VTech got hacked – but was it open to hacking in any case? Photo by remediate.this on Flickr.
You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 8 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.
UK within 0.8% of the original BDUK phase 1 superfast broadband goal » thinkbroadband
The UK is edging closer to its original BDUK target of 90% superfast broadband across the UK every week and it is looking like the 24 Mbps or faster target will be crossed in March and the EU figure of 30 Mbps another couple of months later. Given the political ambition is 95% superfast coverage by the end of 2017 and as individual projects push on and they are getting to ever more sparsely populated areas in the main the 95% figure may look easy but we are seeing roll-outs slowing in some areas as the premises per cabinet ratio gets worse.
What is interesting is observing the complaints about broadband which are not diminishing even though more people can get superfast broadband but are actually increasing, and this is even allowing for the lobbying that is underway over what Ofcom should and will do with Openreach. We believe that complaints are going to get worse as coverage levels improve, this is because those missed out will be increasingly worried they are in the final 5% which has no firm delivery promises yet.
I’m in the 5%.
link to this extract
As Flint fought to be heard, Virginia Tech team sounded alarm » The New York Times
as government officials were ignoring and ridiculing residents’ concerns about the safety of their tap water, a small circle of people was setting off alarms. Among them was the team from Virginia Tech.
The team began looking into Flint’s water after its professor, Marc Edwards, spoke with LeeAnne Walters, a resident whose tap water contained alarming amounts of lead. Dr. Edwards, who years earlier had helped expose lead contamination in Washington, D.C., had his students send testing kits to homes in Flint to find out if the problem was widespread. Lead exposure can lead to health and developmental problems, particularly in children, and its toxic effects can be irreversible.
Their persistence helped force official to acknowledge the crisis and prompted warnings to residents not to drink or cook with tap water.
The utter nastiness of Ted Cruz » The Washington Post
I followed both Cruz and Trump this week at multiple campaign events across New Hampshire. It was, in a sense, a pleasure to see them use their prodigious skills of character assassination against each other. It was demagogue against demagogue: lie vs. lie. Both men riled their supporters with fantasies and straw men.
But there were discernible differences. Trump owned anger. Cruz, by contrast, had a lock on nastiness. Trump is belligerent and hyperbolic, with an authoritarian style. But while Trump fires up the masses with his nonstop epithets, Cruz has Joe McCarthy’s knack for false insinuation and underhandedness. What sets Cruz apart is the malice he exudes.
Cruz jokes that “the whole point of the campaign” is that “the Washington elites despise” him. But Cruz’s problem is that going back to his college days at Princeton, those who know him best seem to despise him most.
Read on for the most amazing lies spread by Cruz’s team during the Iowa primaries; expect more through the next few months, until and unless Marco Rubio takes the lead. Or maybe it will get even worse then.
link to this extract
Russian group accused of online ad fraud through Twitter service » FT.com
[Online security company] Sentrant has claimed to have identified more than 200 apps in the Google Play store that, after being installed on a mobile device, loaded “invisible” ads in the background. Its researchers estimated that these rogue apps generated at least $250,000 in advertising revenues each day — from companies paying for views — even though the ad placements could not actually be seen by people.
“This is as bad as any financial crime going on worldwide,” said Allen Dillon, chief executive of Sentrant. “It’s going to cost the consumer at the end of the day, because someone has to pay for the losses.”
Sentrant said that apps containing “fraud code” linked to Academ Media included Frozen Flame, a free game for children that has been downloaded more than 100,000 times.
Academ Media said that the allegations were unfounded. It claimed that, a year ago, its systems were hacked by an unknown attacker, who stole data and modified the company’s apps to commit advertising fraud.
India’s regulator effectively bans Facebook’s free basics service » WSJ
Sean McLain, Joanna Sugden and Deepa Seetharaman:
Facebook’s efforts to expand Internet access in the developing world suffered a blow Monday when India’s telecommunications regulator ruled that the social-media company’s plan to offer free access to a limited number of websites undercut the purpose of the Internet.
The regulator said Facebook’s Free Basics service violated the principles of net neutrality, which call for equal treatment of all traffic on the Internet. The new regulations ban all programs in India that offer free access to a limited set of online services.
This means Reliance Communications Ltd., the mobile-phone service provider that is Facebook’s partner in India, can’t offer Free Basics or free access to Facebook’s social-media site.
Net neutrality wins, connectivity loses?
link to this extract
Uninstalling Facebook app saves up to 15% of iPhone battery life » The Guardian
concerns about Facebook’s Android app led to the discovery that deleting the app saves up to 20% of a phone’s battery. After that revelation, I set about seeing if the same was true for iPhone users. I discovered that uninstalling Facebook’s iOS app and switching to Safari can save up to 15% of iPhone battery life.
Using an iPhone 6S Plus for a week without the main Facebook app installed, I recorded the battery life at 10.30pm each day for a week comparing it to a daily average taken from a week with the app. I charged the phone overnight, taking it off the charger at 7.30am, and used it normally. I accessed Facebook for the same amount of time, and for the same purposes, using the social network’s excellent mobile site within Safari, as I had done using the app. I also left the Facebook Messenger app installed.
On average I had 15% more battery left by 10.30pm each day. I had also saved space, because at the point I had deleted the Facebook app it had consumed around 500MB in total combining the 111MB of the app itself and its cache on the iPhone.
His iPhone 6S review in October 2015:
Battery life is the iPhone 6S’s biggest problem. During the week the phone failed to make it past 11pm after leaving the charger at 7.30am in the morning.
I used the iPhone as my primary device, receiving hundreds of emails and push notifications, conducting 2.5 hours of browsing, three hours of music playback via Bluetooth headphones, taking a couple of pictures and playing the odd game of Angry Birds 2 on the train home.
At the weekend it spent most of the day sitting on a table untouched, but I still went to bed with only 30% charge left. Apple’s new Low Power Mode made little appreciable difference in real-world use.
The photo on the review shows Facebook installed, though that for battery life doesn’t show Facebook figuring. And yet… could there be a connection?
link to this extract
Wired Is Launching an Ad-Free Website to Appease Ad Blockers – Bloomberg Business
More than 1 in 5 people who visit Wired Magazine’s website use ad-blocking software. Starting in the next few weeks, the magazine will give those readers a choice: stop blocking ads, pay to look at a version of the site that is unsullied by advertisements, or go away. It’s the kind of move that was widely predicted last fall after Apple allowed ad-blocking in the new version of its mobile software, but most publishers have shied away from it so far.
Wired plans to charge $3.99 for four weeks of ad-free access to its website. In many places where ads appear, the site will simply feature more articles, said Mark McClusky, the magazine’s head of product and business development. The portion of his readership that uses ad blockers are likely to be receptive to a discussion about their responsibility to support the businesses they rely on for information online, McClusky said.
I’d like to see McClusky’s spreadsheet where it shows that every user who accesses the Wired site is worth $1 per week. Then we can talk. I’d guess the real number is perhaps one-fiftieth that size.
link to this extract
No, VTech cannot simply absolve itself of security responsibility » Troy Hunt
A few months ago, the Hong Kong based toy maker VTech allowed itself to be hacked and millions of accounts exposed including hundreds of thousands of kids complete with names, ages, genders, photos and their relationships to their parents replete with where they (and assumedly their children) could be located.
I chose this term deliberately – “allowed itself to be hacked” – because that’s precisely what happened. In an era where major incidents such as Ashley Madison and TalkTalk were front page news in the mainstream press, VTech continued to run a service with such egregious security flaws as the SQL injection risk the hacker originally exploited, unsalted MD5 password hashes, no SSL encryption anywhere, SQL statements returned in API calls (it’s actually in the JSON response body of my post above) and massively outdated web frameworks.
What I didn’t write about at the time but reported privately was that they also had multiple serious direct object reference risks; the API that returned information on both kids and parents could be easily exploited just by manipulating an ID.
Ugh. Terrible, terrible security. And these people want access to childrens’ data? Oh, but it gets worse: see how they’ve updated their Ts and Cs.
link to this extract
Errata, corrigenda and ai no corrida: ICYMI, I wrote about iPhone third-party repairs, #error53 and its likely causes, and what it tells us about Apple and some of the media.
The Overspill: when there's more that I want to say 