Start up: malware for all!, Tim Cook v FBI, US gov seeks source code, bedtime for robots, and more

Facebook discovered that tons of ads are as fake as this “pound coin”. Photo by Steve Parker on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Off you go. I’m charlesarthur on Twitter. Observations and links welcome.

Building towards value with Atlas » Facebook Atlas Solutions

Dave Jakubowski, head of ad tech, Facebook:

»Marketing pioneer John Wanamaker once famously said, “Half the money I spend on advertising is wasted; the trouble is, I don’t know which half.” Despite the promises of the past two decades, digital still faces the same issue.

Through Atlas and the people-based layer that powers it, we’ve been able to identify and measure where most waste comes from: exchanges and banners.

We realized this by testing out a buying platform in Atlas last year. During that test, we plugged into a number of the usual exchanges and bought across several formats. There were two major takeaways:

1: We were able to deliver ads to real people with unprecedented accuracy, but came up against many bad ads and fraud (like bots). While we were fortunately able to root out the bad actors and only buy quality ads, we were amazed by the volume of valueless inventory.
2: Only two ad formats delivered significant value: native & video.

Based on those findings, we began to dig into the ads that came through LiveRail. And when we saw the same thing, we immediately shut off the low quality ads. In fact, we removed over 75% of the volume coming from our exchange by turning off publishers circulating bad inventory into LiveRail.

«

Wonder how many news sites will take note of those points.
link to this extract

 


AceDeceiver: first iOS trojan exploiting Apple DRM design flaws to infect any iOS device » Palo Alto Networks

Claud Xiao:

»We’ve discovered a new family of iOS malware that successfully infected non-jailbroken devices we’ve named “AceDeceiver”.

What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector…

…To carry out the attack, the [malware] author created a Windows client called ”爱思助手 (Aisi Helper)” to perform the FairPlay MITM attack. Aisi Helper purports to be software that provides services for iOS devices such as system re-installation, jailbreaking, system backup, device management and system cleaning. But what it’s also doing is surreptitiously installing the malicious apps on any iOS device that is connected to the PC on which Aisi Helper is installed. (Of note, only the most recent app is installed on the iOS device(s) at the time of infection, not all three at the same time.) These malicious iOS apps provide a connection to a third party app store controlled by the author for user to download iOS apps or games. It encourages users to input their Apple IDs and passwords for more features, and provided these credentials will be uploaded to AceDeceiver’s C2 server after being encrypted. We also identified some earlier versions of AceDeceiver that had enterprise certificates dated March 2015.

As of this writing, it looks as though AceDeceiver only affects users in mainland China.

«

So it’s really a Windows infection?
link to this extract

 


275 million Android phones imperiled by new code-execution exploit » Ars Technica UK

Dan Goodin:

»The NorthBit-developed attack exploits a Stagefright vulnerability discovered and disclosed last year by Zimperium, the security firm that first demonstrated the severe weaknesses in the code library. For reasons that aren’t yet clear, Google didn’t fix the vulnerability in some versions, even though the company eventually issued a patch for a different bug that had made the Zimperium exploits possible. While the newer attack is in many ways a rehash of the Zimperium work, it’s able to exploit an information leak vulnerability in a novel way that makes code execution much more reliable in newer Android releases. Starting with version 4.1, Android was fortified with an anti-exploitation defense known as address space layout randomization, which loads downloaded code into unpredictable memory regions to make it harder for attackers to execute malicious payloads. The breakthrough of Metaphor is its improved ability to bypass it.

“They’ve proven that it’s possible to use an information leak to bypass ASLR,” Joshua Drake, Zimperium’s vice president for platform research and exploitation, told Ars. “Whereas all my exploits were exploiting it with a brute force, theirs isn’t making a blind guess. Theirs actually leaks address info from the media server that will allow them to craft an exploit for whoever is using the device.”

«

Affects versions 2.2 through to 4.0, and 5.0 and 5.1. Which is 41.1% of phones, according to latest data from Google. Would have thought that is more than 275m, actually.
link to this extract

 


Microsoft apologizes for GDC party with skimpily-clad dancers » Reuters

Anya George Tharakan:

»Microsoft Corp apologized for hiring dancers dressed as skimpily-clad schoolgirls for its Game Developer Conference (GDC) afterparty in San Francisco on Thursday night, responding to media reports citing attendees’ pictures on Twitter and Instagram.

“It has come to my attention that at Xbox-hosted events at GDC this past week, we represented Xbox and Microsoft in a way that was absolutely not consistent or aligned to our values,” Microsoft’s head of Xbox Phil Spencer said in a statement.

“That was unequivocally wrong and will not be tolerated,” Spencer said.

Photos purportedly from the party surfaced on Twitter and Instagram, with many users expressing their anger at Microsoft’s actions.

«

“Will not be tolerated”? What’s the penalty? Of course it would have been better if this hadn’t happened in the first place. Ah, San Francisco.
link to this extract

 


Google could beat Apple at fashion – just like it did phones » Co.Design

Mark Wilson:

»”when you think about things people wear, they have really diverse styles. It isn’t the case that one style fits all, in any clothing or accessory or other kind of apparel,” David Singleton, VP of Android Wear, says. “A lot of our DNA working on Android has always been to create an ecosystem of partners to work together to create something bigger than the sum of its parts, and that’s what we’re trying to do here.”

That strategy worked for Android Wear’s first fashion partnership, Fossil, which cites its Fossil Q Founder as its top-selling watch, period, of the 2015 holiday season. At $295, it’s more or less the Bentley of Fossils. But watches are just one small swatch of a much larger piece of fabric. Google’s open platform is poised to leave a much larger impact on the $1.2 trillion fashion industry than it has on smartphones—because while everyone is happy to use the same phone as the person sitting next to them, fashion is a form of personal expression. Even those who ride the latest trends don’t want to be matchy-matchy with everyone else on the street…

…what gets concerning about the viability of Apple’s strategy — if we really are to consider it a fashion company now — is how its closed approach not only will limit overall adoption of the Apple Watch, but limit the extent to which Apple can keep afloat in the sheer depth of wearables to come.

«

This would be a strong argument if Android Wear weren’t miles behind Apple Watch in sales; and the article doesn’t offer any explanation for what would make its adoption increase.
link to this extract

 


Silicon Valley’s unchecked arrogance » Medium

Ross Baird and Lenny Mendonca:

»Snapchat may be solving an important problem for well-connected young people in America who don’t have to worry about basic needs. But whether it’s unemployed young people in St. Louis looking for their next paycheck or a family in Flint, Michigan worried about clean water, many Americans have more immediate problems.

Because most of today’s entrepreneurs have their basic needs taken care of, their problem-solving often seems frivolous to the rest of the country.

Take Uber, for example. Uber’s great at solving how people with smartphones and disposable income can get around major cities — a small fraction of the global population. Uber is less good at helping the drivers, whose income is much lower than the riders, benefit from this new paradigm. Uber has hailed their impact as letting people work flexibly and use assets more productively, but strategically is investing hugely in driverless cars.

And we don’t blame Travis Kalanick (actually we do, but that’s not the point of this story). Uber’s founders’ experiences are as riders, not drivers. But imagine an ownership structure in which, for example, drivers could earn fractional equity in the company for each ride they gave. What if a percentage of the $50bn valuation were shared among the drivers, based on a merit-based system?

«

It’s quite a thought, isn’t it? Now *that* would be a sharing economy.

link to this extract

 


US government pushed tech firms to hand over source code » ZDNet

Terrific scoop by Zack Whittaker:

»The US government has made numerous attempts to obtain source code from tech companies in an effort to find security flaws that could be used for surveillance or investigations.

The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We’re not naming the person as they relayed information that is likely classified.

With these hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing “most of the time.”

When asked, a spokesperson for the Justice Dept. acknowledged that the department has demanded source code and private encryption keys before. In a recent filing against Apple, the government cited a 2013 case where it won a court order demanding that Lavabit, an encrypted email provider said to have been used by whistleblower Edward Snowden, must turn over its source code and private keys.

«

The fact that Justice Department says it might demand the same from Apple does slightly imply that it doesn’t have it already.
link to this extract

 


Can we teach robots right from wrong by reading them bedtime stories? » Public Radio International

Elizabeth Shockman:

»“We’re still at a simpler stage,” [computer science professor at the Georgia Institute of Technology in Atlanta, Mark] Riedl says. “Natural language processing is very hard. Story understanding is hard in terms of figuring out what are the morals and what are the values and how they’re manifesting. Storytelling is actually a very complicated sort of thing.”

Eventually, however, Riedl hopes it will be possible to give robots entire libraries of stories.

“We imagine feeding entire sets of stories that might have been created by an entire culture or entire society into a computer and having him reverse engineer the values out. So this could be everything from the stories we see on TV, in the movies, in the books we read. Really kind of the popular fiction that we see,” Riedl says.

He doesn’t worry about robots being able to determine what right or wrong is in a story — whether it’s better to side with a heroic figure in a story or an anti-hero.

“What artificial intelligence is really good at doing is picking out the most prevalent signals,” Riedl says.

«

link to this extract

 


Full transcript of TIME’s interview with Apple CEO Tim Cook » TIME

Nancy Gibbs and Lev Grossman:

»Q: As a business person, as the guy running Apple, should this go to Congress, they rule, goes against you, how bad is it for Apple from a business point of view?

COOK: I think, first of all it’s bad for the United States. Because going against us doesn’t just mean going against us. It means likely banning, limiting or forcing back doors for [everyone]. I think it makes the U.S. much more vulnerable. Not only in privacy but also in security. The national infrastructure, everything. And I can’t imagine it happening because it would be outlandish for something like that to happen. I think everybody has better judgment than that.

But at the end of the day, we’re going to fight the good fight not only for our customers but for the country. We’re in this bizarre position where we’re defending the civil liberties of the country against the government. Who would have ever thought this would happen?

«

Absorbing read; the only point where Cook seems to bodyswerve the question is when he’s asked “what if it’s about finding out where the terrorist’s nuclear bomb is ticking down, or the child is being tortured?” Which is of course the question which pours grease onto the slippery slope.
link to this extract

 


Errata, corrigenda and ai no corrida: none notified.

2 thoughts on “Start up: malware for all!, Tim Cook v FBI, US gov seeks source code, bedtime for robots, and more

  1. “Cook seems to bodyswerve the question is when he’s asked ‘what if it’s about finding out where the terrorist’s nuclear bomb is ticking down, or the child is being tortured?'” The question doesn’t deserve an answer. Those are scenarios from movies and television shows, not real life…and they’re the same hypothetical scenarios used by governments to justify torture.

    • It’s exactly the sort of question that deserves an answer, because it is a realistic scenario – as the murderous events in Brussels demonstrated: you capture one of a group, and then others carry out attacks. Did he know? Could you have made him tell you? Could you trust what he told you?

      Of course they’re scenarios used to justify torture by those who believe torture works. (Studies suggest it doesn’t.) But nobody is being tortured in this FBI-Apple case. Only case law.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s