Posts

Wednesday Morning: Whac-A-Mole

Can’t bop them on the head fast enough. There are just too many issues popping up. See which ones you can nail.

And GO!

Video popularity in Facebook’s ‘walled garden’ means change for news outlets
This is not good. This is AOL’s model come full circle. Increasingly Facebook is shutting down access from outside, forcing news outlets to move inside, and to produce video instead of text content in order to fight for attention. Numerous outlets are affected by this trend, including the former AOL (now Huffington Post). The capper is Facebook’s persistent tracking of any users, including those who click on Facebook links. What will this do to general election coverage? Facebook really needs effective competition — stat.

Weather and bad flu season raised French deaths above WWII’s rate
Wow. I knew the flu was bad last year, but this bad? Ditto for Europe’s weather, though the heat wave last summer was really ugly. Combined, both killed more French in one year than any year since the end of World War II, while reducing overall life expectancy.

FDA issues guidelines on ‘Postmarket Management of Cybersecurity in Medical Devices’ for comment
Sure hope infosec professionals jump all over this opportunity to shape policy and regulation. Imagine pacemakers being hacked like a Chrysler 300, or reprogrammed without customer knowledge like a VW diesel, or surveilling user like a Samsung smart TV…

UK’s Cameron says one thing, UK’s arms dealers another with sales of £1Bn arms to Saudi Arabia
Can’t. Even. *mumbles something about pig porker*

“The day after the prime minister [David Cameron] claimed to be ‘trying to encourage a political process in Yemen’ and declared ‘there is no military solution in Yemen’, official figures reveal that in just the three months July to September, the government approved the sale of over £1bn worth of bombs for the use of the Royal Saudi Air Force. …

[Source: The Guardian]

Lack of transparency problematic in fatal French drug trial
Like talking to a brick wall to get answers about the drug involved in one death and five hospitalizations after 94 subjects were given an experimental drug. On the face of it, simultaneous rather than staggered administration may have led to multiple simultaneous reactions.

Canadian immigrant helped two Chinese soldiers attempt theft of U.S. military aircraft plans
You want to know how ‘chaining’ works? Here’s a simple real world example allegedly used to spy on U.S. military aircraft: Identify a key node in a network; identify the node’s key relationships; sniff those connections for content and more key nodes. A Chinese immigrant in aircraft biz, located in Vancouver, shares email addresses of key individuals in the industry with Chinese officers. They, in turn, attempt to hack accounts to mine for plans, which their contact in Vancouver vets.

Now ask yourself whether these key individuals are in or related to anyone in the Office of Personnel Management database.

Ugh. Keep whacking those moles.

Tuesday Morning: Flip Off

Flip off a few caps; Death came for a few more well-loved artists. Rest well, Glenn Frey, Dale Griffin, Dallas Taylor. Gonna’ be one heck of a band on the other side. [Edit: Mic Gillette, too? Stop already, Grim Reaper, check your targeting.]

Hope the cull is done because obituaries are not my thing. Hard to type and sniffle copiously at the same time.

GM Opel dealers may be altering emissions control software on Zafira diesel cars
Great, just great. Like GM didn’t have enough on its plate with the ignition switch debacle. A Belgian news outlet reports GM Opel dealers have been changing the software on the 2014 Zafira 1.6l diesel engine passenger vehicles in what looks like a soft recall. This comes on the heels of an EU-mandated recall of Zafira B models due to fires caused by bad electronics repairs. Sorry, I don’t speak Dutch, can’t make out everything in this video report. What little I can see and read doesn’t look good. Wouldn’t be surprised if the EU puts the hurt on GM Opel diesel sales until all are fixed to meet EU emissions regulations. Should also note that a different electronics manufacturer may be involved; images online of ECUs for late model Zafiras appear to be made by Siemens — unlike Volkswagen’s passenger diesel ECUs, which are made by Bosch.

Texas manufacturer swindled out of cash by fraudulent email request, sues cyber insurer
AFGlobal, based in Houston, lost $480,000 in May 2014 after staff wired funds based on orders in emails faked by crooks overseas. The manufacturing company had a cyber insurance policy with a subsidiary of the Chubb Group, and filed a claim against it. The claim was denied and AFGlobal filed suit. This isn’t the first such loss nor the first such lawsuit. Companies need to create and publish policies documenting procedures for authorizing any online payments, including two-step authentication of identities, and review overall spending authorization processes with an eye on audit trails.

Ukrainian officials say Kiev’s main airport hacked
Hackers who attacked Ukrainian power companies in late December are believed to be responsible for the malware launched on Kiev’s airport servers. There are very few details — okay, none, zero details — about the attack and its affect on airport operations. A military spokesman only said “the malware had been detected early in the airport’s system and no damage had been done,” and that the malware’s point of origin was in Russia. Among the details missing are the date the attack was discovered and how it was detected as well as the means of removal.

Hold this thought: FBI still looking for info on cable cuts, with eye to Super Bowl link
Remember the post last summer about the 11 communications cable cuts in the greater San Francisco Bay Area near Silicon Valley? This is a hot issue again, given the impending Super Bowl 50 to be held at Levi’s Stadium in Santa Clara. But reports now mention 15 or 16 cuts, not 11 — have there been more since last summer, or were there more not included in the FBI’s request for information? I’ll do some digging and post about this in the near term.

All right, carry on, and don’t drink all the añejo at once.

Monday Morning: So Good to Me

Yeah, Mondays start off well as we emerge from the safe warm cocoon of our beds to begin our day. But Monday evenings are a different kettle of fish.

Like this Monday — we’ve enjoyed a weekend’s cozy glow from soft power exercised through diplomacy now that the IAEA kicked off the new Joint Comprehensive Plan of Action (JCPOA). By mid-morning the flying monkey hoard of dissent will saturate media, making a cesspool out of the evening news.

Can hardly wait. Meanwhile…

Un grupo de 66 accionistas de Volkswagen
I admit my command of Spanish is weak, but even at first glance this article didn’t look good for VW. A group of shareholders—again? Let’s translate:

A group of 66 shareholders of Volkswagen (VW) take legal action against the German automaker after the company distorted evidence of greenhouse gas emissions. The complaint will be presented this week, according to the British newspaper Financial Times.

El Pais reports this is the second class-action lawsuit against VW in relation to the emissions controls defeat technology; plaintiffs for this suit are believed to be investment banks. However there were dozens of class action suits in the U.S. as of last fall, including dealerships stuck with rapidly depreciating but unsalable inventory.

A second article in El Pais also noted VW’s Mueller announced additional investment in its Tennessee-based plant after apologizing to the U.S. for the emissions control ‘trick’ (this last word was ‘trucaje‘ in Spanish). VW has now lost marketshare in the EU for the first time in eight years.

USDOT, NHTSA, Automakers agree on Proactive Safety Principles — including improved cybersecurity
Seems rather feel-good in a non-binding sort of way, but USDOT and NHTSA managed to convince automakers to agree to collaborate on vehicle safety and cybersecurity. The agreement announced last week at Detroit’s auto show coordinates with the Obama administration’s proposed $4 billion budget earmark for automated vehicle research and development.

I still can’t see the benefit in individual autonomous cars over public mass transit. My gut says this White House-driven effort at coordination is really aimed at cybersecurity — and surveillance. And no mention of the Three Laws of Robotics, either.

Formic acid fuel cell to power Dutch students’ car
Now this is a great bit of automotive and alternative energy news. Students at Eindhoven University of Technology in the Netherlands are working on automotive fuel cells powered by formic acid instead of hydrogen. Much of the fuel cell technology to date relies on hydrogen, but the problem has been hydrogen generation and storage. This challenge has stymied fuel cell-powered cars for nearly two decades. Formic acid could be handled like gasoline; it is fairly easy to produce from wood pulp and other fibrous plant mass, or by catalysis, and is low in toxicity, though care must still be used in its handling.

Given the potential application beyond vehicles, I’d rather see investment in this line of automotive research.

U.S.-China Economic and Security Review Commission looking into China’s military robots
Since the 1990s there have been a number of organized cyber attacks originating in China which seek out military and industrial content. China’s recently-developed military robots look an awful lot like those developed by QinetiQ. USCESRC is hiring researchers to assess China’s current robotics capabilities, and how much of this capability arose from U.S. sources.

The article in NextGov about USCESRC’s effort characterizes QinetiQ as a “Pentagon contractor.” Funny, that.

Enjoy your peaceful Monday morning while it lasts.

Friday Morning: Damned Long Week Done

If another artist of note has died, don’t tell me. After losing David Bowie and now Alan Rickman this week, I can’t deal. We should have had another 20 years with these guys. I can think of some people I’d trade to have them back, can’t you?

JetBlue had a boo-boo: temporary data center service outage for airline
At least, that’s what was reported — JetBlue’s data center provided through Verizon went down yesterday for a couple of hours. I’m having a really tough time believing there wasn’t adequate fail-over. Hope the FAA is all over this. JetBlue’s customers must have been very angry, frustrated, and worried.

Microsoft ended support for Windows 8 on Tuesday
Yikes! Somehow in all the discussion about Microsoft ending support for all of its Internet Explorer versions except for the most current edition, I missed the end of support for the original Windows 8 as of this week’s Patch Tuesday.

If you updated your system to Windows 8.1, it’s all good. That version is still supported.

App uses wearables to identify love interest based on heartbeat
I am shaking my head as I type this. There’s no hope for humans when we turn over one of the most fundamental human processes over to machines. Is this really even human? Slap on your FitBit, check out your one curated candidate, check your heart rate. If it’s elevated, you reach out to see if they are interested.

Absolutely pathetic. Riddled with flaws. What if a user consumed too much caffeine, or had a stressful day at work, resulting in a tetchy heartbeat? What about all the other non-visual clues we use to identify candidates worth approaching? Ugh. This brave new world sucks.

Make mine with Svedka. Skip the olives, don’t bother with the vermouth. Skål!

Thursday Morning: Fast and Furious Edition

[image (modified): Adam Wilson via Flickr]

[image (modified): Adam Wilson via Flickr]

Insane amount of overseas news overnight. Clearly did not include me winning $1.5B Powerball lottery. Attacks in Jakarta and Turkey are no joke.

Let’s move on.

Some U.S. utilities’ still wide open to hacking
Dudes, how many times do you need to be told your cheese is still hanging out in the wind? Some heads should roll at this point. US government’s Industrial Control Systems Cyber Emergency Response Team’s Marty Edwards sounded pretty torqued about this situation at the S4 ICS Security Conference this week. I don’t blame him; if a utility gets hacked, it’s not like your grandmother’s PC getting held ransom. It means the public’s health and safety are at risk. Get on it.

Your cellphone is listening to your TV — and you
Bruce Schneier wrote about the Internet of Things’ expansive monitoring of consumers, citing the example of SilverPush — an application which listens to your television to determine your consumption habits. Bet some folks thought this was an app still in the offing. Nope. In use now, to determine current TV program listings and ratings. Listening-to-your-consumption apps have now been around for years.

Wonder if our pets can hear all this racket inaudible to humans? Will pet food companies embed ads shouting out to our pets?

But you may be able to hide from devices
…depending on whether you are using location-based services, and if you can use the app developed by Binghamton University. A paper on this technology was presented last month at the Institute of Electrical and Electronics Engineers (IEEE) GLOBECOM Conference, Symposium on Communication & Information System Security. The lead researcher explained the purpose of the app:

“With Facebook, Twitter, LinkedIn and others we provide a huge amount of data to the service providers everyday. In particular, we upload personal photos, location information, daily updates, to the Internet without any protection,” Guo said. “There is such a chance for tragedy if that information is used to in a bad way.”

The app isn’t yet available, but when it is, it should prevent personally identifying location-based data from being used by the wrong folks.

VW emissions scandal: Well, this is blunt
I think you can kiss the idea of nuance goodbye, gang.

“Volkswagen made a decision to cheat on emissions tests and then tried to cover it up,” said CARB chair Mary Nichols in a statement.
“They continued and compounded the lie, and when they were caught they tried to deny it. The result is thousands of tons of nitrogen oxide that have harmed the health of Californians.”

Yeah. That.

The last bits
Nest thermostats froze out consumers after a botched update. (Do you really need internet-mediated temperature controls?)
Phone numbers may become a thing of the past if Facebook has its way. (Um, hell no to the Facebook. Just no.)
Senator Al Franken quizzes Google about data collection and usage on K-12 students. (Hope he checks toy manufacturers like Mattel and VTech, too.)

That’s a wrap, hope your day passes at a comfortable speed.

Wednesday Morning: Wonderful, Just Wonderful

I debated about posting Jonny Lang’s Lie to Me. Nah, we’re lied to every day, might as well ask for the truth for once, even if it’s ugly. The truth is that nothing’s okay though we wish like hell it were otherwise.

That said, let’s forge on into the fraught and frothing fjords…

‘Nope.’ That’s what California Air Resources Board said
Huh-uh, no way, nada — CARB told Volkswagen in response to VW’s proposed recall plans for emissions standard-cheating 2.0L vehicles sold into California. Because:

  • The proposed plans contain gaps and lack sufficient detail.
  • The descriptions of proposed repairs lack enough information for a technical evaluation; and
  • The proposals do not adequately address overall impacts on vehicle performance, emissions and safety

Wonder if CARB’s response will be different with regard to VW’s 3.0L vehicles? Shall we take bets?

Fugly, in multiples — cybersec edition
Ebay’s got bugs, and not just at auction.

Need more than tape to fix this problem with cheap web cameras.

Popular antivirus may pose a hacking threat, patch has been issued. Same antivirus manufacturer has a nifty relationship with INTERPOL, too, to share information about cyberthreats. Wonder if they phoned INTERPOL and said, “Cyberthreat. It me!”

(BTW, I love it when spell check helpfully says, “‘Cybersec’ is wrong, don’t you mean ‘cybersex’?”…um, no.)

General Motors: We won’t sue white hats doing our work for us!
No lawsuits, but don’t expect any rewards for finding vulnerabilities (unlike competitor Tesla’s bug report program).

Big of you, GM. Way to protect your intellectual property and brand at the same time.

The biggest threat to nation’s power grid is S_______
Beady-eyed and focused, slips beneath our radar, gnaws into our electricity transport with annoying frequency, causing hundreds of hours of power outages. Stuxnet? No. Bloody squirrels.

In short, it’s all wonderful this Wednesday. Just wonderful. Pass the Glenmorangie, please.

Tuesday Morning: The Week’s Peak Crey

I cannot with the unexpected engagement picture in my Twitter timeline of news oligarch Rupert Murdoch and model Jerry Hall, on the heels of losing David Bowie and in the wake of El Chapo-Penn. Tell me this is the craziest it will get this week.

D-Day for Microsoft’s earlier Internet Explorer versions
In case you didn’t already know this, Microsoft is slowly killing off its Internet Explorer browser brand, beginning with the end of technical support for all but IE 11.

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10.

Some organizations are still relying on older IE versions — a dicey proposition if other non-Microsoft browsers aren’t compatible with their systems. Get a move on, people.

OMG! Terrorists may use drones!
Hoocoudanode cheap and readily available drones might be repurposed by terrorists for flying IEDs. The breathlessness. Really. But wait, they can be stopped!

“The best defence against the hostile use of drones is to employ a hierarchy of countermeasures encompassing regulatory countermeasures, passive countermeasures and active countermeasures.”

I don’t know about you, but I picture the sky soon dark with counterterror drones, swarming like the air over a northern Michigan road in mayfly season.

Processor troubles
Intel’s Skylake processors run into problems with complex computing, freezing PCs. A BIOS update is being distributed as a fix. But this isn’t the only bug out there. Read this, especially this bit: “…CPUs are now complex enough that they’ve become too complicated to test effectively.”

Hmm. In other words, future shock has moved beyond consumers.

NPR interviewed VW CEO Matthias Mueller
I’m sure Porsche has been wondering what the hell they were thinking, tieing up with Volkswagen. Porsche’s top guy is now tasked with clean up after VW, and he’s struggling. Witness NPR handing Mueller a shovel, and watching as he just keeps digging.

NPR: You said this was a technical problem, but the American people feel this is not a technical problem, this is an ethical problem that’s deep inside the company. How do you change that perception in the U.S.?

Matthias Mueller: Frankly spoken, it was a technical problem. We made a default, we had a … not the right interpretation of the American law. And we had some targets for our technical engineers, and they solved this problem and reached targets with some software solutions which haven’t been compatible to the American law. That is the thing. And the other question you mentioned — it was an ethical problem? I cannot understand why you say that.

NPR: Because Volkswagen, in the U.S., intentionally lied to EPA regulators when they asked them about the problem before it came to light.

Mueller: We didn’t lie. We didn’t understand the question first. And then we worked since 2014 to solve the problem. And we did it together and it was a default of VW that it needed such a long time.

Somebody needs to explain the Law of Holes to Mueller.

Also worth revisiting the definition of crazy today. Carry on.

Monday Morning: So — We Meet Again

[image (modified): Leo Suarez via Flickr]

[image (modified): Leo Suarez via Flickr]

Monday: the bad penny we never escape, turning up once again beneath our cart’s wheels just as we set in motion. Just give a hard shove, push on, and don’t look back.

Volkswagen’s bad news, good news as Detroit’s auto show opens
Bad news first: In news dump zone on Friday afternoon, we heard Volkswagen wasn’t going to release documents pertaining to the emissions control defeat scandal to several U.S. states’ attorneys. VW said it couldn’t due to privacy laws, which sounds dicey; why do corporations have privacy rights? You’d think only U.S. businesses would attempt such excuses.

The good news was held until VW’s CEO Matthias Mueller arrived in U.S. for the soft opening of the North American International Auto Show in Detroit. VW is working on a catalytic converter it believes will resolved the emissions problem for roughly 2/3 of the affected vehicles. I’m guessing this is fix is intended for the oldest vehicles, and that the newest ones are likely to be swapped with a new vehicle, or a sizeable discount on a replacement will be offered. Color me skeptical about the effectiveness of this fix; if this was such an obvious and easy solution, it would already appear on VW’s diesel-powered passenger vehicles. Fuel economy will likely diminish due to increased back pressure — but that’s why I think this fix is for the oldest cars. It would encourage VW loyalists to buy a new one.

Juniper Network shuts the (a?) backdoor
The network equipment company says it’s “dropping” NSA-developed code after the revelation of a backdoor into their network device software. Does anyone believe all covert access by NSA has now been eliminated, though, if Juniper’s source code isn’t open?

Apple’s devices monitoring your emotions soon?
Ridiculously cash-rich Apple snapped up artificial intelligence company Emotient, which makes an application to interpret users’ emotions based on their facial expressions — sentiment analysis, they call it. I call it creepy as hell, especially since smartphone users can’t be absolutely certain their cameras aren’t in use unless they physically cover the apertures.

And yes, I do cover apertures on my devices with low-tack adhesive tape. It’s the first thing I do after opening the box on any new camera-enabled device, even before charging the battery.

That’s enough to get your cart moving. I hope to have a post up later, on the recent power outage in Ukraine.

Friday Morning: Looks Like We Made It!

Looks like we survived the first business week of the year, made it through floods and fire and other apocalyptic events. Can’t imagine what next week will bring at this rate.

Saudi Arabia may sell shares in oil producer Aramco
Listing Aramco could create the most valuable company in the world, worth over a trillion in U.S. dollars. The move may raise cash to pay down some of the Saudi government’s debt, but it opens the oil producer to public scrutiny. Would it be worth the hassle?

With Russia increasingly eating into Aramco’s market share of China, and OECD countries’ oil consumption falling, selling shares in Aramco may not raise enough cash as its revenues may remain flat. Prices for utilities have already been raised within Saudi Arabia, shifting a portion of expenses to the public. What other cash-producing moves might Saudi Arabia make in the next year?

Detroit’s annual Autoshow brings VW’s CEO for more than a visit to tradeshow booth
Looks like Volkswagen’s Matthias Mueller will be tap dancing a lot next week — first at the 2016 North American International Auto Show, which unofficially opens Sunday, and then with the Environmental Protection Agency.

What’s the German word for “mea culpa”? Might be a nice name for a true “clean diesel” vehicle.

Data breaches now so common, court throws out suit
You’re going to have to show more than your privacy was lost if you sue a company for a data breach. Judge Joanna Seybert for U.S. District Court for the Eastern District of New York dismissed a class action suit against craft supplies retailer Michael’s last week, writing that lead plaintiff “has not asserted any injuries that are ‘certainly impending’ or based on a ‘substantial risk that the harm will occur.” Whalen’s credit card had been used fraudulently, but she wasn’t liable for the charges.

Annoyingly, Clapper v Amnesty International USA was used as precedent, much as it had been in last summer’s suit against Home Depot for a data breach. At this rate, retailers will continue to thumb their noses at protecting their customers’ data, though identity theft-related losses amount to more than all other property theft losses combined [pdf].

Don’t forget China: DOJ raids Chinese hoverboard company’s stall at CES 2016
I can’t find any previous examples of law enforcement conducting a raid at a trade show — if you know of one, please share in comments. The Department of Justice’s raid yesterday on Changzhou First International Trade Co.’s booth at CES 2016 doesn’t appear to have precedent. Changzhou’s hoverboard product looks an awful lot like Future Motion’s Onewheel, which had been the subject of a Kickstarter project. The Chinese hoverboard was expected to market for $500, versus the Onewheel at $1500.

Makes me wonder if there are other examples of internet-mediated crowd-funded technology at risk of intellectual property theft.

Pass the Patron. I’m declaring it tequila-thirty early today.

Thursday Morning: Chinese Fortune Not Looking Good

If I was still a practicing Catholic, I’d be tempted to pray to St. Angela of Foligno today, her saint’s day. She was known for walking away from wealth and practicing charity. Given the Chinese stock market’s plummet overnight, St. Angela might be the right guide for this leg of the journey.

China halts stock trading after market sinks more than 7%
Second time this week trading has been suspended in China, with free fall blamed on Chinese currency, lower oil prices, economic slowdown. Some also blame North Korea’s nuclear test, but anecdotes from Pacific Rim region suggest news about the test did not receive the same level of attention across Asia as in U.S. Not much feedback at the time this post was written in news media about response to market by China’s leadership.

Richard Perle’s long tail seen in North Korea
Worth revisiting an analysis on North Korea’s nuclear program written last January by Siegfried Hecker of Stanford University’s Center for International Security and Cooperation (CISAC). I agree with Hecker’s assessment, only surprised he didn’t name Richard Perle specifically for the cascade of diplomatic fail on North Korea that began under the Bush administration.

Self-driving cars, now self-driving passenger drones?
At CES 2016, China’s Ehang Inc. showed off a single-passenger drone, launched by commands entered on a tablet. The drone has no backup controls, which sounds scary as hell for a passenger flying 1000-1600 feet above the ground at +60 miles per hour. I can hear George Jetson screaming, “Jane! Stop this crazy thing!” even now. FAA would be insane to permit these devices in the U.S.

Unnamed sources say VW may buy back polluting cars sold in U.S.
This report could be a trial balloon floated by Volkswagen to see if a buy-back or a hefty discount on a new car will appease U.S. owners of so-called “clean diesel” vehicles. Is this really a satisfactory remedy to fraud?

Rethinking Saudi Arabia’s future in a time of cheap oil
Another worthwhile read, if a bit shallow. It’s time to model not only Saudi Arabia’s future, but a global economy no longer dependent on oil; what risks are there for OPEC countries if they cannot depend on increasing oil revenues? Could political instability spread across Central and South America as it has in the Middle East and Africa? How will climate change figure into the equation, as it has in Syria? And then back to economic unease in China, where the market has reacted negatively to lower oil prices.

I’m out of pocket this morning, will check in much later. Talk amongst yourselves as usual.