New iOS Malware Compromises 225,000 Apple Accounts
A new family of malware being called KeyRaider has been used to compromise 225,000 Apple accounts, including private keys and purchase histories, along with other personal data and device control. Though it is a huge breach—“We believe this to be the largest known Apple account theft caused by malware,” researchers wrote—the malware is only effective on jailbroken iDevices. So if you haven’t monkeyed with your iOS, you’re probably safe.
Palo Alto Networks published research about the malware on Sunday in collaboration with WeipTech. The malware seems to be coming from third-party distributors in China who specialize in software for jailbroken devices. Researchers estimate that about 20,000 people are taking advantage of the 225,000 compromised Apple accounts, and that there are affected users in 18 countries.
Researcher Claud Xiao wrote:
The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying. Jailbreak tweaks are software packages that allow users to perform actions that aren’t typically possible on iOS. ... Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom.
Jailbreaking your iDevice comes with risks, because the software tweaks aren’t evaluated and protected by Apple. That doesn’t mean, though, that leaving your iPhone (or Apple Watch or whatever) intact is a guarantee that it will never have vulnerabilities. Stay educated about what you download, and keep installing software updates.
Future Tense Event: Come Watch District 9 With Francis Fukuyama In Washington, D.C.
The critically acclaimed 2009 film District 9 from South African director Neill Blomkamp takes the classic alien-invasion genre in a radically different direction. Like all of the best science fiction, the film tackles very real, very pressing social questions by imagining a possible future. The New York Times considered the film’s takeaway to be that the “only way to become fully human is to be completely alienated.”
What will Francis Fukuyama say about it? Fukuyama, a senior fellow at Stanford’s Freeman Spogli Institute and the author of The Origins of Political Order and The End of History and the Last Man, is hosting our next Future Tense “My Favorite Movie” night. The District 9 screening will be on Tuesday, Sept. 15, at 6:30 p.m. at Washington, D.C.’s Landmark E Street Cinema at 555 11th St. NW.
To attend, please RSVP to email@example.com with your name, email address, and any affiliation you’d like to share. You may RSVP for yourself and up to one guest, and please include your guest’s name in your response. Seating is limited.
Ashley Madison Claims 87,596 Totally Real Women Who Are Definitely Real Just Signed Up
It’s tempting to talk about Ashley Madison, the beleaguered, infidelity-oriented hook up site, in the past tense. How is one supposed to imagine a future for it in the wake of a hack that led to the public shaming of many of the site’s members and the resignation of its parent company’s CEO? Reporting its death is a perfectly reasonable trap, one that I fell into when writing about the site last week, as I described what its users “had” done, operating on the implicit assumption that they wouldn’t be doing it anymore. But if you believe Ashley Madison, I may have been a bit too hasty.
In a press release issued Monday morning, Avid Life Media—which owns and operates Ashley Madison, along with other platforms such as Cougar Life—struck back against critics who claimed that the site’s best days were behind it. “Recent media reports predicting the imminent demise of Ashley Madison are greatly exaggerated,” the statement begins. In particular, it's defensive about the claim that there were hardly any women using the site.
Last week, Gizmodo’s Annalee Newitz analyzed data from the hack, and her results indicated that only 1,492 of its supposedly millions of female members had ever checked their messages on the site, suggesting an engagement rate of something like 0.03 percent. In her subsequent reporting, Newitz suggested that the vast majority of the women that men were interacting with on the site were bots.
If those numbers turned you off, never fear: In its recent press release, Ashley Madison claims that 87,596 totally real women who are definitely real have signed up in the “past week alone.” In its specificity, this number is clearly meant to carry the weight of authority and truth. And there’s no reason to doubt that it’s a real figure. Given the amount of publicity the site has received, it’s entirely possible that some new users created accounts, whether out of curiosity, intent to troll, or even real desire. Of course, if existing engagement ratios hold, only 26 of those definitely real women are ever going to take a gander at what other users write to them.
Surely that's why Ashley Madison also pushes back against the idea that the site was a barren wasteland of disappointed desire. Without naming Newitz, it suggests that her analysis was flawed, asserting that she based it on “incorrect assumptions about the meaning of fields contained in the leaked data.” Claiming that women sent “more than 2.8 million messages within our platform” in the last week, the site’s press office goes on to assert that the ratio of active male accounts to active female accounts—accounts which were, presumably, operated by entirely real “people,” though the press release isn’t clear on this point—was 1.2 to 1.
Apparently there were actual women on Ashley Madison, women who really were using the site for its intended purpose. In 2013, GQ spoke to a handful of them, and there may be many more of them out there. A more telling—if accidental—data point, however, may be the company’s claim in its recent press release that the site remains “the number one service for people seeking discrete relationships.” While the company normally describes its services as discreet, which means “on the sly,” discrete refers to something that stands entirely alone. If anything stands alone on Ashley Madison, it must be those relationships, most of which are likely still playing out only in the individual imaginations of its members.
Study Shows Software Can Predict Psychosis Better Than Psychiatrists
Mental health issues manifest in a number of ways, and they're not all behavioral. Increasingly, scientists are using speech analysis software to detect subtle changes in voice acoustics and patterns to detect or even predict potentially problematic conditions.
A study published Wednesday in NPG-Schizophrenia by researchers at Columbia University Medical Center, the New York State Psychiatric Institute, and IBM's T. J. Watson Research Center found that digital speech analysis correctly predicted whether 34 youths at risk for mental illness (11 female, 23 male) would develop psychosis within 2.5 years. The system, which evaluated the study participants quarterly, correctly predicted all of their outcomes; five became psychotic.
The algorithm evaluated transcripts for predictive "semantic and syntactic features" like coherence and phrase length. "These speech features predicted later psychosis development with 100% accuracy, outperforming classification from clinical interviews," the researchers wrote.
Clinicians are able to accurately categorize patients as "at risk," but within that subpopulation it is difficult to determine who will actually experience psychosis and potentially develop schizophrenia. If voice recognition software can help identify these individuals, they may be able to receive more effective care. "Computerized analysis of complex human behaviors such as speech may present an opportunity to move psychiatry beyond reliance on self-report and clinical observation toward more objective measures of health and illness in the individual patient," the researchers wrote.
Guillermo Cecchi, one of the investigators from IBM Research, told the Atlantic, "What this means is that over 45 minutes of interviewing, these young people had at least one occasion of a jarring disruption in meaning from one sentence to the next. As an interviewer, if my mind wandered briefly, I might miss it. But a computer would pick it up.”
Appeals Court Reverses Injunction on NSA Bulk Phone Record Collection
On Friday, a Washington, D.C., appeals court reversed a lower court's decision that the National Security Agency couldn't conduct bulk phone-record collection. The panel of three judges said that plaintiff Larry Klayman (a conservative activist) hadn't proved that his personal phone calls had been collected by the NSA's wide-cast net and therefore lacked standing. But privacy advocates don't need to panic.
Congress decided to shut down NSA bulk data-collection programs on June 1 but allowed for a transition period during which the NSA can do ongoing surveillance. As the Washington Post points out, the appeals court's decision does not speak to the question of what surveillance is constitutional, or the legality of what the NSA previously did. The only appeals court that has weighed in on that is the 2nd U.S. Circuit Court of Appeals in New York in a ruling from May. That court said that NSA bulk collection was not in keeping with the Patriot Act and was "unwarranted."
This new ruling from the D.C. appeals court doesn't affect that other decision. The Guardian explains, "The ruling reversed an injunction from a lower court on the phone records surveillance program—but only in a technical sense, as the injunction never actually went into force."
Klayman says he will add other plaintiffs whose data was collected to the complaint so it can move forward again. He told the Guardian, "It’s outrageous this court would allow the constitutional rights of Americans to be trampled upon."
Even beyond these legal battles, privacy advocates are also concerned about how much surveillance the NSA and other government intelligence bodies can still do using the existing troves of data, malware campaigns, and overseas channels they have access to.
Instagram Will No Longer Limit You to Square Photos. Too Bad.
Instagram has decreed an end to the tyranny of the square, a longstanding policy that restricted users to posting photos with sides of even length. The company announced the end of its reign with some wistfulness. “Square always has been and will be part of who we are,” it tweeted. And yet freedom marches on, toward the manifest destiny of portrait and landscape formats.
To what end? The landscape format will be more accommodating to certain Instagram genres, like photos of friends posing arm-in-arm, against the backdrop of some fun locale. But at a time when technology has freed us from almost all boundaries of what content we can record and publish and when, there is something to be said for restrictions. Twitter’s 140-character limit is one example. Vine’s six-second rule is another. Like Haiku or iambic pentameter, these limitations create economies that force authors to consider what each word or image is worth.
If you're making art, restrictions can be helpful. Brian Eno, the British music producer and artist, uses them to fight the chaos of choice. “In modern recording one of the biggest problems is that you're in a world of endless possibilities,” he told the Telegraph in 2009. “So I try to close down possibilities early on. I limit choices. I confine people to a small area of maneuver.”
The square confines Instagram users to a small area of maneuver. It forces us to consider what details are essential, and which can be cropped out. It spares us from indulgence of the landscape and the false promise of the panorama.
But Instagram, which is owned by Facebook, is in the business of accommodating its users, not challenging them. One of the problems with the square, the company explained in its announcement, is that “you can’t capture the Golden Gate Bridge from end to end.” This example speaks to the needs of a certain kind of Instagram user who enjoys planting his flag on settled territory. Like an iPhone videographer at a Taylor Swift concert, the guy Instagramming the Golden Gate Bridge is not creating a rare or essential document, only proof that he saw it with his own eyes.
And why did he bother doing that, anyway? Clearly, because photographs cannot really capture the scope of the Golden Gate Bridge, or St. Peter’s Basilica, or the view from your car window as you drive up the Pacific Coast Highway. The impulse to capture these moments on camera is shaded by the knowledge that the moment, in all its immediacy, is too large to fit in a frame of any size.
This is not to discount the medium altogether. Instagram photos, like memoirs, give us a good way to preserve and share moments from our lives. They allow us to retouch and stylize those moments to reflect how they felt, or how we want them to feel in retrospect. A couple of new framing options will not fundamentally change that.
Still, photos are not moments, and the square, in its inadequacy, forces us to acknowledge the distinction. It helps remind us that the feeling of standing at a vista with the breeze in your face and salt on your tongue and looking out at orange steel draped over nearly two miles of causeway cannot be boxed and shipped. Broadening the lens only adds dimensions to an illusion.
1 Billion People Visited Facebook on Monday
Zuckerberg wrote, "Our community stands for giving every person a voice, for promoting understanding and for including everyone in the opportunities of our modern world," and Cox noted, "I couldn’t be more excited about connecting the next billion." Their comments are in line with Facebook's ongoing, but controversial, effort to bring Web connectivity to everyone through its Internet.org initiative.
Facebook hit 1 billion monthly active users in October 2012, but it has taken until now for 1 billion people to visit the site in one day. As of June 30, the service has 1.49 billion monthly active users.
It would be pretty surreal to be able to say that you invented something that was used by "1 in 7 people on Earth" in a single day. There weren't even 1 billion cars in the world until 2010.
Hurricane Forecasts Have Become Much, Much Better Since Katrina
With a potentially strong hurricane bearing down on the United States the same week as Hurricane Katrina’s 10-year anniversary, it feels like a good time to take a step back and think about what’s different now.
As far as meteorology is concerned, Katrina may as well have been a century ago.
After the disastrous 2005 hurricane season, the National Oceanic and Atmospheric Administration began to plan for a crash course in greatly boosting the accuracy of hurricane forecasts. The Bush administration approved the Hurricane Forecast Improvement Project in 2008, and it has since exceeded even its own lofty goals.
In a statement Wednesday, NOAA said: “Since the 2005 hurricane season, NOAA has launched 5 new satellites, deployed new coastal observing systems and made major breakthroughs in oceanic and atmospheric research, all of which has resulted in a remarkable *40% reduction* in the margin of error of a hurricane’s expected track.”
Seen graphically, the result is stunning:
The cone from Katrina vs what the cone would look like for Katrina in 2015--big improvement in track skill in 10 yrs pic.twitter.com/mcSfDZfqw9— Eric Blake (@EricBlake12) March 27, 2015
In a tweet earlier this year, Eric Blake, a hurricane specialist at the National Hurricane Center, called the stunning improvement in hurricane track forecast accuracy over the last decade “one of the most incredible success stories of our lifetimes.” Five-day forecasts today are just as accurate, on average, as three-day forecasts were the year of Katrina. That means two extra days for people in the path to prepare.
Forecasting hurricane strength days in advance has historically proven more challenging than track forecasting, but there’s been vast recent improvement there, too. The U.S. flagship high-resolution hurricane model, the Hurricane Weather Research and Forecasting Model, has improved its accuracy at a rate of 10 to 15 percent per year since 2011.
Earlier this year, HFIP fell victim to its own stunning success, and the budget took a big cut. But the program should still be able to benefit from a massive new NOAA investment in faster supercomputers.
You’d be forgiven if you haven’t noticed much benefit from the vastly improved hurricane forecasts. That’s mostly because, with the possible exception of Hurricane Sandy, there’ve been (thankfully) very few high-profile opportunities to test new forecast systems in the last 10 years. The U.S. is in the midst of a record-breaking drought of hurricane landfalls with winds of 111 mph or higher—“major” hurricanes. We’ve grown complacent, and sooner or later, our luck will run out.
I can guess what will happen then: There’ll be an ominous forecast cone, worryingly camped over a major coastal city for a few days. Officials may wait until the day before to order mandatory evacuations, and many locals might choose to stay. After the stormwaters recede, the damage will be measured in the tens of billions. People on the evening news will say, “We never saw it coming.”
Just this week, on Twitter and in weather message boards, I’ve noticed Floridians confidently quip something like: “If we’re in the cone at five days, I know I can breathe easy. We never get hit when the storm is pointed at us that far out.” NOAA, to its credit, is gently challenging that narrative this month.
Still, at this point, there’s reason to believe that better forecasting isn’t the most important thing in minimizing American losses to hurricanes. Providing two or three extra days of warning may not mean much for low-income families whose evacuation options are limited, as Katrina painfully showed. In a recent op-ed, Peter Neilley, the scientist in charge of forecasting operations at the Weather Channel, said that when preparing for the next major hurricane, psychology is now as important as meteorology. In Katrina, “there was a gap between the perceived accuracy of the forecast and the real accuracy,” Neilley wrote. “Society’s perspective on forecast accuracy lagged behind the true gains that our science had made up until that point.”
The same is true now. Even with perfect forecasts, society can never be perfectly prepared for extreme weather. Only when meteorologists and emergency managers place the “why” of improving forecasts above the “how” will society truly benefit. This is a lesson that the meteorological community is still struggling to learn. That’s why after Katrina, after the horrible tornadoes of 2011, after Hurricane Sandy, we all asked, “How could this happen?” At some point, improving society requires a re-think of why people become vulnerable in the first place, and then taking action to ensure those vulnerabilities are addressed. Better weather forecasts help, but what we need is a better society that prevents those vulnerabilities from reaching potentially disastrous levels in the first place. Many meteorologists are already thinking this way, but we’ll need a whole lot more before we can say we’ve made progress since Katrina.
North Dakota Police Drones Can Be Weaponized If They’re Not Lethal. Wait, What?
A bill passed by North Dakota's legislative assembly that was meant to require warrants for drone searches evolved into something entirely different, thanks to an amendment from a lobbyist.
The Daily Beast reports that House Bill 1328, sponsored by Rep. Rick Becker, R-Bismarck, aimed to forbid all weapons on police drones. But Bruce Burkett from the North Dakota Peace Officer’s Association amended the bill to prohibit only lethal weapons, leaving the door open for “less than lethal” weapons like Tasers, pepper spray, and rubber bullets. (Let's not even get into the fact that “less than lethal” weapons actually have killed people.)
As the Verge points out, North Dakota is one of six Federal Aviation Administration pilot programs for trying out commercial drone use in civilian airspace, and drones are allowed to fly at up to 1,200 feet in the state instead of the usual 400-foot limit.
Becker told the Daily Beast of the amendment, “This is one I’m not in full agreement with. I wish it was any weapon. ... In my opinion there should be a nice, red line: Drones should not be weaponized. Period.”
Report: A Lot of People Don’t Bother Using Fancy Car Tech
Cars are supposed to be able to do basically anything these days. They listen to you and try to answer your questions, they know all your favorite music, they self-park. Soon they'll be doing all the driving for us. But the 2015 Driver Interactive Vehicle Experience Report from J.D. Power shows something unexpected: A lot of people don't seem to care about any of this.
The Los Angeles Times notes that 43 percent of people surveyed don't use their cars' voice recognition to call up things like GPS directions. Thirty-five percent never tried automatic parking, 32 percent avoided apps like Yelp, and 20 percent didn't even use half of the tech features in their cars. (The survey asked about 33 tech features that seemed to be available in all respondents’ cars.)
The report polled 4,200 people between April and June who had bought or leased cars no more than three months before taking the survey. Research indicates that people are unlikely to explore car features and start using new ones after the first three months of owning a car, Reuters reports.
It seems that most people, especially those in the 21- to 38-year-old range simply used their smartphones instead of attempting to engage with their cars' tech features. For all ages the lack of engagement seemed to be a combination of active avoidance and not knowing all of the things the cars could do.
Kristin Kolodge, the executive director of driver interaction at J.D. Power, told Reuters, "Customers say, 'I have a competing technology that's easier to use, or I've already paid for it—so why do I need it again?' ... Is it really making it easier? That's where some of the value is being challenged." She noted in a statement that the tech features people seem to like the most are more related to actual driving mechanics—things like maintenance diagnostics, cruise control, and blind spot monitoring—than entertainment or connectivity.
Though these results could have implications for the (supposed) impending rise of self-driving cars, it also could play out that people have more time to figure out all the features in their cars when they're not actually driving them. And when people are already so practiced on their smartphones, it's hard to see how plugging in some directions at a red light is more difficult than trying to get the voice of your car's "personal assistant" to stop blasting out of the speakers about alternate route options and Top 40.