weak links get exploited

One of the important lessons of security is that weak links get exploited.  A NY Times piece on weak third party systems that are often attached to systems that are supposedly secure.

snip

...

Companies have always needed to be diligent in keeping ahead of hackers — email and leaky employee devices are an old problem — but the situation has grown increasingly complex and urgent as countless third parties are granted remote access to corporate systems. This access comes through software controlling all kinds of services a company needs: heating, ventilation and air-conditioning; billing, expense and human-resources management systems; graphics and data analytics functions; health insurance providers; and even vending machines.

Break into one system, and you have a chance to break into them all.

“We constantly run into situations where outside service providers connected remotely have the keys to the castle,” said Vincent Berk, chief executive of FlowTraq, a network security firm.

Data on the percentage of cyberattacks that can be tied to a leaky third party is difficult to come by, in large part because victims’ lawyers will find any reason not to disclose a breach. But a survey of more than 3,500 global I.T. and cybersecurity practitioners conducted by a security research firm, the Ponemon Institute, last year found that roughly a quarter — 23 percent — of breaches were attributable to third-party negligence.

...

 

 

 

 

fly by wire

Some drones - quadcopeters for example - have software that translates commands from a remote pilot or a navatigation computers, into signals that control the flight of the craft. A group at ETH Zurich has added a very robust failsafe capability that might be important as drones begin to fill our skies.

wolfram langage

(or environment or something)  Stephen Wolfram on the Wolfram Language - preview here

what is android?

A nice piece on forking Android in Ars.  

Much of what makes Android Android in the eyes of users is closed and strongly controlled by Google.  Getting around that in the smartphone world is extremely difficult.  Of course that doesn't matter in places like China and Africa.

 

 

 

special price on mathematica

The home edition of Mathematica 9 is $207 - down from $295.  A very nice piece of software for those with natural science, math or engineering backgrounds - or those who wish to learn.  The sale is over on December 2.

 

 

the other operating system in your mobile device

It turns out there is a small real time operating system in the baseband processor that runs the radio part of your phone. It turns out it may be insecure...

snip

...

You may have the most secure mobile operating system in the world, but you're still running a second operating system that is poorly understood, poorly documented, proprietary, and all you have to go on are Qualcomm's Infineon's, and others' blue eyes.

The insecurity of baseband software is not by error; it's by design. The standards that govern how these baseband processors and radios work were designed in the '80s, ending up with a complicated codebase written in the '90s - complete with a '90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.

So, we have a complete operating system, running on an ARM processor, without any exploit mitigation (or only very little of it), which automatically trusts every instruction, piece of code, or data it receives from the base station you're connected to. What could possibly go wrong?

With this in mind, security researcher Ralf-Philipp Weinmann of the University of Luxembourg set out to reverse engineer the baseband processor software of both Qualcomm and Infineon, and he easily spotted loads and loads of bugs, scattered all over the place, each and every one of which could lead to exploits - crashing the device, and even allowing the attacker to remotely execute code. Remember: all over the air. One of the exploits he found required nothing more but a 73 byte message to get remote code execution. Over the air.

...

 The author seems "open" as being somehow secure -- it isn't, but that doesn't change the problem that the software invovled may be awful.

 

free dictation in mavericks

Apple offers off net dictation as part of Mavericks.  Go to System Preferences and download a largish (~700MB) file, set a keyboard shortcut to invoke it and use it anywhere you might type.  It works fairly well if you want something quick and dirty.  Serious work demands something like Dragon Dictate.

nice background images for os x mavericks and a look into the os

Apple has stashed away some fine high resolution images that you can use as desktop wallpapers.  Just go to

/Library/Screen Savers/Default Collections/

if you aren't unix-y, type clover-shift-g and then add the path shown above into the window.  You'll find four directories with some beautiful images...  National Geographic, Aerial, Cosmos, and Nature Patterns

__________

John Siracusa publishes a dive into what's new for each major OS X release - his Mavericks piece on online at Ars 

Running out of cat names, Apple moved to California locations.  Mavericks is a place near Half Moon Bay with surfing roots.

jlg on microsoft

Jean-Louis Gasée on Microsoft - where they find themselves today...

snip

...

We’re indeed in a Post-PC era. PCs aren’t going to disappear any time soon, but the 30-year epoch of year after year double digit growth is over. We’re now a Devices and Services company!

It’s a crisp motto with a built-in logic: Devices create demand for Microsoft services that, in turn, will fuel the market’s appetite for devices. It’s a great circular synergy.

But behind the slick corpospeak lurks a problem that might seriously maim the company: Microsoft wants to continue to license software to hardware makers while it builds a Devices business that competes with these same licensees. They want it both ways.

Real business model transitions are dangerous. By real transition I don’t mean adding a new line of peripherals or accessories, I mean moving to a new way of making money that negatively impacts the old one. The old money flow might dry up before the new one is able to replace it, causing an earnings trough.

For publicly traded companies, this drought is unacceptable. Rather than attempt the transition and face the ire of Wall Street traders, some companies slowly sink into irrelevance. Others take themselves private to allow the blood-letting to take place out of public view. When the curtain lifts some months later, a smaller, healthier outfit is relaunched on the stock market. Dell is a good example of this: Michael Dell gathered investors, himself included, to buy the company back and adapt its business model to a Post-PC world behind closed doors.

Microsoft can’t abandon its current model entirely, it can’t stop selling software licenses to hardware makers. But the company realizes that it also has to get serious about making its own hardware if it wants to stay in the tablets and smartphone race.

...

 

 

 

the business week apple exec interviews

the full transcrpts ..  If you love, hate or are neutral to Apple, the company is different from other tech companies and the interviews give a bit of their view (at least what they say to outsiders)

 

Tim Cook

 

Jony Ive and Craig Federighi

 

 (hat tip to John)