An (extra) step in the right direction: Apple extending two-factor authentication to iCloud.com log-in

A while back, I enabled two-factor authentication to a number of my accounts following Mat Honan’s terrible hacking story.*

This morning I noticed that, without any fanfare, Apple has extended that preference to the iCloud.com website portal …

Verify_iCloud_screen_1_7_14

… so that to log in to iCloud, I need to have one of my ‘trusted devices’. (Well, given the Snowden/NSA revelations, ‘trusted device’ is a relative term now, surely?)

iCloud_verify

Apple sends a four-digit verification code which is entered and voila!

iCloud_digits

Anyway, that’s a good step.

I highly recommend you enable two-factor authentication on your key accounts. It’s a small inconvenience with a huge potential pay-off in terms of security.

– P

* See Learning from Mat Honan’s disaster (Apple & me)

The evolution of news media pinching pics off social media

I noted this photo credit: “Photo / Supplied by Facebook” in the NZ Herald‘s front page story today.

Pregnant_teen_s_letter_draws_praise_-_Life___Style_-_NZ_Herald_News

Really? Facebook ‘supplied’ the photo? More likely the NZ Herald TOOK it, don’t you think?

Whatever. I’m not that critical, and, in this case, it’s probably fine with the ‘subject’ … but what do you think?:

click to enlarge

click to enlarge

Is it OK for news media to take and re-publish items from someone’s Facebook profile? (And in this case, it was huge on the front page! – see right)

What if they wanted to illustrate a story about a crime? Or a tragedy? That’s been done, certainly — with or without permission.

Not a new question — but I was struck by the oddly-worded credit: ‘Supplied by Facebook’ 

– P

 

Umm, before you download that PDF from the NSA’s website …

IC_ON_THE_RECORD_•_Statistical_Transparency_Report_Regarding_Use_of_National_Security_Authorities

I skim-read, and was just about to download the Transparency Report Regarding Use of National Security Authorities from a web page run by the Office of the Director of National Intelligence, when I remembered spotting this:

[McAfeee] attributed the trend to Adobe’s greater popularity in mobile devices and non-Microsoft environments, coupled with the ongoing widespread use of PDF document files to convey malware.

Remember? Beware the ubiquitous PDF? Really?

Now I’m not paranoid … am I?

– P

“Like a girl” – a brilliant, blistering piece of PR. Watch.

So restrained, so understated, so brilliant.

Good on them (always.com) for doing this.

The escape of exnzpat, Part 22

The Bride of Endor

Mia left the old nurse to her magazine and finished her rounds.  There were nine children on the floor with five rooms empty.  It would be an easy, quiet night she decided, and perfect for her purpose.  Of all the children but Lester F were recovering from chemotherapy.  Two were to go home in the morning and the others to remain another three or four nights, depending on their conditions.  All were stable, and all rested easily on low doses of morphine or oxycodone.

Mia slipped back into Lester’s room and turned the cock to CLOSE on her drip bag of painkillers. Continue reading →

Listen to the spy movie soundtrack on this ad for the VYSK smartphone case

Making a buck out of people’s paranoia/rational fear of cyber warfare and espionage … and these (apparently) terribly insecure devices many of us carry with us everywhere.

Vysk: Putting Privacy Back in Your Hands from Mustache Production on Vimeo.

Read all about it: www.vysk.com (not an affiliate link).

– P

Update: Audio of soundtrack here:

MP3 file

See also: Snowden on intelligence agencies ‘owning’ your smartphone

It’s all about image

I spotted this National Party campaign ad yesterday thanks to @jamileeross who tweeted it into my timeline. Hmm, I thought, monochrome, concrete block bunker, working the phones. Looks like they’re going for a 1960s Kennedy campaign vibe.

John Key on phone National ad-600w

I wonder who’s on the other end?

Key-phone-Obama

What is your phone and your internet connection blabbing about you?

Early in the second part of PBS’s (highly recommended) ‘United States of Secrets‘ documentaries, The Guardian‘s reporter Ewan Macaskill recalled Edward Snowden’s reaction in his Hong Kong hotel to a simple question: Do you mind if I record our interview on my iPhone?:


Ewan Macaskill — excerpt from PBS ‘United States of Secrets’ part 2 MP3 file

I’ve referred before to my uneasiness about what a sufficiently-motivated (I hope) security agency or other entity is able to learn about, say, me (or you!) though our smartphone or internet connection — the bulk surveillance nightmare that Edward Snowden revealed a year ago.

An enterprising National Public Radio reporter called Steve Henn decided to find out … Project Eavesdrop: An Experiment At Monitoring My Home Office

When my iPhone connected to the network, suddenly a torrent of data began flowing over the line. Porcello was monitoring my traffic in his office across the country in Vermont.

“Oh, jeez,” he said. “You are not opening apps or anything?”

The iPhone was just sitting on my desk — I wasn’t touching it. We watched as my iPhone pinged servers all over the world.

“It’s just thousands and thousands of pages of stuff,” Porcello said.

My iPhone sent Yahoo my location data as unencrypted text. The phone connected to NPR for email. It pinged Apple, then Google. There was a cascade of bits.

Oh dear. Yes, I use the built-in weather app … with its little YAHOO! symbol at the bottom … and yes, I gave that app permission to use Location Services (along with only a few other apps).

But it didn’t occur to me that it would be routinely telling Yahoo where I am located — and transmitting that data unencrypted — even when I’m not actually checking the weather. Data like that is sooo hackable, as Yahoo mail demonstrated recently. Ger-rump!

Oh, you blabbermouth Yahoo!

Oh, you blabbermouth Yahoo!

Before Edward Snowden’s revelations about bulk surveillance and storage, I was quite relaxed about location services, as you can see in 2011’s Despite that, your honour, I wasn’t ACTUALLY there where I (naively?) reproduced this …

Oh dear. Now everyone can see how much time I spend at Simon Lusk’s place.

Oh dear. Now everyone can see how much time I spend at Simon Lusk’s place.

But I am … considerably less comfortable now.

– P

RIP Rik Mayall

The_New_Statesman_title_card

A sad farewell to a comedic genius. Rik Mayall has died unexpectedly at 56.

His fans will celebrate the groundbreaking The Young Ones and remember with relish his scene-stealing and virile Lord Flashheart (woof!) in Blackadder — as I do — and these were great.

But for me, I will always remember his Alan B’Stard, beautifully described in the first episode of The New Statesman (below) as ‘a Thatcherite toy-boy’. To glimpse such deep cynicism in a politician was, yes, funny, but also oh-so-pointed.

RIP.

– P

rik-mayall-headlines

Daniel Ellsberg on why Snowden couldn’t get a fair trial

Daniel_Ellsberg__Snowden_would_not_get_a_fair_trial_–_and_Kerry_is_wrong___Comment_is_free___theguardian_com

Worth reading.

Daniel Ellsberg: Snowden would not get a fair trial – and Kerry is wrong

As I know from my own case, even Snowden’s own testimony on the stand would be gagged by government objections and the (arguably unconstitutional) nature of his charges. That was my own experience in court, as the first American to be prosecuted under the Espionage Act – or any other statute – for giving information to the American people.

I had looked forward to offering a fuller account in my trial than I had given previously to any journalist – any Glenn Greenwald or Brian Williams of my time – as to the considerations that led me to copy and distribute thousands of pages of top-secret documents. I had saved many details until I could present them on the stand, under oath, just as a young John Kerry had delivered his strongest lines in sworn testimony.

But when I finally heard my lawyer ask the prearranged question in direct examination – Why did you copy the Pentagon Papers? – I was silenced before I could begin to answer. The government prosecutor objected – irrelevant – and the judge sustained. My lawyer, exasperated, said he “had never heard of a case where a defendant was not permitted to tell the jury why he did what he did.” The judge responded: well, you’re hearing one now.

And so it has been with every subsequent whistleblower under indictment, and so it would be if Edward Snowden was on trial in an American courtroom now.

The movie ‘Maleficent’ — well worth your time

Maleficent-poster
I saw this with my family last night. It’s very good. The script contains some great twists on a story you think you already know. A striking, powerful performance by Angelina Jolie. I recommend it.

– P

Update: Here’s The Guardian’s (very positive) review.

Snowden on intelligence agencies ‘owning’ your smartphone

Here’s a clip from the Brian Williams/NBC interview with Edward Snowden on the vulnerability of smartphones to intelligence agencies … (as we discussed in Oh. The NSA ‘owns’ iPhones (but only if it can get its hands on them, for now). It’s worse than I thought.


excerpt: Edward Snowden talks to NBC’s Brian Williams re security agency intrusion into smartphones MP3 file

Watch the whole interview below
(removed youtube embed after it was removed from youtube following an NBC copyright request)

Here’s the NBC news webpage with additional material (and, free bonus! US government/establishment spin) on the Snowden interview: INSIDE THE MIND OF EDWARD SNOWDEN

The escape of exnzpat, Part 21

Expectations, Providence, and Enquiry

Our route to the bridge was a circuitous one.  Lilith led the way, but not before resting for a few hours until her metamorphosis was complete.  Her ungainly, awkward shape, she said, would get in the way and hinder our passage.  So, we sat quietly together in a small, green glade bounded by wildflowers, overlooking a quiet mossy gully nestled between towering pillars of rock.

It was nice.  And despite everything that had gone on before, I felt Lilith and I were becoming friends.

“I find your mind still on Lincoln,” I said.  “But your anguish is not there as it was before.”

“Yes.  It is true, but it will come again to me, so you must be prepared,” she replied.  “It was in that shape the Magus trapped me.  It was in this shape that I broke her spell and discovered Lincoln dead.”

We sat for a long time, saying nothing.  I was thinking of Lincoln:  as a puppy, and of bringing him home, and the kids going crazy over him, and he, phenomenally excited at all the attention and peeing on the living room rug.  I smiled at the memory, but at the time remember being furious about it.  And after all that had happened, I wondered why.  That other me, before the rental, seemed to be as lost and as distant as my dreams of being player in the real-estate industry.

“Shapes trap things, exnzpat,” Lilith said suddenly.  “The bulk of my grief for Lincoln remains inside that other me.  I am compromised, to be sure, so be careful when that other me returns.”

It sounded like a warning and I took heed, knowing how her mind had compromised mine on our walk down the mountainside.

I sighed and said, “It will take time, Lilith.  Grief is not easy, believe me, this last year has been the blackest of blackest nightmares.  I would have gladly killed myself to rid myself of it.”

She looked at me.  Her perfect human face shining in the light, and I saw why.  Her face was wet with tears.

“Oh, exnzpat, you are a dear fool.  Death changes nothing.”

I reached up to her and kissed her face.

*  *  * Continue reading →

About that Blackshades RAT computer malware thing in the news …

Here’s a line that recent news reports about this worldwide malware infestation might usefully have mentioned more prominently …

Blackshades malware affects Microsoft Windows-based operating systems.

But I guess they got hung up on the Shock! Horror! ‘Miss Teen USA nude photos’ angle, huh?

FBI Blackshades
Click to read the FBI bulletin here.

– P

Andrea Vance on protecting your communications

Andrea Vance on TV3's The Nation panel discussion - click to view video

Andrea Vance on TV3’s The Nation political panel – click to view video at TV3

Reporter of the Year Andrea Vance talked to Radio New Zealand’s Colin Peacock on Mediawatch about government surveillance of news media in an illuminating interview broadcast last Sunday. [Coincidentally, Vance was part of TV3’s The Nation political panel the day before.]

Listening to the Mediawatch interview, one can’t help but be struck by the loss of commonly-held innocence (‘Little old New Zealand’), and observe how the experience of being the target of improper/illegal surveillance has informed Andrea Vance’s view of the capacity and likelihood of government spying on New Zealanders … including journalists, their sources, whistle-blowers … with, it seems to me, ‘dissident’ elements (however you define those) being in the cross-hairs as well.

For the sake of reducing any ambiguity, let me repeat my own position on these matters …

It nauseates me to discover that far from protecting the fourth estate’s role and right to do its job at the seat of our democracy, Parliamentary Service, under pressure from the Prime Minister’s Office and his “enforcer” Wayne Eagleson, rolled over and surrendered surveillance data on a press gallery journalist to the David Henry witch-hunt set up on Mr Key’s orders.
It’s emerged that Parliamentary Service provided swipe-card records, which tracked Ms Vance’s movements — date, time, location — around the precincts of Parliament; and three months of her phone records(!)

It’s also worth hearing Andrea Vance’s thoughts about defensive measures journalists and others can/should/must take … without getting lost down the ‘super-paranoid’ rabbit hole. (But remember the saying: ‘You’re not paranoid if they really are out to get you.’)


Excerpt: Andrea Vance talks to Colin Peacock, Radio NZ Mediawatch 18 May 2014 MP3 file

Andrea Vance makes a very good point about government and spy agency use of semantics to dodge questions. That double-speak is as old as politics itself.

I recommend you inform yourself about the communication security options available to you. Encryption technology is getting easier to implement in the wake of the extra demand created by NSA whistle-blower Edward Snowden’s revelations about the extent of state mass surveillance, and, inadvertently, New Zealand’s role in it.

The full Mediawatch programme 18/5/14 is available as a podcast (which is how I almost invariably listen to it) here at the Radio NZ website. It’s definitely worth subscribing.

– P

PS For the record, you can find my own PGP public key at the bottom of the About page. I’m happy to correspond that way, or reply to a test message if you’re setting up encrypted email yourself.

The GCSB's Waihopai spy station. Is it hoovering up similar meta data on New Zealanders? Who do I ask?

Waihopai spy station, Marlborough. Part of the GCSB which despite legislation prohibiting it from spying on New Zealand citizens or permanent residents has been doing exactly that on behalf of the Police and the Security Intelligence Service.