Group items tagged

"The disclosure points to a problem security researchers have been warning about for years: that despite its reputation for building what is seen by millions of customers as a secure product, some believe Apple's closed culture and fear of negative press have harmed its ability to provide security for those targeted by governments and criminals. "Apple's self-assured hubris is just unparalleled," said Patrick Wardle, a former NSA employee and founder of the Mac security developer Objective-See. "They basically believe that their way is the best way. And to be fair … the iPhone has had incredible success. "But you talk to any external security researcher, they're probably not going to have a lot of great things to say about Apple. Whereas if you talk to security researchers in dealing with, say, Microsoft, they've said: 'We're gonna put our ego aside, and ultimately realise that the security researchers are reporting vulnerabilities that at the end of the day are benefiting our users, because we're able to patch them.' I don't think Apple has that same mindset.""

"Marlinspike's Textsecure has an impeccable reputation as a secure platform, and Whatsapp founder Jan Koum attributes his desire to add security to his users' conversations to his experiences with the surveillance state while growing up in Soviet Ukraine. However, without any independent security audit or (even better) source-code publication, we have to take the company's word that it has done the right thing and that it's done it correctly."

"If mediocre malware can power some of the largest DDoS attacks ever, and considering the sad state of security of the Internet of Things in general, we should probably brace for more cyberattacks powered by our easy-to-hack "smart" Internet of Things, as many, including ourselves, had predicted months ago."

"But when you dive into the code of Meitu, that's where things get interesting. Security researchers have jumped in to assess the photo editing app and found that it was indeed collecting information, including a phone's IMEI number (a handset's unique ID number), and sending it back to remote servers:"

"Security researcher Troy Hunt reports that the snuggly spies, from Spiral Toys, Security researcher Troy Hunt reports that the snuggly spies, from Spiral Toys, "represents the nexus" of the problem with internet-connected appliances and toys: children being recorded, data being leaked, and the technical possibility of surreptitious access to children through networked toys. "The best way to understand what these guys do is to simply watch the video [advertisement for the toy].""

"It happened when Hello Kitty's fan site, SanrioTown.com, had its database accessed in late 2015. Here's the catch - it wasn't hacked. According to security researcher Chris Vickery of Kromtech, no hack was necessary. Vickery stated that pretty much anyone could access, "…first and last names, birthday…, gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers…," and more."

"Carolan, who is 18 and has just completed an art foundation course in Cardiff, decided architecture would be a safer path to follow. "It feels like it will be a more secure degree. Lots of psychology goes into architecture," he says. "You need to understand the core of what you're doing." He is doubtful that images made by artificial intelligence will replace the art exhibited in galleries, but he worries that commercial projects previously requiring a team of artists may in the future need only one to work with AI and neaten up the final product. "The options will probably get limited as time goes on. Personally, I'd find it a bit depressing if there wasn't a human element, but whether or not we'd notice I'm not sure. I always thought things like art would be one of the last things robots would be able to do.""

"So, yes: the internet of things presents many new possibilities, and it would be foolish to dismiss those possibilities out of hand. But we would also be wise to approach the entire domain with scepticism, and in particular to resist the attempts of companies to gather ever more data about our lives - no matter how much ease, convenience and self-mastery we are told they are offering us."

"The significance of the attack on Krebs is that it looks as though many of the attacks on him came from large numbers of enslaved devices - routers, cameras, networked TVs and the like. "Someone has a botnet with capabilities we haven't seen before," says Martin McKeay, Akamai's senior security expert. The DDoS arms race has just moved up a gear."

"Researchers at Incapsula have discovered a botnet that runs on compromised CCTV cameras. There are hundreds of millions, if not billions, of these in the field, and like many Internet of Things devices, their security is an afterthought and not fit for purpose. "

"Now spool forward to the present. One of the things that baffles me is why more people are not alarmed by what Edward Snowden has been telling us about the scale and intrusiveness of internet surveillance. My hunch is that this is partly because - strangely - people can't relate the revelations to things they personally understand."

"While Keenan emphasised the capability was not a centralised biometric database, and was simply an improved way to share information already collected by different Australian jurisdictions, Gregory questioned how these images of Australians will be employed by law enforcement. "It's subtle changes in the way that things are used that need to be debated the most," he said. "In this case, we're talking about using our passport photos for a purpose for which we never gave permission.""

"So when I discovered the pocket of Instagram where you can find out what it thinks you're interested in (on the app, you'll find it under Settings> Security> Access data > Ads), I obviously felt it my duty as a netizen to see what dark insights it had into my private soul. Here goes: jewellery; luxury goods; electronic music; love; emotions; fashion design; crafts. I mean: no offence, Kraftwerk (and loved ones) but I could not name eight things I am less interested in. Maybe oxbow lakes."

"I've got a theory of change I call the "peak indifference" theory. The early stage of a crisis involves trying to convince people that the crisis even exists, because things haven't gotten really terrible yet and it's not obvious that there's anything to really worry about, and the people who profit from the status quo will spend liberally to convince people that there's no reason to worry or change anything (see also: climate change, Facebook, cancer from smoking)."

"This RFID-enabled device allowed its proud new owners to do things such as log into their computer, open doors and purchase food in the office cafeteria with a flick of the wrist. Nearly half of the company's 85 workers had the device implanted when the firm held a "chip party". YIKES!

"We're tempted to file this one under "the more things change, the more they stay the same." A wristband, called Nymi, that taps the user's heartbeat as a biometric marker, will also double as a bitcoin wallet."

"Schools in the UK have experimented with fingerprinting pupils then using that data for tasks including library books and lunch payments. However, the European Commission has questioned the practice, including whether schools can make it compulsory and whether parents can challenge it in court."

"RECHO DOES ONE very simple, little thing: It lets you leave a voice message tied to a location. When other people using the app hit those coordinates, Recho will tell them there's something to listen to. You can use the app to discover different "rechoes" around you, if you actively want to listen in on someone's location-aware thoughts. You can also share interesting soundbytes with your Recho followers. It's a little weird and novel, but ultimately a new way to think about digital exploring a place."