Posts tagged security
“ Malware researchers investigating a Trojan linked in a gaming forum as a how-to video for Diablo III got a surprise when the hacker started chatting with them—through a feature in the malware. Franklin Zhao & Jason Zhou of antivirus company AVG were looking for keylogging code in the malware with a debugger after downloading it to a virtual machine when a chat box popped up. The hacker asked, in Chinese, “What are you doing? Why are you researching my Trojan?”
Apple Patents Identity Spoofing
Over at Slashdot, Theodp writes:
On Tuesday, the USPTO granted Apple an odd patent on Techniques to Pollute Electronic Profiling, which presumably might concern the targeted ad revenue-hungry folks at Google, Facebook, and LinkedIn (and their investors). The patent, apparently assigned to Apple from Novell, is designed to thwart ‘dataveillance techniques from automated Litter Brothers,’ including lawful targeted and aggressive marketing tactics. Creating cloned identities that are ‘intentionally populated with divergent information [e,g., fake phone numbers, email accounts, credit or debit card accounts],’ explains the patent, ‘circumvents the reliability and usefulness of dataveillance used by network eavesdroppers and effectively provides greater privacy over the network to principals.
I’ve had a small project collecting dust for the past year which would allow you to swap personas with a click. In an iTunes-like interface, you could create and maintain fake selves, activate them (which would switch out browser caches and cookies), and append data to them (birthdays, logins, etc). The app was more of a thought experiment and I eventually lost interest.
This patent from Apple takes the idea further, distributing the work of curating and propagating a fake identity over the network. Imagine: Apple could use that identity to automatically ‘browse’ the web, accumulating history, cookies, and collecting marketers from a virtual machine. On your phone, you could swap in this persona from within your settings, transfer over the cookies, and perhaps even proxy through an IP used by your fake self. I imagine Apple would use a phone booth type animation as they assemble your virtual alter ego.
Or the system could just check out junk cookies from a server and fire them off like decoy flares, rendering you as a 60-year old dub-step listener to inquiring marketers.
James Fallows explains the significance of this seemingly mundane picture, which was taken by a Chinese engineer visiting Florida on a business trip:
To the Chinese engineer, what was fascinating and significant about the picture was its orderliness. The yellow school bus stopped, turned on its “do not pass” flashers, and extended its Stop signs. And — the amazing part — all surrounding traffic actually obeyed. Even those who are fans of the excitement and passion of Chinese life will agree that such a scene is hard to imagine in a Chinese city. You’d have motorbikes cutting past on the sidewalk, cars veering into the opposite-direction lane to get around the obstacle, a cacophony of horns complaining about any vehicle that did slow down, and in general the creative-chaos that extends from many other parts of Chinese life to its roadways. (Where it can seem festive, but also dangerous: China’s traffic-death rate per active motorist and per mile driven is several times higher than in North America or Europe.)
To local authorities in Florida, what was notable about the situation was:
- a foreigner
- stopping to take pictures
- of a bus
- containing children.
If you see something, say something. So they detained the man for questioning.
Our world powers in a nutshell. (Via The Atlantic)
Symantec's Source Code was Stolen 6 Years Ago
From Wired’s Threat Level:
The company surprised the public last week when it disclosed that hackers had obtained source code for its pcAnywhere software and other products, and that the code had likely been stolen in a six-year-old breach that Symantec had never disclosed.
Symantec said in its announcement that users should disable pcAnywhere until the company had time to update the software to ensure that hackers are unable to exploit holes they might find in the code…
What was unclear from Symantec’s disclosure, however, was just how long Symantec had known its source code had been breached. The statement left open the question of whether Symantec knew in 2006 that its source code was taken and only disclosed it this month after hackers claimed to have it.
Speaking of Symantec, here’s a screenshot of their software running on my last work machine which required it:
Good job keeping process-hungry malware off the machine, Symantec.
