ICYMI | 万一你错过了| 당신이 그것을 놓친 경우

Digital Chief Kevin King Quits Edelman After 14 Years – More recently, sources familiar with the situation also point to ongoing questions regarding the agency’s investment priorities. Famously, Edelman has hired more than 600 creatives and planners over the last three years, in a bid to better compete with agencies across the paid and earned media spectrum

CSL on Fifa 19: not quite fantasy football but you can see why the China league is joining the EA party | South China Morning Post – unsurprising given the Chinese government’s aspirations for soccer and the domestic league. EA can’t ignore the size of gaming in China either

Natural Cycles: ASA investigates marketing for contraception app | The Guardian – The Family Planning Association is also concerned about the app. A spokeswoman said: “The use of the word ‘certified’ suggests that there is independent evidence supporting these claims, whereas in fact the only evidence is from the company itself. It has amassed a vast database, which is very interesting, but that is not the same as verified independent evidence. – and there is the challenge of a blind faith in big data. If they get this wrong the individual consequences are huge

The Troubled Quest for the Superconducting Wind Turbine – IEEE Spectrum – the interesting bit about about this is that in sea turbines aren’t considered instead of wind. Wind’s economics problem is their consistency, turbines are actually only doing work less than half them time – that’s the problem that’s driving size. If you put the the turbines in the water to take advantage of currents instead energy transference, more consistent power and size becomes a civil engineering problem like a dam rather than space programme style construction. How are super conductors supposed to even work?

Britain’s Fake News Inquiry Says Facebook And Google’s Algorithms Should Be Audited By UK Regulators – if this goes through its the thin end of the wedge. The UK is much more beholden to commercial interests than even the US. The record industry the the English Premier League have managed to bring down the full force of government censorship with the Digital Economy Act. And both Facebook and Alphabet only have themselves to blame. China’s concept of cyber sovereignty starts to look prescient; and we all look as if we might be living in a darker world

Oprah time: The Master Switch by Tim Wu

Untitled

The Master Switch author Tim Wu is an American lawyer, professor and expert  on internet matters. He is main claim to fame is coining the phrase ‘net neutrality’ back in 2003. He is well known as an advocate of the open internet.

One needs to bear all this in mind when thinking about The Master Switch: The Rise and Fall of Information Empires. In it Wu posits a natural lifecycle for the rise and maturation of platform and media companies; which he called the ‘long cycle’.

Wu uses the following companies as examples:

  • Western Union’s telegraph monopoly
  • Western Union-owned Associated Press’ relationship with the nascent newspaper industry
  • AT&T in telecoms
  • The early film industry and the rise of Hollywood studios
  • Apple’s history – though this point is less nuanced because Apple has cycled a number of times between open and closed systems – a nuance that Wu doesn’t fully pick up on

In The Master Switch, he points about how these companies have moved from open systems to closed systems in order to maximise profits and resist change. Wu then uses these cycle to argue that a repeat of history was under way with the modern internet. In 2010 when the book was written; this would have ben the rise of Google, Facebook and Amazon.

Ed Vaizey announced that ISPs should be free to abandon net neutrality in the UK and it was abandoned in the US when FCC chairman Ajit Pai was appointed by Donald Trump.

SaveSave

SaveSave

SaveSave

Five for Friday | 五日(星期五)

Things that made my day this week:

Pretty much everything that you really need to know about fake news.

Scott Galloway framed these questions as the ones that politicians should be asking of Facebook et al; I also think that smart shareholders should be putting these questions on the table as well

Air France Music – via our Matt

I love this tour though the history of the Honda Civic

“Tup-e-Tung”, or the Afghan War Rug – The Firearm BlogThe Firearm Blog – really nice article on how the series of wars that regularly punctuate the country’s modern history have impacted traditional carpet design

The internet of hacking or WTF is happening with my smart home?

Mirai – is a bot network that is powered by a range of devices including infected home routers and remote camera systems. It took over these systems by using their default passwords. The network of compromised machines is then targeted to overload a target network or service. Last week the Dyn DNS service was targeted which restricted access to lots of other services for users on the east coast of the US.

DNS is like a telephone directory of internet destinations, if no one knows where to go it becomes a lot harder to get in touch.

DDoSing
Mirai didn’t spring miraculously out of thin air. It finds its history in passionate gamers who used distributed denial of service (DDoS) attacks to slow down or even kick opponents off online gaming platforms. Eventually the gaming companies got hip to it and went after the cheaters, not to be outdone the cheaters went after the gaming companies.

Taking a service offline using DDoS became a source of extortion against online banking and e-commerce services. Attacks can be used as a form of ‘digital hit’ to take out opponents or critics like online security commentator Brian Krebs.

Computing
Moore’s Law meant that computing power has become so small and plentiful that it is surprising what we often have in the palms of our hands. The first Cisco router was built on the circuit board of a Sun Microsystems workstation. Home routers now are basically small computers running Linux. A CCTV camera box or a DVR are both basic PCs complete with hard drives.

Back in 2007, BlackBerry co-founder Mike Lazaridis described the iPhone as

“They’ve put a Mac in this thing…”

The implication being that the power of a sophisticated PC was essentially in the palm of one’s hand. The downside of this is that your thermostat is dependent on a good broadband connection and Google based cloud services and your television can get malware in a similar manner to your PC.

Security
For a range of Chinese products that have been acknowledged as part of the botnet; the manufacturer acknowledged that they were secured with a default admin password. They fixed the problem in a later version of the firmware on the device. Resetting the default password is now part of the original device set-up the first time you use it.

The current best advice for internet of things security is protecting the network with a firewall at the edge. The reality is that most home networks have a firewall on the connected PCs if you were lucky. The average consumer doesn’t have a dedicated security appliance on the edge of the home network.

Modern enterprises no longer rely on only security at the edge, they have a ‘depth in defence’ approach that takes a layered approach to security.

That would be a range of technology including:

  • At least one firewall at the edge
  • Intrusion detection software as part of a network management suite
  • A firewall on each device
  • Profile based permissions across the system (if you work in HR, you have access to the HR systems, but not customer records
  • Decoy honey post systems
  • All file systems encrypted by default so if data is stolen it still can’t be read

Processes:

  • Updating software as soon as it becomes available
  • Hard passwords
  • Two-factor authentication

Depth in defence is complex in nature, which makes it hard to pull off for the average family. IoT products are usually made to a price point. These are products as appliances, so it is hard for manufacturers to have a security eco-system. The likelihood of anti-virus and firewall software for light bulbs or thermostats is probably small to non-existent.

The Shenzhen eco-system
Shenzhen, just across the border from Hong Kong has been the centre of assembly for consumer electronics over the past 20 years. Although this is changing, for instance Apple devices are now assembled across China. Shenzhen has expanded into design, development and engineering. A key part of this process has been a unique open source development process. Specifications and designs are shared informally under legally ambiguous conditions – this shares development costs across manufacturers and allows for iterative improvements.

There is a thriving maker community that allows for blurring between hobbyists and engineers. A hobbyists passion can quickly become a prototype and then into production . Shenzhen manufacturers can go to market so fast that they harvest ideas from Kickstarter and can have them in market before the idea has been funded on the crowdsourcing platform.

All of these factors would seem to favour the ability to get good security technologies engineered directly into the products by sharing the load.

China
The European Union were reported to be looking at regulating security into the IoT eco-system, but in the past regulation hasn’t improved the security of related products such as DSL routers. Regulation is only likely to be effective if it is driven out of China. China does have a strong incentive to do this.

The government has a strong design to increase the value of Chinese manufacturing beyond low value assembly and have local products seen as being high quality. President Xi has expressed frustration that the way Chinese manufacturing appears to be sophisticated, yet cannot make a good ballpoint pen.

Insecurity in IoT products is rather like that pain point of poor quality pens. It is a win-win for both customers, the Chinese manufacturing sector and by extension the Party.

More Information
WSJ City – Massive Internet Attack Stemmed From Game Tactics
Your brilliant Kickstarter idea could be on sale in China before you’ve even finished funding it | Quartz
Asus lawsuit puts entire industry on notice over shoddy router security | Ars Technica
Europe to Push New Security Rules Amid IoT Mess — Krebs on Security
Why can’t China make a good ballpoint pen? | Marketplace.org

The Yahoo! Data Breach Post

Yahoo! had a data breach in 2014, it declared the breach to consumers on September 22. This isn’t the first large data breach breach that Yahoo! has had over the past few years just the largest.

In 2012, there was a breach of 450,000+ identities back in 2012. Millions of identity records were apparently being sold by hackers in August 2016 that the media initially linked to the 2012 breach. It would be speculative to assume that the records for sale in August was part of the 2014 raid.

The facts so far:

  • 500 million records were stolen by the hackers. Based on the latest active email account numbers disclosed for Yahoo! many of these accounts are inactive or forgotten
  • Some of the data was stored unencrypted
  • Yahoo! believes that it was a state sponsored actor, but it has offered no evidence to support this hypothesis. It would be a bigger reputational issue if it was ‘normal’ hackers or an organised crime group
  • There are wider security implications because the data included personal security questions

The questions

Vermont senator asked the following questions in a letter to Yahoo!:

  • When and how did Yahoo first learn that its users’ information may have been compromised?
  • Please provide a timeline detailing the nature of the breach, when and how it was discovered, when Yahoo notified law enforcement or other government authorities about the breach, and when Yahoo notified its customers. Press reports indicate the breach first occurred in 2014, but was not discovered until August of this year. If this is accurate, how could such a large intrusion of Yahoo’s systems have gone undetected?
  • What Yahoo accounts, services, or sister sites have been affected?
  • How many total users are affected? How were these users notified? What protection is Yahoo providing the 500 million Yahoo customers whose identities and personal information are now compromised?
  • What steps can consumers take to best protect the information that may have been compromised in the Yahoo breach?
  • What is Yahoo doing to prevent another breach in the future?
  • Has Yahoo changed its security protocols, and in what manner?
  • Did anyone in the U.S. government warn Yahoo of a possible hacking attempt by state-sponsored hackers or other bad actors? When was this warning issued?

Added to this, shareholders and Verizon are likely to want to know:

  • Chain of events / timing on the discovery on the hack?
  • Has Yahoo! declared what it knew at the appropriate time?
  • Could Yahoo! be found negligent in their security precautions?
  • How will this impact the ongoing attrition in Yahoo! user numbers?

Additional questions:

  • How does Yahoo! know that it was a state sponsored actor?
  • Was there really Yahoo! web being sold on the dark web in August?
  • Was that data from the 2014 cache?
  • How did they get in?

More information
An Important Message About Yahoo User Security | Yahoo – Yahoo!’s official announcement
UK Man Involved in 2012 Yahoo Hack Sentenced to Prison | Security Week
Congressional Leaders Demand Answers on Yahoo Breach | Threat Post