mikegerwitz
/
sapsf
1
0
Fork 0
Code Releases Activity

More references, WIP

more-refs
Mike Gerwitz 2017-10-18 01:58:04 -04:00
parent bb93ca240c
commit 30e064ab0b
Signed by: mikegerwitz
GPG Key ID: 8C917B7F5DC51BA2
1 changed files with 481 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

481
sapsf.bib
View File

@ -1229,3 +1229,484 @@
url = {http://www.businessinsider.com/ford-exec-gps-2014-1},
urldate = {2017-03-21},
}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% POST-PRESENTATION %%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@online{verizon-spyware,
author = {Budington, Bill
and Gillula, Jeremy
and Tummarello, Kate},
title = {The {First Horseman} of the Privacy Apocalypse Has Already Arrived:
{Verizon} Announces Plans to Install Spyware on All Its
{Android} Phones},
organization = {Electronic Frontier Foundation},
date = {2017-03-30},
url = {https://www.eff.org/deeplinks/2017/03/first-horseman-privacy-apocalypse-has-already-arrived-verizon-announces-plans},
urldate = {2017-03-30},
tags = {advertising, appflash, geolocation, location, mobile, privacy,
spyware, tracking, verizon},
annotation = {Less than 48~hours after Congress recended Internet privacy
protections, Verizon intends to install spyware on users'
Android devices},
}
@online{sec-https-mitm,
author = {Durumeric, Zakir
and Ma, Zane
and Springall, Drew
and Barnes, Richard
and Sullivan, Nick
and Bursztein, Elie
and Bailey, Michael
and Halderman, J.~Alex
and Paxson, Vern},
title = {The Security Impact of HTTPS Interception},
doi = {10.14722/ndss.2017.23456},
date = {2017},
organization = {University of Michigan
and University of Illinois Urbana-Champaig,
and Mozilla
and Cloudflare
and Google
and University of California Berkeley
and International Computer Science Institute},
url = {https://zakird.com/papers/https_interception.pdf},
urldate = {2017-04-02},
tags = {https, mitm, security, privacy, antivirus, detection,
cryptography},
}
@online{eff:smart-meter,
author = {Gullo, Karen
and Williams, Jamie},
title = {An {Illinois} Court Just Didnt Get It: We Are Entitled to Expect
Privacy In Our Smart Meter Data, Which Reveals Whats
Going On Inside Our Homes},
organization = {Electronic Frontier Foundation},
date = {2017-03-01},
url = {https://www.eff.org/deeplinks/2017/03/illinois-court-just-didnt-get-it-we-are-entitled-expect-privacy-our-smart},
urldate = {2017-04-02},
tags = {iot, personal data, privacy, fourth amendment, court,
illinois, district court, naperville, court of appeals,
seventh circuit, privacy international}
}
@online{register:w10-privacy,
author = {Thomson, Lain},
title = {Put down your coffee and admire the sheer amount of data
{Windows 10 Creators Update} will slurp from your {PC}},
subtitle = {Official list of phoned-home info revealed by {Microsoft}},
organization = {The Register},
date = {2017-04-06},
url = {https://web.archive.org/save/https://www.theregister.co.uk/2017/04/06/microsoft_windows_10_creators_update/},
urldate = {2017-04-07},
annotation = {Archive.org link used because The~Register blocks
Tor~users unless they execute proprietary JavaScript.},
}
@online{nsa:windows-0day,
author = {Biddle, Sam},
title = {Leaked {NSA} Malware Threatens {Windows} Users Around the World},
organization = {The Intercept},
date = {2017-04-14},
url = {https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/},
urldate = {2017-04-15},
tags = {0day, esteemaudit, fuzzbunch, malware, nsa, oddjob, security,
shadow brokers, tailored access operations, tao, windows,
zippybeer},
}
@online{bk-not-ok-google,
author = {Titcomb, James},
title = {Not OK, Google: Burger King advert designed to hijack Google Home
speakers backfires},
organization = {Yahoo!},
date = {2017-04-13}
url = {https://m.yahoo.com/w/legobpengine/finance/news/not-ok-google-burger-king-084506757.html?.intl=us&.lang=en-us},
urldate = {2017-04-16},
tags = {burger king, comercial, google, google home, privacy, security,
whopper, wikipedia},
}
@online{ms:windows-diagnostic,
author = {Lich, Brian},
title = {Windows 10, version~1703 Diagnostic Data},
organization = {Microsoft},
date = {2017-04-05},
url = {https://technet.microsoft.com/itpro/windows/configure/windows-diagnostic-data},
urldate = {2017-04-20},
tags = {privacy, security, windows, what the fuck, surveillance,
exfiltrate},
}
@online{guardian:uber-godview,
author = {Hern, Alex},
title = {Uber employees `spied on ex-partners, politicians
and {Beyoncé}'},
subtitle = {Cab startups former forensic investigator Samuel Ward
Spangenberg claims he was fired from the company after
blowing whistle on lack of security},
organization = {The Guardian},
date = {2016-12-13},
url = {https://www.theguardian.com/technology/2016/dec/13/uber-employees-spying-ex-partners-politicians-beyonce},
urldate = {2017-04-26},
}
@online{fpcentral,
url = {https://fpcentral.irisa.fr/},
}
@online{sensor-side-channel,
url = {https://blogs.ncl.ac.uk/security/author/b2031864/},
}
@online{ambient-light,
url = {https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/},
}
@online{arixv:airgap-scanner,
url = {https://arxiv.org/abs/1703.07751},
}
@online{bloomberg:pacemaker-st-jude,
url = {https://www.bloomberg.com/news/articles/2016-08-25/carson-block-takes-on-st-jude-medical-with-claim-of-hack-risk},
}
@online{silverpush-unmasked,
url = {https://github.com/MAVProxyUser/SilverPushUnmasked},
}
% specifically, see references
@online{ss7,
url = {https://en.wikipedia.org/wiki/Signalling_System_No._7#Protocol_security_vulnerabilities},
}
@online{ars:hajime-botnet,
url = {https://arstechnica.com/security/2017/04/a-vigilante-is-putting-huge-amount-of-work-into-infecting-iot-devices/},
}
% oh, imagine that
@online{intel:me-priv-escal,
url = {https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr},
}
% no password needed!
@online{ars:intel-amt,
url = {https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/},
}
@online{eff:intel-amt,
url = {https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it},
}
@online{eff:nhtsa-v2v,
url = {https://www.eff.org/deeplinks/2017/05/danger-ahead-governments-plan-vehicle-vehicle-communication-threatens-privacy},
}
@online{nyt:ransom-world,
url = {https://mobile.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html?smprod=nytcore-iphone&smid=nytcore-iphone-share&_r=1&referer=https://www.rt.com/news/388153-thousands-ransomeware-attacks-worldwide/},
}
@online{lat:google-offline,
url = {http://www.latimes.com/business/technology/la-fi-tn-google-ads-tracking-20170523-story.html},
}
@online{giz:ice-imsi,
url = {https://gizmodo.com/ice-agents-are-using-stingray-surveillance-tech-to-capt-1795377902},
}
@online{eff:vep-patch,
url = {https://www.eff.org/deeplinks/2017/05/congress-imperfect-start-addressing-vulnerabilities},
}
@online{xato:windows-spying,
url = {https://xato.net/windows-spying-and-a-twitter-rant-19203babb2e7},
}
@online{insider-surveillance,
url = {https://insidersurveillance.com/about-us/},
}
@online{ccc:iris,
url = {https://www.ccc.de/en/updates/2017/iriden},
}
@online{eff:aadhaar,
url = https://www.eff.org/deeplinks/2017/05/aadhaar-ushering-commercialized-era-surveillance-india,
}
@online{twitter:theresa-may-human-rights,
url = {https://twitter.com/theresa_may/status/872181737933217794},
}
@online{ars:uk-afr,
url = {https://arstechnica.com/tech-policy/2017/06/police-automatic-face-recognition/},
}
@online{theage:turnball-crypto-war,
url = {http://www.theage.com.au/federal-politics/political-news/how-the-turnbull-government-plans-to-access-encrypted-messages-20170609-gwoge0.html},
}
@online{tfreak:russia-tor-vpn,
url = {https://torrentfreak.com/bill-to-ban-vpns-unmask-operators-submitted-to-russias-parliament-170609/},
}
@online{bleep:malware-intel-me,
url = {https://www.bleepingcomputer.com/news/security/malware-uses-obscure-intel-cpu-feature-to-steal-data-and-avoid-firewalls/},
}
@online{guardian:brandis-hw-backdoor,
url = {https://www.theguardian.com/technology/2017/jun/12/george-brandiss-salvo-in-cryptowars-could-blow-a-hole-in-architecture-of-the-internet},
}
@online{p1sec:volte,
url = {https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf}
}
@online{ucsd:getoffmycloud,
url = {https://cseweb.ucsd.edu/~hovav/dist/cloudsec.pdf},
}
@online{ncc:time-trial,
url = {https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/TimeTrial.pdf},
}
@online{upguard:rnc-analytics,
url = {https://www.upguard.com/breaches/the-rnc-files}
}
@online{bbc:eu-e2e-enc,
url = {http://www.bbc.com/news/technology-40326544}
}
@online{krebs:petya,
url = {https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/}
}
@online{threatpost:petya,
url = {https://threatpost.com/complex-petya-like-ransomware-outbreak-worse-than-wannacry/126561/}
}
@online{securelist:petya,
url = {https://securelist.com/schroedingers-petya/78870/}
}
@online{wired:cia-wifi-tracking,
url = {https://www.wired.com/story/wikileaks-cia-wifi-location-tracking}
}
@online{china-apple-user-data,
url = {https://www.hongkongfp.com/2017/06/08/china-uncovers-massive-underground-network-apple-employees-selling-customers-personal-data/}
}
@online{sat-observation,
url = {https://satelliteobservation.wordpress.com/2017/06/04/signal-intelligence-101-sigint-targets/}
}
@online{aclu:student-spy-laptops,
url = {https://www.aclu.org/blog/speak-freely/rhode-island-some-schools-think-they-have-right-spy-students-school-laptops}
}
@online{eff:student-spy-report-2017,
url = {https://www.eff.org/wp/school-issued-devices-and-student-privacy}
}
@online{aclu:school-privacy-report,
url = {http://riaclu.org/images/uploads/ACLU_1-1_School_Privacy_Report_Final.pdf}
}
@online{ars:cia-cherryblossom,
url = {https://arstechnica.com/security/2017/06/advanced-cia-firmware-turns-home-routers-into-covert-listening-posts/}
}
@online{vault7:cherryblossom,
url = {https://wikileaks.org/vault7/document/SRI-SLO-FF-2012-177-CherryBlossom_UsersManual_CDRL-12_SLO-FF-2012-171/}
}
@online{aes-tempest,
url = {https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf}
}
@online{brennan:foreign-interfere,
url = {https://www.brennancenter.org/sites/default/files/publications/Foreign\%20Interference_0629_1030_AM.pdf},
}
@online{myshadow,
url = {https://myshadow.org/},
}
@online{motherboard:apple-bug-bounty,
url = {https://motherboard.vice.com/en_us/article/gybppx/iphone-bugs-are-too-valuable-to-report-to-apple},
}
@online{eff:australia-pm-e2e-ban,
url = {https://www.eff.org/deeplinks/2017/07/australian-pm-calls-end-end-encryption-ban-says-laws-mathematics-dont-apply-down},
}
@online{eff:cbp-remote-content,
url = {https://www.eff.org/deeplinks/2017/07/cbp-responds-sen-wyden-border-agents-may-not-search-travelers-cloud-content},
}
@online{engadget:roomba-map,
url = {https://www.engadget.com/2017/07/24/roomba-irobot-sell-digital-maps-home/},
}
@online{nytimes:sweden-ibm-breach,
url = {https://www.nytimes.com/2017/07/25/world/europe/ibm-sweden-data-outsourcing.html},
}
@online{cell-tracking-how,
url = {https://thehftguy.com/2017/07/19/what-does-it-really-take-to-track-100-million-cell-phones/},
}
@online{threatpost:adups,
url = {https://threatpost.com/android-sypware-still-collects-pii-despite-outcry/127042/},
}
@online{threatpost:rad-mon-nopatch,
url = {https://threatpost.com/vulnerable-radiation-monitoring-devices-wont-be-patched/126967/},
}
@online{ars:lipizzan,
url = {https://arstechnica.com/information-technology/2017/07/stealthy-google-play-apps-recorded-calls-and-stole-e-mails-and-texts/},
}
@online{sophos:sms-exfiltrate,
url = {https://nakedsecurity.sophos.com/2017/07/27/dont-want-your-smss-stolen-dont-download-these-android-apps/},
}
@online{psmag:resturaunt-surveil,
url = {https://psmag.com/economics/your-favorite-restaurants-are-surveilling-you},
}
@online{wapo:google-shop-track,
url = {https://www.washingtonpost.com/news/the-switch/wp/2017/05/23/google-now-knows-when-you-are-at-a-cash-register-and-how-much-you-are-spending/?utm_term=.5959c4d7b4f0},
}
@online{wapo:google-shop-track-fed,
url = {https://www.washingtonpost.com/news/the-switch/wp/2017/07/30/googles-new-program-to-track-shoppers-sparks-a-federal-privacy-complaint/},
}
@online{voting-crack-defcon,
url = {https://blog.horner.tj/post/hacking-voting-machines-def-con-25},
}
@online{electrek:keenlab-tesla-again,
url = {https://electrek.co/2017/07/28/tesla-hack-keen-lab/},
tags = {vehicle},
}
@online{keenlab:tesla-again,
url = {http://keenlab.tencent.com/en/2017/07/27/New-Car-Hacking-Research-2017-Remote-Attack-Tesla-Motors-Again/},
tags = {vehicle},
}
@online{ars:zerodium-mobile,
url = {https://arstechnica.com/information-technology/2017/08/wanted-weaponized-exploits-that-hack-phones-will-pay-top-dollar/},
}
@online{zdnet:accuweather-spy,
url = {http://www.zdnet.com/article/accuweather-still-shares-precise-location-with-advertisers-tests-reveal/},
}
@online{delete-fb,
url = {http://www.deletefacebook.com/},
}
@online{techcrunch:voting-dre-decommission,
url = {https://techcrunch.com/2017/09/08/virginia-dre-voting-machines-hack/},
}
@online{eff:dhs-lawsuit,
url = {https://www.eff.org/press/releases/eff-aclu-media-conference-call-today-announce-lawsuit-over-warrantless-phone-and},
}
@online{dolphinattack,
title = {DolphinAttack: Inaudible Voice Commands},
url = {https://endchan.xyz/.media/50cf379143925a3926298f881d3c19ab-applicationpdf.pdf},
}
@online{vice:facial-obscured,
title = {{AI} Will Soon Identify Protesters With Their Faces Partly Concealed},
url = {https://motherboard.vice.com/en_us/article/mbby88/ai-will-soon-identify-protesters-with-their-faces-partly-concealed},
}
@online{eff:ios-wifi-off,
title = {{iOS} 11s Misleading “Off-ish” Setting for {Bluetooth} and {Wi-Fi} is Bad for User Security},
url = {https://www.eff.org/deeplinks/2017/10/ios-11s-misleading-ish-setting-bluetooth-and-wi-fi-bad-user-security},
}
@online{apolice:google-home-mini,
title = {Google is nerfing all {Home Minis} because mine spied on everything I said 24/7},
url = {http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/},
notes = {It does not matter whether these types of devices have bugs,
deliberate or not: the point is that such things are
possible, and then can indeed be used as surveillance devices.}
}
@online{reuters:symantic-code-review,
title = {Exclusive: {Symantec} {CEO} says source code reviews pose unacceptable risk},
url = {http://www.reuters.com/article/us-usa-cyber-russia-symantec/exclusive-symantec-ceo-says-source-code-reviews-pose-unacceptable-risk-idUSKBN1CF2SB},
}
@online{oneplus-spyware,
url = {https://www.chrisdcmoore.co.uk/post/oneplus-analytics/},
}
@online{reuters:equifax-tp-scripts,
title = {Equifax says systems not compromised in latest cyber scare},
url = {http://www.reuters.com/article/us-equifax-breach/equifax-takes-down-web-page-after-reports-of-new-hack-idUSKBN1CH2F3},
notes = {Surprise, you can't trust third-party scripts.}
}
% ethics
@online{motherboard:pornhub-ai,
title = {Facial Recognition for Porn Stars Is a Privacy Nightmare Waiting to Happen},
subtitle = {The underlying tech being used by Pornhub could one day be
used by more nefarious actors to identify amateur and
unwitting porn models},
url = {https://motherboard.vice.com/en_us/article/a3kmpb/facial-recognition-for-porn-stars-is-a-privacy-nightmare-waiting-to-happen},
}
% ethics
@online{gizmodo:facebook-sex-workers,
title = {How Facebook Outs Sex Workers},
url = {https://gizmodo.com/how-facebook-outs-sex-workers-1818861596},
}
% ethics
@online{pew:automation,
title = {Automation in Everyday Life},
subtitle = {Americans express more worry than enthusiasm about coming
developments in automation---from driverless vehicles to a
world in which machines perform many jobs currently done by
humans},
url = {http://www.pewinternet.org/2017/10/04/automation-in-everyday-life/},
}
@online{techcrunch:uk-social-media,
title = {UK spies using social media data for mass surveillance},
author = {Lomas, Natasha},
url = {https://techcrunch.com/2017/10/17/uk-spies-using-social-media-data-for-mass-surveillance/},
urldate = {2017-10-18},
archive = {https://web.archive.org/web/20171018053036/},
}
@online{medium:telco-tracking,
title = {Want to see something crazy? Open this link on your phone with WiFi turned off.},
author = {philipn},
url = {https://medium.com/@philipn/want-to-see-something-crazy-open-this-link-on-your-phone-with-wifi-turned-off-9e0adb00d024},
urldate = {2017-10-18},
archive = {https://web.archive.org/web/20171018053425/},
}
@online{krackattacks,
title = {Key Reinstallation Attacks},
subtitle = {Breaking {WPA2} by forcing nonce reuse},
url = {https://www.krackattacks.com/},
urldate = {2017-10-18},
archive = {https://web.archive.org/web/20171018050741/},
}