Tag: episode-nbsp8

Zuckerberg phones Obama to complain about NSA spying

The day after a Snowden leak revealed that the NSA builds fake versions of Facebook and uses them to seed malicious software in attacks intended to hijack “millions” of computers, Facebook CEO and founder Mark Zuckerberg telephoned President Obama to complain about the NSA’s undermining of the Internet’s integrity. As many have pointed out, it would have been nice to hear Zuckerberg taking the Internet’s side before his own stock portfolio was directly affected, but better late than never. Zuckerberg’s post on his conversation excoriates the US government for its Internet sabotage campaign, and calls on the USG to “be the champion for the internet, not a threat.” Curiously, Zuckerberg calls for “transparency” into the NSA’s attacks on the Internet, but stops short of calling for an end to government-sponsored attacks against the net. In the end, though, Zuckerberg calls on companies to do a better job of securing themselves and their users against intrusive spying. It’s not clear how that will work for Facebook, though: its business model is predicated on tricking, cajoling, and siphoning personal data out of its users and warehousing it forever in a neat package that governments are unlikely to ignore. I’m told that 90% of US divorce proceedings today include Facebook data; this is a microcosm of the wider reality when you make it your business to stockpile the evidentiary chain of every human being’s actions. The internet works because most people and companies do the same. We work together to create this secure environment and make our shared space even better for the world. This is why I’ve been so confused and frustrated by the repeated reports of the behavior of the US government. When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government. The US government should be the champion for the internet, not a threat. They need to be much more transparent about what they’re doing, or otherwise people will believe the worst. I’ve called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform. So it’s up to us — all of us — to build the internet we want. Together, we can build a space that is greater and a more important part of the world than anything we have today, but is also safe and secure. I’m committed to seeing this happen, and you can count on Facebook to do our part. As the world becomes more complex and governments everywhere struggle, trust in the internet is more important today than ever. ( Image: Mark Zuckerberg Facebook SXSWi 2008 Keynote , a Creative Commons Attribution (2.0) image from deneyterrio’s photostream )        

Link:
Zuckerberg phones Obama to complain about NSA spying

Samsung Galaxy back-door allows for over-the-air filesystem access

Developers from the Replicant project (a free Android offshoot) have documented a serious software back-door in Samsung’s Android phones , which “provides remote access to the data stored on the device.” They believe it is “likely” that the backdoor could provide “over-the-air remote control” to “access the phone’s file system.” At issue is Samsung’s proprietary IPC protocol, used in its modems. This protocol implements a set of commands called “RFS commands.” The Replicant team says that it can’t find “any particular legitimacy nor relevant use-case” for adding these commands, but adds that “it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a back-door. Nevertheless, the result is the same and it allows the modem to access the phone’s storage.” The Replicant site includes proof-of-concept sourcecode for a program that will access the file-system over the modem. Replicant has created a replacement for the relevant Samsung software that does not allow for back-door access. Samsung Galaxy devices running proprietary Android versions come with a back-door that provides remote access to the data stored on the device. In particular, the proprietary software that is in charge of handling the communications with the modem, using the Samsung IPC protocol, implements a class of requests known as RFS commands, that allows the modem to perform remote I/O operations on the phone’s storage. As the modem is running proprietary software, it is likely that it offers over-the-air remote control, that could then be used to issue the incriminated RFS messages and access the phone’s file system. …The incriminated RFS messages of the Samsung IPC protocol were not found to have any particular legitimacy nor relevant use-case. However, it is possible that these were added for legitimate purposes, without the intent of doing harm by providing a back-door. Nevertheless, the result is the same and it allows the modem to access the phone’s storage. However, some RFS messages of the Samsung IPC protocol are legitimate (IPC_RFS_NV_READ_ITEM and IPC_RFS_NV_WRITE_ITEM) as they target a very precise file, known as the modem’s NV data. There should be no particular security concern about these as both the proprietary implementation and its free software replacement strictly limit actions to that particular file. Samsung Galaxy Back-door        

See more here:
Samsung Galaxy back-door allows for over-the-air filesystem access