Apple apparently has the power to decrypt iPhone storage in response to law-enforcement requests, though they won’t say how. Google can remotely “reset the password” for a phone for cops, too: Last year, leaked training materials prepared by the Sacramento sheriff’s office included a form that would require Apple to “assist law enforcement agents” with “bypassing the cell phone user’s passcode so that the agents may search the iPhone.” Google takes a more privacy-protective approach: it “resets the password and further provides the reset password to law enforcement,” the materials say, which has the side effect of notifying the user that his or her cell phone has been compromised. Ginger Colbrun, ATF’s public affairs chief, told CNET that “ATF cannot discuss specifics of ongoing investigations or litigation. ATF follows federal law and DOJ/department-wide policy on access to all communication devices.” …The ATF’s Maynard said in an affidavit for the Kentucky case that Apple “has the capabilities to bypass the security software” and “download the contents of the phone to an external memory device.” Chang, the Apple legal specialist, told him that “once the Apple analyst bypasses the passcode, the data will be downloaded onto a USB external drive” and delivered to the ATF. It’s not clear whether that means Apple has created a backdoor for police — which has been the topic of speculation in the past — whether the company has custom hardware that’s faster at decryption, or whether it simply is more skilled at using the same procedures available to the government. Apple declined to discuss its law enforcement policies when contacted this week by CNET. It’s not clear to me from the above whether Google “resetting the password” for Android devices merely bypasses the lock-screen or actually decrypts the mass storage on the phone if it has been encrypted. I also wonder if the “decryption” Apple undertakes relies on people habitually using short passwords for their phones — the alternative being a lot of screen-typing in order to place a call. Apple deluged by police demands to decrypt iPhones [Declan McCullagh/CNet] ( via /. )
Visit link:
Apple can decrypt iPhones for cops; Google can remotely “reset password” for Android devices
Astronaut Chris Hadfield — the tweeting , tumbling Canadian astronaut who’s a one-dude astro-ambassador from the space programme to the Internet — has produced and released a video of his own performance of David Bowie’s “Space Oddity” (AKA the “Major Tom song”) on the ISS. He adapts the lyrics a bit to his own situation — and changes out the whole dying-in-space chorous — but is otherwise pretty faithful. From the credits, it appears that David Bowie gave permission for this, though that’s not entirely clear. I would think that not even a major record label would be hamfisted and cack-handed enough to send a takedown notice over this one (it’s been suggested for Boing Boing more than any other link in my memory), but I’m prepared to be surprised. Space Oddity 
kkleiner writes “Recently developed noodle-making robots have now been put into operation in over 3,000 restaurants in China. Invented by a noodle restaurant owner, each unibrow-sporting robot currently costs 10,000 yuan ($1,600), which is only three months wages for an equivalent human noodle cook. As the cost of the robot continues to drop, more noodle shops are bound to displace human workers for the tirelessly working cheaper robots.” Read more of this story at Slashdot. 
Greg Costikyan sez, inBloom , a Gates-funded non-profit to harness data to improve grade school education, has partnered with New York and eight other states to encourage the development of apps to “further education” by using intimate data about students, without parental consent and with no ability for parents to opt out. Among the data shared are name, address, phone numbers, test scores, grades, economic status, test scores, disciplinary records, picture, email, race, developmental delay… just about everything conceivable , and all specific, none of it anonymized. inBloom has arrangements with nine states (New York, Massachusetts, Louisiana, Colorado, Illinois, North Carolina, Georgia, Delaware and Kentucky) to do this. The XML schema used are downloadable here . Anyone can register as a developer and start using “sample” data, but “real” data is supposedly only available to developers with contracts with a school board. But this includes for-profit, third party developers, such as, say, Amplify, a News Corp subsidiary with a contract with New York. And it doesn’t appear there are any constraints on their use of this data. Who is Stockpiling and Sharing Private Information About New York Students? ( Thanks, Greg! ) 
The Internet has been groaning under the weight of a massive distributed denial of service (DDoS) attack on the Domain Name Service, apparently aimed at anti-spam vigilantes Spamhaus, in retaliation for their blacklisting of Dutch free speech hosting provider Cyberbunker. At 300 mbps, the DDoS is the worst in public Internet history. “These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of Cloudflare. “It’s so easy to cause so much damage.” The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second. “It is a real number,” Mr. Gilmore said. “It is the largest publicly announced DDoS attack in the history of the Internet.” Spamhaus, one of the most prominent groups tracking spammers on the Internet, uses volunteers to identify spammers and has been described as an online vigilante group. In the past, blacklisted sites have retaliated against Spamhaus with denial-of-service attacks, in which they flood Spamhaus with traffic requests from personal computers until its servers become unreachable. But in recent weeks, the attackers hit back with a far more powerful strike that exploited the Internet’s core infrastructure, called the Domain Name System, or DNS. As bad as this is, it could be a lot worse. An anonymous paper called Internet Census 2012: Port scanning /0 using insecure embedded devices reports on a researcher’s project to scan every IPv4 address for publicly available machines that will accept a telnet connection and yield up a root login to a default password. The researcher reports that 1.2 million such devices are available online (s/he compromised many of these machines in order to run the census). These machines are things like printers and routers with badly secured firmware, visible on the public net. They are often running an old version of GNU/Linux and can be hijacked to form part of a staggeringly large botnet that would be virtually unkillable, since the owners of these devices are vanishingly unlikely to notice that they are silently running attackware, and the devices themselves are completely unregarded. Firm Is Accused of Sending Spam, and Fight Jams Internet [NYT/John Markoff & Nicole Perlroth] ( via Hacker News ) 
