iPhone Archives - Page 2 of 2

Posts

Wednesday Morning: Place Your Bets

March 16, 2016/13 Comments/in Culture, Cybersecurity /by Rayne

About 11:00 a.m. EST today President Obama will announce his nominee to the Supreme Court to fill Antonin Scalia’s seat on the bench.

Apart from Sri Srinivasan, widely mentioned as the likely nominee, who is a possible candidate? Share your guess and then place your bets on Most-Likely Nominee and offer odds on a recess appointment.

Heads up: Your browsing could put you at risk of ransomware
I suppose the news that really big and popular sites were afflicted by ransomware within the last week explains why I had yet another Adobe-brand update pushed at me. Sites affected included The New York Times, the BBC, MSN, and AOL, along with others running a compromised ad network serving ransomware.

PSA: Make sure all your data files are backed up off your PC, and have access to software to rebuild your machine, in case your device is held for ransom.

#AppleVsFBI: Apple filing in California yesterday
Funny how different the characterizations of the 26-page filing. Here’s two:

The Guardian (emphasis mine):

Apple’s lawyers tried to lower the temperature in the company’s fight with the US government on Tuesday, telling a federal judge that America’s Justice Department is well-meaning but wrong in its privacy standoff with the iPhone maker.
Forensic scientist Jonathan Ździarski: “Here, Apple is saying, ‘If it pleases the court, tell the FBI to go fuck themselves.'”

Zika virus: even uglier than expected

Sexual Transmission of Zika More Common Than Previously Believed (Scientific American) — Florida’s new restrictions on abortion and birth control are going to look really horrid in this light.
Evidence grows for Zika virus as pregnancy danger (Science mag)
See also: Likely biological link found between Zika virus, microcephaly (Johns Hopkins Medicine)
Covering Zika in Hushed-Up Venezuela (NYT) — Just because you haven’t heard about Zika, birth defects, and Guillain-Barré syndrome in a particular country doesn’t mean the country is safe from the virus’ spread.

Stray cats, rounded up…

DARPA appeals to Maker/DIY/geek-nerd types, asks them to weaponize everyday devices (IEEE Spectrum) — I find this incredibly creepy; why is DARPA doing this, if the point is to prevent harm to the public from consumer products? Why not FTC/FCC/DOE instead of the military? And what happens to the feckless DIYer who accidentally hurts someone in the course of trying this stuff at home? Will DARPA indemnify them? Or are these informal adjuncts supposed to assume liability though they are doing military and law enforcement research? And what about the participants — will their identities be “harvested” for unspecified use in the future? So much stupid.
US transport secretary Anthony Foxx says, “It’s not a surprise that at some point there would be a crash of any technology that’s on the road,” (The Guardian) — in regards to the recent crash of a Google self-driving car with a bus. If it’s not a surprise, why are these on the road so soon? Don’t argue humans crash; these driverless vehicles are supposed to be BETTER than humans, and the public’s roadways shouldn’t be corporate laboratories.
PA man charged with phishing celeb women to gain access to their personal photos and videos (The Guardian) — Oddly, he’s not charged with distribution of the celebs’ pics in what became known as ‘The Fappening.’ A perfect example of the kind of crime which would be made easier and more widespread if Apple’s security was weakened — and law enforcement struggles with tackling it now.

That’s a wrap, for now, furballs all cleaned out of the holding bins. See you tomorrow morning!

Thursday Morning: Things Are Gonna’ Change

March 10, 2016/19 Comments/in 2016 Presidential Election, automobiles, Culture, Cybersecurity /by Rayne

After Tuesday’s primaries and last night’s Democratic candidates’ debate, surely something will change in messaging and outreach.

And surely something will change on the other side of the aisle given the continued rampage of ‘Someone With Tiny Hands.”

Calls to mind an animated movie popular with my kids a few years ago.

Moving on…

Volkswagen and the Terrible, Horrible, No Good, Very Bad Week

USDOJ subpoenaed VW under recent banking law (CNBC) — This is the first such application of the Financial Institutions Reform, Recovery and Enforcement Act (Firrea) since it was signed into law in 1989 in response to the savings and loan scandal. The law was used to target bank fraud in subprime mortgages after the 2008 financial crisis. (Caveat: that link at CNBC autoplays video. Bad practice, CNBC very bad.)
VW’s US CEO Michael Horn departs with marked haste (Bloomberg) — Huh. Interesting timing, that. A subpoena and an exit inside 48 hours? The phrases “mutual agreement” and “leave to pursue other opportunities” are very telling. IMO, Volkswagen Group’s response to the scandal has been lackluster to obstructionist, and Horn might not want to be the automaker’s sin eater here in the U.S.
Not looking good in Germany for VW, either, as prosecutors expand their investigation (Business Insider) — 17 employees now under scrutiny, up from six.
VW’s South Korean offices raided (Reuters) — Wondered when South Korea would catch up after all the recenty happy-happy about clean diesel passenger vehicle sales.

I feel like I’m telling a child Santa Claus is a lie and the Easter Bunny doesn’t exist, but it’s important to this scandal to grasp this point: There is no clean diesel technology. There is no clean diesel technology coming any time soon. Invoke a little Marcus Aurelius here and look at this situation and its essential nature, by asking why VW cheated and lied and did so for so long.

Because there is no clean diesel technology.

And the clock is tick-tick-ticking — the court case in California gave VW 30 days to come up with a technical solution. Mark your calendar for March 24, people.

A – Apple, B – Bollocks, C – Cannot…

Tech dude says FBI can crack the San Bernardino shooter’s iPhone 5C, but I think he’s really reaching. Can’t get past A-for-Acid etching processor, or A-for-Apple signing FBI-written firmware. Options cited are extremes, and ridiculous considering the FBI screwed up the iPhone’s handling, and there’s likely little useful on the device that can’t be traced using available metadata.
Another dude suggests Apple should compromise on encryption, because France! Where are these tech dude bros coming from? Didn’t they get the message from the Bush years about “cheese-eating surrender monkeys“?
Apple’s head of service worries about FBI forcing Apple to turn on iPhone cameras.

Panopticonic POV

Defense Department used surveillance drones over U.S. for a decade (USA Today) — All legit, though, nothing to see here, move along. Disregard the incomplete list of flights, just trust.
What will happen when your neighbors can buy a StingRay on the cheap to listen in on your cellphone calls? (Bloomberg) — Worse thought: what if they’ve already built one?
If you’re a commercial trucker, chances are anybody can track you (Naked Security) — Read this, especially the pointers at the bottom of the article. (Personal tip from me: If you’re a female trucker, use a gender neutral name or initials in the workplace. Insist your employer respects this practice.)

That’s enough damage for one day. Things have got to change.

Monday Morning: Put Your Pom-poms Down

March 7, 2016/4 Comments/in automobiles, Culture, Cybersecurity /by Rayne

A certain state governor (or his PR team) tweeted a bunch of smack last night during the Democratic presidential candidates’ debate. Like this:

It is to laugh. Every decision made by this administration about Flint has been about money, not about the right thing, and not even about the legal thing.

He put his pom-poms down last week long enough to lawyer up, though. Mm-hmm.

By the way, that’s the NSFW version – here’s the language-sanitized clean version of that video for your office space. Crank the volume and bring it.

All around Apple town

Email provider Lavabit filed an amicus brief in #AppleVsFBI, arguing the FBI’s demands could have adverse affects on businesses:

Such precedence would likely result in many businesses moving their operations offshore, therefore, making it more difficult for law enforcement to obtain even ordinary assistance from such companies…

Wow, sounds familiar, huh? Brief’s worth a read (pdf).
Apple VP of software engineering Craig Federighi wrote an op-ed for yesterday’s WaPo, restating an opinion Apple and many of its supporters already expressed:

“…it’s so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. …”
The stakes get higher in #AppleVsFBI as Apple prepares to launch several new iPhones and an iPad on March 21. We all know a decision by Judge Pym will affect these devices in the future, not just the San Bernardino shooter’s iPhone 5C.
And just to keep Apple users even more on their toes, there’s now Apple ransomware on the loose. So far only Mac devices have been targeted, but it’s only a matter of time before other Apple devices are similarly affected. I’d put my money on higher profile users or those using iPhones to remotely control costly systems.

Quickety-lickety

Wall Streeters took home 9% less in bonuses on average in 2015 (Bloomberg) — How do the French say it…Quel dommage! Don’t forget that Gallic snark on delivery.
You can’t ask another driver what they’re doing, but your car might, using V2V (Fortune) — Last week’s accident involving Google’s self-driving car and a bus suggests vehicle-to-vehicle communication may reduce accidents. (Or just let a human drive using their native adaptive consciousness…)
Revealed at Milan’s car show, Toyota’s Setsuna is an electric vehicle made of wood (Forbes) — Reminds me of an old Chris-Craft boat. I’d love to see one with a similar nautical look.

And on this day in 1876, U.S. Patent 174,465 for Improvement in Telegraphy was granted to Alexander Graham Bell.

What will they write about this day in another 140 years? Do something worth writing about.

Tuesday Morning: Guidance to Be True

March 1, 2016/9 Comments/in automobiles, Culture, Cybersecurity /by Rayne

Now an oldie but goodie, this Fiona Apple ditty. The subtle undertow of irony seems fitting today.

Speaking of guidance…

Google’s self-driving car went boom
Oops. Autonomous vehicles still not a thing when they can’t avoid something the size of a bus. Thank goodness nobody was hurt. Granted, until now Google’s self-driving test cars were not the cause of accidents — human drivers have been at fault far more often. In this particular accident, both the car and the human test driver may have been at fault.

VW’s CEO Mueller spins the (PR) wheels on agreement with U.S.
This is now a habit: before every major international automotive show, VW’s Matthias Mueller grants an interview to offer upbeat commentary on the emissions standards cheating scandal, this time ahead of the 2016 Geneva International Auto Show. Not certain if this is helping at all; there’s not much PR can do when no truly effective technical fix exists while potential liability to the U.S. alone may approach $46 billion. Probably a better use of my time to skip Mueller’s spin and spend my time slobbering over the Bugatti Chiron. ~fanning self~

Apple all the time

Court rules against government in Brooklyn Apple iPhone case (Ars Technica)
Not to be confused with the San Bernardino Apple iPhone case; this case involved a different iPhone model. (Link to Judge Orenstein’s order here.)
List of For/Against/On The Fence in Apple’s pushback against the government (The Guardian)
More obvious separation of Microsoft’s current management from its progenitor.
Law prof Neil Richards says an Apple win against government on First Amendment grounds would be a bad move (MIT Technology Review)
This will surely generate some rebuttals. Worth a read.

#YearInSpace ends this evening for astronaut Scott Kelly
Undocking begins at 7:45 p.m. EST with landing expected at 11:25 p.m. EST, barring any unforeseen wrinkles like negative weather conditions. NASA-TV will cover the event live. Can’t wait to hear results of comparison testing between Scott and his earth-bound twin Mark after Scott’s year in space.

Department of No

Amazon partners with Brita to create WiFi-enabled water filters (CNET) — Just, no.
Doing work or conducting personal business over airline WiFi: bad idea (Ars Technica) — Come on. You know this. Work offline or read a damned book.
Even before the disastrous Aliso Canyon methane leak, U.S. methane emissions greatly underestimated (MIT Technology Review) — Not good. Not at all. We badly need more aggressive effort toward better measurements and remediation.

That’s enough for now. I’m off to be a bad, bad girl. Stay safe.

Thursday Morning: Snowed In (Get It?)

February 25, 2016/8 Comments/in automobiles, Culture, Cybersecurity /by Rayne

[image: Jack Amick via Flickr]

Yes, it’s a weak information security joke, but it’s all I have after shoveling out.

Michigan’s winter storm expanded and shifted last night; Marcy more than caught up on her share of snow in her neck of the woods after all.

Fortunately nothing momentous in the news except for the weather…

Carmaker Nissan’s LEAF online service w-i-d-e open to hackers
Nissan shut down its Carwings app service, which controls LEAF model’s climate control systems. Carwings allows vehicle owners to check information about their cars on a remote basis. Some LEAF owners conducted a personal audit and hacked themselves, discovering their cars were vulnerable to hacking by nearly anyone else. Hackers need only the VIN as userid and no other authentication to access the vehicle’s Carwings account. You’d think by now all automakers would have instituted two-factor authentication at a minimum on any online service.

Researcher says hardware hack of iPhone may be possible
With “considerable financial resources and acumen,” a hardware-based attack may work against iPhone’s passcode security. The researcher noted such an attempt would be very risky and could destroy any information sought in the phone. Tracing power usage could also offer another opportunity at cracking an iPhone’s passcode, but the know-how is very limited in the industry. This bit from the article is rather interesting:

IOActive’s Zonenberg, meanwhile, told Threatpost that an invasive hardware attack hack is likely also in the National Security Agency’s arsenal; the NSA has been absent from discussions since this story broke last week.

“It’s been known they have a semiconductor [fabrication] since January 2001. They can make chips. They can make software. They can break software. Chances are they can probably break hardware,” he said. “How advanced they were, I cannot begin to guess.”

The NSA has been awfully quiet about the San Bernardino shooter’s phone, haven’t they?

‘Dust Storm’: Years-long cyber attacks focused on intel gathering from Japanese energy industry
“[U]sing dynamic DNS domains and customized backdoors,” a nebulous group has focused for five years on collecting information from energy-related entities in Japan. The attacks were not limited to Japan, but attacks outside Japan by this same group led back in some way to Japanese hydrocarbon and electricity generation and distribution. ‘Dust Storm’ approaches have evolved over time, from zero-day exploits to spearfishing, and Android trojans. There’s something about this collected, focused campaign which sounds familiar — rather like the attackers who hacked Sony Pictures? And backdoors…what is it about backdoors?

ISIS threatens Facebook’s Zuckerberg and Twitter’s Dorsey
Which geniuses in U.S. government both worked on Mark Zuckerberg and Jack Dorsey about cutting off ISIS-related accounts AND encouraged revelation about this effort? Somebody has a poor grasp on opsec, or puts a higher value on propaganda than opsec.

Wonder if the same geniuses were behind this widely-reported meeting last week between Secretary of State John Kerry and Hollywood executives. Brilliant.

Case 98476302, Don’t text while walking
So many people claimed to have bumped their heads on a large statue while texting that the statue was moved. The stupid, it burns…or bumps, in this case.

House Select Intelligence Committee hearing this morning on National Security World Wide Threats.
Usual cast of characters will appear, including CIA Director John Brennan, FBI Director James Comey, National Counterterrorism Center Director Nicholas Rasmussen, NSA Director Admiral Michael Rogers, and Defense Intelligence Agency Director Lieutenant General Vincent Stewart. Catch it on C-SPAN.

Snow’s supposed to end in a couple hours, need to go nap before I break out the snow shovels again. À plus tard!

Wednesday Morning: If It Ain’t Baseball, It’s Winter

February 24, 2016/8 Comments/in automobiles, Culture, Cybersecurity /by Rayne

[image: Jimmy Brown via Flickr]

It may be sunny and 90F degrees where you are, but it’s still winter here. A winter storm warning was issued here based on a forecast 12 inches of snow and 35 mph winds out of the northeast off Lake Huron. For once, Marcy’s on the lee side of this storm and won’t be blessed with the worst of this system.

I’ll cozy up in front of the fireplace and catch up on reading today, provided we don’t have a power outage. Think I’ll nap and dream of baseball season starting in roughly five weeks.

Before the snow drifts cover the driveway, let’s take a look around.

Hey Asus: Don’t do as we do, just do as we say
Taiwanese computer and network equipment manufacturer Asus settled a suit brought by the Federal Trade Commission over Asus leaky routers. The devices’ insecurities were exposed when white hat hacker/s planted a text message routers informing their owners the devices were open to anyone who cared to look. Terms of the settlement included submitting to security auditing for 20 years.

What a ridiculous double standard: demand one manufacturer produce and sell secure products,while another government department demands another manufacturer build an insecurity.

Ads served to Android mobile devices leak like a sieve
Researchers with the School of Computer Science at the Georgia Institute of Technology presented their work yesterday at 2016 Network and Distributed System Security Symposium, showing that a majority of ads not only matched the mobile user but revealed personal details:

• gender with 75 percent accuracy,
• parental status with 66 percent accuracy,
• age group with 54 percent accuracy, and
• could also predict income, political affiliation, marital status, with higher accuracy than random guesses.

Still some interesting work to be presented today before NDSS16 wraps, especially on Android security and social media user identity authentication.

RICO – not-so-suave – Volkswagen
Automotive magazine Wards Auto straps on the kneepads for VW; just check this headline:

Diesel Reigns in Korea as Volkswagen Scandal Ebbs

“Ebbs”? Really? Au contraire, mon frère. This mess is just getting started. Note the latest class-action lawsuit filed in California, this time accusing VW and its subsidiaries Audi and Porsche as well as part supplier Bosch of racketeering. Bosch has denied its role in the emissions controls defeat mechanism:

…The company has denied any involvement in the alleged fraud, saying it sold an engine control unit to Volkswagen, but that Volkswagen was responsible for calibrating the unit.

The scandal’s only just getting going when we don’t know who did what and when.

Worth noting Wards’ breathless excitement about VW passenger diesel sales uptick in South Korea. But then Wards ignores South Korea’s completely different emissions standards as well as the specifics in promotions for that market. Details, details…

Splash and dash

Sony Pictures’ hackers still on the prowl (WaPo)
It’s curious how the researchers aren’t willing to pin the ongoing work on North Korea.
Apple iPhone owners and privacy groups held 50 rally events yesterday (Mac Rumors)
Gee, Mr. Gates, when’s the last time Windows users and privacy groups rallied for Microsoft?
BlackBerry launching a cybersecurity consultancy with UK acquisition (TechCrunch)
Doesn’t BB grok their relative security lies in part with their small market share?

Don’t miss Ed Walker’s latest in his series on totalitarianism and Marcy’s fresh exasperation with polling on FBI vs Apple. Wind’s brisk out of the north, bringing the first wave of flurries. I’m off to check the gasoline in the snowblower and wax my snow shovels.

USDOJ: Make Apple Fix Their ‘Brand Marketing Strategy’ for Our Needs

February 20, 2016/42 Comments/in Cybersecurity /by Rayne

(Note: I drafted the following piece Friday after the USDOJ filed its latest motion, but before the latest revelation of law enforcement’s handling of the iPhone at the heart of the case. I’ve added an additional remark set off with emphasis after the disclosure. And now this afternoon’s new development? I can’t with this stuff. ~smh~)

You may imagine me agog after reading the Department of Justice’s motion filed today in the case of San Bernardino shooter Syed Farook’s iPhone. USDOJ believes Apple’s repudiation of its demands to write code in order to allow USDOJ to access the phone’s content by brute forcing the pin “to be based on its concern for its business model and public brand marketing strategy …”

Does the USDOJ understand what a smartphone is, and how it differs from a plain old telephone or even a vanilla cellphone? Are they just screwing with us, or do they simply not understand that smartphones aren’t just communications tools?

<<– For example, this device is designed to contain materials that are important and valuable to its user, including identity documentation, money and other means of payment, keys to access other devices and locations, possibly papers with important notes.

Imagine the USDOJ insisting the wallet’s designer must allocate personnel and resources to redesign and apply a new closure on a single device so that content caught in it will not be destroyed when the closure is opened by USDOJ.

Ridiculous.

<<– Compare now to this device, designed to contain materials that are important and valuable to its user, including identity documentation, money and other means of payment, keys to access other devices and locations, possibly papers with important notes. Only this device may contain entire libraries and businesses.

Imagine the USDOJ insisting the device’s designer must allocate personnel and resources to redesign and apply a new closure on a single device so that content caught in it will not be destroyed when the closure is opened by USDOJ.

Users rely on this device’s inherent closure integrity to secure its contents. This is not merely a “public brand strategy” — it is the essence of the device’s utility, its fundamental nature. The only thing different between these devices is communications capability in the latter, not the former. But users rely on the content of messages to be treated like the content of notes one might put in their wallet or purse — private and secure. Users seeking wallets and smartphones don’t buy them because they are insecure. Smartphone buyers aren’t shelling out $20 for a wallet, and they’re not buying just a communications device. They’re spending hundreds of dollars buying a digital portmanteau to replace their wallet/purse containing their laptop/books/files/photo album/audio player/more. It must be secure for that reason. The investment of time and money reflects this.

Which is why it seems to me — and I am not a lawyer — the government’s demands on Apple to allocate business resources to create an insecurity in a device designed to be secure is unreasonable, even if the insecurity demanded will be used one time as the USDOJ claims.

Worse, this demand by USDOJ is an attempt to remedy a case of bad device management. The specific iPhone in question, used by Syed Farook, was issued by his employer — San Bernardino County. Why didn’t the county issue devices with an administrative override? It’s like issuing a company car but not retaining a spare set of keys if the employee was suddenly terminated. Why should Apple undermine the inherent integrity of its product to resolve a poor case of asset management?

EDIT: And why should Apple invest private resources into compelled speech as software to rectify a screw-up on the part of San Bernardino County and the USDOJ in their inept handling of the single iPhone in question once the device had been retrieved from the suspect?

It doesn’t matter if, as USDOJ swears, this compelled reverse engineering is written and applied only once. That it would have been done at all establishes a precedent, allowing the U.S. government (and others!) a foothold to demand companies allocate resources to service the government, while undermining the inherent integrity of their products.

What might this do over the long run to Apple’s investment in Apple Pay — literally a wallet-alternative payment technology based on iPhone?

A wallet that retains its contents isn’t just “brand marketing strategy.” It’s the innate purpose of a wallet — and the same with devices we now use as digital wallets.

There is another larger conversation we must have about the evolution of technology and the inability of our laws to keep apace.
Consider Maryland Attorney General Brian E. Frosh’s recent brief in which he maintained persons carrying a cellphone into a store had no expectation of privacy, “because [the suspect Andrews] chose to keep his cell phone on, he was voluntarily sharing the location of his cell phone with third parties.” But cellphones — more specifically, smartphones — are the convergence of our entire desks. We do not expect by keeping them turned on that we have given third parties entrée to our desks unless we have pointedly been asked and given permission. People don’t just walk around holding their wallets and backpacks open for inspection by anyone who chooses to snoop.

But smartphones are the convergence of our entire desks. We do not expect by keeping them turned on that we have given third parties entrée to our desks unless we have pointedly been asked and given permission. People don’t just walk around holding their wallets and backpacks open for inspection by anyone who chooses to snoop.

Unfortunately, we the people have not negotiated our expectations by way of legislation. Law enforcement and the military both are operating in the gap we’ve left in our social contract, a hole where our expectations have not been established. Are we suffering from future shock about the technology we expect and use? More than likely, and our legal system is slower than we are, suffering even more so. But because no law clearly tells them, “This is a personal desk with access to remote files — both node ends and the transmission between are private,” law enforcement and the military will simply assume they can ask anything they want.

This includes demanding a smartphone manufacture to create an insecurity in digital wallet technology.
__________
Here are a few articles related to the USDOJ’s demand on Apple I find particularly interesting:

Preliminary thoughts on the Apple iPhone order in the San Bernardino case (Part 1) (Orin Kerr, Volokh Conspiracy-WaPo)
Preliminary thoughts on the Apple iPhone order in the San Bernardino case: Part 2, the All Writs Act (Orin Kerr, Volokh Conspiracy-WaPo)
Apple, the FBI, iPhones, and the Extended Mind Hypothesis (Gordon Hull, New Apps Blog)
Not a Slippery Slope, but a Jump of the Cliff (Nicholas Weaver, Lawfare)
Can the Government Compel Apple to Speak? (Andrew Keane Woods, Lawfare)
Apple, the FBI, and the San Bernadino iPhone (Dan Wallach, Freedom to Tinker)
Why Tim Cook is right to call court-ordered iPhone hack a “backdoor” (Dan Goodin, Ars Technica)
[Update from emptywheel] Why This iPhone? (me! Slate)

(Disclosure: I own shares of AAPL. Adder: IMO, the embedded video is already anachronistic, behind technological evolution. Many of us, including myself, do most of their work on smartphones/phablets/tablets.)

Wednesday Morning: Quelle couleur est-ce?

February 17, 2016/20 Comments/in Culture, Cybersecurity /by Rayne

[image: Leo Reynolds via Flickr]

I think vestigially there’s a synesthete in me, but not like a real one who immediately knows what colour Wednesday is. — A. S. Byatt

A lot of people will ask what day it is today, but few will ask what color.

Ed Walker put up a great post late last evening, one that deserves more oxygen. Do check it out.

Hospital held hostage for millions by ransomware
Hey Hollywood! A hospital in your backyard has been “infected” with ransomware, their enterprise system tied up until administration coughs up $3.6 million.* Didn’t see that coming, huh? Law enforcement is involved, though if they haven’t managed to resolve other smaller ransomware attacks, they won’t solve this before it critically affects patients’ care.

This is a pretty good (if unfortunate) example of business continuity crisis. Remember Y2K and all the hullaballoo about drills and testing for enterprise failure? We still need that kind of effort on a regular basis; how do you run your biz if all electronics go dark, for any reason?

(* US articles say $3.6M; CAN article linked says $5M. Currency difference, or an increase in the demand?)

Google found critical vulnerability in GNU C Library
“CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow” Huh? What? If you read Google’s blog post about this yesterday, you were probably scratching your head. Some Googlers struggle with writing in plain English. Here’s what tech news outlets interpreted from that google-degook:

Ars Technica: “Extremely severe bug leaves dizzying number of software and devices vulnerable”
BBC: “Glibc: Mega bug may hit thousands of devices”
Threatpost: “Critical glibc Vulnerability Puts All Linux Machines at Risk”

In a nutshell, if you’re running Linux, patch your systems, stat.

Petroleum’s still a problem

Iran’s not going along with Saudi-Russia-OPEC agreement on oil production limits. Iran wants to return to pre-sanction production levels before it makes any concessions.
Oil glut and tanked prices creates secondary challenges. Saudi’s youth now have entirely different prospects for employment now that oil cannot guarantee national wealth or careers with good pay. Will this cause political volatility in RSA? Wonder what will happen in smaller oil-producing countries like Venezuela and Ecuador?
Weird outliers buck trend: Indian oil producer Chennai had a strong Q3, and First American Bank more than doubled its stake in oil development firm Anadarko. Neither of these stories make sense when oil prices have and are plummeting and show no solid sign of improvement in the next year-plus.

TBTF is still too TBTF
Neel Kashkari, Minneapolis Fed Reserve president, called for the breakup of Too-Big-to-Fail banks yesterday, as they are still a risk to the economy. Didn’t see that coming from a fed president, especially Kashkari.

Biggest tech story today: Judge ordered Apple to help hack San Bernadino gunman’s phone
Apple’s been fighting government pressure on backdoors to its products. The fight intensified after federal judge Sheri Pym ordered Apple to cooperate with the FBI to unlock encryption on a county-owned phone used by San Bernadino gunman Syed Farook. Begs the question why any government agency — local, state, or federal — would ever issue a phone with encryption the government could not crack in the first place. Seems like one answer is a government- and/or business-specific encryption patch to iOS: [IF phone = government-issued, THEN unlock with government-issued key]. Same for business-issued phones. Your own personal phone, not issued by a government agency or business? No key, period.

Phew. That’s enough for a Wednesday. Hope we can coast downhill from here.

A Good Reason to Encrypt Your iPhone: To Prevent DEA from Creating a Fake Facebook Account

October 7, 2014/24 Comments/in FISA, Informants /by emptywheel

At Salon yesterday, I pushed back against the Apple hysteria again. In it, I look at the numbers that suggest far more Apple handsets are searched under the border exception than using warrants.

Encrypting iPhones might have the biggest impact on law enforcement searches that don’t involve warrants, contrary to law enforcement claims this is about warranted searches. As early as 2010, Customs and Border Patrol was searching around 4,600 devices a year and seizing up to 300 using what is called a “border exception.” That is when CBP takes and searches devices from people it is questioning at the border. Just searching such devices does not even require probable cause (though seizing them requires some rationale). These searches increasingly involve smart phones like the iPhone.

These numbers suggest border searches of iPhones may be as common as warranted searches of the devices. Apple provided account content to U.S. law enforcement 155 times last year. It responded to 3,431 device requests, but the “vast majority” of those device requests involved customers seeking help with a lost or stolen phone, not law enforcement trying to get contents off a cell phone (Consumer Reports estimates that 3.1 million Americans will have their smart phones stolen this year). Given that Apple has by far the largest share of the smart phone market in the U.S., a significant number of border device searches involving a smart phone will be an iPhone. Apple’s default encryption will make it far harder for the government to do such searches without obtaining a warrant, which they often don’t have evidence to get.

Almost 20% of Americans this year will have an iPhone, and that number will be far higher among those who fly internationally. If only 20% of 5,000 border searches involve iPhones, then there are clearly more border iPhone searches than warranted ones.

Meanwhile, we have an appalling new look at what law enforcement does once it gets inside your smart phone. A woman in Albany is suing DEA because — after she permitted DEA to conduct a consensual search of her phone — DEA then took photos obtained during the search, including one of her wearing only underwear, and made a fake Facebook page for her with them. They even sent a friend request to a fugitive and accepted other friend requests. They also posted pictures of her son and niece, on a site intended to lure those involved in the drug trade.

And they consider this a legitimate law enforcement activity!

In a court filing, a U.S. attorney acknowledges that, unbeknownst to Arquiett, Sinnigen created the fake Facebook account, posed as her, posted photos, sent a friend request to a fugitive, accepted other friend requests, and used the account “for a legitimate law enforcement purpose.”

The government’s response lays out an argument justifying Sinnigen’s actions: “Defendants admit that Plaintiff did not give express permission for the use of photographs contained on her phone on an undercover Facebook page, but state the Plaintiff implicitly consented by granting access to the information stored in her cell phone and by consenting to the use of that information to aid in an ongoing criminal investigations [sic].”

To be sure, DEA and FBI would still be able to obtain consensual access to phones, as they did in this case, by threatening people with harsher charges if they don’t cooperate (which appears to be how they got her to cooperate).

But this demonstrates just how twisted is the government’s view of legitimate use of phone data. The next time you hear a top officer wail about pedophiles, you might ask whether they’re actually the one planning to post sexy pictures.

John McCain and iPhone’s Sick Chinese Workers

March 7, 2011/in Economics /by emptywheel

The buzz today focuses on John McCain’s latest gaff: in his weekly Sunday show appearance with Christiane Amanpour yesterday, he claimed that iPhones and iPads are made in the US.

Host Christiane Amanpour spoke about her network’s project to empty a house of goods that are not made overseas.

McCain responded:

“I think it’s obviously a recognition of the reality and the trends, that cheaper, lower-cost labor products will usually prevail over products made in higher wage and income countries. I would also point out that if you emptied that house–if you had left a computer there or an iPad or an iPhone–those are built in the United States of America.”

So everybody’s been having a lot of fun laughing at the ignorance of the guy with the 10 houses again.

But in spite of the fact that, in an earlier segment, the Steelworkers’ Leo Gerard described safety and environmental problems with goods imported from China, I’ve seen no mention of the fact that the workers at one Chinese iPhone plant were all getting sick because an iPhone manufacturer, Wintek, switched to n-hexane rather than alcohol to make the manufacturing process seconds faster.

Last summer, workers began fainting on the job and dozens made their way to the hospital. The company started testing workers and found mass exposure: Wintek says 62 employees had confirmed nerve damage from inhalation exposure to n-hexane, which the company admits it used illegally for nearly a year in the production process. The illness, a form of peripheral neuropathy, came on so slowly that most didn’t know they were ill until it was serious. Workers say others were sickened, but left the factory without treatment.

Their troubles began in October 2008, when Wintek’s Suzhou factory introduced n-hexane to clean touch screens in the final stages of production. According to the local government, the company lacked necessary permits to handle the toxin, which dries more quickly than alcohol, shaving seconds from production time and speeding up the line.

[snip]

Each worker was required to clean 1,000 screens per day, dipping cotton cloths into a tray of hexane, swabbing the glass screens carefully and moving on, according to workers interviewed by GlobalPost. Over the course of a 12-hour shift, workers said one person would go through six trays of n-hexane, protected only by latex gloves and simple cotton masks — nothing close to the equipment that Chinese safety standards require for handling the chemical.

[snip]

So what do these workers, who earned about $220 a month and lost nearly a year of their lives to illness, think of customers who buy the products that made them sick?

“I haven’t really thought about it before,” says the woman in the pink pajamas, pausing to consider.

Then, she decides, and says in a steady voice: “It would be good for the people who use those phones so happily to consider the sacrifice we made.” [my emphasis]

This is not just about what an out-of-touch fool McCain is, or the importance of making something here in the US again. There are also real consequences for the people that make it easier for Apple to get rich off of the latest gadgets by manufacturing in China.