Wednesday, June 18, 2014

All kinds of questions here. Did Nokia tell the other phone manufacturers who were leasing their software? Did the bad guys ever modify the code? Should they have told their customers? Interesting that in the “Age of Surveillance” the cops can't track whoever picked up the cash. (Perhaps they should have put a phone in the bag?)
Nokia 'paid millions to software blackmailers six years ago'
Finnish telecoms equipment company Nokia paid several million euros to criminals who threatened to reveal the source code for part of an operating system used in its smartphones some six years ago, Finnish TV station MTV said on Tuesday.
The police confirmed to Reuters that they were investigating a case of alleged blackmail and that the case was still open. Nokia was not immediately available for comment.
… MTV said that the blackmailers had acquired [Interesting choice of words... Bob] the encryption key for a core part of Nokia's Symbian software and threatened to make it public.
Had it done so anyone could then have written additional code for Symbian including possible malware which would have been indistinguishable from the legitimate part of the software, MTV said.
After the blackmail attempt Nokia contacted the police and agreed to deliver the cash to a parking lot in Tampere, central Finland. The money was picked up but the police lost track of the culprits, MTV said.


For my Computer Security students. It's far cheaper to put up a “This site is secure” logo than to actually make the site secure. However this only fools users, since hackers would never read it – we find unsecured sites by running programs (called spiders) that automate the search.
Lessons in insecure SSL courtesy of Hoyts cinemas


The law is clear and has been available for years. Funny how no one cares until it hits the news.
Google and Facebook can be legally intercepted, says UK spy boss
UK intelligence service GCHQ can legally snoop on British use of Google, Facebook and web-based email without specific warrants because the firms are based abroad, the government has said.
Classed as "external communications", such activity can be covered by a broad warrant and intercepted without extra clearance, spy boss Charles Farr said.
The policy was revealed as part of a legal battle with campaign group Privacy International (PI).
… However, he said data collected in this way "cannot be read, looked at or listened to" except in strictly limited circumstances.
… Mr Farr says that actually reading or examining a Briton's communications swept up in this way would still require a domestic, more targeted warrant.

(Related) Or until it's an election year.
Senators Ron Wyden, Mark Udall, and Rand Paul have jointly authored an op-ed in the Los Angeles Times. They write, in part:
Although the bill approved by the House is intended to end bulk collection, we are not at all confident that it would actually do so. The bill would require the government to use a “selection term” to secretly collect records, but the definition of “selection term” is left vague enough that it could be used to collect all of the phone records in a particular area code or all of the credit card records from a particular state. Meanwhile, the bill abandons nearly all of the other reforms contained in the Senate version of the USA Freedom Act, while renewing controversial provisions of the Patriot Act for nearly three more years.
This is clearly not the meaningful reform that Americans have demanded, so we will vigorously oppose this bill in its current form and continue to push for real changes to the law. This firm commitment to both liberty and security is what Americans — including the dedicated men and women who work at our nation’s intelligence agencies — deserve. We will not settle for less.
Read the op-ed on the L.A. Times.


Tools & Techniques. Remember the old (in Internet years) saying: practice “Safe Hex!” Perhaps you should buy one for your CEO and other travelers?
Gear to Block ‘Juice Jacking’ on Your Mobile
… Juice-jacking as a threat probably first crept into the collective paranoia of gadget geeks in the summer of 2011, after I wrote a story about two researchers at the DefCon hacker convention in Vegas who’d set up a mobile charging station designed to educate the unwary to the fact that many mobile devices (particularly Apple devices) are set up to connect to a computer and immediately sync data.
Their proof-of-concept was a reminder that in the (admittedly unlikely) event that a clever attacker managed to hide a small computer inside of a USB charging kiosk, he might be able to slurp up your device’s data.
Since that story, several products have sprung up to help minimize such threats. These small USB pass-through devices are designed to allow charging yet block any data transfer capability. The two products I’ve been using over the past few months include the “USB Condom” and a device called the “Juice-Jack Defender.”
Juice-Jack Defender http://www.chargedefense.com/


...and our government is making it mandatory! How wonderful.
How the U.S. Health Care System Compares Internationally
by Sabrina I. Pacifici on June 17, 2014
The Commonwealth Fund: “The United States health care system is the most expensive in the world, but this report and prior editions consistently show the U.S. underperforms relative to other countries on most dimensions of performance. Among the 11 nations studied in this report—Australia, Canada, France, Germany, the Netherlands, New Zealand, Norway, Sweden, Switzerland, the United Kingdom, and the United States—the U.S. ranks last, as it did in the 2010, 2007, 2006, and 2004 editions of Mirror, Mirror. Most troubling, the U.S. fails to achieve better health outcomes than the other countries, and as shown in the earlier editions, the U.S. is last or near last on dimensions of access, efficiency, and equity. In this edition of Mirror, Mirror, the United Kingdom ranks first, followed closely by Switzerland.”


“Hey, he looked suspicious!”
Last Friday, Judge Sullivan (D.D.C.) dismissed Meshal v. Higgenbotham, a long-outstanding Bivens suit brought by a U.S. citizen who alleged that, while travelling in the Horn of Africa, he was detained for four months, interrogated, and tortured at the direction of–and by–U.S. government officials (tellingly, the government did not claim that the alleged conduct was constitutional). In a thoughtful 37-page opinion setting forth his reasons for dismissing the case, Judge Sullivan offered a fairly candid (and, in my view, accurate) explanation for why Meshal couldn’t recover for conduct that, if proven, would unquestionably constitute “appalling (and, candidly, embarrassing)” violations of his constitutional rights: In a nutshell, it’s the Fourth, Seventh, and D.C. Circuits’ fault.


Tools & Techniques: for lawyers and my Criminal Justice students.
New Way to Look at Law, With Data Viz and Machine Learning
by Sabrina I. Pacifici on June 17, 2014
Wired – [snipped] “As its creators [Daniel Lewis and Nik Reed] see it, Ravel’s visual search offers myriad improvements over the old columns of text results. It better lets you see how cases evolved over time, and potentially lets you see outliers that could be useful in crafting an argument–cases that would languish at the bottom of a more traditional search. The visualization, Reed insists, “tells a lot more of the story of law than the rank ordered list.” (That might be true. When they first showed their visual search to a veteran judge, he looked at the complex map of circles and responded: “This is how my brain works!”).
  • Note – there is a free and a premium version for subscribers. See Robert Ambrogi’s profile of the company to understand more about this new generation of visualization and relational context for online legal research. Ravel’s footprint is still small in comparison to those of LexisNexis and Westlaw, but relevancy is based on deliverables. The very scope of “searching” has transcended the linear into an often overwhelming realm of big data, analysis and visualizations that provides altogether different kinds of “results” to “queries.” These are indeed interesting times, and the legal community is the beneficiary of innovative, results driven technology solutions such as this one.


Is this strategy defensible? Can the lawsuits possibly cost less that the profits? I guess they couldn't work deals with the “New Music” bloggers who have huge followings, so they must have said, “Let's see if we can replicate Apple's mistakes in selling music and Amazon's in selling books.” What they did say was, “Take it or leave it.”
YouTube to block indie labels as it launches paid music service
YouTube is about to begin a mass cull of music videos by artists including Adele and the Arctic Monkeys, after a number of independent record labels refused to sign up to the licensing terms for its new subscription service.
The Google-owned company will start blocking videos “in a matter of days” to ensure that all content on the new platform is governed by its new contractual terms, said Robert Kyncl, YouTube’s head of content and business operations.
Google’s decision to press ahead without some of the best-known artists shows its determination to enter the fast-growing market for music subscription services. Amazon last week launched its own service as part of its Prime subscription bundle, while Apple last month acquired Beats Music through its $3bn purchase of headphone maker Beats Electronics.


Perspective.
Chili's Has Installed More Than 45,000 Tablets in Its Restaurants


A suggestion for my students. It might be amusing to write an App to pull all of this data into one file. Be sure to keep a defibrillator handy if you show the results to your CEO.
How Much Does Google Really Know About You?


For my students who research. Kinda-sorta like electronic Xeroxing.
Never Lose That Webpage Again: 6 Ways To Read It Later On Any Platform
There’s one HUGE problem with Internet bookmarks: if the website goes down or you have no web access, you’re out of luck. Few things are more frustrating than needing a bookmark only to find there’s nothing you can do to visit it. Rest assured, however, because there’s a handy solution.
Instead of bookmarking a web page, consider archiving it. If you download and store a local copy of the web page, you can access it whenever you want – even if the site itself goes down. The downside is that archives use more hard drive space than bookmarks do, but the trade-off is well worth it.


Something to tease my Math students with...
Monkeys Can Do Math
… Rhesus macaques that have been trained to associate numerical values with symbols can get the answer right, even if they haven’t passed a math class. The finding doesn’t just reveal a hidden talent of the animals—it also helps show how the mammalian brain encodes the values of numbers.
Previous research has shown that chimpanzees can add single-digit numbers. But scientists haven’t explained exactly how, in the human or the monkey brain, numbers are being represented or this addition is being carried out. Now, a new study helps begin to answer those questions.


Food for thought. This is what makes changing the “Culture” of an organization so difficult.
Strategy Isn’t What You Say, It’s What You Do
You sometimes hear managers complain that their organization has no strategy. This isn’t true. Every organization has a strategy: its strategy is what it does. Think about it. Every organization competes in a particular place, in a particular way, and with a set of capabilities and management systems — all of which are the result of choices that people in the organization have made and are making every day.
When managers complain that their company’s strategy is ineffectual or non-existent, it’s often because they haven’t quite realized that their strategy is what they’re doing rather than what their bosses are saying.

No comments: