recentpopularlog in

jtyost2 : technology   1929

« earlier  
Smart speaker recordings reviewed by humans
Amazon, Apple and Google all employ staff who listen to customer voice recordings from their smart speakers and voice assistant apps.

News site Bloomberg highlighted the topic after speaking to Amazon staff who "reviewed" Alexa recordings.

All three companies say voice recordings are occasionally reviewed to improve speech recognition.

But the reaction to the Bloomberg article suggests many customers are unaware that humans may be listening.

The news site said it had spoken to seven people who reviewed audio from Amazon Echo smart speakers and the Alexa service.
privacy  technology  software  hardware  surveillance  business  amazon.com  AmazonAlexa  AppleSiri 
13 days ago by jtyost2
Thumb drive carried by Mar-a-Lago intruder immediately installed files on a PC | Ars Technica
A Secret Service official speaking on background told Ars that the agency has strict policies over what devices can be connected to computers inside its network and that all of those policies were followed in the analysis of the malware carried by Zhang.

"No outside devices, hard drives, thumbdrives, et cetera would ever be plugged into, or could ever be plugged into, a secret service network," the official said. Instead, devices being analyzed are connected exclusively to forensic computers that are segregated from the agency network. Referring to the thumb drive confiscated from Zhang, the official said: "The agent didn’t pick it up and stick it into a Secret Service network computer to see what was on it." The agent didn't know why Ivanovich testified that the analysis was quickly halted when the connected computer became corrupted.

Monday's hearing raised yet another question about Secret Service security. Adler, the public defender representing Zhang, got agent Samuel Ivanovich to admit that "the agency that protects the president largely relied on Mar-a-Lago staff to determine whether to admit her, didn't see red flags in the devices she carried, and asked no further questions of Zhang once they believed she was related to another club member with the same last name—which is extremely common in China."

Expect more scrutiny of the event, the resulting investigation, and the lax policies that led to the breach to continue, possibly for months to come.
SecretService  government  technology  hardware  software  malware  china  MarALago  usa  security 
15 days ago by jtyost2
Did The U.S. Just Lose Its War With Huawei?
"There are two things I don’t believe in," Chancellor Angela Merkel said on Tuesday, referring to Germany's standoff with the United States over Huawei's inclusion in her country's 5G rollout. "First, to discuss these very sensitive security questions publicly, and, second, to exclude a company simply because it’s from a certain country."

Europe now seems likely to settle on 'careful and considered' inclusion of Huawei instead of any blanket bans. Chancellor Merkel stressed this week that a joined-up EU response would be "desirable", and Italy and the U.K. are also backing away from Washington's prohibition on Huawei's 5G technology. If they fold, it is likely the broader European Union will follow suit. And if those key European allies can't be carried, what chance Asia-Pacific, Africa, the Middle East?

There comes a tipping point in any battle, and with this one, we may be just about there. Even as the head of the U.S. European Command told the Armed Services Committee "we’re concerned about [Germany's] telecommunications’ backbone being compromised... If [Huawei] is inside of their defense communications, then we’re not going to communicate with them," the industry was delivering a very different message.

"We’ve not seen any evidence of backdoors into the network,” said Vodafone’s most senior lawyer in the U.K. “If the Americans have evidence, please put it out on the table.”

What Vodafone and other industry leaders have to say carries serious weight. Governments will be swayed by the network operators, and so the telecoms industry will likely decide Huawei's fate. They control investments and 5G rollout schedules. They also have the technical expertise and talk glowingly about the Chinese manufacturer's innovation. The company filed more patents than anyone else last year: “An all-time record by anyone,” the WIPO director general told reporters.
usa  china  technology  telecommunications  hardware  business  economics  privacy  Huawei  germany  UnitedKingdom  EuropeanUnion 
18 days ago by jtyost2
Netflix confirms it killed AirPlay support, won’t let you beam shows to Apple TVs anymore
With no warning and little explanation, Netflix has removed the easiest way to sling its shows from one Apple device to another: AirPlay.

Netflix confirmed to The Verge that it pulled the wireless casting feature this past week, due to what it’s calling a “technical limitation.” But it’s not the kind of technical limitation you’d think.

You see, Apple recently partnered with most of the major TV brands to allow AirPlay 2 to send shows directly to their 2019 TV sets with a firmware update later this year, but a Netflix spokeperson tells me AirPlay 2 doesn’t have digital identifiers to let Netflix tell those TVs apart — and so the company can’t certify its users are getting the best Netflix experience when casting to those new sets.

So now, it’s throwing out the baby with the bathwater and pulling the plug on AirPlay, period. “We can’t distinguish which device is which, we can’t actually certify the devices... so we’ve had to just shut down support for it,” a Netflix spokesperson says.

To be clear, that means Apple TV set-top box users can no longer cast Netflix, either.
apple  software  technology  netflix 
18 days ago by jtyost2
Turns out Amazon buying Eero wasn’t the startup success story we thought
When Amazon bought mesh Wi-Fi router company Eero, our first reactions were of exhaustion, consternation and concern: why couldn’t a tiny company with an excellent privacy-minded product be left to its own devices, instead of getting snapped up by the big data giant from Seattle?

Now, we know why. Mashable reports that Amazon paid just $97 million for Eero, far less money than the $148 million it reportedly raised as a startup. That’s something you don’t do unless your business is in trouble, and it means Amazon may have actually saved Eero from a different fate.

The Verge can confirm that $97 million number, by the way, as well as many of the others in Mashable’s story — we’ve seen similar documents, and we believe they’re the real deal. Eero declined to comment.

There are many potential side effects to the fact that Amazon purchased Eero in a fire sale rather than at a profit, and Mashable’s report details some of them, like how Eero’s executives are making out like bandits with multi-million dollar golden parachutes, while rank-and-file employees are now sitting on worthless stock options — or worse, shares they purchased for $3 that are now worth $0.03 each. It’s a cautionary tale about how stock options work.

But — and we’re very deep in speculation territory now — I’m curious if it also means that we should expect less from Eero, under Amazon, than we might have if it were more of a success story for the startup. If Amazon was able to pay so little for Eero, it may well have smaller ambitions for the company, and it would be that much easier to justify killing it off as a failed experiment if anything goes wrong.
amazon.com  business  technology  hardware  software  eero  stock 
19 days ago by jtyost2
Verizon said it turned on 5G wireless in two cities. Here’s what it is, and who can access it.
Verizon said Wednesday it had turned on its ultrafast 5G wireless network in parts of Chicago and Minneapolis, though it will be available only to certain subscribers who pay a fee and own a compatible smartphone.

The move makes Verizon the first wireless carrier in the United States to flip the switch on speedy, smartphone-ready 5G service in select urban areas, the company said in a statement, though other U.S. carriers including AT&T, Sprint and T-Mobile have pledged to do the same in the coming months.
verizon  technology  mobile  hardware  AT&T  sprint  tmobile 
21 days ago by jtyost2
Small stickers on the ground trick Tesla autopilot into steering into opposing traffic lane
Researchers from Tencent Keen Security Lab have published a report detailing their successful attacks on Tesla firmware, including remote control over the steering, and an adversarial example attack on the autopilot that confuses the car into driving into the oncoming traffic lane.

The researchers used an attack chain that they disclosed to Tesla, and which Tesla now claims has been eliminated with recent patches.

To effect the remote steering attack, the researchers had to bypass several redundant layers of protection, but having done this, they were able to write an app that would let them connect a video-game controller to a mobile device and then steer a target vehicle, overriding the actual steering wheel in the car as well as the autopilot systems. This attack has some limitations: while a car in Park or traveling at high speed on Cruise Control can be taken over completely, a car that has recently shifted from R to D can only be remote controlled at speeds up to 8km/h.

Tesla vehicles use a variety of neural networks for autopilot and other functions (such as detecting rain on the windscreen and switching on the wipers); the researchers were able to use adversarial examples (small, mostly human-imperceptible changes that cause machine learning systems to make gross, out-of-proportion errors) to attack these.

Most dramatically, the researchers attacked the autopilot's lane-detection systems. By adding noise to lane-markings, they were able to fool the autopilot into losing the lanes altogether, however, the patches they had to apply to the lane-markings would not be hard for humans to spot.
Tesla  software  security  hardware  research  technology 
23 days ago by jtyost2
Apple cancels AirPower product, citing inability to meet its high standards for hardware | TechCrunch
Apple has canceled the AirPower product completely, citing difficulty meeting its own standards.

“After much effort, we’ve concluded AirPower will not achieve our high standards and we have cancelled the project. We apologize to those customers who were looking forward to this launch. We continue to believe that the future is wireless and are committed to push the wireless experience forward,” said Dan Riccio, Apple’s senior vice president of Hardware Engineering in an emailed statement today.

After a delay of over a year since it was first announced in September of 2017, the AirPower charging mat has become something of a focal point for Apple’s recent habit of announcing envelope tickling products and not actually shipping them on time. The AirPods, famously, had a bit of a delay before becoming widely available, and were shipped in limited quantities before finally hitting their stride and becoming a genuine cultural moment.
apple  hardware  technology  engineering  software  AirPower 
26 days ago by jtyost2
Pence calls for NASA to send humans to the moon within five years
Vice President Pence on Tuesday called for American astronauts to return to the lunar surface within five years, a bold and exceedingly difficult challenge that would push NASA to its limits.

In a fiery speech in Huntsville, Ala., Pence repeatedly said the space agency needs to act with a renewed sense of urgency to land humans on the moon for the first time since 1972. And he cast the mission as part of a new space race against superpowers such as Russia and China, which landed a spacecraft on the far side of the moon earlier this year.

But most of all, Pence said NASA and its major programs have been stifled by a crippling bureaucracy that prevented the agency from moving more boldly in human exploration.

“It's not just competition against our adversaries,” Pence said. “We're also racing against our worst enemy: complacency.”

Pence did not provide details on how the agency would achieve landing humans on the moon in the five-year time frame, a monumental goal NASA had been hoping to achieve by 2028. He provided no details on the cost or how the mission would unfold. He added that he had learned the details of NASA’s plans only five minutes before stepping onstage.

NASA did not immediately respond to a request for more details about the plan or how it would be funded.
politics  nasa  space  science  technology  MikePence  government 
27 days ago by jtyost2
You want AIs with that? McDonald's buys into machine learning
McDonald's is buying an artificial intelligence start-up to help serve up data-driven meal choices.

The technology developed by Israeli start-up Dynamic Yield can automatically change menus depending on the weather, time of day and traffic.

McDonald's is reported to be paying $300m (£227m) for the tech firm.

Number-plate recognition would also allow it to offer customers at drive-throughs their usual food order, McDonald's told Wired.

Dynamic Yield's technology would allow AI to determine what products are promoted, for example automatically suggesting McFlurry ice cream on hot days, or telling customers which items are already proving popular at that particular restaurant that day.

Most McDonald's outlets in the US are drive-throughs which is where the restaurant chain is planning to roll out the technology first.
technology  software  mcdonalds  business  advertising 
27 days ago by jtyost2
Huawei Security ‘Defects’ Are Found by British Authorities
A British review of Huawei found “significant” security problems with the Chinese company’s telecommunications equipment, a conclusion that supports a United States effort to ban it from next-generation wireless networks.

The British report, released on Thursday, said there were “underlying defects” in Huawei’s software engineering and security processes that governments or independent hackers could exploit, posing risks to national security. While the report did not call for an outright ban of Huawei equipment, it was endorsed by the country’s top cybersecurity agency.

The conclusions buttress the Trump administration’s push to convince its allies that Huawei, the world’s largest maker of telecommunications equipment, creates grave risks to national security. The White House has accused Huawei of being an arm of the Chinese government that can be used for spying or to sabotage communications networks, a charge that Huawei has vehemently denied.

But the American push has run into hurdles. Many countries, including Britain, have resisted the effort to ban Huawei, arguing that the risk can be mitigated. It is a critical time for wireless carriers as they prepare to spend billions of dollars to introduce next-generation wireless networks, known as 5G, which governments see as essential infrastructure for a rapidly digitizing global economy.

The British report highlights broader challenges facing many countries. While Huawei products may pose cybersecurity risks, the company is a key provider of the equipment needed to build 5G networks. If countries issue an outright ban, they could face costly delays in adopting the technology that not only will increase the download speeds of mobile phones but is expected to create breakthroughs in manufacturing, transportation and health care. And Huawei is already a central part of many countries’ telecommunications networks, making a ban logistically difficult.
Huawei  security  china  UnitedKingdom  usa  technology  hardware  software  telecommunications 
27 days ago by jtyost2
Apple apologizes for continued reliability problems with its MacBook keyboards
Apple responded to the criticism by quietly adding a rubber membrane to its third revision of the keyboard, which was meant to keep out the dust and other particles that had, somehow, led to keys becoming completely unusable on prior models. The company never publicly acknowledged it was there for that purpose, but a leaked service document confirmed as much. Apple went on to launch an extended repairs program for all styles of the butterfly-switch keyboard before the “fix” was implemented. (MacBook Pro models released in 2018 and thereafter are not eligible for this program — nor is the revamped MacBook Air.)

iFixit found Apple’s solution to be an improvement in defending against debris, but it was far from perfect, with particles like sand still able to get through and jam up the butterfly mechanism. But reports of key problems have persisted even with the third-generation keyboard. Stern wrote her column without the letters E and R to illustrate how annoying the problem is. Daring Fireball’s John Gruber similarly held back no punches when linking to the Journal’s story. He said “I consider these keyboards the worst products in Apple history. MacBooks should have the best keyboards in the industry; instead they’re the worst. They’re doing lasting harm to the reputation of the MacBook brand.”

Apple’s apology is at least a recognition that this is still a problem, though the company is simultaneously trying to give the impression that it’s not a big deal. That’s not good enough. Apple will have to make some legitimate design changes over the coming months to finally distance itself from this narrative and, as Gruber said, the sinking reputation of its laptop keyboards. These are premium machines with keyboards that just aren’t up to par.
apple  hardware  technology  keyboard  laptop 
28 days ago by jtyost2
Mastercard Sees Other Banks Ditching Credit Card Numbers Like Apple Did
This week, Apple Inc. introduced the Mastercard Inc.-branded Apple Card, which won’t have a number on the physical card as a way to improve security in case a customer loses it. That could encourage other banks to also ditch the static number in favor of more secure limited-use numbers, said Craig Vosburg, president of North America for Mastercard.

“We want security to be at the highest level possible across the ecosystem, and we want to do that in ways that don’t introduce friction and make payments inconvenient for consumers,” Vosburg said in an interview Tuesday with Bloomberg Television.

Craig Vosburg, president of North America at Mastercard
business  creditcard  AppleCard  ApplePay  software  technology  security  mastercard 
29 days ago by jtyost2
How GMU students’ eating habits changed when delivery robots invaded their campus
In the first days after a fleet of 25 delivery robots descended on George Mason University’s campus in January, school officials could only speculate about the machines’ long-term impact.

The cooler-size robots from the Bay Area start-up Starship Technologies — which were designed to deliver food on demand across campus — appeared to elicit curious glances and numerous photos but not much else.

It was clear, officials said at the time, that more time and more data would be necessary to understand whether the robots would change the campus culture or become a forgettable novelty.

Today, some of that data emerged for the first time. In the two months since the robots arrived at the Fairfax, Va.-based school, an extra 1,500 breakfast orders have been delivered autonomously, according to Starship Technologies and Sodexo, a company that manages food services for GMU on contract and works closely with the robots.

“Research has shown that up to 88 percent of college students skip breakfast, primarily because of lack of time, but that number is starting to turn around when delivery robots arrive on campus,” Starship Technologies said in a statement released Monday.

“This follows a similar pattern seen at corporate campuses where delivery robots were added,” the statement added, referring to an uptick in breakfast orders.
college  nutrition  diet  technology 
4 weeks ago by jtyost2
Apple launches its own credit card and TV shows
Apple is launching its own credit card, Apple Card, in the US this summer.

There will be both an iPhone and physical version of the card, with a cashback incentive on every purchase.

The tech giant also unveiled a new TV streaming platform, Apple TV+, with content from existing services like Hula alongside original material from high profile stars and directors.

It revealed a new gaming portal and enhanced news app as well, in an event to showcase its new focus on services.

The credit card will have no late fees, annual fees or international fees, said Apple Pay VP Jennifer Bailey.

It has been created with the help of Goldman Sachs and MasterCard.

The event was held in California and Apple Chief Executive Tim Cook was clear from the start that the announcements would be about new services, not new devices.

It is a change of direction for the 42-year-old tech giant.
apple  business  software  technology  television  creditcard 
4 weeks ago by jtyost2
Autonomous shuttle to be tested in New York City
Boston start-up Optimus Ride will run vehicles on private roads at the Brooklyn Navy Yard site located on New York's East River.

The shuttle will help workers get around the large site.

Self-driving vehicles are being widely trialled around the world, but vehicles sometimes crash and some regulators have halted tests.

The company would not be drawn on details about the initial deployment.

In an email to technology site The Verge a spokesperson wrote: "The fleet of self-driving vehicles at the Brooklyn Navy Yard and Paradise Valley estates will increase throughout the deployment period."

They added that the cars are designed to operate in "environments of 25mph."
newyorkcity  technology  automotive  software  selfdrivingtech 
4 weeks ago by jtyost2
Chrome to patch loophole that allows sites to block Incognito mode users
Future versions of Chrome will fix a loophole that lets websites detect and block users who attempt to access them using the browser’s Incognito mode, reports 9to5Google.

As well as not storing any local records of your browsing history, Chrome’s Incognito mode stops websites from being able to track you using cookies. However, because so much of the web’s ad revenue relies on this tracking data, some sites, such as The Boston Globe and MIT Technology Review, prevent you from reading their articles if you visit them using this mode.

Most sites do this by trying to use the “FileSystem” API, which is disabled while using Incognito mode because it allows permanent files to be created. However, recent commits to Chromium’s source code, which were first spotted by 9to5Google, show that the browser will soon trick websites into believing its FileSystem API is always operational.

When sites request to use the API when the browser is in Incognito mode in the future, Chrome will no longer return a conspicuous error. Instead, it will create a virtual file system in RAM. This will then get deleted at the end of your Incognito session, so that no permanent record can be created.
GoogleChrome  privacy  api  software  browser  technology  advertising 
4 weeks ago by jtyost2
Video-conferencing company Zoom files for IPO with over $300 million in sales and even a profit
Zoom, which provides video-conferencing software that can be used across devices, filed its IPO prospectus on Friday, joining a crop of Bay Area start-ups preparing to hit the public markets.

Unlike most tech companies at this stage, Zoom is profitable.

In the fiscal year that ended Jan. 31, Zoom had a net income of $7.6 million on $330.5 million in revenue, according to a regulatory filing. Revenue was up 118 percent from the prior year.

Zoom will trade on the Nasdaq under the symbol ZM and is initially looking to raise as much as $100 million, though that number will likely change.

Zoom has gained popularity by creating an easy-to-use service that works smoothly on mobile devices and is affordable for small groups and teams, which has created a wide and diversified customer base. The company said that its top 10 customers account for less than 10 percent of revenue. Its thousands of clients include Conde Nast, Uber and Williams-Sonoma.

Zoom cites Cisco's Webex, Microsoft's Skype, Google and LogMeIn as its competitors, and says that Amazon and Facebook "have in the past and may in the future make investments in video communications tools."

Zoom relies on its own data center infrastructure and also uses the Amazon Web Services and Microsoft Azure public clouds.

Zoom was founded in 2011 and is based in San Jose, California, with more than 1,700 employees. Emergence Capital is Zoom's biggest outside stakeholder, with 12.5 percent ownership, followed by Sequoia at 11.4 percent. Founder and CEO Eric Yuan, who was previously a vice president at Cisco, owns 22 percent.
zoom  business  technology  stock 
4 weeks ago by jtyost2
Just discovered the most INSANE thing. The ORDER OF THE EPISODES for Netflix's new series Love Death & Robots changes based on whether Netflix thinks you're gay or straight.
Just discovered the most INSANE thing. The ORDER OF THE EPISODES for Netflix's new series Love Death & Robots changes based on whether Netflix thinks you're gay or straight.
netflix  algorithm  privacy  gender  datamining  machinelearning  software  technology  culture 
5 weeks ago by jtyost2
Myspace, which still exists, accidentally deleted 12 years’ worth of music
It took a while for people to even notice that all this music was gone, and it doesn’t seem as though Myspace is particularly contrite about it. A different Reddit user posted in a tech support subreddit a year ago, sharing a screenshot of a terse email exchange with Myspace. This user had asked why the Myspace media player wasn’t able to play music from 2007 to 2011, suggesting that the files were missing. Initially, the company wrote that it was a known issue with no specific date for resolution; then the spokesperson pivoted and responded, “Due to a server migration files were corrupted and unable to be transferred over to our updated site. There is no way to recover the lost data. Thanks, Myspace.”

“After years of relaunches, redesigns, data breaches and general neglect,” Herrman wrote months ago, “many Myspace users have lost the ability to contact their former selves.” You could argue that a hemorrhaging of old files shouldn’t surprise or upset these users too much at this point, and that looking at the dusty, jumbled mess the platform had turned into should have been more than enough of a suggestion to go ahead and back up whatever files they didn’t want to lose.

But that’s clearest only now — at the moment when all these tech companies that had implicitly promised to provide a platform for creative works forever started taking things back.
Myspace  business  technology  information  music  culture  history 
5 weeks ago by jtyost2
On Spotify’s Complaints About the App Store
Overall, Apple’s response isn’t very convincing to me. There are still 2 fundamental problems with the App Store: exclusive distribution and exclusive payment. In that post from 8 years ago, I concluded with:

Apple, want to charge 30%? Go for it. Want to make the submission rules more strict? Fine. Want to adjust how you run the App Store to reflect what’s happening in the market? No problem. Just give developers an out. We are going to be back here year after year with the latest controversy until exclusive app distribution is fixed.

I think I’ve been proven right about this. This issue will never go away until Apple allows side-loading or makes it easier to let customers pay outside the App Store. In the meantime, I’ve been arguing for a 15% cut instead of 30% for all paid downloads and in-app purchase, which would go a long way to making this easier for developers.
apple  legal  business  software  technology  spotify 
5 weeks ago by jtyost2
Two-thirds of all Android antivirus apps are frauds | ZDNet
An organization specialized in testing antivirus products concluded in a report published this week that roughly two-thirds of all Android antivirus apps are a sham and don't work as advertised.

The report, published by Austrian antivirus testing outfit AV-Comparatives, was the result of a grueling testing process that took place in January this year and during which the organization's staff looked at 250 Android antivirus apps available on the official Google Play Store.

The report's results are tragicomical --with antivirus apps detecting themselves as malware-- and come to show the sorry state of Android antivirus industry, which appears to be filled with more snake-oilers than actual cyber-security vendors.
android  antivirus  software  mobile  technology  GoogleAndroid 
5 weeks ago by jtyost2
Facebook’s Data Deals Are Under Criminal Investigation
The disclosures about Cambridge last year thrust Facebook into the worst crisis of its history. Then came news reports last June and December that Facebook had given business partners — including makers of smartphones, tablets and other devices — deep access to users’ personal information, letting some companies effectively override users’ privacy settings.

The sharing deals empowered Microsoft’s Bing search engine to map out the friends of virtually all Facebook users without their explicit consent, and allowed Amazon to obtain users’ names and contact information through their friends. Apple was able to hide from Facebook users all indicators that its devices were even asking for data.

Privacy advocates said the partnerships seemed to violate a 2011 consent agreement between Facebook and the F.T.C., stemming from allegations that the company had shared data in ways that deceived consumers. The deals also appeared to contradict statements by Mark Zuckerberg and other executives that Facebook had clamped down several years ago on sharing the data of users’ friends with outside developers.

F.T.C. officials, who spent the past year investigating whether Facebook violated the 2011 agreement, are now weighing the sharing deals as they negotiate for a possible multibillion-dollar fine. That would be the largest such penalty ever imposed by the trade regulator.

Facebook has aggressively defended the partnerships, saying they were permitted under a provision in the F.T.C. agreement that covered service providers — companies that acted as extensions of the social network.

The company has taken steps in the past year to tackle data misuse and misinformation. Last week, Mr. Zuckerberg unveiled a plan that would begin to pivot Facebook away from being a platform for public sharing and put more emphasis on private communications.
facebook  privacy  apple  google  microsoft  samsung  business  legal  advertising  technology  hardware  software  socialmedia  socialnetwork  crime  ethics  government 
6 weeks ago by jtyost2
Creating the Blockade Runner Engine Look for Rogue One | Industrial Light & Magic
Artist Todd Vaziri explains how the team arrived at the Blockade Runner engine look for 'Rogue One'.

Today our guest writer is Todd Vaziri, Lead Artist at ILM who chronicles how the Blockade Runner engine shot from Rogue One: A Star Wars Story went from idea to reality:

I was thrilled to get to work on this shot with my friend and frequent collaborator, ILM lighter Tom Martinek. (Leia’s Blockade Runner escapes, tying Rogue One directly to the start of Star Wars (1977)? Yes, please!) We loved bringing this moment to life. It was a thrill to be able to help create the updated look of a classic ship we haven’t seen on screen since 1977. Also, it’s fun to realize that pretty much no one agrees how to pronounce “Tantive IV.”
art  technology  software  rogueone  starwars  animation  visualeffects  movie 
6 weeks ago by jtyost2
What was the world wide web like 30 years ago?
Dial-up tone, clunky websites and AOL free trial CDs - it's clear that the earliest versions of the world wide web came with quirks and frustrations. Thirty…
technology  history  worldwideweb  software 
6 weeks ago by jtyost2
Opinion | If Stalin Had a Smartphone
When people have a smartphone in their hand, they feel that they should have a voice, that they should be broadcasting, that they should have agency and dignity. When they discover they are caught in an information web that is subtly dominating them, they react. When they realize that ersatz information webs can’t really create the closeness and community they crave, they react.

Angry movements and mobs arise spontaneously. What you get is a system of elite domination interrupted by populist riots.

Human history is a series of struggles for power. Every few generations, just for fun, the gods give us a new set of equipment that radically alters the game. We thought the new tools would democratize power, but they seem to have centralized it. It’s springtime for dictators.
technology  privacy  culture  security  humanrights  freedom 
6 weeks ago by jtyost2
Drop Huawei or See Intelligence Sharing Pared Back, U.S. Tells Germany
The Trump administration has told the German government it would limit the intelligence it shares with German security agencies if Berlin allows Huawei Technologies Co. to build Germany’s next-generation mobile-internet infrastructure.

In a letter dated Friday and seen by The Wall Street Journal, U.S. Ambassador to Germany Richard A. Grenell wrote to Germany’s economics minister that the U.S. wouldn’t be able to keep intelligence and other information sharing at their current level if Germany allowed Huawei or other Chinese vendors to participate in building the country’s 5G network.

This marks the first time the U.S. has explicitly warned its allies that refusing to ostracize Huawei could have consequences on these countries’ security cooperation with Washington. European security agencies have relied heavily on U.S. intelligence in the fight against terrorism for instance.
DonaldTrump  politics  germany  diplomacy  Huawei  china  technology  hardware  security 
6 weeks ago by jtyost2
Man told he's going to die by doctor on video-link robot - BBC News
A doctor in California told a patient he was going to die using a robot with a video-link screen.

Ernest Quintana, 78, was at Kaiser Permanente Medical Center in Fremont when a doctor - appearing on the robot's screen - informed him that he would die within a few days.

A family friend wrote on social media that it was "not the way to show value and compassion to a patient".

The hospital says it "regrets falling short" of the family's expectations.

Mr Quintana died the next day.
health  ethics  privacy  technology  healthcare  medicine  communication  empathy 
6 weeks ago by jtyost2
Cybersecurity Insurance Not Paying for NotPetya Losses - Schneier on Security
Cybersecurity Insurance Not Paying for NotPetya Losses This will complicate things: To complicate matters, having cyber insurance might not cover everyone's…
insurance  security  hardware  technology  software  business 
6 weeks ago by jtyost2
How To Spoof PDF Signatures
One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is not trusted" warning shown by the viewer - and asked ourselfs:

"How do PDF signatures exactly work?"

We are quite familiar with the security of message formats like XML and JSON. But nobody had an idea, how PDFs really work. So we started our research journey.

Today, we are happy to announce our results. In this blog post, we give an overview how PDF signatures work and on top, we reveal three novel attack classes for spoofing a digitally signed PDF document. We present our evaluation of 22 different PDF viewers and show 21 of them to be vulnerable. We additionally evaluated 8 online validation services and found 6 to be vulnerable.

In cooperation with the BSI-CERT, we contacted all vendors, provided proof-of-concept exploits, and helped them to fix the issues and three generic CVEs for each attack class were issued: CVE-2018-16042, CVE-2018-18688, CVE-2018-18689.
pdf  security  technology  software 
6 weeks ago by jtyost2
Huawei Sues U.S. Government Over What It Calls an Unfair Ban
The Chinese electronics giant Huawei sued the United States government on Wednesday, arguing that it had been unfairly and incorrectly banned as a security threat.

The lawsuit will force the government to make its case against the company more public, but it could also leave Huawei vulnerable to deeper scrutiny of its business practices and relationship with the Chinese government.

The United States has argued that Huawei poses a risk because its equipment could be used by the Chinese authorities to spy on communications and disrupt telecommunications networks. That position has led major wireless carriers in the United States to avoid Huawei’s equipment.

Huawei denies the allegations and says the lawsuit is meant to prove it does not engage in such practices. The company’s plans to file the lawsuit were first reported Monday by The New York Times.
Huawei  china  usa  security  hardware  technology  cellnetwork  privacy  lawsuit  legal 
6 weeks ago by jtyost2
Uber 'not liable' for self-driving death
Uber will not face criminal charges for a fatal crash involving one of its self-driving cars. Prosecutors have ruled that the company is not criminally liable…
uber  safety  crime  technology  hardware  software  business  legal  lawsuit  SelfDriving  automotive 
6 weeks ago by jtyost2
North Korea Has Started Rebuilding Key Missile-Test Facilities, Analysts Say
The news of rebuilding at Tongchang-ri first emerged hours after Mr. Kim returned home on Tuesday from Hanoi.

Speaking to lawmakers behind closed doors at South Korea’s National Assembly on Tuesday, officials from its National Intelligence Service indicated that North Korea had been rebuilding the Tongchang-ri facilities even before the Hanoi summit, South Korean news media reported on Wednesday.

North Korea has not conducted any nuclear and missile tests since November 2017. Mr. Trump has cited that as a key achievement of his policy of imposing tough sanctions, which he said forced North Korea to return to the negotiating table.

“Based on commercial satellite imagery, efforts to rebuild these structures started sometime between February 16 and March 2, 2019,” 38 North, a website specializing in North Korea analysis, said in a report about the Tongchang-ri facilities on Tuesday.
northkorea  usa  military  technology  nuclear  diplomacy 
7 weeks ago by jtyost2
Netflix responds to Oscars and Steven Spielberg backlash
Netflix has defended itself against a backlash to its Oscars run after some filmmakers - including Steven Spielberg - have criticised its films being in the…
netflix  technology  movie  StevenSpielberg 
7 weeks ago by jtyost2
The Latest in Creepy Spyware - Schneier on Security
The Latest in Creepy Spyware The Nest home alarm system shipped with a secret microphone , which -- according to the company -- was only an accidental secret :…
hardware  technology  software  security  privacy 
7 weeks ago by jtyost2
With USB 4, Thunderbolt 3’s benefits become open to all
Photo by Vlad Savov / The Verge Hot on the heels of USB 3.2 receiving a confusing Gen 2x2 suffix , the USB Implementers Forum (USB-IF) has today announced USB…
standards  hardware  technology  usb  thunderbolt 
7 weeks ago by jtyost2
Volvo is limiting its cars to a top speed of 112 mph - The Verge
Volvo announced on Monday that it will be limiting the top speed on all of its vehicles to 180 km/h (112 mph) in a bid to reduce traffic fatalities. The new speed limit will be implemented on all model year 2021 cars, the company said.
volvo  safety  technology  hardware  software  automotive 
7 weeks ago by jtyost2
I held the future in my hands, and it was foldable
Huawei’s zealousness about keeping journalists’ hands off its new Mate X foldable phone slipped a little today, and I got to hold and fold it for myself. The…
hardware  technology  software  mobile 
8 weeks ago by jtyost2
5G networks: Trump says US shouldn't block technology
US President Donald Trump has said he wants the US to become a technology leader through competition rather than by blocking others. Mr Trump said American…
usa  legal  technology  hardware  china  Huawei 
8 weeks ago by jtyost2
You Give Apps Sensitive Personal Information. Then They Tell Facebook.
Millions of smartphone users confess their most intimate secrets to apps, including when they want to work on their belly fat or the price of the house they…
facebook  privacy  legal  ethics  technology  software 
8 weeks ago by jtyost2
Essays: U.S. Enables Chinese Hacking of Google - Schneier on Security
Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here isn't that Chinese hackers engage in these activities or that their attempts are technically sophisticated -- we knew that already -- it's that the U.S. government inadvertently aided the hackers.

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.
google  privacy  security  encryption  technology  china 
january 2016 by jtyost2
Own a Vizio Smart TV? It’s Watching You - ProPublica
TV makers are constantly crowing about the tricks their smart TVs can do. But one of the most popular brands has a feature that it’s not advertising: Vizio’s Smart TVs track your viewing habits and share it with advertisers, who can then find you on your phone and other devices.

The tracking — which Vizio calls “Smart Interactivity” — is turned on by default for the more than 10 million Smart TVs that the company has sold. Customers who want to escape it have to opt-out.

In a statement, Vizio said customers’ “non-personal identifiable information may be shared with select partners … to permit these companies to make, for example, better-informed decisions regarding content production, programming and advertising.”

Vizio’s actions appear to go beyond what others are doing in the emerging interactive television industry. Vizio rivals Samsung and LG Electronics only track users’ viewing habits if customers choose to turn the feature on. And unlike Vizio, they don’t appear to provide the information in a form that allows advertisers to reach users on other devices.

Vizio’s technology works by analyzing snippets of the shows you’re watching, whether on traditional television or streaming Internet services such as Netflix. Vizio determines the date, time, channel of programs — as well as whether you watched them live or recorded. The viewing patterns are then connected your IP address - the Internet address that can be used to identify every device in a home, from your TV to a phone.

IP addresses can increasingly be linked to individuals. Data broker Experian, for instance, offers a “data enrichment” service that provide “hundreds of attributes” such as age, profession and “wealth indicators” tied to a particular IP address.
privacy  technology  software  Vizio  television  media 
november 2015 by jtyost2
Mobile App Developers are Suffering
These types of mathematical relationships are called a power laws, and are often used to explain the phenomena behind the 80/20 rule (80 percent of the value is centralized in 20 percent of the distribution). More generally, a power law will explain why value is centralized to a small distribution of the ecosystem.

The app ecosystem has an extremely harsh power law where app adoption and monetization are heavily skewed towards the top few apps. It’s nowhere near 80/20. In fact, it appears to be more like 99% of the value is centralized to the top 0.01%. Let’s call it the app store 99/0.01 rule.

This would indicate that the App Store became saturated back in 2008 when we hit 1000 apps.
software  technology  mobile  research  statistics 
november 2015 by jtyost2
Apple patent case: Wisconsin university wins huge damages - BBC News
A US jury has ordered technology giant Apple to pay more than $234m (£152m) in damages for patent infringement.
The Wisconsin Alumni Research Foundation, the patent licensing arm of the University of Wisconsin-Madison, said the verdict was important to guard its inventions from unauthorised use.
The jury had earlier decided that Apple incorporated patented microchip technology into some iPhones and iPads without permission.
Apple said it would appeal.
The company declined to comment further.
The amount was less than the foundation had claimed. It had originally sought as much as $862m.
The sum was lower in part because the judge ruled that Apple had not wilfully infringed the patent.
University of Wisconsin-Madison computer sciences professor Gurindar Sohi, one of the inventors of the microchip technology - designed to boost the performance of computer processors - was in the federal court in Madison, Wisconsin, for the decision.
"For Dr Sohi, I hope you felt that your invention was vindicated,'' US District Judge William Conley said.
legal  technology  patent  apple  software 
october 2015 by jtyost2
Online advertisers admit they “messed up,” promise lighter ads
In response to user concerns about security and battery life concerns, IAB is rolling out something called L.E.A.N.—which stands for “Light, Encrypted, Ad choice supported, Non-invasive” ads. The goal is to address privacy and security by (finally) serving up encrypted ads and to reduce the size and processor-hogging power of animated and video ads. In addition, IAB wants advertisers to do a better job of not aggravating users by, for instance, making sure someone “is targeted appropriately before, but never AFTER they make a purchase.”

Technical specs for the program don’t yet appear to be available, and L.E.A.N. ads will still coexist with traditional, “heavy” ads. But L.E.A.N.’s goal is rebalancing the Web’s basic bargain—watch ads, get free content—so that the one feels worth the other.

“If we are so good at reach and scale, we can be just as good, if not better, at moderation,” Cunningham concludes.
privacy  advertising  business  technology 
october 2015 by jtyost2
Google and Microsoft agree to lawsuit truce - BBC News
Microsoft and Google have agreed to end a five-year battle over patents.

Eighteen lawsuits had been active between the companies, relating to uses of technologies in mobile phones, wifi and other areas.

Details of the deal were not shared, but in a joint statement the firms said they would “collaborate on certain patent matters”.

It is the latest move by technology firms to keep patent rows out of the courts.

The battles, particularly over software, intensified in recent years as firms sought to capitalise on their patent portfolios.

But of late there has been a shift towards licensing rather than litigation.
microsoft  google  legal  lawsuit  business  patent  technology 
october 2015 by jtyost2
j. w. friedman on Twitter: "in the tech world ‘bad culture fit’ means ‘we don’t like you for reasons that would be illegal if we explained them clearly’"
in the tech world ‘bad culture fit’ means ‘we don’t like you for reasons that would be illegal if we explained them clearly’

— j. w. friedman (@satellitehigh) September 23, 2015
legal  employment  technology  business  discrimination 
september 2015 by jtyost2
Japan Dumbs Down Its Universities
Essentially, Japan’s government just ordered all of the country’s public universities to end education in the social sciences, the humanities and law.

The order, issued in the form of a letter from Hakubun Shimomura, Minister of Education, Culture, Sports, Science and Technology, is non-binding. The country’s two top public universities have refused to comply. But dozens of public schools are doing as the government has urged. At most of these universities, there will be no more economics majors, no more law students, no more literature or sociology or political science students. It’s a stunning, dramatic shift, and it deserves more attention than it’s receiving.

It is also a very bad sign for Japan, for a number of reasons.

First of all, eliminating social science could signal a return to a failing and outdated industrial policy. Many observers interpret the change as an economic policy, intended to move the Japanese populace toward engineering and other technical skills and away from fuzzy disciplines. But if this is indeed the aim, it’s a terrible direction for Japan to be going.

Japan’s rapid catch-up growth in the 1960s and 1970s was based on manufacturing industries. This is common for developing countries. But when countries get rich, they typically shift toward service industries. Finance, consulting, insurance, marketing and other service industries don’t produce material goods, but they help organize the patterns of production more efficiently -- something Japan desperately needs. Since it's a country with a shrinking population, it can only grow by increasing productivity.

But Japanese productivity has grown very slowly since the early 1990s, and has fallen far behind that of the U.S. If Japan is going to turn this situation around, it will need more than a workforce of skilled engineers. It will need managers who can communicate with those engineers and with each other. It will need conceptual thinkers who can formulate business plans and strategic vision. It will need marketers who can establish and increase Japanese brand recognition. It will need financiers who can channel savings away from old, fading industries and toward productive new ones. It will need lawyers to sort out intellectual property cases and help businesses navigate international legal systems. It will need consultants to evaluate the operations of unprofitable, stagnant companies and help those companies become profitable again.
japan  education  academia  college  business  research  technology  economics 
september 2015 by jtyost2
Creepy Smartwatch Spies What You Type on a Keyboard - Softpedia
Researchers use the smartwatch's sensors to detect keyboard strokes

Using the watch's built-in motion sensors, more specifically data from the accelerometer and gyroscope, researchers were able to create a 3D map of the user's hand movements while typing on a keyboard.

The researchers then created two algorithms, one for detecting what keys were being pressed, and one for guessing what word was typed.

The first algorithm recorded the places where the smartwatch's sensors would detect a dip in movement, considering this spot as a keystroke, and then created a heatmap of common spots where the user would press down.

Based on known keyboard layouts, these spots were attributed to letters on the left side of the keyboard.
technology  research  privacy  security 
september 2015 by jtyost2
Drone Self-Defense and the Law - Schneier on Security
Law enforcement can deploy these technologies, but under current law it's illegal to shoot down a drone, even if it's hovering above your own property. In our society, you're generally not allowed to take the law into your own hands. You're expected to call the police and let them deal with it.

There's an alternate theory, though, from law professor Michael Froomkin. He argues that self-defense should be permissible against drones simply because you don't know their capabilities. We know, for example, that people have mounted guns on drones, which means they could pose a threat to life. Note that this legal theory has not been tested in court.

Increasingly, government is regulating drones and drone flights both at the state level and by the FAA. There are proposals to require that drones have an identifiable transponder, or no-fly zones programmed into the drone software.

Still, a large number of security issues remain unresolved. How do we feel about drones with long-range listening devices, for example? Or drones hovering outside our property and photographing us through our windows?

What's going on is that drones have changed how we think about security and privacy within our homes, by removing the protections we used to get from fences and walls. Of course, being spied on and shot at from above is nothing new, but access to those technologies was expensive and largely the purview of governments and some corporations. Drones put these capabilities into the hands of hobbyists, and we don't know what to do about it.

The issues around drones will get worse as we move from remotely piloted aircraft to true drones: aircraft that operate autonomously from a computer program. For the first time, autonomous robots -- with ever-increasing intelligence and capabilities at an ever-decreasing cost -- ­will have access to public spaces. This will create serious problems for society, because our legal system is largely based on deterring human miscreants rather than their proxies.

Our desire to shoot down a drone hovering nearby is understandable, given its potential threat. Society's need for people not to take the law into their own hands­ -- and especially not to fire guns into the air­ -- is also understandable. These two positions are increasingly coming into conflict, and will require increasing government regulation to sort out. But more importantly, we need to rethink our assumptions of security and privacy in a world of autonomous drones, long-range cameras, face recognition, and the myriad other technologies that are increasingly in the hands of everyone.
technology  software  privacy  security  legal  usa  government  faa  regulation  police  drone 
september 2015 by jtyost2
iPhones, the FBI, and Going Dark. - Lawfare
Or perhaps (putting on an oh-so-fashionable tin-foil fedora) this is all a fraudulent dance between Apple and the FBI, as Apple simply doesn't want to admit that they are already tapping iMessage for the FBI or NSA and so simply want the Washington DC noise machine to obscure this architectural defect that makes iMessage anything but "end-to-end secure" lest any other intelligence or police agency demand similar access.

I still like iPhones, I still use and recommend iPhones, and iMessage remains perhaps the best usable covert communication channel available today if your adversary can’t compromise Apple.  Yet setting up a iPhone properly is no easy task and if one desires confidentiality, I think the only role for iMessage is instructing someone how to use Signal.
apple  security  iphone  technology  hardware  software  encryption  cryptography 
september 2015 by jtyost2
And so it begins
The battle lines are defined. Will people disable their content blockers so they can access CNET’s content? Other sites are following the same path as CNET. Many are not. Is solidarity required here? Will this strategy work unless all, or at least most sites block content blockers?
advertising  business  technology  software  ios  hardware  media  journalism 
september 2015 by jtyost2
Apple and Other Tech Companies Tangle With U.S. Over Access to Data
In an investigation involving guns and drugs, the Justice Department obtained a court order this summer demanding that Apple turn over, in real time, text messages between suspects using iPhones.

Apple’s response: Its iMessage system was encrypted and the company could not comply.

Government officials had warned for months that this type of standoff was inevitable as technology companies like Apple and Google embraced tougher encryption. The case, coming after several others in which similar requests were rebuffed, prompted some senior Justice Department and F.B.I. officials to advocate taking Apple to court, several current and former law enforcement officials said.

While that prospect has been shelved for now, the Justice Department is engaged in a court dispute with another tech company, Microsoft. The case, which goes before a federal appeals court in New York on Wednesday and is being closely watched by industry officials and civil liberties advocates, began when the company refused to comply with a warrant in December 2013 for emails from a drug trafficking suspect. Microsoft said federal officials would have to get an order from an Irish court, because the emails were stored on servers in Dublin.

The conflicts with Apple and Microsoft reflect heightened corporate resistance, in the post-Edward J. Snowden era, by American technology companies intent on demonstrating that they are trying to protect customer information.

“It’s become all wrapped up in Snowden and privacy issues,” said George J. Terwilliger III, a lawyer who represents technology companies and as a Justice Department official two decades ago faced the challenge of how to wiretap phone networks that were becoming more digital.

President Obama has charged White House, Homeland Security and cybersecurity officials, along with those at the Justice Department, the F.B.I. and the intelligence agencies, with proposing solutions to the technology access issue. They are still hashing out their differences, according to law enforcement and administration officials.
legal  cryptography  lawsuit  usa  technology  software  hardware  business  apple  microsoft  email  privacy  freedom  freedomfromsearchandseizure  warrant  government 
september 2015 by jtyost2
Partnership Boosts Users Over China’s Great Firewall
It is one of the best-guarded borders in the world, and one of the most time-consuming to cross. Yet in the past few months, a new agreement has let people speed over it billions of times.

The border is the digital one that divides China from the rest of the world. It is laden with inefficiencies and a series of filters known as the Great Firewall, which slows Internet traffic to a crawl as it travels into and out of China.

Now, a partnership between an American start-up and a Chinese Internet behemoth has created a sort of fast lane to speed traffic across the border. In the process, the two companies are establishing a novel business model with implications for other American technology firms looking to do business in China’s politically sensitive tech industry.

The partnership, signed in July 2014, is between CloudFlare, a security company based in San Francisco, and Baidu, China’s equivalent of Google. Using a mixture of CloudFlare’s web traffic technology and Baidu’s network of data centers in China, the two created a service that enables websites to load more quickly across China’s border. The service, called Yunjiasu, began operating in December. It has a unified network that makes foreign sites more easily accessible in China, and allows Chinese sites to run in destinations outside the country.

At the heart of the arrangement is an unusual structure known as a virtual joint venture. Under that arrangement, CloudFlare does not actually operate in China. Instead, CloudFlare cooperates primarily from afar as Baidu runs the business in China.

Baidu and CloudFlare’s virtual joint venture relies on a principle generally considered anathema to foreign companies looking to do business with China: trust. CloudFlare transferred its intellectual property that is used to manage and speed up Internet traffic to Baidu and works closely with its engineers to run that technology on Baidu’s network in China. The two share revenue from the service.

The virtual joint venture could prove to be a new model for American tech firms that are considering doing business in the delicate areas of China’s tech industry. Companies including Uber, LinkedIn and Airbnb have recently sought to expand in China by using the political connections and sway of Chinese investors to clear a path to opening and running their own businesses there. Yet because of the Chinese government’s preoccupation with how the Internet is run and controlled within its borders, that was not an option for CloudFlare and Baidu.
china  internet  technology  software  business 
september 2015 by jtyost2
The Security Risks of Third-Party Data - Schneier on Security
Right now, you can search the Ashley Madison database for any e-mail address, and read that person’s details. You can search the Sony data dump and read the personal chatter of people who work for the company. Tempting though it may be, there are many reasons not to search for people you know on Ashley Madison. The one I most want to focus on is context. An e-mail address might be in that database for many reasons, not all of them lascivious. But if you find your spouse or your friend in there, you don’t necessarily know the context. It’s the same with the Sony employee e-mails, and the data from whatever company is doxed next. You’ll be able to read the data, but without the full story, it can be hard to judge the meaning of what you’re reading.

Even so, of course people are going to look. Reporters will search for public figures. Individuals will search for people they know. Secrets will be read and passed around. Anguish and embarrassment will result. In some cases, lives will be destroyed.

Privacy isn’t about hiding something. It’s about being able to control how we present ourselves to the world. It’s about maintaining a public face while at the same time being permitted private thoughts and actions. It’s about personal dignity.

Organizational doxing is a powerful attack against organizations, and one that will continue because it’s so effective. And while the network owners and the hackers might be battling it out for their own reasons, sometimes it’s our data that’s the prize. Having information we thought private turn out to be public and searchable is what happens when the hackers win. It’s a result of the information age that hasn’t been fully appreciated, and one that we’re still not prepared to face.
privacy  security  technology  software  hardware 
september 2015 by jtyost2
A Few Thoughts on Cryptographic Engineering: Let's talk about iMessage (again)
That's the real question. If we believe the New York Times, all is well -- for the moment. But not for the future. In the long term, law enforcement continues to ask for an approach that allows them to access the plaintext of encrypted messages. And Silicon Valley continues to find new ways to protect the confidentiality of their user's data, against a range of threats beginning in Washington and proceeding well beyond.

How this will pan out is anyone's guess. All we can say is that it will be messy.
security  encryption  privacy  apple  hardware  imessage  technology  warrant  freedomfromsearchandseizure 
september 2015 by jtyost2
Blue Cross Hacked, again.
This morning news broke that another member of the Blue Cross family, this time Excellus, was hacked, exposing approximately 10.5 million records. The hack originally began December 23, 2013, but was not discovered until August 5, 2015. In other words, Blue Cross had a persistent, ongoing vulnerability that was actively exploited for almost two (2) years.

The attack on Excellus compromised the following information: Name, DOB, SSN, mailing address, telephone number, member ID, financial account information and claims information. Amazingly, the attack also exposed records of individuals who were not Excellus members, but belonged to other Blue Cross plans, including but not limited to: any BCBS client who received services in New York; BCBS Central New York; BCBS Rochester; and BCBS Utica-Watertown.

According to BCBS, the hacking event occurred, but they are not sure whether any data was taken. Honestly, how is that even possible, unless you are not monitoring network traffic or logging access and downloads. Further, while the information was encrypted (according to BCBS), there is a rather obtuse statement from them saying that the hackers had administrative access, so they had access.

On top of the above exposures of personal data, the hack also exposed the information of business partners and vendors. Specifically, those who provided Excellus with financial account information and SSN’s.

Let’s recap the banner year for BCBS and its affiliates.
health  healthcare  insurance  privacy  legal  hippa  security  technology 
september 2015 by jtyost2
A Tale of Three Backdoors - Lawfare
All three backdoors introduced significant problems.  TSA locks can be opened by anyone despite their promise of security, the CALEA interface has been used for nation-state spying, and the biggest potential victim of the Dual_EC backdoor is probably the US government.

We have a difficult enough time building secure systems without backdoors, and the presence of a backdoor must necessarily weaken the security of the system still further.  With the dreadful history of backdoors, its little wonder most security professionals believe building backdoors right is practically impossible.
privacy  security  encryption  technology  tsa  legal  civilrights  freedomfromsearchandseizure 
september 2015 by jtyost2
These are the 25 most popular mobile apps in America - Quartz
A look at the top 25 most popular mobile apps in the US, as measured by comScore, leads to several observations.
mobile  software  technology  usa  facebook  instagram  youtube  google  amazon.com  business  ebay  twitter  pinterest  spotify  walmart  snapchat  yahoo  gmail 
september 2015 by jtyost2
The Virtues of Strong Enduser Device Controls | Federal Trade Commission
In the end, strong end-user controls like device encryption and firmware passwords not only protect sensitive info stored on the device, they also prevent criminals from utilizing stolen property. The more devices feature strong end-user controls, the less likely thieves can profit from their theft on the open market.
encryption  privacy  security  technology  hardware  software 
august 2015 by jtyost2
Iranian Phishing - Schneier on Security
CitizenLab is reporting on Iranian hacking attempts against activists, which include a real-time man-in-the-middle attack against Google's two-factor authentication.

This report describes an elaborate phishing campaign against targets in Iran's diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and "real time" login attempts by the attackers. Most of the attacks begin with a phone call from a UK phone number, with attackers speaking in either English or Farsi.

The attacks point to extensive knowledge of the targets' activities, and share infrastructure and tactics with campaigns previously linked to Iranian threat actors. We have documented a growing number of these attacks, and have received reports that we cannot confirm of targets and victims of highly similar attacks, including in Iran. The report includes extra detail to help potential targets recognize similar attacks. The report closes with some security suggestions, highlighting the importance of two-factor authentication.

The report quotes my previous writing on the vulnerabilities of two-factor authentication:
hacking  security  privacy  twofactorauth  google  technology  software 
august 2015 by jtyost2
Republicans think if your data is encrypted, the terrorists win | Trevor Timm
Strong end-to-end encryption is one of the best defenses against the massive cyber-attacks that have become all too frequent. If there is not a giant pile of data that is accessible by anyone, then the criminals can’t get it either.

While it’s still shameful that current White House has refused to rein in its FBI director’s dangerous plans, at least behind the scenes White House officials reportedly know it’s a dangerous idea and President Obama deserves a bit of credit for acknowledging how important encryption is in many circumstances.

In the modern world, the importance of strong encryption cannot be overstated. When will our presidential candidates understand that?
encryption  privacy  civilrights  humanrights  government  technology  software 
august 2015 by jtyost2
The difference between time and attention – Signal v. Noise
I recently realized that if I’m too busy to take something on, I shouldn’t say “I don’t have the time”. In fact, I often do have the time. It’s not that hard to squeeze in some extra time for someone.
What I don’t have – and what I can’t squeeze in – is more attention. Attention is a far more limited resource than time. So what I should say is “I don’t have the attention”. I may have 8 hours a day for work, but I probably have 4 hours a day for attention.
productivity  technology  life 
august 2015 by jtyost2
A Few Thoughts on Cryptographic Engineering: The network is hostile
Probably the most eye-opening fact of the intelligence leaks is the sheer volume of data that intelligence agencies are willing to collect. This is most famously exemplified by the U.S. bulk data collection and international call recording programs -- but for network engineers the more worrying incarnation is "full take" Internet collection devices like TEMPORA.

If we restrict our attention purely to the collection of such data -- rather than how it's accessed -- it appears that the limiting factors are almost exclusively technical in nature. In other words, the amount of data collected is simply a function of processing power, bandwidth and storage. And this is bad news for our future.

That's because while meaningful human communication bandwidth (emails, texts, Facebook posts, Snapchats) continues to increase substantially, storage and processing power increase faster. With some filtration, and no ubiquitous encryption, 'full take' is increasingly going to be the rule rather than the exception.

We've seen the future, and it's not American

Even if you're not inclined to view the NSA as an adversary -- and contrary to public perception, that view is not uniform even inside Silicon Valley -- America is hardly the only intelligence agency capable of subverting the global communications network. Nations like China are increasingly gaining market share in telecommunications equipment and services, especially in developing parts of the world such as Africa and the Middle East.

While it's cheap to hold China out as some sort of boogeyman, it's significant that someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies.

If you believe that this is the future, then the answer certainly won't involve legislation or politics. The NSA won't protect us through cyber-retaliation or whatever plan is on the table today. If you're concerned about the future, then the answer is to finally, truly believe our propaganda about network trust. We need to learn to build systems today that can survive such an environment. Failing that, we need to adjust to a very different future.
privilege  civilrights  encryption  software  technology  cryptography 
august 2015 by jtyost2
The Rise of Phone Reading
Ever since the first hand-held e-readers were introduced in the 1990s, the digital-reading revolution has turned the publishing world upside down. But contrary to early predictions, it’s not the e-reader that will be driving future book sales, but the phone.

“The future of digital reading is on the phone,” said Judith Curr, publisher of the Simon & Schuster imprint Atria Books. “It’s going to be on the phone and it’s going to be on paper.”

For now, tablets like the iPad and Kindle Fire remain the most popular platform to read digital books. According to Nielsen, the percentage of people who read primarily on tablets was 41% in the first quarter of 2015, compared with 30% in 2012.

But what has captured publishers’ attention is the increase in the number of people reading their phones. In a Nielsen survey of 2,000 people this past December, about 54% of e-book buyers said they used smartphones to read their books at least some of the time. That’s up from 24% in 2012, according to a separate study commissioned by Nielsen.
statistics  ebooks  technology  mobile  reading 
august 2015 by jtyost2
Netflix to Pull Plug on Final Data Center
Netflix Inc. said it plans to shut down the last of its data centers by the end of the summer, which will make it one of the first big companies to run all of its information technology remotely, in what’s known as the public cloud.

“For our streaming business, we have been 100% cloud-based for customer facing systems for some time now, and are planning to completely retire our data centers later this summer,” the company said in an email to CIO Journal.

Corporate use of the public cloud, in which users share the resources of a service provider, is rising. But many companies still run sensitive software in their data centers or in private clouds, in which a company has dedicated cloud resources from a third-party or within its own premises. Many companies weave all of these assets together in what is known as a hybrid arrangement. While some smaller companies and startups are known to rely entirely on the public cloud, few large corporations do.

“A 100% cloud operation is going to be extremely rare for big established companies,” said Glenn O’Donnell, vice president and research director at Forrester Research . Forrester Research says many large companies are moving toward operating in the cloud, but are unable to migrate completely. Mainstream banks and insurance companies, for instance, still often use on-premises mainframe computers for financial transactions, according to Mr. O’Donnell. Legacy systems and applications are the most difficult to move to the cloud, he added.
netflix  business  technology  software  cloudcomputing  server  datacenter 
august 2015 by jtyost2
App Used 23andMe's DNA Database To Block People From Sites Based On Race And Gender | Fast Company | Business + Innovation
Still, it appears that due to the nature of its platform, 23andMe does not have preemptive measures in place, aside from the guidelines set forth by its API policy. A review process works at the moment, but as genetic testing becomes increasingly personalized, and as more people use the services provided by companies like 23andMe, it's safe to say that DNA information will be far more accessible—and there's no telling whether other companies will have the same outlook as 23andMe.
privacy  genetics  software  technology  api  civilrights  race  gender 
august 2015 by jtyost2
Damaged Ferguson businesses receive pledges of almost $500,000
Much of the nation watched in horror as police cruisers were flipped, rocks were thrown and dozens of businesses in and near this St. Louis suburb were burned last week in a wave of anger.

And almost immediately, many across the nation were determined to help Ferguson rebuild.

Beginning the morning after the St. Louis County grand jury decision not to indict Ferguson Police Officer Darren Wilson in the death of unarmed teen Michael Brown, a number of online fundraising efforts – some started by benevolent strangers – began popping up.

A week later, hundreds of thousands of dollars have poured into the accounts on behalf of the damaged and burned Ferguson businesses.

In total, almost $500,000 from 12,700 donors has been raised using the GoFundMe Web site for damaged businesses in Ferguson.

“The many recent campaigns started for Ferguson business owners are shining examples of what can happen when communities come together for a common cause,” said Kelsea Little, a spokeswoman for GoFundMe. “It’s incredibly heartwarming to see so many generous people come together to help these businesses rebuild.”

Internet fundraising has played a central role in the national reaction to the ongoing saga in Ferguson.

Within a day of the public release of Wilson’s name, hundreds of thousands of dollars were donated at fundraisers and online for his legal defense. The Brown family, meanwhile, collected a few thousand dollars in an online fundraiser set up to offset their son’s burial costs and funeral.

So it seemed to make sense that the businesses damaged in the unrest following the grand jury announcement did the same thing.
culture  internet  technology 
august 2015 by jtyost2
Back Doors Won't Solve Comey's Going Dark Problem - Schneier on Security
If this is what Comey and the FBI is actually concerned about, they’re getting bad advice — because their proposed solution won’t solve the problem. Comey wants communications companies to give them the capability to eavesdrop on conversations without the conversants’ knowledge or consent; that’s the “back door” we’re all talking about. But the problem isn’t that most encrypted communications platforms are security encrypted, or even that some are — the problem is that there exists at least one securely encrypted communications platform on the planet that ISIL can use.

Imagine that Comey got what he wanted. Imagine that iMessage and Facebook and Skype and everything else US-made had his back door. The ISIL operative would tell his potential recruit to use something else, something secure and non-US-made. Maybe an encryption program from Finland, or Switzerland, or Brazil. Maybe Mujahedeen Secrets. Maybe anything. (Sure, some of these will have flaws, and they’ll be identifiable by their metadata, but the FBI already has the metadata, and the better software will rise to the top.) As long as there is something that the ISIL operative can move them to, some software that the American can download and install on their phone or computer, or hardware that they can buy from abroad, the FBI still won’t be able to eavesdrop.

And by pushing these ISIL operatives to non-US platforms, they lose access to the metadata they otherwise have.

Convincing US companies to install back doors isn’t enough; in order to solve this going dark problem the FBI has to ensure that an American can only use back-doored software.
encryption  security  technology  software  privacy  civilrights  humanrights 
august 2015 by jtyost2
EXCLUSIVE: Edward Snowden Explains Why Apple Should Continue To Fight the Government on Encryption
As the Obama administration campaign to stop the commercialization of strong encryption heats up, National Security Agency whistleblower Edward Snowden is firing back on behalf of the companies like Apple and Google that are finding themselves under attack.

“Technologists and companies working to protect ordinary citizens should be applauded, not sued or prosecuted,” Snowden wrote in an email through his lawyer.

Snowden was asked by The Intercept to respond to the contentious suggestion — made Thursday on a blog that frequently promotes the interests of the national security establishment — that companies like Apple and Google might in certain cases be found legally liable for providing material aid to a terrorist organization because they provide encryption services to their users.

In his email, Snowden explained how law enforcement officials who are demanding that U.S. companies build some sort of window into unbreakable end-to-end encryption — he calls that an “insecurity mandate” — haven’t thought things through.

“The central problem with insecurity mandates has never been addressed by its proponents: if one government can demand access to private communications, all governments can,” Snowden wrote
privacy  security  encryption  technology  surveillance  legal  civilrights  humanrights 
august 2015 by jtyost2
One in every 600 websites has .git exposed | Jamie's OC
Some of these .git repositories are harmless, but from a random sample many contain dangerous information that provides a direct vector to attack the site. Hundreds listed database passwords, or included API keys for services such as Amazon AWS or Google Cloud. Others included FTP details to their own web server. Many contained database backups in .SQL files, or the contents of hidden folders that are meant to be restricted.

One prominent human rights group exposed every single person who had signed up to a gay rights campaign (including their home address and email addresses) in a CSV file in their Git repository, publicly downloadable from their website. One company that sold digital reports provided its entire database of reports free of charge to anyone who wanted to download their .git folder.

So developers, please, please check that your .git folder is not visible on your website at http://www.yourdomain.com/.git/. If it is, lock it down immediately. Ideally delete the folder and find a better way to deploy your code, or at least make sure access is forbidden using an .htaccess. Then assume that someone has downloaded everything already and work out what they could have seen. What passwords, salts, hashes or API keys do you need to change? What data could they have accessed? What could they have done to alter or impair your service?

And then please spread the word among other developers too – because right now this must be one of the biggest holes in the internet.
webdesign  webdevelopment  software  security  technology 
july 2015 by jtyost2
Michael Chertoff Makes the Case against Back Doors | emptywheel
These are, of course, all the same answers opponents to back doors always offer (and Chertoff has made some of them before). But Chertoff’s answer is notable both because it is so succinct and because of who he is: a long-time prosecutor, judge, and both Criminal Division Chief at DOJ and Secretary of Homeland Security. Through much of that career, Chertoff has been the close colleague of FBI Director Jim Comey, the guy pushing back doors now.

It’s possible he’s saying this now because as a contractor he’s being paid to voice the opinions of the tech industry; as he noted, he’s working with some companies on this issue. Nevertheless, it’s not just hippies and hackers making these arguments. It’s also someone who, for most of his career, pursued and prosecuted the same kinds of people that Jim Comey is today.
security  privacy  encryption  technology  hardware  software 
july 2015 by jtyost2
« earlier      
per page:    204080120160

Copy this bookmark:





to read