*Science* (the magazine published by the American Association for the Advancement of Science. in contrast with lower-case *science* (the discipline regarded as the state of knowing—knowledge as distinguished from ignorance or misunderstanding) [although the AAAS magazine does a remarkable job of blending the two together] has just published a very timely special issue on The End of Privacy. This issue includes an extraordinary compilation of articles: Introduction: * Big data and the Internet are empowering researchers and the public -- but endangering privacy News: * Unmasked * When your voice betrays you * Breach of trust * Game of drones * Risk of exposure * Could your pacemaker be hackable? * Hiding in plain sight * Trust me, I'm a medical researcher * Camouflaging searches in a sea of fake queries Perspectives: * Control use of data to protect privacy (Susan Landau) * What the right to be forgotten means for privacy in the digital age (A.L. Newman) Review: Privacy and human behaviour in the age of information (A. Acquisti et al.) plus more items, and an encrypted URL that you might want to decode... RISKS readers will find some extraordinarily well-researched background here. Most if not all of it appears to be online.
In a time when more and more traffic is encrypted to protect privacy and security, the District of Columbia is turning *off* the encryption in the radios used by emergency responders, due to interoperability problems. Encryption had been turned on for emergency responders after the 2013 Navy Yard rampage, when it's possible that the shooter was listening in to those searching for him. http://www.washingtonpost.com/local/dc-politics/new-dc-mayor-to-end-controversial-encryption-of-firefighter-radios/2015/02/10/4aa741b8-b19f-11e4-886b-c22184f27c35_story.html D.C. Mayor Muriel E. Bowser's administration announced Wednesday that the District will abandon its new system of encrypting radio communications among firefighters and paramedics. The District's encryption came under intense scrutiny last month when Metro officials said they found changes to firefighter radio settings related to encryption following a widespread radio failure during Metro'ss fatal Jan. 12 smoke incident. In that incident, D.C. firefighters could not communicate with supervisors above ground when they learned that a train was trapped in a smoke-filled tunnel south of the L'Enfant Plaza station with more than 200 passengers aboard. D.C. firefighters and the city's homeland security agency have disputed that encryption played any part in the radio failure. [...] The District began work to encrypt its radio transmissions after the 2013 rampage at the Navy Yard. The shooting that left 12 dead prompted a dangerous search by police as they hunted the gunman before fatally shooting him. Although communication involving federal and local police agencies could not be heard by outsiders, the fire department scanner—widely available over the Internet—provided an account of some of the behind-the-scenes activities. Firefighters were not in the building when the manhunt was underway. [...]
PGN correctly identified a number of problems with the existing "twentieth century" voting system. Installing an electronic voting system that has been vetted through open-source inspection won't fix those problems, but it also won't make them worse. But the problem with *any* computerized voting system is much bigger than just the (application) code of the voting machines and tabulation system. A few other questions suggest themselves: 1. How do we know that the code running on the voting machines is the code that we inspected? 1a) Is there a bug (intentional?) in the compiler? 1b) How do we make sure that the people in charge of deploying the voting machines installed the publicly-vetted software on them, rather than some other software that does what _they_ want? 2. What about the underlying OS? Windows? Would you trust Windows with your vote? Linux is open source, but still... how do you know that the version on the machines is the version we vetted? 3. Same questions re the firmware installed by the machines' manufacturer(s)? Insert malware into the boot program and you can do anything you want. In general, are we going to go around and let random people inspect the machine's RAM/Flash, OS, and installed code (IN BINARY) for malware and to make sure that what we saw is really what we got? There are only two ways to ensure(*) that the votes are counted correctly: A. Use something physical—a piece of paper, a card, whatever—that the voter can see go into a ballot box and the various parties with an interest in the outcome can watch the ballot boxes be transferred to the counting center. Then occasionally and at random insert fake precincts into the process, whose counts are known in advance, and make sure that they are counted correctly(+). Then subtract those known counts from the final results. B. Issue a receipt of some sort to the voter, which he can check against the final results to make sure his vote was counted. I've seen proposals for a system like that, where a voter is given a three-part ballot to mark; he deposits two parts and keeps one. He can later use the one he kept to verify his vote. [That's from Ron Rivest. PGN] But any system that allows a voter to verify that his vote was counted correctly can _also_ be used by somebody who wants to make sure the vote was cast the way the voter was paid (or threatened) to vote. If I'm going around buying votes, I can have everybody bring me their part of the three-part ballot and I can make sure they voted the way I wanted, before I paid them. Or if I'm planning to fire anybody who voted for a Democrat (or Republican, or Peace and Freedom...), I can demand they bring their ballots for me to check. As with many other human endeavors, there is *no* perfect system. We either take a chance on some votes being miscounted, or we allow for the possibility of vote-buying/coercion. (*) In so far as we can be sure of *anything* when the stakes are so high and there are so many people with an interest in the outcome and no sense of personal ethics. (+) You have to make the fake precincts look similar to real ones, so that the software won't be able to tell if it's counting a real one or a fake one. Also, you have to randomly generate the ballots from the fake precincts every election, so that the software makers can't predict what the
You all must have seen the news "Dashcams capture dramatic footage of Taiwanese plane crash". Gee, one of those things pointed inward could perhaps help answer which pilot pushed which button. Well why aren't cockpit image recorders standard along with cockpit voice recorders yet? Oh, Why pilots dislike being on cockpit cam http://www.wired.co.uk/news/archive/2014-07/11/mh370-cockpit-camera http://usgovinfo.about.com/od/technologyandresearch/a/cockpitcams.htm Pilots Blast NTSB on Cockpit Video Cameras Call cameras "fool's gold" of crash investigation Investigating Airline Accidents: Cockpit Video is not the Answer https://www.alpa.org/portals/alpa/pressroom/inthecockpit/CockpitVideo.htm
Andy Greenberg, *WiReD* News, 11 Feb 2015 SyScan security researcher Jacob Torrey has developed Hardened Anti-Reverse Engineering Systems (HARES), a scheme that encrypts software so it is only decrypted by the computer's processor at the last possible moment before the code is executed. Torrey says the HARES scheme prevents reverse-engineering tools from reading the decrypted code as it is being run. "It protects software algorithms from reverse engineering, and it prevents software from being mined for vulnerabilities that can be turned into exploits," he says. HARES uses a hardware trick called a Translation Lookaside Buffer (TLB) Split, which segregates the portion of a computer's memory where a program stores its data from the portion where it stores its own code's instructions. HARES keeps everything in that "instructions" portion of memory encrypted so it can only be decrypted with a key that is stored in the computer's processor. "You can specifically say that encrypted memory shall not be accessed from other regions that aren't encrypted," says Lab Mouse Security researcher Don Andrew Bailey. Many hackers use a reverse-engineering technique called "fuzzing," which involves entering random data into the program with the goal of causing it to crash, and then analyzing the crashes to locate more serious exploitable vulnerabilities. However, Torrey notes using that technique on a program encrypted with HARES would render the crashes completely unexplainable. http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-d5d1x2c669x062019&
Dian Schaffhauser, *Campus Technology*, 9 Feb 2015 A bipartisan bill introduced by legislators in Washington State would count two years of computer science toward the foreign language requirement for purposes of admission into college in the state. A similar effort in Kentucky last year cleared the state's Senate and is now undergoing further work before the House educational subcommittee. Only 40 percent of high schools count credits earned in a computer science class toward requirements, while the rest treat such courses as electives, according to a recent study by the Computer Science Teachers Association (CSTA). In the report, CSTA recommends counting computer science courses toward graduation requirements. The proposal to expand computer science education would help prepare students for jobs in high tech, says Washington state legislator Chris Reykdal, co-sponsor of the bill. "It strikes me that we don't give kids a meaningful shot in getting some computer science basics before they go to university," he says. Co-sponsor Chad Magendanz also is promoting a bipartisan proposal to expand computer science education to ready students for careers in high tech. "If we give more children access to computer science learning now, they'll have greater opportunities in the future," he says. http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-d5d1x2c66ax062019&
Ars via NNSquad http://arstechnica.com/business/2015/02/att-charges-29-more-for-gigabit-fiber-that-doesnt-watch-your-web-browsing/ "AT&T's gigabit fiber-to-the-home service has just arrived in Kansas City, and the price is the same as Google Fiber--if you let AT&T track your Web browsing history."
http://www.nytimes.com/2015/02/15/magazine/how-one-stupid-tweet-ruined-justine-saccos-life.html The unique 21st-century misery of the online shaming victim.
BBC News (02/13/15) Pallab Ghosh via ACM TechNews, 13 Feb 2015 Former ACM president Vint Cerf, one of the pioneers of Internet technology and now a vice president and Chief Internet Evangelist at Google, worries about a forthcoming "digital Dark Age" in which the rapid pace of technological advancement will leave behind mountains of data people will no longer be able to access. "Old formats of documents that we've created or presentations may not be readable by the latest version of the software because backwards compatibility is not always guaranteed," Cerf said at the recent annual meeting of the American Association for the Advancement of Science. Cerf's proposed solution to the problem is taking an "X-ray snapshot" of data, which includes not just the information but also descriptions of the application, operating system, and hardware it runs on. He says this digital snapshot would then be uploaded to the cloud where it could, in theory, live on in perpetuity. Cerf says ensuring such data could be read by future generations will require a standardized description, which he calls "digital vellum." He notes such techniques already have been demonstrated by Carnegie Mellon University's Mahadev Satyanarayanan. Cerf says the technique is "not without its rough edges, but the major concept has been shown to work." http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-d5d1x2c664x062019& [Matthew Kruk noted http://www.bbc.com/news/science-environment-31450389 PGN]
E&T via NNSquad http://eandt.theiet.org/news/2015/feb/vint-cerf-digital-data.cfm This is an area of continuing serious anxiety. I touched on it in CACM (1999): http://www.csl.sri.com/users/neumann/insiderisks.html#105 ["Bit-Rot Roulette"]. Interestingly, some of the most forward-looking work in this area is being done by AMPAS - The Academy of Motion Picture Arts and Sciences (the Oscar folks), who are rightly very concerned about preserving motion picture production and distribution assets in a digital world.
Saarland University, 10 Feb 2015 Researchers at Saarland University's Center for IT-Security, Privacy, and Accountability (CISPA) have found that anyone can call up or modify several million pieces of customer data online, including names, addresses, and emails, because of a misconfigured open source database upon which millions of online stores and platforms base their services. Three CISPA students were able to demonstrate this vulnerability for 40,000 online databases in Germany and France. If the operators stick to the defaults in the installation process and do not consider important details, the data is available online and completely unprotected, according to the CISPA researchers. The flaw currently affects 39,890 online databases. "The databases are accessible online without being protected by any defensive mechanism," says Saarland professor Michael Backes. "You even have the permissions to update and change data. Hence we assume that the databases were not left open on purpose." The researchers informed the database vendors, as well as international computer emergency response teams. "A database unprotected like this is similar to a public library with a wide open entrance door and without any librarian," Backes warns. "Everybody can enter." http://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_5-d5d1x2c66fx062019&
Brian Jackson, *IT Business*, 11 Feb 2015 OpenDNS Security Labs found an elaborate phishing campaign targeting users of the popular online payments processor PayPal, involving several fake websites set up with the intent to steal information. http://www.itbusiness.ca/article/opendns-sounds-warning-on-the-most-sophisticated-paypal-scam-yet
Lucian Constantin, InfoWorld, 6 Feb 2015 XOR.DDoS is distributed through SSH brute-force password guessing attacks http://www.infoworld.com/article/2880196/security/ddos-malware-for-linux-systems-comes-with-sophisticated-custombuilt-rootkit.html opening text: A malware program designed for Linux systems, including embedded devices with ARM architecture, uses a sophisticated kernel rootkit that's custom built for each infection.
Ars via NNSquad http://arstechnica.com/security/2015/02/google-updates-disclosure-policy-after-windows-os-x-zero-day-controversy/ "In a blog post today, the Google Security team announced changes to policies on full disclosure of bugs found by Project Zero, the security research team that uncovered zero-day vulnerabilities recently revealed in Microsoft's Windows 8.1 and Apple's OS X operating systems. Those disclosures, which were made 90 days after Google alerted Microsoft and Apple in accordance with Project Zero's strict release policy, stirred controversy because they had not yet been patched--and gave attackers time to leverage them before Microsoft and Apple distributed fixes." An appropriate introduction of some flexibility in this regard. Good.
[Remember when URLs were fairly short? This is actually a shortened version. The one with the tracking code is about half again as long.] Woody Leonhard, *InfoWorld*, 12 Feb 2015 If you were unlucky enough to install KB 2920732, there's no way to uninstall it. http://www.infoworld.com/article/2883639/patch-management/microsoft-yanks-kb-2920732-patch-for-killing-powerpoint-2013-on-windows-rt-with-error-0xc0000428.html
Woody Leonhard, InfoWorld, 13 Feb 2015 Cisco verifies that installing KB 3023607 may lead to 'Failed to initialize connection subsystem' errors with AnyConnect VPN http://www.infoworld.com/article/2883756/security/microsoft-s-ssl-3-0-poodle-busting-patch-kb-3023607-breaks-cisco-s-popular-vpn-client-anyconnect.html
Woody Leonhard, InfoWorld, 10 Feb 2015 The Black Tuesday patches have been out for just a few hours, and there are multiple reports about KB 3001652 freezing and/or failing with error 0x80070659 http://www.infoworld.com/article/2882348/patch-management/visual-studio-patch-rollup-kb-3001652-causes-widespread-freezing-problems.html
Lucian Constantin, InfoWorld, 3 Feb 2015 The flaw can be used to steal authentication cookies and inject rogue code into websites. http://www.infoworld.com/article/2879127/security/dangerous-ie-vulnerability-opens-door-to-powerful-phishing-attacks.html opening text: An Internet Explorer vulnerability lets attackers bypass the Same-Origin Policy, a fundamental browser security mechanism, to launch highly credible phishing attacks or hijack users' accounts on any website.
In the Can't Win for Losing Department: Gregg Keizer, Computerworld, 12 Feb 2015 Mozilla has detailed plans to require Firefox add-ons to be digitally signed, a move meant to bear down on rogue and malicious extensions http://www.infoworld.com/article/2883798/web-browsers/mozilla-reveals-firefox-add-on-lockdown.html opening text: Mozilla yesterday detailed plans to require Firefox add-ons to be digitally signed, a move meant to bear down on rogue and malicious extensions, and one that resembled Google's decision years ago to secure Chrome's add-on ecosystem. Some Firefox users called out Mozilla for disregarding its own long-and-often-expressed ethos of the need for an open Internet.
> Depending on consumers to keep backup systems running is a recipe for > utter disaster. I agree, but there's a bit of a conundrum here. For people who are getting Plain Internet Service, regulators have already pretty much put the cable modem/router/access point/whatever on the customer side of the demarc (which is why you can buy your own cable modem and avoid the outrageous rental charge). When you add phone to the equation, suddenly that customer-side box is also responsible for E911 and general disaster service, and you have the problem Lauren points out. (This, by the way, is why I've thus far declined my ISP's offer to "upgrade" my cable modem at my own risk and expense so as to provide free wifi for their other customers. If something in the configuration process were to take out my phone service, I would have no 911 capability until they got around to sending a tech and charging me to fix whatever was wrong.) With Title II regulation of Internet service in general, it may be possible for the FCC to simply mandate that all boxes sold for home Internet or VOIP use be equipped with appropriate power backup. But if that happens I expect a huge outcry from the same folks who don't like wearing seatbelts or motorcycle helmets. This is what happens when you "upgrade" the leaf nodes of your national telecom infrastructure to pure digital without thinking about the details.
[Very long item, but a fairly strong compilation of ideas. PGN] How to most effectively deter defect escape from a software ecosystem? Criminal or civil penalization of system administrators and their management? Why not penalize the stockholders for investing in a software factory run by individuals unqualified to even run a pet shop? Why not penalize the consumer for trusting their information with a brand that 'they should have known better about'? What's a cure, partial or complete, for the justifiable erosion of confidence in an Internet economy? Stricter life cycle exit criteria enforcement? More rigorous testing? Certified software engineering training, including software safety and formal specification? Conscientious management and leadership, schooled in ethics and technologically prescient and informed about when to "go live" or not? Why not require each factory to publicly disclose their defect discovery and repair throughout the life cycle? This measure can be used by consumers for comparative shopping, enumerating dependencies on open source, and reassure about their processes leading to publication, a software factory "Consumer Reports" guide? What about passing a law that eliminates manufacturer indemnification from the software use license? Civil or criminal legislation that deters publication possibly infringes corporate free speech. Organizational neglect for a rigorous editorial life cycle (from requirements through release) is routinely experienced by all consumers. When intellectual property, especially and particularly software, is commonly treated like used tissue paper, a lowest common denominator publication will readily materialize. 'Agile' has become a euphemized excuse to accelerate release defect density injection and intensify production escape potential. Perhaps a law should be passed that assigns full and lifetime accountability to individual software factory contributors for their escaped defects. To ensure enforcement, penalize everyone in the organization, doubled per management layer, for each breech of public confidence and trust erosion arising from the escape. This pyramidal penalization scheme would quickly bankrupt the personnel of any for-profit software factory, exponentially depleting fortunes. A possible deterrent might be found in the IEEE Code of Ethics. It states, in part, do no harm. The Code implies that product life cycle participants doubting release fitness and readiness stand up to management "to avoid injuring others, their property, reputation, or employment by false or malicious action." This means that factory participants object, gain alignment to fix what's broken given prioritization and severity, and ensure corrective closure. Or, if necessary, walk-off the job rather than sustain employment within an ethically compromised factory. A tough decision for those who depend on it for their livelihood. IEEE membership imbues ethical obligations, a professional duty to respect the Code and conduct oneself accordingly. Those who elect to remain silent in light of weak, dangerous, or ambivalent factory practices that compromise ethics and render public outrage might be subject to e-profile shame, a demerit counter notably absent from Linked or Facebook e-profiles. A herd-immunity to defect escape might evolve which vaccinates the Internet more effectively than any monetary incentive or group-think pressure. Alternatively, a collective professional action, a unionized protest and work stoppage, might forestall promotion of ill-fitting and trust-eroding publications into the Internet economy. Imagine if everyone who authors software "dropped their pencils" for a day in protest, including financial or medical institutions? Would a world-wide "Occupy" movement for software safety, privacy and security influence public awareness of our technological precipice? It may induce management to account for and reinforce ethical software engineering conduct. A certain temporary suppression of defect escape might materialize on the day of protest. Software engineering discipline is substantially weakened by individuals who are ethically irresponsible towards their customers, products, and the organization they associate with. This myopic ethical conduct compromises civil society, weakens our engineering profession, and compounds Internet fragility. Hardcore capitalists promote the idea that the marketplace should solely decide winners and losers. Technology industrial governance dominated by this mindset breeds to promulgate 'covert institutionalized violence.' This practice disenfranchises more worthy social interests over a select few: Specifically, corporate data breeches flourish while individual e-profiles and identities are victimized with impunity. Where are the Darwin Awards for these irresponsible organizations? Consumer Internet experience is today analogous to that found in financial markets where profit is privatized and risk is publicly shared. Our e-profiles and identities are monetized and exploited for private enrichment, but individuals bare the expense of indiscriminate theft, credit repair, and violation of privacy. The time has come to implement a "Technology Safety, Privacy and Trust Erosion Day" to promote the interests of a citizen's right to privacy and security, to commemorate e-profile and identity ownership preservation, dignity, respect, and the right to be left alone. Richard M. Stein <email@example.com>
Please report problems with the web pages to the maintainer