Saturday, August 08, 2015

Indistinguishable from the FBI's backdoor, except they claim to have a fix for this one.
According to the researchers at security firm Check Point, “Hundreds of millions of Android smartphones may be at risk from a security flaw that allows hackers to hijack a handset without a victim’s knowledge. Devices made by Samsung, HTC, LG and ZTE, including those running the latest version of Android, are potentially vulnerable. Check point has dubbed the flaw “Certifi-gate.”
The company said that software installed on smartphones by the manufacturers, which cannot be disabled by users, could be exploited by malicious apps, giving them privileged access to the device.
This means hackers could steal contact information and other personal data, track a user’s location, and remotely activate the smartphone’s microphone without the user’s knowledge. Gabi Reish, Check Point’s vice president of product management stated that “it would make it a remote spying device.”
Read more on Patently Apple.

An update to one my IT Governance students analyzed.
Investopedia reports:
Warehouse membership club Costco says it needs more time to secure its photo processing website.
Third-party photo service provider PNI Digital Media was hacked last month, causing retailers Costco, CVS Health, and Wal-Mart to take down their respective photo processing websites and post cautionary notes in their place.
Costco had notified its customers at the time that it was “diligently working to determine when we can reenable the site, but in all likelihood, that will not occur until early August.” It updated that notice the other day to essentially say, on second thought, give us another week or so.
Read more on Investopedia.

Might be a memorable (or horrible) way to introduce privacy issues and the reference to the Streisand Effect.
Lenny Kravitz, meet Barbra Streisand.
Uproxx reports:
Hope everyone got a good look, because Lenny Kravitz has had just about enough of your gawking.
When the rocker’s “axe” first surfaced on the internet after its surprise cameo at a festival in Stockholm, Sweden, it was all laughs. Even Lenny himself took a lighthearted approach to the potentially embarrassing situation, taking to Twitter and posting a screenshot of a conversation between himself and Steven Tyler of Aerosmith. He even coined the event #PenisGate. But those mirthful laughs and giggles at a potentially humiliating moment are over. The “Where Are We Running” singer is considering legal action about having the dick pics taken down off the internet.
According to Metro (via NME), Lenny’s legal representatives are now threatening publishers with lawsuits, saying the photos breach their “clients’ copyright, human rights, right-of-publicity and performer’s rights.”
Read more on Uproxx.

When you unpack new things you often need to remove the cosmoline.
Windows 10 defaults to keylogging, harvesting browser history, purchases, and covert listening
By default, Microsoft gets to see your location, keystrokes and browser history -- and listen to your microphone, and some of that stuff is shared with "trusted [by Microsoft, not by you] partners."
You can turn this all off, of course, by digging through screen after screen of "privacy" dashboards

“I Don’t Want to Belong to Any Club That Will Accept Me as a Member” Groucho Marx Even if it helps you get a loan?
Facebook patents technology to help lenders discriminate against borrowers based on social connections
Facebook has been granted an updated patent from the U.S. Patent office on a technology that can help lenders discriminate against certain borrowers based on the borrower’s social network connections.
… Here’s the last use case Facebook describes in the patent:
In a fourth embodiment of the invention, the service provider is a lender. When an individual applies for a loan, the lender examines the credit ratings of members of the individual’s social network who are connected to the individual through authorized nodes. If the average credit rating of these members is at least a minimum credit score, the lender continues to process the loan application. Otherwise, the loan application is rejected.

Soon, everyone will have these embedded at birth. Another benefit of Windows 10?
All NFL Players Are Getting RFID Chips This Season
… Last year, the NFL tested out Zebra Technologies MotionWorks RFID system in 18 stadiums to track vector data: A player’s speed, distance, and direction traveled during each game in real-time. This season, that wireless tracking technology will be embedded in every NFL player’s shoulder pads, and viewers at home can see all that data come to life in the redesigned NFL 2015 app for Xbox One and Windows 10.
Within the app, there’s a feature called Next Gen Stats that turns each player into an digital avatar for a “Next Gen Replay.” In coordination with a highlight clip posted shortly after it occurs live on the field, Next Gen Replay displays every player’s speed at each moment of a play, lets you toggle between players, and keeps track of the actual yardage a running back has run in a play or in a game.
… The new app will be available in late August, just in time for week three of the preseason. The NFL app and the Next Gen Stats features are free to everyone.

Curious. (Digest Item #2)
iTunes Is Illegal In the UK
Using iTunes is now illegal in the UK, with the current copyright laws turning almost everyone into a criminal. Copying copyrighted content for personal use was actually illegal in the UK until 2014, when the government legalized an activity already undertaken by most people.
Unfortunately, several organizations looking after the welfare of musicians — including the Musicians’ Union and UK Music — weren’t happy with the change in the law, and applied for a judicial review. They got it, and the changes to the law have now been overturned.
This means that copying the music from a CD you have bought onto an MP3 player is now illegal. Which is a feature built into iTunes, Windows Media Player, and countless other pieces of software. All of which are now, by the letter of the law, assisting people in criminal behavior.
A government spokesperson told TorrentFreak, “It is now unlawful to make private copies of copyright works you own, without permission from the copyright holder – this includes format shifting from one medium to another.” So perhaps we should bombard music labels with such requests until they join us in the 21st century.

Really confusing. Isn't any link to your site a desirable thing? How does any of this stuff work? Runs Into Turbulence With Retailers
Dozens of the nation’s largest retailers including Macy’s Inc., Inc., and Home Depot Inc. have quickly moved to disassociate themselves from new discount retail website
The retailers complained to Jet after discovering it had placed links to their sites without permission, promising its own members cash back for making purchases after clicking the links. [I have no idea how that would work. Bob]
… Companies with multiple brands whose links have been withdrawn from Jet include heavyweights Wal-Mart Stores Inc., Gap Inc., Walgreens, Williams-Sonoma Inc. and L’OrĂ©al SA. “If someone is using our brand without our permission, there are a multitude of concerns, and we’re not going to allow it,” said a Home Depot spokesman, who added that Jet was cooperative in removing his company’s logo after being asked to do so.
Liza Landsman, Jet’s chief customer officer, said some of the merchants requesting their brands be removed were unhappy because they view Jet as a competitor, while others insisted Jet negotiate a deal with them first. Another group of merchants was unaware but was happy for Jet to direct traffic to them, she said.
… For example, Jet promises 30% cash back to its members when they buy products on Nike Inc.’s site after clicking its affiliate link, an offer that would cover the cost of Jet’s $50 a year membership if consumers bought one high-price pair of shoes.

I'm addicted.
Hack Education Weekly News
… The ACLU has filed a lawsuit in Kentucky, highlighting the use of restraints in school and releasing a video of an 8 year old boy crying as a school police office handcuffs his arms behind his back. The ACLU claims that the schools’ practice of shackling students (this boy and a girl, age 9) violated the ADA. More via The Guardian and the AP. [And we wonder why students hate school? Bob]
Via CBS Detroit: “A teenager who was locked up for nearly 40 days in a dispute over a snowball has filed a lawsuit against the Detroit school district after a judge dismissed the criminal case.”
… “One day before a district court ruling was to go into effect that would force the NCAA to allow colleges to pay student-athletes $5,000 per year, the 9th U.S. Circuit Court of Appeals has placed a stay on that order,” says NPR.
… Two school districts are adopting bodycams, THE Journal reports.
… A study of 10,000 by TNTP “found that professional development – the teacher workshops and training that cost taxpayers billions of dollars each year – is largely a waste.”

For my students who don't read?
Add a Text to Speech Function to Your Browser
Announcify is a free text to speech application that is available as a Chrome browser extension. With Announcify installed in your browser any time you're viewing a webpage you can simply click on the Announcify icon in your browser and have the text of the page read to you. A bonus aspect of using Announcify is that in order to make a webpage easier to read it enlarges the text of the webpage and removes all sidebar content. In the video embedded below I provide a short demonstration of Announcify in action.

Not something I'll share at student orientation.

No comments: