The folks at the University of Cambridge’s Security Research and Computer Laboratory have pulled together a terrific set of short (and accessible) papers on security and privacy. I’d highly recommend taking a look.
Category: Aside
From GigaOm, we find that:
Korea Telecom in South Korea has taken an interesting twist on the idea [of network neutrality], and decided to block Samsung’s Smart TVs from accessing the Internet, according to this article from the Maeil Business Newspaper, a large S. Korean daily. That’s right, net neutrality isn’t just for applications anymore.
It’s absurd that so-called ‘SmartTVs’ are being blocked on the basis of data consumption: as content goes HD and it is piped over IP (and fibre optic lines!) it’s absurd that ‘data consumption’ could justify cutting these televisions from the IP network. No, what we’re seeing is an effort to stymie over-the-top growth unless the content owner/monopolist can find a way to extract unjustified rents. The Korean example is a clear example of why network neutrality regulations are so important.
Categories
Ceiling Vic
I love this rehash of ceiling cat
Symantec is warning that the next generation of smartphone viruses has come:
Researchers from security vendor Symantec Corp. have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection.
This technique is known as server-side polymorphism and has already existed in the world of desktop malware for many years, but mobile malware creators have only now begun to adopt it.
A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. This is different from local polymorphism where the malware modifies its own code every time it gets executed.
This is a clever means to avoid the rudimentary analysis systems that the major vendors use to ID malware. It’s also (another) indication of how important antivirus is going to become for the mobile marketplaces. I suspect that, by the end of the year, a lot of users (on iOS, Android, and the rest) are going to wish that the post-Steve Jobs smartphones on the market today met Jobs’ initial thoughts regarding smartphones when Apple released the iPhone. Specifically, he held that:
He didn’t want outsiders to create applications for the iPhone that could mess it up, infect it with viruses, or pollute its integrity
While our pocket computers are better now that apps are available, I can’t help but think that Jobs’ earliest worries are now looming at today’s potential nightmares.
Categories
Fixing SSL, Moxie-Style
A follow up to my last post; if you want insight into how to fix the cruft that is SSL, take the time to watch Moxie’s presentation on SSL and The Future of Authenticity.
Categories
OK GO and Advertise to Me
I had no idea that OK GO’s recent video was largely a sponsored ad for the car they’re driving.
I also don’t care, because:
- I had no idea what the car was until I read an analysis of the video;
- It’s just (to my mind) another ridiculously awesome music video from this band.
I’m willing to sit through the ‘ad’ on the basis that the ‘brand’ of the car is non-obtrusive: it’s just a particular vehicle (pardon the pun) to deliver a really cool cultural experience.
Categories
Lessig Interviews Abramoff
Curious about the inner workings of Congressional and Senate corruption? Then set some time aside and watch this video. It’s a bit long – it goes for about 90 minutes – but is well worth your time.
Categories
Security Measures
The security systems are aware, armed, and not taking prisoners.
I’m sorry, but what Path did is (in some jurisdictions, such as my own) arguably a criminal offence. Want to know what they’ve been up to?
When developer Arun Thampi started looking for a way to port photo and journaling software Path to Mac OS X, he noticed some curious data being sent from the Path iPhone app to the company’s servers. Looking closer, he realized that the app was actually collecting his entire address book — including full names, email addresses, and phone numbers — and uploading it to the central Path service. What’s more, the app hadn’t notified him that it would be collecting the information.
Path CEO Dave Morin responded quickly with an apology, saying that “we upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path. Nothing more.” He also said that the lack of opt-in was an iOS-specific problem that would be fixed by the end of the week. [emphasis added]
No: this isn’t an ‘iOS-specific problem’ it’s an ‘iOS lacks an appropriate security model and so we chose to abuse it problem’. I cannot, for the life of me, believe that Apple is willing to let developers access the contact book – with all of its attendant private data – without ever notifying the end user. Path should be tarred, feathered, and legally punished. This wasn’t an ‘accident’ but a deliberate decision, and there should be severe consequences for it.
Also: while the Verge author writes:
Thampi doesn’t think Path is doing anything untoward with the data, and many users don’t have a problem with Path keeping some record of address book contacts.
I think that this misses a broader point. You should not be able to disclose mass amounts of other people’s personal information without their consent. When I provide key contact information it is for an individual’s usage, not for them to share my information with a series of corporate actors to do whatever those actors want with it. The notion that a corporation would be so bold as to steal this personal information to use for their own purposes is absolutely, inexcusably, wrong.
Categories
I’ll Call you ‘An Ambulance’, OK?
Siri and voice recognition gone horribly, horribly wrong (in tragically comedic ways).
Excited Pixels 