Spies, everywhere!
Jonathan Zdziarski wrote this fascinating piece, makes me glad that none of my vehicles have OnStar. Really, REALLY glad. If yours does, you won’t want to miss.
OnStar Begins Spying On Customers’ GPS Location For Profit
Bonus discussion: How soon before such systems become mandatory in every vehicle?
Seen on DarkReading.com:
WordPress, the popular blog-hosting site, is reporting a breach of several of its servers.
Automattic, the company that drives WordPress, as well as Akismet, “had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed,” said WordPress [...]
Folks that use WordPress or other Automattic products will want to keep an eye on this.
Old cars never had problems like this.
There’s too much not-necessary-for-driving stuff that you can do with cars these days, and few of ‘em are any good. At best, many new features serve to distract you from the task at hand: driving the thing competently.
Even stealing cars isn’t what it used to be. With the demise of discrete wiring in favor of networks, in some cases all you need to do is access the network. Used to be you needed to break off a mirror to gain physical access. Jack in with your laptop and command the doors to open, the engine to start…
But now? Make a “phone call” from your laptop.
How long before we see car-botnets controlled from IRC? Or maybe viruses to cause an accelerator to stick? Or brakes to stop braking? Or, more subtly, stability controls to destabilize? Hmmm, cause your ex to seem like s/he’s driving drunk? For a price, of course, cash, please.
Here’s a NY Times article that ought to shake you up. (But I’ll bet it won’t.)
Researchers Show How a Car’s Electronics Can Be Taken Over Remotely
A reasonably-written article in the New York Times. What troubles me is the attitude that privacy really doesn’t matter, which seems to be gaining traction in some circles.
[...] some collective-intelligence researchers argue that strong concerns about privacy rights are a relatively recent phenomenon in human history.
“The new information tools symbolized by the Internet are radically changing the possibility of how we can organize large-scale human efforts,” said Thomas W. Malone, director of the M.I.T. Center for Collective Intelligence.
“For most of human history, people have lived in small tribes where everything they did was known by everyone they knew,” Dr. Malone said. “In some sense we’re becoming a global village. Privacy may turn out to have become an anomaly.”
http://www.nytimes.com/2008/11/30/business/30privacy.html
I got a distressing email from a friend earlier this evening. He wrote of picking up a trojan on his personal laptop. It was asking for money to undo the shenanigans. And my friend was asking for advice before he reformatted and reinstalled.
First thing I did, like any of you would do, was upload some useful tools to one of my servers for him. But now I’m sitting here thinking…
We all send attachments back and forth in email and there are certain people that you trust. Instead of the trash, instead of treading carefully, the automatic trust thing (and the all-too-human trait of being in too much of a hurry) makes us open, run, visit or whatever.
Perhaps that trust is misguided. My friend’s one of the folks I trusted that way. But as I write I’m running checks on his recent attachments!
Will his box be clean tonight? Tomorrow? Next week? What will he do, what will he run before sending something else? Multiply the risk by the number of people with ‘trusted’ status.
I feel like I dodged a bullet.
As it happens I’ll be seeing my friend tomorrow. This will certainly be one topic of conversation.
I’m in the middle of a fairly complex transaction with a well-known financial institution, involving of several different areas of their organization. When I phone them up, using either the general customer service number printed on their statement or a direct line to an agent I’ve worked with subsequent to one of those calls, I feel comfortable with the security of the call. But sometimes it’s necessary for them to reach out to me. Those calls can be tricky.
Unexpected incoming calls carry an inherent risk. You just can’t tell who’s on the other end! (It’s where the word ‘phoney’ came from, by the way.)
My voice mail contained one such message a couple of days ago. When I returned the call and provided a ‘reference number’ from the message, the voice asked for my fax number. There were some documents requiring some additional information along with my signature. And soon my documents arrived.
Yesterday I pulled the PDF into an editor, added the required information and pasted in my signature. It was time to fax them back. Here’s where it got interesting.
Remember, the request was unexpected and came from an untrusted source. The fax-back number was unfamiliar, as was the originating office in a different part of the country. So I phoned up the main customer service number for verification.
The agent was very accommodating and understood why I was calling. But it took the better part of a half-hour before the office and fax number were pronounced to be legitimate. The wait on their toll-free number, made comfortable by my headset (which allowed me to continue with other work) was well-worth the assurance. I learned that calls like mine were rare indeed; my agent, with years of call center experience, had personally never handled a single instance.
It’s no wonder identity theft is so rampant.
Don’t be a victim. Take the time to verify unknown callers before complying with their requests. If you meet with resistance then perhaps you should consider taking your business elsewhere. It just might be an indication of the care they take in caring for the confidential information in their custody.