Uber Security Breach Reported

It’s been a couple of weeks since a big security breach has been reported so you just knew one was due and this time its Uber that has been breached.

The names and license plate numbers of about 50,000 Uber drivers were compromised in a security breach last year, the company revealed Friday.

Uber discovered a possible breach of its systems in September, and a subsequent investigation revealed an unauthorized third party had accessed one of its databases four months earlier, the company said.

The files accessed held the names and license plate numbers of about 50,000 current and former drivers, which Uber described as a “small percentage” of the total. About 21,000 of the affected drivers are in California. The company has several hundred thousand drivers altogether.

Uber is currently in the process of notifying the affected drivers and advising them to monitor their credit reports for fraudulent transactions and accounts. Uber has also stated that it has not received any reports of actual misuse of the data.

As has become the typical response of companies who have had their data breached Uber will provide a year of free identity protection service to the affected drivers.

Uber has also said that it has filed a “John Doe” lawsuit Friday to help it confirm the identity of the party responsible for the breach.

The Passing of a Legend – Leonard Nimoy

It is with sadness that I write that Leonard Nimoy has passed away today at the age of 83. Mr. Spock and Star Trek in general have been a critically important part of guiding my life since my very earliest memories. The moral and ethical philosophy of Gene Roddenbery’s Star Trek has guided me throughout my life and often taught me how to act, interact with people and even how to conduct myself in the professional world.

Upon getting married back in 1985 and raising two amazing boys (now 23 and 27) Star Trek again acted as a guidepost for raising my sons. Neither boy would be the very special person they have become if it was not for their exposure to Star Trek. I truly believe that. Leonard Nimoy was an incredibly part of what Star Trek became and by extension who I became as well as my two boys.

Leonard Nimoy, who played Mr. Spock on the original Star Trek series, was hospitalized last week following complaints of severe chest pains. Nimoy revealed last year that he had been diagnosed with chronic obstructive pulmonary disease. According to the Times, Nimoy’s wife Susan Nimoy confirmed the death while confirming COPD as the official cause of his death.

Nimoy’s Star Trek series ran from 1967 to 1969 on CBS, where he co-starred with William Shatner’s Captain Kirk. He would later portray the character in five Star Trek films that ran throughout the seventies and eighties. Nimoy also directed Star Trek III: The Search for Spock and Star Trek IV: The Voyage Home. He most recently played an older version the character in J. J. Abrams’ Star Trek reboot and its sequel Star Trek: Into Darkness. 

Leonard Nimoy you will be missed by an unimaginable amount of people worldwide and for centuries to come.

FCC Overturns State Laws Limiting Municipal Broadband Plans

Today the U.S. Federal Communications Commission voted to overturn large parts of two state laws that limit local governments from funding and building broadband networks.

Commissioners, in a 3-2 vote moved to preempt laws in both North Carolina and Tennessee that limit the expansion of existing municipal broadband networks in the two states.

The FCC order, coming in response to petitions from a city in each state, does not apply to laws that limit municipal broadband networks in about 20 other states. But the vote signals how the agency is likely to act if it receives similar petitions from cities in other states, FCC officials have said.

The FCC action will help bring broadband competition to new areas, FCC Chairman Tom Wheeler said. “You can’t say you’re for broadband, and then turn around and endorse limits on it,” he said. ‘You can’t say you’re for competition, then deny local officials the right to offer competing choices.”

Several states have generated “thickets of red tape” meant to limit city-funded broadband networks from offering service Wheeler said.

State groups and some congressional Republicans argue that municipal broadband services use taxpayer money to compete with private broadband providers. In a handful of cases, municipal broadband projects have run into financial problems after large initial investments, critics note.

This is another piece of evidence that internet access is in the process of being classified as a “public utility” in much the same way as telecommunications and electricity.

FCC Rules on Net Neutrality

Well today has finally arrived in respect to the FCC’s decision in respect to net neutrality and it went down like most of us expected and hoped for.

The U.S. Federal Communications Commission voted to approve new net neutrality rules by reclassifying broadband as a regulated public utility over the objections of the commission’s Republican members and large broadband providers.

The commission voted 3-2 today to approve net neutrality rules that prohibit broadband providers from selectively blocking or slowing Web traffic and from offering paid traffic prioritization services. The commission’s vote on the new rules prompted loud applause from the audience at the FCC meeting.

Of course the new regulations will almost certainly face a court challenge from broadband providers, and a court case could drag out for years. Verizon Communications, AT&T and Comcast have all publicly opposed reclassification of broadband. They see profits and control diminishing in respect to internet services and the ISP’s will not go down without a fight.

The rules are basically grounded in a reclassification of broadband from a lightly regulated information service to a more heavily regulated telecommunications service, although FCC staff said the agency will refrain from applying about 700 traditional telecom rules, such as price regulation and forced sharing of networks with competitors.

The order applies net neutrality regulations to mobile, as well as fixed and broadband providers although smaller broadband providers will be exempt for a period of time. The new rules will prohibit broadband providers from acting as gatekeepers to Web content.

The FCC’s vote comes after a year of debate over net neutrality rules. In early 2014, a U.S. appeals court overturned net neutrality rules the agency passed in 2010, saying the FCC pegged the rules to the wrong section of the Telecommunications Act.

There is sure to be some court battles with the big broadband providers with republicans lining up with the them to battle the FCC and democrats. For me, I stand with the FCC on this one.

The Most Vulnerable Operating System is …

A recent report published by GFI seems to prove my long time belief that Microsoft’s seemingly never ending security woes are due in large part by it’s popularity.

When people think of a vulnerable operating system, the first thing that comes to mind is, well, Windows. However according to a new report from GFI, that is not the case. The most vulnerable operating system in the world is actually Apple’s MacOS X, followed by Apple’s iOS. Yes, Apple.

TweakTown image news/4/3/43736_01_two-vulnerable-operating-systems-both-belong-apple.jpg

GFI’s report finds Apple taking the top two spots when it comes to OS vulnerabilities, with OS X having 147 vulnerabilities, and iOS with 127. Third position goes to Linux Kernel with 119 vulnerabilities, and Windows Server 2008 in fourth position with 38. Windows 7 strangely enough, comes in at fifth place with just 38 vulnerabilities. What is particularly surprising here is that OS X comes in with 109 more security holes then Windows 7.

As whenever is the case when working with numbers this can be somewhat confusing. Here we find GDI’s numbers seem to throw all versions of MacOS X into a single “MacOS X” entry. Compare this to the separate entries for Windows 7, Windows 8, Windows 8.1 and so on. If all the the number of vulnerabilities found in 3 active Windows operating systems would be higher than MacOS X. But the iOS vulnerabilities is something we should be looking at, very closely.

The point here that I find interesting is that my long time belief that MAC’s OS is no special sauce of security proof software. The security issues that have plagued Microsoft’s Windows is due almost solely to it’s popularity. Windows dominated the computer market with 90% adoption, so of course if you are a cyber-criminal that’s the most enticing is of course Windows. Simply more victims to be had.

US-CERT Alert – Lenovo Superfish Adware

Last week the National Cyber Awareness System issued an alert regarding Superfish which I also touched on. Today the US-CERT issued an update regarding the Superfish security flaw:

TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Original release date: February 20, 2015 | Last revised: February 24, 2015

Systems Affected

Lenovo consumer PCs that have Superfish VisualDiscovery installed.


Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an attacker to spoof HTTPS traffic.


Starting in September 2014, Lenovo pre-installed Superfish VisualDiscovery spyware on some of their PCs. This software intercepts users’ web traffic to provide targeted advertisements.  In order to intercept encrypted connections (those using HTTPS), the software installs a trusted root CA certificate for Superfish. All browser-based encrypted traffic to the Internet is intercepted, decrypted, and re-encrypted to the user’s browser by the application – a classic man-in-the-middle attack.  Because the certificates used by Superfish are signed by the CA installed by the software, the browser will not display any warnings that the traffic is being tampered with.  Since the private key can easily be recovered from the Superfish software, an attacker can generate a certificate for any website that will be trusted by a system with the Superfish software installed.  This means websites, such as banking and email, can be spoofed without a warning from the browser.

Although Lenovo has stated they have discontinued the practice of pre-installing Superfish VisualDiscovery, the systems that came with the software already installed will continue to be vulnerable until corrective actions have been taken.

To detect a system with Superfish installed, look for a HTTP GET request to:



Where [ACTION] is at least 1, 2, or 3.  1 and then 2 are sent when a computer is turned on. 3 is sent when a computer is turned off.

Superfish uses a vulnerable SSL decryption library by Komodia. Other applications that use the library may be similarly affected. Please refer to CERT Vulnerability Note VU#529496 for more details and updates.


A machine with Superfish VisualDiscovery installed will be vulnerable to SSL spoofing attacks without a warning from the browser.


Uninstall Superfish VisualDiscovery and associated root CA certificate

Users should uninstall Superfish Visual Discovery. Lenovo has provided a tool to uninstall Superfish and remove all associated certificates.

It is also necessary to remove affected root CA certificates. Simply uninstalling the software does not remove the certificate. Microsoft provides guidance on deleting and managing certificates in the Windows certificate store. In the case of Superfish Visual Discovery, the offending trusted root certification authority certificate is issued to “Superfish, Inc.”

Google Looks to Protect You from… Yourself

Google is looking to to protect Internet users from themselves. The company’s Chrome Web browser will now warn users before they visit sites that might encourage them to download programs or malware that could cripple their computers or otherwise interfere with their Web-browsing experience.


When users attempt to visit one of the questionable sites, they will see this warning in red letters: “The site ahead contains harmful programs.”

The warning, part of what Google is terming SafeBrowsing, informs users that attackers may attempt to trick them into installing programs that harm their browsing experiences by changing their homepages or showing extra ads on the sites they visit.

Google is suggesting that unsafe sites fall into two categories. One group consists of malware sites that contain code to install malicious software onto users’ computers. Hackers can use this malicious software to capture and transmit users’ private or sensitive information. The other category consists of phishing sites that pretend to be legitimate while trying to trick users into typing in their usernames and passwords or sharing other private information.

The new precautions also extend to Google search and ads. A Google search now incorporates signals that identify deceptive sites, and Google recently began disabling ads that lead to sites with unwanted software.

Google has had SafeBrowsing malware warnings in place for several years now, but it was only last November that it added automatic malware blocking. At that time, Google noted that if users see malicious file warnings on Web sites going forward, “you can click ‘Dismiss’ knowing that Chrome is working to keep you safe.”

These new protections apparently emerged as a result of last week’s discovery that new Lenovo PCs had shipped between September and December of 2014 with pre-installed adware known as Superfish, which uses a man-in-the-middle attack to insert ads into Web browsers.

YouTube Gets Kids Friendly

YouTube last week announced their first kid friendly service, YouTube Kids. The new service has launched today and is available on both Android and iOS devices.


YouTube Kids offers an experience designed specifically for younger video viewers. Included in the free app are several features such as a simple home screen with eight image tiles from popular children’s programs, different icons for finding TV show videos, music and educational shows and a voice-based search.

In the user interface below, you will notice that there are five large navigational icons at the top. When you tap on the TV icon, it will display the kid-friendly shows. Tapping on the radio icon will let users play music videos for popular kids songs and the light bulb icon is for educational programs. The binoculars icon indicates an “explore” feature, which contains the top featured videos. And the magnifying glass icon lets you search for all of the videos in YouTube Kids. Kids will be able to search for topics that range from animals to volcanoes. If a child writes a curse word in the search engine, then a message will pop up that says “Try something else.”

YouTube Kids

The app will also allow parents to set time limits on viewing, and will tell kids to “try something else” if they search for a more adult-theme term like “sex.” There’s also a tool for easy muting and unmuting.

YouTube was launched in 2005 and is now owned by Google. YouTube has had huge global success which can be seen by more than one billion users and even today continues to see rapid growth globally. YouTube is also something that people use on smartphones and tablets. As a matter of fact half of all YouTube videos are now viewed on mobile devices.

YouTube reports that they have spent months working to develop the new app for young viewers. The effort also involved bringing in third-party organizations like Common Sense Media, a child-focused review site to help parents navigate the often overwhelming landscape of TV, movies, video games and apps.

Office for Your Kids – for Free

How we all wish for free things. Oh an how I wish my boys (27 and 23) today were younger, perhaps in high school or heading into college today. Microsoft who already offers an amazing Office 365 for Home at $9.95 a month for an entire family with unlimited OneDrive storage is now actually offering Office for Students for free. Why did I have my boys so young?

Back in September 2014 Microsoft announced a program that let students at US schools see if they were eligible for a free Office 365 license. Students and teachers outside the US can now take advantage of the streamlined process as well.

Microsoft suggests that millions of students around the world now qualify for free Office subscriptions. Eligible students simply need a school email address in order to complete the sign up.

Interested students can check their eligibility on Microsoft’s Office 365 page. Teachers have their own page as well.

Although these students were technically already qualified for Office, they would have to go through a lengthy process with their schools to approve the subscription; the new process should make it much easier for students to sign up right away.

As before, students receive Word, Excel, PowerPoint, OneNote, Outlook, Access and Publisher with their subscriptions. They’ll also get 1 TB of OneDrive Storage and access to Office Online.

Here we have another example of services — good services — actually available for free.

Another 100GB Offer from OneDrive

When it comes to beating cloud storage rival DropBox, Microsoft is obviously practicing a two tiered strategy of working with the rival to improve cross-service integration, while at the same time looking to outpace it with aggressive promotions.

As the latest proof of this strategy demonstrates Microsoft is offering to boost usage of its cloud storage with a giveaway of 100 gigabytes of cloud storage to any user with a Dropbox account.  The promotion appears to apply to both new users and users with existing OneDrive accounts.  You can grab the extra storage go here.

With Windows 10 tightly integrating OneDrive into its core apps, including the new Music and Photos hubs, the cloud storage utility will play an increasingly important role.


1 2