and choose Save Raw -> Request -> Body. In Burp Suite, right-click on the history entry and choose Save Item, then uncheck the Base64-encode requests and responses box before saving. Note: you cannot use the bulk export feature of either tool for this step to work - both of them have a quirk in which exporting individual requests preserves binary data, but exporting in bulk corrupts binary data by converting a number of values to 0x3F (maybe it's some Java library that does that when exporting as ASCII?).
Open the exported data in a hex editor (I use WinHex). Remove everything up to the first 0x1F8B in the file. See example screenshot below.
Save the modified version (I added a .gz extension for clarity). See example screenshot below.
Decompress the resulting file using e.g. the Linux gzip -d command, or e.g. 7-zip.
Open the decompressed file in a text editor that correctly interprets Unix-style line breaks (I used Notepad++, partly because it shows unprintable characters in a useful way, and there is some binary data mixed in with the text in these files).
Examine the data your phone is sending to Motorola.
Manually removing extra data so the file will be recognized as gzipped
GZip header (0X1F8B)
Hex editor view of the data
Hex editing complete
Steps to reproduce - XMPP communication channel
This section requires more technical skill and time to replicate than the other two. Right now, it assumes that you have access to a Linux system that is set up with two network interfaces and which can be easily configured to forward all network traffic from the first interface to the second using iptables. If you have a system that is set up to run Mallory successfully already (even though you won't be using Mallory itself here), that would be ideal. I am preparing a detailed ground-up build document and will release that shortly.
In the meantime, assuming you have such a system and some experience using this sort of thing, download XMPPPeek and you should have the tool you need.
Generate an SSL server certificate and private key (in PEM format) with the common name of *.svcmot.com. I made all of the elements of my forged cert match the real one as closely as possible, but I don't know how important this is other than the common name.
Load the CA cert you signed the *.svcmot.com cert with onto your Motorola Android device. Again, I used a CA cert that matched the human-readable elements of the one used by the real server, but I don't know how important that is in this specific case.
You may need to explicitly install the forged *.svcmot.com cert onto your Motorola Android device as well.
Run the shell script from the XMPPPeek page to cause all traffic from the internal interface to be forwarded to the external interface, with the exception of traffic with a destination port of 5222, which should be routed to the port that XMPPPeek will be listening on.
Start XMPPPeek and wait for your phone to connect.
I used a VirtualBox VM with a virtual NIC which was connected for internet access, and a USB NIC which I connected to an old wireless access point. So my phone connected to that AP, which connected through the man-in-the-middle system, which connected to the actual internet connection. I configured the phone to also proxy web traffic through OWASP ZAP so that I could match up the XMPP traffic with its HTTP and HTTPS counterparts.
Footnotes
1. For example, with the default Windows ICS configuration, you can bind the proxy to 192.168.137.1:8071.
2. Mine starts with a 4, but does not pass a Luhn check, in case you were curious.
Last updated: 02 July 2013
Copyright 2009-2013 Ben Lincoln, except where explicitly noted.
Motorola Is Listening
article by Ben Lincoln
In June of 2013, I made an interesting discovery about the Android phone (a Motorola Droid X2) which I was using at the time: it was silently sending a considerable amount of sensitive information to Motorola, and to compound the problem, a great deal of it was over an unencrypted HTTP channel.
If you're in a hurry, you can skip straight to the Analysis - email, ActiveSync, and social networking section - that's where the most sensitive information (e.g. email/social network account passwords) is discussed.
Update 2 (2013-07-02 @ 08:03) - potential device security concern
I realized this morning that there may be a more significant problem. See Potential (untested) device security concern, below.
Update 1 (2013-07-02 @ 05:30) - Android, the Droid X2, and Blur
This article has gotten a lot more attention than I expected.
A clarification I'd like to make (because there seems to be a lot of confusion about this) is that the Droid X2 does not use Motorola's "Blur"/"MotoBlur" user interface. That's one of the reasons I picked that model specifically back in 2011 - it seemed to be running something very close to the stock version of Android.
The email client, web browser, text-messaging app, and so on look like the ones that were included on the G1 I had previously, which is about as close to "stock Android" as you can get with a carrier-installed OS. Based on my research, it seems that they've all been modified to silently send data to and/or through the Blur web-service back-end, but there's no indication to the user that this is the case unless they do the sort of network capture that I did. There is no prompt to create or use a Blur user ID - the phone uses a randomly-generated Blur account for all of the behind-the-scenes activity described below.
I would be very interested in trying this same test with more recent Motorola phones, because there's definitely the perception out there that Blur has been phased out, and I think it's much more likely that it's just the UI on their phones that's been changed, as opposed to removing the underlying Blur functionality.
If you're still unsure why I think this is a problem, ask yourself this: if you bought a desktop PC running Windows, then discovered two years later that the hardware manufacturer had installed modified versions of standard Windows software like Outlook Express and Internet Explorer which - without any indication to the user - sent your passwords to, and routed other traffic through servers owned by the PC manufacturer instead of connecting directly to the actual websites and mail servers, would you be OK with it? If not, then why are you when it's a phone instead of a desktop PC?
Technical notes
The screenshots and other data in this article are more heavily-redacted than I would prefer in the interest of full disclosure and supporting evidence. There are several reasons for this:
There is a considerable amount of binary, hex-encoded, and base64-encoded data mixed in with the traffic. As I have not performed a full reverse-engineering of the data, it's hard for me to know if any of these values are actually sensitive at this time, or in the future when someone more thoroughly decodes the protocol.
My employer reminds its employees that publicly identifying themselves as employees of that organization conveys certain responsibilities upon them. I do not speak for my employer, so all information that would indicate who that employer is has been removed.
I would rather not expose my personal information more than Motorola has already.
Discovery
I was using my personal phone at work to do some testing related to Microsoft Exchange ActiveSync. In order to monitor the traffic, I had configured my phone to proxy all HTTP and HTTPS traffic through Burp Suite Professional - an intercepting proxy that we use for penetration testing - so that I could easily view the contents of the ActiveSync communication.
Looking through the proxy history, I saw frequent HTTP connections to ws-cloud112-blur.svcmot.com mixed in with the expected ActiveSync connections.
ActiveSync Configuration Information
ActiveSync configuration information being sent to Motorola's Blur service.
As of 22 June, 2013, svcmot.com is a domain owned by Motorola, or more specifically:
Motorola Trademark Holdings, LLC
600 North US Highway 45 Attn: Law Department
Libertyville IL 60048
US
internic@motorola.com +1.8475765000 Fax: +1.8475234348
I was quickly able to determine that the connections to Motorola were triggered every time I updated the ActiveSync configuration on my phone, and that the unencrypted HTTP traffic contained the following data:
The DNS name of the ActiveSync server (only sent when the configuration is first created).
The domain name and user ID I specified for authentication.
The full email address of the account.
The name of the connection.
As I looked through more of the proxy history, I could see less-frequent connections in which larger chunks of data were sent - for example, a list of all the application shortcuts and widgets on my phone's home screen(s).
Analysis - email, ActiveSync, and social networking
I decided to try setting up each of the other account types that the system would allow me to, and find out what was captured.
Facebook and Twitter
For both of these services, the email address and password for the account are sent to Motorola. Both services support a mechanism (oAuth) explicitly intended to make this unnecessary, but Motorola does not use that more-secure mechanism. The password is only sent over HTTPS, so at least it can't be easily intercepted by most third parties.
Most subsequent connectivity to both services (other than downloading images) is proxied through Motorola's system on the internet using unencrypted HTTP, so Motorola and anyone running a network capture can easily see who your friends/contacts are (including your friends' email addresses), what posts you're reading and writing, and so on. They'll also get a list of which images you're viewing, even though the actual image download comes directly from the source.
Facebook and Twitter data sent to Motorola's Blur service
Facebook password
Facebook friend information
Facebook wall post by friend
Facebook wall post by self
Silent Signon
Twitter password
Twitter following information
Twitter post
Twitter posts are also read through Blur
You know your software is trustworthy and has nothing to hide when it has a function called "silent signon".
Photobucket and Picasa
For both services, email address and password are sent to Motorola over HTTPS.
For Photobucket, username and image URLs are sent over unencrypted HTTP.
For Picasa, email address, display name, friend information, and image URLs are sent over unencrypted HTTP.
During my testing of Photobucket, the photo was uploaded through Motorola's system (over HTTPS). I was not able to successfully upload a photo to Picasa, although it appeared that the same would have been true for that service.
Photobucket and Picasa data sent to Motorola's Blur service
Photobucket password
Photobucket user ID and friend information
Picasa password
Picasa name and friend information
Photo uploads (to Facebook, Photobucket, etc.)
When uploading images, the uploaded image passes through Motorola's Blur servers, and at least some of the time is uploaded with its EXIF data intact. EXIF data is where things like GPS coordinates are stored.
The full path of the original image on the device is also sent to Motorola. For example, /mnt/sdcard/dcim/Camera/2013-06-20_09-00-00_000.jpg. Android devices name phone-camera images using the time they were taken with millisecond resolution, which can almost certainly be used as a unique device identifier for your phone (how many other people were taking a picture at exactly that millisecond?), assuming you leave the original photo on your phone.
Data sent to Motorola's Blur service when uploading photos
Full local path
EXIF data
Service username and tags
Youtube
Email address and password are sent to Motorola over HTTPS.
Email address is also sent to Motorola over unencrypted HTTP, along with some other data that I haven't deciphered.
I didn't have time to create and upload a video, so I'm not sure what else might be sent.
Youtube data sent to Motorola's Blur service
Youtube password
Email address
Exchange ActiveSync
Domain name, username, email address, and name of the connection are sent over unencrypted HTTP. When a new connection is created, the Exchange ActiveSync server's DNS name is also sent.
Exchange ActiveSync data sent to Motorola's Blur service
EAS initial setup
IMAP/POP3 email
Email address, inbound/outbound server names, and the name of the connection are sent over unencrypted HTTP. There is a lot of other encoded/encrypted data included which I haven't deciphered.
IMAP account data sent to Motorola's Blur service
IMAP configuration
One of the few screenshots I can leave some of the important details visible in - in this case, because the account in question is already on every spam list in the world.
Yahoo Mail
Email address is sent over unencrypted HTTP. This type of account seems to be handled in at least sort of the correct way by Motorola's software, in that a request is made for an access token, and as far as I can tell, the actual account password is never sent to Motorola.
Photobucket and Picasa data sent to Motorola's Blur service
Yahoo Mail address
Flickr
Similar to the Yahoo Mail results, but actually one step better - an explicit Flickr prompt appears indicating what permissions Motorola's system is asking for on behalf of the user.
Flickr
Permission screen
The Flickr integration behaves the way every other part of Motorola's Blur service should.
GMail/Google
Interestingly, no data seemed to be sent to Motorola about this type of account. Unfortunately, if anyone adds a Youtube or Picasa account, they've sent their GMail/Google+ credentials to Motorola anyway.
Also interestingly, while testing Picasa and/or Youtube integration, Motorola's methods of authenticating actually tripped Google's suspicious activity alarm. Looking up the source IP in ARIN confirmed the connection was coming from Motorola.
Google: on guard against suspicious vendors
Suspicious activity detected
Source of the suspicious activity confirmed
Firefox sync
No data seems to pass through Motorola's servers.
News / RSS
RSS feeds that are subscribed to using the built-in News application are proxied through Motorola's servers over unencrypted HTTP.
Photobucket and Picasa data sent to Motorola's Blur service
RSS / News sync
Other data
Every few minutes, my phone sends Motorola a detailed description of my home screen/workspace configuration - all of the shortcuts and widgets I have on it.
Home screen configuration and other data sent to Motorola's Blur service
Home screen configuration
Universal account IDs
"Universal account IDs"? Is that why I only see some data sent the very first time I configure a particular account on my phone?
Analysis - "check-in" data
As I was looking through the data I've already mentioned, I noticed chunks of "check-in" data which was a binary upload, and I thought I'd see if it was in some sort of standard compressed format. As it turns out, it is - the 0x1F8B highlighted below is the header for a block of gzip-compressed data.
GZip compressed-data header embedded in check-in data
GZip header (0X1F8B)
What is contained in this data are essentially debug-level log entries from the device. The battery drain and bandwidth use from having the phone set up like this must be unbelievable.
Most of the data that's uploaded is harmless or low-risk on its own - use statistics, and so on. However, this is another mechanism by which Motorola's servers are collecting information like account names/email addresses, and the sheer volume and variety of other data makes me concerned that Motorola's staff apparently care so much about how I'm using my phone. If this were a corporate-owned device, I would expect the owning corporation to have this level of system data collection enabled, but it concerns me that it's being silently collected from my personal device, and that there is no way to disable it.
Information that is definitely being collected
The IMEI and IMSI of the phone. These are referred to as MEID and MIN in the phone's UI and on the label in the battery compartment, but IMEI and IMSI in the logs. I believe these two values are all that's needed to clone a phone, if someone were to intercept the traffic.
The phone number of the phone, and carrier information (e.g. Verizon).
The barcode from inside the battery compartment.
Applications included with the device as well as installed by the user.
Statistics about how those applications are used (e.g. how much data each one has sent and received).
Phone call and text message statistics. For example, how many calls have been received or missed.
Bluetooth device pairing and unpairing, including detailed information about those devices.
Email addresses/usernames for accounts configured on the device.
Contact statistics (e.g. how many contacts are synced from Google, how many Facebook users are friends of the account I've configured on the device).
Device-level event logs (these are sent to Google as well by a Google-developed checkin mechanism).
Debugging/troubleshooting information about most activities the phone engages in.
Signal strengths statistics and data use for each type of radio included in the device. For example, bytes sent/received via 3G versus wifi.
Stack memory and register dumps related to applications which have crashed.
For Exchange ActiveSync setup, the server name and email address, as well as the details of the security policy enforced by that EAS server.
Information that may be being collected
The terms-of-use/privacy policy for the Blur service (whether you know you're using it or not) explicitly specify that location information (e.g. GPS coordinates) may be collected (see Speaking of that privacy policy..., below). I have not seen this in the data I've intercepted. This may be due to it being represented in a non-obvious format, or it may only be collected under certain conditions, or it may only be collected by newer devices than my 2-year-old Droid X2.
While I have no conclusive evidence, I did notice while adding and removing accounts from my phone that the account ID number for a newly-added account is always higher than that for any accounts that existed previously on the device, even if those accounts have been deleted. This implies to me that Motorola's Blur service may be storing information about the accounts I've "deleted" even though they're no longer visible to me. This seems even more likely given the references in the communication to "universalAccountIds" and "knownAccountIds" referenced by GUID/UUID-like values.
Check-in data being sent to Motorola
Application use stats
Basic hardware properties
Bluetooth headset use-tracking
Data use, SMS text, contact, and CPU stats
Label in the battery compartment of my phone
BlurID, IMEI and barcode (from label), IMSI and phone number
EAS setup information
EAS policy elements
Email and Disk Stats
Event logs (these are also captured by Google)
Image upload bug
Logging of newly-installed applications
Missed calls
I told you it was syncing every nine minutes!
Possible client-side SQL injection vulnerability
Radio and per-application stats (e.g. CPU use by app)
Register and stack memory dump
Sync App IDs: 10, 31, 80
Sync App IDs: 40, 70, 20, 2, 60, and 5
System panic auto-reboot
The "sync app ID" information will become more important in the section about XMPP. The system panic messge has all of the regular boot information as well as the reason for the OS auto-reboot (in my case, apparently there is a problem with the modem).
Analysis - Jabber / XMPP stream communication
In some of the check-in logs, I saw entries that read e.g.:
XMPPConnection: Preparing to connect user XXXXXXXXXXXXXXXX to service: jabber-cloud112-blur.svcmot.com on host: jabber-cloud112-blur.svcmot.com and port: 5222
XMPPConnectionManager I:onConfigurationUpdate: entered
XMPPConnectionManager I:onConfigurationUpdate: exiting
WSBase I:mother told us it's okay to retry the waiting requests: 0
NormalAsyncConnection I:Connected local addr: 192.168.253.10/192.168.253.10:60737 to remote addr: jabber-cloud112-blur.svcmot.com/69.10.176.46:5222
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Wrote out 212 bytes of data with 0 bytes remaining.
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Read 202 bytes into buffer
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Read 262 bytes into buffer
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Wrote out 78 bytes of data with 0 bytes remaining.
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Read 1448 bytes into buffer
TLSStateManager I:org.apache.harmony.nio.internal.SocketChannelImpl@XXXXXXXX: Read 2896 bytes into buffer
XMPPConnection I:Finished connecting user XXXXXXXXXXXXXXXX to service: jabber-cloud112-blur.svcmot.com on host: jabber-cloud112-blur.svcmot.com and port: 5222
By running a network capture, I was able to confirm that my phone was regularly attempting this type of connection. However, it was encrypted using TLS, so I couldn't see the content of the communication at first.
The existence of this mechanism made me extremely curious. Why did Motorola need yet another communication channel for my phone to talk to them over? Why were they using a protocol intended for instant messaging/chat? The whole thing sounded very much like a botnet (which often use IRC in this way) to me.
Intercepting these communications ended up being much more work than I expected. XMPP is an XML-based protocol, and cannot be proxied by an HTTP/HTTPS proxy, so using Burp Suite or ZAP was out. My first thought was to use Mallory, an intercepting transparent proxy that I learned about in the outstanding SANS SEC 642 class back in the March of 2013. Mallory is a relatively new tool, and is somewhat finnicky to get set up, but I learned a lot doing so. Unfortunately, XMPP is not a protocol that Mallory can intercept as of this writing.
The VM that I built to run Mallory on still proved useful in this case, as I was eventually able to hack together a custom XMPP man-in-the-middle exploit and view the contents of the traffic. If you'd like to know more about the details, they're in the Steps to reproduce - XMPP communication channel section further down this page.
This channel is at least part of the Motorola Blur command-and-control mechanism. I haven't seen enough distinct traffic pass through it to have a good idea of the full extent of its capabilities, but I know that:
The XMPP/Jabber protocol is re-purposed for command-and-control use. For example, certain types of message are sent using the field normally used for "presence" status in IM.
The values exchanged in the presence fields appear to be very short (five-character) base64-encoded binary data, followed by a dash, and then a sequence number. For example, 4eTO3-52, Ugs6j-10, or t2bcA-0. The base64 value appears to be selected at boot. The sequence number is incremented differently based on criteria I don't understand (yet), but the most common step I've seen is +4.
As long as the channel is open, the phone will check in with Motorola every nine minutes.
At least one type of Motorola-to-phone command exists: a trigger to update software by ID number.
At least three such ID numbers exist: 31, 40, and 70 (see the table below). Each of these trigger an HTTP post request to the blur-services-1.0/ws/sync API method seen in the previous section, and the same IDs are logged in the check-in data.
The stream token and username passed to the service are the "blurid" value (represented as a decimal number) which shows up in various places in the other traffic between the phone and Motorola.
ID Name Purpose Data Format Observed In Testing?
2 BlurSettingsSyncHandler Unknown JSON No
5 BlurSetupSyncHandler Unverified - called when a new type of sync needs to be added? gpb Yes
10 BlurContactsSyncHandler Syncs contact information (e.g. Google account contacts) gpb No
20 SNMailSyncHandler Unverified - probably syncs private messages from social networking sites gpb No
31 StatusSyncHandler Syncs current status/most-recent-post information from social networking sites gpb Yes
40 BlurSNFriendsSyncHandler Syncs friend information from social networking sites gpb Yes
50 NewsRetrievalService Syncs news feeds set up in the built-in Motorola app gpb Yes
60 AdminFlunkySyncHandler Unverified - sounds like some sort of remote-support functionality gpb No
70 FeedReceiverService Unknown gpb Yes
80 SNCommentsSyncHandler Syncs status/comment information from social networking sites gpb Yes
The "gpb" data format is how that type of binary encoding is referred to internally by the client logs. I believe it is similar (possibly identical) to Google's "protocol buffer" system.
Here is an example session, including the SYNC APP command being sent by the server. Traffic from the client is represented in red. Traffic from the server is coloured blue.
[Communication after this point takes place over the encrypted channel which the client and server have negotiated.]
XMPP communication channel
XMPPPeek in action
App ID 31 (social networking status) sync
App ID 40 (friends) sync
App ID 50 (news) sync
App ID 80 (social networking comments and status) sync
A few examples of the sync operations triggered by the XMPP communication channel.
While I have seen very little sensitive data being sent as a result of this mechanism, Motorola's privacy policy/terms-of-service related to this system makes me more concerned. There is literally no reason I can think of that I would want my phone to check in with Motorola every nine minutes to see if Motorola has any new instructions for it to execute. Is there some sort of remote-control capability intended for use by support staff? I know there is a device-location and remote wipe function, because those are advertised as features of Blur (apparently even if you didn't explicitly sign up for Blur).
Speaking of that privacy policy...
I honestly can't remember if I explicitly agreed to any sort of EULA when I originally set up my phone. There are numerous "terms of service" and "privacy policy" documents on the Motorola website which all seem designed to look superficially identical, but this one in particular (the one for the actual "Motorola Mobile Services" system (AKA "Blur")) has a lot of content I really don't like, and which is not present in the other, similar documents on their site that are much easier to find. For example, it specifically mentions capturing social networking credentials, as well as uploading GPS coordinates from customers' phones to Motorola.
It is specific to "Motorola Mobile Services", and I know I didn't explicitly sign up for that type of account (which is probably why my phone is using a randomly-generated username and password to connect). I also know that even if I was presented with a lengthy statement which included statements about storing social media credentials, that happened when I originally bought the phone (about two years ago). Should I not have been at least reminded of this when I went to add a social networking account for the first time? Or at a bare minimum, should my phone not let me view any document I allegedly agreed to? The only reason I know of that particular TOS is because I found it referenced in a Motorola forum discussion about privacy concerns.
In any case, here are some interesting excerpts from that document (as of 22 June, 2013). All bold emphasis is mine. I am not a lawyer, and this is not legal advice.
Using the MOTOROLA MOBILE SERVICES software and services (MOTOROLA MOBILE SERVICES) constitutes your acceptance of the terms of the Agreement without modification. If you do not accept the terms of the Agreement, then you may not use MOTOROLA MOBILE SERVICES.
Motorola collects and uses certain information about you and your mobile device ... (1) your device's unique serial number ... (5) when your device experiences a software crash ... (1) use of hardware functions like the accelerometer, GPS, wireless antennas, and touchscreen; (2) wireless carrier and network information; (3) use of accessories like headsets and docks; (4) data usage ... Personal Information such as: (1) your email and social network account credentials; (2) user settings and preferences; (3) your email and social network contacts; (4) your mobile phone number; and (5) the performance of applications installed on your device. ... MOTOROLA MOBILE SERVICES will never collect the specific content of your communications or copies of your files.
The document makes a promise that the content of communications are not collected, but I have screenshots and raw data that show Facebook and Twitter messages as well as photos passing through their servers.
The agreement specifies "when your device experiences a software crash", not "memory dumps taken at the time of a software crash", which are what is actually collected.
Motorola takes privacy protection seriously.
MOTOROLA MOBILE SERVICES only collects personal information, social network profile data, and information about websites you visit if you create a MotoCast ID, use the preinstalled web browser and/or MOTOROLA MOBILE SERVICES applications and widgets like Messaging, Gallery, Music Player, Social Networking and Social Status. If you use non-Motorola applications for email, social networking, sharing content with your friends, and web browsing, then MOTOROLA MOBILE SERVICES will not collect this information. Even if you decline to use the preinstalled browser or the MOTOROLA MOBILE SERVICES applications and widgets, your device will continue to collect information about the performance of your mobile device and how you use your mobile device unless you choose to opt out.
In non-Motorola builds of Android, most/all of those components are still present, but none of them send data to Motorola. Some people might think it was extremely deceptive to add data collection to those components but not make user-visible changes to them that mentioned this. Oh, and of course the OS is still collecting massive amounts of data even if you don't use the modified basic Android functionality.
MOTOROLA MOBILE SERVICES only collects and uses information about the location of your mobile device if you have enabled one or more location-based services, such as your device's GPS antenna, Google Location Services, or a carrier-provided location service. If you turn these features off in your mobile device's settings, MOTOROLA MOBILE SERVICES will not record the location of your mobile device.
So what you're saying is that all I have to do to prevent Motorola from tracking my physical location is disable core functionality on my device and leave it off permanently? Awesome! Thanks so much!
The security of your information is important to Motorola.
When MOTOROLA MOBILE SERVICES transmits information from your mobile device to Motorola, MOTOROLA MOBILE SERVICES encrypts the transmission of that information using secure socket layer technology (SSL).
Except when it doesn't, which is most of the time.
However, no data stored on a mobile device or transmitted over a wireless or interactive network can ever be 100 percent secure, and many of the communications you make using MOTOROLA MOBILE SERVICES will be accessible to third parties. You should therefore be cautious when submitting any personally identifiable information using MOTOROLA MOBILE SERVICES, and you understand that you are using MOTOROLA MOBILE SERVICES at your own risk.
As a global company, Motorola has international sites and users all over the world. The personal information you provide may be transmitted, used, stored, and otherwise processed outside of the country where you submitted that information, including jurisdictions that may not have data privacy laws that provide equivalent protection to such laws in your home country.
You may not ... interfere with anyone's ... enjoyment of the Services
Uh oh.
That document does mention that anyone who wants to opt-out can email privacy@motorola.com. If you have any luck with that, please let me know.
Why this is a problem
While I'm sure there are a few people out there who don't mind a major multinational corporation collecting this sort of detailed tracking information related to where their phone has been and how it's been used, I believe most people would at least like to be asked about participating in this type of activity, and be given an option to turn it off.
I can think of many ways that Motorola, unethical employees of Motorola, or unauthorized third parties could misuse this enormous treasure trove of information. But the biggest question on my mind is this: now that it is known that Motorola is collecting this data, can it be subpoenaed in criminal or civil cases against owners of Motorola phones? That seems like an enormous can of worms, even in comparison to the possibilities for identity theft that Motorola's system provides for.
How secure is Motorola's Blur web service against attack? I'd be really interested to test this myself, but made no attempt to do so because I don't have permission and Motorola doesn't appear to have a "white hat"/"bug bounty" programme. It would be a tempting target for technically-skilled criminals, due to the large volume of Facebook, Twitter, and Google usernames and passwords stored in it.
The fact that the phone actively polls Motorola for new instructions to execute and then follows those instructions without informing its owner opens all of these phones up to automated takeover by anyone who can obtain a signing SSL certificate issued by one of the authorities in the trusted CA store on those phones. Some people may consider this far-fetched, but consider that certificates of that type have been mistakenly issued in the past, and the root certificate for at least one of the CA's responsible for that type of mistake (TURKTRUST) were installed on my phone at the factory.
Potential (untested) device security concern
I didn't make the connection until two days after posting the original version of this article, but I believe there is an even-more-significant problem with the way my device is behaving:
As discussed above, although the command-and-control and some of the device-to-Motorola communication take place over encrypted channels, most of the communication (at least in terms of number of connections to Motorola) is over unencrypted HTTP. That communication is triggered by commands sent over the (encrypted) XMPP channel.
Let me say that again, in a slightly different way:
Commands are being received over a trusted, encrypted channel, but those commands order the device to perform actions across an untrusted, unencrypted channel.
Theoretically, this should mean that it's possible to interfere with the unencrypted channel without having to compromise the encrypted channel at all. The only reason I can think of that this wouldn't work would be if Motorola's developers had used some sort of signing mechanism for the unencrypted HTTP traffic.
If no such additional protection exists, then it should be possible to set up a transparent proxy which forwards on SSL communication to Motorola without attempting to intercept it, while modifying or replacing the contents of the unencrypted HTTP communication. At a minimum (again, assuming there is no additional protection of the HTTP data) this should allow things like RSS feed and social media content to be changed before it reaches the user's phone.
If all of this actually works (and this is a big "if"), and such a transparent proxy is combined with e.g. Jasager, then an attacker could set up the Jasager wireless AP in a public place and simply wait for owners of Motorola devices to pass through the area. Anyone whose device received a sync command (over the encrypted XMPP channel) of the type that allowed the (currently theoretical) attack would have their device (or at least data on that device) automatically compromised.
My guess is that someone is already working on this (e.g. for causing grief for attendees at DefCon or Black Hat), but I thought I'd mention it in case no one else had made the same connection yet.
Again, this is entirely theoretical at this point. If I can find conclusive evidence either way, I'll make another update to this article.
Is there anything good to be found here?
Motorola does appear to be using reasonably-strong authentication for the oAuth login to their system - the username seems to be a combination of the IMEI and a random number (16 digits long[2], in the case of my phone's username), and the password is a 160-bit value represented as a hex string. This would be essentially impossible to attack via brute-force if the value really is random. Due to its length, I'm concerned it's a hash of a fixed attribute of the phone, but that's just a hunch. The non-oAuth components (e.g. XMPP) use the Blur ID as the username, and that is all over the place, e.g. in virtually every URL (HTTP and HTTPS) that the client accesses on the Blur servers.
When uploading images to social networking sites, the Motorola software on the phone sometimes strips the EXIF tags (including geolocation tags) before uploading the image to Motorola. So at least they can't always use that as another method for determining your location.
Finally, both the XMPP and HTTPS client components of the software do validate that the certificates used for encrypted communication were issued by authorities the phone is configured to trust. If the certificate presented to either component is not trusted, then no encrypted channel is established, and data which would be sent over it is queued until a trusted connection can be made. If someone wants to perform a man-in-the-middle attack, they're going to need to get their root CA cert loaded on the target phones, or obtain a signing cert issued by a trusted authority (e.g. TURKTRUST).
At least their software checks SSL cert validity
Untrusted cert - HTTPS client
Untrusted cert - XMPP client
Has anyone else discovered this?
In January of 2012, a participant in a Motorola pre-release test discovered that Motorola was performing device-tracking after a Motorola support representative mentioned that the tester had reset his phone "21 times", and a forum moderator directed him to the special, hard-to-find Motorola privacy policy discussed above.
To my knowledge, this article is the first disclosure of anything like the full extent of the data Motorola collects.
What I am going to do as a result of this discovery
As of 23 June 2013, I've removed my ActiveSync configuration from the phone, because I can't guarantee that proprietary corporate information isn't being funneled through Motorola's servers. I know that some information (like the name of our ActiveSync server, our domain name, and a few examples of our account-naming conventions) is, but I don't have time to exhaustively test to see what else is being sent their way, or to do that every time the phone updates its configuration.
I've also deleted the IMAP configuration that connected to my personal email, and have installed K-9 Mail as a temporary workaround.
I'm going to figure out how to root this phone and install a "clean" version of Android. That will mean I can't use ActiveSync (my employer doesn't allow rooted phones to connect), which means a major reason I use my phone will disappear, but better that than risk sending their data to Motorola.
I'll assume that other manufacturers and carriers have their own equivalent of this - recall the Carrier IQ revelation from 2011.
Which other models of Motorola device do this?
Right now, I have only tested my Droid X2. If you have a Motorola device and are technically-inclined, the steps to reproduce my testing are in the section below. If you get results either way and would like me to include them here, please get in touch with me using the Contact form. Please include the model of your device, the results of your testing, and your name/nickname/handle/URL/etc. if you'd like to be identified.
Steps to reproduce - HTTP/HTTPS data capture
There are a number of approaches that can be used to reproduce the results in this article. This is the method that I used. Of course, the same testing can be performed in order to validate that non-Motorola devices are or are not behaving this way.
Important: I strongly recommend that you do not modify in any way the data your phone sends to Motorola. I also strongly recommend that you do not actively probe, scan, or test in any way the Blur web service. The instructions on this page are intended to provide a means of passively observing the traffic to Motorola in order to understand what your phone may be doing without your knowledge or consent.
Connect a wireless access point to a PC which has at least two NICs.
Use Windows Internet Connection Sharing to give internet access to the wireless AP and its clients.
Set up an intercepting proxy on the PC. I used Burp Suite Professional for the first part of my testing, then switched to OWASP ZAP (which is free) for the rest, since I used a personal system for that phase. Make sure the proxy is accessible on at least one non-loopback address so that other devices can proxy through it.[1]
Configure a Motorola Android device to connect to the wireless AP, and to use the intercepting proxy for their web traffic (in the properties for that wireless connection).
Install the root signing certificate for the intercepting proxy on the Motorola Android device. This allows the intercepting proxy to view HTTPS traffic as well as unencrypted HTTP.
Power the Motorola Android device off, then back on. This seems to be necessary to cause all applications to recognize the new trusted certificate, and will also let you intercept the oAuth negotiation with Motorola./li>
Configure and use anything in the Account section of the device.
Use the built-in Social Networking application.
Take a picture and use the Share function to upload it to one or more photo-sharing services.
Leave the device on for long enough that it sends other system data to Motorola automatically.
Steps to reproduce - check-in data decompression
If you'd like to decompress one of these gzipped data packages, there are also a number of approaches available, but this is the one I used:
Export the raw (binary) request from your intercepting proxy's proxy history. In ZAP, right-click on the history entry and choose Save Raw -> Request -> Body. In Burp Suite, right-click on the history entry and choose Save Item, then uncheck the Base64-encode requests and responses box before saving. Note: you cannot use the bulk export feature of either tool for this step to work - both of them have a quirk in which exporting individual requests preserves binary data, but exporting in bulk corrupts binary data by converting a number of values to 0x3F (maybe it's some Java library that does that when exporting as ASCII?).
Open the exported data in a hex editor (I use WinHex). Remove everything up to the first 0x1F8B in the file. See example screenshot below.
Save the modified version (I added a .gz extension for clarity). See example screenshot below.
Decompress the resulting file using e.g. the Linux gzip -d command, or e.g. 7-zip.
Open the decompressed file in a text editor that correctly interprets Unix-style line breaks (I used Notepad++, partly because it shows unprintable characters in a useful way, and there is some binary data mixed in with the text in these files).
Examine the data your phone is sending to Motorola.
Manually removing extra data so the file will be recognized as gzipped
GZip header (0X1F8B)
Hex editor view of the data
Hex editing complete
Steps to reproduce - XMPP communication channel
This section requires more technical skill and time to replicate than the other two. Right now, it assumes that you have access to a Linux system that is set up with two network interfaces and which can be easily configured to forward all network traffic from the first interface to the second using iptables. If you have a system that is set up to run Mallory successfully already (even though you won't be using Mallory itself here), that would be ideal. I am preparing a detailed ground-up build document and will release that shortly.
In the meantime, assuming you have such a system and some experience using this sort of thing, download XMPPPeek and you should have the tool you need.
Generate an SSL server certificate and private key (in PEM format) with the common name of *.svcmot.com. I made all of the elements of my forged cert match the real one as closely as possible, but I don't know how important this is other than the common name.
Load the CA cert you signed the *.svcmot.com cert with onto your Motorola Android device. Again, I used a CA cert that matched the human-readable elements of the one used by the real server, but I don't know how important that is in this specific case.
You may need to explicitly install the forged *.svcmot.com cert onto your Motorola Android device as well.
Run the shell script from the XMPPPeek page to cause all traffic from the internal interface to be forwarded to the external interface, with the exception of traffic with a destination port of 5222, which should be routed to the port that XMPPPeek will be listening on.
Start XMPPPeek and wait for your phone to connect.
I used a VirtualBox VM with a virtual NIC which was connected for internet access, and a USB NIC which I connected to an old wireless access point. So my phone connected to that AP, which connected through the man-in-the-middle system, which connected to the actual internet connection. I configured the phone to also proxy web traffic through OWASP ZAP so that I could match up the XMPP traffic with its HTTP and HTTPS counterparts.
Footnotes
1. For example, with the default Windows ICS configuration, you can bind the proxy to 192.168.137.1:8071.
2. Mine starts with a 4, but does not pass a Luhn check, in case you were curious.
Last updated: 02 July 2013
Copyright 2009-2013 Ben Lincoln, except where explicitly noted.
Subscribe to:
Posts (Atom)