The Market Ticker
Commentary on The Capital Markets- Category [Technology]

"More clearly needs to be done"? smiley

The vast haul of Snapchat images obtained by hackers in a breach discovered last week should serve as a massive wake-up call to consumers, warns an expert, noting that users may have been lulled into a false sense of security.

“More clearly needs to be done to remind Snapchat’s millions of users – many of whom are teenagers – of the dangers of sending intimate images that may later leave them humiliated or embarrassed if shared with unauthorized parties,” wrote Oxford, U.K.-based computer security expert Graham Cluley, in a blog post Monday. “As has been known for some time, there will always be ways for Snapchat images to be preserved by recipients – even if you were hoping they would expire and delete themselves a few seconds after being viewed.”

Yep, because I could either screen-shot the image, use a third-party client (which doesn't "dispose" of the image), there could be malware on your device that can get access to the files while they are "hot" (while being displayed) and copy them or the user could simply point a second phone at the first one's screen!

The last, by the way, cannot be defended against.

So why is it again that you would "believe" that a picture you take with your cell camera and then send over the airwaves via any means whatsoever can be "controlled" in its distribution?  It can't -- period.

Anyone who believes that so-called "timed erase" actually assures that whatever you send doesn't wind up preserved beyond that time is an idiot.


View this entry with comments (registration required to post)

I've been fortunate enough not to encounter this crap -- but apparently some other people did...

(CNN) -- Think hotels are deliberately blocking your personal Wi-Fi networks so you'll buy theirs?

No, it's not just a conspiracy theory. It turns out the federal government is concerned about it, too.

Marriott has agreed to pay a $600,000 fine after the Federal Communications Commission found the company blocked consumer Wi-Fi networks last year during an event at a hotel and conference center in Nashville.

Marriott has tried to claim that this is for the "benefit" of their customers; that people might set up unsecure and even malicious hotspots that would steal your data.  Uh huh.  

The real reason is that they want to sell you their expensive service instead, of course.  Higher-end hotels have been pulling this sort of crap for a long time -- and travelers have responded by using their own cellphones with local "hotspot" service.  As 4g/LTE has proliferated this has destroyed the ability of the hotel industry to rape service the hotel customer.

My answer is not to patronize such higher end establishments. But that doesn't change the fact that intentionally tampering with RF emissions is a federal offense, and, well, I guess Mariott didn't appropriately tithe to the administration...


Sucks to be you Marriott.

View this entry with comments (registration required to post)

2014-10-06 06:15 by Karl Denninger
in Technology , 210 references

I wondered how long this would take to come out in the form of a "kit"....

In July, researchers Karsten Nohl and Jakob Lell announced that they'd found a critical security flaw they called BadUSB, allowing attackers to smuggle malware on the devices effectively undetected. Even worse, there didn't seem to be a clear fix for the attack.

That's because there isn't a clean fix.  The problem resides in the fact that a USB device can "announce" that it has multiple capabilities and the machine they're connected to will believe it.  Some of those can be input/output devices (like a keyboard) and others can be storage-related.

The HID (input) device vectors are especially bad because today's operating systems won't ask or stop one of these from attaching automatically.  That in turn means that an attacker can "inject" a command exactly as if you typed it.

Now if that same malware and figure out when to send the specific nasty command (specifically, when you just authorized the machine to do something that requires privileges) Bob's Your Uncle (or rather, your computer now belongs to the bad guy!)

This is very hard to stop without changing how we think about USB in general, and human input (like keyboard) devices in particular.  Specifically, how do you ask a user if it's ok to use a keyboard without a keyboard? You see the problem with popping up a box asking, right? smiley

Are there ways to address this?  Maybe.  But not using the paradigms we use today for USB.

Is it time to put electrical tape over the USB port?  Maybe.  It is definitely well-past the time to allow someone possessing a device you do not explicitly trust to plug into your system -- but that's been true for a very long time.

It's just that now everyone and their brother who wants to screw with you was given the code to do it.

View this entry with comments (registration required to post)

Main Navigation
Full-Text Search & Archives
Archive Access
Get Adobe Flash player
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.