Start up: hacking Clinton, more IoT vulns, Verizon cutting Yahoo?, Samsung’s creative destruction, and more

Your social media fingerprint gives away details about you – and it’s easy for websites to see it. Photo by on Flickr.

Next Tuesday, why not come to London on October 18th? I’ll be giving a talk: “Social Networks and the Truth“:

How many people do you follow on Facebook or Twitter whose political views you fundamentally disagree with?

It’s probably in the single digits. Yet there are millions of them out there. So why aren’t you following them? And if you aren’t, does that make their views wrong – or yours?

What happens when an election cycle or a referendum runs around opposing camps of social media opinions? How important are news media in such a situation? And would you believe that being online is polarising us, rather than making us more willing to listen to other viewpoints?

This talk will explore that – and its consequences.

Some tickets left; £10 secures your place.

A selection of 12 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Clinton campaign chief’s iPhone was hacked and wiped, photos suggest • Ars Technica UK

Dan Goodin:


Unconfirmed evidence builds a strong case that an Apple iCloud account belonging to Hillary Clinton’s campaign chief, John Podesta, was accessed and possibly erased by hackers less than 12 hours after his password was published on WikiLeaks.

So far, Clinton campaign officials have confirmed only the compromise of Podesta’s Twitter account after it was used to urge followers to vote for Republican nominee Donald Trump. Several screenshots circulating online, however, strongly suggest that the iCloud account tied to Podesta’s iPhone was also illegally accessed by people who tried—and possibly succeeded—to wipe the device of all its data. The images raise the specter that no one inside the Clinton campaign locked down the Podesta iCloud account in the hours following the WikiLeaks dump. iCloud accounts often provide a wealth of sensitive information, including real-time whereabouts, contacts, and confidential messages. Clinton officials didn’t respond to an e-mail seeking comment for this post.

The screenshots began appearing on Wednesday night, less than 12 hours after a new batch of Podesta e-mails published on WikiLeaks revealed that his iCloud password was “Runner4567.” Researchers can’t be certain how the iCloud and Twitter accounts were compromised, but several descriptions, such as this one of now-deleted threads on the 4chan discussion board, claim participants who saw the WikiLeaks post discovered that “Runner4567” remained a working password and used it to illegally access Podesta’s iCloud account.


The astonishing thing is that after the Democratic National Committee hack became public, the Clinton campaign didn’t make two-factor authentication mandatory across every sort of account. This is simply negligent by Podesta and his staff.
link to this extract

Your social media fingerprint: what are you logged in to? • Github

Robin Linus:


Without your consent most major web platforms leak whether you are logged in. This allows any website to detect on which platforms you’re signed up. Since there are lots of platforms with specific demographics an attacker could reason about your personality, too.

For most web platforms there’s a way to abuse the login mechanism to detect whether a user is logged in to that service.

Although this vulnerability has been well known (2012) for several years (2008) most companies won’t fix it.


Concerning. Seems I’m logged in to 11 services – three of them Google ones, even though I try to avoid Google services, and use UBlock.
link to this extract

HP Inc to cut 3000-4000 jobs over next three years • Reuters

Rishika Sadam in Bengaluru:


HP Inc, the hardware business of former Hewlett-Packard Co, said it expects to cut about 3,000 to 4,000 jobs over the next three years, sending its shares down 1.3% in extended trading.

The company said it expects adjusted profit for fiscal 2017 to be $1.55-$1.65 per share. Analysts on average had expected $1.61 per share, according to Thomson Reuters I/B/E/S.


That’s a lot of jobs. One also observes: Bengaluru is in India; the task of writing short takes on American conglomerates is easily transferable.
link to this extract

Decade-old SSH vuln exploited by IoT botnet armies to hose servers • The Register

John LEyden:


Hackers are exploiting a 12-year-old vulnerability in OpenSSH to funnel malicious network traffic through Internet of Things (IoT) gizmos, Akamai warns.

The SSHowDowN Proxy attack [PDF] exploits a lingering weakness in many default configurations of internet-connected embedded devices. Compromised gadgets are being abused to fire tidal waves of junk packets and traffic that exploits vulnerabilities against Akamai customers and others.

Crucially, the commandeered gear masks the source of the malicious traffic as the packets appear to originate from the weak devices. This is good for miscreants to hide behind, especially if they can use this tunneling to attack internal networks from external gear.

IoT gear infected with the Mirai botnet malware was used to thoroughly smash the website of security researcher Brian Krebs offline.

Ryan Barnett, principal security researcher at Akamai, explained that the SSHowDowN Proxy attack threat is distinct from the Mirai IoT botnet. Mirai exploited weak default passwords in CCTV cameras and other gear to gain control of systems, whereas malware exploiting SSHowDowN attacks builtin SSH servers to route bad traffic.

“This research is not related to Mirai,” Barnett told El Reg. “This is about new abuse of a known weakness/vulnerability in SSH.”


Needs admin password. But there’s a ton of devices out there on default admin passwords.
link to this extract

Android grows in major markets; iOS set for rise in China • Kantar Worldpanel


“The US, British and German markets have a couple of things in common. First, the Google Pixel, announced October 4, will be available through select retail partners in these markets beginning in mid-October. Second, the combined sales shares of Samsung and Apple represent more than 60% of all smartphones sold in these regions, with the rest scattered among brands in decline, such as Motorola and Sony, and those in growth, like Huawei and Alcatel,” Guenveur added. “The US and Britain have always been considered premium markets, but we are starting to see a shift to lower-cost devices as the prices of flagship products reach upwards of $800. For Google, this represents a unique challenge, as consumers weigh the features of the Pixel against those of other similarly priced products like the iPhone 7 and Galaxy S7, and against ‘good value for money’ Android-based brands that many consumers have started to view as alternatives.”


The best-selling phone in Britain, according to Kantar? The iPhone SE. Android, though, still dominates – 80% of sales in Germany. But why would you buy an expensive Google phone when you could get a cheaper phone from almost anywhere else?
link to this extract

Verizon just raised a big warning flag for Yahoo • Washington Post

Ellen Nakashima and Brian Fung:


Verizon on Thursday said that it was moving toward the conclusion that the massive data breach disclosed three weeks ago by Yahoo was a “material” event, a determination that likely would halt the telecom giant’s purchase of the tech firm’s core business.

“I think we have a reasonable basis to believe right now that impact is material,” Verizon General Counsel Craig Silliman told a small group of reporters. “And we’re looking to Yahoo to demonstrate to us the full impact if they believe it’s not. They’ll need to show us that, but the process is in the works.”


link to this extract

Steam is reportedly adding ‘1000 new VR users every day’ • UploadVR

Joe Durbin:


Today marked the start of Steam Dev Days — a developer-only conference in Seattle — and although press is not allowed on the show floor, some major news has leaked via Twitter updates. Of these limited updates, one stands out as being particularly significant:


According to the above tweet, issued by a developer attending the conference, Steam is adding 1,000 new VR users each and every day on its Steam software distribution platform. This is major news for the immersive industry as actual numbers concerning the growth of its market are being played very close to the chest by the major headset manufacturers.


Something’s happening, for sure.
link to this extract

Blackberry: meditation at the grave • Medium

Jean-Louis Gassée:


I realize that this is easy, after-the-fact theorizing, but technology didn’t kill Nokia. Human error did. This wasn’t “seeing but not seeing”, as in BlackBerry’s case; Stephen Elop’s memo shows he clearly understood the war of ecosystems and the need to jump to another platform. But he made an incomprehensible mistake: He Osborned Nokia.

Turning to Redmond, we don’t have to look far for the cause of the failure of the Windows Phone platform. Initially, Android’s aim was to prevent a Microsoft monopoly in the smartphone space by creating an OS that wasn’t just more competent than Windows Mobile (an aging Windows CE derivative), it was free. This killed any hope for Microsoft to build a smartphone licensing business. The company improved its mobile operating system (now called Windows Phone), but was never able to get a licensee of any size.

Today, Microsoft’s handset business is effectively nonexistent. For the future, company execs loftily say they’re going to focus on phones for enterprise, a ‘paradigm shift’ that they are betting will make Windows 10 Mobile competitive.

Neither technology nor humans are to blame here. Failure came from an insurmountable business model obstacle.


History now shows that the table stakes for developing a competitive mobile OS are about a billion dollars. (You can extract those numbers from HP’s acquisition of webOS from Palm, from BlackBerry’s BB10 efforts, and probably somewhere in Microsoft’s accounts.) But that’s only the beginning; then you need handsets that will run it, and a broader strategy to build an ecosystem that will act as a virtuous circle. Get it wrong, and the writedowns are multiple billions. The downside is far greater than the initial cost (though the upside is, hey, an ecosystem).

Question now is which other platforms will demonstrate this. Wearables? IoT? AI assistants?
link to this extract

Facebook, Instagram, and Twitter provided data access for a surveillance product marketed to target activists of color • ACLU of Northern California

Matt Cagle of the American Civil Liberties Union:


The ACLU of California has obtained records showing that Twitter, Facebook, and Instagram provided user data access to Geofeedia, a developer of a social media monitoring product that we have seen marketed to law enforcement as a tool to monitor activists and protesters.

We are pleased that after we reported our findings to the companies, Instagram cut off Geofeedia’s access to public user posts, and Facebook has cut its access to a topic-based feed of public user posts. Twitter has also taken some recent steps to rein in Geofeedia though it has not ended the data relationship.

Further steps are required if these companies are to live up to their principles and policies by protecting users of all backgrounds engaging in political and social discourse. So today the ACLU of California, the Center for Media Justice, and Color of Change are calling on Twitter, Facebook and Instagram to commit to concrete changes to better protect users going forward. Read our letters here and here

We first learned about these agreements with Geofeedia from responses to public records requests to 63 California law enforcement agencies. These records revealed the fast expansion of social media surveillance with little-to-no debate or oversight.


This is a natural, logical spinoff of the surveillance implicitly embedded in targeted advertising-based products. Problem for Twitter et al: how do you know whether a third party which buys access to your API isn’t using it like this?
link to this extract

From crisis to creative destruction at Samsung • WSJ

Geoffrey Cain, a Seoul-based journalist, in an op-ed:


Samsung, having reached the top of the global industry, can no longer rely on the culture of crisis that once kept it moving. The Galaxy Note 7 blunders far outstrip what happened in 1995—and are unthinkable for a world-class corporation. Samsung now needs to prevent crises so it can stay on top, not use them to catch up.

Today the company is staffed by some of the world’s finest engineers and designers whose careers don’t depend on an emperor. The workforce is more professionalized but less enthusiastic. Employees say the company is beset by bureaucracy, complacency and petty internal politics—similar to the problems that undid erstwhile rival Sony.
Under Vice Chairman Lee, Samsung has made some progress at reform, selling off noncore assets and affiliates to trim down this sprawling empire. But the pace of change has been modest.

Now an unusual trifecta of problems is suddenly converging, offering Vice Chairman Lee an opportunity to prove himself. In the short term, he will have to reboot the Galaxy phone brand. In the long term, he’ll need to define a clearer direction into new growth areas and against Chinese handset makers.

Finally, and the most sensitive of all, he’ll need to simplify Samsung’s complicated ownership structure and smooth relations with shareholders such as Elliott Management.


Being compared to Sony’s gotta hurt.
link to this extract

Two key metrics show the perception of Samsung’s entire brand has tumbled over its exploding phones • Business Insider

Lara O’Reilly:


Samsung’s “recommend score” — a measure from 100 to -100 of whether people are likely to recommend the brand to a friend or tell them to avoid it — has dropped in the US from 46 back in June to a score of 29 when the most recent survey was taken. Samsung suspended shipments of the device on August 31, less than two weeks after its release.

The brand’s purchase consideration — where survey participants are asked to pick the brands they would consider when they were next in the market to buy a specific product — has fallen from 42% to 31% in the same period.

YouGov Brand Index

Both are statistically significant declines.

Meanwhile, Samsung’s “Buzz” score —a measure of sentiment, where participants are asked whether they have heard anything positive or negative about the brand in the past two weeks — has also plummeted. Samsung had a score of 27 at the end of June, but that has since dropped to -6.9.


The key question will be how rapidly these recover.
link to this extract

Mixmsg is a Spotify-powered mixtape creator for Apple iMessage • Musically

Stuart Dredge:


The app is called Mixmsg – Make Mixtapes with Friends, and it was released as a free iOS download this week. “Mixmsg helps you create and share two-sided mixtapes as easily as texting,” explains its App Store blurb.

“Easily share life news, all the feels or favourite tunes & bands with a custom mixmsg tape or mixmsg Flyer. Rewind to a time when music said it all.”

Where does its music come from? We’ve given that away in the headline: the “provided by Spotify” text within the app shows the source. Two people can add songs and then play songs in full if they’re Spotify users.

There’s no obvious business model here, and we suspect this kind of thing will ultimately be an iMessage extension for services like Spotify. Even so, it’s an inventive spin on messaging and playlist creation.


Smart by Spotify: use the platform of your rival (in music) against it.
link to this extract

Errata, corrigenda and ai no corrida: from yesterday: IDC’s figures for “PC shipments” do include Chromebooks but not 2-in-1s; Gartner’s include 2-in-1s but not Chromebooks. I’ve fired my research assistant. (Thanks Max Rogowsky for pointing out the error.)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.