U.S. consumers who buy a drone for fun will no longer have to register it with the FAA.
A Washington, D.C. court ruled Friday that the FAA drone registration rule violates the FAA Modernization and Reform Act, which Congress passed in 2012. Hobbyist John Taylor argued successfully that he should not have to register because the act states that the FAA “may not promulgate any rule or regulation regarding a model aircraft.”
Since December 2015, hobbyists with drones weighing between 0.55 pounds and 55 pounds have had to register their drones with the FAA. More than 550,000 operators have registered since then. The process can be completed online, and there is a $5 application fee.
The FAA said in a statement that it launched registration to ensure drones are operated safely and don’t pose security or privacy threats. The FAA also said it is considering its options and response.
The FAA now has two potential paths forward. The FAA can appeal to all of the judges on the U.S. Court of Appeals for the DC Circuit, which is called an en banc review. (The decision was made by a three-judge panel.)
The other path is appealing to Congress. The FAA is currently going through its regular reauthorization process this year. Congress could insert provisions that support or authorize registration for recreational drones.
The court’s decision was cheered by the Academy of Model Aeronautics, which has long objected to its members having to register their small aircrafts.
“Federal registration shouldn’t apply at such a low threshold that it includes toys,” Academy of Model Aeronautics president Rich Hanson said in a statement. “It also shouldn’t burden those who have operated harmoniously within our communities for decades, and who already comply with AMA’s registration system.”
Others in the industry think drone registration is a good policy because it promotes accountability and provides an opportunity for the FAA to educate pilots on the guidelines for safe operation. The ruling is not yet enforceable as the court gave the FAA 7 days to consider its legal options. At this point in time all we can do is wait for the final word.
The court’s decision does not impact registration for commercial drones.
Foreign and domestic media outlets as well as Facebook posts are reporting that photos of one’s fingers flashing either a “peace sign” or “victory sign” are so high resolution today that hackers are capturing them and using the images for identity theft.
This all started on January 9th when researchers at Japan’s National Institute of Infomatics raised alarm bells over the popular 2 fingered pose.
Fingerprint recognition technology is becoming widely available to verify identities, such as when logging on to smartphones, tablets, laptop computers and electronic door locks.
The proliferation of mobile devices with high-quality cameras and social media sites where photographs can be easily posted is raising the risk of personal information being leaked, reports said.
The NII researchers were able to copy fingerprints based on photos taken by a digital camera three metres (nine feet) away from the subject.
“Just by casually making a peace sign in front of a camera, fingerprints can become widely available,” NII researcher Isao Echizen told the Sankei Shimbun newspaper.
Fingerprint data can be recreated if fingerprints are in focus with strong lighting in a picture. Advanced technology was not necessary and anyone could easily copy fingerprints.
Now “whisper around the world” as media outlets caught this story which they embellished as they reported it with headlines such as the following:
How YOUR selfies are allowing crooks to steal your identity… by zooming in on your FINGERS
HD lenses mean thieves can replicate your fingerprints
Celebrities most at risk, but fraudsters could hack smartphones and workplaces.
Although the articles routinely referenced “identity theft” (commonly interpreted to mean unauthorized use of financial accounts and personal identification documents), they also described hypothetical situations in which a fingerprint passcodes could potentially be replicated. In those instances, the “hackers” would require both a rendering of the fingerprints and personal devices belonging to their targets (such as a smartphone or point of sale access) to do any damage.
No evidence has been presented to demonstrate that hackers are currently using photographs to duplicate fingerprints in order to commit crimes or steal identities. The professor quoted on the possibility works with a laboratory that is developing a technology to secure fingerprints, and noted that technology of any sort was not necessary to copy them, as people leave them on surfaces throughout the day.
While the possibility exists that devices could potentially be compromised in this manner, the exaggerated headlines made the threat sound more plausible and immediate than it really is.
In a stunning move, Microsoft on Monday announced its plan to buy professional social network LinkedIn for $26.2 billion in cash and debt, which, if successful, would make it Microsoft’s highest-valued acquisition in its 41-year history.
The deal has already been approved by the boards of directors of both companies and is expected to close by year’s end. Microsoft said LinkedIn will remain independent, with LinkedIn’s Jeff Weiner remaining as its CEO.
Besides Microsoft’s failed bid to acquire Yahoo for $44.6 billion back in 2008, the LinkedIn buy is three times the value of Microsoft’s acquisition of Skype in 2011, which had been Microsoft’s largest deal until now.
By acquiring LinkedIn for a 50 percent premium over its closing price on Friday, Microsoft CEO Satya Nadella is making his biggest move yet to grow his company’s business. Despite Microsoft making huge strides in reshaping itself for the post-PC era, investors and analysts have shown impatience with its pace of growth.
Microsoft’s decision to acquire LinkedIn also demonstrates that the company is looking to play in a market it has largely avoided so far. While Microsoft acquired social networking technology with Yammer and invested $240 million in Facebook in 2007, this deal marks the first time Microsoft will try to run a huge social network in a market dominated by Facebook and Twitter. LinkedIn boasts a roster of 433 million registered users, of which 105 million unique visitors access their accounts at least once a month.
The deal raises questions about what benefits adding a huge public social network will bring to Microsoft’s existing portfolio. In a 90-second video created by Microsoft, Nadella and Weiner gave brief statements on the rationale for the deal. Nadella said he has long contemplated acquiring LinkedIn, believing it fits in with Microsoft’s overall productivity-and-platforms focus.
“For sure, I am a deep believer in productivity tools and communication tools because that’s what empowers people to be able to be great at their job,” Nadella said in the video. “But think about taking that, and connecting it with the professional network and really having the entirety of what is your professional life be enhanced, more empowered, where you’re acquiring new skills and being more successful in your current job and finding a greater, bigger next job. That’s that vision. ”
Keeping an acquired company like LinkedIn independent is not unusual for Microsoft, at least at the outset of such deals. When Microsoft acquired Yammer, Skype and Nokia’s handset business — three of its largest acquisitions — similar structures were established initially, only for the companies to eventually become more integrated into the Microsoft corporate structure. That has had mixed results. Most of the core Yammer team is now gone and Microsoft has pared back most of the Nokia handset operations. Skype has been more successful so far and is evolving into a key component of Office 365.
Microsoft also appears to be betting that leveraging a large and established community of professional users will enable new opportunities. LinkedIn has had more than 45 billion quarterly member page views, which has grown 34 percent year over year. LinkedIn also hosts 7 million job listings, which has grown 101 percent over the past year, while 60 percent of its users access the service from mobile devices.
Initial reaction to the deal has been mostly surprise, with many speculating over the possibilities of Microsoft/LinkedIn offerings such as Office 365, SharePoint, Dynamics and Azure in some way. One key task for the “New” LinkedIn will be to find ways to engage with the many users who find the service has become a platform full of clutter and unwanted connection requests.
Microsoft’s World Domination Roadmap continues …….
Interesting thought…. FREE Wi-Fi from Facebook? There are over a BILLION people with Facebook accounts and Facebook wants to interact with all of them.
Would you check in on Facebook in exchange for free Wi-Fi at a hotel, restaurant, retailer or your Doctor’s office? That’s the pitch Facebook has cooked up to hook its social network into companies big and small.
Here’s potentially the next big security / privacy intrusion. Facebook wants businesses to provide FREE Wi-Fi to their customers as long as the customer checks in using their Facebook credentials.
When customers check in to use a business Wi-Fi, their friends can discover the business by seeing the check in on their news feed. After checking in, people will be asked if they also want to like the business page so you can continue to connect with them on Facebook
For Facebook, the Wi-Fi-with-check-in initiative is part of a broader plan to attack the local market by encouraging merchants to set up and maintain Pages on the social network. Participating merchants will get additional distribution with each check-in, receiving exposure that could help bring in more customers or inspire more “likes.” They’ll also benefit from aggregate, anonymous demographic data such as age, gender, and interests on customers who sign-in to Facebook Wi-Fi, and can then use that data for targeting purposes in whatever Facebook advertising campaigns they run.
In essence, Facebook, which is not profiting directly from any revenue share through the partnership, hopes to attract more merchants that go on to buy ads. The idea is also to become a formidable player in local search, an area where everyone from Google and Yahoo to Yelp and Foursquare are competing for attention and advertising dollars.
This would appear to be a good thing for business owners but what does the consumer get out of it? Not much beyond the Wi-Fi access except perhaps that it’s a real time report of where a person is at any moment in time.
A friend of ours recently “checked in via Facebook” to use the FREE Wi-Fi at a car dealer and didn’t realize how that information would be used. All of a sudden, he got a text message from another friend asking – “hey… are you looking for a new car?”
Let’s take this a bit further – how about your doctor or dentist office offering the same Facebook Wi-Fi access. (remember Facebook is trying to get EVERY business signed up for this) Now everyone you know on Facebook and their “friends” will know exactly where you are for the next hour or so. Does that thought scare you just a little? It’s like checking into a restaurant while traveling in another state – announcing to the Facebook world that you’re not home – so maybe it’s a good time to come by your house and rattle a door or window.
Whatever the reasoning behind Facebook Wi-Fi, there’s no question that millions of people will find the prospect of free Wi-Fi too good to pass up, which raises a number of privacy issues. What does it mean when you link your Facebook account to your browsing history, especially when merchant and social network would seemingly benefit from knowing more about you?
Social media is getting more intrusive each and every day. It’s up to you and me to protect our privacy and physical location when were out and about on our daily rounds. If a local business offers you FREE Wi-Fi just for logging in with your Facebook account – think twice about it. If you really need Wi-Fi access while you’re sitting in a waiting room somewhere, ask them for their guest access code
The U.S. Department of Homeland Security has issued a warning to remove Apple’s QuickTime for Windows. The alert came in response to Trend Micro’s report of two security flaws in the software, which will never be patched because Apple has ended support for QuickTime for Windows.
Computers running QuickTime are open to increased risk of malicious attack or data loss, US-CERT warned, and remote attackers could take control of a victim’s computer system. US-CERT is part of DHS’ National Cybersecurity and Communications Integration Center.
“We alerted DHS because we felt the situation was broad enough that people having unpatched vulnerabilities on their system needed to be made aware,” said Christopher Budd, global threat communication manager at Trend Micro. The only mitigation available is to uninstall QuickTime for Windows,” US-CERT’s alert said.
Instructions from Apple can be found here: https://support.apple.com/en-us/HT205771Apple has not discontinued security updates for QuickTime on Apple computer systems – just Windows based systems. It is not clear why Apple made the decision to end Windows support.
Zero Day Warning
Trend Micro’s Zero Day Initiative learned about the vulnerabilities from researcher Steven Seeley of Source Incite, who is named in the warning. ZDI then issued advisories detailing the critical vulnerabilities:
• The Apple QuickTime moov Atom Heap Corruption Remote Code Execution vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime. The problem first came to ZDI’s attention late last year. The number of users at risk is unknown at this time.
• The QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability allows an attacker to write data outside of an allocated heap buffer by providing an invalid index.
Software makers regularly retire applications, so it’s not unusual that QuickTime would be vulnerable. However, it was odd that Apple did not issue a public statement about ending its support for QuickTime for Windows and that the software was still available for download.
Increasing Software Vulnerability
QuickTime joins a growing list of software that is not supported any longer. That list includes Microsoft Windows XP and Oracle Java 6, which means users of those operating systems increasingly will be vulnerable to attack.
DHS didn’t have any comment to add to its alert, said spokesperson Scott McConnell, who referred questions to Apple. Apple did not respond to requests to comment for this story.
The warnings come amid recent reports about computer system vulnerabilities, including one issued just a few days ago about a vulnerability in Adobe’s Flash Player that could leave computers open to ransomware, which can lock up entire systems until an attacker is paid to release control.
When you’re on Facebook, do you ever get the feeling that you’re being watched? An ad pops up that’s right up your alley, or three new articles show up in your feed that are similar to something you’ve just recently clicked on.
Sometimes it seems like Facebook knows you personally, and that’s because it does. It has algorithms that track what you like, watch and click on. Facebook uses this information to target ads to users on behalf of its paid advertisers.
Facebook itself isn’t the only culprit. Tons of companies use Facebook’s platform as a way to track you. In fact, right now there a probably dozens of companies that are watching your posts, storing your profile information and more, without you even realizing it.
How did this happen in the first place? When Facebook first started out, people rushed to join because of the many perks that it offered. One of those perks, and probably the most appealing, was the fact that Facebook was entirely ad-free. You could use the service to connect with family and friends without being bothered by someone trying to sell you something.
Well, like they say, “All good things must come to an end.” Eventually, Facebook began selling ads like everyone else. And that’s when everything changed.
People realized that Facebook provided a treasure trove of information for advertisers. By clicking “like” users were telling companies exactly what they wanted — more of this, less of that. This led to the big data tracking we now see.
Three sneaky ways companies are tracking you: Most people understand that Facebook is tracking their preferences whenever they use the app. But, few realize they’re being tracked in other ways too. And, that’s what these third-party companies are banking on. If you don’t know you’re being tracked, then you won’t ask them to stop.
Here’s three things to watch out for.
1: Facebook apps: This is when you receive a request to play a Facebook game your friends are obsessed with, and you decide to sign up. If you’ve ever done this before, then you’ve allowed that app developer to track you. These third-party apps integrate with your Facebook profile and can ask Facebook for permission to pull various personal data, from your work history to timeline posts. And although you can edit what information they can access, very few people do.
2: Facebook logins: This is when you visit a site and it says “Log in with Facebook,” and you do, then you’re letting that company track you.
3: Friends’ apps monitoring you: Even if you didn’t download an app, your Facebook settings may allow apps your friends have installed to also see YOU. It’s pretty scary.
You might be wondering why this even matters, and how it really impacts you personally. The easiest way to answer those questions is to point out all of those big data breaches you hear about almost daily. Hackers rarely waste time on individuals these days. They’ve got much bigger fish to fry. Large retailers, for example – or the databases where these third-party companies store the information they’ve gathered. That’s why everyone should take these steps to protect their private information.
Some Options To Help Stop The Tracking Madness:
Review and edit installed apps: To see what apps you’ve installed over the years, open Facebook in your browser, click the down arrow in the upper right corner and select “Settings.” Then click on the “Apps” header in the left column.
To see what information an app is accessing, click the pencil icon next to any of the apps to see and edit the settings. The first setting lets you set who can see that you use the app. It defaults to “Only Me,” so it isn’t a big deal. Below it, however, is another story.
In the case of Skype, for example, it pulls your public profile information along with your list of friends, email address, birthday and hometown.
Remember that this information is being stored on a third-party server. Not every app developer is going to have Microsoft-level security, and hackers are good at turning tiny pieces of stolen information into big gains.
If you want to keep using the app, you can deselect certain items, such as your email address. Be aware that won’t remove the information from the app developer’s servers, however. If you change your email address in the future, however, the developer won’t get the new one.
Remove apps you don’t use: If you don’t want to use the app anymore, you can click the “Remove app” link at the bottom of the page. Just remember that this won’t automatically remove your information from the app developer’s servers. For that you’ll need to contact the app developer directly. Facebook has a link for more information on this under the “Remove info collected by the app” section in the app’s settings.
Turn off apps completely: If you’ve deleted all the apps, and you’re not keen on accidentally installing more in the future, you can turn off the app platform completely. Just note you won’t be able to install apps or log in to third-party sites using Facebook until you turn this back on.
To turn off the app platform, go back to the App Settings page. Under “Apps, Websites and Plugins,” click the “Edit” button. At first, this just looks like a way to disable app notifications and invites from other people, which is a big help on its own. However, you’ll want to click the “Disable Platform” link in the bottom left corner.
Facebook gives you their standard warning about what disabling the platform does. If you’re OK with it, click the “Disable Platform” button. Unfortunately, this won’t remove information that app developers might have collected about you already.
Stop logging into sites using Facebook: In the future, when you’re adding an app or logging into a website try to avoid logging in with your Facebook account. But, if you must use Facebook to log in, then look for the “Log in Anonymously” or “Guest” option so it won’t share your information.
Stop friends’ apps from seeing your info: Apps can still get your information through your friends. As your friends install apps, those apps can request permission to get info about you.
To put a stop to this, go back to the App Settings page. Then under “Apps Others Use” click the “Edit” button. You’ll see everything that your friends’ apps can see about you. Go through and uncheck every option listed on the page, and then click “Save.” Now companies can’t track new information about you.
It’s up to each of us to monitor and maintain what information we want shared with others. I’m sure you’ll be very surprised when you log in and check your Facebook app settings.
Do you own an older Kindle that’s been gathering dust? Get it updated before March 22 or you won’t be able to get online and download your books any more.
This is pretty much their final warning: If you have a Kindle, you need to update it before March 22 or it’s going to lose Internet connectivity.
That outcome would be very bad, because without the update you’ll no longer be able to access the Kindle Store or sync your device with the cloud, not to mention any other Kindle services you might be using. According to Amazon, the update is required to ensure the Kindle remains compliant with continuously evolving industry web standards.
You’ll know if your Kindle didn’t get updated in time because you’ll see the following message on your device: “Your Kindle is unable to connect at this time. Please make sure you are within wireless range and try again. If the problem persists, please restart your Kindle from the Menu in Settings and try again”
If you’ve been using your Kindle regularly then it’s most likely going to be fine. Kindles will update automatically via Wi-Fi, but if the device has been turned off or out of battery for a while, charge it up and make sure you Sync and Check for Items.
When the update has been applied you’ll find a confirmation letter called “03-2016 Successful Update” on your device. You can check for it by viewing all Recent items in your Kindle Library.
The following devices don’t need the update:
Kindle Paperwhite (6th and 7th generation)
Kindle 7th Generation
Kindle Voyage 7th Generation
If you’ve got one of the following, you do need the update:
Kindle 1st Generation (2007)
Kindle 2nd Generation (2009)
Kindle DX 2nd Generation (2009)
Kindle Keyboard 3rd Generation (2010)
Kindle 4th Generation (2011)
Kindle 5th Generation (2012)
Kindle Touch 4th Generation (2011)
Kindle Paperwhite 5th Generation (2012)
Amazon also points out that the Kindle Keyboard 3rd Generation, the Kindle Touch 4th Generation and the Kindle Paperwhite 5th Generation will only update via Wi-Fi, even if you have the 3G connection active.
If you do miss today’s deadline, you’ll need to manually download and install the required update. You can get more information on that process here.
Data Privacy Day – January 28, 2016
Data Privacy Day (DPD) is an effort to empower people to protect their privacy, control their digital footprint and escalate the protection of privacy and data as everyone’s priority. Held annually on January 28th, Data Privacy Day aims to increase awareness of privacy and data protection issues among consumers, organizations, and government officials. DPD helps industry, academia, and advocates to highlight consumer privacy efforts.
Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now a celebration for everyone, observed annually on Jan. 28.
Data Privacy Day is led by the National Cyber Security Alliance, a non-profit, public private partnership focused on cyber security education for all online citizens. StaySafeOnline.org has many resources to help you, your family and your business stay safe online.
Free Security Check-Ups Check your computer for known viruses, spyware, and discover if your computer is vulnerable to cyber attacks.
Check Your Privacy Settings One-stop shop for easy instructions to update your privacy settings wherever and however you go online.
Parent Resources Information regarding cyberbullying, child identity theft, Facebook for parents, social networking, etc.
Educator Resources Prepared educational materials for the classroom, K – 12th grades.
Business Resources Informational resources for businesses regarding bring your own device, information security, document destruction, compliance, data breach, and risk management. https://www.staysafeonline.org/data-privacy-day/business-resources
Privacy and Domestic Violence Resources for domestic violence survivors and victims to help safeguard the privacy of their personal information.
I received an email yesterday from John McAfee. Yup – he’s the guy that founded McAfee Antivirus, he’s the libertarian party candidate in the 2016 presidential election and he’s also promoting his new security technology device called Everykey!
Everykey is a brand new product designed to replace your passwords and keys. When Everykey is close to your phone, laptop, tablet, house door, car door, or another access-controlled device, it unlocks that device. When you walk away, that device locks back down. Everykey can also log you into your website accounts. If you lose your Everykey, you can remotely freeze it, so no one else can use it.
Using the EveryKey App, you pair your key to your devices, manage key settings such as the active range and even freeze your key if it is lost or stolen. The EveryKey app also pushes the latest over-the-air software updates to your key so you stay up to date with features and updated security standards.
There are currently 2 different device options.
A Wrist Band: This wearable accessory turns EveryKey into a sleek and stylish fashion statement. Just pop your key into the pocket on the back of the band and wear it wherever you go.
Key ring: One day, Everykey will replace all of your keys on that big bulky keychain. Until that day, you can use the Everykey Rey Ring Accessory as a convenient way to carry your keys.
Current pricing which includes 1 Key Ring Accessory and 1 charging cable for each EveryKey device purchased.
1 EveryKey – $128
2 Pack: $230
4 Pack: $435
10 Pack: $1,024
Expect the first EveryKey devices to ship in March of 2016
For additional information: https://everykey.com/
Get regular updates and additional information about Everykey here: https://www.indiegogo.com/projects/everykey-your-only-key#/updates
What toy should you put under the Christmas tree this year? If you were thinking about buying a smart toy for Christmas, the Vtech hack may cause you to re-think your decision.
For many parents the thought of their children’s personal data being stolen and made available online is the stuff of nightmares. So what exactly is a smart toy and should you be avoiding them in favor of a more traditional gift this year?
What happened to Vtech? Vtech’s tablets and other connected toys are all currently unable to access the app store. The Learning Lodge app store – which provides downloads of apps, games, music and books for toys made by VTech – had its database hacked on 14 November.
The personal information stolen, which was not encrypted, included the parent’s names, email addresses, passwords, secret questions and answers for password retrieval, IP addresses, postal addresses, download histories and children’s names, genders and birthdates. It has also been reported that photos, audio files and chat-logs were stolen – something that Vtech has not yet confirmed.
The numbers involved are huge – according to Vtech, 6.4 million children’s accounts were affected and it has now employed a security firm – Mandiant – to look at the damage and fix it. Until then, the app store will remain offline.
What’s the risk? If a toy is labeled “smart” then that probably means it’s connected to the internet in some manner, whether this be via an app, wi-fi or another method.
Security has not traditionally been an area of expertise for most toymakers so combining tech and toys could lead to problems.
Hello Barbie, another net-connected toy that can share conversations, games and stories with children, has also been subject to some scrutiny from security experts. Security researcher Matt Jakubowski discovered that conversations with children stored in the cloud can be accessed by others and that the toy can also be used as a surveillance device.
The risks of internet-enabled toys don’t end with security. Children confide in dolls and reveal intimate details about their lives, but Hello Barbie won’t keep those secrets. When Barbie’s belt buckle is held down, everything your child says is transmitted to cloud servers, where it will be stored and analyzed by ToyTalk, Mattel’s technology partner.
ToyTalk states that passwords are stored in a hardware-encrypted section of the doll and that no conversation history is stored on the toy. It also said that stored data is “never used for advertising purposes.
Do connected toys destroy imaginative play? Those days many children live large parts of their lives on the internet so it seems obvious that toymakers would want to tap into that cultural shift.
And many of the toys they make are attempting to bridge the gap between the real world and the digital one. Some critics point out that tech toys – like talking dolls and dinosaurs – may limit the imaginative play element that is part of more traditional toys.
What kind of limits will you be setting for your children this year?