Thursday Morning: War All The Time

/4 Comments/in , , /by

War All The Time — seems appropriate now, and it’s been more than a dozen years since this song was released. Also rather pathetic that MTV censored a reference to suicide in this tune, like a drop of merthiolate on a gaping wound.

Say it isn’t so, girl! Wendy’s investigating possible breaches
On the face it, this doesn’t sound like a corporate-wide cybersecurity event. It may be confined to specific stores. But fast food chain Wendy’s contracted a security firm to look into unauthorized credit card charges made to cards used at their stores. Wendy’s joins Jimmy John’s and Chick-Fil-A in the growing list of compromised fast food chains.

Ransomware infects Israel’s Electric Authority
No outage has been reported as a result of ransomware infection of Israel’s electrical power system via phishing. Computers may have been isolated from the system’s network, though. The full extent of the malware’s impact is difficult to determine from reports available online; some likened this to the cyberattack on a Ukrainian power plant, and others called this a hacking, though neither description appears to fit well.

California struggles with self-driving car regulations
Oh dear Cthulhu…this bit:

Google has concluded that human error is the biggest risk in driving, and the company wants to remove the steering wheel and pedals from cars, giving people minimal ability to take over.

But computers never, ever make mistakes, right? No wonder California is struggling with this…but no. Even though Google’s DeepMind AI mastered GO a decade early, it can’t master California’s highways.

New high-speed wireless internet service launched by former Aereo CEO
Using microwave technology, new gigabit internet service provider Starry will begin in Boston this year once the FCC approves a limited test run in 15 cities. For now, this looks like a solution for urban areas, but it could be an alternative in rural areas where existing telecoms/ISPs fail to provide high-speed internet in spite of federal funds allocated to expand coverage. Imagine using wind turbine towers for Starry microcells to carry gigabit service to rural America.

All right, everybody back to the front, back to the foreverwar.

Wednesday Morning: Adulting is Hard

/10 Comments/in , , , /by

While looking for Wednesday, I discovered there’s a video short series based on a grownup version of Wednesday Addams character. Cute, though from Wednesday’s POV becoming an adult isn’t all the fun one might expect.

So much for those carefree days when one could leave all the bad news and difficult choices to parental figures. It was all an illusion there were ever any grownups in charge.

Playstation moves to U.S. as Sony melds and migrates interactive entertainment divisions
What’s this really all about? Does this consolidation of Sony Computer Entertainment with Sony Network Entertainment and their move to California as Sony Interactive Entertainment allow better collaboration with Sony Pictures? Or does this allow for easy access by U.S. government entities suspicious of Playstation Network as a potential terrorist communications platform? Or is this a means to secure a leaky business by pulling more of Sony Group inside a single network? Sony explained SIE will “retain and expand PlayStation user engagement, increase Average Revenue Per Paying Users and drive ancillary revenue” — but that sounds like fuzzy vapor to me.

Bent spear? Oh, THAT bent spear…” Air Force review omits report of damage to nuke
I hope like hell President Obama has already called someone on the carpet and asked for heads to roll. Not reporting a “bent spear” event in a review of U.S. nuclear force isn’t exactly a little boo-boo. A “bent spear” in 2007 spawned a rigorous investigation resulting in a large number of disciplinary actions including resignations and removals from duty.

Zika virus: risk to U.S. mounting
There have been more non-locally transmitted cases of Zika virus here in the U.S. as another Latin American country warns women against pregnancy. Not to worry, it’s not like Ebola, relax, we’ve been told…except that we’ve seen this playbook before, where there were casualties as a pandemic began before either federal or state agencies took effective action. In the case of Zika, we may not see mortalities; casualties may be serious birth defects following a rapid spread with mosquito season. Fortunately President Obama has now asked for more accelerated research into Zika, though we may not see results before Aedes mosquito season hits its stride this year. For more information about this virus, see the CDC’s Zika website.

EU seeks hefty fines in draft law to overhaul auto industry regulations
At fines of €30,000 (£22,600) per vehicle found in violation, the EU might get some results out of proposed regulations governing automotive emissions standards. But the problem hasn’t been the lack of EU standards — it’s the inability to validate and extract compliance when so many member states are willing to turn a blind eye to their constituent manufacturers’ failings in order to preserve employment. Can the EU make these fines stick once new regulations are passed?

By the way, Consumer Reports published a really snappy overview of the VW emissions scandal. Worth a read.

Con Edison’s creaky website leaves online customers exposed
You’d think by now after all of the successful hacks on business and government websites that companies would catch a clue. But no, not in the case of Con Edison. Read the article here so you know what to watch for at other websites; all of ConEd’s site’s links do not open fully encrypted connections. This is a really easy thing to fix, should be the very first thing every single business allowing customers to log in or pay online should check.

Heading out to act like an adult for the next eight hours. Maybe less.

Tuesday Morning: Chasing the Clouds Away

/9 Comments/in , , /by

Hope by this afternoon all the major thoroughfares are clear and transportation nearly back to normal along the east coast. You’d think by now we’d have developed and installed self-maintaining highways that melt ice and snow, right?

For now, let’s dig.

A former Goldman Sachs exec parts company with CenturyLink
They called it “creating an environment that was unproductive,” and maybe it was — a diversified telecom organization may not be a great fit for an investment banker, leading to some less-than-productive discussions. But a nearly unanimous vote said Joseph Zimmel, retired GS exec, should not apply for re-election to CenturyLink’s board of directors. Wonder if the rumored-but-not-completed acquisition of Rackspace had anything to do with this rocky situation?

Retail Mixed Bag: Wal-Mart retrenches, Staples rethinks, Shoes.com kicks butt
The Arkansas-based retailer is closing up its 102 Wal-Mart Express stores, as well as a few of its full-sized stores. Were the smaller stores simply too much overhead, or were they cannibalizing sales from larger stores, or did Amazon finally cut into Wal-Mart’s sales enough that Wal-Mart needed to reduce?

Staples, one of the two largest big box office supply retailers, changed up some of its senior management while indicating it may back out of its proposed merger with the other mega office supply retailer, Office Depot. The merger has not received approval yet from the USDOJ. This unresolved deal may be a bigger liability in terms of expense by now, especially when all retail sales have slowed down.

Shoes.com is looking for cash to make some acquisitions. This Canadian online shoe retailer is bucking the retail trend with a strong uptick in sales in spite of stiff competition from Zappos and Amazon.

All three retailers mirror a turn-down in consumption — even Shoes.com. If retail was doing well, there’d be less need to close brick-and-mortar stores or buy up market share.

Six GOP Senators suck up to ISPs while annoying broadband users
Quel surprise: a handful of GOP Senators sent a letter to the FCC saying that standard broadband speeds are arbitrary, and most users don’t need the current baseline speed.

I’d like to know why some tech media won’t name names. Fortunately, The Hill listed the signatories. Senators Roy Blunt (MO), Steve Daines (MT), Deb Fischer (NE), Cory Gardner (CO), Ron Johnson (WI) and Roger Wicker (MS) wrote,

“Looking at the market for broadband applications, we are aware of few applications that require download speeds of 25 Mbps … Netflix, for example, recommends a download speed of 5 Mbps to receive high-definition streaming video, and Amazon recommends a speed of 3.5 Mbps.”

The stupid, it burns almost as much as the visible corporate whoring. Like nobody in their world has multiple users in a household sharing service or online gamers or emerging technology which does need increasingly higher speeds. Hope these folks aren’t on committees for cybersecurity issues — wait, what? Every one of these six dipschitz is on the Senate Commerce Subcommittee on Communications, Technology, Innovation, and the Internet. ~screaming into pillow~

I can’t with this. I must change gears or go insane. Keep the wheels on the road, kids.

Monday Morning: Get a Pick and Shovel

/4 Comments/in , /by

Mississippi John Hurt’s lyrics seem appropriate this morning — get a pick and shovel to dig your way out of all that snow and ice this Monday morning.

Getting a late start here because I stayed up watching the X-Files revival.

Apple iMessage users’ content at risk if backed up to iCloud
While iMessages themselves use end-to-end encryption, the same content when backed up to iCloud is encrypted by an Apple-controlled key. As many as 500 million users have data in iCloud services, at risk of exposure. You’d think after The Fappening, Apple users would be more leery about enabling iCloud backup.

Network problems affect NFL’s Microsoft Surface tablets, left New England Patriots in the dark
Wow, right down to the “last defensive possession” and *blip* — nothing on the Surface tablets for Pats’ coaches to show their players. Not the first time there’ve been problems with this technology, either. NFL’s network problems are blamed for the loss of play information, but Microsoft’s tablets are taking the brunt of it. Have to wonder why there wasn’t adequate redundancy to ensure network burps would not affect the game. Can’t fault the tablets or the network outage for the delay of X-Files on FOX, though, since the Patriots vs. Broncos were on CBS.

Donald Rumsfeld, video game designer
One of the last things I ever expected to see in my feed: Donald Rumsfeld, former Secretary of Defense under George W. Bush, designed a video game. It’s an obscure form of solitaire attributed to Winston Churchill. “…I’ve signed off on something they call ‘UX’,” Rumsfeld said. Heaven help us.

I’m deferring my date with a shovel for later today and crawling back into bed. Stay safe and warm, gang.

Friday Morning: Thank a Goddess

/5 Comments/in , , /by

[image: Frigg Spinning Clouds, c. 1900, by John Charles Dollman via Wikimedia.org]

[image: Frigg Spinning Clouds, c. 1900, by John Charles Dollman via Wikimedia.org]

Yeah, you can thank Frīġe for her dæġ — Friday is her day. Frigg, Frea, or Freyja, has been lumped into sky-and-weather-goddesses category though I don’t recall running across a folktale about her actually doing weather-y stuff.

Hope you were prepared for snow if you live in eastern U.S.; Frigg won’t be as much help to you as a decent snow shovel. Same with keeping the kids busy on a snow day. Maybe you could coax them into writing a story about Frigg calling up a snow storm, replete with drawings?

Speaking of weather…and climate…
These news stories suggest snowpocalyptic events here in the U.S. aren’t the only unusual conditions affecting the way we do business today.

  • South African’s wine production will be affected by recent wildfires. Wonder if Australia’s will be, too? Oh definitely, by too much rain as well as drought and bushfires.
  • Milder than usual weather hurt retail spending in UK. Lucky for our former British overlords we’ve exported our Black Friday to give them a temporary boost in sales.
  • The worst drought in two decades spurs Zimbabwe to seed clouds. Ugh. Not good. If they’re seeding there, what happens to rainfall in Mozambique, Malawi, and Madagascar?

Note: My spell check app offers “snowpocalypse” and “snowpocalypses” after I wrote “snowpocalyptic” — even spell check insists mega-sized snowstorms are now a regular occurrence.

Dutch tech firm Philips’ sale of Lumileds division halted
No specific details were shared, but the Senate Committee on Foreign Investment in the United States (CFIUS) blocked the sale of Philips’ California-based lighting component manufacturing subsidiary. Note the article refers to “Asian buyers,” and mentions further down the story that Chinese firms were involved in the buyers’ consortium.

Seems odd this sale was blocked by CFIUS, but not that of chipmaker OmniVision Technologies last May, or Freescale Semiconductor in March (though perhaps the previous owners of Freescale may have been a factor).

Military vendor for AV and building systems sold devices with backdoor
Not only a hidden backdoor, but packet sniffing capabilities found in the AMX brand NX-1200 model building controls device.

But backdoors are a good thing, right? No?

That’s a wrap on this week. Hope those of you along the east coast expecting heavy snow are prepared with ample alcoholic beverages for what appears to be a long weekend. Make an offering to Frigg and see if it helps. Offer another to the person who shoveled your snow.

Thursday Morning: Trouble, We Haz It

/4 Comments/in , /by

[screensnap: José James at AllSaints Basement Session (video not available for embed)]

[screensnap: Jose James at AllSaints Basement Session (video not available for embed)]

Quite literally I went looking for Trouble, and I found this video by José James from the AllSaints Basement Sessions. Might be the first time looking for trouble paid off.

Drug makers struggle with ‘supply and demand’ concept
Speaking of trouble, the World Economic Forum meets at Davos, Switzerland this week to engage in its annual circus of the wealthy. Big Pharma piped up and said it wants money to develop antibiotics to replace/augment their current lineup to which bugs have become resistant. Extortion, much?

Hello? Your drugs don’t work any longer, which means sales will go down. They don’t work because you oversold them, jackasses. You don’t get to change ‘supply and demand’. Your incentive is and always has been profits, which only happen if you sell a working product. Too bad you screwed your golden goose — and us.

Here’s an idea: in the meantime, the U.S. government should fund a competing government-owned drug research and manufacturing facility the way it funds DARPA. The public will benefit directly from the research it bought, and if private drug companies can do better, even using freely available public research, they can knock themselves out.

Still want incentives? Sure. We get a chunk of the company in exchange for a handout, just like General Motors. Now beat it and get back to research or bean counting, whatever it is you really do.

Speaking of drugs, Chinese caught spying on pharmaceutical firm GlaxoSmithKline
Along with four others, a senior-level manager and biotechnology expert based at Glaxo’s Pennsylvania facility was charged with conspiracy, wire fraud, money laundering, and theft of trade secrets. An interesting spin on this story is the involvement of a twin sibling used in money laundering. Glaxo has been at the heart of a couple other corruption stories in China, including reports of bribery and industrial espionage. These Glaxo-related stories all read like telenovela scripts.

Hey, look! A leaky backdoor built into encrypted phone calls
Shocking, just SHOCKING, that a backdoor might be so flawed that a single master key could allow the holder access to ALL phone calls in an encrypted system. It’s not shocking that GCHQ is pushing this system’s security protocol it developed in-house.

Android phones used for banking may be infected with two-factor defeating malware
Wow. This is pretty creepy. You’d think your voice would be your bond in banking, but it can be used to access your account even though your voice is part of a two-factor authentication system. Android.bankosy is the bug in question; better read this article because it’s pretty complex stuff.

Internet of Things via search engine — including your Things?
You want more creepy trouble? Here you go — but I sure hope your home doesn’t appear in these webcam feeds.

That’s enough trouble for now. Make some of your own.

Wednesday Morning: Whac-A-Mole

/5 Comments/in , /by

Can’t bop them on the head fast enough. There are just too many issues popping up. See which ones you can nail.

And GO!

Video popularity in Facebook’s ‘walled garden’ means change for news outlets
This is not good. This is AOL’s model come full circle. Increasingly Facebook is shutting down access from outside, forcing news outlets to move inside, and to produce video instead of text content in order to fight for attention. Numerous outlets are affected by this trend, including the former AOL (now Huffington Post). The capper is Facebook’s persistent tracking of any users, including those who click on Facebook links. What will this do to general election coverage? Facebook really needs effective competition — stat.

Weather and bad flu season raised French deaths above WWII’s rate
Wow. I knew the flu was bad last year, but this bad? Ditto for Europe’s weather, though the heat wave last summer was really ugly. Combined, both killed more French in one year than any year since the end of World War II, while reducing overall life expectancy.

FDA issues guidelines on ‘Postmarket Management of Cybersecurity in Medical Devices’ for comment
Sure hope infosec professionals jump all over this opportunity to shape policy and regulation. Imagine pacemakers being hacked like a Chrysler 300, or reprogrammed without customer knowledge like a VW diesel, or surveilling user like a Samsung smart TV…

UK’s Cameron says one thing, UK’s arms dealers another with sales of £1Bn arms to Saudi Arabia
Can’t. Even. *mumbles something about pig porker*

“The day after the prime minister [David Cameron] claimed to be ‘trying to encourage a political process in Yemen’ and declared ‘there is no military solution in Yemen’, official figures reveal that in just the three months July to September, the government approved the sale of over £1bn worth of bombs for the use of the Royal Saudi Air Force. …

[Source: The Guardian]

Lack of transparency problematic in fatal French drug trial
Like talking to a brick wall to get answers about the drug involved in one death and five hospitalizations after 94 subjects were given an experimental drug. On the face of it, simultaneous rather than staggered administration may have led to multiple simultaneous reactions.

Canadian immigrant helped two Chinese soldiers attempt theft of U.S. military aircraft plans
You want to know how ‘chaining’ works? Here’s a simple real world example allegedly used to spy on U.S. military aircraft: Identify a key node in a network; identify the node’s key relationships; sniff those connections for content and more key nodes. A Chinese immigrant in aircraft biz, located in Vancouver, shares email addresses of key individuals in the industry with Chinese officers. They, in turn, attempt to hack accounts to mine for plans, which their contact in Vancouver vets.

Now ask yourself whether these key individuals are in or related to anyone in the Office of Personnel Management database.

Ugh. Keep whacking those moles.

Tuesday Morning: Flip Off

/29 Comments/in , , /by

Flip off a few caps; Death came for a few more well-loved artists. Rest well, Glenn Frey, Dale Griffin, Dallas Taylor. Gonna’ be one heck of a band on the other side. [Edit: Mic Gillette, too? Stop already, Grim Reaper, check your targeting.]

Hope the cull is done because obituaries are not my thing. Hard to type and sniffle copiously at the same time.

GM Opel dealers may be altering emissions control software on Zafira diesel cars
Great, just great. Like GM didn’t have enough on its plate with the ignition switch debacle. A Belgian news outlet reports GM Opel dealers have been changing the software on the 2014 Zafira 1.6l diesel engine passenger vehicles in what looks like a soft recall. This comes on the heels of an EU-mandated recall of Zafira B models due to fires caused by bad electronics repairs. Sorry, I don’t speak Dutch, can’t make out everything in this video report. What little I can see and read doesn’t look good. Wouldn’t be surprised if the EU puts the hurt on GM Opel diesel sales until all are fixed to meet EU emissions regulations. Should also note that a different electronics manufacturer may be involved; images online of ECUs for late model Zafiras appear to be made by Siemens — unlike Volkswagen’s passenger diesel ECUs, which are made by Bosch.

Texas manufacturer swindled out of cash by fraudulent email request, sues cyber insurer
AFGlobal, based in Houston, lost $480,000 in May 2014 after staff wired funds based on orders in emails faked by crooks overseas. The manufacturing company had a cyber insurance policy with a subsidiary of the Chubb Group, and filed a claim against it. The claim was denied and AFGlobal filed suit. This isn’t the first such loss nor the first such lawsuit. Companies need to create and publish policies documenting procedures for authorizing any online payments, including two-step authentication of identities, and review overall spending authorization processes with an eye on audit trails.

Ukrainian officials say Kiev’s main airport hacked
Hackers who attacked Ukrainian power companies in late December are believed to be responsible for the malware launched on Kiev’s airport servers. There are very few details — okay, none, zero details — about the attack and its affect on airport operations. A military spokesman only said “the malware had been detected early in the airport’s system and no damage had been done,” and that the malware’s point of origin was in Russia. Among the details missing are the date the attack was discovered and how it was detected as well as the means of removal.

Hold this thought: FBI still looking for info on cable cuts, with eye to Super Bowl link
Remember the post last summer about the 11 communications cable cuts in the greater San Francisco Bay Area near Silicon Valley? This is a hot issue again, given the impending Super Bowl 50 to be held at Levi’s Stadium in Santa Clara. But reports now mention 15 or 16 cuts, not 11 — have there been more since last summer, or were there more not included in the FBI’s request for information? I’ll do some digging and post about this in the near term.

All right, carry on, and don’t drink all the añejo at once.

Monday Morning: So Good to Me

/14 Comments/in , , /by

Yeah, Mondays start off well as we emerge from the safe warm cocoon of our beds to begin our day. But Monday evenings are a different kettle of fish.

Like this Monday — we’ve enjoyed a weekend’s cozy glow from soft power exercised through diplomacy now that the IAEA kicked off the new Joint Comprehensive Plan of Action (JCPOA). By mid-morning the flying monkey hoard of dissent will saturate media, making a cesspool out of the evening news.

Can hardly wait. Meanwhile…

Un grupo de 66 accionistas de Volkswagen
I admit my command of Spanish is weak, but even at first glance this article didn’t look good for VW. A group of shareholders—again? Let’s translate:

A group of 66 shareholders of Volkswagen (VW) take legal action against the German automaker after the company distorted evidence of greenhouse gas emissions. The complaint will be presented this week, according to the British newspaper Financial Times.

El Pais reports this is the second class-action lawsuit against VW in relation to the emissions controls defeat technology; plaintiffs for this suit are believed to be investment banks. However there were dozens of class action suits in the U.S. as of last fall, including dealerships stuck with rapidly depreciating but unsalable inventory.

A second article in El Pais also noted VW’s Mueller announced additional investment in its Tennessee-based plant after apologizing to the U.S. for the emissions control ‘trick’ (this last word was ‘trucaje‘ in Spanish). VW has now lost marketshare in the EU for the first time in eight years.

USDOT, NHTSA, Automakers agree on Proactive Safety Principles — including improved cybersecurity
Seems rather feel-good in a non-binding sort of way, but USDOT and NHTSA managed to convince automakers to agree to collaborate on vehicle safety and cybersecurity. The agreement announced last week at Detroit’s auto show coordinates with the Obama administration’s proposed $4 billion budget earmark for automated vehicle research and development.

I still can’t see the benefit in individual autonomous cars over public mass transit. My gut says this White House-driven effort at coordination is really aimed at cybersecurity — and surveillance. And no mention of the Three Laws of Robotics, either.

Formic acid fuel cell to power Dutch students’ car
Now this is a great bit of automotive and alternative energy news. Students at Eindhoven University of Technology in the Netherlands are working on automotive fuel cells powered by formic acid instead of hydrogen. Much of the fuel cell technology to date relies on hydrogen, but the problem has been hydrogen generation and storage. This challenge has stymied fuel cell-powered cars for nearly two decades. Formic acid could be handled like gasoline; it is fairly easy to produce from wood pulp and other fibrous plant mass, or by catalysis, and is low in toxicity, though care must still be used in its handling.

Given the potential application beyond vehicles, I’d rather see investment in this line of automotive research.

U.S.-China Economic and Security Review Commission looking into China’s military robots
Since the 1990s there have been a number of organized cyber attacks originating in China which seek out military and industrial content. China’s recently-developed military robots look an awful lot like those developed by QinetiQ. USCESRC is hiring researchers to assess China’s current robotics capabilities, and how much of this capability arose from U.S. sources.

The article in NextGov about USCESRC’s effort characterizes QinetiQ as a “Pentagon contractor.” Funny, that.

Enjoy your peaceful Monday morning while it lasts.

Friday Morning: Damned Long Week Done

/30 Comments/in , /by

If another artist of note has died, don’t tell me. After losing David Bowie and now Alan Rickman this week, I can’t deal. We should have had another 20 years with these guys. I can think of some people I’d trade to have them back, can’t you?

JetBlue had a boo-boo: temporary data center service outage for airline
At least, that’s what was reported — JetBlue’s data center provided through Verizon went down yesterday for a couple of hours. I’m having a really tough time believing there wasn’t adequate fail-over. Hope the FAA is all over this. JetBlue’s customers must have been very angry, frustrated, and worried.

Microsoft ended support for Windows 8 on Tuesday
Yikes! Somehow in all the discussion about Microsoft ending support for all of its Internet Explorer versions except for the most current edition, I missed the end of support for the original Windows 8 as of this week’s Patch Tuesday.

If you updated your system to Windows 8.1, it’s all good. That version is still supported.

App uses wearables to identify love interest based on heartbeat
I am shaking my head as I type this. There’s no hope for humans when we turn over one of the most fundamental human processes over to machines. Is this really even human? Slap on your FitBit, check out your one curated candidate, check your heart rate. If it’s elevated, you reach out to see if they are interested.

Absolutely pathetic. Riddled with flaws. What if a user consumed too much caffeine, or had a stressful day at work, resulting in a tetchy heartbeat? What about all the other non-visual clues we use to identify candidates worth approaching? Ugh. This brave new world sucks.

Make mine with Svedka. Skip the olives, don’t bother with the vermouth. Skål!