Apple iOS 11 security 'downgrade' decried as 'horror show'

Found on The Register on Friday, 01 December 2017
Browse Software

Oleg Afonin, a security researcher for password-cracking forensic IT biz Elcomsoft, in a blog post on Wednesday called iOS 11 "a horror story" due to changes the fruit-themed firm made to its mobile operating system that stripped away a stack of layered defenses.

"Once an intruder gains access to the user’s iPhone and knows (or recovers) the passcode, there is no single extra layer of protection left," Alfonin explains in his post. "Everything (and I mean, everything) is now completely exposed. Local backups, the keychain, iCloud lock, Apple account password, cloud backups and photos, passwords from the iCloud Keychain, call logs, location data, browsing history, browser tabs and even the user’s original Apple ID password are quickly exposed."

Perhaps it was done because users complained and it's more convenient if you only have to remember one passcode. You get convenience, you lost security.

Wondering why your internal .dev web app has stopped working?

Found on The Register on Thursday, 30 November 2017
Browse Software

Rather than connecting to private stuff on an internal .dev domain to pick up where they left off, a number of engineers and sysadmins are facing an error message in their web browser complaining it is "unable to provide a secure connection."

Chrome forces connections to all domains ending in .dev (as well as .foo) to use HTTPS via a HTTP Strict Transport Security (HSTS) header. This is part of Google's larger and welcome push for HTTPS to be used everywhere for greater security.

In another commit, Google renames Chrome to GTNB: Google's Nanny Telemetry Browser. Yes, security is important, but you don't mess with your user's setups. It's main use is on internal testing systems, and if you need the security of HTTPS on your Intranet, then your security problems are somewhere else, and much bigger than you thought.

Facebook’s New Captcha Test: 'Upload A Clear Photo of Your Face'

Found on Wired on Wednesday, 29 November 2017
Browse Internet

According to a screenshot of the identity test shared on Twitter on Tuesday and verified by Facebook, the prompt says: “Please upload a photo of yourself that clearly shows your face. We’ll check it and then permanently delete it from our servers.”

“You Can’t Log In Right Now. We’ll get in touch with you after we’ve reviewed your photo. You’ll now be logged out of Facebook as a security precaution.”

Just about three weeks ago, the same company asked users to upload their private porn; and now they want clear shots of your face. What a "coincidence"...

HP stealthily installs new spyware called HP Touchpoint Analytics Client

Found on Computer World on Tuesday, 28 November 2017
Browse Software

Dubbed “HP Touchpoint Analytics Service,” HP says it “harvests telemetry information that is used by HP Touchpoint’s analytical services.” Apparently, it’s HP Touchpoint Analytics Client version 4.0.2.1435.

Martin Brinkmann on ghacks has a detailed accounting of the spyware and how to remove it. He gives step-by-step instructions for disabling the HP Touchpoint Analytics Client in your Services listing, as well as deleting the HP Touchpoint Manager.

Some never learn. After all that Microsoft stirred up with their unwanted telemetry services, HP does simply the same. Maybe we really need a simple law that makes it illegal to collect data unless the user gets informed about every single detail of the collected data, and what it is used for; and of course, there has to be an opt-out option that must not be opted-in with a later update.

EU settles dispute over major weedkiller glyphosate

Found on BBC News on Monday, 27 November 2017
Browse Nature

EU countries have voted to renew the licence of glyphosate, a widely used weedkiller at the centre of environmental concerns.

The UK was among the states in favour of glyphosate renewal. Germany and Poland were also among them - though they had previously abstained.

Critics say widespread use of glyphosate reduces biodiversity, by killing plants that are essential for many insects and other animals.

Everybody can see the effects of modern agriculture. Or better, you cannot see them anymore, because there are less and less species than a few decades ago; and it's not only the flora that's affected, but in turn the fauna too. However, as long as money can be made, everything is fine, right?

Imgur just learned 1.7M accounts got exposed in 2014 hack

Found on CNet News on Sunday, 26 November 2017
Browse Internet

Imgur said Friday it first learned of the years-old hack on Thursday from a security researcher.

Imgur said the hack is still under investigation but believes an older password encryption system in use at the time of the hack allowed hackers to breach the system using a brute force attack. The company said it updated its algorithm last year.

These days 1.7M isn't even worth mentioning more it seems.

Degree Inflation Hurting Bottom Line of U.S. Firms, Closing Off Economic Opportunity for Millions of Americans

Found on Havard Business School on Saturday, 25 November 2017
Browse Various

According to new research released today, more than six million middle-skills jobs in the U.S. are now at risk of “degree inflation”—the practice of preferring or requiring a college degree for jobs that were traditionally held by middle-skills workers.

The trend impacts positions such as supervisors, support specialists, sales representatives, inspectors and testers, clerks, as well as secretaries and administrative assistants. Those jobs were traditionally held by many middle-class Americans without a college degree. When the same job is posted today with the minimum education requirement of a college degree, it is placed beyond the reach of Americans who may not have a college degree, but do have relevant experience.

You should pick the "right tool for the job". Sadly, too many think that a college degrees automatically makes the person better than others, so naturally, more and more want such a degree. As a result, the quality of a degree these days is lower than a few decades ago.

End of an open source era: Linux pioneer Munich confirms switch to Windows 10

Found on TechRepublic on Friday, 24 November 2017
Browse Software

Now Munich will begin rolling out a Windows 10 client from 2020, at a cost of about €50m, with a view to Windows replacing LiMux across the council by early 2023.

Nevertheless, despite Munich running both systems side-by-side for more than a decade, today the council says this dual-system setup is unsustainable, hence the need to return to Windows.

While staff have reported intermittent problems with IT at the council, past surveys have found only a minority of staff wanted to return to Windows and Microsoft Office.

Running two entirely different operating systems side by side is arguably not a performance booster; but they could as well finish the job they started and ditch MS completely. They had 10 years to put pressure on developers to produce cross platform versions of their software. In the end however, it looks like the party with the deeper pockets for lobbying work won.

Vulnerability Found In Amazon Key, Again Showing How Dumber Tech Is Often The Smarter Option

Found on Techdirt on Thursday, 23 November 2017
Browse Technology

When Amazon introduced its new $250 Smart Key system a few weeks back, most people were understandably skeptical. The product promises to securely let Amazon delivery folk unlock your front door and place packages inside, with an accompanying camera that tracks every move the deliveryman makes to ensure personal security.

Researchers at Rhino Security Labs demonstrated that by using a simple program within WiFi range, the camera can be not only disabled, but frozen -- presenting the image of a closed door while burglars happily pilfer your possessions.

Let's hope these hipster gadgets fail hard and people return to the good old locks.

Turkeys Are Twice as Big as They Were in 1960

Found on The Atlantic on Wednesday, 22 November 2017
Browse Various

Since 1960, the weight of turkeys has gone up about a quarter of a pound each year. The average weight of a turkey has gone from 15.1 pounds in 1960 to 31.1 pounds in 2017.

While turkeys’ overall mortality rates do not seem to be higher than earlier generations, they—like our ever larger chickens—do suffer some new kinds of health problems. Their bodies can struggle to hold up their weight, leading to leg problems.

You might want to argue that this is perfectly fine, since Americans got twice as heavy in the same time too.