Amman, which also closed the local office of Al Jazeera TV channel, said decision was made to ensure regional stability.

Amman, which also closed the local office of Al Jazeera TV channel, said decision was made to ensure regional stability.

An anonymous reader shares an excerpt from a report via Motherboard: Mobile phone forensic extraction devices have been a law enforcement tool for years now, and the number of agencies using them is only rising. As part of an ongoing investigation, we have finally been able to turn up some usage logs of this equipment, from Tulsa Police Department, and Tucson Police Department. While the logs do not list the cause of the crime or any other notes about why the phone was being searched, it does list the make of the phone, the date, and the type of extraction. First, let's go over what extraction devices are being used here. Tucson PD opted for the brand that is arguably the worldwide leader in mobile device forensics, the Israeli company Cellebrite. Tulsa Police Department however opted for a few different models -- they purchased two different password breakers from Teel Technologies in 2015, and in March 2016 gave about $1,500 to Susteen for their SecureView extraction device (SecureView was the product Susteen created when the FBI requested they create a more advanced extraction device for them). It does its work instantly, and has an incredible reach into a phone's data. They renewed this contract in 2017. In August 2016 they also purchased the Detective extraction device from Oxygen Forensics. Oxygen is much less common than Cellebrite, from what we have found. The kicker really is how often these are being used -- it is simply really hard to believe that out of the 783 times Tulsa Police used their extraction devices, all were for crimes in which it was necessary to look at all of the phone's data. Even for the 316 times Tucson PD used theirs in the last year, it is still a real stretch to think that some low-level non-violent offenders weren't on the receiving end. There are some days where the devices were used multiple times -- Tulsa used theirs eight times on February 28th of this year, eight again on April 3rd, and a whopping 14 times on May 10th 2016. That is a whole lot of data that Tulsa was able to tap into, and we aren't even able to understand the why.

Read more of this story at Slashdot.

Residents of Gaza express concern over Qatar's rift with some Arab states that could affect aid to impoverished region.

Residents of Gaza express concern over Qatar's rift with some Arab states that could affect aid to impoverished region.

The cost of imprisoning each of California's 130,000 inmates is expected to reach a record $75,560 in the next year, the AP reported. From the article: That's enough to cover the annual cost of attending Harvard University and still have plenty left over for pizza and beer Gov. Jerry Brown's spending plan for the fiscal year that starts July 1 includes a record $11.4 billion for the corrections department while also predicting that there will be 11,500 fewer inmates in four years (alternative source) because voters in November approved earlier releases for many inmates. The price for each inmate has doubled since 2005, even as court orders related to overcrowding have reduced the population by about one-quarter. Salaries and benefits for prison guards and medical providers drove much of the increase. The result is a per-inmate cost that is the nation's highest -- and $2,000 above tuition, fees, room and board, and other expenses to attend Harvard. Since 2015, California's per-inmate costs have surged nearly $10,000, or about 13%. New York is a distant second in overall costs at about $69,000.

Read more of this story at Slashdot.

The cost of imprisoning each of California's 130,000 inmates is expected to reach a record $75,560 in the next year, the AP reported. From the article: That's enough to cover the annual cost of attending Harvard University and still have plenty left over for pizza and beer Gov. Jerry Brown's spending plan for the fiscal year that starts July 1 includes a record $11.4 billion for the corrections department while also predicting that there will be 11,500 fewer inmates in four years (alternative source) because voters in November approved earlier releases for many inmates. The price for each inmate has doubled since 2005, even as court orders related to overcrowding have reduced the population by about one-quarter. Salaries and benefits for prison guards and medical providers drove much of the increase. The result is a per-inmate cost that is the nation's highest -- and $2,000 above tuition, fees, room and board, and other expenses to attend Harvard. Since 2015, California's per-inmate costs have surged nearly $10,000, or about 13%. New York is a distant second in overall costs at about $69,000.

Read more of this story at Slashdot.

In part 1, I gave some examples to recover XOR keys from encoded executables if we knew some of the content of the unencoded file (known plaintext attack).

In this part, I give some examples to automate this process using my xor-kpa tool.

xor-kpa.py takes 2 files as input: the first file contains the plaintext, and the second file the encoded file. We are going to search for string This program cannot be run in DOS mode width:852px" />

xor-kpa displays some potential keys, in ascending order of extra characters.

Value Key is the recovered key, and Key (hex) is the hexadecimal representation of the key (in case the key would not be printable).

Keystream is the keystream, from which xor-kpa extracted the key by looking for repeating strings.

Extra is the difference between the length of the keystream and the length of the key. If this is just one character, the proposed key is very unlikely to be the encoding key. Output can be filtered by requiring a minimum value for extra by using option -e.

Divide is the number of times the key is present in the keystream.

And counts reports the number of times the same key was recovered at different positions in the encoded file.

So by using this known plaintext (This program cannot be run in DOS mode) with the encoded file, xor-kpa proposes a number of keys. In this example, the key with the highest number of extra characters is the actual encoding key (Password).

Another way to recover the key we saw yesterday, is looking for sequences of null bytes (0x00) which have been encoded. xor-kpa.py can do this too, by giving 000000000000... as plaintext. We could create a file containing null bytes, but it width:852px" />

The key was recovered, and the count is very high, so it width:852px" />

Please post a comment is you have ideas for other known plaintexts in executables.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Some voters in Scotland say they will vote for the Conservative Party to avoid a second referendum on Scottish independence.