Really not much available other than the FBI is
claiming success. If this is something that Apple has already fixed,
I suspect they will quietly give the process to Apple. If the
vulnerability is still there, they will likely keep it from Apple.
U.S. Says
It Has Unlocked iPhone Without Apple
The Justice Department said on Monday that it had
found a way to unlock an iPhone without help from Apple, allowing the
agency to withdraw its legal effort to compel the tech company to
assist in a mass-shooting investigation.
… Yet law enforcement’s ability to now
unlock an iPhone through an alternative method raises new
uncertainties, including questions about the strength of security in
Apple devices. The development also creates potential for new
conflicts between the government and Apple about the method used to
open the device and whether that technique will be disclosed.
Lawyers for Apple have previously said the company would want to know
the procedure used to crack open the smartphone, yet the government
might classify the method.
… “I would hope they would give that
information to Apple so that it can patch any weaknesses,” she
said, “but if the government classifies the tool, that suggests it
may not.”
In a two-paragraph
filing on Monday, the Justice Department said it had “now
successfully accessed the data stored on Farook’s iPhone and
therefore no longer requires the assistance from Apple.”
(Related)
Encryption
Is a Luxury
Last year, a team of technology experts warned
against giving law enforcement special access to encrypted
communications. They explained that this special access would
“undermine and reverse” the technology industry’s efforts to
bolster digital security.
The
landmark paper addressed a conflict between technology companies
and the government that had been brewing for some time.
… Most Android phones don’t encrypt the data
that’s stored on the device, and many come with messaging services
that don’t encrypt data that’s sent back and forth between
devices.
… Google recently required that all new
Android devices encrypt device data by default—but exempted
slower (and therefore cheaper) phones, making encryption a de-facto
luxury feature.
(Related) The Apple v FBI issue will never arise
in China.
Dow Jones Business reports:
China’s top three Web browsers collected and transmitted data in insecure ways, making hundreds of millions of users’ personal information vulnerable to unauthorized access, according to a human-rights research group.
In a report published Tuesday, the University of Toronto’sCitizen Lab said Tencent Holdings Ltd.’s QQ Browser had been transmitting users’ data to its servers either with weak encryption or without encryption—a method of encoding information to protect it.
Read more on NASDAQ.
India denied Apple's “Free Basics” for just
these reasons. Were they smarter than the FCC?
Groups ask
FCC for action on 'zero-rating'
Public interest groups are urging the Federal
Communications Commission to take action under its net neutrality
rules against the increasing number of Internet providers who allow
customers to access some services without charging them for the data.
“As currently offered, these plans enable ISPs
to pick winners and losers online or create new tolls for websites
and applications,” said public interest advocacy groups in a
joint letter to FCC Chairman Tom Wheeler
“As a result, they present a serious threat to
the Open Internet: they distort competition, thwart innovation,
threaten free speech, and restrict consumer choice — all harms the
rules were meant to prevent.”
The letter was signed by more than 40 groups,
including Demand Progress, the Electronic Frontier Foundation and
Free Press.
They are responding to the rise of the practice,
known as zero-rating, that allows customers to consume data free of
charge, broadly speaking, as long as they use certain services or
websites.
Police are interested because it works. Some
concerns are a bit beyond current capabilities.
There’s a new kind of software that claims to
help law enforcement agencies reduce crime, by using algorithms to
predict where crimes will happen and directing more officers to those
areas. It’s called “predictive policing,” and it’s already
being
used by dozens of police departments all over the country,
including the Los Angeles, Chicago, and Atlanta Police Departments.
Aside from the obvious “Minority Report”
pre-crime allusions, there has been a tremendous amount of
speculation about what the future of predictive policing might hold.
Could people be locked up just because a computer model says that
they are likely to commit a crime? Could all crime end altogether,
because an artificial intelligence gets so good at predicting when
crimes will occur?
Interesting.
MIT for
Managers: How Insecure Is The Internet of Things?
… Based on reports from people who attended
the MIT Media Lab-sponsored
Security
of Things hackathon on March 4-5, 2016, the challenge of
protecting WiFi- and Bluetooth-enabled devices from motivated hackers
may be more daunting than even the most seasoned attendees expected.
“I
believe we’re at a tipping point for the ‘Internet of
Things,’” says Tal Achituv, a research assistant at the media lab
and an organizer of the event. “While most people now have several
networked devices in their homes — everything from light bulbs and
home alarm systems to baby monitors — very few people appreciate
just how vulnerable many of these devices are.”
Another
Thing in the Internet of Things. Will the airlines allow more
batteries on flights? Will terrorists find the location information
useful?
With $3.5M
In Funding, Raden Is The Latest Smart Luggage Company Aimed At
Tech-Savvy Travelers
Raden is a
new smart luggage company aiming to change the future of travel. All
Raden bags are equipped with an integrated scale, built-in-charger
and location awareness technology. Customers are able to use a sleek
companion app to track their case and attain relevant information
about one’s travels including an estimated security wait time.
Not for my
students. (Slightly different in older Word versions)
How to Get
the Readability Score of Any Word Document
… Note that readability here refers to the
ease of comprehending written word, not checking to ensure aesthetics
like font size and color are clear. If this is the type of
readability you were looking for, check out how
to make text easier to read in Windows.
You could
always get
readability information through a tool on the Web if you need
more info, but Word can give you a base overview without ever
leaving. Here’s how.
Might be
fun for my students to play with.
5
Alternative Virtual Assistant Apps You’ve Never Heard Of
… We’ve covered free
alternatives to Siri in the past, and rounded up the three
major virtual assistants to find out which is best. We’ve even
explored using Cortana
on the desktop.
But a lot of great alternatives to these apps have
popped up since we wrote about any of that, and we wanted to round up
a few.
Hound
(Android, iOS): Fast Responses to a Bunch of Questions
Sirius:
The Open Source Siri Alternative
Evi (Android,
iOS): Quick Answers to Questions
Cloe: Text
Messaging Concierge
Google Voice Search (Chrome): Search Using Your
Voice Anywhere
It almost seems like cheating to include this, but
we’ve somehow not really mentioned it before. If you’re using
Google Chrome on the desktop, you can use voice search right now and
get a voice response back, just like on your phone.
For my
Spring Computer Security class.
So pleased to see this announcement from Bill
Fitzgerald:
One of the unspoken issues in working on security
and privacy in educational software is that, while many people are
passionate about privacy and security, many people don’t know how
to start evaluating software or how to assess any potential risks
they might uncover. One of the explicit goals of the District
Privacy Evaluation Initiative is to decrease these barriers to
entry and to help more people have a more informed conversation about
what constitutes sound security and privacy practices. While the
full realm of information security is a broad subject, we wanted to
provide a concrete starting point. Based on observations of issues
we have seen — and continue to see — within software, we compiled
a primer and are happy to announce the release of the
Information
Security Primer for Evaluating Educational Software.
The primary audience for the primer is district
staff and education technology vendors, but the usefulness of this
information goes far beyond these two primary audiences. We hope and
anticipate that it will be used by parents, students, privacy
advocates, teachers, and anyone
else with an interest in learning more about how to evaluate the
security of the software we build and use.
As the title implies, this document is a primer,
not a comprehensive guide. We intend for this document to grow and
evolve over time. Future versions will include more advanced testing
scenarios, but for the initial version, we wanted to provide
resources to allow people to learn how to do security reviews safely.
We anticipate updates throughout the year, with published “official”
releases happening one to two times annually. The “published”
version will be available on Graphite, with the working version
maintained
openly on GitHub.
The primer covers the basics of information
security testing, starting with a grounding in responsible
disclosure. The tests
run in the primer make extensive use of work from the Open
Web Application Security Project, or OWASP. The primer leverages
the Zed
Attack Proxy, an open-source intercepting proxy supported as part
of OWASP. The full suite of resources available from OWASP are
incredibly valuable, and the content we cover in the primer just
scratches the surface. As one example, an item not covered in the
primer that should be recommended reading for developers building Web
applications is the OWASP Application
Security Verification Project.
As with all of our work on the District Privacy
Evaluation Initiative, we welcome community involvement and input.
If you work at a school or district and would like to get involved in
our ongoing work, please
sign up! If you would like to contribute to the content of the
primer, please join
the effort over on GitHub. We will be responding to questions in
the issue queue and approving and/or discussing any pull
requests we receive.
SOURCE: Graphite
No comments:
Post a Comment