Friday Morning: Afro-Cuban Coffee

/28 Comments/in , , /by

I should just dedicate Fridays to different genres of jazz. Today feels like a good day for Afro-Cuban jazz.

This chap, Francisco Raúl Gutiérrez Grillo, who performed under the name Machito with his Afro-Cubans, was an incredibly important innovator shaping Afro-Cuban jazz as well as modern American music. He was important to race in the music industry as well, as his Afro-Cubans may have been the first multi-racial band.

I’m brewing some Café Bustelo before I bust out my dancing shoes. ¡Vamonos!

Judge applies ‘Parkinson’s Law’ to VW emissions cheat case
You know the adage, “work expands so as to fill the time available for its completion”? U.S. District Court Judge Charles Breyer gave Volkswagen 30 days to come up with a fix* for all the emissions standards cheating passenger diesel engine cars in the class action lawsuits he oversees in San Francisco. Gotta’ love this:

“It’s an ongoing harm that has to be addressed … I’ve found the process is a function of how much time people have available to fill. The story about lawyers is that that if you give them a year to do something, it will take them a year to do something. If you give them 30 days to do something, they’ll do something in 30 days.”

As time passes, vehicle owners are increasingly damaged as no one wants to buy their cars and their investment is lost. Hence the aggressive time limit.

* Caution: that link to SFGate may autoplay video and ad content. Really, SFGate? That’s such hideously bad form.

Rough road ahead in Saudi Arabia to a post-oil world
This piece in WaPo paints a grim picture of cheap oil’s impact on Saudi Arabia — and there are huge pieces missing. Worth a read while asking yourself how much Saudis are spending on military efforts against Yemen and Syria, and what new industries they’re investing in to replace oil-based employment.

Took long enough: Software and social media firms get Apple’s back
Did their legal departments finally read the case thoroughly and realize they had skin in this game, too? Who knows — but Google as well as Microsoft are planning to file amicus briefs in support of Apple. Microsoft had already indicated they would support Apple in a congressional hearing yesterday morning; Google piped up later. The latest skinny is that Facebook and Twitter both intend to file briefs as well in favor of Apple. Looks like Microsoft’s current management took an 180-degree turn away from progenitor Bill Gates’ initial response, hmm?

Hit and run

That’s a wrap on this week. Keep your eyes peeled for news dumps while folks are still picking apart last night’s GOP-cast reality TV show. And make time to dance.

EDIT — 8:40 AM — Ugh, why didn’t the Detroit News publish this piece *yesterday* instead of a Friday morning? Michigan’s Gov. Snyder’s “inner circle” exchanged emails advising a switchback from Flint River a year before the switchback took place, and only three weeks before Snyder’s re-election. There was enough content in this to go to press without waiting for a quote from one of the former advisers.

Share this entry

Thursday Morning: Snowed In (Get It?)

/8 Comments/in , , /by

Yes, it’s a weak information security joke, but it’s all I have after shoveling out.

Michigan’s winter storm expanded and shifted last night; Marcy more than caught up on her share of snow in her neck of the woods after all.

Fortunately nothing momentous in the news except for the weather…

Carmaker Nissan’s LEAF online service w-i-d-e open to hackers
Nissan shut down its Carwings app service, which controls LEAF model’s climate control systems. Carwings allows vehicle owners to check information about their cars on a remote basis. Some LEAF owners conducted a personal audit and hacked themselves, discovering their cars were vulnerable to hacking by nearly anyone else. Hackers need only the VIN as userid and no other authentication to access the vehicle’s Carwings account. You’d think by now all automakers would have instituted two-factor authentication at a minimum on any online service.

Researcher says hardware hack of iPhone may be possible
With “considerable financial resources and acumen,” a hardware-based attack may work against iPhone’s passcode security. The researcher noted such an attempt would be very risky and could destroy any information sought in the phone. Tracing power usage could also offer another opportunity at cracking an iPhone’s passcode, but the know-how is very limited in the industry. This bit from the article is rather interesting:

IOActive’s Zonenberg, meanwhile, told Threatpost that an invasive hardware attack hack is likely also in the National Security Agency’s arsenal; the NSA has been absent from discussions since this story broke last week.

“It’s been known they have a semiconductor [fabrication] since January 2001. They can make chips. They can make software. They can break software. Chances are they can probably break hardware,” he said. “How advanced they were, I cannot begin to guess.”

The NSA has been awfully quiet about the San Bernardino shooter’s phone, haven’t they?

‘Dust Storm’: Years-long cyber attacks focused on intel gathering from Japanese energy industry
“[U]sing dynamic DNS domains and customized backdoors,” a nebulous group has focused for five years on collecting information from energy-related entities in Japan. The attacks were not limited to Japan, but attacks outside Japan by this same group led back in some way to Japanese hydrocarbon and electricity generation and distribution. ‘Dust Storm’ approaches have evolved over time, from zero-day exploits to spearfishing, and Android trojans. There’s something about this collected, focused campaign which sounds familiar — rather like the attackers who hacked Sony Pictures? And backdoors…what is it about backdoors?

ISIS threatens Facebook’s Zuckerberg and Twitter’s Dorsey
Which geniuses in U.S. government both worked on Mark Zuckerberg and Jack Dorsey about cutting off ISIS-related accounts AND encouraged revelation about this effort? Somebody has a poor grasp on opsec, or puts a higher value on propaganda than opsec.

Wonder if the same geniuses were behind this widely-reported meeting last week between Secretary of State John Kerry and Hollywood executives. Brilliant.

Case 98476302, Don’t text while walking
So many people claimed to have bumped their heads on a large statue while texting that the statue was moved. The stupid, it burns…or bumps, in this case.

House Select Intelligence Committee hearing this morning on National Security World Wide Threats.
Usual cast of characters will appear, including CIA Director John Brennan, FBI Director James Comey, National Counterterrorism Center Director Nicholas Rasmussen, NSA Director Admiral Michael Rogers, and Defense Intelligence Agency Director Lieutenant General Vincent Stewart. Catch it on C-SPAN.

Snow’s supposed to end in a couple hours, need to go nap before I break out the snow shovels again. À plus tard!

Share this entry

Wednesday Morning: If It Ain’t Baseball, It’s Winter

/8 Comments/in , , /by

It may be sunny and 90F degrees where you are, but it’s still winter here. A winter storm warning was issued here based on a forecast 12 inches of snow and 35 mph winds out of the northeast off Lake Huron. For once, Marcy’s on the lee side of this storm and won’t be blessed with the worst of this system.

I’ll cozy up in front of the fireplace and catch up on reading today, provided we don’t have a power outage. Think I’ll nap and dream of baseball season starting in roughly five weeks.

Before the snow drifts cover the driveway, let’s take a look around.

Hey Asus: Don’t do as we do, just do as we say
Taiwanese computer and network equipment manufacturer Asus settled a suit brought by the Federal Trade Commission over Asus leaky routers. The devices’ insecurities were exposed when white hat hacker/s planted a text message routers informing their owners the devices were open to anyone who cared to look. Terms of the settlement included submitting to security auditing for 20 years.

What a ridiculous double standard: demand one manufacturer produce and sell secure products,while another government department demands another manufacturer build an insecurity.

Ads served to Android mobile devices leak like a sieve
Researchers with the School of Computer Science at the Georgia Institute of Technology presented their work yesterday at 2016 Network and Distributed System Security Symposium, showing that a majority of ads not only matched the mobile user but revealed personal details:

• gender with 75 percent accuracy,
• parental status with 66 percent accuracy,
• age group with 54 percent accuracy, and
• could also predict income, political affiliation, marital status, with higher accuracy than random guesses.

Still some interesting work to be presented today before NDSS16 wraps, especially on Android security and social media user identity authentication.

RICO – not-so-suave – Volkswagen
Automotive magazine Wards Auto straps on the kneepads for VW; just check this headline:

Diesel Reigns in Korea as Volkswagen Scandal Ebbs

“Ebbs”? Really? Au contraire, mon frère. This mess is just getting started. Note the latest class-action lawsuit filed in California, this time accusing VW and its subsidiaries Audi and Porsche as well as part supplier Bosch of racketeering. Bosch has denied its role in the emissions controls defeat mechanism:

…The company has denied any involvement in the alleged fraud, saying it sold an engine control unit to Volkswagen, but that Volkswagen was responsible for calibrating the unit.

The scandal’s only just getting going when we don’t know who did what and when.

Worth noting Wards’ breathless excitement about VW passenger diesel sales uptick in South Korea. But then Wards ignores South Korea’s completely different emissions standards as well as the specifics in promotions for that market. Details, details…

Splash and dash

Don’t miss Ed Walker’s latest in his series on totalitarianism and Marcy’s fresh exasperation with polling on FBI vs Apple. Wind’s brisk out of the north, bringing the first wave of flurries. I’m off to check the gasoline in the snowblower and wax my snow shovels.

Share this entry

Tuesday Morning: Changing the Tenor

/17 Comments/in , , , /by

Once in a while, I indulge in the musical equivalent of eating chocolate instead of a wholesome meal. I’ll listen to my favorite tenors on a continuous loop for an afternoon. I have a weakspot for Luciano Pavarotti and Franco Correlli, though the latter isn’t one of the Three Tenors.

Speaking of which, this video features a really bizarre event: the Three Tenors performing at Los Angeles’ Dodgers Stadium in 1994. Poppy and Barbara Bush are there in the audience, too. What a supremely odd venue! And yet these guys did a bang up job in such a huge, open space. Pavarotti’s Nessun Dorma at ~1:05 is my favorite cut, but it’s all fun.

Now let’s change the tenor…

Former Microsoft CEO Bill Gates sides with FBI against Apple
Gates isn’t the best salesman for this job, promoting compelled software. Given Gates’ role as technology adviser to Microsoft’s current CEO Satya Nadella, how persistently invasive Windows 10 is, and Microsoft software’s leaky history, Gates comes off as a soldato for USDOJ. Do read the article; it’s as if Gates was so intent on touting USDOJ’s line that he didn’t bother to read any details about USDOJ’s demands on Apple.

UPDATE — 10:25 AM EST — Poor Bill, so misunderstood, now backpedaling on his position about Apple’s compliance. This, from a Fortune 100 technology adviser…~shaking my head~

Gates talks out of the other side of his face on climate change
Unsurprisingly, Bill Gates also looks less than credible when he pleads with students for an ‘energy miracle’ to tackle climate change. This is shameless: first, guilt-tripping minors in high school, second for the blatant hypocrisy. The Bill and Melinda Gates Foundation continues to hold investments in ExxonMobil, BP, and Shell because of their yields. Not exactly a commitment to alternative energy there. How’s that investment strategy working for you now, Gates?

Fossil fuel-based industries: wall-to-wall bad news
Speaking of crappy investments in dirty hydrocarbons, conditions are just plain ugly.

Office of Personnel Management’s CIO steps down
Donna K. Seymour stepped down from her role, the second OPM management team member to leave after the massive hack of U.S. government personnel records. She was scheduled to appear before Congress this week; that hearing has now been canceled by House Oversight and Government Reform Committee chair Jason Chaffetz. Huh. That’s convenient. Wonder if she would have said something that reflected badly on a previous GOP administration? This bit from the linked article is just…well…

FBI Director James Comey called the hacks an “enormous breach,” saying his own data were stolen. U.S. authorities blamed China, which strongly denied the accusation before it said in December that it had arrested several “criminal” Chinese hackers connected to the breach.

Wow, I wonder what China could do if they had access to every U.S. government employees’ iPhone? Anybody asked Comey what kind of phone he carries?

That’s a wrap. I’m off to listen to something sung in a sweet tenor voice.

Share this entry

Monday Morning: Let’s Mambo

/9 Comments/in , /by

When your Monday begins to drag — and you know it will at some point — put on a little mambo.

Especially Perez Prado‘s Mambo Number 5 and Mambo Number 8. They’ll spice up your day, get it back on track. There are some more recent covers and mashups of Prado’s mambos, but they just aren’t the same as the originals.

Be careful where you play this stuff; it’ll make your mother or grandmother move in ways you may not want to watch.

Let’s cha-cha-cha…

“Damn it Jim, what the hell is the matter with you?”*
FBI-Comey_TakeADeepBreath_21FEB2016
FBI was still trying to dig itself out of a hole on Saturday evening, resorting to damage control mode yesterday. Note, though, Director James Comey’s statement at Lawfare and subsequent coverage at the Los Angeles Times don’t mention at all the screwed up handling of San Bernardino shooter Syed Farook’s iPhone. Take that deep breath, then save it to cool your soup, eh?

So I’m following the map that leads to you
Nope, not Maroon 5, but Facebook’s Connectivity Lab, building a map of the network it claims will help it understand how best to reach populations with poor to no internet. A map, to people not on the map? Creepy, like a stalker ex-boyfriend with global reach. Can’t wait for the conditions by which the U.S. government claims it needs access to that.

Radioactive materials gone walkabout in Iraq now found
This is a strange story. Not the part about a testing device containing radioactive Ir-192 used by a Turkish oil pipeline inspection services company that went missing in November but not reported by media until last week, or the part where the device turned up this weekend, dumped by a gas station. Nor even the odd description of the discovery:

“A passer-by found the radioactive device dumped in Zubair and immediately informed security forces,” the chief of security panel in Basra provincial council, Jabbar al-Saidi, said.
“After initial checking I can confirm the device is intact 100 per cent and there is absolutely no concern of radiation.”

What’s strange is the coverage of this story: picked up by mostly conservative outlets, not widely covered in large news outlets. Huh. Weird. Pick out some key words from the story and do a search yourself, compare to coverage on other stories. Heck, it doesn’t even show up on Reuter’s Middle East and Africa site this morning, though they first broke the story.

Not-so-happy anniversary, Q-1 Predator drone
15 years now this death-from-the-sky has been in use. Sadly, it’s become embedded in our culture now.

All right, time to set this aside and put on my dancing shoes. ¡Vamonos! ¡Baile!

* gratuitous Star Trek quote, Dr. Leonard “Bones” McCoy to Captain James T. Kirk.

Share this entry

Friday Morning: All That Jazz

/38 Comments/in , , , /by

If you have to ask what jazz is, you’ll never know. — Louis Armstrong

It’s Friday. Don’t ask, just play.

If you thought FBI vs Apple was part of a plan to break Silicon Valley on encryption, it was
This will be the big buzz today: a secret “decision memo” reveals the government set out to access encrypted user data while putting on a good front about its relations with software companies. No information available about the source (or timing) of the memo; wouldn’t it be ironic if this secret memo had been hacked from a smartphone user’s data?

The Atlantic looks at the government’s attempt to force Apple to write code for their purposes as conscription. The secret memo bolsters this argument.

Looks like Apple may also claim the government is compelling speech. They’ve pulled out the big guns by hiring lawyers Ted Olson and Theodore Boutrous to work on this case.

Whiny telcos upset with Facebook eating their lunch with WhatsApp messaging
Like they couldn’t have seen this coming? Telcos in parts of the world like Central America and Europe have long charged uncompetitive rates for poor messaging service. Enter Facebook, which snapped up WhatsApp and integrated the messaging app in its social media platform. Facebook members now have a free messaging platform that works almost globally. The telcos are now upset that Facebook has eaten their text messaging profits. ¡Qué lástima! Though I admit I wonder if part if this grousing is really a front for governments who don’t like WhatsApp’s threat to intelligence access via telcos’ messaging services.

Citigroup’s Corbat gets a 27% pay increase
Too Big to Fail pays very well, for a very few. For Citigroup’s CEO Michael Corbat, it pays roughly $16.5 million this past year, up from $13 million the previous year. Corbat’s raise rewards him for Citibank’s improved fortunes, based in part on cutting less profitable businesses — like exiting retail banking in Argentina and Brazil.

Mercedes sued for not-so-clean diesel emissions
In a slightly different situation than with automaker VW, Daimler’s Mercedes is accused of selling diesel powered vehicles that do not meet emissions standards at low temperatures. The lawsuit was filed yesterday in New Jersey by a vehicle owner in Illinois, based on information published in Der Spiegel and the results of a study conducted by independent testing agency TNO for the Dutch Ministry of Infrastructure and the Environment. The problem at the heart of the suit:

“…the device in Mercedes’s diesel models turns off pollution controls at temperatures below 50 degrees Fahrenheit (10 Celsius), allowing the autos to violate emissions standards, according to the complaint.”

Mercedes did not disclose to buyers that its BlueTec technology, a system relying on use of urea-based NOX reduction, emitted NOX levels well above emissions standards at low temperatures. I would not be surprised to see more cases soon against Daimler and its Mercedes brand as BlueTec technology has been used in both passenger vehicles and commercial trucks for most of the last ten years.

On our mind: SKYNET
We haven’t forgotten the issue of U.S. military killing innocents *Oops!* from the sky based on metadata. Worth reading:

A “machine learning algorithm”? Imagine this in self-driving cars, hijacked via backdoors by hackers and governments. The ethics behind this technology must be widely debated in public now, before it moves beyond its already-abused role in drone-based warfare.

Should be an entertaining Friday; watch for government spokespersons to indulge in a lot of fancy-footwork jazz today.

Share this entry

Thursday Morning: Number 49

/38 Comments/in , , /by

Name day of Saint Simon (Simeon), and Greek name day for Leon and Agapitos, it’s also the 49th day of the year, only 317 more to go. Make the best of it, especially if your name is Simon, Leon, or Agapitos.

Hollywood hospital paid ransom — $17K in bitcoin, not millions
See the official statement linked in this updated report. Speed and efficiency drove the payment. Given the difference between the original amount reported and the amount paid in ransom, one might wonder if there was a chaining of devices, or if many less important devices will be bricked.

Laser pointed at Pope Francis’ plane over Mexico
Someone pointed a laser at the Pope’s flight just before it landed in Mexico City yesterday, one of the highest profile incidences of “lasering” to date. The incident follows an international flight forced back to Heathrow on Monday after one of its pilots suffered eye injury from a laser. Thousands of laserings happen every year; it’s illegal in the U.S. and the U.K. both, but the U.S. issues much stiffer penalties including fines of $10,000 and prison time. If Mexico doesn’t already treat lasering firmly, it should after this embarrassing and threatening incident.

Air strike on Doctors Without Borders/Médecins Sans Frontières’ Syrian hospital spurs call for investigation
It’s absolutely ridiculous how many MSF medical facilities have been hit air strikes over the last year, the latest west of Aleppo in Syria. MSF has now called for an independent investigation into this latest attack which killed nine medical personnel and more than a dozen patients. This particular strike is blamed on the Syrian government-led coalition, but Russia and the U.S. have also been blamed for attacks on MSF facilities this year, including the hospital in Kunduz, Afghanistan last October. You’d think somebody had it out for MSF specifically.

Is China rousing over Korean peninsula escalation?
Tension spawned by North Korea’s recent nuclear test, missile and satellite launches, as well as South Korea’s pull back from Kaesong industrial complex and U.S. F-22 flyovers have increased rhetoric in media.

Just as it is in the U.S., it’s important to note the origin and politics of media outlets covering China. GBtimes, for example, covers Chinese stories, but from Finland. ~head scratching~

All Apple, all the time
A huge number of stories published over the last 24 hours about Judge Sym’s order to Apple regarding unlocking capability on San Bernardino shooter Syed Farook’s iPhone.

I wonder if this is really a Third Amendment case, given the lack of daylight between the FBI and the U.S. military by way of Joint Terrorism Task Force involvement, and the case at hand in which a non-U.S. citizen’s illegal activities (Farook’s wife Tashfeen Malik) may have triggered related military counterterrorism response. Has the U.S. government, by demanding Apple create code to permit unlocking the shooter’s iPhone, insisted on taking private resources for government use? But I’m not a lawyer. What do I know?

That’s it for now. Thursday, February 18th is also “Teen Missed the Bus Day”; ‘Agapitos’ he is not at the moment. Kid’s going to owe me some time helping with the next morning post.

Share this entry

Wednesday Morning: Quelle couleur est-ce?

/20 Comments/in , /by

I think vestigially there’s a synesthete in me, but not like a real one who immediately knows what colour Wednesday is. — A. S. Byatt

A lot of people will ask what day it is today, but few will ask what color.

Ed Walker put up a great post late last evening, one that deserves more oxygen. Do check it out.

Hospital held hostage for millions by ransomware
Hey Hollywood! A hospital in your backyard has been “infected” with ransomware, their enterprise system tied up until administration coughs up $3.6 million.* Didn’t see that coming, huh? Law enforcement is involved, though if they haven’t managed to resolve other smaller ransomware attacks, they won’t solve this before it critically affects patients’ care.

This is a pretty good (if unfortunate) example of business continuity crisis. Remember Y2K and all the hullaballoo about drills and testing for enterprise failure? We still need that kind of effort on a regular basis; how do you run your biz if all electronics go dark, for any reason?

(* US articles say $3.6M; CAN article linked says $5M. Currency difference, or an increase in the demand?)

Google found critical vulnerability in GNU C Library
CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow” Huh? What? If you read Google’s blog post about this yesterday, you were probably scratching your head. Some Googlers struggle with writing in plain English. Here’s what tech news outlets interpreted from that google-degook:

Ars Technica: “Extremely severe bug leaves dizzying number of software and devices vulnerable
BBC: “Glibc: Mega bug may hit thousands of devices
Threatpost: “Critical glibc Vulnerability Puts All Linux Machines at Risk

In a nutshell, if you’re running Linux, patch your systems, stat.

Petroleum’s still a problem

  • Iran’s not going along with Saudi-Russia-OPEC agreement on oil production limits. Iran wants to return to pre-sanction production levels before it makes any concessions.
  • Oil glut and tanked prices creates secondary challenges. Saudi’s youth now have entirely different prospects for employment now that oil cannot guarantee national wealth or careers with good pay. Will this cause political volatility in RSA? Wonder what will happen in smaller oil-producing countries like Venezuela and Ecuador?
  • Weird outliers buck trend: Indian oil producer Chennai had a strong Q3, and First American Bank more than doubled its stake in oil development firm Anadarko. Neither of these stories make sense when oil prices have and are plummeting and show no solid sign of improvement in the next year-plus.

TBTF is still too TBTF
Neel Kashkari, Minneapolis Fed Reserve president, called for the breakup of Too-Big-to-Fail banks yesterday, as they are still a risk to the economy. Didn’t see that coming from a fed president, especially Kashkari.

Biggest tech story today: Judge ordered Apple to help hack San Bernadino gunman’s phone
Apple’s been fighting government pressure on backdoors to its products. The fight intensified after federal judge Sheri Pym ordered Apple to cooperate with the FBI to unlock encryption on a county-owned phone used by San Bernadino gunman Syed Farook. Begs the question why any government agency — local, state, or federal — would ever issue a phone with encryption the government could not crack in the first place. Seems like one answer is a government- and/or business-specific encryption patch to iOS: [IF phone = government-issued, THEN unlock with government-issued key]. Same for business-issued phones. Your own personal phone, not issued by a government agency or business? No key, period.

Phew. That’s enough for a Wednesday. Hope we can coast downhill from here.

Share this entry

Tuesday Morning: I Don’t Want It Good

/18 Comments/in , /by

I don’t want it good. I want it Tuesday.
— Jack Warner

Pretty sure Mr. Warner would get it just the way he wanted it today.

Surprise: Saudis and Russia agree mutual economic destruction = bad
Expect a rocky market today after a hush-hush agreement by Saudi Arabia and Russia to hold oil production levels to January levels. The FTSE and Brent crude have already taken a hit, though why Brent’s price dropped when supply firmed/tightened makes no sense to me. Good thing I’m not a commodities broker.

Predictable outcome: Dropbox account hacked, contents posted, then teacher fired
I feel awful for this poor teacher, whose privacy was violated and his job lost after someone hacked his Dropbox account, then posted a personal sex tape on his school’s website. Unfortunately, this is another painful real-life lesson: Do NOT store content in the cloud if the content hurt you if leaked.

Shaken by a quake? There’s an app for that
UC Berkeley Seismological Lab released an Android app called MyShake. The application detects vibration fitting earth tremor profiles and reports them to the lab for diagnostics. Enough data combined with other seismic monitoring can confirm an earthquake. The Seismological Lab hopes to build a global seismic detection network which can help detect earthquakes before they begin. With enough advance notice, humans may be able to reduce damage and injury. The Lab says the app runs silently in your phone’s background and doesn’t use up the battery, but this seems like an impossibility. Only one way to find out, though, and only one way for the lab to improve the app’s performance. An iOS version is expected in the near future.

Volkswagen fined by Mexico over emissions — but not the defeat device
Looks like VW imported more than 45,000 vehicles into Mexico without dotting all the Is and crossing all the Ts. The automaker has been fined nearly $9 million dollars (168 million pesos) for failing to obtain mandatory emission and noise certifications. Sounds like VW needs to overhaul its management culture.

Air-gapped computers may not be safe from hacking
A team of researchers from Tel Aviv University and Technion identified a means for hacking air-gapped computers in a completely separate room in order to snag data. Their method only required an antenna, amplifiers, a software-defined radio, and a laptop to measure electromagnetic waves created by a target computer as it deciphered a specific message.

There it is: it ain’t good, but you’ve got it on a Tuesday.

Share this entry

Monday Morning: Fair of Face

/18 Comments/in , , /by

Eh. Not so much. I can’t think of many working folks who greet Monday morning with joy, finding it a beautiful thing. But according to old English folk tales, a Monday birthday was supposed to bring better luck.

What good luck will today bring?

Dripping blood tips off discovery of dead body and millions in currency on plane
Reads like a murder-mystery novel, right? Except that this happened Sunday in Zimbabwe at Harare International Airport. Airport staff noticed blood leaking from the plane during refueling, after which an investigation began, revealing a dead body inside the plane and millions in South African rand on board. The plane was registered to Western Global Airlines of Florida and had been flying from Germany to South Africa. What are the odds we never hear of this plane, the body, or the currency again?

Volkswagen chief knew in 2014 U.S. would investigate; Germany wants spot checks
From scandals like Watergate, the U.S. knows the coverup is often worse than the crime. Looks like Volkswagen will learn this, too. Martin Winterkorn, VW’s former CEO, knew in May 2014 that U.S. officials suspected emissions controls defeat devices in VW’s diesel passenger vehicles. BUT…this is not quite news, as the study revealing VW’s non-compliant emissions were reported in May 2014, in a public forum, where VW asked about the results. What did Winterkorn know, and when did he know it?

Germany’s Transport Minister Alexander Dobrindt said yesterday, “There will be controls on vehicles in the style of doping tests (for athletes), …Unannounced and every year.” Dude. Come on. The defeat device evaded random tests in U.S. states like California. Random spot checks will NOT ensure emissions controls work. Only random road tests capturing real world driving outputs will do that. Dobrindt said a draft proposal outlining the test measures would be submitted to the Bundestag on Thursday. Will the lower parliament get wise to this problem?

British teen arrested for the hack on FBI, DHS, CIA director’s email, more
“I am innocent until proven guilty so I have nothing to be worried about…They are trying to ruin my life,” the 16-year-old said after his arrest last week. The most recent hack the teen is accused of included the “leak” of 30,000 FBI and DHS personnel contact information. He’s accused of being a member of Crackas With Attitude (CWA); CWA has said the hacking of CIA director Brennan’s email was “so easy to hack Brennan that ‘a 5-year old’ could have done it.” Doesn’t sound like mad hacking skillz required to pose a threat to law enforcement.

UK’s Investigatory Powers Tribunal said hacking devices by intelligence doesn’t violate human rights
British Foreign Secretary Philip Hammond believes the IPT’s ruling last week is fair, but of course, he would. The case pressed by Privacy International forced the UK’s intelligence agency GCHQ to reveal the use of mass surveillance using computer network exploits (CNE). The case can’t go any further in the UK, but could be reviewed in the EU. Wonder if these same CNE were deployed to identify the 16-year-old teenager charged with hacking Brennan?

From Department of Creepy Spouses: Man + Wife’s FitBit Data + Reddit = PG
A man asked a Reddit forum about wife’s unusual FitBit data and learned she’s pregnant. I would kick this butthead to the curb so fast if he’d been my spouse. Talk about a violation of privacy, let alone a breach of intimacy between married partners. I can only imagine how this discovery will influence hackers snooping wearable devices.

Not looking like good luck today after all. Perhaps better luck tomorrow?

Share this entry