Friday, September 28, 2012

Ontogeny replicates phylogeny” Each new generation of technology comes first with demonstrations of new capibilities. Each generation forgets that vulnerabilities persist, even if they would rather not be bothered...
Summer Camp for the Car-Virus Squad
Some of the world’s cyber security experts – and many antivirus software vendors – warn that the proliferation of the connected car will be a prime target for hackers. Several university researchers have already shown that it’s relatively easy to access a car’s defenseless electronics system. Some have been able to surreptitiously listen to occupants’ conversation, while others have gone so far as to deploy something dubbed “Self Destruct,” in which a 60-second timer appears on a car’s dashboard display, and when it reaches zero the virus turns off the car’s lights, locks the doors, shuts down the engine, and slams on the brakes.
Battelle, the self-described world’s largest nonprofit R&D organization, took a novel approach to confront such car-hacking scenarios, hosting a summer camp for students to solve car-security challenges – and enjoy some nighttime movies and s’mores in the process.


“We guarantee this is safe.. Except when we don't.”
Hackers Breached Adobe Server in Order to Sign Their Malware
The ongoing security saga involving digital certificates got a new and disturbing wrinkle on Thursday when software giant Adobe announced that attackers breached its code-signing system and used it to sign their malware with a valid digital certificate from Adobe.
Adobe said the attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability get code approved from the company’s code-signing system.
Adobe said it was revoking the certificate and planned to issue new certificates for legitimate Adobe products that were also signed with the same certificate, wrote Brad Arkin, senior director of product security and privacy for Adobe, in a blog post.
… The company said it had good reason to believe the signed malware wasn’t a threat to the general population, and that the two malicious programs signed with the certificate are generally used for targeted, rather than broad-based, attacks. [“generally” Bob]
Arkin identified the two pieces of malware signed with the Adobe certificate as “pwdump7 v7.1″ and “myGeeksmail.dll.” He said that the company passed them on to anti-virus companies and other security firms so that they could write signatures to detect the malware and protect their customers, according to the post.
Adobe didn’t say when the breach occurred, but noted that it was re-issuing certificates for code that was signed with the compromised signing key after July 10, 2012. Also, a security advisory the company released with its announcement showed that the two malicious programs were signed on July 26 of this year. Adobe spokeswoman Liebke Lips told Wired that the company received the two malicious samples on the evening of Sept. 12 [Why didn't Adobe detect this? Bob] and immediately began the process of deactivating and revoking the certificate.
The company said the certificate will be re-issued on Oct. 4, but didn’t explain why it would take that long.


Continuing the quest to surveil everyone, anywhere...
US Department of Homeland Security looking for (more than) a few good drones
The US Department of Homeland Security this week issued a call for unmanned systems makers to participate in a program that will ultimately determine their safety and performance for use in first responder, law enforcement and border security situations.
In a twist that will certainly raise some eyebrows, the program's results of the ironically named program -- The Robotic Aircraft for Public Safety (RAPS) -- will remain unavailable to the public, which considering how involved the actual public may be with these drones is shall we say, unfortunate. Specifically the DHS says: "The information within each test report will be classified as For Official Use Only, and will not be shared with the general public. All company-restricted information will remain proprietary to the SUAS provider, and not shared publicly without explicit consent."


I'm shocked I tell you!
New Justice Department Documents Show Huge Increase in Warrantless Electronic Surveillance
September 27, 2012 by Dissent
Naomi Gilens writes:
Justice Department documents released today by the ACLU reveal that federal law enforcement agencies are increasingly monitoring Americans’ electronic communications, and doing so without warrants, sufficient oversight, or meaningful accountability.
The documents, handed over by the government only after months of litigation, are the attorney general’s 2010 and 2011 reports on the use of “pen register” and “trap and trace” surveillance powers. The reports show a dramatic increase in the use of these surveillance tools, which are used to gather information about telephone, email, and other Internet communications. The revelations underscore the importance of regulating and overseeing the government’s surveillance power. (Our original Freedom of Information Act request and our legal complaint are online.)
Read more on ACLU’s blog.


...not completely thought through?
Editorial: School computer rules would delete civil rights
September 27, 2012 by Dissent
An editorial in the Fairfield Citizen includes:
… in its stampede to secure federal money to protect students from both pornography and each other, the Fairfield Board of Education seems to have given little if any thought to the civil rights of students and their parents.
Proposed revisions to the schools’ Internet policy would include not only school equipment and networks, but personally owned equipment, too. The plan is so broad it raises alarming questions about rights of privacy, free speech — even freedom of religion.
Read more on Fairfield Citizen.
[From the article:
The revision states that personally owned equipment used for school purposes "will be treated as district technology resources."
Moreover, the policy states, students "should not have any expectation of personal privacy in the use of these resources."


An interesting exchange...
Fifth Circuit Cell-Site Case: Magistrate Judge Smith Responds and Defends His Decision
September 28, 2012 by Dissent
Orin Kerr writes:
Although I wasn’t planning to post any more on the Fifth Circuit cell-site case, I happened to notice that Magistrate Judge Smith recently posted a new essay on SSRN that is in significant part a response to my amicus brief and my criticisms of his decision. I thought it only fair to point readers to his paper and explore Smith’s argument in some detail. I’ll then offer my thoughts in response at the end.
In his essay, Standing Up for Mr. Nesbitt, forthcoming in the University of San Francisco Law Review, Smith argues that magistrate judges must “stand up” and protect ordinary citizens from “an increasingly surveillance-happy state” because “Congress and the Supreme Court have yet to do so.” None of the three branches of government are standing up to protect the ordinary citizen, Smith argues. The Executive Branch can’t regulate itself, and Congress has not addressed some important issues effectively. The Supreme Court has failed to step in, too, as it has hardly touched electronic privacy and it has expressed caution about its own role in recent decisions. With all three branches failing to protect the ordinary citizen, Smith argues, magistrate judges must step in and “play goalie for the missing side.” That is, magistrate judges must correct for the failures of the three branches by representing the side of the target of the investigation.
Read more on The Volokh Conspiracy.


Perspective A rather steep growth curve...
September 27, 2012
IBM - What is Big Data?
"What is big data? Every day, we create 2.5 quintillion bytes of data — so much that 90% of the data in the world today has been created in the last two years alone. This data comes from everywhere: sensors used to gather climate information, posts to social media sites, digital pictures and videos, purchase transaction records, and cell phone GPS signals to name a few. This data is big data."


Perspective Another interesting growth curve...
Instagram Use Is Exploding
In just six months, Instagram use has more than septupled, growing from around 900,000 people per day to around 7.3 million, according to ComScore. The photo-sharing app’s astonishing growth underscores the growing momentum of mobile-native apps, and the potential of said apps to open wide leads over traditional websites.
Instagram effectively has no website; though the social network’s photos live on the web, it can only be driven through mobile app. Like the popular check-in service Foursquare, Instagram is truly native to mobile and specifically to smartphones. Even before evidence of Instagram’s amazing six-month growth spurt, Silicon Valley entrepreneurs and venture capitalists were becoming obsessed with the mobile frontier and with the potential of mobile-first development. Much as bricks-and-mortar companies raced to develop web strategies in the mid 1990s, today’s web properties, including relative newcomers like Facebook, are racing to draw up aggressive attack plans for mobile.
Even Twitter, whose roots are in mobile phones, is being eclipsed by mobile-native Instagram. Comscore says that in the U.S., Instagram’s 7.3 million daily web and app users in August surpassed Twitter’s 6.9 million daily web and app users, the first time that’s happened (see chart). As Mike Isaac of All Things D wrote of the switch, “the massive shift in user traffic to mobile devices is a real thing.”


Tools for my geeks?
"News outlets are reporting that AMD has partnered with BlueStacks to bring Android apps to AppZone Player, something that will apparently allow the more than 500,000 mobile apps to run on your PC. From their announcement: 'What's special about the player on AMD-based products? There are many challenges with running apps that were originally designed for phones or tablets on a PC that in most cases has a larger screen and higher resolution display. To solve this, BlueStacks has designed and optimized the player for AMD Radeon graphics and in particular, our OpenGL drivers found in our APUs and GPUs so you get a great 'big-screen' experience. Additionally, the apps are integrated into AppZone, our online showcase and one-stop-shop for apps accelerated by AMD technology.' Unfortunately this appears to only work on AMD-based PCs (although nowhere does it say that it won't work on Intel CPUs or non-Radeon GPUs). Also no word on how they overcame the difference between a mouse and touchscreen (think pinch to zoom)."

No comments: