“Ontogeny
replicates phylogeny”
Each new generation of technology comes first with
demonstrations of new capibilities. Each generation forgets that
vulnerabilities persist, even if they would rather not be bothered...
Summer
Camp for the Car-Virus Squad
Some of the world’s cyber security
experts – and many antivirus software vendors – warn that the
proliferation of the connected car will be a prime
target for hackers. Several university
researchers have already shown that it’s relatively easy to
access a car’s defenseless electronics system.
Some have been able to surreptitiously listen to occupants’
conversation, while others have gone so far as to deploy something
dubbed “Self Destruct,” in which a 60-second timer appears on a
car’s dashboard display, and when it reaches zero the virus turns
off the car’s lights, locks the doors, shuts down the engine, and
slams on the brakes.
Battelle,
the self-described world’s largest nonprofit R&D organization,
took a novel approach to confront such car-hacking scenarios, hosting
a summer camp for students to solve car-security challenges – and
enjoy some nighttime movies and s’mores in the process.
“We guarantee this is safe.. Except
when we don't.”
Hackers
Breached Adobe Server in Order to Sign Their Malware
The ongoing security saga involving
digital certificates got a new and disturbing wrinkle on Thursday
when software giant Adobe announced that attackers breached its
code-signing system and used it to sign their malware
with a valid digital certificate from Adobe.
Adobe said the attackers signed at
least two malicious utility programs with the valid Adobe
certificate. The company traced the problem to a compromised build
server that had the ability get code approved from the company’s
code-signing system.
Adobe said it was revoking the
certificate and planned to issue new certificates for legitimate
Adobe products that were also signed with the same certificate, wrote
Brad Arkin, senior director of product security and privacy for
Adobe, in
a blog post.
… The company said it had good
reason to believe the signed malware wasn’t a threat to the general
population, and that the two malicious programs signed with the
certificate are generally used for targeted, rather
than broad-based, attacks. [“generally” Bob]
Arkin identified the two pieces of
malware signed with the Adobe certificate as “pwdump7 v7.1″ and
“myGeeksmail.dll.” He said that the company passed them on to
anti-virus companies and other security firms so that they could
write signatures to detect the malware and protect their customers,
according to the post.
Adobe didn’t say when the breach
occurred, but noted that it was re-issuing certificates for code that
was signed with the compromised signing key after July 10, 2012.
Also, a security advisory the company released with its announcement
showed that the two malicious programs were signed
on July 26 of this year. Adobe spokeswoman Liebke Lips told
Wired that the company received the two malicious
samples on the evening of Sept. 12 [Why didn't Adobe detect this?
Bob] and immediately began the process of deactivating and
revoking the certificate.
The company said the
certificate will be re-issued on Oct. 4, but didn’t explain why it
would take that long.
Continuing the quest to surveil
everyone, anywhere...
US
Department of Homeland Security looking for (more than) a few good
drones
The US Department of Homeland Security
this week issued a call for unmanned systems makers to participate in
a program that will ultimately determine their safety and performance
for use in first responder, law enforcement and border security
situations.
In a twist that will certainly raise
some eyebrows, the program's results of the ironically named program
-- The
Robotic Aircraft for Public Safety (RAPS) -- will
remain unavailable to the public, which considering how
involved the actual public may be with these drones is shall we say,
unfortunate. Specifically the DHS says: "The information within
each test report will be classified as For Official Use Only, and
will not be shared with the general public. All company-restricted
information will remain proprietary to the SUAS provider, and not
shared publicly without explicit consent."
Background: What
the drone invasion looks like
I'm shocked I tell you!
New
Justice Department Documents Show Huge Increase in Warrantless
Electronic Surveillance
September 27, 2012 by Dissent
Naomi Gilens writes:
Justice Department
documents
released today by the ACLU reveal that federal law enforcement
agencies are increasingly monitoring Americans’ electronic
communications, and doing so without warrants, sufficient oversight,
or meaningful accountability.
The documents,
handed over by the government only after months of litigation,
are the attorney general’s 2010 and 2011 reports on the use of “pen
register” and “trap and trace” surveillance powers. The
reports show a dramatic increase in the use of these surveillance
tools, which are used to gather information about telephone, email,
and other Internet communications. The revelations underscore the
importance of regulating and overseeing the government’s
surveillance power. (Our original Freedom
of Information Act request and our legal complaint
are online.)
Read more on ACLU’s
blog.
...not completely thought through?
Editorial:
School computer rules would delete civil rights
September 27, 2012 by Dissent
An editorial in the Fairfield
Citizen includes:
… in its
stampede to secure federal money to protect students from both
pornography and each other, the Fairfield Board of Education seems to
have given little if any thought to the civil rights of students and
their parents.
Proposed revisions
to the schools’ Internet policy would include not only school
equipment and networks, but personally owned equipment, too. The
plan is so broad it raises alarming questions about rights of
privacy, free speech — even freedom of religion.
Read more on Fairfield
Citizen.
[From the article:
The revision states that personally
owned equipment used for school purposes "will be treated as
district technology resources."
Moreover, the policy states, students
"should not have any expectation of personal privacy in the use
of these resources."
An interesting exchange...
Fifth
Circuit Cell-Site Case: Magistrate Judge Smith Responds and Defends
His Decision
September 28, 2012 by Dissent
Orin Kerr writes:
Although I wasn’t
planning to post any more on the Fifth Circuit cell-site case, I
happened to notice that Magistrate Judge Smith recently posted a
new essay on SSRN that is in significant part a response to my
amicus brief and my criticisms of his decision. I thought it only
fair to point readers to his paper and explore Smith’s argument in
some detail. I’ll then offer my thoughts in response at the end.
In his essay,
Standing
Up for Mr. Nesbitt, forthcoming in the University of San
Francisco Law Review, Smith argues that magistrate judges must
“stand up” and protect ordinary citizens from “an increasingly
surveillance-happy state” because “Congress and the Supreme Court
have yet to do so.” None of the three branches of government are
standing up to protect the ordinary citizen, Smith argues. The
Executive Branch can’t regulate itself, and Congress has not
addressed some important issues effectively. The Supreme Court has
failed to step in, too, as it has hardly touched electronic privacy
and it has expressed caution about its own role in recent decisions.
With all three branches failing to protect the ordinary citizen,
Smith argues, magistrate judges must step in and “play goalie for
the missing side.” That is, magistrate judges must correct for the
failures of the three branches by representing the side of the target
of the investigation.
Read more on The
Volokh Conspiracy.
Perspective A rather steep growth
curve...
September 27, 2012
IBM
- What is Big Data?
"What
is big data? Every day, we create 2.5 quintillion bytes of data
— so much that 90% of the data in the world today
has been created in the last two years alone. This data
comes from everywhere: sensors used to gather climate information,
posts to social media sites, digital pictures and videos, purchase
transaction records, and cell phone GPS signals to name a few. This
data is big data."
Perspective Another interesting growth
curve...
Instagram
Use Is Exploding
In just six months, Instagram use has
more than septupled, growing from around 900,000 people per day to
around 7.3 million, according to ComScore. The photo-sharing app’s
astonishing growth underscores the growing momentum of mobile-native
apps, and the potential of said apps to open wide leads over
traditional websites.
Instagram effectively
has no website; though the social network’s photos live
on the web, it can only be driven through mobile app. Like the
popular check-in service Foursquare, Instagram is
truly native to mobile and specifically to smartphones.
Even before evidence of Instagram’s amazing six-month growth spurt,
Silicon Valley entrepreneurs and venture capitalists were becoming
obsessed with the mobile frontier and with the potential of
mobile-first development. Much as bricks-and-mortar companies raced
to develop web strategies in the mid 1990s, today’s web properties,
including relative newcomers like Facebook, are racing to draw up
aggressive attack plans for mobile.
Even Twitter, whose roots are in mobile
phones, is being eclipsed by mobile-native Instagram. Comscore
says that in the U.S., Instagram’s 7.3 million daily web and app
users in August surpassed Twitter’s 6.9 million daily web and app
users, the first time that’s happened (see chart). As
Mike Isaac of All Things D wrote
of the switch, “the massive shift in user traffic to mobile devices
is a real thing.”
Tools for my geeks?
"News outlets are reporting
that AMD
has partnered with BlueStacks to
bring Android apps to AppZone Player, something that will
apparently allow the more than 500,000 mobile apps to run on your PC.
From their announcement: 'What's special about the player on
AMD-based products? There are many challenges with running apps that
were originally designed for phones or tablets on a PC that in most
cases has a larger screen and higher resolution display. To solve
this, BlueStacks has designed and optimized the player for AMD Radeon
graphics and in particular, our OpenGL drivers found in our APUs and
GPUs so you get a great 'big-screen' experience. Additionally, the
apps are integrated into AppZone, our online showcase and
one-stop-shop for apps accelerated by AMD technology.' Unfortunately
this appears to only work on AMD-based PCs
(although nowhere does it say that it won't work on Intel CPUs or
non-Radeon GPUs). Also no word on how they overcame the difference
between a mouse and touchscreen (think pinch to zoom)."
No comments:
Post a Comment