Wednesday, 30 September 2015

Evil Wednesday roundup

  • Ed Snowden is tweeting.  Like I needed any more reasons to be on government watchlists.
  • The BBC gushes about smarthomes.  I sometimes think our obsession with this kind of thing since at least the 60s is due to the fact that it has been historically unrealistic.  That’s the sort of thing that makes us dream without worrying about the consequences.  Now that it’s trivially achievable, we’re all just assuming it’s desirable and still not thinking about the consequences.  Lots of these IoT devices don’t encrypt the intimate data they’re sending around and many have other terrifying security flaws.  And do we really want this stuff?  Well, a lot of it is kind of cool and I’m generally optimistic about the potential for energy saving, but I’ve worked in smart buildings and in my experience they don’t work.  Perhaps they will, in time, and a lot of the security issues will certainly be solved over time, but that doesn’t help us now.  And I have some serious misgivings about the motives of the companies that will be selling these solutions.  They won’t have our best interests at heart.  Ecosystems are great, but when they fail, we’re fucked.
  • People have been hoaxing Facebook.  They’ve been claiming that Facebook is about to start charging for the ability to keep your profile private.  I think it’s probably just mischief but it has generated a lot of noise and caused Facebook to issue statements on policy, saying that it will never charge for such things.  It seems like a decent way to do activism; shouldn’t we be trying to force companies like Facebook, Twitter, Google etc. to adopt an agenda that doesn’t fuck us all over?  With great power comes great responsibility, of course, but it counts both for activists trying to manipulate companies and the companies that are trying to manipulate us.  Perhaps turnaround is fair play.
  • People are hacking medical devices. Because of course they are.  But this article is more about what I’d call medical appliances (MRI scanners and the like) rather than what I’d call devices (such as pacemakers).  In the end, it won’t be the hacking of stuff like this that’ll worry us, it’s the hacking of the places where all the data goes.  My current work shows that none of this stuff is particularly safe at the moment.
  • China and the US agree not to wage cyber-war on each other.  This is the least believable thing I have ever seen.  There is absolutely no way either government would stand down on this.   It’s hard to understand what sort of theatre is going on here.  Why even pretend?
  • Dudes prank drive-thru staff by switching places in the car when the staff turn round. You have to see it to see it.  A lot of our security issues involve people like this who challenge our assumptions. One thousand internets for the people who worked out what was going on, but no penalty for the people who registered something weird but couldn’t quite join the dots.   We’re neither built nor educated to expect this kind of thing and we’re often more likely to doubt ourselves than the evidence of our senses. We can’t always get the balance right and as a rule of thumb I’d personally be more likely to trust people who doubt themselves.
  • Yeah, I used the word “dudes”. Deal with it, I’m having to.  Family and friends are helping in this time of crisis.
  • I love stories about how easy it is to break into stuff. Locks are central to our collective delusion about how security really works, which is one of the reasons I learned to pick locks.  The other is that it’s cool to have a skill – especially a mechanical skill – that most people do not.  My suspicion is that most people believe that many locks can be picked, but not fancy locks, defined as the locks they were sold.  Or something would have been done about it, right?  While at the same time knowing that locksmiths pick locks all day as their actual job.  What does this attitude tell us about backdoors in encryption?
  • Apple again deciding what kind of journalism people can consume on the devices they think they own.  This time, it obstructed an app that reports drone strikes and then removed it from the app store when it managed to slip through their arbitrary filters.  This seems like the sort of thing we should know about, Apple.
  • More assumption-challenging: here, a baby works out how to escape.  I have a more stupid anecdote: when I was about that age, my ‘play pen’ (prison) didn’t have a floor and was made from very light materials.  What do you think I did?  It did not require problem-solving skills on a par with that other baby’s, though.  Bonus anecdote: our stair gate had a bolt.  A fucking bolt. How stupid did my parents think I was?  It was the same stair gate that successfully prevented all my siblings making unauthorised trips up and down stairs, though.  Just saying.

No comments:

Post a Comment