Thursday, September 03, 2015

So, the manufacturers send their phones to “middlemen” who install spyware, then return the phones for packaging?
Tara Seals reports:
Over 190.3 million people in the US own smartphones, but many do not know exactly what a mobile device can disclose to third parties about its owner. Mobile malware is spiking, and is all too often pre-installed on a user’s device.
Following its findings in 2014 that the Star N9500 smartphone was embedded with extensive espionage functions, G DATA security experts have continued the investigation and found that over 26 models from some well-known manufacturers including Huawei, Lenovo and Xiaomi, have pre-installed spyware in the firmware.
However, unlike the Star devices, the researchers suspect middlemen to be behind this, modifying the device software to steal user data and inject their own advertising to earn money.
Read more on InfoSecurity.
[From the article:
Further, the G DATA Q2 2015 Mobile Malware Report shows that there will be over two million new malware apps by the end of the year.

Like my students, some (most?) parents don't bother reading the instructions.
IoT baby monitors STILL revealing live streams of sleeping kids
… Isolated real-world reports of hacking of baby monitors date back at least two years, so it’s not as if the problem is new.
Last year privacy watchdogs at the ICO warned parents to change the default passwords on webcams to stop perverts shopping on kids.
The warning followed a security flap created by the site, hosted in Russia, that streamed live footage ranging from CCTV networks to built-in cameras from baby monitors. The website itself – – accesses the cams using the default login credentials, which are freely available online for thousands of devices.

Legal doublethink. This poor, helpless minor will be charges as an adult. (Isn't the legal marrying age in the south somewhere around 12? Or is that only for first cousins?) The boyfriend was also charged.
Paul Woolverton reports:
After a 16-year-old Fayetteville girl made a sexually explicit nude photo of herself for her boyfriend last fall, the Cumberland County Sheriff’s Office concluded that she committed two felony sex crimes against herself and arrested her in February.
The girl was listed on a warrant as both the adult perpetrator and the minor victim of two counts of sexual exploitation of minor – second-degree exploitation for making her photo and third-degree exploitation for having her photo in her possession.
Read more on Fay Observer.

Typical bureaucracy: When in doubt, hire more underlings, ask for a larger budget,
FAA bolsters drone outreach with new hires
The Federal Aviation Administration (FAA) on Wednesday brought on two high-level officials to help lead the agency’s regulation of drone flights in the United States.
The agency hired Hoot Gibson as senior adviser on drone integration, a new position that reports to the FAA deputy administrator. The position, first announced in May, will focus on outreach to other areas of the government and airspace stakeholders.
The agency also hired Earl Lawrence to become the new director of the UAS Integration Office, which has been vacant since the retirement of Jim Williams in June. The office was created in 2013 to help create regulations to safely integrate drones into the nation’s airspace.

Just in case you missed it. Initial reports always seem to underestimate the damage. Imagine if this had been something really dangerous, like Donald Trump's hair tonic.
Pentagon Now Says Army Mistakenly Sent Live Anthrax to All 50 States
Deputy Defense Secretary Bob Work has repeatedly said the scandal over the military's mistaken shipment of live anthrax spores around the nation and the world would get worse -- and he was right.
The number of labs that received live anthrax has more than doubled to 194 since Work and Frank Kendall, the Pentagon's top acquisition official, released a report in July on the shipments of the deadly pathogen from the Army's Dugway Proving Grounds in Utah.
The number of states receiving live anthrax also more than doubled to include all 50 states and Washington, D.C., plus Guam, the U.S. Virgin Islands and Puerto Rico.

The world gets its news from Twits?
Nearly 9 in 10 people on Twitter use it to get news
… Eighty-six percent of users overall say they use the platform for news, according to the study, which was funded by Twitter but developed independently by the American Press Institute and released Tuesday.
… A Pew Research Center earlier this year found that use of Twitter and Facebook to consume news is on the rise, with current users seeing more news on the platforms.

Apple Adds More Publishers for Its News App, Which Will Launch Soon
One thing you won’t hear much about at Apple’s media event next week: Its News app, a newsreader that will work something like Flipboard, that will be included in Apple’s upcoming iOS 9 software this fall.
That doesn’t mean Apple isn’t interested in getting the word out about the app, which it has been fixing up since debuting a rough-around-the-edges beta a few months ago. It has also signed up more publishers for the launch, which will likely be in the next few weeks. When it announced News at WWDC in June, Apple had 18 publishers on board; now it says it has more than 50.

Should we consider the source and laugh at this guidance?
White House Wants Feedback on IT Contract Security
Cybersecurity is a key component of all contracts between U.S. government agencies and information technology vendors. Yet cyberbreaches continue to occur – some of them with alarming scope and depth.
The White House is seeking input from private sector vendors and others on how to improve the cybersecurity elements involved in federal government purchases of IT equipment and services. The Office of Management and Budget recently released draft guidance dealing with that issue, and it will accept input on the proposal until Sept. 10.

Someone has to fall on his sword! Will that be the job of the staffers who will testify? What could they say? “We did it, Hillary was ignorant?”
Ex-Hillary Clinton Staffer Who Set Up Email Server Plans to Plead the Fifth
A former Hillary Clinton staffer who helped set up the former secretary of state's private email server has vowed to invoke the Fifth Amendment and refuse to answer questions after a congressional committee subpoenaed him, MSNBC confirmed late Wednesday.
Bryan Pagliano, who worked for Clinton during her 2008 presidential campaign and at the State Department, has been identified in digital records as the person who set up her email server in 2009.
… A Clinton campaign aide said in a statement to NBC News Wednesday the candidate has encouraged aides to answer any questions.

(Related) It's easy to teach Best Practices if you have plenty of really, really bad examples. It does raise yet another question: Did Hillary's server block all known security issues? Did she ever receive emails from unknown sources and open them?
The "Executive" IT Security Problem - Lessons Learned from Hillary Clinton
Not every executive wants to dedicate space in their bathroom to an email server. But there are companies without a BYOD policy where executives insist on using personal tablets. Yahoo’s CEO famously refused to put a passcode on her personal phone. Some execs retain access to sensitive information following retirement. They insist on downloading software from any Internet site they want to. With authority and resources, convenience is easily prioritized over policy.
Further, the risks presented by privileged users, including executives, continues evolving. No longer limited to the malicious or careless user, we now are confronted with outsiders obtaining and abusing insider credentials. Spear phishing executives, or “whaling” is a rising attack vector to take advantage of the broad access attackers possess, while self-inflicted vulnerabilities make them a softer target as well.

Not analysis of bits and bytes. Using tech to record artifacts before some fanatic destroys them.
Institute for Digital Archaeology
by Sabrina I. Pacifici on Sep 2, 2015
“Digital archaeology represents the natural evolution of classical archaeology, permitting researchers to look at ancient objects in a whole new way, to uncover hidden inscriptions, invisible paint lines, the faintest palimpsests... and to share these discoveries with the world.”
The Million Image Database Project – “In collaboration with UNESCO World Heritage and the epigraphical database project at NYU’s Institute for the Study of the Ancient World and engineering specialists at Oxford University, we hope to capture one million 3D images of at-risk objects by the end of 2016. To that end, we have created a heavily modified version of an inexpensive consumer 3D camera that will permit inexperienced users to capture archival-quality scans. The camera has the facility to upload these images automatically to database servers where they can be used for study or, if required, 3D replication. It is our intention to deploy up to five-thousand of these low-cost 3D cameras in conflict zones throughout the world by the end of 2015. Each camera contains an automated tutorial package that will help field users – local museum affiliates, imbedded military, NGO employees and volunteers – both to identify appropriate subject matters and to capture useable images. This project is the first of its kind in both purpose and scale. However, it is our hope that it will become a model for future similar endeavors. All of the associated technology and software will be open-source to facilitate that goal.” This project is especially timely in light of the seemingly unstoppable destruction of antiquities, including in Palmyra, Syria.

If you thought “old stuff” disappeared you haven't tried to buy anything for your horse recently. Weak and poor quality companies are forced out of the market, but the survivors always command a premium.
This Company Is Still Making Audio Cassettes and Sales Are Better Than Ever
The audiocassette tape is not dead. In fact, one Springfield, Mo., cassette maker says it has had its best year since it opened in 1969.
“You can characterize our operating model as stubbornness and stupidity. We were too stubborn to quit,” said National Audio Company President Steve Stepp.
NAC is the largest and one of the few remaining manufacturers of audiocassettes in the U.S. The profitable company produced more than 10 million tapes in 2014 and sales are up 20 percent this year.

I do want to collect articles like this. I think they would benefit my students.
Leaving Voicemails, and Other Prickish Phone Habits
… With all the focus on what smartphones can do and how they’re affecting us, many people have lost sight of how to use our phones like an actual, original, dial-a-number phone without behaving like an ass. This isn’t an argument against buying a smartphone, but just a sad fact of life.

No comments: