Category: Links

Categories
Links

This Man Is the Most Dangerous Political Operative in America

This Man Is the Most Dangerous Political Operative in America:

Breitbart’s genius was that he grasped better than anyone else what the early 20th century press barons understood—that most readers don’t approach the news as a clinical exercise in absorbing facts, but experience it viscerally as an ongoing drama, with distinct story lines, heroes, and villains. Breitbart excelled at creating these narratives, an editorial approach that’s lived on. “When we do an editorial call, I don’t even bring anything I feel like is only a one-off story, even if it’d be the best story on the site,” says Alex Marlow, the site’s editor in chief. “Our whole mindset is looking for these rolling narratives.” He rattles off the most popular ones, which Breitbart News covers intensively from a posture of aggrieved persecution. “The big ones won’t surprise you,” he says. “Immigration, ISIS, race riots, and what we call ‘the collapse of traditional values.’ But I’d say Hillary Clinton is tops.”

GAI is set up more like a Hollywood movie studio than a think tank. The creative mind through which all its research flows and is disseminated belongs to a beaming young Floridian named Wynton Hall, a celebrity ghostwriter who’s penned 18 books, six of them New York Times best-sellers, including Trump’s Time to Get Tough. Hall’s job is to transform dry think-tank research into vivid, viral-ready political dramas that can be unleashed on a set schedule, like summer blockbusters. “We work very long and hard to build a narrative, storyboarding it out months in advance,” he says. “I’m big on this: We’re not going public until we have something so tantalizing that any editor at a serious publication would be an idiot to pass it up and give a competitor the scoop. ”

To this end, Hall peppers his colleagues with slogans so familiar around the office that they’re known by their abbreviations. “ABBN — always be breaking news,” he says. Another slogan is “depth beats speed.” Time-strapped reporters squeezed for copy will gratefully accept original, fact-based research because most of what they’re inundated with is garbage. “The modern economics of the newsroom don’t support big investigative reporting staffs,” says Bannon. “You wouldn’t get a Watergate, a Pentagon Papers today, because nobody can afford to let a reporter spend seven months on a story. We can. We’re working as a support function.”

Given that the CEO of Breitbart is going to be the new CEO of Donald Trump’s campaign, it seems appropriate to read and reflect on how Bannon has successfully positioned both his news organization – Breitbart – and the thinktank – GAI – such that their news and investigations pervade the media.

The core takeaway is that Bannon understands the media in a more systematic (and arguably deeper) way than Trump. The question, however, is whether that understanding be sufficient to re-invigorate Trump’s campaign amongst traditional conservatives and undecided voters.

Categories
Links

Vacation shaming our politicians – Policy Options

Vacation shaming our politicians – Policy Options :

The great irony of the criticism around Trudeau’s family vacation is that politicians keep talking about work-life balance, and specifically about how to attract more women to Parliament and to high-placed corporate jobs and boards. Jurisdictions around the world have changed the sitting hours of their legislatures to align with the school calendar and to eliminate night sittings.

One wonders what message women interested in federal politics drew from the coverage of the Trudeau family vacation: maybe “Don’t even think about taking time off with your kids.”

The message isn’t just sent to women interested in politics, but to workers more generally: you can have whatever work-life balance you’d like, so long as that balance doesn’t upset productivity (or your manager) in any way.

Categories
Links Writing

BlackBerry DTEK50 Review: Secure, reasonably priced but light on battery life

BlackBerry DTEK50 Review: Secure, reasonably priced but light on battery life:

But the software on the DTEK50 is the same as the Priv’s – hardened Android 6.0.1 (Marshmallow), FIPS 140-2 compliant full disk encryption, hardware root of trust, and BlackBerry Integrity Detection that monitors for compromises, with BlackBerry extras like the Hub (a unified inbox for all communications), calendar, contacts, password keeper, device search, launcher, and the DTEK security app for which the phone was named. Once you’ve used the BlackBerry software, most other offerings seem severely wanting. DTEK deserves special mention. It evaluates the device’s security posture, recommends changes, and allows you to see exactly what rights each app is using, and how often. You can also revoke individual privileges for an app if, for example, you see no reason why a flashlight app should have access to your contacts.

On what possible grounds can the reviewer – or the editor, who presumably assigned the title to this article – assert that the new Blackberry device is ‘secure’? We know that Blackberry’s consumer-grade options do not encrypt messaging data. We know that other implementations of Android, such as CopperheadOS, actually contribute code to the Android Open Source Project that is meant to reduce vulnerabilities.

We also know that Blackberry refuses to disclose how often they receive, and respond to, government requests for assistance. And we don’t know which countries Blackberry provides assistance to, under what specific terms, or the types of data that the company discloses. But all of this speaks to Blackberry being able to access consumers’ data…which is the definition of a service being insecure insofar as non-authorized actors can read or copy the data in question.

Before journalists or editors make assertions regarding security of mobile devices (or any other product for that matter) they should be obligated to contact experts in the field of mobile security. And preferably they’d actually contact people who actively test the security of mobile devices. Or, you know, at the very least they’d read the news and realize that the security afforded by Blackberry to its retail customers if more like propoganda than based in reality.

Categories
Links

Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks

Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks:

“The tl;dr is for Android users to ensure they are encrypting their communications by using VPNs, [or] ensuring the sites they go to are encrypted,” Lookout researcher Andrew Blaich told Ars. “If there’s somewhere they’re going to that they don’t want tracked, always ensure they’re encrypted.”

The vulnerability makes it possible for anyone with an Internet connection to determine whether any two parties are communicating over a long-lived transport control protocol connection, such as those that serve Web mail, news feeds, or direct messages. In the event the connections aren’t encrypted, attackers can then inject malicious code or content into the traffic. Even when the connection is encrypted, the attacker may still be able to determine a channel exists and terminate it. The vulnerability is classified as CVE-2016-5696.

One of the more likely ways exploits might target Android users is for them to insert JavaScript into otherwise legitimate Internet traffic that isn’t protected by the HTTPS cryptographic scheme. The JavaScript could display a message that falsely claims the user has been logged out of her account and instruct her to re-enter her user name and password. The login credentials would then be sent to the attacker. Similar injection attacks might also attempt to exploit unpatched vulnerabilities in the browser or e-mail or chat app the targeted Android user is using.

Another day, and another massive vulnerability disclosed about Android.

Categories
Links

Edmonton Police Say They Didn’t Mean It When They Said They Own a Stingray

Edmonton Police Say They Didn’t Mean It When They Said They Own a Stingray:

“Earlier this week, Media Relations Unit received an inquiry from Motherboard (VICE) asking if the [Edmonton Police Service] owns a Stingray device, or has ever used one from the RCMP. There was some miscommunication/misunderstanding internally surrounding the information obtained on whether the EPS owns a Stingray , and in fact, the EPS does not own a Stingray device. Police agencies do not comment on equipment used in electronic surveillance or on investigative techniques, therefore the EPS cannot provide any further information on this topic.”

Edmonton police are walking back their assertion that they did have, and use, an IMSI Catcher. Money says that the walk back is correct (it’s likely the RCMP that owns the device that EPS has used or had access to) while also misleading (because EPS would be working with the RCMP to investigate whatever the crim happens to be, while using the IMSI Catcher).

Police do not engender trust when they dogmatically try to stop the public from knowing what kinds of surveillance tools they use. Or the numbers of innocent people affected by such surveillance. Sadly, the logics of policing seem to run counter to developing this kind of generalized trust.

Categories
Links

How to market Justin Trudeau

How to market Justin Trudeau:

In academic terms, the coziness built by these efforts is called parasocial interaction—it’s the one-sided attachment people develop for media figures, and the reason why, when we meet a celebrity, we feel like we already know them. The big problem with this in a political context is the bread-and-circuses effect, where citizens get distracted by a personality they like and stop paying attention to issues and policies. But Marland and Goodyear-Grant both point out, with resigned ruefulness, that reams of research in their shared discipline suggests very few people think about those things anyway. Citizens generally form broad impressions of their political leaders, decide whether they like and trust them, and then leave them to handle the details if they do. “Most people are just not paying attention to this stuff. They just don’t care,” Marland says. “So it gives them probably a sense of pride that their Prime Minister seems to be well respected on the international stage.”

The entire article is excellent: Shannon Proudfoot has masterfully accounted for how the Trudeau campaign (and Prime Minister’s Office) has branded and marketed him. But the part that I quoted from the article is something that more people need to appreciate and understand, especially those who are involved in politics. Canadians generally are removed from politics and simply don’t care about them. This isn’t to say that political parties’ positions and actions don’t matter. But few people are actually paying attention to the minutia or day-to-day of federal, provincial, or municipal politics.

Categories
Links

Almost every Volkswagen sold since 1995 can be unlocked with an Arduino

Almost every Volkswagen sold since 1995 can be unlocked with an Arduino:

… security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week, and detail two different vulnerabilities.

The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company’s vehicles.

Alone, the value won’t do anything, but when combined with the unique value encoded on an individual vehicle’s remote key fob—obtained with a little electronic eavesdropping, say—you have a functional clone that will lock or unlock that car.

Just implement the research by dropping some Raspberry Pi’s in a mid- to high-income condo parking garage and you’ve got an easy way to profit pretty handsomely from Volkswagen’s security FUBAR.

Categories
Links

How do young people afford a house? They find roommates.

How do young people afford a house? They find roommates:

“When you look at the home market for first-time buyers, to get in can seem like an insurmountable task,” says Aaron Zifkin, Airbnb’s country director for Canada. “In a lot of our host community meet-ups, we’re seeing a lot of people who are really excited being able to bridge that pay point by earning a little extra income from a nanny suite.” Or, if no nanny suite exists, the pullout couch in the living room might do.

In Vancouver, for example, more than half of the money taken in by the 4,200 Airbnb hosts went to pay for necessities like the rent, mortgage or groceries, according to a company report released in July. With the typical host earning $6,500 each year, more than half of them said the extra cash was a reason they could afford to stay in their home. Seven per cent said the money helped them avoid foreclosure.

But don’t worry: there isn’t really a housing crisis in major metropolitan areas when people have to rent (parts of) their home in order to avoid forclosure. And the fact that roommates are a requirement for many 30-somethings to purchase 850ft condos in Toronto is entirely appropriate.

Categories
Links

Waiting for Android’s inevitable security Armageddon

Waiting for Android’s inevitable security Armageddon:

Android has around 75-80 percent of the worldwide smartphone market—making it not just the world’s most popular mobile operating system but arguably the most popular operating system, period. As such, security has become a big issue. Android still uses a software update chain-of-command designed back when the Android ecosystem had zero devices to update, and it just doesn’t work. There are just too many cooks in the kitchen: Google releases Android to OEMs, OEMs can change things and release code to carriers, carriers can change things and release code to consumers. It’s been broken for years.

This editorial was written over a year ago. And it’s as true, today, as it was the day it was written. Imagine if car companies just kept releasing the same dangerous, flawed, and fixable devices despite rampant car crashes, accidents, and other mishaps.

That’s Google today, as it continues to push flawed versions of Andrew, and today’s OEMs (e.g. Samsung, HTC) and carriers (e.g. Rogers, AT&T, Vodafone). The insecurity of Android constitutes a basic safety and human rights issue at this point given how states exploit Android vulnerabilities to target dissidents, journalists, academics, writers, and the public more generally. And yet none of the core parties reponsible for these major security failures are making genuine efforts to actually fix the problem because they don’t think they have to care.

Categories
Links

Copperhead OS: The startup that wants to solve Android’s woeful security

Copperhead OS: The startup that wants to solve Android’s woeful security:

Linux device drivers have been the operating system’s Achilles heel since day one, and the Android platform is no exception. Android phones ship with kernels frozen to ensure driver compatibility—which usually means that a new Android device comes with a kernel that’s already a year or two old.

“It’s like if you have a printer and the last printer driver made was for Windows 95, you can never upgrade your computer to a newer version,” Soghoian explains. “Android is bigger than just Google, and when Google’s partners drag their feet it undermines the security of the entire ecosystem.”

As an Android device ages, the kernel may get backported security patches, depending on the OEM’s willingness to push updates, but the handset will miss out on the latest security advances, since upgrading the kernel would break hardware compatibility with the drivers.

There are a lot of great things about Android. Device and data security just aren’t amongst them.