Weekly Axis Of Easy #97
Last Week’s Quote was “Don’t retaliate. Just get stronger” by Robert Kiyosaki, author of the “Rich Dad / Poor Dad” series, advice given to him by Buckminster Fuller (nobody got it, third week now).
This Week’s Quote: “If I am not asked I know what time is; but if I am asked, I do not.” …by ??
THE RULES: No searching up the answer, must be posted in the comments below:
The Prize: First person to post, gets their next domain or hosting renewal on us.
- Deluded, out-of-touch congressman calls for total ban on Bitcoin
- Windows 10 will have a real Linux kernel
- Microsoft Word’s auto-correct will promote gender neutrality
- How to access all those recordings Alexa has of you
- Free app using your private photos to train commercial facial recognition
- City of Baltimore paralyzed by ransomware attack, again
- New Android phish fools you with fake address bar
- Twitter admits to “inadvertently” collecting and sharing location data
- Open MongoDB of the week: 275 million record data dump on Amazon S3
Isn’t it interesting how Bitcoin seems to be back in the news these days? It also seems to be going up in value again. While I’m not sure the crypto bear market is over, bears usually come replete with multiple head fakes to the upside, something sure has US Congressman Brad Sherman (D-CA) in a twist about it, saying that:
“lawmakers must act preemptively to impede the threat posed by cryptocurrencies and thus outlaw their purchase by American citizens. Crypto’s threat, he claimed, forebodes no less than a shake-up of America’s geopolitical influence due to its potential diminishing of the power of its sovereign currency”
..and he says it like that’s a bad thing. Imagine, people taking back control over their own purchasing power and savings. Suddenly the narrative seems to have flipped over from “Bitcoin is vapourware and headed for zero”, to “it poses an existential threat to the monetary system and it needs to be banned” in fairly short order.
To paraphrase on Gandhi’s old adage about inevitability of a good idea….
First they call you no more a threat than OS/2 (remember OS/2?)
Next they call you a “malignant cancer”
…and then, they add your kernel to their latest operating system.
As part of its Windows Subsystem for Linux (WSL), Windows 10 will add a real Linux kernel. Microsoft had already added bash on Windows through Ubuntu, Kali Linux and OpenSuse. In the next version the Linux compatibility layer will be replaced with a full-on Linux kernel 4.9.
Also Microsoft: the latest version of Word now includes a feature that will suggest corrections for gender neutrality. If you type “policeman” (or maybe “poleeceman”), the spell checker will kick in and fix “police”, and the gender neutralizer will kick in and suggest “police officer” instead. Or, if you have the language set for Canadian English, it would change “mankind” to “peoplekind”. You get the idea.
The feature is optional at the moment, but will almost certainly become compulsory at some future moment in time.
Somewhat surprised to see this story emanating from the Washington Post, given that they’re owned by Jeff Bezos, but they point out that Alexa devices, which insane people actually install in their homes, listens to your conversations all the time:
“Many smart-speaker owners don’t realize it, but Amazon keeps a copy of everything Alexa records after it hears its name. Apple’s Siri, and until recently Google’s Assistant, by default also keep recordings to help train their artificial intelligences.”
Geoffrey Fowler, the columnist who wrote this piece, found so many recordings of snippets of his conversations, including many of which were not initiated via the “wake word”, that he edited it into a folk song.
This is the type of reporting one used to expect from journalists. Fowler is a rarity and will be missed.
Also view and manage all your Alexa recordings: http://www.amazon.com/alexaprivacy
In the above story, Fowler found that the ostensible reason Amazon was recording and everything you say by default was so it could use those recordings to train its artificial intelligence.
Photo storage app “Ever”‘s slogan is “Make Memories”. And it’s free. It turns out what you’re also doing is training Ever’s own AI: “the photos people share are used to train the company’s facial recognition system, and that Ever then offers to sell that technology to private companies, law enforcement and the military.”
Remember the old adage: “If you’re not paying for the product, you are the product”.
The City of Baltimore is investigating, and attempting to recover from another ransomware attack which spread through the municipal government’s computer systems and demanded a 3 bitcoin (roughly $27,000 CAD) ransom to decrypt the files. The ransomware variant, called “Robinhood” is not believed to be spreading via email, but the attack vector is as yet unknown.
This time critical systems like the city’s 911 and 311 phone systems were not affected, however in an earlier attack this year, those systems were infected and downed.
Reading between the lines here, it strikes me as though they are not backing up their systems. The takeaway: backup your systems. Then backup your backups. I use our easyBackup, I have a local pocket drive on my desks at home and the office always rsync-ing, and finally another cloud backup, offsite.
When I originally came across this the article said it was an Android issue, but when I read security researcher James Fischer’s original post, and then tested it on my iPhone, I can confirm this is a Chrome issue on mobile, not just Android. The upshot is he discovered a new technique where a phishing attack can create a complete, fake browser location bar in your browser canvas, that will then display the fake address (in his case for HSBC bank), complete with a fake “lock” icon denoting that the site is TLS secured and verified. As yet, no known fix.
Twitter called an “oopsie” when it revealed that “we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances”. (Translation: we’ve probably been streaming your location to everybody, all the time).
For those keeping score at home, every week or every other week, a security researcher somewhere finds a wide open MongoDB, often times hosted on Amazon S3 buckets, with all kinds of personally identifying data of a lot of people. This week, it’s 275 million records of Indian citizens with details like name, address, employer, job history, and salaries. It is not known from whence this data dump originated. It was discovered by Bob Diachenko who has a knack for finding wide open MongoDB’s using Shodan and Google.
Odds and Ends:
- I was a guest on the The Lite Podcast, a Litecoin centered show, where we discussed crypto-currency, negative inflation rates, secular bear markets, and more
- In the last couple months two of my neighbours within 4 houses on my street in the west-end of Toronto had vehicles stolen out of their driveways using a key-fob relay attack as outlined in #AxisOfEasy 78. I have been using an electro-magnetic shielding Faraday pouch since I wrote about it, and my neighbour went low-tech, but effective: he picked up “the club” for his remaining car. They still work.
If you like #AxisOfEasy and think it would be beneficial to your friends and colleagues, please feel free to invite them to subscribe to the list here.