Tuesday, January 29, 2019

"The Young People Will Win", at least in busting Apple for a bug (not the NRA this time)

The Young People Will Win (“TYPWW”).  In Arizona, a 14 year old, Grant Thompson, found a vulnerability in Apple’s Face Time, which would allow it to watch a party called even if “they” didn’t pick up.  In the days of party lines, this was called "listening in." 
Heather Kelly has the story on CNN here

Apple will issue a fix this week to all iPhones with an update, which is likely to come as early as Wednesday.  That could fix problems with some other apps (like AOL mail which was dropping connections).
We have 18 years old’s who bust the NRA. 16 years olds who have to navigate perilous personal encounters that go viral given social context, and 14 year-olds who bust Apple.  But another 14 year old developed a fusion reactor and 15 year old invented a new cancer lab test.  I’ve seen other less public things, like a 16 year old direct a church play. 

Sunday, Cal Newport had written a piece in the NYTimes indicating that Steve Jobs had never intended us to be so addicted to our phones with constant social media, news and email.  I didn't have Internet on mine until 2009 as I remember (on a Blackberry then). 

Monday, January 28, 2019

Two-factor authentication is not foolproof

Josephine Wolff in the New York Times warns today that “two-factor authentication might not keep you safe.” 

The main scenarios are phishing attacks with convincing replicas of real sites.
But now industry is moving toward the idea of a physical stub with a rotating access code to be inserted into a UBS drive.

Monday, January 14, 2019

What does browser incognito mode accomplish? What about TOR?

Do you really need to “worry about” using ingonito mode on your browser (when your spouse uses it)?  

Here’s a good answer from Quora.

Yes, if you look up information on how to commit a crime, on porn, on terrorism, on fetishes – one of the respondents says, “I’m a writer, what can I say?”

Maybe that’s a relevant answer in this area where independent content creation is coming under attack from radicals on both sides.

It’s possible that in the future law enforcement will scan cloud backups even more than it can today.

The other objection is that it will lead to the serving of ads on your “family computer” that you don’t want your spouse or the kids to see.
Thorin Klowowski gives a discussion of what the use of a TOR browser (“the Onion browser”) accomplishes for the average user.  It does provide “anonymity” but not real “security”.  And it is possible for very determined law enforcement (or the NSA) to crack it, so overuse of it could call attention to illegal motivations and weaken a claim of credibility should improper online behavior come to notice in other means (especially in civil cases).  Electronic Frontier Foundation has encouraged ordinary bloggers and vloggers to learn to use it, however, even in democratic, western countries. 

Monday, January 07, 2019

Verizon hotspot and microarchitectural incontinence

On an Amtrak train, my laptop connected to somebody else’s hotspot before connecting to mine.  It even offered an automatic connection, which it should not do if I’ve never supplied a correct pw.  A flaw in Verizon software?  In Windows 10 security? 

Train was at a station, might have been someone’s house near the tracks. Maybe they didn’t set a pw?

No, I do not hack.

Some “microarchitetural incontinence”, as Daniel Gruss would say.

Wednesday, January 02, 2019

HP makes a short "horror" film about printer security

Hewlitt-Packard sent out a tweet this morning about printer security, with the main link here

It’s pretty understandable if you use your printer as a 3-in-1 and send old-fashioned faxes. 
But this seems to be more about enterprise printers on small business networks.

Here is their little short film, “The Fixer: The Wolf’s Next Meal”.

Business film does keep some independent filmmakers employed.  I remember that in the 1990s a friend wrote an article called "printer therapy" in a tech magazine.