Android’s
full-disk encryption just got much weaker—here’s why
… A blog
post published Thursday revealed that in stark contrast to the iPhone's
iOS, Qualcomm-powered Android devices store the disk encryption keys in
software. That leaves the keys
vulnerable to a variety of attacks that can pull a key off a device. From there, the key can be loaded onto a server
cluster, field-programmable
gate array, or supercomputer that has been optimized for super-fast
password cracking.
The independent researcher that published the post
included exploit
code that extracts the disk encryption keys by exploiting two
vulnerabilities in TrustZone.
TrustZone is a collection of security
features within the ARM
processors Qualcomm sells to handset manufacturers.
For my Computer Security students.
Kaspersky: Ransomware that encrypts is booming
Over the past year the number of machines hit by
ransomware that encrypts all or part of the hard drive is five-and-a-half times
what it was the year before, according to Kaspersky
Lab.
The number in 2014-2015 was 131,111 compared to 718,536 in
2015-2016, according to the company’s report Ransomware in 2014-2016.
… “Mobile
ransomware merged as a follow-up to PC ransomware and it is likely that it will
be followed-up with malware targeting devices that are very different to a PC
or a smartphone,” the report says. These
include smart watches and smart TVs, and entertainment systems in homes and
cars. “There are a few proof-of concepts
for some of these devices, and the appearance of actual malware targeting smart
devices is only a question of time.”
(Related)
With some advanced preparation, you can survive a ransomware
attack
… There are ways
to protect your systems to prevent becoming the next victim, or at least to
mitigate the effects of the attack, but you need to act before an attack
strikes. Researchers say it can take less than 5 minutes from the time the malware
gets on a system to the time when primary files are encrypted, backup files are
deleted, and the demand for ransom is presented.
That said, here are some steps for surviving a ransomware
attack:
I’ve followed this report for years.
2015 Wiretap Report: Intercept Orders Rise 17 Percent
by Sabrina
I. Pacifici on Jul 1, 2016
United States Courts, June 30, 2016: “The number of
federal and state wiretaps terminated in 2015 increased nearly 17 percent over
2014, according to an annual report submitted to Congress by the Administrative
Office of the U.S. Courts. As in
previous years, drug investigations and telephone wiretaps accounted for the
large majority of cases. The 2015 Wiretap Report covers
intercepts—of wire, oral or electronic communications—that were concluded
between January 1, 2015, and December 31, 2015. The report does not include data on
interceptions regulated by the Foreign Intelligence Surveillance Act of 1978. A total of 4,148 wiretaps were reported in
2015, compared with 3,554 the previous year. Of those, 1,403 were authorized by federal
judges, 10 percent more than in 2014, and 2,745 were authorized by state
judges, an increase of 21 percent. No wiretap applications were reported as denied in
2015.”
[The
encryption section:
The number of state wiretaps in which encryption was
encountered decreased from 22 in 2014 to 7 in 2015. In all of these wiretaps, officials were unable
to decipher the plain text of the messages. Six federal wiretaps were reported as being
encrypted in 2015, of which four could not be decrypted. Encryption was also reported for one federal
wiretap that was conducted during a previous year, but reported to the AO for
the first time in 2015. Officials were
not able to decipher the plain text of the communications in that intercept.
What could possibly go wrong? (What’s next?)
Mark Walker, Patrick Anderson and John Hult report:
Police in South Dakota are
collecting urine samples from uncooperative suspects through the use of force
and catheters, a procedure the state’s top prosecutor says is legal but is
criticized by others as unnecessarily invasive and a potential constitutional
violation.
The practice isn’t new, according
to attorneys, but it’s been brought to light in a recent case in Pierre.
Read more on Argus
Leader.
Because you can never introduce your children to surveillance
too soon?
Alphabet’s Nest Patents Smart Surveillance Crib For The
Ultimate Helicopter Parent
… Nest (now
part of Alphabet since its acquisition by Google), the company best known for
its smart thermostats, applied to patent a smart crib or toddler bed that would
monitor infants and displays
soothing images and sounds. [Big Brother loves you. We have always been at war with Eastasia. Bob]
(Related) Dilbert
predicts the future?
Perspective. Over,
but not really over.
In Senate, Blackberry Era Officially Over
… The reign of the
Blackberry lasted a good decade or more in Congress, early on due to the
advanced nature of the devices and obsession with email checking. Even when the iPhone and Androids came about,
the Blackberry still kept the throne for awhile because typing on those tiny
little keys was faster, a mastered skill with which the iPhone could not
compete. (This being government, they
were slow to adopt other devices and Bring Your Own Device policies.)
[From the
notice:
BlackBerry device support will continue
for the foreseeable future. BlackBerry
is committed to maintaining their support of our devices to include
uninterrupted warranty and technical support.
Once we have exhausted our current in-house stock, new
device procurements will be limited, while supplies last, to warranty exchanges
only.
Perspective. “We’re
# 16! We’re # 16!” Not very catchy, is it?
Superfast internet? South Korea wins, U.S. lags far behind
Internet speeds are getting faster worldwide —
including the U.S. But speeds here are far worse than many other countries,
particularly on mobile.
Akamai, an internet platform used by websites to ensure
high speeds and high quality streaming, aggregates data from the up to 200 trillion content requests it receives each quarter.
Global average connection speed rose 12% in the
first quarter of 2016 from the fourth quarter of 2015, to 6.3 Mbps, according
to Akamai's latest "State of the Internet" report. Year over year, global internet speeds shot up
23%, said the content delivery network.
South Korea led the way with the highest average
connection speed at 29.0 Mbps, an 8.6% increase from last quarter. Norway (21.3 Mbps) and Sweden (20.6 Mbps)
followed to make up the top three.
The United
States didn't make the top 10, ranking No. 16 with average
connection speed of 15.3 Mbps, a 7.7% rise from the prior quarter.
… In mobile,
you're best off in the United Kingdom. The country by far had the highest
average mobile speed with 27.9 Mbps. Belgium, in contrast,
had only 70% of the U.K.'s average speed with 19.4 Mbps. Algeria had the lowest average connection
speed with 2.2 Mbps. Speeds in Iran, the country that had the slowest
average speed in the fourth quarter with 1.8 Mbps, improved to 4.7
Mbps this quarter.
The U.S. had an average mobile speed of 5.1, on par with
Thailand.
This is more for my Excel class than PowerPoint users.
Improve Your PowerPoint Presentation with Excel Data
Visualizations
For my IT Architecture students.
WhatsApp Grew to One Billion Users by Focusing on Product,
Not Technology
… when Mubarik
Imam, head of growth and partnerships for WhatsApp, told the company’s
extraordinary story to a group of high-level executives and technology experts
at a conference in Palo Alto last year, the narrative was conspicuously free of
digital breakthroughs or “aha!” moments. For those who hoped to hear the secret of how
digital wizardry turned two
disgruntled Yahoo veterans into overnight billionaires, the real story was
an eye-opener. Transforming a relatively
simple idea into a $19 billion windfall, it turns out, was more about
solving problems with the tools at hand than inventing new solutions from
scratch.
If it’s Saturday, Education foibles…
Hack Education Weekly News
… The US
Department of Education released its “#GoOpenDistrict
Launch Packet,” encouraging schools to use OER. As
Stephen Downes comments, “I find it interesting that they refer throughout
to ‘openly licensed educational materials’ rather than ‘open
educational resources’ – I wonder what the reasoning was behind that.” Rebrand. Realign. Rewrite history. The usual, I’d wager.
… Hillary Clinton
unveiled her tech platform this week. Excuse
me. Her “innovation
agenda.” She promises that every
kid will learn to code (of course) by having the private
sector train
CS teachers. She wants federal financial aid for coding bootcamps and nanodegrees.
Her plan also involved a talking point
about diversifying the tech workforce, but then she went ahead and announced
this doozy:
a student
loan deferment program for startup founders. Alexander
Holt offers a pretty good argument as to why this is a “giveaway to Silicon Valley.” (The whole platform sounds like that, to be
honest.) “Is Student-Loan Debt Really
Holding Would-Be Entrepreneurs Back?” asks The
Chronicle of Higher Education. More
on Clinton’s plans via Edweek’s
Market Brief, Inside
Higher Ed, and The
New York Times.
… Via The
Chronicle of Higher Education: “As Big Data Comes to College, Officials
Wrestle to Set New Ethical Norms.”