Weekend Reads 122217

Because this is the last “weekend reads” of the year, I’m supersizing it, and including a few articles at the end on culture I found interesting. The majority of the other stories relate to security, as always.

San Diego, Calif., Dec. 12, 2017 — Computer scientists have built and successfully tested a tool designed to detect when websites are hacked by monitoring the activity of email accounts associated with them. The researchers were surprised to find that almost 1 percent of the websites they tested had suffered a data breach during their 18-month study period, regardless of how big the companies’ reach and audience are. “No one is above this—companies or nation states— it’s going to happen; it’s just a question of when,” said Alex C. Snoeren, the paper’s senior author and a professor of computer science at the Jacobs School of Engineering at the University of California San Diego. —UC San Diego

GPS has become such an ingrained part of our culture that many of us don’t even think about it anymore. If you want to go check out a new restaurant but don’t know where it is, search for it in Google Maps. Want to map your running route? There are tons of apps that use GPS to do that. Don’t want to be tracked at all? Just turn GPS off. But, what if I told you that you could be tracked without using GPS? What if there was a way for an app to narrow down exactly where you are, how fast you’re traveling, and what kind of vehicle you’re in— all without accessing your GPS location or you being aware? That’s pretty scary, right? —Android Authority

In May 2013 KrebsOnSecurity wrote about Ragebooter, a service that paying customers can use to launch powerful distributed denial-of-service (DDoS) attacks capable of knocking individuals and Web sites offline. The owner of Ragebooter subsequently was convicted in 2016 of possessing child pornography, but his business somehow lived on while he was in prison. Now just weeks after Poland made probation, a mobile version of the attack-for-hire service has gone up for sale on the Google Play store. —Krebs on Security

Only a few years ago, DDoS attacks targeted certain industries, gaming and finance being at the top of the list. What’s changed is the consistent drumbeat of attacks. Today, they are pervasive, impacting businesses of all sizes, across all industries and geographies. The driver for this remains the ready availability of free attack tools that can turn anyone with an internet connection and a grudge into a DDoS attacker. The bull market in DDoS attack services is also a significant factor. —Arbor

Section 1201 of the Digital Millennium Copyright Act (DMCA 1201) gives device manufacturers a legal tool to keep you from understanding and modifying the things you buy. While DMCA 1201’s stated goal was to prevent copyright infringement by punishing people for breaking the technological mechanisms companies put on their material to protect it, the law has been used against artists, researchers, technicians, and users, even when the reasons why they were trying to circumvent digital locks were completely lawful. —EFF

In the days of shrink-wrapped software, customers had no option but to provide perimeter security — firewalls, intrusion detection, antivirus, web application firewalls — since they had no access to proprietary source code, he explained. In 15 years in the security industry, most recently at FireEye, where he was seeing about 100,000 new pieces of malware a day, reacting to threats doesn’t make sense in an environment where development teams are releasing software multiple times a day. —The New Stack

For IT conference speakers, making an offering to the Demo Gods has become almost customary, a ritual that reinforces the hope that their barely-functioning prototype will dazzle onlookers without crashing and leaving them proverbially naked in front of the audience. No one, however, has ever had a tighter relationship with these demo deities than Douglas Engelbart, who on Dec. 9, 1968, laid out a long view of the future of computing in an astounding set of demos, one that included the mouse, Google Docs, the internet, and video conferencing. Engelbart and the work of his team laid out the path forward for all of the software, years before Xerox PARC even existed. —The New Stack

It is often said that California foretells the nation’s future. If so, we should really be worried about the cost of living. Wednesday’s New York Times ran an article about California that was candid about the high cost of living there although opaque about the reasons for it. It recognized that in the last seven years the state has lost more than two million people over twenty five years old to other states. And the reasons for fleeing many give is the cost of living with the largest number going to Texas, a state renowned for a low cost of living. —Liberty Law Site

In a world of serial storytelling, characters commonly outlive the actors who play them. Makers of film and television find ways to respond to the death of an actor, from recasting a role without comment (like Dumbledore in the Harry Potter films) to making the changeover of lead actors a central motif of a series (the Doctor in Doctor Who). Disney pioneered a new response in its latest Star Wars movie: resurrecting a deceased actor to reprise a role from beyond the grave. The technology on display here is impressive. But it both denigrates the craft of acting and violates the dignity of the human body by treating it as a mere puppet. —The New Atlantis

How do we make sense of our political moment? There has been no dearth of commentary on the meaning of the 2016 American presidential election and its political aftermath. Pundits, scholars, and others have expressed alarm about the degree of fragmentation and polarization, the increase in vulgarity in political discourse and the loss of political civility, the weakening of traditional international alliances, the abuse of basic ethics in governing, and the resurgence of nativism, populism, isolationism, and nationalism, all of which could encourage authoritarian behavior among those in or seeking power. There are good reasons to be uneasy. —The Hedgehog Review

Weekend Reads 121517

Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology. —Krebs on Security

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate. —Krebs on Security

As the European Union General Data Protection Regulations (GDPR) looms, a privacy stripping email setting continues in widespread use around the world. It threatens sensitive communications that containing personally-identifiable information, intellectual property, financial information, and your most intimate photos. —Free Code Camp

This week, the Supreme Court will hear a case with profound implications on your security and privacy in the coming years. The Fourth Amendment’s prohibition of unlawful search and seizure is a vital right that protects us all from police overreach, and the way the courts interpret it is increasingly nonsensical in our computerized and networked world. The Supreme Court can either update current law to reflect the world, or it can further solidify an unnecessary and dangerous police power. —Schneier on Security

It is true, as both Mendelsohn and Connolly state, that video is a far more powerful medium to deliver information. In that truth, though, lies a grave danger. It is far easier to manipulate the emotions through video than it is through the written word. Video conveys information through something akin to osmosis, the recipient need only to open his eyes and ears for the information transfer. Reading, on the other hand, requires an active participant, it demands the recipient of information think through and imagine the arguments or story, and to digest the meaning over time. —Intellectual Takeout

It is the mixture of private and communal property that is of interest. Aristotle writes that systems that take the best from both private and collective ownership are “already present in outline form in some city-states, which implies that it is not impracticable.” He mentions Sparta particularly, including a provision for collective property providing “when on a journey in the countryside, they may take what provisions they need from the fields.” —Law and Liberty

Weekend Reads: The Relay Box Attack

West Midlands Police believe it is the first time the high-tech crime has been caught on camera. Relay boxes can receive signals through walls, doors and windows but not metal. The theft took just one minute and the Mercedes car, stolen from the Elmdon area of Solihull on 24 September, has not been recovered. @BBCWest Midlands Police believe it is the first time the high-tech crime has been caught on camera. Relay boxes can receive signals through walls, doors and windows but not metal. The theft took just one minute and the Mercedes car, stolen from the Elmdon area of Solihull on 24 September, has not been recovered. @BBC

There’s rising worry that corporations are taking over America. But after reviewing a slew of the bids by cities and states wooing Amazon’s massive second headquarters, I don’t think “takeover” quite captures what’s going on. More like “surrender.” Last month Amazon announced it got 238 offers for its new, proposed 50,000-employee HQ2. I set out to see what’s in them, but only about 30 have been released so far under public-record acts. @The Seattle Times

The Supreme Court will hear oral arguments in Carpenter v. United States on November 29th. Carpenter centers on whether law enforcement needs a warrant to access 127 days of historic cell-site location information (CSLI). The case is important because of the great quantity of demands for location information now being made by law enforcement, because the location information that is sought is very revealing, and because law enforcement often obtains such data without obtaining a warrant, which increases the likelihood that sensitive location information about innocent people is collected. @The Center for Democracy and Technology

It’s amazing how congressional Republicans have been singularly unable, since winning the White House and both houses of Congress, to advance any major legislative priorities for their voters, but still quite able to advance legislation that most Republican voters would oppose — if they learned about it.
Republican leaders are sponsoring three bills that would expand the U.S. surveillance state under the guise of improving education and government efficiency. A grassroots opposition letter lists and summarizes the bills, the second of which passed the House last week… @The Federalist

Are the very large, very successful tech megaplatforms a problem that needs solving? Are they suppressing competition, innovation, free speech, democracy? I’m skeptical that case has been proven to the extent a strong public policy response is required ASAP. And I am equally skeptical of the solution set being offered by those who are quite comfortable that the anti-tech case has been proven. Break ‘em up! Regulate the heck out of them! (Sotto voce: Nationalize them.) @ The American Enterprise Institute