Husband to San Bernadino Victim Backs Apple in iPhone Unlock Case

With the likes of Microsoft and Facebook supporting them, Apple is gearing up for their battle against the FBI over the iPhone unlock case from the San Bernadino shooting. In a surprise move, Apple has gained an unlikely and important supporter in their fight against the US government. In a letter filed with the court, Salihin Kondoker, an IT consultant whose wife was shot 3 times in the attack is backing Apple’s stance.

In his letter, Kondoker notes that he initially did not side with Apple but after learning more about the case, realized it there was more to it than simply unlocking one phone. He doesn’t believe that security is a worthwhile benefit for losing privacy and realizes the ramifications of Apple bending to the FBI’s will. Kondoker also notes as many other have, that the attacker’s work iPhone would be unlikely to contain any important information, as the county could have accessed it at any time prior to the attacks. Here are some excerpts from the letter.

When I first learned Apple was opposing the order I was frustrated that it would be yet another roadblock. But as I read more about their case, I have come to understand their fight is for something much bigger than one phone. They are worried that this software the government wants them to use will be used against millions of other innocent people. I share their fear.

I support Apple and the decision they have made. I don’t believe Tim Cook or any Apple employee believes in supporting terrorism any more than I do. I think the vicious attacks I’ve read in the media against one of America’s greatest companies are terrible.

Finally, and the reason for my letter to the court, I believe privacy is important and Apple should stay firm in their decision. Neither I, nor my wife, want to raise our children in a world where privacy is the tradeoff for security. I believe this case will have a huge impact all over the world.

You will have agencies coming from all over the world to get access to the software the FBI is asking Apple for. It will be abused all over to spy on innocent people.

America should be proud of Apple. Proud that it is an American company and we should protect them not try to tear them down.

In addition to Kondoker’s support, Apple has also been backed by the former heads of the NSA, the FBI, and Homeland Security, noting that the case is more complex than the FBI makes it out to be. They all warn against the loss of trust and privacy that would occur and that acting on fear and public opinion would lead down the wrong path.

Mark Zuckerberg’s Neighbours Unhappy Again!

Mark Zuckerberg is not really ingratiating himself with his neighbours within the local but admittedly expensive community that is Liberty Hill in San Francisco. The extensive construction and the accompanied noise and disruption has not been a favourite with the fellow residents and now a parking dispute has again caused friction between the Facebook founder and his neighbours.

The aforementioned parking dispute involves Mark Zuckerberg’s security team “permanently’ and illegally occupying desirable parking spots in the area with two silver SUVs”. Below is an image to illustrate the alleged problem that has annoyed the fellow residents, as you can see, these vehicles are stationed next to the social network founder’s house.

It has annoyed the community to such an extent that it has distributed a letter to residents urging them to “complain to the San Francisco Municipal Transportation Agency (SFMTA) about the vehicles and also contact Zuckerberg’s residential security manager, Tim Wenzel” Below is an image of the letter that was obtained.

In response, a spokesperson for Mark Zuckerberg states “The security team’s cars are parked in accordance with local parking laws. The team strives to be sensitive to neighbour’s concerns and regrets any inconvenience.”

Disputes, in this case, can be perceived as rather silly with the potential to escalate out of all proportion, I think this has evolved from allegations in 2014 of persistent and noisy construction work followed by further allegations involving an apparent restraining order which had reportedly been filed by Mr Zuckerberg’s security team against a 62-year-old local man, leaving him temporary homeless in 2015. I do think there is also a perception that “rich” individuals do not respect the social etiquette within the community, but rather zoom in and develop an area without any consideration for residents.

It will be interesting to see if there are any further reports of alienation between both parties in the future.

Image courtesy of dnaindia

Which Companies Had The Most Security Vulnerabilities In 2015?

Cyber security is a hot topic and the rise of attacks which looks to exploit security flaws within a company’s software is becoming increasingly commonplace within the tech world. CVE Details have thus released its rundown of the most security vulnerabilities in a variety of software products for 2015 and it contains a top five that includes Mac OS X, iOS, Flash, Adobe Air and Air SDK.

Below is an image which details the number of vulnerabilities per software product, as you can see, the reports suggest that Mac OSX had a reported total of 384 vulnerabilities with IOS just slightly behind on 375, Adobe Flash player makes up the top 3 with 314 that have been officially disclosed. There is, however, one or two caveats behind these stats, for example, CVE Details Lists every version of Mac OSX as one entry, while the many multiple editions of Windows are listed separately, this means that while OSX is at the top, if you look down you will see Windows has a higher count of vulnerabilities when you take into account versions from Windows 8.1 all the way back to Vista etc.

The second image of the bar graph also conveys the vulnerabilities of the top 50 products by vendor, as you can see, Microsoft edges out Adobe while Apple is third.

In 2014 the list of the top five were IE browser, Mac OS X, Linux Kernel, Chrome and iOS, it is also worth noting that not every software company has the same policy when it comes to disclosing security vulnerabilities within their software. 

Image courtesy of businesscomputingworld

The Unique World Of 2016 Cyber Security Predications

2016 is here and I still want my hoverboard, by this, I mean an authentic Back to the Future machine and not the cheap plastic device that is currently being marketed. Anyway, this year promises to be compelling for a number of reasons including Cyber Security and the nature of locking data away from the many threats that now lurk within the Cyber walls. Various individuals have had their predictions concerning the coming year’s potential cyber security issues and I thought it would be interesting to convey a selection of the many theories below.

A Cyber Attack will look to exploit the 2016 US presidential election
This may be classed as an outside possibility, even though it would be technically possible whether it will happen is a different matter, this prediction arrives courtesy of Ryan Olson, director of threat intelligence for Palo Alto Network who states that hackers could look to obtain private information from candidates via emails or social network accounts.  Any sensitive information that might be released could, in theory, sway an election, unless you’re Mr Trump who says what he thinks anyway.

Virtual Boarders that control access to the Internet
This theory is far from new, but could be a reality if certain powerful figures are able to exert major control over the internet.  According to Kaspersky Lab, we could see a development of Internet borders that divide access to information along country lines.

Hacked data could become a huge commodity
2015 became the year of the hack and included everything from Dating websites to the leaking of huge databases containing sensitive government details, according to Dmitri Alperovitch, CTO and co-founder of Crowdstrike, who states that hackers are aiming to build up huge stocks of information that contain multiple strands of data. This could lead to blackmailageddon, or something equally terrifying, whereby extortion attacks on individuals and companies are widespread.

Chinese VS Russian Hackers
This one sounds like an opening scene from Rush Hour, but no, according to experts with IID predict, as China’s economy stops growing, many cyber hackers might turn from Cyber espionage to cybercrime. This could then lead to criminal activity that is far bigger than that of Easton Europe.  Is it possible?  You never know considering the technical expertise many hackers possess in china.

Cyber attacks will destroy a major brand or product.  
This prediction from Mark Painter who is a security evangelist for Hewlett-Packard Enterprises is quite feasible considering the many holes which exist within certain tech products.  This individual states that “We are increasingly close to finding out in 2016 if a major product will shut down due to security issues”. Adobe Flash springs to mind considering we all know companies would quite happily cut their losses if a product becomes more trouble than it’s worth.

Will any of these come true?  Only time will tell, especially if Ronald McDonald becomes president.

Image courtesy of PCWorld

reddit Ditches HTTP Goes All In HTTPS

Starting June 29th, popular site reddit will be enforcing HTTPS compliance with all of its traffic. Plaintext HTTP traffic will be rejected by the site starting on that date. HTTPS will be supported by HSTS to make sure it is more secure and secure against downgrade attacks. This move comes after reddit first introduced HTTPS 9 months ago. That program was opt-in only however and suffered some compatibility issues. It appears that reddit is now confident enough to enforce HTTPS for everyone.

reddit joins the trend of other firms in offering more secure communications by switching to HTPPS. No longer will spies be able to determine your favourite subreddits, or link your account and comments back to you. Wikipedia announced HTTPS will be rolling out for all users last week and Netflix will eventually also support HTTPS for all users after starting a roll out two months ago. In comparison, Facebook moved to HTTPS almost 3 years ago.

HTTPS encryption is not free as it still incurs a bandwidth and processing load overhead. However, the disclosure of various state sponsored bulk surveillance programs and the rise of other criminally malicious actors have led to calls for more security. reddit noted that it valued the privacy and open communication its users enjoys and in some ways, it seems logical that most communication happen over HTTPS, as it as the very least, requires malicious actors to take extra steps to break into our communications. The announcement post can be found here.

Synology Encourages Users to Update Their NAS

Synology is encouraging users of their NAS devices to upgrade to the latest DiskStation Manager 5.2, as well as their installed apps, to address security concerns associated with Photo Station as well as other vulnerabilities.

Synology worked closely with technical experts to identify and resolve the issues before it affected customers, and they succeeded. Back on May 12th they released DSM 5.2 with added security enhancements and the company released another update with more safeguards on May 21. But not everyone has updated and those who haven’t are at risk.

Synology Technical Marketing Manager Franklin Hua said, “To date, we haven’t seen suspicious activity reported by our customers. Still, we’re encouraging them to update their OS and add-on packages immediately – if they haven’t done so, already. Security updates can easily be applied within the DSM for the latest security releases for the OS. For greater convenience, automatic updates can be enabled to allow the DSM to update itself – in the background – without user intervention.”

On May 25 an independent consulting firm identified the possible vulnerabilities in Photo Station, but Synology was already on top of things and it was fixed before the article even ran.

It is great to see companies take security as serious as Synology does. Don’t be a fool, upgrade your headless units regularly or enable automatic updating if it exists, as it does in DSM.

Synology also has their Product Security Advisory where you can read more about the above-mentioned issues.