News Bites

In case you were wondering, Siri is not being faithful.  Apple, Microsoft and other tech companies are sharing your voice with third parties.  But before you go ballistic, they are not selling the data.  Third parties such as Walk N’ Talk get your speech from these companies so that they can validate the quality of the speech translation.  And yes, it is a human being that has a job to listen to you and score Siri (see details) And yes, people do tell Siri some strange and naughty things.  I wrote about Samsung doing something similar a few weeks ago.

CERT at Carnegie Mellon is reporting a mDNS amplification DDoS (distributed denial of service) attack.  DDoS attacks take a web site down by overwhelming its servers in a variety of ways.  The effect, no matter the method, is that legitimate users cannot use the web site.   Banks are often attacked this way.  Amplification attacks are ones where the attacker can send a small number of bytes out and the reply is much bigger.  In this case, for each 1 byte of bandwidth the attacker needs to initiate the attack, he gets 10 bytes of attack traffic to the web site he is trying to take down.   In this mDNS attack, the attacker sends a request to a poorly configured DNS server with a fake address and the DNS server sends a large reply to the site being attacked.

In theory, mDNS servers should only respond to requests from their own local network, but researchers found at least 100,000 misconfigured servers that would respond to any address.  This means an attacker could send a 100 byte request to 100,000 servers and deluge a target server with 100 megabytes of trash.  Do this enough times per second and you will take down the target.

Since the traffic looks like it is coming from 100,000 servers all over the Internet, these attack are much harder to stop.

Uber is a disruptive business model and disruptive business models are messy.  Wired is reporting a new trouble Uber is having.  Besides the regulatory challenges, the lawsuits over drivers soliciting customers and worse and district attorneys sueing them for conducting bogus background checks, there is a new problem.  Uber’s new security chief Joe Sullivan, whom they stole from Facebook, has to deal with claims that a Denver Uber driver tried to break into a customer’s house after taking the customer to the airport.

Think about that for a minute.  Talk about an affiliated business arrangement.  The driver takes you to the airport, chatting up on the way.  He finds out where you are going, how long you are going to be gone and if anyone will be home.  He then uses that information to break into your house or sells those leads to other burglars for cash.  Now that is a synergistic business model.

by