BC CRIME
Saved by @Mollyycolllinss

My students @maxzks and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were “breaking phone encryption”. 1/

 This was prompted by a claim from someone knowledgeable, who claimed that forensics companies no longer had the ability to break the Apple Secure Enclave Processor, which would make it very hard to crack the password of a locked, recent iPhone. 2/
We wrote an enormous report about what we found, which we’ll release after the holidays. The TL;DR is kind of depressing:

Authorities don’t need to break phone encryption in most cases, because modern phone encryption sort of sucks. 3/
I’ll focus on Apple here but Android is very similar. The top-level is that, to break encryption on an Apple phone you need to get the encryption keys. Since these are derived from the user’s passcode, you either need to guess that — or you need the user to have entered it. 4/
Guessing the password is hard on recent iPhones because there’s (at most) a 10-guess limit enforced by the Secure Enclave Processor (SEP). There’s good evidence that at one point in 2018 a company called GrayKey had a SEP exploit that did this for the X. See photo. 5/
There is really no solid evidence that this exploit still works on recent-model iPhones, after 2018. If anything, the evidence is against it.

So if they can’t crack the passcode, how is law enforcement still breaking into iPhones (because they definitely are)? 6/
The boring answer very likely is that police *aren’t* guessing suspects’ passcodes. They’re relying on the fact that the owner probably typed it in. Not *after* the phone is seized, in most cases. Beforehand. 7/
You see, iPhones can be in one of two states, which are respectively known as “Before First Unlock” (BFU) and “After First Unlock” (AFU). This is pretty self-explanatory.

When you turn your phone on and enter the passcode in the morning, you switch your phone from BFU->AFU. 8/
When you first unlock your iPhone after power-on, it uses your passcode to derive several sets of cryptographic keys. These stay in memory inside your phone, and are used to encrypt the file system. 9/
When you lock your iPhone (or press the button on the side, or leave it alone until the screen goes blank), exactly *one* set of keys gets “evicted”, ie erased from memory. Those keys are gone until you enter your passcode or use FaceID.

All of the other keys stay in memory. 10/
The key that gets evicted on lock is used to decrypt a subset of the files on the filesystem, namely the ones that have a specific protection class (NSComplete). The keys that don’t get evicted can be used to decrypt all the other files.

(This is all well-known so far BTW.) 11/
So the upshot of this is that, if police can capture your phone in the AFU state (yours is almost certainly in that state for 99% of its existence) *and* they have a software exploit that allows them to bypass the OS security measures, they can get most of the files. 12/
The real question is: what exactly does “most of the files” mean, and the corollary is “why not protect *more* than just a few of the files with that special key (the one that gets evicted)”. That’s where things get depressing. 13/
Apple *sort of* vaguely offers a list of the apps whose files get this special protection even in the AFU state. But notice how vague this language is. I have to actually decode it. 14/
Notice how this text simply reports that some app data is “protected through encryption” (this is vague and meaningless, since it doesn’t say whether it’s AFU or BFU) and other app data is explicitly only protected in the BFU state (before you first unlock.) Why so vague? 15/
Here is a version of the same text from back in 2012. Notice how it explicitly states that “Mail, App Launch images, and Location Data” are protected using the strongest type of encryption.

So it seems that Apple is actually protecting *less* data now than in 2012. Yikes. 16/
(Our most likely guess: Apple has weakened the protections on location data in order to enable fancy features like “location based reminders”. So they had to weaken the language in the security guide. This isn’t great.) 17/
But whether you look at the 2012 or 2020 data, the situation sucks. The built-in apps that definitely use strong AFU protection are:

Mail (which probably already exists on a server that police can subpoena, so who cares.)

App launch data (🤷‍♂️)

That’s not great. 18/
3rd party apps can opt-in to protect data using the strongest type of encryption, so this isn’t necessarily the whole story. But let’s list some data that *doesn’t* get AFU protection:

Photos
Texts
Notes
Possibly some location data

Most of what cops want. 19/
So this answers the great mystery of “how are police breaking Apple’s encryption in 2020”. The answer is they probably aren’t. They’re seizing unlocked phones and using jailbreaks to dump the filesystem, most of which can be accessed easily since keys are in memory. 20/
Oh my god my thumbs. 21/
Anyway, this leaves basically only one remaining question:

Why is so little of this data encrypted when your phone is AFU and locked? And the answer to that is probably obvious to anyone who develops software, but it still sucks. 22/
Most apps like to do things in the background, while your phone is locked. They read from files and generally do boring software things.

When you protect files using the strongest protection class and the phone locks, the app can’t do this stuff. It gets an error. 23/
Apple provides some tools to make this less painful: for example, they have a “write only” protection class.

But for the most part it’s annoying for software devs, so they lower protections. And if Apple *isn’t* using strong protection for its in-house apps, who will? 24/
If I could tell Apple to do one thing, I would tell them to figure this problem out. Because without protection for the AFU state, phone encryption is basically a no-op against motivated attackers.

Maybe Apple’s lawyers prefer it this way, but it’s courting disaster. 25/
For those who would prefer to read this thread in the form of a 65-page PDF that also discusses cloud backup systems and Android, here is our current paper draft: https://t.co/k3Qw0DNIoI

This will be on a pretty website soon. Thanks for not blocking me after this thread. // fin

More from Crime

File411
File411
@File411
ICYMI
Hate Crime Indictment
Jason DeSimas
Jason Stanley
Randy Smith
Daniel Delbert Dorson
-aiding & abetting
-punched & kicked a Black man -derogatory comments about his actual & perceived race
-assaulting 2 other men who intervened to protect the

What’s a bit amazing is this hate crime took place in December of 2018 and the 4 defendants were indicted nearly two year on the nose. Because the Defendants were indicted for a hate crime.
That’s a force multiplier or at a minimum an enhancement of 10 years (addition to)


At first glance you wouldn’t think this had anything to do with White Supremacy -read page 4-
Dorson falsely claimed that he had not planned to attend a white supremacist’s “Martyr’s Day” observance in the state of WA
he had not owned a “flight jacket“
https://t.co/yU8t1DkyZA


Doc # 16 Detention Motion by USA
https://t.co/sxaBEqDLWr

“DeSimas admitted that he was a member of Crew 38,
a support club of Hammerskin Nation, a white supremacists organization...DeSimas lied to the FBI, denying that neither he nor anyone else had used the “N” word...”


always read those footnotes
3 other co-defendants are in custody
-Daniel Delbert Dorson ordered detained & will be
transferred to this District
-Randy Smith is detained in the District of OR, on an unrelated federal case
-Jason Stanley is detained at the ID DOC an unrelated case
CRIME
Abhijit Iyer-Mitra
Abhijit Iyer-Mitra
@Iyervval
THREAD
1 @DisinfoEU (EUD) brought out a report on a “web of disinformation” set up by Indian intelligence. This kangaroo court drivel followed no consistent logic & by EUD’s own standards show EUD collusion with Pakistani intelligence & left wing journos in India. Let’s examine

2 first up we need to understand what this latest report is. It adds on a report released by the same group in 2019 claiming to expose the organisation of Madi Sharma. The target this time though is to link @ANI to the Madi Sharma network

3 it claims this is a 15 year operation, IE started by the UPA government under Dr Manmohan Singh. Curiously though in these 15 years it can find only 12 instances of where @ANI this news website called EU chronicle. IE less than once a year.


4 this is key, because we need to understand that their sample set for this “vast disinformation network” is exactly 12 articles - a serious sampling error by any stretch. But the innuendoes and stretches here are mind boggling. Let’s start with this image: it claims EU chronicle


5 and ANI are linked as they covered the same protests using SIMILAR angles, admitting they weren’t able to find the exact footage. However by the end of the report the innuendo becomes fact. Curiously guess who else also covers Anti Pakistan protests? @AFP used by @BBCWorld to
CRIME
Advertisement
Ilyas Nagdee
Ilyas Nagdee
@ilyas_nagdee
Coroner Joanne Kearsley begins the Verdict hearing by stating that the ruling will be a lengthy one, will take around a hour and a half. She begins by acknowledging Zamzam Ture, Shukri Abdi's mother is in the courtroom #JusticeForShukriAbdi

Lays out statutory parameters of Inquest. "An Inquest is a limited fact finding inquiry."

She has accepted evidence from Shukri's family, Children 1 - 4, GMP, Fire Service and others. The court has reviewed footage, CCTV, and videos from the phone of one of the children

She acknowledges Zamzam Ture was not provided with a satisfactory translator in the first instance.

She outlines Shukri's birth at a refugee camp in Kenya. She moved to the UK completing 5 months in primary school before moving into secondary school.

Shukri was a "joy to have in class". Shukri was remembered a smiley happy girl by her peers.

Zamzam, Shukri's Mum said prior to June 2019, Shukri has never been to a river. She could not swim.

On the 27th June, Shukri had been in school all day. Coroner states there is a discrepency between accounts of who invited Shukri.
CRIME
Forecast 432Hz
Forecast 432Hz
@Forecast432hz
Breaking Thread: D5 MEMORY LANE & OUTLOOK
In this thread we will cover the different meanings behind D5 and what the near term might have in store for us.

D5 Multiple Meanings & Outlook:
1. Events that took place on 5th Dec 2018
2. Date of DNI Report regarding unmaski*g of Gen. Flynn.
3. CF Investigation re: Crim*s Against Humanity
4. D5 Forecast 432Hz (Ongoing Investigation re: Election Frau*)

1. Lets warm up with 2 Year Delta Drop 2549:
Role of Huber (as portrayed by 'Q')? What are the odds that Huber would be scheduled to testify re: Clint*n Foundation on D5? What are the odds GHWB passes away and the State Funeral date is on D5? What other interviews and

investigations were wiped clean (postponed) given a STATE FUNERAL takes up media coverage for a week? Why does the FAKE NEWS media [largest in the world] continually attack 'Q'? Why is the WASH POST leading the attack? Think ABC agency. When you are awake you can SEE CLEARLY.

My take: DS tried to cover up Huber BOOM via Funeral Date, but they didn’t realise D5 meant something else…👇
CRIME
Kumar Satyam \U0001f1ee\U0001f1f3
Kumar Satyam 🇮🇳...
@RealKumarSatyam
@RajeevMasandYou called Sushant's calm and zen-like nature fake and called him insecure. Tell your source or issue a public apology statement. If you forgot check the attached image.

#NepoBootlickerMasand


2. @RajeevMasand posts another nasty blind item about a fake metoo story & DilBechara.This metoo story never caught on but someone wanted to imply that this won't be released cz of that See what the fans have observed in comments.
Rajeev Say Sorry.

#NepoBootlickerMasand


Here just after one flop, Rajeev Masand chose to fall Sushant an "overpaid outsider". The ripple of writing him off just like that. Why? On who behest?
Ans my Question You #NepoBootlickerMasand ,Mr @RajeevMasand . I want your Public Apology Mr @RajeevMasand
#NepoBootlickerMasand


There are many more blinds which are third rate gossip with only mission being to write Sushant Singh off. Sushant's fan questioning Rajeev over his repeated disgusting blinds against SSR back in 2017
@RajeevMasand Why You was continuously targetting SSR?
#NepoBootlickerMasand


Filmy blogs,fans,Bollywood lovers like me always wondered hw is it that Sushant is only finding himself in the worse of the worst blinds.Why did someone hate him as much?He was never a threat, never publically spoke ill about someone then why?

#NepoBootlickerMasand
CRIME

You May Also Like

Kavita
Kavita
@Kavitastocks
There are many strategies in market 📉and it's possible to get monthly 4% return consistently if you master 💪in one strategy .
One of those strategies which I like is Iron Fly✈️

Few important points on Iron fly stategy

This is fixed loss🔴 defined stategy ,so you are aware of your losses . You know your risk ⚠️and breakeven points to exit the positions.
Risk is defined , so at psychological🧠 level you are at peace🙋‍♀️

How to implement
1. Should be done on Tuesday or Wednesday for next week expiry after 1-2 pm
2. Take view of the market ,looking at daily chart
3. Then do weekly iron fly.
4. No need to hold this till expiry day .

5.Exit it one day before expiry or when you see more than 2% within the week.
5. High vix is preferred for iron fly
6. Can be executed with less capital of 3-5 lakhs .
https://t.co/MYDgWkjYo8 have R:2R so over all it should be good.

8. If you are able to get 6% return monthly ,it means close to 100% return on your capital per annum.
ALL , OPTIONSLEARNINGS
Patrick McKenzie
Patrick McKenzie
@patio11
Some people really benefit from hearing advice that everyone knows, for the same reason we keep schools open despite every subject in them having been taught before.

In that spirit, here's some quick Things Many People Find Too Obvious To Have Told You Already.

Your idea is not valuable, at all. All value is in the execution. You think you are an exception; you are not. You should not insist on an NDA to talk about it; nobody serious will engage in contract review over an idea, and this will mark you as clueless.

Technologists tend to severely underestimate the difficulty and expense of creating software, especially at companies which do not have fully staffed industry leading engineering teams ("because software is so easy there, amirite guys?")

Charge more. Charge more still. Go on.

The press is a lossy and biased compression of events in the actual world, and is singularly consumed with its own rituals, status games, and incentives. The news necessarily fails to capture almost everything which happened yesterday. What it says is important usually isn't.

Companies find it incredibly hard to reliably staff positions with hard-working generalists who operate autonomously and have high risk tolerances. This is not the modal employee, including at places which are justifiably proud of the skill/diligence/etc of their employees.
TECH
Advertisement
David Rothkopf
David Rothkopf
@djrothkopf
Trump on climate: I don't believe it. Trump on Khashoggi: I don't believe it. Trump on Russia: I don't believe it. Idiocy? A canny game? Doesn't really matter as much as the underlying intellectual autocracy. In this administration only one opinion matters.

It's an assault on facts and reason. It's an assault on good governance. It's an assault on the bureaucracies that are being discounted. It's an assault on science and history. But it is also an assault on one of the underpinnings of democracy.

We live in a system that is grounded on the idea of collaborative government. Leaders may have a final word but even then, there are typically checks and balances. Hopefully, in this case, such checks and balances may work. But they also are being tested.

The president's position that he is smarter than all the world's scientists, than the entire intelligence community, than experts who have studied any issue all their lives, is, of course, asinine. But his belief that government turns solely on his opinion, is monarchic.

Louis XIV reportedly said, "L'etat est moi." That he was the state. Trump asserting that he knows better than all, discounts all advice, that his brain is enough to chart the course for America alone, is essentially saying the same thing.
POLITICS
Brianne Kimmel \U0001f4ac
Brianne Kimmel 💬...
@briannekimmel
Shocking fact: Millennial men are less likely to work than any other age and gender demographic in America.

Today, there are 500,000 young men missing from the U.S. workforce.

Research suggests video games & improved leisure tech plays a role in the problem. 👇 Thread:

Following the 2007 to 2009 recession, 25 to 34 year old men exited high school with fewer middle-skill job opportunities than years prior.

During this time, we saw an increased number of men living with parents & choosing unemployment over lower paying jobs.

It's estimated that 24M millennials live w/ their parents.

1 in 4 living in their parents’ home neither go to school nor work.

What's more surprising? 9 in 10 who lived with their parents a year ago are still living there w/ no plans to leave.

Economists are calling millennial men a lost generation.

According to economist David Dorn:

“If you get to the point where you’re turning 30, you’ve never held a real job and you don’t have a college education, then it is very hard to recover at that point.”

Economists suggest this choosiness is a generational trait.

Forbes interview w/ a high school educated man:

"I’m very quick to get frustrated when people refuse to pay me what I’m worth."
“People feel that they have choice nowadays, and they
SOCIETY
Anu Satheesh \U0001f1ee\U0001f1f3
Anu Satheesh 🇮🇳...
@AnuSatheesh5
Stories of Guruvayurappan
Shri Krishna Leela

This is a beautiful story of Guruvayurappan. Once there lived in Guruvayur a poor family. Kitta, his wife & kids were struggling for their daily needs. With only a coconut tree in house, he earned a living by selling coconuts.


Kitta was from a low caste family. He was a great devotee of Guruvayurappan. Everyday before going to work he always prayed infront of a picture of Guruvayurappan in his house. His only wish was to worship at Guruvayur & have annadanam in temple. But he was not allowed there


It was Utsavam time in Guruvayur. From far behind kitta and family worshipped Guruvayurappan. Annadanam was given daily and no one was left empty stomach. Only Kitta didn't receive. That night, it was only Kitta's family who was sleeping without food. After temple nada closed


Shri Krishna, dressed himself as a Brahmin went to temple Kitchen. He packed food and went directly to kitta's house. Reaching Kitta's house, Shri Krishna told he was sent by a cook of Guruvayur temple and gave them the food he packed. Kitta and family was very happy seeing food.


When Kitta finished his food, Brahmin asked it will be better if he get a tender coconut( karikku)to drink. Kitta climbed the tree and gave all coconuts to him. After having 1 tender coconut, the Brahmin asked to bring remaining coconuts to Guruvayur temple the next day.
ALL