Category: Links

Categories
Links

New malware infects millions of Android users

ch3ukl1:

Symantec has identified 13 apps on the Android Market that are all hiding Android. Counterclank, a Trojan horse that steals information, and could also download more files and display ads on the device.

These apps are still available on the Android market, and up to five million handsets could be infected. The popularity in Android will continue to make it a lucrative target. Unless Google does more to prevent such apps appearing, it could mean the start of defection of users to other systems.

Click on above link for more.

For emphasis: up to five million handsets could be infected. That’s it, I’m calling it: Android is the new Windows for security and virus defence. Reminds me of the late 1990s and early 2000s for the number of reported actionable vulnerabilities being reported on an almost daily basis.

Categories
Aside Links

Practical Quantum Computing?

From the article:

So-called quantum key distribution is unconditionally secure–it offers perfect secrecy guaranteed by the laws of physics.

Or at least that’s what everyone thought. More recently, various groups have begun to focus on a fly in the ointment: the practical implementation of this process. While quantum key distribution offers perfect security in practice, the devices used to send quantum messages are inevitably imperfect.

It will be interesting to see how quantum computing practically differs from the theoretics of quantum physics; I suspect that efforts will be made to find ‘kludges’ that will ultimately be the source of practical problems to quantum-based security and computing efficiency. Of course, this is a similar issue that currently besets security and computing: dealing with real-world materials and accommodating imperfections (and variable modes of breaking security models that extend beyond the system being imagined) are amongst the most pressing of today’s issues.

Categories
Humour Links

Google Responds To Privacy Concerns With Unsettlingly Specific Apology

From the lede:

 MOUNTAIN VIEW, CA—Responding to recent public outcries over its handling of private data, search giant Google offered a wide-ranging and eerily well-informed apology to its millions of users Monday.

“We would like to extend our deepest apologies to each and every one of you,” announced CEO Eric Schmidt, speaking from the company’s Googleplex headquarters. “Clearly there have been some privacy concerns as of late, and judging by some of the search terms we’ve seen, along with the tens of thousands of personal e-mail exchanges and Google Chat conversations we’ve carefully examined, it looks as though it might be a while before we regain your trust.”

Categories
Links

Sign the petition: Respect the privacy of cell phone customers

ACLU:

Thanks to a nationwide ACLU campaign to learn how our cell phones are being used to monitor us, we now know that cell phone service providers keep a staggering amount of data about their customers:

  • Call records up to seven years.
  • Contact information of who you’ve exchanged text messages for up to seven years.
  • Cell tower history — which helps track the movement of your cell phone: all data from July 2008 onward.
  • Copies of paid bills for up to seven years.
  • IP addresses assigned to your device for up to one year.

Tell your cell phone service provider that you demand an explanation of the information that is kept about your account, when and how it is shared with third parties, and an easy way to control how long your private information is kept. Additionally, tell them you demand to be notified if this information is ever lost in a data breach or demanded by the government or anyone else.

If you use AT&T, Sprint, T-Mobile or Verizon, this affects you.

Some of the reasons behind this data aggregation stems from law enforcement demands/expectations. Some stems from the low amount of storage all of this data (effectively) amounts to. Some stems from a need to plot out use patterns and predict growth rates. Some stems from a belief that more data is good data.

Regardless, the ACLU is right: customers should be demanding to know exactly why this data is being retained, the purposes the data is used for, and the parties that the data is shared with. Remember: if it isn’t collected or stored, it can’t be used against you in commercial, civil, or governmental practices.

Categories
Links Writing

Viruses stole City College of S.F. data for years

The viral infestation detailed by the Chronicle is horrific in (at least) two ways: first, that data was leeched from university networks for year after year, and second that it’s only now – and perhaps by happenstance – that the IT staff detected the security breach. From the article:

a closer look revealed a far more nefarious situation, which had been lurking within the college’s electronic systems since 1999. For now, it’s still going on. So far, no cases of identify theft have been linked to the breach. That may change as the investigation continues, and college officials said they might need to bring in the FBI.

Each night at about 10 p.m., at least seven viruses begin trolling the college networks and transmitting data to sites in Russia, China and at least eight other countries, including Iran and the United States, Hotchkiss and his team discovered. Servers and desktops have been infected across the college district’s administrative, instructional and wireless networks. It’s likely that personal computers belonging to anyone who used a flash drive during the past decade to carry information home were also affected.

Some of the stolen data is probably innocuous, such as lesson plans. But an analysis shows that students and faculty have used college computers to do their banking, and the viruses have grabbed the information, Hotchkiss said.

It is for precisely this kind of reason that regular updates of common, lab-based, computer equipment must be performed. These computers must centrally factor into campus security plans because of their accessibility to the public and a broad student population. I simply cannot believe that systems were so rarely refreshed, so rarely updated, and so poorly secured that a mass infection of a campus could occur, unless a university security and data protection policy were not being implemented by staff. Regardless, what has happened at this campus is an inexcusable failure: lessons should be learned, yes, but heads should damn well roll as well.

Categories
Aside Links

American Internet Imperialism

Think about this for a second: you are a good, law abiding citizen, and thus break no local laws. Your state has no reason to bring criminal charges against you. Your actions, however, are provisionally criminal in another jurisdiction. As a result, despite your actions being perfectly legal in your home nation you are threatened with extradition. This is not a theoretical concern:

TVShack was a site that collected links to TV shows. Certainly, many of those shows were likely to be infringing – but TVShack did not host the content at all, it merely linked to it. Richard O’Dwyer, the guy who ran the site, was a student building an interesting project over in the UK. However, the US Department of Justice decided that he was not only a hardened criminal, but one who needed to be tried on US soil. Thus, it began extradition procedures. Even worse, nearly identical sites in the UK had already been found legal multiple times – with the court noting that having links to some infringing content was certainly not criminal copyright infringement. That makes things even more ridiculous, because extradition is only supposed to be allowed for activities that are criminal in both the US and the UK. [Emphasis added]

The implications for extradition would be significant: UK citizens could be extradited to certain countries for actions that are legal within their own nations, on the basis that they violate the laws of other countries. It is precisely this kind of process that can stifle innovation, speech, and association online. It narrows the range of speech actions whilst demanding that – prior to speaking or acting or creating – individuals consult with counsel as the first part of any serious online behaviour.

Such an approach – lawyers, then speech – is directly contradictory with basic rights that form the bedrock of our Western democracies.

Categories
Links

EMI Sues Irish Government

Admittedly this is a few weeks old at this point, but it’s absurd that EMI is trying to sue the Irish government for access to a bill prior to its being introduced.

EMI is effectively confessing here that it’s upset that the government isn’t sharing the bill ahead of time with EMI or others in the industry. Again, the massive sense of entitlement of these guys is such that they expect that they get to write the laws, and when they’re left out of the process, they get to sue over it. And yet, on every one of these laws, the people actually impacted by them – the public – get no real say or can’t see them. Remember ACTA? The public was left totally in the dark, while RIAA/MPAA officials and others had pretty detailed access and the ability to help craft the bills. And yet, when EMI doesn’t get to see a draft of a bill, and it makes them think that it won’t go the way they want, they sue? Damn.

If EMI (and other bodies) get access to these documents then all parties should have access to them, on grounds that the public interest groups should be on equal footing in trying to influence how this legislation is shaped prior to it’s introduction. Perhaps better would be that no one sees the legislation and that experts are ‘simply’ called in to give commentary on the legislation.

Categories
Links Quotations

How to hack a smartphone via radio

Network World:

Encryption keys on smartphones can be stolen via a technique using radio waves, says one of the world’s foremost crypto experts, Paul Kocher, whose firm Cryptography Research will demonstrate the hacking stunt with several types of smartphones at the upcoming RSA Conference in San Francisco next month.

“You tune to the right frequency,” says Kocher, who described the hacking procedure as involving use of a radio device much like a common AM radio that will be set up within about 10 feet from the smartphone. The radio-based device will pick up electromagnetic waves occurring when the crypto libraries inside the smartphone are used, and computations can reveal the private key. “We’re stealing the key as it’s being used,” he says, adding, “It’s independent of key length.”

Kocher says the goal of the hacking demo, which Cryptography Research will demonstrate throughout the RSA Conference at its booth, is not to disparage any particular smartphone manufacturer but to point out that the way crypto is used on devices can be improved.

“This is a problem that can be fixed,” he says, noting Cryptography Research is working with at least one of the major smartphone makers, which he declined to name, on the issues around these types of radio-based attacks.

This is a high level of awesome. I wonder who the major smartphone maker is; Microsoft? Apple?

Categories
Links

Should Microsoft Mandate a Windows Phone Hardware Mute Switch?

testingdavid:

 The audio controls stick to the lock-screen when the phone is locked, in the same screen location but always present to allow even quicker control and obviate the need to tap the volume rocker in order to play, pause or skip on the lock-screen. Interestingly, the “vibrate” or “ring + vibrate” button, which I call the mute switch, does not remain on the lock-screen, and requires that the user press the volume rocker to display it when the phone is locked. This means that to mute a Windows Phone, the user must take the phone out of their pocket, tap the power button, tap the volume rocker, and finally tap the mute switch. With the current iPhone design, the user need only reach into their pocket and flip the hardware switch to prevent all unexpected noises.

The answer to David’s question is clear and unequivocal: YES! While having an excess of rarely needed/used hardware buttons and toggles can diminish the quality of a device, a deficiency of such buttons/toggles can do the same thing. It sounds small, but the ability to rapidly and easily mute a device is a key professional feature of a device.

Categories
Humour Links

The 8 Stages of an All-Nighter

An awesome strip on how far too many essays are produced in University. Very truthful. Very painful.