The Market Ticker
Commentary on The Capital Markets

Oh boy.....

Apple has endowed iPhones with undocumented functions that allow unauthorized people in privileged positions to wirelessly connect and harvest pictures, text messages, and other sensitive data without entering a password or PIN, a forensic scientist warned over the weekend.

Why would Apple include such an undocumented interface?

There is no legitimate reason to do so.  There is a legitimate reason to include documented APIs for extracting data, but were they to be documented there would have been a howl a long time ago about the lack of protection of the data they can access.

What do these services do? You're not going to like it:

Zdziarski said the service that raises the most concern is known as It dishes out a staggering amount of data—including account data for e-mail, Twitter, iCloud, and other services, a full copy of the address book including deleted entries, the user cache folder, logs of geographic positions, and a complete dump of the user photo album—all without requiring a backup password to be entered. 


The Pcapd service, for instance, allows people to wirelessly monitor all network traffic traveling into and out of the device, even when it's not running in a special developer or support mode. House_arrest, meanwhile, allows the copying of sensitive files and documents from Twitter, Facebook, and many other applications.

Isn't that special?

Undocumented, unfettered access to the data on the device -- and all someone needs is even transient access to any device you've paired your phone with, ever, from the time of the last hard (data wipe) reset -- Bingo!

That "pairing" your phone effectively permanently defeats any encryption or password you have set for anything on the device wasn't disclosed when you paired for music or some other legitimate purpose, is it?

Didn't think so.

If you're a CIO at some firm with a concern over security -- say, a health-care company with a potential ERISA/HIPPA exposure or a financial entity with various fiduciary responsibilities: May I ask how warm you're getting under the collar right about now?

Oh, about that IBM "partnership" smiley

View this entry with comments (registration required to post)

When everyone was singing BlackBerry is dead! I said nope.

Not with BB10 out.

Yes, Thor was a disaster, and nowhere was he more of a disaster in refusing to market the privacy and security benefits of his handsets.  He also intentionally crippled the Android player in an attempt to drive development of his own app store -- a terrible mistake.

Chen isn't that dumb and has reversed most of the stupid; 10.3 will have the Amazon app store preloaded.  Google will likely regret playing games with PlayStore, but that's ok -- it's too late at this point, unless they embrace what BlackBerry is and has -- and they won't.  Even better, the Z3 is selling in the emerging markets, is gaining positive reviews from real users and various publications who are coming to a simple conclusion -- for the money it's a damn nice device.

But now the backlash against trying to shorehorn MDM into IOS and Android is here and it's real:

At a well-known investment firm in New York City, something strange is happening: Mobile app performance issues and privacy concerns have sparked a Bring Your Own Device (BYOD) revolt, and now many employees are asking for their corporate BlackBerry back.

"It's a nightmare," says an IT executive speaking on condition of anonymity.

Of course it's a nightmare.  Apple and Android systems are designed to be consumer devices where Apple and Google, respectively, gain information that they can sell for advertising (and perhaps other) purposes.

You don't really think Android is actually "free", do you?

That a price isn't denominated in dollars doesn't make something free.

BlackBerry Balance solves almost all of these problems by allowing a full split-personality, save in one place -- it doesn't support a second SIM so you can attach one for corporate use and a second for the personal side.  It should, but it doesn't.  That's the only restriction.

BlackBerry could fix this by adding one more SIM slot.  Yes, it would require a bit of logic in the phone and space for a second SIM.  But it would mean you'd have two devices in one box, literally, where one side could be under the full control of corporate and the second entirely under your control where corporate IT could not have access to your data -- and vice-versa.  Both partitions could thus be encrypted at your desire (and corporate could require it for their side) and said encryption would prevent the access and use of said data on the personal side by the IT folks.  At worst they could wipe it (if the device was lost or stolen) but not get to it.

I note that from what I've been able to determine on the forensic side (that is, the cops and similar) an encrypted BB10 device is effectively a brick from LEO's perspective at present, with one exception -- if they can manage to get the user's BlackBerry World account password it can be used to decrypt backed up copies made by the PC application.  But to do that they need the backup image off your PC and your BlackBerry World password -- else, no joy.

Hint: Make damn sure you use a really strong password!

The iPhone and Android were simply never designed as a business device.  Not then and not now, and trying to make something into what it is not almost-always turns out poorly.

In other words trying to drive screws with a hammer sort of works......

Sort of.

BlackBerry is not only breathing -- it's rising.

View this entry with comments (registration required to post)

Back when "Dodd-Frank" was being debated there was a provision I maligned (along with a few others) that exempted car dealers from its provisions -- particularly from those provisions that bore on consumer protection.

We ought to know by now that banksters will exploit any loophole they can find, and when there are none to start with they will create one so as to be able to screw you.  That's what happened here, and the result is harm to everyone, not just those with poor credit.

Rodney Durham stopped working in 1991, declared bankruptcy and lives on Social Security. Nonetheless, Wells Fargo lent him $15,197 to buy a used Mitsubishi sedan.

“I am not sure how I got the loan,” Mr. Durham, age 60, said.

Mr. Durham’s application said that he made $35,000 as a technician at Lourdes Hospital in Binghamton, N.Y., according to a copy of the loan document. But he says he told the dealer he hadn’t worked at the hospital for more than three decades. Now, after months of Wells Fargo pressing him over missed payments, the bank has repossessed his car.

Yeah.  He's broke and couldn't afford the car, especially at the "financed" price.  But that didn't matter.

What matters is that someone can package that crap up, slap a "AAA" rating on it and sell it -- despite knowing this time as last that it is full of "vomit."


Here's the problem -- just like with houses whether your credit sucks doesn't matter.  The "availability" of this insane financing means that there is more demand for vehicles than there would otherwise be.  This drives up prices, so you get screwed out of thousands whether your credit is good or bad.

It used to be that the right economic decision was to buy a lightly-used car, which typically would cost about half of a new one with only a few years and a few tens of thousands of miles on it.  Now such vehicles that cost half of the price of a new one are as much as ten years old.  I see it every day driving past the used car lots, and it's utterly insane what I find as the "ask" on these vehicles -- and that's from big dealers, not the little "used car palaces" that dot the landscape.

Those, especially the "buy here, pay here" places, are even worse.  Those lots typically get their cars at auction houses and fit them with various "payment verification" devices, such as GPS tracking units that can remotely disable the ignition and "phone home" if a payment is missed, making repossession nearly painless and instantaneous.  Then there's the sleazeball tactics that go into sales at those places, including bundling various forms of insurance into the deal price to "protect" the dealer but the sold-on security trust sues the buyer anyway for any deficiency if the vehicle winds up repossessed.

At its core this sort of abuse, however, happens only because we let it, just like it did with subprime housing and the 2/28 and 3/27 loans, serial refinancing and zero-down nonsense -- all of them simply expressions of outrageous and abusive leverage.  

We continue to think there's something for nothing available in the world, and that instant gratification is "good."  The linked article shows flatly outrageous examples; I drove garbage cars for something like a decade when I first became a driver and then an adult out of necessity -- I simply had no money. Among them were a Chevy Vega and an AMC Pacer; those with a bit of memory and age know them to be two of the ugliest and worst vehicles ever made in America, but by God they ran (most of the time) and got me to work and home.  No, they weren't pretty; the former had a crushed passenger door from a wreck before I acquired it and the latter had rotted floorboards and would literally flood when driving through puddled water -- never mind both consumed roughly as much oil as they did gas and neither had a working air conditioner either.  Yeah, that kinda sucked in the summer months, especially the Vega with its black vinyl seats and only one working roll-down window!  But -- not only were the cars cheap the insurance was too, since (having no assets) all I needed was minimum liability coverage; you can't get blood from a stone and damage coverage on a piece of crap is worth zero.

If we're ever going to put a stop to this crap the solution has two components -- first, criminal prosecution for the bandits that put together this garbage exactly as for any other swindler, up and down the line in the bankster industry.

But second, we must stop buying the garbage that these jackasses are selling and stop believing in something for nothing.

It's a hell of a lot harder to sucker someone who isn't begging to be ripped off.

View this entry with comments (registration required to post)

It was 45 years ago today when I sat in front of a (B&W and tube-powered) television as a young boy and watched a man set foot on the moon live.

We didn't have computers, our telephone had a rotary dial and was on the wall, a mere transistor radio was several times the size (and weight) of today's cell phones, gasoline was well under a buck a gallon, you could see the engine in a car when you opened the hood, car windows were opened with a crank and a watch was a mechanical thing you wound up.  Music was played on vinyl records that turned at 33-1/3 RPMs for albums with about 30 minutes per side or 45s containing a single song a side along with a much larger center hole and, for a few folks (including my parents) they still had a few 78s.  "Text messages" were sent by Western Union and were god-awful expensive, as was a voice telephone call anywhere outside of your local area.  Most people communicated over distance by writing letters long hand and affixing a stamp.

Today most younger people can't even write in cursive any more.

And today, were we to want to, we couldn't go back to the moon; we literally lack the ability to do it right here and now.

Progress?  I'm not so sure.

Yeah, there are many wondrous things we have today that didn't exist then.  But how many of them really enrich our lives and how many turn them into plastic nonsense?  Facebook and its cousins -- really? 

I work with technology every day and have for 30 years.  But many times I wonder exactly why I have, and why I do.  What purpose it truly serves, and whether it really advances anything at all, or whether it's simply another means of covering up this scam or that, placing "feel good" in front of doing, faceless machines in front of time with people -- or even time alone.

Today, perhaps, as we look back at that Prime Time broadcast of the first man to set foot on the moon, perhaps we should contemplate all of that -- with our computer screens turned off.

Goodnight everyone.  

View this entry with comments (registration required to post)

One week in, this is what we appear to know.  

Please keep in mind that falsification of various records and items, including so-called "photographic evidence", is relatively common.  If you do not have an original digital image it can also be very difficult to detect -- but is usually not impossible.  I have caught a number of faked -- and false claims made from real -- images over the years on The Ticker, including the infamous one of a so-called "camera" over the shoulder of a man that was fired upon by a US Helicopter -- and which, upon closer examination, certainly looked like a RPG and not any camera I've ever seen.  Remember this?


That was "Wikileaks" with a claim that we had fired on an "unarmed" set of dudes.  On examination of their video, however, the above was quite clear.  If you display that to me and I'm in a chopper I'm going to shoot you because that sure looks like an RPG, it's being handled like an RPG, and the sort of picture you're going to take of me with it is the type that makes me explode.  So with that out of the way, let's go down the bullet list....

  • MH17 appears to have been shot down by a surface-to-air missile.  The flight was operating at an altitude beyond the range of small, shoulder-fired weapons -- that much is known from public data.  Therefore, if it was hit by a missile the weapon had to be a relatively-sophisticated SAM weapon such as the SA-11.

  • Both the Ukraine and the "rebels" have or had SA-11 variants.  But the Ukraine military allegedly has none that are known in the area where the shot had to come from, simply on the distance from the target that is possible for such a weapon. This does not make it impossible that the Ukraine military fired, but it is highly unlikely.

  • A Ukraine military transport was downed a few days earlier by the separatists, presumably using the same weapon (and maybe literally the same launcher) as it too was flying above the range of shoulder-fired missiles.  This much we know as the separatists took credit for it and have not backed away from that claim.
  • The sky was quite clear at the time of the incident from public footage of the impact itself.  This strongly implies that multiple nations and certainly the US should have satellite footage of the incident.  If such a smoking gun does exist, however, it also almost-certainly came from a classified device (e.g. a spy satellite.)  The assumption has to be made that within the organs of the major nations involved they know, factually, exactly where the missile came from geographically.  Missiles leave a big trail of fire and (for solid-fuel ones) smoke, never mind the explosion on impact.

  • There are multiple reports of a BUK (SA-11) missile battery crossing back into Russia missing either one or two missiles.  There is what facially appears to be solid photographic evidence of said launcher missing said missiles.  There is enough background in such images that their actual location ought to be able to be determined with a high degree of confidence, as well as whether or not the image of the launcher has been tampered with.

  • Ukraine (the nation) does not have control over the territory on which the plane fell, the separatists do.  Therefore any claim that Ukraine's government "must allow {blah-blah-blah}" is nonsense and any nation or other organ speaking such needs to have a boot put up their ass as they are dissembing; the crash site evidence is not under the Ukranian government's control.

  • Those who have control over the crash site either directly or by proxy are the ones who must allow unfettered and unmolested access to it.  They have already failed to do so and further, have tampered with the site (rather than simply securing it.)  This is it not conjecture, it is fact as video evidence of said tampering is all over the world at this point.

  • There are reports that the ATC recordings (and presumably radar tracks as well) have been confiscated by the Ukraine government.  Is this true and if so why, where are they, and how do we know they've been forensically secured and not tampered with?

  • Irrespective of who fired and why (it's nearly-certain that whoever fired the missile they thought they were shooting at a military aircraft and not an airliner) the question remains why the airspace in the vicinity of the known presence of these missiles, especially after one was used to down a military transport, was considered open to civilian transit.  That's ****ing idiotic and the entire International community including the ICAO bears full responsibility for not issuing a strong warning to avoid transit of airspace known to be subject to the use of SAM batteries in a conflict.  The ICAO has tried to duck responsibility claiming it belongs solely to the various nations involved.  Bull****; to remain silent in the face of a known serious hazard is called negligence.  Ask GM how this is working out for them if you need an education on that principle.  It is a fact that misidentification of things flying around does happen, and it is also a fact that a civilian airliner has little to no defense against a SAM battery that is locked onto it; it is a sitting duck.

  • If you wish to argue that the Ukranian government shot this plane down then you are arguing that they did so intentionally since the separatists have had no air assets up in the sky that the government would be legitimately targeting -- in other words, it could not have been hit by mistake.  In effect you're arguing that the government took the plane down as a "false flag" operation and intentionally murdered nearly 300 people.  You better have some damn good evidence to back that one up.

If the weapon system in question was removed to Russia then Putin owns this shoot-down -- period.  That missile system could not cross the border without Russian consent; irrespective of what happened before by allowing it into his territory in an attempt to frustrate investigation he took responsibility for its use.

We'll see how this continues to develop, but this much is certain -- the so-called International Community pays exactly zero attention to closing airspace to civilian flights where it is known that unstable individuals and groups have access to and the knowledge to use highly-effective military weaponry capable of downing civilian aircraft at cruise altitudes.

In this case that hazard did not even quality as a "best guess"; it was a known fact given the very recent downing of a transport with what appears to have been same weapon system.

View this entry with comments (registration required to post)

Main Navigation
Full-Text Search & Archives
Archive Access
Get Adobe Flash player
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.