Weekly Axis Of Easy #105
THE RULES: No searching up the answer, must be posted in the comments below:
The Prize: First person to post, gets their next domain or hosting renewal on us.
This week’s issue in memoriam of Edelgard Magerette Jeftovic nee Haese Aug 26, 1930 – July 12, 2019. Together with my dad, the two people most responsible for my unwavering, staunchly anti-war stance. My parents grew up on opposite sides of WWII, my father an RAF Spitfire pilot, my mother a schoolgirl in Nazi Germany. Large swaths of both their families were consumed by the war and what they both taught me about history gave me a unique perspective that leads to the inescapable conclusion: War is a racket
Apple to Zoom: You didn’t fix it, so we did
Google listens to recordings of conversations in your home
Western tech giants helping to build China’s surveillance state
Canada Revenue Agency shares tax data with US IRS
25 million Android phones infected by Agent Smith rogue adware
Steve Wozniak: Delete your Facebook accounts
Yep, that supicious Paypal phish you received came through one of our servers
As reported last week, Zoom clients on Mac OSX devices left users open to RCE attacks, and the security researcher who reported it was underwhelmed with the way Zoom handled it, both in the slowness of their response, and the fact that he could still figure out a workaround that circumvented their fix.
Apple decided to take things into their own hands and pushed a silent update out to all OSX devices that removes the Zoom web server. Apple’s fix does not interfere with the operation of the Zoom client but eliminates the vulnerability.
Google has admitted that they employ natural language experts who listen to a “small number of anonymous recordings” garnered from Google speakers deployed around the world. The “snippets” are transcribed and then they are used to train Google’s AI. The only thing anybody should be surprised by in this news is that it is an ostensibly “small” number of recordings (what would be a small number when operating at Google scale?).
It still boggles my mind why anybody would have any of these devices that record activity in your home and then report telemetry back to their mothership. I guess it’s as the 1980’s punk legends The Dead Kennedy’s called their 5th record, “Give me Convenience or Give me Death”.
Charles Hugh Smith picked up on a couple of threads from last week’s #AxisOfEasy and expanded on them in his essay “Alexa, How Do We Subvert Big Tech’s Orwellian Internet-of-Things Surveillance?” which loops back around to this item quite nicely.
For those who wonder why I incessantly brood over being surveilled by Western tech giants who want nothing more than to target us with the perfect ad at the perfect time, it’s because of what I see many of these same companies doing over in China, where the State is refining the art of total surveillance and authoritarian control to a precision framework that automates obedience and penalizes noncompliance.
The Intercept looks at The Open Foundation, a non-profit lead by Google and IBM that is working with China’s Semptian to implement a Surveillance-as-a-Service platform called “Aegis”. The dictionary definitions of the word aegis mean: 1) Protection, 2) Sponsorship, patronage, and 3) Guidance, direction or control. Perfectly apt. Look at the demonstration video the Intercept’s undercover reporters managed to garner from the Semptian sales rep.
If you think what’s happening in China won’t be attempted here in due course, in its own Westernized style, then I’m going to accuse you of being pathologically naive and I think you should get that looked at.
FYI: In 2014 the Canadian and US governments signed an Intergovernmental Agreement to share tax data on residents on an annual basis. Under the agreement the governments share data on local residents of each other’s countries who have bank accounts with balances over $50,000. In 2017, for example, that penciled out to 700,000 records that the Canada Revenue Agency sent to their US counterparts.
Researchers have issued a warning about a new Android phone variant called “Agent Smith”, it replaces apps on your phone with fake ones that display rogue advertisements. The malware is tied to China and is targeting users in India, Pakistan and other parts of Asia. So far approximately 25 million handsets are estimated to be infected.
The malware is exploiting older known vulnerabilities, like one called “Janus” which dates back to 2017. So if you’re running an Android phone, make sure it’s fully patched. This is sure to wind up here at some point.
In this brief, seemingly impromptu interview, it appears as if a TMZ reporter crossed paths with Apple co-founder Steve Wozniak in an airport and got him to opine on the privacy issues around social media apps like Instagram and Facebook. The Woz’s upshot? “People think they have a level of privacy that they don’t”
While he concedes that for some people, the benefits of being on social media outweigh the loss of privacy, for most of us, we should “figure out a way to get off Facebook”.
*Sigh*. On Saturday we started getting reports that some clients were receiving a purported Paypal email about “a supicious transaction” which was, of course, a phish, and it came from one of our servers, iem .easydns .com. As soon as we realized the problem we pulled the plug on IEM. It was an old email CRM system we used to use to send customers emails which should have been mothballed, but it wasn’t. The data exposed were approximately 16K email addresses (split across easyDNS and Zoneedit) that we once exported to IEM for a broadcast. No other data was affected.
Still sucks though….