Cybersecurity

1 2 3 52

Monday: Fierce Dog

Hunger and fear are the only realities in dog life: an empty stomach makes a fierce dog.

— excerpt, personal journal of Capt. Robert Falcon Scott

This short film by Aaron Dunleavy was inspired by his childhood in Blackburn, Lancashire UK. The script was improvised and cast using locals.

All districts in Lancashire voted Leave during last week’s Brexit referendum, with 65% of Blackburn voters supporting Leave.

Worth noting an article in Lancashire Telegraph about an Aldi’s store under construction. Aldi’s is a German-owned grocery store chain; have to wonder if construction will be completed.

Brexit botch bits

  • @shockproofbeats on Brexit’s impact on Northern Ireland (Storify) — It’s messy now and promises to be even uglier.
  • Downside for China (and other foreign investors): Real estate purchases may be put on hold (SCMP) — Some deals in the works may be halted until the pound is more stable. On the other hand, Britain may step in and put the brakes on sales; too easy for overseas entities with big money to buy up property while pound is depressed.
  • Upside for China (and other banking centers): Business could pick up in Hong Kong (SCMP) — London is the second largest trading center of yuan next to Hong Kong; some of the business could shift back to Hong Kong, especially if HSBC bank choose to relocate its headquarters to HK from London.
  • No change in position on Brexit referendum since last Friday according to PM David Cameron (Independent-UK) — Though Cameron is now going to leave in September. He continued to push triggering of the Article 50 to his successor while taking pot shots at Labor Party over its purge this weekend. Not certain most Americans will notice just how Cameron has managed to shift the blame to both MPs and the people for a referendum he proposed, or how he has turned execution of Article 50 into a poisoned chalice. Lord Chancellor Secretary of State for Justice Michael Gove, Leave campaign proponent, was present at today’s session in Parliament but said nothing before disappearing. Boris Johnson, MP for Uxbridge and South Ruislip and Leave campaign proponent, was noticably absent. Wankers all three.

SCOTUS Week
Waiting around watching the court for good or ill until this morning is kind of like waiting for Shark Week — hey, it IS Shark Week! What a coincidence!

Miscellaneous trouble

Promises to be a busy week ahead. Stay tuned!

Wednesday: Get Bach

Summer bug laid me up. I’m indulging in the audio equivalent of tea with honey, lemon, and a shot of something to scare away the bug. A little cello playing by Yo-Yo Ma never fails to make me feel better.

This sweet video is enlightening, didn’t realize Ma had an older sister who was an accomplished musician at a tender age. Worthwhile to watch this week considering the blizzard of arguments about immigrants and refugees here and abroad.

And then for good measure, a second favorite added in the mix — Yo-Yo Ma and Itzhak Perlman together, performing Beethoven’s Triple Concerto Fantasy.

There. I feel a little better already.

Probably better than frustrated House Democrats led by Rep. John Lewis who are engaging in a sit-in protest on House floor demanding a vote on No-Fly-No-Buy gun control. If you want to watch the action, you’ll have to check social media. It’s said House GOP leadership ensured CSPAN cameras were shut off.

Diesel do you

  • Volkswagen streamlining offerings to cut costs, 40 makes on the chopping block (Bloomberg) — This is the old General Motors play that eventually killed Oldsmobile and Pontiac to reduce costs related to duplicative brands. Makes sense, especially if this hatchet job kills passenger diesels. Note the story says a fix may come later — uh-huh, like never? Because VW can’t handle the volume of required repairs OR the lack of actual clean diesel technology, OR both?
  • Testimony in S Korea: VW’s upper management may have ordered regulatory cheats (The Hankyoreh) — Story is focused on emissions controls defeat and approval process, but sound controls were also an issue in South Korea. Were those likewise suppressed by order of VW’s German head office?
  • Former CEO under investigation for securities fraud (Reuters) — Big investors want to know why it took a year for Winterkorn to act after the emissions controls defeat were made public by researchers. Bet there’s a link between Winterkorn’s notification of researchers’ findings and the destruction of emails.

Sigh, cyber, sigh

Wait, what?
Did you know Led Zeppelin is being sued over Stairway to Heaven? Allegedly a key riff in the famous 40-year-old tune was stolen, violating copyright. Forty years. ~smh~

Going back to a recumbent position. Stay braced for the outcome of the sit-in and Brexit vote tomorrow.

Monday: Buckle up, Buttercup

After my Go-Team-Yay-Space post yesterday, it’s time for a Monday morning reality check. Going to Mars will not be a panacea to our ills, as this darkly humorous animated short, Fired on Mars by Nick and Nate, shows. On the other hand, SpaceX’s Elon Musk offers an upside while acknowledging the inherent risk of space travel and colonization: “If you’re going to choose a place to die, then Mars is probably not a bad choice.”

Certainly beats an undiginified extinction by drowning on earth, eh?

We may not be leaving the planet today, but you’d best buckle up anyhow. This week’s going to be a doozy.

Brexit, Brexit, Brexit
Say that in your best Jan Brady voice — Brexit will suck all the oxygen out of this week’s market news. I’m afraid to look at the stock market at all because of it. Euronews has a roundup on the topic (though I warn you, it’s poorly formatted — keep scrolling down the page and increase print size). I’m not posting any other UK-based links here now because it’s quite obvious each media outlet has a position and their coverage reflects it. Most blatantly obvious are those owned by Rupert Murdoch’s Newsgroup, which has prompted some angry murmurs about an Aussie living in the U.S. telling the UK what to do.

Disturbing: Mexico’s federal police fire on teachers’ protest rally
I say disturbing for two reasons: first, that a democratic government’s federal would fire on protesters supporting the CNTE teachers’ union and actively deny it happened is appalling, and second, that its neighbor’s media would ignore that it happened. Teachers and supporters have been rallying in the state of Oaxaca, protesting the government’s education reform plan, characterized by some as neoliberal. It was clear from the outset that the government was in no mood to listen, given the number of riot police in place. The protests followed the detention/disappearance days earlier by police of CNTE union leaders Francisco Manuel Villalobos Ricardez and Ruben Nuñez. Conditions degraded over the course of the day, with federal police firing upon protesters. Early accounts claimed six were killed, of which one may have been a journalist and two teacher trainees. President Enrique Pena Nieto’s government at first denied there was any violence, and then later claimed the Associated Press’ photos of the violence were false. There were enough social media reports documenting the violence on the ground to neutralize the government’s claim — and thank goodness for social media, or the U.S. would have heard very little if anything about this conflict. Not exactly the fiesta of democracy President Nieto promised when he took office in 2012. For more current information about the conflict, follow hashtags #Nochixtlan (district) and #Oaxaca in Twitter; already the death count is disputed as some claim more than eight died after yesterday’s attack by police on protesters.

It’s extremely important to remember the protesters’ anger and frustration are not merely about the ENP government’s reform plan. The 43 young men who disappeared in 2014 and are believed dead were students at a teachers’ college; the federal police have been implicated in the disappearance of these students. To date, the mass disappearance of these students has not been fully accounted for. Imagine the furor if such a mass disappearance were to happen in the U.S.

Cyber, cyber, cyber
LOL sorry, I’m on a Brady Bunch jag. Forgot to remind you last Tuesday was Patch Tuesday — make sure you’ve updated your Win-based systems if you do so manually. Can’t hurt to check all your other non-Win devices, too.

  • Adobe Flash zero day patch a higher priority than Microsoft’s monthly patch (TechTarget) — Again, if you manually patch, get to this one ASAP. I’m a manual Adobe patcher myself; I don’t automate patching because I want to know exactly how often Adobe must patch their products. It’s annoyingly often.
  • This is your brain on drugs: Too-smart identity thief busted (ABC3340-Birmingham) — Can’t tell if the drugs ate his intelligence, or if they deluded this dude. Read this, it’s like a bad episode of COPS mashed up with Monty Python.
  • SmartTVs not so smart, held ransom by Flocker (TrendLabs) — Leap of ransomware to Android smartTVs perfectly exemplifies the danger of connecting things to the internet. Interesting how this one deactivates based on select country locations. Yet another opportunity to sell protection software, too, as you’ll note in the article.

Your recommended long read: Apple’s Differential Privacy
Crytography expert Matthew Green reviews Apple’s announcement this past week regarding development of “differential privacy,” which Apple defined as:

Starting with iOS 10, Apple is using Differential Privacy technology to help discover the usage patterns of a large number of users without compromising individual privacy. To obscure an individual’s identity, Differential Privacy adds mathematical noise to a small sample of the individual’s usage pattern. As more people share the same pattern, general patterns begin to emerge, which can inform and enhance the user experience. In iOS 10, this technology will help improve QuickType and emoji suggestions, Spotlight deep link suggestions and Lookup Hints in Notes.

This is worth your time to read as differential privacy suggests new approaches to meeting the needs of marketers while preserving the privacy of consumers applying algorithmic solutions. Read it now before this stuff gets really convoluted.

Check your safety harness from time to time. Catch you tomorrow!

Friday: How It Begins

I was half way through a post yesterday when a friend in the UK told me a member of Parliament had been killed by a fascist.

An assassination, I thought at that moment, unable to write another word for my post. How many times has an assassination kicked off a horrible chain of events?

I hoped and prayed as best a lapsed Catholic can that the murder of MP Jo Cox by a man shouting, “Britain First!” was not the beginning of something dreadful. Research says it’s less likely than if an autocratic figure had been killed, but who can really say with certainty?

We won’t know for some time if this was a trigger event for something else, though it did set off a cascade of stomach-turning crap. So many media outlets referred to politician Cox’s death by a political fanatic as something other than an assassination. Really? Would Cox have been targeted had she not been a pro-EU unity supporter? Would the assassin — characterized by so many euphemisms as mentally ill — have killed her had he not been rabidly anti-EU and racist, impelled by ramped-up anti-EU rhetoric in advance of the EU-Brexit referendum?

And the disparity in coverage between [lone white gunman suspected of mental illness] and [armed terrorist—labeled so because they’re not white]? Beyond disgusting. The racism is all the more obvious. The public is conditioned by media’s implicit bias to expect and accept the lone white gunman, but never the dark-skinned person bearing a weapon. The accused must have sympathized with white nationalism, irrespective of country, having bought his firearm components from U.S. neo-Nazis more than a decade ago. The description of his attack on Cox is chilling — it was a cold political execution, not just some wildly insane flailing without care for the outcome.

The world lost someone very special when Jo Cox died yesterday. Someone who lived progressive values out in the open, modeling a better way for us. Don’t kid yourself this was just a crazed man acting alone when white nationalist politicians like Nigel Farage believe “violence is the next step” if angry constituents feel they’ve lost control.

And don’t fool yourself into believing this was an isolated event occurring in a vacuum.

Today’s Friday jazz is a performance of She’s Crying for Me by the Yorkshire Jazz Band, in honor of Jo Cox’s home county.

A note on hacking stories
The breach of the DNC’s computers is one of a number of stories over the last several years following a pattern: the breach is attributed to one entity and then yet another entity, while the story itself has a rather interesting point of origin. Initial reports may say the hackers were affiliated with [nation/state X] and later reports attribute the hacking to [unaligned third party Y] — or a variation on this order — a key characteristic is the story’s immaculate birth.

Try looking for yourself for the earliest story reporting the hacking of the DNC. Who reported it and when? Who were the original sources? Did the story arise from a call to law enforcement or a police report, and a local beat reporter who gathered named eyewitnesses for quotes? Or did the story just pop out of thin air, perhaps simultaneously across multiple outlets all regurgitating the same thing at the same time?

My point: Be more skeptical. There’s an adage in reporting, drummed into journalism students’ heads: If your mother says she loves you, check it out.

Three examples of manipulated opinion
Speaking of being more skeptical, bias manifests itself in all manner of ways and can be easily used for good or ill.

  • U.S. government and military orgs tricked into running ‘imposter code’ (Ars Technica) — Suckers didn’t perform due diligence on packages of code hosted at developer communities before running them. Gee, I wonder if any political parties’ personnel might have done the same thing…
  • GOP-led House waffles on HR 5293 surveillance bill because Orlando (HuffPo) — Ugh. Would this vote have been different this time if a lone crazed white gunman had shot up a bar? Sadly, we can’t tell based on the bill’s approval last year because the vote took place one day before Dylan Roof’s mass shooting in a Charleston church. Nor can we tell from the bill’s 2014 approval by the House because the mass shootings the week of the vote were just plain old run-of-the-mill apolitical/non-racist with too few fatalities.
  • Send manuscripts out under a man’s name = agents and publishers notice (Jezebel) — If you’re a woman you can be a great writer and you won’t get any nibbles on your manuscript — unless you submit it under a male name. Hello, implicit bias, much? This isn’t the only example, either.

Worthwhile long read
This commentary at Tor.com looks at the movie V for Vendetta, saying it’s “more important than ever,” in spite of the adaptation’s rejection by Alan Moore, author of the graphic novel on which this film was based. The essay was published this past Tuesday; read it now in light of Jo Cox’s assassination Thursday. A single event can change perception. This line alone now means something very different to me:

It seems strange that my life should end in such a terrible place. But for three years I had roses, and apologized to no one.

If time permits, I may slap up a post this weekend to make up for yesterday’s writer’s block. Otherwise I’ll catch you on Monday.

At Same Time as DNC Hack Released, Funny Alleged Hacks in the Middle East

You’ve probably heard that hackers, probably Russian, hacked the DNC and released a bunch of information, including a really crappy oppo research report on Donald Trump. See this post for some of the materials and this analysis of the materials (including metadata to support the case these are Russians).

Given that development, I’m even more interesting in this development than I already was. Several websites in the Middle East — in this case Jordan’s Petra news service — posted a report that Mohammed bin Salman, the third ranking Saudi royal, had claimed to have provided Hillary 20% of her campaign funding.

On Sunday a report appeared on the Petra News Agency website that included what were described as exclusive comments from Saudi Deputy Crown Prince Mohammed bin Salman. The comments included a claim that Riyadh has provided 20 percent of the total funding to the prospective Democratic candidate’s campaign.

I’m particularly interested in how that report got disclaimed: with intervention by the Podesta Group, which is both a lobbying arm for the Saudis and the firm of Hillary’s campaign manager.

On Monday a spokesperson for American public relations firm the Podesta Group contacted MEE to say that they work with the Saudi Royal Court and to request a correction to our earlier story that said the Jordanian news agency had deleted the quotes from Prince Mohammed.

Senior global communications specialist Will Bohlen – who, prior to joining Podesta, was chief researcher for a best-selling history of Bill Clinton’s presidency – sent a link to a clarification issued by the Petra News Agency which said it was “totally false and untrue” that they had published then deleted the quotes from Prince Mohammed about funding the Clinton campaign.

“A technical failure on Petra ’s website occurred for a few minutes on Sunday evening, 12 June 2016,” the Jordanian news agency said. “Protection systems at the agency as well as the technical department noticed that and therefore, they suspended the transmission system and the electronic site and moved to the alternative website.

“Later, it became clear that the technical failure that occurred was an attempt to hack the agency’s transmission system and its website. The agency was surprised to see some media outlets as well as the social media publishing false news that were attributed to Petra. They said that Petra transmitted a news item related to the deputy crown prince of Saudi Arabia and later deleted this news item. This is totally false and untrue.”

For now, I will assume this was a hack, which (again) I find to coincide interestingly with the DNC hack. The Clinton Foundation does get far too much money from the Saudis, but we can review Hillary’s actual funding to be sure that Mo bin Salman is not funding her campaign directly.

In entirely unrelated news I’ll put here anyway, the big Saudi investor Alwaleed bin Talal is now Twitter’s second largest investor.

Prince Alwaleed Bin Talal Bin Abdulaziz Alsaud, who in 2011 invested $300 million in the social network, now owns 34.9 million shares of Twitter’s common stock, according to a new regulatory filing (pdf).

At nearly 5.2%, his stake in the company is now larger than that of Jack Dorsey, Twitter’s co-founder and newly re-minted CEO, whose 21.86 million shares give him 3.2% of the company, according to FactSet. (The prince previously had a stake of roughly 3%.)

Particularly given that Twitter isn’t exactly a great investment, I find Alwaleed’s interest in it notable.

Tuesday: Going Alone

I’ve been so damned angry I’ve had difficulty wrapping words around what I want to say. It’s still Tuesday somewhere, so I’ll grit this out.

Assault weapons should be banned for sale to civilians.

Spare me the crap about hunters and taking their guns. My freezer contains 25 to 100 pounds of venison at any time. This household lives off the results of hunting and respects the power of firearms. None of this meat required an assault weapon.

If an assault weapon had been used, it would have been a waste of a deer tag. There’d be no meat left.

The embedded video above shows the damage hunting ammo does at close range — approximately 15-20 feet — on meat. The next video shows the damage #4 and #8 birdshot can do at short range, even through multiple layers of denim and drywall. Imagine what an assault weapon would do to flesh at similar range.

Better yet, listen to what a combat vet says about assault weapons.

There’s nothing in the Second Amendment to suggest a prohibition on certain weapons is wrong; if anything, the framing of a ‘well regulated militia’ suggests limitations are in order.

There’s also nothing in the Second Amendment to suggest that gun manufacturers have an absolute right to an unrestrained business model, or to profits at the expense of the public’s general welfare.

Nor does the Second Amendment say a damned thing about catering to ‘gun enthusiasts’ who want guns for ‘pleasure’. A ‘well regulated militia’ doesn’t possess guns but as necessary for the ‘security of a free state’, not personal enjoyment.

And both embedded videos embedded make a bloody good case that arguments about assault weapons being necessary to stop a home invasion are trash. Birdshot at close range can do one hell of a lot of damage, as do 00 buckshot and a 1-oz slug.

Congress — more specifically, the GOP — needs to strap on its spine and draw the line on assault weapons. How many more dead Americans is it going to take before Congress clues in the terrorist threat is already here? It’s domestic, and it’s better armed than the police because GOP-led Congress is as weak as the GOP is against Trump.

Spare the empty moments of silence and prayers which might as well be to Moloch after another human sacrifice. Such fail at protecting the American public.

Speaking of which…

Information Security Fail

  • USAF database with records on ~100,000 investigations ‘lost’ (Defense One) — This is such bullshit, I can’t even…why is a CONTRACTOR, which may be the subject of any one of the 100K investigations, hosting and managing a database like this? What a massive conflict of interest. The database included constituent and congressional inquiries. Don’t even get me started on the fact this system relied on Microsoft Internet Explorer. Where have we seen this kind of massive loss of data including failed backups before? Hardly a surprise the data covers the period including most of the Iraq and Afghanistan wars as well as the construction of the F-35. Somebody better lose their job for this crap, and there’d better be a respectable investigation instead of the usual fluffery hiding billions of lost dollars.
  • DNC database infiltrated by the Russians (WaPo) — DNC Chair Debbie Wasserman-Schultz needs to be walked out the door for this bullshit, along with responsible IT management. As if anyone able to sit up and take nourishment couldn’t see the DNC computer systems would be a target for cybercrime and cyberwarfare. No excuses for this during the run-up to a general election season, especially when her favorite candidate is already floundering because of information security failures during her tenure as Secretary of State. This bit:

    The depth of the penetration reflects the skill and determination of the United States’ top cyber adversary as Russia goes after strategic targets, from the White House and State Department to political campaign organizations.

    Total blowjob for access. If the hackers got in by spearphishing as suggested in the article, there’s no finesse required. Just poorly trained/educated users and no firewall between email and database. The only thing that surprises me about this is that ransomware wasn’t deployed. Imagine it: a major U.S. political party ground to a halt by spearphish-delivered ransomware.

  • University of Calgary paid CDN$20K after ransomware attack (Calgary Herald) — First heard about this attack the end of May. Looks like the school had no choice but to offer the bitcoin equivalent of $20K to release their systems, which says a lot about backup systems and rebuild cost. Considering the broad range of users at universities and widely different levels of experience and training, I’m surprised we haven’t seen more ransomware attacks on schools. Though monetarily they’re less appetizing than other targets, and may have more resources to deal with the threat if they have a strong IS/IS program.
  • Chinese IBM employee arrested for trade secret theft (Reuters) — The indictment (pdf) says the now-former IBM employee stole proprietary software related to hyperscale storage clusters, or what most consumers would know as ‘cloud storage’. This is a technology segment in which the U.S. still has considerable clout in terms of marketshare, and in terms of global economic impact based on its use. Reporting on this indictment has been vague, referring to the technology at the heart of this case as ‘networking software’. It’s more complex than that; the proprietary software underpins storage and retrieval of data across networked large storage devices. (Hi blueba. Just checking to see if you missed me. Can’t let the Russians have all the fun.)

Basta. Enough. Let’s hope Wednesday is kinder than the last handful of days have been.

Friday: Ball and Chain

This end-of-the-work-week observation is a little different. I’ve posted some not-jazz jazz for your listening pleasure. This piece called Ball and Chain is performed by a loosely joined group of people who worked on development of a subgenre of jazz during the 1990s. It’s called M-base — short for “macro-basic array of structured extemporization” — which relies on improvisation along with non-European elements as jazz does. But its artists’ deliberation in composition combined with a more contemporary flare set this style of music apart from other jazz.

Sample a couple more pieces with a little extra estrogen — Cassandra Wilson’s vocals in You Don’t Know What Love Is, and Geri Allen’s keyboarding here with Esperanza Spalding and Terri Lyne Carrington performing Unconditional Love at a recent Jazz in Marciac festival. Wilson and Allen have both been members of the M-base collective, along with Steve Coleman, Robin Eubanks, Graham Haynes, and Greg Osby. I recommend searching out each of those folks in YouTube to explore their continuation of M-base in their work.

That’s enough to get you through your Friday evening nightcap. You’ll probably need one after this stuff.

Volkswagen’s Dieselgate

Living in a Digital World

  • Twitter says it wasn’t hacked after millions of users’ account data appears online (Bloomberg) — Hey, listen up, boneheads complaining about your Twitter account being locked: 1) Change your password periodically (like every 12 weeks) and 2) DON’T USE THE SAME PASSWORD ON MORE THAN ONE ACCOUNT. Looks like some folks haven’t learned that once one account is breached, more are at risk if they use the same password or a previous iteration from another account. ~smh~ It would take very little to create a database of breached addresses from multiple platforms and compare them for same passwords. If, for example, [123456PW] is used on two known accounts, why wouldn’t a hacker try that same password on other accounts attached to the same email address?
  • Oklahoma state police bought debit card scanning devices (KGOU) — They’re not merely reading account data if they pull you over and take your card to scan for information. They may confiscate any funds attached to the card, too, under civil forfeiture. This is ripe for abuse and overreach, given poor past legal precedent. Why is a magnetic strip any different than your wallet?

Economics of a different kind

  • Economics don’t match reality, and the root of the problem is academic (BloombergView) — Each of “coffee house macro,” finance macro, Fed macro, and academic macroeconomics are grossly out of sync with reality. But the root of this distortion is the one thing they all have in common: their origin in academic economics. Yeah — academia has become little more than an indoctrination factory for the same flawed concepts, while reducing any arguments against the current “free market uber alles” thought regime.
  • Adbusters isn’t waiting for academia; they’re ready to Battle for the Soul of Economics (kickitover.org) — Check it, social media warfare has begun.

That’s a wrap on this week. I’m fixing myself a stiff belt and shuffling off to bed. Catch you Monday, the Fates willing and the creek not rising due to climate change.

The SSCI Contemplates Splitting CyberCommand from DIRNSA

The Intercept’s Jenna McLaughlin liberated a copy of the Senate Intelligence Committee’s Intelligence Authorization for 2017 which was passed out of committee a few weeks back. There are two really shitty things — a move to enable FBI to get Electronic Communications Transaction Records with NSLs again (which I’ll return to) and a move to further muck up attempts to close Gitmo.

But there are a remarkable number of non-stupid things in the bill.

I’m particularly interested in this language.

Screen Shot 2016-06-10 at 9.01.03 AM

Unless I’m completely misreading it, this section would require the Director of NSA to be a separate person from the head of CyberCommand. It would require Admiral Mike Rogers’ current dual hat to be split.

Correction: DIRNSA and CyberCom would only need to be split if CyberCom gets elevated to be a full combatant command.

That’s a recommendation the President’s own Review Group made back in 2013, only to have the President pre-empt PRG’s recommendation before they could publicize it. It would also likely have some impact on NSA’s decision, earlier this year, to combine the Information Assurance Directorate — NSA’s defensive organization — in with its offensive mission.

Frankly, I think our entire cybersecurity approach deserves a more open debate. The IC has done a pretty crummy job at defending us from attacks, and it’s not clear what purpose their secrecy about that serves.

But I am intrigued that SSCI seems to think NSA should retain its defensive capability, independent of all its offensive ones.

Monday Morning: Tarantela [UPDATE]

I could listen to this piece on a loop. It’s Santiago de Murcia’s “Tarantela,” performed by noted lutist Rolf Lislevand. The instrument he is playing is as important as the music and his artistry; it’s an extremely rare Stradivarius guitar called the Sabionari. While tarantellas more commonly feature additional instruments and percussion like tambourines, this instrument is stunning by itself.

You can learn more about the Sabionari at Open Culture, a site I highly recommend for all manner of educational and exploratory content.

And now to dance the tarantella we call Monday.

Wheels

  • What’s the German word for ‘omertà’? Because Volkswagen has it (Forbes) — Besides the use of obfuscation by translation, VW’s culture obstructs the investigation into Dieselgate by way of a “code of silence.” And money. Hush money helps.
  • Growing percentage of VW investors want an independent investigation (WSJ) — An association 25,000 investors now demands an investigation; the problem continues to be Lower Saxony, the Qatar sovereign-wealth fund and the Porsche family, which combined own 92% of voting stock.
  • VW production workers get a 5% pay raise (IBT) — Is this “hush money,” too, for the employees who can’t afford to be retired like VW’s executives? The rationale for the increase seems sketchy since inflation is negligible and VW group subsidiary workers at Audi and Porsche won’t receive a similar raise.
  • Insanity? VW Group a buy opportunity next month (The Street) — Caveat: I am not a stockbroker. This information is not provided for investment purposes. Your mileage may vary. But I think this is absolute insanity, suggesting VW group stock may offer a buy opportunity next month when VW publishes a strategy for the next decade. If this strategy includes the same utterly opaque organization committing fraud to sell vehicles, is it smart to buy even at today’s depressed prices? The parallel made with Apple stock is bizarre, literally comparing oranges to Apples. Just, no.

Bad News (Media)

Cybersec

  • Organized criminals steal $13M in minutes from Japanese ATMs (The Guardian) — And then they fled the country. What?! The mass thefts were facilitated by bank account information acquired from an unnamed South African bank. Both Japan and SA use chip-and-pin cards — so much for additional security. Good thing this organized criminal entity seeks money versus terror. Interesting that the South African bank has yet to be named.(*)
  • Slovenian student receives 15-month suspended sentence for disclosing state-created security problems (Softpedia) — The student at Slovenia’s Faculty of Criminal Justice and Security in Maribor, Slovenia had been investigating Slovenia’s TETRA encrypted communications protocol over the last four years as part of a school project. He used responsible disclosure practices, but authorities did not respond; he then revealed the encrypted comms’ failure publicly to force action. And law enforcement went after him for exposing their lazy culpability hacking them.
  • Related? Slovenian bank intended target for Vietnamese bank’s SWIFT attempted hack funds (Reuters) — Huh. Imagine that. Same country with highly flawed state-owned encrypted communications protocol was the target for monies hackers attempted to steal via SWIFT from Vietnamese TPBank. Surely just a coincidence, right?

Just for the heck of it, consider a lunch read/watch on a recent theory: World War 0. Sounds plausible to me, but this theory seems pretty fluid.

Catch you here tomorrow morning!

* UPDATE — 1:20 P.M. EDT —
Standard Bank reported it had lost 300 million rand, or USD $19.1 million to the attack on Japanese ATMs. First reports in South African media and Reuters were roughly 11 hours ago or 9:00 a.m. Johannesburg local time. It’s odd the name of the affected bank did not get wider coverage in western media, but then South Africa has a problem with disclosing bank breaches. There were five breaches alleged last year, but little public information about them; they do not appear on Hackmageddon’s list of breaches. This offers a false sense of security to South African banking customers and to banks’ investors alike.

Japan Times report attribute the thefts to a Malaysian crime gang. Neither Japan Times nor Manichi mention Standard Bank’s name as the affected South African bank. Both report the thefts actually took place more than a week ago on May 15th — another odd feature about reporting on this rash of well-organized thefts.

Friday Morning: Mi Ritmo

Oye como va
Mi ritmo
Bueno pa gozar
Mulata

— excerpt, Oye Como Va by Tito Puente

This Latin jazz song was on the very first album I owned — Santana’s Abraxas. I have no idea what possessed my father to select this way back in 1971 because he’s not musically inclined. I prefer to think he was persuaded by the music store staff to buy it for me rather than think the cover art did it for him. To this day I don’t dare ask; I’d rather live with my illusion.

Perhaps he simply liked Oye Como Va by Tito Puente and decided I needed it. Maybe that’s what he wanted to listen to when I played the album over and over again, ad nauseam. The song is still easy to listen to even when played by a septuagenarian, isn’t it? Though Puente probably still felt the same way about this song in his last live performance as he did when he first recorded it in 1963.

The personal irony I’m certain my father never considered: the last line is a reference to a mixed race “mulatto” woman. That’s me.

Vamos, amigos!

Wheels

  • South Korea frustrated by Volkswagen’s response to Dieselgate (Yonhap) — Hard to tell how many VW passenger diesel cars with the emissions controls defeat tech have been sold in South Korea to date. Last year’s sales of 35,700 suggest VW needs to exert itself a little more than offer to recall a total 125,000 cars.

Technology Trends

  • Breakthrough in memory technology could change computing dramatically (IBM via YouTube) — I’m still trying to wrap my head around this; could be the simplicity of the underlying science seems so obvious I can’t understand why it wasn’t discovered sooner. Using polycrystalline rather than amorphous material, more data can be stored and in a manner which is stable and not prone to loss when electricity is cut. This technology could replace DRAM at flash memory prices. Imagine how quickly systems could begin processing if they could avoid seeking programs and data.
  • Google’s annual I/O event chary on enterprise computing (ComputerWorld) — Wonder if Google executives’ expressed intent to focus on the enterprise is a veiled threat directed at Oracle? The I/O annual conference didn’t have enough enterprise applications to satisfy the curious; is Google holding back? Or are there pending acquisitions to fill this stated intent, ones not yet ready for publication? I wouldn’t be surprised to see Google launch something on par with Salesforce or Zoho very soon. Google Drive components already compete with or are integrated with some of those Zoho offers in its small business offering.
  • Android’s coming to Chromebooks — finally! (Google Blog) — I’ve put off buying another laptop until this happened, guess I’ll look at the first three models on which developers will focus their development. The applications available for Android phones have been mind-boggling in number; it’d be nice to have the same diversity of selection for laptops. And then maybe desktops in the not-too-distant future? That would really make a dent in enterprise computing.

Cybersec

  • Security camera not password protected? Police may be able to tap it (Engadget) — Love the subhead: “Don’t worry, it’s supposed to be for a good cause.” Just add the invisible snark tag. Purdue University researchers found surveillance cameras could be tapped to allow law enforcement to monitor a crime scene. I don’t know about you but this sounds like a backdoor, not a convenient vulnerability. If the police can use it soon, who might already be using it?
  • Qualcomm mobile chip flaw leaves 60% of Android devices exposed (Threatpost) — Not good, especially since this boo-boo may affect both oldest and newest Android versions. But a malicious app is required to take advantage of this flaw, unlike the Stagefright exploit. Android has already issued a patch; the problem is getting it to all affected devices.
  • LinkedIn’s 2012 breach yielded info on more than 100 million accounts (Motherboard) — Only 6.5 million accounts were initially breached — but that’s only the first batch published online. The actual haul from 2012 was at least 117 million accounts, now for sale for a mere five bitcoins or $2200. Are you a LinkedIn user? Time to check Have I Been Pwned? to see if your account is among those in the breach.

Climate Crises

  • Record high temp of 51C (124F) recorded in India (The Register) — Drought continues as well; article notes, “Back in India, relief from the heat is expected when the annual monsoon hits. The cooling rains generally arrive in mid-June.” Except that with a monster El Nino underway, the amount of rain and cooling will depart from average.
  • Polymath Eleanor Saitta considers climate change and comes to some grim, mortal conclusions (Storify by @AnthonyBriggs) — If you’re a policymaker, you’d better worry about dealing effectively with climate refugees and deaths in the millions. Maybe billions. Refugees from Syria will look like a minuscule blip. If you’re not terrified, you should be.

Looks like it’s going to be a lovely late spring weekend here — hope you’re going to have a nice one, too. See you Monday!

1 2 3 52