Thursday, July 14, 2016
All of my students have smartphones.
Just Watching a YouTube Video Can Compromise Your Smartphone
Among the multiple ways of compromising a mobile device, a new method was recently analyzed by researchers that humans can’t detect: hidden voice commands.
The research was driven by the emergence of voice interfaces for computers and was conducted on Android and iOS devices with the "Google Now" feature activated. With modern smartphones and wearable devices adopting an "always-on" model in which they continuously listen for possible voice input, researchers wanted to learn whether hidden commands that are unintelligible to human listeners could be issued.
In a paper (PDF) describing the experiment, researchers from Berkeley and Georgetown University revealed that hidden commands that are effective against existing systems can be issued, and that humans are unlikely to understand them and might not even notice them. The mobile devices, one the other hand, will react to these commands.
… researchers say that it is possible to broadcast hidden commands from a loudspeaker at an event or to embed them in a trending YouTube video.
Unfortunately, we seem to have a government of “no consequences.”
Chinese Hacks on FDIC Covered Up by CIO
Threat actors believed to be from China breached the systems of the U.S. Federal Deposit Insurance Corporation (FDIC), but the agency’s chief information officer attempted to cover up the incident, according to a report published this week by the House of Representatives Science, Space and Technology Committee.
The report revealed that a threat group presumably sponsored by the Chinese government breached FDIC systems in 2010, 2011 and 2013. The attackers managed to plant malware on 12 workstations and 10 servers belonging to the banking regulator, including computers used by the chairman, chief of staff and general council.
According to the report, Russ Pittman, who was the FDIC’s CIO at the time, had instructed employees not to discuss or proliferate information about the attack to avoid jeopardizing the confirmation of Martin Gruenberg in the position of FDIC chairman.
… Pittman is not the only CIO accused of wrongdoings. The agency’s current CIO, Lawrence Gross, has been called out for failing to notify Congress of major incidents (i.e. incidents involving more than 10,000 records).
… The agency and its CIO attempted to downplay the extent of the incident until the FDIC Office of Inspector General (OIG) conducted an investigation and prompted the organization to report the breach to Congress. Furthermore, Gross reportedly removed a CISO who disagreed with him about whether the Florida incident should have been reported to Congress. Gross’ ability to serve as CIO of FDIC is now being brought into question.
So this is e-trespassing raised to the equivalent of a “make my day” law? Can I ask the FBI to stay away from my website?
Orin Kerr writes:
The U.S. Court of Appeals for the 9th Circuit has handed down a very important decision on the Computer Fraud and Abuse Act, Facebook v. Vachani, which I flagged just last week. For those of us worried about broad readings of the Computer Fraud and Abuse Act, the decision is quite troubling. Its reasoning appears to be very broad. If I’m reading it correctly, it says that if you tell people not to visit your website, and they do it anyway knowing you disapprove, they’re committing a federal crime of accessing your computer without authorization.
Read more on Washington Post. As always, Orin provides a lot of food for thought.
By now, I’ve only read the opinion once, and oddly, perhaps, what caught my eye was fn4:
Simply bypassing an IP address, without more, would not constitute unauthorized use. Because a blocked user does not receive notice that he has been blocked, he may never realize that the block was imposed and that authorization was revoked. Or, even if he does discover the block, he could conclude that it was triggered by misconduct by someone else who shares the same IP address, such as the user’s roommate or co-worker.
So someone going directly to a file on a server from search results – without going through the site’s or server’s front door – is not necessarily engaging in “unauthorized use” under CFAA without more? But what more would be needed in that situation to make criminal application of CFAA appropriate? And if that’s the case, think of the raid on Justin Shafer who accessed files on a Patterson FTP server when there was nothing he saw that would have suggested he didn’t have authorization.
Will the government let this stand? I rather doubt it.
Court rules DEA needs warrant to use mobile tracking device
A federal judge in New York on Tuesday ruled that law enforcement officers need a warrant before using a device that mimics cellphone towers to help track a person’s mobile phone.
Observers said the ruling was the first of its kind in federal court. But it is unclear how important the precedent will be since the government has already changed its policy to require warrants going forward.
… “Absent a search warrant, the Government may not turn a citizen’s cell phone into a tracking device,” the judge wrote in his opinion. “Perhaps recognizing this, the Department of Justice changed its internal policies, and now requires government agents to obtain a warrant before utilizing a cell-site simulator.”
The new Justice Department policy last year to require warrants came only a week after the DEA carried out its search of the home of Raymond Lambis, the defendant in the case.
(Related) So why question this?
Judge Koh Grilled at Hearing for 9th Circ. Slot
A Republican senator grilled U.S. District Judge Lucy Koh on Wednesday about why she said police need warrants to access cellular location data.
… From her bench in San Jose, Koh made headlines roughly this time last year in blocking the government from accessing data called cell-site location information without a warrant, saying such data has Fourth Amendment protections.
… The senator called Koh's ruling last year the only of its type. No other courts ruled that non-content, or meta-data, was subject to protection under the Fourth Amendment.
Koh, 47, emphasized that she had no precedent to follow, either from the U.S. Supreme Court, or the Ninth Court, which hears appeals from 15 judicial districts, including Koh's and three others in California.
Koh said she did her diligence by surveying other circuit cases and state laws on probable cause.
A 2012 decision by the Supreme Court guided Kohn in particular.
The ruling U.S. v. Jones "held that GPS [vehicular] tracking movements on public roads for 28 days did violate the Fourth Amendment and did require a warrant, and in this particular instance, it was equally a tracking of movement over 60 days instead of 28 days with tracking without a warrant," Koh noted.
Everyone is buying tools to surveil themselves. All the video goes to Nest and/or Google.
Nest's outdoor camera and Google A.I. tell you when someone's at your door
… This particular unit requires an outlet and does not run on batteries...the use of main power means the Nest Cam can continue recording and uploading footage...without needing to turn itself off and activate once movement is detected... On the flip side, should you happen to lose power to your home, the camera becomes decoration.
There's no built-in storage...so you'll need to make sure your Wi-Fi remains up and running. That said...all video streamed is encrypted. Sound like the perfect solution to add to your security setup? You can pre-order it now for $199.
… What about the accompanying app? How is that going to work with the new outdoor camera? Turns out, it is getting an upgrade, and will be using Google-power A.I. to detect people via the outdoor camera.
Subscribers to the Nest Aware service will get a new feature called “person alerts.” This server-based algorithm will analyze the feed from your camera in real time to distinguish a human being from anything else that might appear. If the algorithm determines that it’s a person, it will send an alert to the app. Nest's person alerts won't use facial recognition to try to identify who the person in front of the camera is. [Yet. Bob]
(Related) Government says surveillance earns you a discount – in reality, insurance companies will just charge more if you don’t surveil yourself.
Joe Cadillic writes:
Big Brother and auto insurance companies have devised a devious new way to encourage Americans to spy on each other. They’re offering motorists an insurance discount, if they purchase and install dashcams in their own vehicles!
New York Assembly member Alicia Hyndman and NY Senator Jose Peralta have introduced a bill, that would give New York drivers a 5% auto insurance discount for having a dash camera installed in their car. Fyi, insurance companies are also secretly identifying motorists and passengers using facial biometrics.
Read more on MassPrivateI.
Come on students, try and keep up!
Pokémon Go is Literally Taking Over the World. Here’s What Marketers Can Keep in Mind
Pokémon Go launched a week ago. That’s right- seven days. And in that time, there have been more downloads of the game then of Snapchat. According to an article on Forbes‘ website, more people are using Pokémon Go than Instagram and Whatsapp. People are knocking on strangers’ doors, taking impromptu trips, and allegedly, discovering dead bodies while playing the game. In short: Pokémon Go is a global phenomenon, the likes of which we have not seen in some time.
The beginner’s guide to Pokémon Go: A FAQ on how to catch 'em all
Self-promotion is still marketing. Don’t believe me? Ask Donald Trump.
Let Selena Gomez Help You Get Those Double-Taps: Her 7 Tips for Becoming the Most-Followed Person on Instagram
With 89.2 million followers, Selena Gomez is the most followed person on Instagram, trumping her BFF Taylor Swift by 4 million and her ex-boyfriend Justin Bieber by about 15 million. Not to mention, she's also beat out all the selfie masters in the Kardashian/Jenner family.
So how did SelGo do it? In an interview with The Hollywood Reporter, the singer admits she really didn't do much of anything at all—and that might just be the key to her success.… With that being said, here are 7 tips she suggests for gaining a massive following:
Something to share with my students. Just the math tips make it worthwhile.
This Cool Website Will Teach You Hundreds of Google Search Tips
This cool website called SearchyApp features an insane amount of tips that’ll help you make the most of Google.
Tom Brady’s appeal request denied by federal court, so his suspension stands
(Related) I only included the article above so I could ask: “Does Ruth like Tom better than Donald?”
Ruth Bader Ginsburg is the key to Tom Brady’s short-term fate
… Seeking justice will include seeking a stay of the suspension from Justice Ruth Bader Ginsburg, the member of the U.S. Supreme Court designated to handle cases arising from the Second Circuit. If an appeal is filed, she’ll inevitably be asked to maintain the status quo until the Supreme Court decides whether to take up the case.
Here’s where it gets very interesting — and potential very political. Ordinarily, Justice Ginsburg’s ideology and philosophies ordinarily would make her more likely than not to grant the stay. In this case, however, there’s a potential complication. His name is Donald Trump.
Brady has made no bones about his friendship with Trump. And Justice Ginsburg has made no bones about her disdain for Trump.