Tuesday, August 12, 2014

Want Safe Juice? Better Wear a USB Condom!

Waiting for your flight, your smart phone’s battery is about to die. Or perhaps at a hotel conference or shopping mall. You don’t have your power cable needed to charge your tablet or phone, but you do have a USB cord that can supply the needed power. Then you spot an help: a free charging kiosk.

Didn't think before connecting your phone to this unknown device -- which could be configured to read most of the data on your phone, and perhaps even upload malware? Better consider a USB Condom!


At the 2014 DefCon (a hacker's convention), over 350 attendees (who should be "in the know" about this) plugged their smart phones into a charging kiosk built by Brian Markus, president of Aires Security, and fellow researchers Joseph Mlodzianowski and Robert Rowley. They built the charging kiosk to educate attendees about the potential perils of juicing up at random power stations. To make their charging station more attractive to passersby, Markus and his pals equipped it with a variety of charging cables to fit the most popular wireless devices. When no device was connected, the LCD screen fitted into the charging station displayed a blue image with the words “Free Cell Phone Charging Kiosk.” The screen switched to a red warning sign when users plugged in any devices. The warning message read:

“You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!”
Markus said the comments from those who chose to juice up their phones at the kiosk were the most rewarding part of the project. But that's not all: Anything using USB is totally unsafe. A bold warning from Security Research Labs, given at Black Hat, another hacker con. Basically, any USB device can do anything it wants to your PC or Mac, and there's nothing you can do to stop it, detect it, or remediate it.

The security problems with USB devices isn’t just in what they carry, it is built into the core of how they work. That’s the takeaway from findings of security researchers Karsten Nohl and Jakob Lell. The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. ... And the two researchers say there’s no easy fix. ... They spent months reverse engineering the firmware that runs the basic communication functions of USB devices. Read more at Slate...


Friday, August 1, 2014

Wait, cable companies are NOT common carriers, but ride-share is??

Maryland should not classify Uber and Lyftt and other ride-share businesses as common carriers. I mean, how messed up is it that the companies that provide the pipeline to the internet are NOT common carriers (Comcast, AT&T, Verizon)? But telecoms are (AT&T, Verizon, T-Mobile)? Yet, in the interest of "protecting us", the Public Service Commission wants to over-regulate ride-shares such as Uber.

Ride share is not a common carrier; our helpful government should not squelch consumer choice in Maryland by erroneous re-classisfying businesses such as Uber or Lyft. Uber and its competition provide flexibility: drivers have complete control over their businesses and schedules. The PSC’s proposed order would mean that Uber’s partner drivers can no longer own and operate independent companies; it would eliminate opportunities for residents to start their own businesses, make a living, and contribute to the economy.

Over-regulating would lessen low-cost options for low-income people who need to get to one place or another without a car. And the government's heavy hand isn't needed — the marketplace is the best regulator, in this case. Uber lets riders and drivers rate each other. Demand pricing means MORE available transportation, particularly when it is needed most — try getting a taxi last winter during that storm, or on New Years Eve, when so many people are drink-driving!

Shouldn't our government be looking to increase supply of alternative transportation, not decrease it? Fewer people owning fewer cars means transportation infrastructure costs go down. Pollution goes down. Congestion on our roads goes down. But not if you squelch new businesses.

#MDneedsUber

How does Uber work? A customer requests a car using a smartphone app -- Uber sends its closest driver to their location, using the phone’s GPS. The fare is charged directly to your credit card. Uber provides five types of services: UberX, the cheapest option which allows for the hiring of livery car drivers with a smartphone; Uber Taxi, which lets you e-hail a yellow cab; Uber Black, a private hire car; Uber SUV, the car seats up to six people and Uber Lux, which features the priciest cars. UberX drivers are not licensed chauffeurs and they use their own cars. They also use their personal auto insurance policy while driving for Uber. According to the company website, all ride-sharing and livery drivers are thoroughly screened and the company conducts ongoing reviews of drivers’ motor vehicle records throughout their time with Uber.

While taxi operators may spend more than $1 million for a medallion to operate in some cities, Uber drivers don’t. At least six cities (Omaha and Lincoln, Nebraska; Ann Arbor, Michigan; San Antonio and Austin, Texas; and Miami) as well as the state of Virginia have banned ride-sharing companies. Another seven cities and three states (California, Connecticut and Pennsylvania) are trying to regulate them. So let's see - government monopolies to keep prices high and provide crappy taxi service? Or freedom of choice?

You decide. Before the government does for you.