15.2 C
Monday, August 21, 2017

Apple, Samsung's latest phones face antitheft stress test

Apple and Samsung's latest phones and their antitheft technology are being tested by state and federal governments on Thursday. July 18, 2013 11:17 AM PDT Samsung GS3 and Apple's iPhone 5. (Credit: CNET) Apple and Samsung's latest smartphones will face the scrutiny of state and federal prosecutors in San Francisco on Thursday, who plan to test the latest in antitheft security. San Francisco District Attorney George Gascón and New York Attorney General Eric Schneiderman are testing the latest security features of Apple's iPhone 5 and Samsung's Galaxy S4 to see whether they can stop thieves who have made off with said devices. In the iPhone 5's case, the group will have security experts attempting to thwart Apple's activation lock feature, which requires users to have a specific Apple ID username and password to use the device.

For the Galaxy S4, experts are evaluating Lojack for Android, a $29.99 per year application that can remotely lock the phone and delete personal data. "While we are appreciative of the efforts made by Apple and Samsung to improve security of the devices they sell, we are not going to take them at their word," Schneiderman and Gascón said in a joint statement. "Today we will assess the solutions they are proposing and see if they stand up to the tactics commonly employed by thieves." To do so, Gascón and Schneiderman say the group will bring in experts from the Northern California Regional Intelligence Center to try to bypass the measures, and gain access to the devices as if they were someone who had stolen the phone. An Apple spokeswoman reiterated a statement the company made in June, saying it has "led the industry in helping customers protect their lost or stolen devices," since 2009. "With Activation Lock, Find My iPhone gives customers even more control over their devices and serves as a theft deterrent by requiring an Apple ID and password to turn off Find My iPhone, erase data or re-activate a device," the company said. Samsung released the following statement, praising the tests: We appreciate that DA Gascón has given us this opportunity to engage in a working session with his technical team. We plan to take what we learn from the tests to explore opportunities for further enhancements to our solution. We look forward to continuing to work with DA Gascón and his team toward our common goal of stopping smartphone theft. Phone theft has grown alongside the rising popularity of smartphones, which are expected to be the majority of all mobile phones shipped this year for the first time ever, according to a report from IDC last month. Per a report from the Federal Communications Commission earlier this year, around 113 smartphones are lost or stolen every minute in the U.S., and cell phone theft overall makes up 30 percent to 40 percent of all robberies. "Finding technical solutions that will remove the economic value of stolen smartphones is critical to ending the national epidemic of violent street crimes commonly known as 'Apple Picking,'" Schneiderman and Gascón added. Even with the efforts by manufacturers, one thing software security does not protect against is the remaining value for various parts, which can be removed from phones and resold. Screens for the iPhone 5, for instance, sell for upwards of $100, while the battery and camera module can retail for around $30 apiece, making even a nonfunctioning device valuable. The group was expected to release the results of their efforts late Thursday, but a spokesperson for the District Attorney's Office indicated late Thursday results would not immediately be released. Updated at 6 p.m. PT with a spokesperson telling CNET that the results will not be released on Thursday, and again at 8:30 a.m. PT on 7/19 with comment from Samsung.

Military judge declines to dismiss Bradley Manning’s “aiding the enemy” charge

If found guilty of that charge alone, the soldier could face life in prison.    

Post-Sandy Hook, US school surveillance market rockets

18 Jul 2013 15:31 | by a staff writer | Filed in Security USA American schools are rushing to purchase high tech surveillance and security equipment in the wake of school shootings like the Sandy Hook massacre.By 2017, the market for security systems integration in schools alone is expected to be worth $4.9 billion, compared to $2.7 billion in 2012, or an 80 percent rise, according to analysts at IHS.On the shopping list is provision, installation and maintenance of video surveillance, as well as alarm systems and physical access control. Physical access control includes security products like smart cards and other ways to limit access to restricted areas.Traditionally, schools have depended on a mix of physical access control and emergency notification systems.

This is still desirable for a lot of schools, but more are increasingly changing the way they think about outright surveillance, and demand for video surveillance is through the roof. IHS says the growth rate for video surveillance equipment is more than double that of products like smart cards.Security analyst at IHS, Paul Bremner, said after events like Sandy Hook and the Santa Monica shooting, schools now think security systems should be used to "detect and mitigate problems as they happen". In other words - real time, intelligent surveillance, rather than just providing forensic evidence after the fact."Because of this, schools are employing security system integration providers, which provide technologies and services that combine multiple safety mechanisms into a cohesive solution," Bremner said. "Video surveillance systems in the education sector have the added advantage that they can be used for a broad range of tasks," Bremner said, "including gathering evidence for a criminal investigation, acting as a deterrent for theft, assault and vandalism, or simply by providing greater visibility to the school's security staff".

The cops are tracking my car—and yours

My quest to access automatic license plate reader (LPR) records.    

Colorado town wants to sell drone hunting licences

The Colorado town of Deer Trail is seriously considering plans to issue hunting licences that would allow locals to hunt and shoot down US government drones. As outlandish as it sounds, the report comes from Forbes, not The Onion. The ordinance was proposed by Deer Train resident Phillip Steel and he even worked out a compensation scheme.

Anyone who shoots off a piece of the drone would get $25, while trigger happy yokels who bag an entire drone would get $100. The technical details have been worked out as well, which means Steel gave his proposal quite a bit of thought. We find this genuinely surprising. Only drones flying below 1,000 feet can be shot at and the only weapons permitted are 12-gauge shotguns or their smaller siblings.

Of course, Government drones rarely operate at a few hundred feet and even if they did the chances of hitting one flying at 1,000 feet with a shotgun are miniscule.  Steel told a Denver TV station that he never saw a drone overfly Deer Trail and said the ordinance is symbolic in nature. With a population of 546, the town doesn’t appear to be a prime target for evil government killer robots. On the other hand, reality doesn’t really apply to right-wing conspiracy circles who believe a Kenyan-born socialist Muslim is out to get them.  The fact that drones can be used for things other than incinerating people with Hellfire missiles doesn’t seem to register in rural America. Drones can be used to nab criminals, watch out for forest fires and intercept smugglers, but many people are worried about the scope for intrusion.

Microsoft Declares Right to Disclose Government Requests

Microsoft issues the company's strongest denials yet on direct National Security Agency links to its cloud servers. In the wake of the National Security Agency ( NSA) Prism controversy, Microsoft wants to come c...

Researcher Proposes Using Machine Learning to Improve Network Defense

The Black Hat Conference late in July will include a presentation by a security researcher about a project aimed at using machine learning to improve security monitoring and event detection. Getting the most out of mountains of log data can be trying to say the least. In a conference where many are focused on defeating security, independent researcher Alexandre Pinto wants to find ways to make defending enterprise networks both smarter and easier.

At the upcoming Black Hat conference in Las Vegas, Pinto plans to discuss how machine-learning algorithms can be used to help organizations get more value from their logs. "The amount of security log data that is being accumulated today, be it for compliance or for incident response reasons, is bigger than ever," said Pinto. "Given a recent push on regulations such as PCI and HIPAA, even small and medium companies have a lot of data stored in log management solutions no one is looking at. So, there is a surplus of data and a shortage of professionals that are capable of analyzing this data and making sense of it." SIEM (security information event management) functionality relies too much on very deterministic rules, he added.

For example, a rule might state that if something happens in a network "X" amount of times, it should be flagged as suspicious.

The problem is that the "somethings" and the "Xs" change between organizations and evolve over time, he said. "But this is not exclusively a tool problem," he said. "I have seen really talented and experienced people be able to configure one of these systems to really perform well. But it usually takes a number of months or years and a couple of these SOC [security operations center] supermen to make this happen. I used to run teams like these in my previous position, and I understand the challenges involved." After managing security consultants and security monitor teams for years, he began researching ways to improve the experience for analysts. His answer: machine learning. "The [Black Hat] talk is about a model I created to help classify malicious behavior from log data and help companies make decisions based on this trove of information they have available," Pinto explained. "It does not outperform a well-trained analyst. But it can greatly enhance the analyst's productivity and effectiveness by letting him focus on the small percentage of data that is much more likely to be malicious based on previous happenings on the network." Machine learning is designed to infer relationships from large amounts of data, he added.

The more data, the better the predictions—making it a "good deal" for security, he said.  

Wide range of industries plead for Congressional action on patent trolls

Six bills are in play, and US businesses are united in wanting something to pass.    

Microsoft wants US to let it speak more freely about NSA...

Redmond says that its practices have been "misinterpreted" in the media.    

Android malware that gives hackers remote control is on rise

Tool lets hackers “bind” remote access tool to legitimate apps.    

Data shared via PRISM does not violate UK law according to...

But Intelligence and Security Committee warns new legal review is "proper."    

OMG, kids these days: Digital tools don’t make students better writers

New Pew study finds teachers believe students are now more prone to take shortcuts.