Nothing’s driving the acquisition of data faster than, well, driving. As new technology makes its way into vehicles, so does the apparent desire to harvest information about the vehicle itself. Between the outside harvesting (automatic plate readers that gather plate/location data, as well as photos of vehicle occupants) and the “inside” transmissions, there’s very little any number of unknown entities won’t know about a person’s driving habits. And that’s not even including what’s transmitted and collected by drivers’ omnipresent smartphones and their installed apps.
Sen. Edward Markey has expressed some alarm at the amount of data being collected (and distributed) by vehicle manufacturers. His office has produced a report [pdf link] showing that while many manufacturers are involved in collecting data, very few of them seem concerned about the attendant risks. Even worse, many respondents to his office’s questionnaire seem to show very little understanding of the underlying technology and most have not made an effort to fully inform customers as to how much is being collected or how it’s being distributed.
Drivers of today’s connected cars aren’t going to like the report’s findings.
Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
While some basic security measures have been implemented, the fact remains that transmitting data always poses a risk. Three of the 14 manufacturers that responded to Markey’s questions had actually let their security measures stagnate or decrease from 2013 to 2014, even as the amount of data transmitted rose. Worse, many of the respondents deployed security measures in a “haphazard and inconsistent” fashion, and nearly all respondents seemed unable to fully process the questions posed by Markey’s office.
Category Archives: Security
Cars Are Delivering Tons Of Driving Data To Manufacturers With Minimal Security And Even Less Transparency
Sen. Ron Johnson (R-WI) explained in November the Treasury Inspector General reported that it had recovered almost 80,000 missing emails from the seized IRS disaster recovery tapes. Upon investigation it was found approximately 80 percent are duplicates, which leaves roughly 16,000 recovered, unique Lois Lerner emails.
The Wisconsin senator promised “a number of committees,” working together will spend the next couple of month “sorting through” the emails to “piece together this plot.”
Johnson said, “This administration has been completely opaque. But that’s one question. Who was communicating with Lois Lerner? What emails were exchanged with the White House or Treasury department? That’s what we are trying to get to the bottom of.”
He added, “I smell a rat. I smell a number of rats, and that’s what we are going to get to the bottom of.”
With the news that the National Gallery in the UK has rescinded its long-standing “no photographs” rule, it appears that another opportunity for incidental and accidental infringement has been unleashed upon people in the UK. The National Gallery apparently realized that with everyone carrying a smartphone these days (and the fact that it offers free WiFi that it encourages patrons to use), it became kind of ridiculous to try to block photographs while encouraging people to use their phones to research the artwork they were looking at.
However, the original notice noted that “temporary” exhibits will still have restrictions on photography “for reasons of copyright.” But, as IPKat notes above, it’s not clear why that should only apply to the temporary exhibits, since many of the permanent exhibit works are still under copyright as well (though the museum itself might also hold the copyright on many of those works). Either way, IPKat wonders if merely including a piece of copyright-covered artwork in the background of a photo — such as a selfie — might lead to claims of infringement. While some countries have freedom of panorama laws** that say it’s okay to represent artistic works on public display, that apparently does not apply to paintings (though it does apply to sculptures).
In the end, it appears that while it may be unlikely to get sued over taking a selfie in the National Gallery, if you’re the extra cautious type, you might want to avoid it for fear of yet another ridiculous copyright claim. As IPKat notes, the caselaw is at least ambiguous enough that if someone wanted to go after you for your selfie with fine art, you might be in trouble. That this end result is ridiculous and kind of stupid isn’t really discussed in the piece, but seems rather obvious. Yes, it may be unlikely that a lawsuit will come out of it, but we’ve seen sillier lawsuits in the past, and I doubt it would surprise many if this new policy also results in a lawsuit down the road. Because that’s just the way copyright works.
Former top government officials who have been warning Washington about the vulnerability of the nation’s largely unprotected electric grid are raising new fears that troops from the jihadist Islamic State are poised to attack the system, leading to a power crisis that could kill millions.
“Inadequate grid security, a porous U.S.-Mexico border, and fragile transmission systems make the electric grid a target for ISIS,” said Peter Pry, one of the nation’s leading experts on the grid.
Others joining Pry at a press conference later Wednesday to draw attention to the potential threat said that if just a handful of the nation’s high voltage transformers were knocked out, blackouts would occur across the country.
“By one estimate, should the power go out and stay out for over a year, nine out of 10 Americans would likely perish,” said Frank Gaffney, founder and president of the Center for Security Policy in Washington.
At the afternoon press conference, Gaffney dubbed the potential crisis the “grid jihad.”
A lack of electricity would shut off water systems, impact city transportation services and shutdown hospitals and other big facilities. Fresh and frozen foods also would be impacted as would banks, financial institutions and utilities.
Pry provided details of recent attacks on electricity systems and said that ISIS could easily team with Mexican drug cartels to ravage America.
As it turns out, the scanners are actually pretty easy to fool.
On Thursday, security researchers from UC San Diego, the University of Michigan, and Johns Hopkins presented results from a months-long study that show how someone can hide weapons from the scanners through a number of simple tricks. From using Teflon tape to cover an object or just strategic placement of an object around the body, to more cunning approaches like installing malware onto the scanner’s console, a person could get away with a concealed weapon or explosive with little trouble.
Although the scanners the researchers tested – the Rapiscan Secure 1000 machines – haven’t been used in airports since 2013, they are still widely used in federal buildings like jails and courthouses. It cost taxpayers over $1 billion to have them installed in more than 160 airports.
Wired has more details on the study. One of the more striking aspects is how the researchers approached their testing, which differs from past experiments:
Unlike others who have made claims about vulnerabilities in full body scanner technology, the team of university researchers conducted their tests on an actual Rapiscan Secure 1000 system they purchased on eBay. They tried smuggling a variety of weapons through that scanner, and found—as [blogger Jonathan] Corbett did—that taping a gun to the side of a person’s body or sewing it to his pant’s leg hid its metal components against the scan’s black background. For that trick, only fully metal guns worked; An AR-15 was spotted due to its non-metal components, the researchers report, while an .380 ACP was nearly invisible. They also taped a folding knife to a person’s lower back with a thick layer of teflon tape, which they say completely masked it in the scan.
John Napier Tye is speaking out to warn Americans about illegal spying. The former State Department official, who served in the Obama administration from 2011 to 2014, declared Friday that ongoing NSA surveillance abuses are taking place under the auspices of Executive Order 12333, which came into being in 1981, before the era of digital communications, but is being used to collect them promiscuously. Nye alleges that the Obama administration has been violating the Constitution with scant oversight from Congress or the judiciary.
“The order as used today threatens our democracy,” he wrote in The Washington Post. “I am coming forward because I think Americans deserve an honest answer to the simple question: What kind of data is the NSA collecting on millions, or hundreds of millions, of Americans?”
Executive Order 12333 is old news to national-security insiders and the journalists who cover them, but is largely unknown to the American public, in part because officials have a perverse institutional incentive to obscure its role. But some insiders are troubled by such affronts to representative democracy. A tiny subset screw up the courage to inform their fellow citizens.
Tye is but the latest surveillance whistleblower, though he took pains to distinguish himself from Snowden and his approach to dissent. “Before I left the State Department, I filed a complaint with the department’s inspector general, arguing that the current system of collection and storage of communications by U.S. persons under Executive Order 12333 violates the Fourth Amendment, which prohibits unreasonable searches and seizures,” Tye explained. “I have also brought my complaint to the House and Senate intelligence committees and to the inspector general of the NSA.”
Cockroaches are some of the most resilient creatures on earth. They can live for 45 minutes without air and over a month without food. Cutting their heads off won’t even kill them—at least not immediately. Their bodies can live on for several days without their heads.
Now, a team of open source developers wants to make it easier for just about any company to build the sort of resilient cloud computing systems that run online empires like Google. They call their project CockroachDB, billing it as a database with some serious staying power. That may sound like an odd name for a piece of software, but co-creator Spencer Kimball—a former Google engineer—says it’s only appropriate. “The name is representative of its two most important qualities: survivability, of course, and the ability to spread to the available hardware in an almost autonomous sense.”
Like so many other open source projects designed to drive large online operations, CockroachDB is based on ideas published in a Google researcher paper, in this case a detailed description of a massive system called Spanner. Spanner is a sweeping software creation could eventually allow Google to spread data across millions of computer servers in hundreds of data centers across the world, and it took Google over five years to build. Even with Google’s research paper in hand, the CockroachDB coders still have their work cut out for them. But it’s a noble ambition.
At the Symposium on Usable Privacy and Security today, Stuart Schechter and Joseph Bonneau plan to reveal an experiment they designed to teach people to remember very strong, random passwords. With their process, which took a total of 12 minutes of users’ time on average, about nine out of 10 test subjects were able to remember a 56-bit password or passphrase–one for which a hacker would have to try quadrillions of guesses to successfully crack the secret.
“Our goal was to show that there’s a big dimension of human memory that hasn’t been explored with passwords,” says Bonneau, a fellow at Princeton’s Center For Information Technology Policy. “They may seem hard to remember up front. But if you’re given the right training and reminders, you can memorize almost anything.”
Schechter and Bonneau recruited hundreds of test subjects from Amazon’s Mechanical Turk crowdsourcing platform and paid them to take a phony series of attention tests. What they were really studying was how users logged in to those tests. Every time the login screen appeared, the user would be prompted to type in a series of words or letters on the screen. Over time that string of characters took increasingly long to appear, prompting the user to enter it from memory. More letters and words were added to it over time: After 10 days of testing, the user was required to enter a series of 12 random letters or six random words–for example, “rlhczwpsnffp” or “hem trial one by sky group” to start the test.
James Varney of the Times-Picayune in New Orleans, stayed at the Hyatt Place hotel in Riverhead, NY. He tried to look at the Drudge Report, but was blocked from doing so by his hotel’s internet connection.
In fact, he tried looking at a number of conservative websites, including Powerline and Instapundit. They too were blocked. He then tried a number of liberal websites from Talking Points Memo to DailyKos. None of them had access problems.
His hotel, Hyatt Place, uses Uniguest to connect its guests to the internet.
Digging deeper, I contacted the good people of Uniguest. A cheery online chatter at their corporate website praised my question as a very good one, asked for my e-mail so he could run it up the corporate flagpole and I await that response.
I also spent some time on the phone with Hyatt representatives. Well, most of that time was on hold, actually, but I did eventually get two bright, human voices. Both of them assured me no political line was being enforced.
Neither of them knew for sure but they were quite certain it was all a matter of security – it was virus and malware that prompted the warnings and kickoffs, not a point of view.
Federal officials can’t resolve 85 percent of 2.9 million “inconsistencies” on applications for ObamaCare even after nine months of trying, according to new data provided by the administration.
Most of the problems involve certifying citizenship and income, key components of the national health plan.
But some of the problems are downright nutty.
One unidentified state-run marketplace cited situations in which infants and young children were “erroneously identified as incarcerated, according to federal data,” the inspector general for the Health and Human Services Department revealed Tuesday.
Just 425,000 problematic applications have been resolved out of 2.9 million that states and the federal exchange reported, the Centers for Medicare and Medicaid Services told The Post.
Only citizens are eligible for ObamaCare, and only people at certain income levels are eligible for tax credits and subsidies.
But in 77 percent of the applications under scrutiny, federal records differed from what applicants submitted on those two key qualifications.
The CMS responded that the agency is “committed to verifying the eligibility of consumers who apply for enrollment in qualified plans.”