Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether … for Facebook.
These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them – or to a particular one we don’t like. Or we can spread our allegiance around. But either way, it’s becoming increasingly difficult to not pledge allegiance to at least one of them.
Nice essay and a useful metaphor. Worth reading in full.
So raspberry Pi ships with a) sshd on b) root login on sshd on c) the same default password on every Pi – doh! Do not plug in your pi to a net before changing at least one of the above, or you will, like a famous professor in the computer lab last week, get hacked, and deserve to be:)
Noted! (I’ve just ordered a new Raspberry Pi to replace the one that died on me.)
Most of the iCloud users of my acquaintance seem very happy with it. No more worrying about back-ups, or having out-of-date calendars on different devices. In return for an annual subscription, the great Church of Apple takes away the existential angst about data security that plagues less fortunate folks. And for as long as they stay within the enfolding arms of the Church, that blissful state will continue. That this is rather too good to be true should have been obvious to even the meanest intelligence, but it took a personal disaster last week finally to explode the illusion that single-church, cloud-based systems are the answers to everyone’s prayers.
The victim was a well-known technology journalist and iCloud subscriber named Mat Honan…
Lots of good stuff about this topic on the Web — for example this piece by Bob Cringely.
One of the chapters in my new book (out on Thursday next though Amazon seems to be already selling the Kindle edition) is about the potential of computing and network technology to create systems for perfect surveillance and control. I’ve argued that the threat comes from two directions: one is the Orwellian one that we all know about; the other comes from companies like Apple and Google and Facebook. In both cases the connivance — tacit or active – of democratic governments is required. This anguished piece by Thom Holwerda suggests that the penny has dropped for him.
Here we are, at the start of 2012. Obama signed the NDAA for 2012, making it possible for American citizens to be detained indefinitely without any form of trial or due process, only because they are terrorist suspects. At the same time, we have SOPA, which, if passed, would enact a system in which websites can be taken off the web, again without any form of trial or due process, while also enabling the monitoring of internet traffic. Combine this with how the authorities labelled the Occupy movements – namely, as terrorists – and you can see where this is going.
In case all this reminds you of China and similarly totalitarian regimes, you're not alone. Even the Motion Picture Association of America, the MPAA, proudly proclaims that what works for China, Syria, Iran, and others, should work for the US. China's Great Firewall and similar filtering systems are glorified as workable solutions in what is supposed to be the free world.
The crux of the matter here is that unlike the days of yore, where repressive regimes needed elaborate networks of secret police and informants to monitor communication, all they need now is control over the software and hardware we use. Our desktops, laptops, tablets, smartphones, and all manner of devices play a role in virtually all of our communication. Think you’re in the clear when communicating face-to-face? Think again. How did you arrange the meet-up? Over the phone? The web? And what do you have in your pocket or bag, always connected to the network?
This is what [Richard] Stallman has been warning us about all these years – and most of us, including myself, never really took him seriously. However, as the world changes, the importance of the ability to check what the code in your devices is doing – by someone else in case you lack the skills – becomes increasingly apparent. If we lose the ability to check what our own computers are doing, we’re boned.
Thom also points to Cory Doctorow’s chilling talk at the Chaos Computer Congress in Berlin, entitled “The coming war on general computation,” which sets things out pretty clearly.
(Transcript here for those who are too busy to watch all the way through.)
One of the most depressing things now is the discovery that Obama seems not just clueless and passive about this stuff, but that — when push comes to shove — he really sides with the forces of darkness. If SOPA ever makes it through Congress, for example, my guess is that he will sign it. After all, as Thom points out, he signed the NDAA 2012.
Any new Windows 8 PC will have Secure Boot switched “ON” when it leaves the shop and will be able to boot Microsoft approved software only. However, you will most likely find that your new PC has no option for you to add your own list of approved software. So to install Linux (or any other operating system), you will need to turn Secure Boot “OFF”.
Hmmm… I wonder how many computer users will know how to do that — or understand why it might be necessary to do it. Canonical (the company behind Ubuntu) wonders about that too:
Even with the ability for users to configure Secure Boot, it will become harder for non-techie users to install, or even try, any other operating system besides the one that was loaded on the PC when you bought it. For this reason, we recommend that PCs include a User Interface to easily enable or disable Secure Boot and allow the user to chose to change their operating system.
I’ve been wondering about the implications of LinkedIn (which one of my mates calls “Facebook for job-seeking suits”), and then came on this in an excellent piece by Patrick Kingsley in today’s Guardian.
“One of the first places a hacker will visit is LinkedIn,” says [Rik] Ferguson. [Director of security research at computer protection firm, TrendMicro.] “What do we do on there? We make our entire CV available for the world to see. You can see everywhere I’ve worked in the past. You can see all my connections, see everyone I’ve worked with, everyone I know. So a hacker can assume one of those people’s identities and reference things that have happened in my professional life. And I’m far more likely to open an attachment from your email, because it’s far more credible.”
Spot on. Wonder if all the people who stampeded to get in on the LinkedIn IPO thought about that.
Much to the annoyance of some of my consultancy clients and my bank — and the amazement of friends (“What? Call yourself a technology columnist and not use Internet banking!!!”) — I don’t use online banking for the simple reason that I don’t think it’s secure. So this report from Good Morning Silicon Valley is grist to my mill.
The high-profile cyberattacks continue: Citigroup has been hacked, too, it told the Financial Times Wednesday. The May attack allowed hackers to access the names, account numbers and contact information of about 200,000 North American customers of the company, according to Reuters. Citigroup says other information such as card security codes, expiration dates and customers’ Social Security numbers are kept elsewhere and were not accessed.
While the FT quoted a Gartner analyst who said that “for the actual breach to happen at a bank is a very big deal,” because banks’ online systems are usually more secure, Federal Deposit Insurance Corp. Chairman Sheila Bair said this morning that banks are frequent targets, according to the Reuters article. Bair said the FDIC may push banks to improve their online-security measures.
On a related note, and in case you missed it: What does happen when your bank gets hacked and your money is stolen? According to a judge’s ruling in one case in Maine, the bank can only do so much. Wired’s Threat Level blog reports that a construction company that fell victim to a password-stealing Trojan on an employee’s computer is out of luck in trying to recover about $300,000 from Ocean Bank. While Magistrate Judge John Rich agreed that the bank could stand to have a more secure authentication system, he said the law does not require it to have such a system, and that its system is comparable to that of other banks.
Who’d have thought that the humble USB-drive could be so useful? First, it turns out that it’s the distribution medium for the Stuxnet worm. And now we find that it was a key element in Osama Bin Laden’s comms system. Here’s The Register’s version:
Osama bin Laden didn’t have a phone or internet connection, but for years he was a prolific user of email who frustrated Western efforts to track him by saving messages to a thumb drive and having them sent from a distant internet cafe, the Associated Press reports.
The process was so tedious that even veteran intelligence officials have marveled at the al-Qaida chief’s ability to maintain it for so long, the news service said. Bin Laden would type the messages on a computer that had no connection to the outside world and then instruct a trusted courier to drive to a cafe so they could be emailed. The courier would then save messages addressed to bin Laden to the same drive and bring it back so his boss could read them offline.
US Navy Seals seized roughly 100 flash memory drives when they killed bin Laden at his Abbottabad, Pakistan, compound a week and a half ago. Officials told the AP they “appear to archive the back-and-forth communication between bin Laden and his associates around the world.” The cache of messages is so big that the government has enlisted Arabic speakers from around the intelligence community to pore over them.
The New York Timesaccount of OBL’s daily life in his walled compound suggests that the lifestyle of a terrorist mastermind leaves something to be desired. He didn’t even have a guy to tidy up his power cables.
Recently the US Department of Homeland Security contacted Mozilla and requested that we remove the MafiaaFire add-on. The ICE Homeland Security Investigations unit alleged that the add-on circumvented a seizure order DHS had obtained against a number of domain names. Mafiaafire, like several other similar add-ons already available through AMO, redirects the user from one domain name to another similar to a mail forwarding service. In this case, Mafiaafire redirects traffic from seized domains to other domains. Here the seized domain names allegedly were used to stream content protected by copyrights of professional sports franchises and other media concerns.
Our approach is to comply with valid court orders, warrants, and legal mandates, but in this case there was no such court order. Thus, to evaluate Homeland Security’s request, we asked them several questions similar to those below to understand the legal justification:
* Have any courts determined that the Mafiaafire add-on is unlawful or illegal in any way? If so, on what basis? (Please provide any relevant rulings)
* Is Mozilla legally obligated to disable the add-on or is this request based on other reasons? If other reasons, can you please specify.
* Can you please provide a copy of the relevant seizure order upon which your request to Mozilla to take down the Mafiaafire add-on is based?
To date we’ve received no response from Homeland Security nor any court order.