Tag Archives: Easy

It Is Mind-Bogglingly Easy to Rope Apple’s Siri into Phishing Scams
June 9, 2018 6:12 pm|Comments (0)

A month ago I was milling about a hotel room in New Orleans, procrastinating my prep for on-stage sessions at a tech conference, when I received a startling iMessage. “It’s Alan Murray,” the note said, referring to my boss’ boss’ boss.

Not in the habit of having Mr. Murray text my phone, I sat up straighter. “Please post your latest story here,” he wrote, including a link to a site purporting to be related to Microsoft 365, replete with Microsoft’s official corporate logo and everything. In the header of the iMessage thread, Apple’s virtual assistant Siri offered a suggestion: “Maybe: Alan Murray.”

The sight made me stagger, if momentarily. Then I remembered: A week or so earlier I had granted a cybersecurity startup, Wandera, permission to demonstrate a phishing attack on me. They called it, “Call Me Maybe.”

Alan Murray had not messaged me. The culprit was James Mack, a wily sales engineer at Wandera. When Mack rang me from a phone number that Siri presented as “Maybe: Bob Marley,” all doubt subsided. Jig, up.

There are two ways to pull off this social engineering trick, Mack told me. The first involves an attacker sending someone a spoofed email from a fake or impersonated account, like “Acme Financial.” This note must include a phone number; say, in the signature of the email. If the target responds—even with an automatic, out-of-office reply—then that contact should appear as “Maybe: Acme Financial” whenever the fraudster texts or calls next.

The subterfuge is even simpler via text messaging. If an unknown entity identifies itself as Some Proper Noun in an iMessage, then the iPhone’s suggested contacts feature should show the entity as “Maybe: [Whoever].” Attackers can use this disguise to their advantage when phishing for sensitive information. The next step involves either calling a target to supposedly “confirm account details” or sending along a phishing link. If a victim takes the bait, the swindler is in.

The tactic apparently does not work with certain phrases, like “bank” or “credit union.” However, other terms, like “Wells Fargo,” “Acme Financial,” the names of various dead celebrities—or my topmost boss!—have worked in Wandera’s tests, Mack said. Wandera reported the problem as a security issue to Apple on April 25th. Apple sent a preliminary response a week later, and a few days after that said it did not consider the issue to be a “security vulnerability,” and that it had reclassified the bug as a software issue “to help get it resolved.”

What’s alarming about the ploy is how little effort it takes to pull off. “We didn’t do anything crazy here like jailbreak a phone or a Hollywood style attack—we’re not hacking into cell towers,” said Dan Cuddeford, Wandera’s director of engineering. “But it’s something that your layman hacker or social engineer might be able to do.”

To Cuddeford, the research exposes two bigger issues. The first is that Apple doesn’t reveal enough about how its software works. “This is a huge black box system,” he said. “Unless you work for Apple, no one knows how or why Siri does what it does.”

The second concern is more philosophical. “We’re not Elon Musk saying AI is about to take over the world, but it’s one example of how AI itself is not being evil, but can be abused by someone with malicious intent,” Cuddeford said. As we let machines guide our lives, we should be sure we know how they’re making decisions.

This article first appeared in Cyber Saturday, the weekend edition of Fortune’s tech newsletter. Sign up here.

Tech

Posted in: Cloud Computing|Tags: , , , , , , ,
Cold Showers Aren't Hard Showers. They're Easy Workouts.
April 23, 2018 6:00 am|Comments (0)

I’ve written here many times on the benefits of cold showers. I’ve blogged more about them. You wouldn’t have clicked on the headline if you weren’t curious about them or already doing them.

Inc. is a community of achievers and has covered cold showers many times. Many talk about science behind their benefit, but since double-blind controlled experiments are hard–how do you create a plausible placebo?–I find credence in their effect I see from them for myself.

Having taken hundreds of cold showers (credit to Joel Runyon for starting my habit), I’ve found that they create

  • Resilience
  • Ability to do what I say
  • Discipline
  • Integrity

and related motivational and emotional skills–what I call leadership skills. Most people find leadership skills hard to come by. Joel’s community credits them for motivation to turn lives around, lose weight, and so on.

Why people don’t try

Seeing as anyone can experiment to find out if cold showers work for themselves at nearly no cost in time, money, or other resources, and given that so many people extol their benefits, why don’t more people try them?

I think I figured out why. I think the reason may help you try them if you haven’t.

I think most people see cold showers as alternatives to hot showers. Hot showers are supremely comfortable. Cold are the opposite. Who wants to sacrifice comfort for its opposite?

If you’re thinking showers, almost no one would substitute discomfort for comfort.

But look at the benefits listed above–resilience, ability to do what one says, discipline, integrity, and such. They’re incredibly valuable and far from typical shower benefits like cleanliness and smelling nice.

Cold showers aren’t a hot shower alternative

Benefits like those come from training and practicing challenges, like going to the gym, playing sports, exercising, practicing musical instruments, and other active, performance-based activities.

Cold showers are as different from hot showers as dolphins are from fish. Yeah, they’re near each other, but one is a fish and the other a mammal.

They’re more like lifting weights or running marathons, except you get the benefits in five minutes, not two hours.

Cold showers are a gym alternative

To get integrity and such from exercise requires a lot of it. For many people that means

  • A gym membership
  • Equipment
  • A trainer
  • Scheduling and travel

and so on. People pay thousands of dollars and countless hours per year for those benefits.

What if you could get all the benefits at zero cost in time, money, and other resources?

Enter cold showers. Yes, they’re difficult, but compare them to going to the gym or other activity that delivers the benefits above. Cold showers

  • Cost nothing
  • Take no extra time (usually they take less time than hot)
  • Require no equipment
  • Require no training, trainers, or spotters
  • Have no risk of injury
  • Require no scheduling

Now compare all this logistical simplicity with gyms, exercise, and other ways to develop resilience, discipline, integrity, and so on.

Yes, cold showers are uncomfortable, but that’s all. In nearly every other way they benefit you deeply at no cost.

A couple cold showers a week can save hours of travel, exercise, coordinating, and planning, as well as thousands of dollars–a much more favorable comparison than against hot showers.

Why not try it?

I’m under no illusion that most people will never try a cold shower. Most people don’t become leaders. I think the aversion to facing and overcoming challenges like these that develop skills like the above is a major reason.

But maybe seeing cold showers as zero cost, zero time, zero injury alternatives to the gym may prompt you to try one, or a month of them to learn and experience the full benefit.

All you have to do is not touch the hot water next time you want to shower. Then you can use the time and money you save elsewhere.

Tech

Posted in: Cloud Computing|Tags: , , , , , ,
Fusion Donald Trump to FBI Investigators: Let Me Make This Easy for You | The Slot In Debate Prep, H
June 19, 2017 12:25 am|Comments (0)

Fusion Donald Trump to FBI Investigators: Let Me Make This Easy for You | The Slot In Debate Prep, Hillary Clinton Practiced Dodging Trump’s Weird Macho Hugs | Deadspin WWE Wants to Replace John Cena With Japan’s Shinsuke Nakamura, And It Might Actually Work | The Root Federal Judge Dismisses ‘Clock Boy’ Ahmed…

Read more…


Uncategorized

Posted in: Web Hosting News|Tags: , , , , , , ,
WIRED Pilot Program: Easy
October 21, 2016 12:20 am|Comments (0)

WIRED Pilot Program: Easy

Joe Swanberg’s new anthology series is funny, sexy, and unexpectedly touching. The post WIRED Pilot Program: Easy appeared first on WIRED.
Uncategorized

Posted in: Web Hosting News|Tags: , , ,