Saturday, October 18, 2014
For my Computer Security students. Most companies warn their employees about unsolicited links and emails. This is just one version of the bad things that could happen.
Researchers have found a way to trick Android users into executing potentially malicious applications by hiding them inside innocent-looking image files.
Axelle Apvrille, mobile/IoT malware analyst and researcher at Fortinet, and Ange Albertini, reverse engineer and author of Corkami.com, have created an application that can be used to encrypt an APK to make it look like a PNG image file.
In a real attack leveraging this method, the attacker sends an application containing an image to the potential victim. When the app is launched, the victim only sees the harmless-looking image. In the background however, a malicious payload is installed onto the victim's Android device.
The encryption is done with AngeCryption, an application developed by the researchers
The FBI would settle for a wide open front door. (Bad advice makes you seem silly.)
Thursday, FBI Director James Comey delivered a talk at the Brookings Institution, titled “Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course?” His thesis did not stray too far from his (and others’) recent calls for limitations on software from companies like Google and Apple that employs strong cryptography that even the companies themselves cannot break, even if law enforcement agencies produce a warrant for the encrypted data. These calls by law enforcement for companies to provide “back doors” to encryption and other security systems, through which companies could “unlock” the data by using, as one editorial board unfortunately put it, a “secure golden key they would retain and use only when a court has approved a search warrant.”
The problem with the “golden key” approach is that it just doesn’t work. While a golden key that unlocks data only for legally authorized surveillance might sound like an ideal solution (assuming you trust the government not to abuse it), we don’t actually know how to provide this functionality in practice. Security engineers, cryptographers, and computer scientists are in almost universal agreement that any technology that provides a government back door also carries a significant risk of weakening security in unexpected ways. In other words, a back door for the government can easily – and quietly – become a back door for criminals and foreign intelligence services.
(Related) A more “to the point” headline! (Links to other contradictory articles.)
“...and now for something completely different.” Monte Python
Safeguarding the Personal Information of all People – ODNI
Office of the Director of National Intelligence (ODNI) – Safeguarding the Personal Information of all People, July 2014.
“As the President said in his speech on January 17, 2014, “the challenges posed by threats like terrorism, proliferation, and cyber-attacks are not going away any time soon, and for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world.” As a part of that effort, the President made clear that the United States is committed to protecting the personal information of all people regardless of nationality. This commitment is reflected in the directions the President gave to the Intelligence Community on that same day, when he issued Presidential Policy Directive/PPD-28, Signals Intelligence Activities. New Standards for Safeguarding Privacy: PPD-28 reinforces current practices, establishes new principles, and strengthens oversight, to ensure that in conducting signals intelligence activities, the United States takes into account not only the security needs of our nation and our allies, but also the privacy of people around the world. The Intelligence Community already conducts signals intelligence activities in a carefully controlled manner, pursuant to the law and subject to layers of oversight, focusing on important foreign intelligence and national security priorities. But as the President recognized, “[o]ur efforts will only be effective if ordinary citizens in other countries have confidence that the United States respects their privacy too.” To that end, the Intelligence Community has been working hard to implement PPD-28 within the framework of existing processes, resources, and capabilities, while ensuring that mission needs continue to be met. In particular, PPD-28 directs intelligence agencies to review and update their policies and processes – and establish new ones as appropriate – to safeguard personal information collected through signals intelligence, regardless of nationality and consistent with our technical capabilities and operational needs.”
In order to be “fair,” shouldn't your opponents also receive an indication that you are fatigued?
Pablo S. Torre and Tom Haberstroh report:
… The boom officially began during work hours. Before last season, all 30 arenas installed sets of six military-grade [??? Bob] cameras, built by a firm called SportVU, to record the x- and y-coordinates of every person on the court at a rate of 25 times a second — a technology originally developed for missile defense in Israel. This past spring, SportVU partnered with Catapult, an Australian company that produces wearable GPS trackers that can gauge fatigue levels during physical activity. Catapult counts a baker’s dozen of NBA clients, including the exhaustion-conscious Spurs, and claims Mavericks owner Mark Cuban as both a customer and investor. To front offices, the upside of such devices is rather obvious: Players, like Formula One cars, are luxury machines that perform best if vigilantly monitored, regulated and rested.
Read more on ESPN.
In case you didn't know, when you book a flight the government must okay issuance of a boarding pass.
From Papers, Please!:
We talked at length with Watchdog investigative reporter Dave Lieber for his column in today’s Dallas Morning News: Travelers, say bon voyage to privacy.
Lieber hits the nail on the head by calling out how few travelers realize that the U.S. government is keeping a permanent file of complete mirror copies of their reservations
Read more on Papers, Please!
Your car is just another thing on the Internet of Things.
Dr. Stefan Schuppert writes:
The Conference of the German Federal and State Data Protection Authorities during its last meeting on 8 and 9 October adopted the resolution “Data Protection in the Car”. The resolution expresses a concern about what it describes as privacy risks involved in the growing collection and processing of personal data in cars, and the interests of various actors (car manufacturers, service providers, insurance companies, employers) in using those data.
The resolution outlines several obligations of car manufacturers, dealers, repair shops, and providers of communication services.
Read more on Hogan Lovells Chronicle of Data Protection.
More words or mere words?
Katherine Gasztonyi writes:
At the International Conference of Data Protection and Privacy Commissioners in Mauritius this week, representatives of the private sector and academia joined together to discuss the positive changes and attendant risks that the internet of things and big data may bring to daily life. Attendees memorialized the observations and conclusions of their discussions in a Declaration on the Internet of Things and a Resolution on Big Data. The documents are not, of course, binding. But, the fact that the Declaration and Resolution drew the consensus of a large gathering of international data protection regulators renders them relevant indicators of direction of data privacy policies and trends.
Read more on Covington & Burling Inside Privacy.
Now this is interesting. We can drag the Copyright lawyers (no doubt kicking and screaming) into the technical discussions about Big Data and the Internet of Things. What if I seeded Denver with devices that transmitted, “I am Bob's thing number 762. I am located at 39° 44' 21" N / 104° 59' 3" W Copyright © 2014 by Bob. You owe me $0.02 for this information.”
Big data and the “internet of things” — in which everyday objects can send and receive data — promise revolutionary change to management and society. But their success rests on an assumption: that all the data being generated by internet companies and devices scattered across the planet belongs to the organizations collecting it. What if it doesn’t?
Alex “Sandy” Pentland, the Toshiba Professor of Media Arts and Sciences at MIT, suggests that companies don’t own the data, and that without rules defining who does, consumers will revolt, regulators will swoop down, and the internet of things will fail to reach its potential. To avoid this, Pentland has proposed a set of principles and practices to define the ownership of data and control its flow. He calls it the New Deal on Data. It’s no less ambitious than it sounds. In the November issues of HBR, Pentland discusses how the New Deal is being received and how it’s already working in a little town in the Italian Alps.
Just because Google can't point to an article does not mean the article goes away.
BBC to publish 'right to be forgotten' removals list
The BBC is to publish a continually updated list of its articles removed from Google under the controversial "right to be forgotten" rule.
The ruling allows people to ask Google to remove some types of information about them from its search index.
But editorial policy head David Jordan told a public meeting, hosted by Google, that the BBC felt some of its articles had been wrongly hidden.
… Google decided to notify affected websites each time a link had been removed.
The BBC will begin - in the "next few weeks" - publishing the list of removed URLs it has been notified about by Google.
Eventually, your phone will do everything for you and keep on doing it for months (years?) after your death.
Google: We'll make you smarter ... if you share your data
Google's chairman says the search giant can create your ideal artificial personal assistant. The catch? You need to give up more and more of your personal information.
Tools for personal security.
MasterCard's New Credit Card Will Come With a Fingerprint Scanner
… MasterCard is now teaming up with biometric tech company Zwipe to prevent people from paying for items this way with stolen credit cards. It's a way to prove that it's actually you using the card.
The Zwipe MasterCard, which might be offered only in the UK for now, comes with a built-in fingerprint scanner that stores your thumbprint. When you put your thumb on the scanner, the embedded chip unlocks and you'll be able to tap the card to make purchases.
My world is changing – Harvard tells me so.
… Broadly speaking, competency-based education identifies explicit learning outcomes when it comes to knowledge and the application of that knowledge. They include measurable learning objectives that empower students: this person can apply financial principles to solve business problems; this person can write memos by evaluating seemingly unrelated pieces of information; or this person can create and explain big data results using data mining skills and advanced modeling techniques.
… The key distinction is the modularization of learning. Nowhere else but in an online competency-based curriculum will you find this novel and flexible architecture. By breaking free of the constraints of the “course” as the educational unit, online competency-based providers can easily and cost-effectively stack together modules for various and emergent disciplines.
A New Initiative: The GA Credentialing Network
… In partnership with a consortium of more than twenty companies, including GE, PayPal, and Elance-oDesk, we are developing a series of competency-based credentials for high-skilled positions in technology, design, and business. Our first credential, for web development skills, will be publicly available in early 2015. This initial program —and those that follow—will be available to job-seekers beyond the limits of the General Assembly student community, and will be free of charge for both job-seekers and employers.
For my lucky spreadsheet students.
35 Years Ago Today, Spreadsheets Were Invented
On this day in 1979, a computer program called VisiCalc first shipped for the Apple II platform, marking the birth of the spreadsheet, a now-ubiquitous tool used to compile everything from grocery lists to Fortune 500 company accounts.
And that’s why October 17th is Spreadsheet Day, celebrated by fans of the form.
I've been looking for a simple tutorial for my Math students.
How to Calculate Using Japanese Abacus Part 1
Hard to believe they are serious...
… LAUSD will not release an inspector general’s report into the district’s decision-making process that went into its massive purchase of iPads and Pearson curriculum. The school board voted 4–3 against releasing the information to the public.
… LAUSD Superintendent John Deasy resigned this week, on the heels of investigations into the district’s iPad procurement process and failures of its new student information system. Ray Cortines has been named interim superintendent.
… A group of Harvard Law School professors say that the university’s new sexual assault policies “lack the most basic elements of fairness and due process, are overwhelmingly stacked against the accused, and are in no way required by Title IX law or regulation.”
… “The Public Sociology Association, made up of graduate students at George Mason University, has published what adjunct advocates are calling the most comprehensive study of one institution’s adjunct faculty working conditions ever.” More on the report via Inside Higher Ed. http://www.hackeducation.com/2014/10/17/hack-education-weekly-news-10-17-2014/