Issue 704

Friday, 17th August 2018

In This Issue


Melbourne kid got busted hacking Apple's "mainframe" and flogging 90GB of data

A 16-year old kid from Melbourne has been busted and pleaded guilty to hacking into Apple's "main computer network, downloading internal files and accessing customer accounts". According to The Age, this kid got access to Apple's mainframe (as if Apple has a mainframe) and "downloaded 90 gigabytes of secure files". Apple found out about this kid snooping around, told the FBI and then FBI then told the AFP, who conducted a "raid on the boy's family home produced two laptops, a mobile phone and a hard drive that matched the intrusion reported by Apple". Old mate kept the stolen data in a folder called "hacky hack hack" and "boasted about his activities on the mobile messaging service WhatsApp". Apple said customer data is safe and there's nothing to see here. I would love to know what's in the 90GB of data he snagged.

A new whistleblower lobs allegations of toxic workplace culture towards Tesla

There's a new Tesla whistleblower who has hired the same lawyer as Martin Tripp, the guy alleging Tesla is using damaged and dangerous batteries in its cars. This new guy, Karl Hansen, a former security employee at Gigafactory 1 in Nevada, is claiming that Tesla: didn't disclose the theft of US$37m of copper and other raw materials in early 2018, spies on its employees by wiretapping and hacking their phones and computers (at the request of Elon), didn't tell the cops when employees were possibly trafficking drugs and retaliating when Tesla sacked Karl for bringing this to their attention. Tesla are saying they can't substantiate what this guy is on about. Yesterday, Martin Tripp went on a tweetstorm (that's since been deleted), publishing pictures of damaged battery packs he says were installed in cars and the VINs of the cars containing those dodgy batteries.

Strong anti-revenge porn laws are now active in Australia

Australia now has an anti-revenge porn law that'll hopefully give some agency back to the women (it happens to men, but it's predominately women) who have nude images of them shared on the internet by a fuckwit man. The Office of the eSafety Commissioner is responsible for issuing take down notices to individuals and companies, who can be slapped with fines and even jail time for not complying. So if you or someone you know has had nudes of them posted online, or even shared amongst a group of people via email or MMS, get in touch with the Office of the eSafety Commissioner and they'll sort it out.

US man suing AT&T for $224m because someone stole his phone number, then his crypto stash

A bloke in the US is suing AT&T for US$224m, accusing them for being the reason he lost approximately US$24m in cryptocurrency. He reckons that because of AT&T's lax security and privacy policy, someone was able to port his phone number to a new SIM, then use the fact they have access to his number to get around the SMS based two factor authentication on his cryptocurrency trading account. This will be a very spicy meatball, as so many Very Important Things are "protected" by SMS 2FA, yet SMS 2FA is very easy to bypass thanks to most telcos allowing you to port a number to a new SIM with very little verification (aka SIM jacking). If AT&T win, it might mean a bunch of services might decide to move away from SMS based 2FA as they can't blame the telco for when an account is hijacked in this manner.

1400 Google employees protest against working on a Chinese version of the search engine

Google is apparently secretly building a version of its search engine for the Chinese market (internally referred to as Dragonfly) that will conform the the Chinese government's strict censorship policies. Google's employees however, are not cool with the idea. A "letter is circulating on Google's internal communication systems and is signed by about 1,400 employees", who say that they "do not have the information required to make ethically-informed decisions about our work, our projects, and our employment" and the Chinese censorship requirements "raise urgent moral and ethical issues". To calm their fears, the signatories of that letter want "Google to allow employees to participate in ethical reviews of the company’s products, to appoint external representatives to ensure transparency and to publish an ethical assessment of controversial projects". The linked article has the letter in full if you're interested.

Not News, But Still Cool

Two pieces of solid analysis of the encryption busting law

Sophos's Naked Security Blog has one of the best overviews of the Assistance and Access Bill draft (aka, anti-encryption law) I've seen so far. Basically, the government plans to force these businesses to do the government's bidding by issuing either a "technical assistance notice" that requires the recipient to hand over any decryption keys they hold or if that doesn't work (i.e: end-to-end encryption), a "technical capability notice", which would force the recipient "to build new capabilities that would help the government access a target’s information where possible". The blog post has a nifty flowchart explaining what happens when the government wants to look at some encrypted communications. Of course, anyone getting a notification from the government, is compelled to keep it secret and if they don't help, there's a variety of penalties designed to encourage compliance. AccessNow has a solid interpretation too. I can't wait to see how this law is enforced on a practical level.

Deactivate your Twitter account and don't start it up again until Twitter cleans up the joint

A bunch of people are protesting Twitter's perverted moral compass by taking part in #deactiday tomorrow (the 17th of August in the USA). As Mark Frauenfelder on Boing Boing put it, "I'm joining Sean and others on August 17 by deactivating my Twitter account. The hashtag for this action is #DeactiDay. If Twitter doesn't fix its hate enabler problem in 30 days, I won't reactivate my account, after which it will be permanently deleted". I fully support people doing this, but I'm not sure if I wanna delete my account. I don't necessarily like Twitter as a company and Jack Dorsey is a shitbird, but I've got so many friends on Twitter and still make new friends on the platform, that I think I'd miss it if it went away. That said, many of my friends have dropped off Twitter, so it certainly isn't what it used to be.

20% iTunes at Costco, cheap Synology DS918 NAS, Seagate HDDs & Hisense 4K TVs

20% off iTunes at Costco (you need to be a Costco member, obviously). I haven't seen 20% off iTunes for a while, so if you're gonna be going to Costco anyways, load up. My favourite NAS, the Synology DS918+ (4-bays, x86 CPU so all the apps work), is $652 delivered on eBay using the code PHASER. If you need HDDs to go with it, Seagate's Ironwolf NAS drives are on sale using the same code too. If you're in the market for a new TV, JB is selling the excellent Hisense P7 65" 4K unit for $1696. Today only apparently. If 65" is too small for ya, the 75" version of the Hisense P7 is $2505, delivered, from Appliance Central on eBay (use the code PENNY5).

That's it, see ya Monday!

PJ Harvey - Dress