The Mother of All Android Hacks

The Mother of All Android Hacks

Users of the popular Android operating system are all vulnerable to “the mother of all Android vulnerabilities” in which a simple text message can give hackers complete control of your phone.

The worst part, is that you don’t necessarily need to open the text message for the hackers to gain control of your device. This flaw was uncovered by security firm Zimperium, and the text message contains a video file. In the code for the video file is a string of malicious code that then activates once received. You don’t even have to watch the video to have your phone taken over.

Long story short is that if hackers send out this malicious code to every Android phone right now, they could gain access to your phone.

Zimperium has stated that the flaw has not been exploited by hackers, yet.

Google has been notified has is working on a fix. The amount of devices affected is astronomical. This bug affects any device running Android in the last five years, according to Zimperium.  In 2015 alone, more than 1.1 billion devices will be shipped, according to industry analysts IDC.

If you have an Android device, update it now!

This is quite similar to the recent iPhone text message hacking story from a few weeks ago.

Change your Skype Password Now! Like right now.

Change your Skype Password Now! Like right now.

Users all over the internet are reporting that their accounts are experiencing some weird behavior. Apparently Skype accounts have been getting “spoofed” and Microsoft is recommending that all users change their passwords ASAP. Here is the link to the Skype Forum 

Instead of a hard to remember password, you should use a passphrase. 
For example:  Mycatdoesnotenjoyplayingthebongos!2015.
The first reports were posted in skype / microsoft help forums. Others confirmed that their accounts also sent such messages all by themselves.
“My account sent out the same message OP describes. The message was sent at 2345 UTC on 01-07-2015 to all contacts. As a precaution, I changed my Skype password on a different machine. I also checked whether anything strange was accessing the API, but this did not appear to be the case,” one user explained 3 weeks ago. Source
 Microsoft is fully investigating and the only advice or recommended action right now is to change your password.
So go change your password right now.
Why are you still reading this.
Seriously.
Hackers Threaten to Expose 40 million Members of Ashley Madison

Hackers Threaten to Expose 40 million Members of Ashley Madison

AshleyMadison is the most recent victim of hackers as Brian Krebs of Krebsonsecurity.com has reported late last night.

The hackers identified themselves as “The Impact Team” and posted a small sample of the data that they stole from AshleyMadison’s parent company, Avid Life Media.  Avid Life Media also owns “Cougar Life” & “Established Men.” The Impact Team also demanded the permanent takedown of AshleyMadison & Established Men with the penalty for non-compliance being the full release of names, addresses, and sexual fantasies of all 37+ million users.

The reason that Impact Team seems to be upset is over AshleyMadison’s “Full Delete” feature which is supposed to erase all traces of a users profile from their servers. The service costs $19, and according to the hackers, does not do what it promises. AshleyMadison apparently raked in $1.7 million in revenue in 2014, which is a lot of money for a service that does not do what it is stating to do.

The hackers were pretty clear about all of this by saying:

“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

If the Impact Team does in fact have all member / employee data from AshleyMadison, then the ball seems to be in their court and AshleyMadison is going to have one hell of a time trying to stay online. Imagine the famous / powerful people that might be members of this website that are going to be very nervous about the release of their private information, let alone confirmation of membership on the website.  Depending on how powerful they are, there might be a lot of back-channel pressure upon AshleyMadison’s leadership.

There are a couple things I know for sure.
1. I would not want to be the leadership of AshleyMadison right now. Also, I would never want to be in a leadership position at a website like this. Their sole purpose is to facilitate cheating on your spouse.

2. Being a member of this site sounded like a bad idea when the commercials first started airing a few years ago. Now that is 100% confirmed to be a bad idea.

Ashley Madison has an “affair guarantee” that guarantees that members will have an affair. In a round about way they succeeded, now that 100% of their members are now completely screwed.

 

10th Man Manifesto

The Seattle Mariners are, objectively, one of the least successful franchises in Major League Baseball.  They are one of two teams never to play in a World Series.  Through 2014, they have the third lowest winning percentage among Major League franchises; trailing only the Rays and the Padres.  And, perhaps most viscerally for Mariner fans, their 13 year postseason drought is the second longest in the sport.

At the same time, fan engagement in the Mariners is similarly stagnant.  While the level of fan interest is harder to quantify, attendance figures have dwindled steadily over time as the team has struggled.  And the numbers don’t tell the story of how many fans at the ballpark are there for the overall experience rather than to do all they can to help the team win.  It is easy to mock fan excitement for gimmicks such as the Boat Races, the Hat Trick, or even the dancing grounds crew.  But such gimmicks are enjoyed all over baseball.  What is damning is not that those events are popular, but that the noise they generate is not consistently matched during game action.

Meanwhile, the Seattle Seahawks have enjoyed recent success unparalleled in its history, and in the history of all but a handful of teams.  That success has coincided with what is generally understood to be the loudest fan base in football, and one of the best.  It is accepted as fact that Seahawk fans not only root for their team’s success; they are an active part of achieving that success.  Seahawks fans have come to be known as the “12th Man” or just “12’s”.

These facts beg the question:  why are the fan bases of these two teams – next door neighbors – so different?  One could simplistically posit that it is simply a function of success; the Seahawks are good, so the fans support them.  The Mariners are not, so the fans do not.

However, this explanation is at best unsatisfactory, and at worst circular.  It is generally accepted that an engaged fan base can have a direct impact on a team’s success on the field.  Of course, it is at most a fraction of the impact that is had by the players, coaches, and front office.  Alas, sports fans have no control over any of those factors.  Fans can only impact the results on the field in one way; their level of engagement.

As the Mariners begin the second half of the 2015 season, their performance is once again disappointing.  The sports narrative focuses on the number of days until NFL training camp and where to cast blame for this season’s failures.  As Mariner fans, we have the option of accepting this narrative, and thereby perpetuating the cycle of disappointment and failure that has permeated the team and its fans for the last decade.

But Mariner fans have another option.  We can choose to increase our level of engagement to match our engagement in the Seahawks.  We can choose to accept that we have an option to be a direct part of our baseball team’s fortunes every bit as much as those of our football team.  Indeed, we can acknowledge that, in at least some small way, we already have played a direct part in its fortunes.  The term “home field advantage” has been an oxymoron at Safeco Field.  Divvy up that “blame pie” however you want; just make sure to leave a slice for you and your fellow fans.

I propose that we, the Mariner fans, choose to take the first step toward reversing the fortunes of our team.  I propose that we, the fans, choose – one by one by one – to do all we can do to increase the chances that the Mariners win home games by virtue of our actions.  That we model ourselves after the Seahawk fans who congregate down the street (many of them, of course, are us) and the fans of other baseball franchises whose engagement helps their teams succeed on the field.

To that end, I propose the following 6 direct actions that the fans begin implementing immediately, upon the team’s return to town on July 24.  These are just one fan’s initial suggestions.  They are intended to generate interest and discussion; not to dictate your actions.  Hopefully refinements and completely new and better ideas follow.

  1. Begin identifying ourselves as “the 10th Man” or “the 10’s”. This is not a new idea; there is a Facebook page already devoted to the idea.  There hasn’t been a post on it in two months.  That’s telling.
  2. Impose the “two strike” clap for all of our pitchers; not just one of them.
  3. There is a baseball axiom that “momentum is only as good as the next day’s starting pitcher”. Mariner fans have a unique level of access to the opposing team’s starting pitcher before every home game.  A metal fence and no more than five feet separates that pitcher’s pre-game preparation from fans free to engage with him in a direct way.  There are numerous options for this.  I am not proposing that fans be uncivil (we have a Code of Conduct, after all).  But there is no reason why fans could engage in a pre-game ritual designed to distract him.  We could engage in monk-like chanting.  We could throw around a giant (fake) fish, like they do in Pike’s Place Market.    Anything.  It can’t be less effective than nothing.
  4. Yankee fans are known for their “roll call”. In the top of the 1st inning, the bleacher fans chant the name of every defensive player, along with the rhythmic clapping (you can close your eyes and imagine them saying “Der-ek Je-ter, CLAP CLAP CLAP-CLAP-CLAP).  While the clapping is and should remain theirs, there is no reason Mariner fans could not acknowledge of their players at the beginning of each game.  Perhaps a simple 2-3 syllable chant (“SEE-ger…SEE-ger.”)  Give the fans a moment of connection with each player.
  5. Commit to higher levels of noise during game action, designed to inspire our team and intimidate the opposition.
  6. Sign the Petition at seelysecurity.com/10thman to add your voice to the list of Mariner fans who are ready to do their part to bring greater success to their team.

Baseball players are human beings; human beings are affected by their environment.  Anyone who claims that fans cannot have an impact on the game are not basing their beliefs on evidence or common sense.

Some might ask whether the team “deserves” this level of engagement.  You are, of course, free to answer that question in the negative and go about your day.  Arguably, sports as a whole receives far more attention than it deserves.  But ultimately, we choose to be fans not for the teams we root for, but for ourselves.

It follows that choosing a higher level of engagement for the Mariners would be a gift not primarily to them, but to each other.  Will it help?  It won’t hurt.  It will make the games far more fun for the people there and for the fans unable (or unwilling) to attend in person.  And statistical probability dictates that, sooner or later, the Mariners will be good again.  Do you want to be one of the fans who sat back with his arms folded until the winning came, or do you want to feel like you helped bring about the franchise’s change of direction?  I would prefer the latter.

That’s why I’m signing first.  And I’ll be at the game on July 24th in my home jersey with the number 10 on the back and the name “FAN” above it.  Join me.

Brian Muchinsky

Brian Muchinsky is a lifelong baseball fan.  He is an attorney in Bellevue and the co-author of Cyber Fraud:  The Web of Lies, available on Amazon.

The Case That Gives Google the Right to Steal

Google’s stock price is up over 16% today.  Good for them!  And good for their investors.  Don’t be evil.

There are plenty of reasons to be bullish on Google.  And one of them is that they are legally allowed to profit on bullsh*t.  OK, be slightly evil.

It’s a well-kept secret that commercial information on the Internet is subject to basically zero legal regulation.  So while TV stations, radio stations, newspapers, and other “old media” can be held liable for publishing false information, Google, Bing, and other search providers CAN’T.

The result is that Google and its smaller competitors have the right take money for ads that they KNOW ARE FALSE.  Some of the most offensive ads are “bait and switch” schemes, like offers for a $19 locksmith service that get jacked to $300 when the locksmith gets out to your location.

A brave guy and legitimate locksmith named Mark Baldino thought that the situation was unfair.  He notified Google and others about false ads and asked the search engines to take the ads down.  When they refused, Baldino took them to Court.

If you imagined a stirring jury trial filled with impassioned pleas for justice, keep imagining.  The case was basically thrown out of court.

Why, you ask?  Great question.

The answer is Section 230 of the Communications Decency Act of 1996.  The main thrust of the law was designed to help keep pornography offline.  I think you know how well that fight went; in fact, those parts of the law were ruled unconstitutional not long after enactment.  (And fetishists of all stripes have a safe home online to this day.)

But this little nugget from the federal legislation survived:

“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

On its face, this isn’t necessarily a poison that costs the American taxpayer and honest citizens billions of dollars a year.  But unlike beauty, bad laws are not skin deep.  And that’s exactly what this law winds up doing.

In throwing out Mark Baldino’s case by claiming that Google had immunity from all liability under Section 230, the Court ruled:

“This immunity extends to all information posted that does not originate with the defendant as an information content provider.  A publishing website is immune under the CDA even when given notice that it has published false informationAlthough editorial discretion might be feasible for the traditional print publisher, the sheer number of postings on interactive computer services would create an impossible burden in the Internet context.”

So:  even if Google KNOWS IT IS PUBLISHING FALSE INFORMATION, and for which it is PAID MONEY, Google CANNOT be sued for propagating that false information.

Ladies and gentlemen, the United States Congress!

Baldino has appealed, and hopefully he can get the decision overturned.  But the problem isn’t that the Court’s ruling is wrong; the problem is that the Court appears to have correctly applied existing law.

The laws need to be changed.  Until they are, commercial information on the Internet is rife with scams that threaten your finances and your physical safety.

I break down the problem in plain terms, and tell you exactly how you can avoid being victimized, in my new book, Cyber Fraud:  The Web of Lies.  Read the first chapter for free, or order a copy, at www.cyberfraudtheweboflies.com.  I also do personal appearances.  Book signings, weddings, bar mitzvahs:  have your people call my people.

Oh, and be sure to by Google’s stock yesterday.  And while you’re in that time machine, please go back to 1996 and tell Bill Clinton not to sign the Communications Decency Act.  Or hire Monica Lewinsky.