Lavabit was a much more "under the radar" provider. Silent circle has gained huge traction since they started and provide secure Phone, SMS and mail services. They may not be "equal" but silent circle is certainly more of a high profile target.
Spideroak.com - online backup and sync with zero-knowledge client side encryption should be represented in cloud services in my opinion, though since we are not yet 100% open source I understand the arguments against it.
We are however very close to opening nimbus.io and crypton.io open-source secure and private storage APIs based on our storage infrastructure.
I am thoroughly unimpressed by Marissa Mayer at this point. Yahoo is doing nothing but keeping up their 'trend' of buying too early or too late.
Tumblr while a great asset is going to be FAR to expensive to pay off for Yahoo at this point, and a lot of the junior assets they have purchased have no or little direction.
In my opinion Yahoo is on a quick slide towards 'AOL territory' where they have to slim down to their 'core' to make any money and will likely suffer innovation starvation until they are almost totally irrelevant.
Simply 100% not true. They freely admitted to committing crimes, and there is overwhelming evidence they routinely broke the law and helped clients do the same. The 'fine' was a joke.
The thing I don't get, is if you know there are multiple devices, any opfor with half a brain is going to put them in the mass transit for follow up. So why evac people when sheltering in place is almost certainly safer? The TLDR is don't create a juicy concentrated target when you know for certain that someone is currently aiming at juicy concentrated targets.
Also if its an ongoing event, shelter in place means people pay pretty close attention to their environment, but scrambling in terror every random direction means a great opportunity for the opfor to drop something bad in the chaos and possibly escape.
I'm not saying lock down everyone for hours (days?) or don't evac a known bad location, but...
It's easier to destroy than it is to create, for example create safety for the people there.
People outside a certain radius of the initial attack are almost certainly safer. The only thing you can do is get everyone out of the area. Keeping everyone there it seems... I'm confused about what the goal would be. You've got to move everyone out of there eventually so do it. I'm just trying to picture the huge amount of resources it would take to try and quarantine.
Transit is much harder and has a much stronger security presence - people in general are also far more alert for suspicious packages. It would be much tougher I'd think to get something like this onto a subway rather than a huge crowd.
Whoops I looked it up and apparently a "mall" in boston is what the rest of the world would call a boulevard or parkway. So they're actually evac a street lined with trees. My worry was it they're shoving people in immense lines thru the doors of what the rest of the world would call a "mall" making a tempting target for the opfor.
I am surprised its verified to be packages and not dudes wearing vests or whatever. There's no way to avoid the issue that getting the crowd to stampede means certain targets of opportunity will be very busy. If I were in Boston there's no way in hell I'd set foot on any mass transit until the evac is over.
The original point still stands, that people mostly sittin down can't get into too much mischief, "everybody get up and run around" results in huge opportunity for chaos, because not just the good guys, but the bad guys too will be up and running around.
It's not that uncommon in other parts of the US either. In Raleigh, they commonly referred to part of Fayetteville Street as "Fayettevill Street Mall".
"people mostly sittin down can't get into too much mischief"
Except the psychological stress of sitting quietly near where a bomb just went off is probably much worse than heading for home. I imagine that the police manpower needed to actually keep people from leaving would be substantial.
The alternative isn't "everybody get up and run around", it's "everybody head for home, where you feel safe." I know if I were police chief, I'd think long and hard about the trade-offs before I tried to stand in the way of people trying to get home. After all, they're going to have to go home eventually.
And we know of one location where the opposition is known to have planted bombs; why would you want to keep large numbers of people around that location? Why not disperse them to their homes, so they're not such a concentrated target?
That's assuming normal traffic flow. As someone famous said "quantity has a quality all it's own" - in large traffic flow conditions (as is the case with an evacuation), are all the same security precautions taken? Can they be sustained without a huge bump in the security staff? If new security staff are used impromptu, will they follow the same stringent standards?
I agree with VLM - these people should have been secured in place and not herded through a chokepoint in a rush.
I think the difference is there isn't only a single route for people to evac the mall. It would be insane to have an area where there's several bombings in a large area, with one gateway out, and to then encourage everyone to bunch up at the gateway.
I grok'd your confusion about "mall" but just so you're aware, almost no one used the subway after the event. Everyone walked in a dispersed fashion. I did as well and kept to the back alleys and off the main race course. It was actually pretty ideal I think, people did well.
Has any named official confirmed the cell service shutdown? I'm hearing the opposite.
The original shutdown report I heard was attributed to an unnamed BPD source. This is obviously a particularly easy rumor to spread when the networks are all jammed up with callers.
You can locally jam cell phone frequencies without involving the operators--seems like that'd be default bomb squad kit. I was along the racetrack at mile 23 and signal and data were extremely poor starting 10-15 minutes after the event--The local cells of the network could also have been simply overloaded.
The AP has walked back that article -- headline now reads "Cellphone use heavy, but still operating in Boston". I don't see any note of a retraction or correction.
Anyone know of any good resources to explain when news organizations find it ethical to transparently change articles like this, and when it isn't?
"Apparently cellphone service is SHUT DOWN! To make sure new devices are not remotely detonated!"
Oh no. This has been done a lot of times recently and all it means is future devices are going to be designed to go off when service is lost. Like every time you get a text message the 10 minute "reset" button is shorted. On the bright side AT&T outages are now a feature not a bug as they make constructing and transporting devices like this very exciting for the bad guys.
That seems like an overly complicated way of doing something that could just be done with a timer. (I don't mean to provide tips of any sort, but that seems kind of obvious to me.)
You are correct. This is a very common scenario. The trigger is the cell phone's vibration motor, which is removed so the IED can be connected to the phone. A timer is set, the signal to the motor is sent and activates the trigger, entirely without the use of radio waves and obviously without needing a cell tower.
1) No signal = the primaries have gone off and the area is swarming with panic evacuees and rescue personnel and full of news cameras = almost the definition of the perfect time for the secondaries to go off.
2) If the purpose of the attack is terror, what better way than shutting off communications then creating an intense demand for communications? And you get to make the authorities feel guilty about it?
3) This also fits in with jammer mentality. So if a jammer protects against IEDs, the obvious counter response is a weapon against jammers. So next year's run, if there is one, will have a motorcycle pace vehicle with a very highly publicized jammer mounted on it for the purpose of security theater, the pace cycle/jammer rides past the trivial to imagine and design jammer detector, and ...
It all boils down to I can't figure out a realistic alternative way for the good guys to help the bad guys more effectively than shutting down the cell network.
Yeah, due to localized jamming in Iraq (for convoys, using Warlock and better), there were "increasingly sophisticated" systems.
The correct way to make the best IED trigger would be something which required an ongoing cryptographic challenge with nonce or time, so you were safe from both having your circuit cut AND from people finding/replaying your signal.
Don't be silly. No one ever does that in a crisis. They just spout platitudes about 'doing everything possible' and never stop to think about what that actually means.
And if you point out the implications someone will quickly follow up by assuring you that 'no one would ever do that'. Sometimes I think the greatest weakness of policymakers is the delusion that other policymakers believe what they believe, and for the same reasons.
Cell service was really bad for an hour after the explosion. My wife has an older clamshell phone that seemed harder to connect I expect due to the absence of newer 3G frequencies. Not getting a signal make one very nervous at a time like that.
"Boston police say there was no specific intelligence warning of any kind of attack, and federal officials tonight say there is no reason to think that this is part of any larger threat. At this point they believe it is confined to Boston, but a meeting tonight will decide whether any kind of national alert will be sent out. There is no suspect in custody, authorities say, but some people are being questioned, including some with injuries who were taken to Boston hospitals.
One of those, a person in whom there is some interest, is
a young person who was here on a student visa,"
