Tuesday, March 29, 2016

Really not much available other than the FBI is claiming success. If this is something that Apple has already fixed, I suspect they will quietly give the process to Apple. If the vulnerability is still there, they will likely keep it from Apple.
U.S. Says It Has Unlocked iPhone Without Apple
The Justice Department said on Monday that it had found a way to unlock an iPhone without help from Apple, allowing the agency to withdraw its legal effort to compel the tech company to assist in a mass-shooting investigation.
… Yet law enforcement’s ability to now unlock an iPhone through an alternative method raises new uncertainties, including questions about the strength of security in Apple devices. The development also creates potential for new conflicts between the government and Apple about the method used to open the device and whether that technique will be disclosed. Lawyers for Apple have previously said the company would want to know the procedure used to crack open the smartphone, yet the government might classify the method.
… “I would hope they would give that information to Apple so that it can patch any weaknesses,” she said, “but if the government classifies the tool, that suggests it may not.”
In a two-paragraph filing on Monday, the Justice Department said it had “now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple.”

Encryption Is a Luxury
Last year, a team of technology experts warned against giving law enforcement special access to encrypted communications. They explained that this special access would “undermine and reverse” the technology industry’s efforts to bolster digital security.
The landmark paper addressed a conflict between technology companies and the government that had been brewing for some time.
… Most Android phones don’t encrypt the data that’s stored on the device, and many come with messaging services that don’t encrypt data that’s sent back and forth between devices.
… Google recently required that all new Android devices encrypt device data by default—but exempted slower (and therefore cheaper) phones, making encryption a de-facto luxury feature.

(Related) The Apple v FBI issue will never arise in China.
Dow Jones Business reports:
China’s top three Web browsers collected and transmitted data in insecure ways, making hundreds of millions of users’ personal information vulnerable to unauthorized access, according to a human-rights research group.
In a report published Tuesday, the University of Toronto’sCitizen Lab said Tencent Holdings Ltd.’s QQ Browser had been transmitting users’ data to its servers either with weak encryption or without encryption—a method of encoding information to protect it.
Read more on NASDAQ.

India denied Apple's “Free Basics” for just these reasons. Were they smarter than the FCC?
Groups ask FCC for action on 'zero-rating'
Public interest groups are urging the Federal Communications Commission to take action under its net neutrality rules against the increasing number of Internet providers who allow customers to access some services without charging them for the data.
“As currently offered, these plans enable ISPs to pick winners and losers online or create new tolls for websites and applications,” said public interest advocacy groups in a joint letter to FCC Chairman Tom Wheeler
“As a result, they present a serious threat to the Open Internet: they distort competition, thwart innovation, threaten free speech, and restrict consumer choice — all harms the rules were meant to prevent.”
The letter was signed by more than 40 groups, including Demand Progress, the Electronic Frontier Foundation and Free Press.
They are responding to the rise of the practice, known as zero-rating, that allows customers to consume data free of charge, broadly speaking, as long as they use certain services or websites.

Police are interested because it works. Some concerns are a bit beyond current capabilities.
Predictive Policing: the future of crime-fighting, or the future of racial profiling?
There’s a new kind of software that claims to help law enforcement agencies reduce crime, by using algorithms to predict where crimes will happen and directing more officers to those areas. It’s called “predictive policing,” and it’s already being used by dozens of police departments all over the country, including the Los Angeles, Chicago, and Atlanta Police Departments.
Aside from the obvious “Minority Report” pre-crime allusions, there has been a tremendous amount of speculation about what the future of predictive policing might hold. Could people be locked up just because a computer model says that they are likely to commit a crime? Could all crime end altogether, because an artificial intelligence gets so good at predicting when crimes will occur?

MIT for Managers: How Insecure Is The Internet of Things?
… Based on reports from people who attended the MIT Media Lab-sponsored Security of Things hackathon on March 4-5, 2016, the challenge of protecting WiFi- and Bluetooth-enabled devices from motivated hackers may be more daunting than even the most seasoned attendees expected.
I believe we’re at a tipping point for the ‘Internet of Things,’” says Tal Achituv, a research assistant at the media lab and an organizer of the event. “While most people now have several networked devices in their homes — everything from light bulbs and home alarm systems to baby monitors — very few people appreciate just how vulnerable many of these devices are.”

Another Thing in the Internet of Things. Will the airlines allow more batteries on flights? Will terrorists find the location information useful?
With $3.5M In Funding, Raden Is The Latest Smart Luggage Company Aimed At Tech-Savvy Travelers
Raden is a new smart luggage company aiming to change the future of travel. All Raden bags are equipped with an integrated scale, built-in-charger and location awareness technology. Customers are able to use a sleek companion app to track their case and attain relevant information about one’s travels including an estimated security wait time.

Not for my students. (Slightly different in older Word versions)
How to Get the Readability Score of Any Word Document
… Note that readability here refers to the ease of comprehending written word, not checking to ensure aesthetics like font size and color are clear. If this is the type of readability you were looking for, check out how to make text easier to read in Windows.
You could always get readability information through a tool on the Web if you need more info, but Word can give you a base overview without ever leaving. Here’s how.

Might be fun for my students to play with.
5 Alternative Virtual Assistant Apps You’ve Never Heard Of
… We’ve covered free alternatives to Siri in the past, and rounded up the three major virtual assistants to find out which is best. We’ve even explored using Cortana on the desktop.
But a lot of great alternatives to these apps have popped up since we wrote about any of that, and we wanted to round up a few.
Hound (Android, iOS): Fast Responses to a Bunch of Questions
Sirius: The Open Source Siri Alternative
Evi (Android, iOS): Quick Answers to Questions
Cloe: Text Messaging Concierge
Google Voice Search (Chrome): Search Using Your Voice Anywhere
It almost seems like cheating to include this, but we’ve somehow not really mentioned it before. If you’re using Google Chrome on the desktop, you can use voice search right now and get a voice response back, just like on your phone.

For my Spring Computer Security class.
So pleased to see this announcement from Bill Fitzgerald:
One of the unspoken issues in working on security and privacy in educational software is that, while many people are passionate about privacy and security, many people don’t know how to start evaluating software or how to assess any potential risks they might uncover. One of the explicit goals of the District Privacy Evaluation Initiative is to decrease these barriers to entry and to help more people have a more informed conversation about what constitutes sound security and privacy practices. While the full realm of information security is a broad subject, we wanted to provide a concrete starting point. Based on observations of issues we have seen — and continue to see — within software, we compiled a primer and are happy to announce the release of the Information Security Primer for Evaluating Educational Software.
The primary audience for the primer is district staff and education technology vendors, but the usefulness of this information goes far beyond these two primary audiences. We hope and anticipate that it will be used by parents, students, privacy advocates, teachers, and anyone else with an interest in learning more about how to evaluate the security of the software we build and use.
As the title implies, this document is a primer, not a comprehensive guide. We intend for this document to grow and evolve over time. Future versions will include more advanced testing scenarios, but for the initial version, we wanted to provide resources to allow people to learn how to do security reviews safely. We anticipate updates throughout the year, with published “official” releases happening one to two times annually. The “published” version will be available on Graphite, with the working version maintained openly on GitHub.
The primer covers the basics of information security testing, starting with a grounding in responsible disclosure. The tests run in the primer make extensive use of work from the Open Web Application Security Project, or OWASP. The primer leverages the Zed Attack Proxy, an open-source intercepting proxy supported as part of OWASP. The full suite of resources available from OWASP are incredibly valuable, and the content we cover in the primer just scratches the surface. As one example, an item not covered in the primer that should be recommended reading for developers building Web applications is the OWASP Application Security Verification Project.
As with all of our work on the District Privacy Evaluation Initiative, we welcome community involvement and input. If you work at a school or district and would like to get involved in our ongoing work, please sign up! If you would like to contribute to the content of the primer, please join the effort over on GitHub. We will be responding to questions in the issue queue and approving and/or discussing any pull requests we receive.
SOURCE: Graphite

No comments: