Thursday, August 13, 2015
Look at how this works. Is it just advertising? Could an intelligence or criminal organization be using this too?
Lenovo Accused Of Using ‘Rootkit-Like’ Methods To Sneak Software Onto Clean Windows Installs
When acquiring a new notebook or desktop, one of the first things many power users do is wipe it clean. No one likes the "junk" that comes preinstalled, and if time is available, sometimes it's just preferable to start fresh. But what if that was easier said than done? What if that preinstalled junk became more like a plague, persisting even through a fresh install of Windows?
You might think, "That's crazy. Impossible." Well, it is crazy, but it's definitely not impossible.
It seems that installing some asinine malware on customer PCs wasn't enough to satisfy Lenovo's insatiable appetite for intrusion, as it's recently been discovered that the company's installed what's effectively a rootkit onto a range of its notebooks, including Flex and Yoga models.
The root of this problem, no pun, is something called Lenovo Service Engine, in effect low-level firmware that's able to detect whether or not certain files exist in the installed OS. In this case, it seems only Windows 7 and 8 are affected. [So far. Bob] In the event files this rootkit wants are not present, they'll automatically be fetched from the Internet, and subsequently installed.
(Related) Et tu, Microsoft?
Is Windows 10 Spying On You? Privacy Fears Raised As OS Secretly Contacts Microsoft Regardless Of Settings
Windows 10 has raised some privacy concerns over its default settings, which share speech, calendar and contact information with Microsoft. However, it has emerged that even if the user chooses not to share anything with Microsoft at all, the system will still regularly contact Redmond.
According to ArsTechnica, Windows 10 pings Microsoft during certain tasks without explaining why or even giving any indication that contact is taking place, with the news site having to use specialist tools to make the discovery.
For my Intro to Computer Security students.
What the U.S. Military Has Learned About Thwarting Cyberattacks
… The Department of Defense has found that the lion’s share of successful cyberattacks are made possible by poor human performance. Indeed, a key element of our thesis is that most organizations place too little emphasis on changing behavior and too much on technical safeguards.
We suggest that companies should follow the U.S. military’s example. It is strengthening its cybersecurity by applying the methods used by the U.S. Navy’s nuclear-propulsion program, whose safety record is second to none. These include a robust program of training, reporting, and inspections, as well as six operational excellence principles.
(Related) First, scare the pants off them. This is probably not too frivolous, but I really don't care – it will grab their attention and possibly keep them awake.
Not Even Close: The State of Computer Security (with slides) – James Mickens
by Sabrina I. Pacifici on Aug 12, 2015
“In this bleak, relentlessly morbid talk, James Mickens will describe why making computers secure is an intrinsically impossible task. He will explain why no programming language makes it easy to write secure code. He will then discuss why cloud computing is a black hole for privacy, and only useful for people who want to fill your machine with ads, viruses, or viruses that masquerade as ads. At this point in the talk, an audience member may suggest that Bitcoins can make things better. Mickens will laugh at this audience member and then explain why trusting the Bitcoin infrastructure is like asking Dracula to become a vegan. Mickens will conclude by describing why true love is a joke and why we are all destined to die alone and tormented. The first ten attendees will get balloon animals, and/or an unconvincing explanation about why Mickens intended to (but did not) bring balloon animals. Mickens will then flee on horseback while shouting “The Prince of Lies escapes again!”
Probably not how Facebook would want to be seen by the world, if they thought about it.
Facebook cancelled a student's internship after he highlighted a massive privacy issue
Facebook cancelled a Harvard student's internship after he created a Google Chrome plugin that highlighted serious privacy flaws in the social network's messaging service, Boston.com reports.
In May, computer science and mathematics student Aran Khanna built Marauder's Map. It was a browser plugin that made use of the fact that people who use the Facebook Messenger share their location with everyone they message with by default.
… Earlier this week, Khanna published a case study for the Harvard Journal of Technology Science about his experience.
… On the afternoon of the 29th, three days after my initial posts, Facebook phoned me to inform me that it was rescinding the offer of a summer internship, citing as a reason that the extension violated the Facebook user agreement by "scraping" the site. The head of global human resources and recruiting followed up with an email message stating that my blog post did not reflect the "high ethical standards" around user privacy expected of interns. According to the email, the privacy issue was not with Facebook Messenger, but rather with my blog post and code describing how Facebook collected and shared users' geo-location data.
Anyone could have done this, if they had searched (Googled) for loopholes.
Google is testing drones in US airspace by piggybacking on Nasa exemption
… Documents seen by the Guardian also reveal technical details of Google’s drone, which is capable of speeds of up to 100 mph and weighs less than 25kg (55lb). The papers also reveal Google’s safety plans should a drone lose contact with its operator.
… Certificate of Waiver or Authorization (COA) … let public organisations like the military, state universities and police or fire departments experiment with unmanned aerial systems (UAS), as long as they meet safety standards. But COAs come with restrictions. FAA regulations state that a public agency must own or exclusively operate the drone in question, and that commercial operations are prohibited.
I don't get it. Indians have faces too. I have a half-dozen Indian faces in my class.
Facebook struggles to sell advertising in India
… Facebook has 132 million users in India, trailing only the 193 million in the United States, according to the company, and the country is critical for the Menlo Park, California, social network's global expansion.
But so far, the payoff has been small: Facebook earns 15 cents per user in India every quarter, compared to the $7 to $8 it makes on each U.S. user, according to analysts.
Facebook does not break out its revenues in India, but Neil Shah, an analyst at Counterpoint Research, a Hong Kong-based technology consulting firm, estimates it brings in $15 million a quarter, far behind the $350 million he estimates Google earns there per quarter.
Oh joy! (Can you get carpal tunnel syndrome from texting?)
Twitter Lifts 140-Character Limit for Direct Messages Today
Twitter Inc.’s 140-character limit is a defining characteristic of the social media service, both frustrating and liberating users’ public expression.
But the company believes that sacred limit doesn’t need to apply to private messaging. Starting Wednesday, Twitter is enabling users to send messages with unlimited characters directly to each other through its private-chat function.
… Twitter’s move is yet another admission that it needs to make the service more useful and easier to navigate. Over the past few months, for instance, it has begun curating more content for users in an attempt to organize the chaos, and it intends to double-down on curation with the forthcoming live-events product called Project Lightning.
Perhaps we should upgrade all those huge TVs in our classrooms?
This device can transform any TV into a touchscreen
There's big business in creating TV-sized touchscreens. Microsoft, for instance, developed the Surface Hub, a digital whiteboard for conference rooms. It's likely only a matter of time before Apple follows suit with a full-size iPad or Apple TV with a touch-enabled remote.
But Touchjet, the company behind the Pond pico projector, has other plans.
Instead of buying a touch-enabled screen that might be able to function as a standard TV, it plans on turning your tube into a massive Android 4.4 Kitkat-powered touchscreen using the same technology you'd find in your remote.
An infrared sensor is embedded in a camera that sits on top of the TV and plugs into the back of your screen via an HDMI cable. After tracking your finger movements using infrared light, the data is then interpreted by a processor and transformed into touch gestures that Android can process. Once calibrated, the sensor transforms your TV into a digital easel, an office whiteboard or an impossibly large Candy Crush playing field.
Might be a good way to introduce my students to Data Analysis.
Fantasy Football League Invokes IBM Watson APIs to Improve Fan Experience
In a move that could have broad implications for how APIs get used within the context of advanced analytics applications, Edge Up Sports, an organizer of a fantasy football league, revealed today that it plans to make use of IBM Watson cloud services to make it simpler for more fantasy football players to participate in the league.
Edge Up Sports CEO Ilya Tabakh told ProgrammableWeb that the fantasy football league organization will initially make use of the APIs that IBM gained when it acquired AlchemyAPI earlier this year. Specifically, Edge Up Sports will invoke text analytics and sentiment analysis APIs to make it easier for fans to aggregate various media reports about specific players they may be tracking.
For all my students? The wrong kind of “self improvement” App? Do these sell because we believe we need them?
The Startup Behind Popular Selfie-Editing App Facetune Raises $10 Million, Plans for New Products
In the world of Instagram, Facebook and Snapchat, you are only as cool as your last post. And in that world, editing the pimple out of your vacation selfie and pimping out your latest party photo is serious business. It’s also turbo-charging the growth of mobile photo-editing startup Lightricks.
Lightricks, the Jerusalem-based company behind the super popular Facetune app, has just closed its first-ever round of outside funding. The photo editing startup raised a $10 million round led by Israeli VC firm Carmel Ventures, according to an announcement released today.
Facetune, which is currently the second most popular paid app according to App Annie’s ranking, lets users retouch photos.
I was very excited until I realized these are two separate programs...
MIT Robots: Now able to punch through walls and serve you beer
(Related) Convergence? You no longer have to pour beer over your cereal?
New Hefeweizen beer – HefeWheaties created from Wheaties after they team up in Minneapolis
… Only presented in the Twin cities, the limited-edition Hefeweizen was created after the joint venture of local craft brewery Fulton and Wheaties. HefeWheaties has been created after the team up of the two Minnesota-based companies and it is the first alcohol partnership for Wheaties. People are calling it “beer for champions” in the local market.