The Market Ticker
Commentary on The Capital Markets- Category [Technology]

If you didn't have enough reasons before now you got another one.

Let’s be clear about one thing: right now we don’t yet know whether the nude celebrity photos hacking scandal can be blamed on security vulnerabilities in Apple AAPL +0.24% iCloud. Certainly this is being widely circulated and it was my first thought on Twitter TWTR +0.65% last night, but there is no proof.

Well, sure.  You could just believe it'll be ok -- especially if the issue isn't simply whether people have pictures of your hoo-hoo (or dong.)

There are those who claim these photos are "faked", but then there's this:

"To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves," she tweeted. "Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked."

That sounds like an admission that they're real to me.

There's a huge problem here, if this is indeed a hack into cloud services, specifically, iCloud.  That's because deleting files from said cloud often doesn't really delete them.

It's kind of like a roach motel -- you can check out any time you'd like but you can never actually leave.

I have always found it hilariously stupid that people "trust" companies with this sort of thing, and that's just when you're talking about nudies.  When it comes to critical business data, or worse, customer data that could wind up being extremely damaging (e.g. medical or financial records and similar) it's even worse.

The common mantra today is that businesses should put data in the "cloud" because it's accessible everywhere and is "secure."  Oh really?  Secure eh?  Says who?  And who eats the liability when they're wrong?

That's the bigger problem, you see.  If someone breaks into my private infrastructure and steals something, the bad is on me; I know where the blame is, and I know where the liability lies.  It's mine, and since they're both in the same place I have a decent incentive to make sure that doesn't happen.

Now look at the case here; the liability is still yours as the business that put the data there but you have no control over it nor can you do anything about it before or after the fact!

Still comfortable with that allocation of risk, are you?  

Exactly how stupid are you if you're a CIO or CEO and have put your data anywhere other than on your own infrastructure where you can control it?

Answer: Very.

View this entry with comments (registration required to post)

2014-08-27 09:21 by Karl Denninger
in Technology , 235 references

Gee, there's no bias here, right?

What we need, then, is an equivalent universal inbox for messaging. No, not just for all your email and text messages. For everything. We need a smart inbox that'll sort messages by service, label them appropriately and will let you continue conversations within just one app.

I've had that for the last two+ years.  On my BlackBerry Z10.

Engadget knows this, because they "reviewed" said device.  And, after a few heated comments, they edited their piece to mention that -- below the fold, of course.

BlackBerry's Hub, present since the first release of BB10 devices, does exactly what is being described.  It places all inbox and notification information in one place and you can reply and manage them all there too.  Text messages, Facebook, Twitter, various Android apps (e.g. Snapchat, Instagram, etc), any number of email accounts -- I have three active -- phone calls, voicemails, etc.

In later (current) versions you can flag particular people as being "priority" contacts so anything they send you and any conversation you initiate shows up at the top in its own "priority" inbox as well.

Yes, I agree that this should be present on a "smart" device.  Apple and Google don't want it, however, because they want you to prefer their tools (e.g. Gmail) and putting everything in one place, along with letting you control it all, means they lose their ability to try to lever you.  In other words, they lose some of what they want -- you being the product that is being sold, that is.

Does all this matter?  You bet it does.  I rarely go into Facebook or Twitter, say much less the individual email application or even the text message system on my phone.  I do nearly all of my interaction with messaging services on The Hub, in one, unified place.

Exactly as it should be.

BlackBerry: Messaging done right.

PS: BB10 devices, such as the Z10, the Z30, the Q10 and upcoming Passport and Classic, also run Android apps....

View this entry with comments (registration required to post)

Be careful out there.

I found a particularly-pernicious bit of spyware today and had some fun getting rid of it.

It's called Metroids and when loaded (usually as part of a bundle with some sort of free utility or other legitimate package) it displays a "cute" rendition of the game Asteroids on top of all your browser windows.  The theory is that it brings you great "offers."

Needless to say that display is damned annoying and if you manage to accidentally load it you will instantly head over to the Program window and uninstall it.

All good, right?

Not so fast, Kemosabe!

Unknown to you it dropped a service into Windows under an obscure apparently-random letter name (very clever guys, trying to hide your intentions) when it had administrative privilege during installation -- privilege it retains, incidentally.  The problem is that the service survives the uninstall, and worse, it is capable of and does "hook" a browser session even without an extension loaded!

The odds are very good you'll never know it's there since it doesn't call itself what it is and in addition it claims to have uninstalled when you told it to.  But it didn't, and it's still creating and, presumably, transmitting data about whatever you do.  If you find the working directory and kill it (it's in AppData) it will be re-created as soon as you open a new browser window, or if you have one open.  Since it's running with privileges an ordinary user account can't stop the service either and worse, it has access to everything on the machine.

Malwarebytes can find it as can someone who knows what they're doing, but most anti-virus systems will not pick it up -- including Avast.

I have no idea how extensive the data it is collecting and sending is once it "claims" to be uninstalled but this is an especially nasty little piece of **** due to its persistent nature, that it is running with privileges and thus could get to anything on the machine and the fact that you'll get infested with it from perfectly "legitimate" downloads -- not browsing porn sites or other similar places.

I'm not usually one to say "there ought to be a law", but I will this time: If you as a software author or distributor allow your code to be bundled with such an "installer" -- anything that leaves a piece of itself behind after being de-installed specifically and/or attempts to obscure its components and functions by calling itself anything other than what it is -- that ought to be treated as felony computer fraud and abuse and you, along with the entity that wrote that crap, ought to go to prison.

Yeah, I know how to get rid of it and did with no harm done.  But I know what I'm looking for.

Most people don't and won't even know it's there.

View this entry with comments (registration required to post)

Heh heh, time for this one again.


Almost a third of smartphone users do not download any apps for their devices in a typical month, according to a report by Deloitte that predicts the volume of app store sales is hitting a ceiling.

The average number of apps downloaded on a monthly basis has decreased considerably in 2014, the firm found in a survey of people in the UK. As smartphones saturate mobile markets in the US and Europe, developers must rely on customers continuing to download new apps for their businesses to grow.

And there's more.

9 out of 10 users never pay for "premium" applications or features, leaving on-screen advertising "it" in terms of revenue.  And that's a problem, because there's little screen real estate (and never will be lots) nor is anyone going to put up with a material part of what is there being consumed by advertising.

There is no "industry" in general for this crap.  Oh sure, there are those few who make it big and make a lot of money, but that's always true.  What's almost-always false, however, is the hype machine that builds around a "new" technology.  It was not long ago that colleges and other so-called "professionals" counseled young people to go into this "field" because there was "great growth there" and it was a good way to make money.

Uh, nope.  Not for long, and in truth, not really ever.

View this entry with comments (registration required to post)

The Stupid, it Burns.

For the most part, however, it's the sensors, locks and monitoring devices that will be the cornerstones of the smart home. Furthermore, most of the people who've ridiculed the smart home of connected things haven't personally set one up themselves.

Oh really?  Both of my last two homes (including my present one, of course) are "smart" with the expected feature set, plus what probably amounts to quite a bit more.

It's really kind of nice to have a house that adapts to you, more or less on its own.  Your path is lighted as you enter a section of it, appropriately to the time of day (no, your eyeballs are not assaulted when you have to take a leak at 3:00 AM!)  When not home the system monitors for presence and decreases energy usage, and alerts you if something odd happens (like, for instance movement where there shouldn't be!)

But -- that's not the issue.  It lies here:

Critical security and healthcare monitoring systems will also benefit greatly from integration, which is why Apple and Google are desperately trying to position themselves as the great integrators. Someday it will be natural to have your medicine cabinet remind you to take a blood pressure pill or to get a message from grandmother's house that she hasn't been down to the kitchen this morning.

Except that neither of those firms or any other large ones in the digital space today give a flying **** about your privacy and civil rights.  None of them.  Exactly zero.

How do I judge?  None of their CEOs or corporate officers will risk prison or publicly quit rather than comply with outrageous demands and actions by others, particularly our US Government.  We know this because there is a long history of them complying rather than risk a contempt action or resigning in protest.

Worse, they build infrastructure for the specific purpose of being able to get into your data!  Apple, for example, has its "back doors" into IOS.  They claim this is for "diagnostic purposes" yet the data accessible and the bypass of protections intended to secure your data is the antithesis of "diagnostics."  

Apple is not alone in this regard; those who have taken cheap shots at me over the years for pointing this out in relationship to one company or another believe that it's because I "hate" one firm and prefer a different one.  Nope; that I make an example out of someone who sticks their head up by doing something particularly stupid doesn't mean that others aren't doing the same sort of thing -- in fact, virtually all, if not all, such large US-based firms are.  I've caught a couple of them myself over the years.

Google recently admitted to doing exactly that, in fact, with regards to child pornography -- searching email without a warrant.  They have no obligation to do so, by the way; I challenge anyone to show me a statute that compels not the turnover of accidentally discovered material but intentional searches for same, automated or not.  You can't find one, because such a statute doesn't exist.

The problem with such an example is that most reasonable people, myself included, instantly react to such an event as the perpetrator "deserving it"; after all, kiddie porn involves harming real children and it's a heinous offense.  That's not the point.  The point is that what allows such an intentional search isn't limited to heinous offenses and that someone claims to only be using it for that purpose both cannot be verified and there is no penalty for lying.

And that just covers the intentional acts.  The negligent ones don't even enter into this, such as unencrypted international data links between data centers in a world where it is known that various government agencies worldwide spy on everything they can get their hands on -- including, of course, said unencrypted data links.

You want to live in a world where not only governments can see in your bedroom on a per-stroke basis as you make love, but so can voyeurs and criminals?  That's what you're being sold, but it sure as hell isn't being disclosed.

Yeah, I like my "smart home."  A lot.  But there's not a snowball's chance in Hell that I'm going to let anyone but myself program and have access to it, for the simple reason that if I'm entirely in charge of what connects to what, where and how then I am also responsible for securing it and have a shot at keeping what happens inside the walls of my home, and my property generally, mine to share only as I see fit with those who I wish to share it with, and not some group of marketers, governments or thugs.

View this entry with comments (registration required to post)

Main Navigation
Full-Text Search & Archives
Archive Access
Get Adobe Flash player
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.