Good Techdirt analysis of Applepay and CurrentC situation

States that retailers want to cut out Mastercard and Visa, and want ultimate tracking of their customers that they had when they used their old tracking cards

https://www.techdirt.com/articles/20141027/07065628950/payment-wars-how-merchants-carriers-are-trying-to-block-payment-systems-they-cant-track.shtml

Grab the popcorn, IMHO, this will be an utter and dismal failure, because the members of PCI won't correctly use their previous lessons learned to make a system that protects customers, instead they will greedily grab all the data they can on their customers, attempt to protect their shopkeeper members, but fail because they're cheaping out on the infrastructure, creating something even worse than PCI.

Seriously, Rite Aid and CVS are creating a payment system that will be more secure than Google, Apple and Mastercard/VISA?  OMG what are they thinking other than sheer greed.  I won't boycott, though, expecially CVS, I truly want to support a company that went out on a limb and stopped selling tobacco.

Don't use CurrentC, it will be even riskier than debit cards - the QR codes will be found to be awful security, and there will be people burned by the automatic debit behavior of the system. Even if they use something clever like Steve Gibson's SQRL , they won't be able to implemment something secure enough to handle the amounts of cash it needs to.

Please just use credit cards or cash at these merchants

Truth finally? Rutgers paper about e-voting - Don't do it

Slashdot talked about a paper generated when Rutgers university did an analysis of the emergency e-voting that was done after hurricane Sandy, and it was apparently another disaster.

Just pulling interesting things from the table of contents: 

VII. INTERNET VOTING IS NOT SAFE, SHOULD NOT BE MADE LEGAL, AND SHOULD NEVER BE INCORPORATED INTO EMERGENCY MEASURES

VIII. INTERNET ATTACKS ON U.S. INFRASTRUCTURE AND BUSINESSES ARE SO PREVALENT THAT IT IS NAÏVE TO BELIEVE THAT U.S.ELECTIONS WOULD NOT BE OF INTEREST TO HACKERS

So let's jump right to the conclusion:

CONCLUSION
After Superstorm Sandy, there was no structure in place to make sure that emergency voting directives were followed. There was mass confusion among county officials and voters, alike. Emergency measures such as Internet and fax voting not only violated New Jersey law, but also left votes vulnerable to on-line hacking. Internet voting should never be permitted, especially in emergencies when governmental infrastructure is already compromised.

As the May 2014 National Climate Assessment issued by the U.S. government makes all too clear, New Jersey is highly likely to be impacted negatively by more Superstorm Sandy-like disasters in the near future.265 This means that it is critical for New Jersey to enact and implement emergency voting procedures that comply with existing election law, and that protect every vote. As such, those emergency measures should not include Internet and fax voting as an option, under any circumstance.

Verizon tracking its users (again)

As the biggest fine ever ( http://www.fastcompany.com/3035193/fast-feed/fcc-fines-verizon-74-million-for-using-private-data-to-market-to-customers )
didn't make enough of an impression, 

Verizon is now tracking the browsing of its wireless users with a new token, according to Ars Technica - http://arstechnica.com/security/2014/10/verizon-wireless-injects-identifiers-link-its-users-to-web-requests/

More information can be found here:

http://codydunne.blogspot.com/2014/10/verizon-wireless-injecting-tracking.html

Or you can test it yourself here:

http://uidh.crud.net

Browsing from the work/desktop network shows no X-UIDH header, but from a (Work) Verizon cell phone shows the header, and links to an NBC news site with opt-out information.  According to people on Twitter (https://twitter.com/search?f=realtime&q=verizon%20uidh ) ,   opting out doesn’t always work.  I haven’t tested it yet.

Using HTTPS supposedly prevents this information from being sent, but there may not be a way to I don’t know whether this information uniquely identifies 

(* TODO *) I wonder whether setting up an apache server as a proxy, with HTTPS in and http out would prevent the headers?

(Updated) There's this web site/app called "Whisper" that wants you to "to anonymously share their innermost thoughts, secrets, and feelings."

Whisper (bad), not Whisper Systems (good, Moxie Marlinspike)

Yeah. 

Do I have to say DON'T DO IT?!

They Geolocate, which can't be turned off, concentrates on US military bases, and Intelligence agency locations, and also use the IP address

Whisper:  Lies! (the guardian)

US Senate: Oh really?  Why don't we chat about that? (The Verge)

Why is the National Science Foundation analysing Twitter for "Social Pollution"?

 And why does it affect Ajit Pai - a member of the FCC - enough to write an op-ed in the Washington Post?


http://www.washingtonpost.com/opinions/truthy-project-is-unworthy-of-tax-dollars/2014/10/17/a3274faa-531b-11e4-809b-8cc0a295c773_story.html

Head  of the article saved here for posterity...

Ajit Pai is a member of the Federal Communications Commission.

If you take to Twitter to express your views on a hot-button issue, does the government have an interest in deciding whether you are spreading “misinformation’’? If you tweet your support for a candidate in the November elections, should taxpayer money be used to monitor your speech and evaluate your “partisanship’’?

My guess is that most Americans would answer those questions with a resounding no. But the federal government seems to disagree. The National Science Foundation , a federal agency whose mission is to “promote the progress of science; to advance the national health, prosperity and welfare; and to secure the national defense,” is funding a project to collect and analyze your Twitter data.

The project is being developed by researchers at Indiana University, and its purported aim is to detect what they deem “social pollution” and to study what they call “social epidemics,” including how memes — ideas that spread throughout pop culture — propagate. What types of social pollution are they targeting? “Political smears,” so-called “astroturfing” and other forms of “misinformation.”
Named “Truthy,” after a term coined by TV host Stephen Colbert, the project claims to use a “sophisticated combination of text and data mining, social network analysis, and complex network models” to distinguish between memes that arise in an “organic manner” and those that are manipulated into being.

But there’s much more to the story. Focusing in particular on political speech, Truthy keeps track of which Twitter accounts are using hashtags such as #teaparty and #dems. It estimates users’ “partisanship.” It invites feedback on whether specific Twitter users, such as the Drudge Report, are “truthy” or “spamming.” And it evaluates whether accounts are expressing “positive” or “negative” sentiments toward other users or memes.

 The Truthy team says this research could be used to “mitigate the diffusion of false and misleading ideas, detect hate speech and subversive propaganda, and assist in the preservation of open debate.”

I'm so happy they have my best interests at heart

Violet Blue isn't a parody account, she's a real journalist

While her blog is NSFW ( big time ), she does some top-notch writing, including Infosec. 

This ZDNET article 10 things you need to know before hiring penetration testers 
realistically talks about penetration testing - bookmark!