If you don’t agree to the new Wii U EULA, Nintendo will kill-switch it (Cory Doctorow on BoingBoing, 18 Oct 2014) – When you bought your Wii U, it came with one set of terms-of-service; now they’ve changed, and if you don’t accept the changes, your Wii seizes up and won’t work. That’s not exactly what we think of when we hear the word “agreement.” Yet this is how Nintendo’s update to its end-user license agreement (EULA) for the Wii U works, as described by YouTube user “AMurder0fCrows” in this video. He didn’t like the terms of Nintendo’s updated EULA and refused to agree. He may have expected that, like users of the original Wii and other gaming consoles, he would have the option to refuse software or EULA updates and continue to use his device as he always had before. He might have to give up online access, or some new functionality, but that would be his choice. That’s a natural consumer expectation in the gaming context – but it didn’t apply this time. Instead, according to his video, the Wii U provides no option to decline the update, and blocks any attempt to access games or saved information by redirecting the user to the new EULA. The only way to regain the use of the device is to click “Agree.”

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/StuartMiles

Extracting audio from visual information (MIT News, 4 August 2014) – Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass. In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant. The researchers will present their findings in a paper at this year’s Siggraph, the premier computer graphics conference. Reconstructing audio from video requires that the frequency of the video samples – the number of frames of video captured per second – be higher than the frequency of the audio signal. In some of their experiments, the researchers used a high-speed camera that captured 2,000 to 6,000 frames per second. That’s much faster than the 60 frames per second possible with some smartphones, but well below the frame rates of the best commercial high-speed cameras, which can top 100,000 frames per second. In other experiments, however, they used an ordinary digital camera. Because of a quirk in the design of most cameras’ sensors, the researchers were able to infer information about high-frequency vibrations even from video recorded at a standard 60 frames per second. While this audio reconstruction wasn’t as faithful as it was with the high-speed camera, it may still be good enough to identify the gender of a speaker in a room; the number of speakers; and even, given accurate enough information about the acoustic properties of speakers’ voices, their identities. 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/zirconicusso.

Active malware operation let attackers sabotage US energy industry (ArsTechnica, 30 June 2014) – Researchers have uncovered a malware campaign that gave attackers the ability to sabotage the operations of energy grid owners, electricity generation firms, petroleum pipelines, and industrial equipment providers. Called Dragonfly, the hacking group managed to install one of two remote access trojans (RATs) on computers belonging to energy companies located in the US and at least six European countries, according to a research report published Monday by Symantec. One of the RATs, called Havex , was spread by hacking the websites of companies selling software used in industrial control systems (ICS) and waiting for companies in the energy and manufacturing industries to install booby-trapped versions of the legitimate apps. “This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems,” the Symantec report stated. “While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.” Dubbed Energetic Bear by other researchers, Dragonfly has been in operation since at least 2011. It initially targeted US and Canadian companies in the defense and aviation industries before shifting its focus to energy concerns. The group bears the hallmarks of a state-sponsored operation, mainly in its organization and high degree of technical sophistication. Its primary motive appears to be espionage, although additional capabilities suggest that sabotage is also of interest. Fingerprints left inside the malware show the attackers mostly worked Monday through Friday during a nine-hour period that corresponded to 9am to 6pm in Eastern Europe, leading Symantec researchers to theorize that was the region where the most Dragonfly members worked.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

The state of cyberinsurance (Bruce Schneier, 16 June 2014) – Good essay on the current state of cyberinsurance: So where does that leave the growing cyber insurance industry as it tries to figure out what losses it should cover and appropriate premiums and deductibles? One implication is that the industry faces much greater challenges than trying to quantify or cover intangible—and perhaps largely imaginary—losses to brands’ reputations. In light of the evidence that these losses may be fairly short-lived, that problem pales next to the challenges of determining what should be required of the insured under such policies. Insurers—just like the rest of us—don’t have a good handle on what security practices and controls are most effective, so they don’t know what to require of their customers. If I’m going to insure you against some type of risk, I want to know that you’re taking appropriate steps to prevent that risk yourself 00 installing smoke detectors or wearing your seat belt or locking your door. Insurers require these safety measures when they can because there’s a worry that you’ll be so reliant on the insurance coverage that you’ll stop taking those necessary precautions, a phenomenon known as moral hazard. Solving the moral hazard problem for cyberinsurance requires collecting better data than we currently have on what works –and what doesn’t—to prevent security breaches.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/Stuart Miles.

NLRB strikes down disclaimer language in social media policy (McLane, 19 May 2014) – An administrative law judge (“ALJ”) writing on behalf of the National Labor Relations Board (“NLRB”) reviewed the social media/on line communications policy of The Kroger Co. of Michigan, a retail grocery chain, in the context of an unfair labor practices complaint. In the decision issued on April 22, 2014, the ALJ ruled that portions of Kroger’s policy were unlawfully broad and in violation of Section 7 of the National Labor Relations Act. What was the offending language?: “ If you identify yourself as an associate of the Company and publish any work-related information online, you must use this disclaimer: “The postings on this site are my own and do not necessarily represent the postings, strategies or opinions of The Kroger Co. family of stores.” In striking down the disclaimer language the ALJ stated that “Given the breadth of online communications to which the rule applies, it would be extremely burdensome to have to post the disclaimer in each instance or on each new page, and this would have a reasonable tendency to chill Section 7 activity in this regard.” The Decision itself is worth the read in that it gives startling insight into the reasoning of at least this one ALJ.

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/nattavut.

Federal Election Commission says political action committees can accept payment via Bitcoins (Techdirt, 9 May 2014) – After some amount of hand-wringing, the Federal Election Commission has said thatpolitical action committees (PACs) may accept bitcoin donations , though they can’t then buy goods and services with those bitcoins. Furthermore, it has to convert the bitcoins to dollars before depositing them into its campaign accounts. In other words, its effectively allowing the use of bitcoin as a payment system, rather than as a currency. However, at the same time, it will allow campaigns to buy bitcoins as an investment vehicle. There’s also some confusion over what this all means. Rather than issuing a full ruling, the FEC released an “advisory opinion” based on a specific request from the Make Your Laws PAC, which specifically asked for the ability to accept bitcoin donations up to $100. What’s not clear is if the FEC is just agreeing to that level of donations or if it’s okaying larger donations as well.

Provided by MIRLN.

Image courtesy of techinasia.com/bitcoin-illegal-thailand/cdn.btcpedia.com.