ADB signs new US$50m loan for Timor-Leste roads plan

Asian Development Bank resident representative Shane Rosenthal and deputy director general
of the Pacific department Noriko Ogawa at the media conference in the new
Resident Mission in Timor-Leste. Photo: David Robie/PMC

 THE ASIAN Development Bank has signed a US million loan with the Timor-Leste government in the latest segment of the Asia-Pacific nation’s road upgrade programme.

Café Pacific – David Robie | Media freedom and transparency

Trudeau opposes mandatory minimums

Liberal leader Justin Trudeau opposes mandatory minimum sentences, even for pedophiles.

This report aired on The Source November 20 2013.

Ezra Levant

The second operating system hiding in every mobile phone

OS News has an interesting article: The second operating system hiding in every mobile phone

It discusses the security implications of the fact that all cell phones run two operating systems. One is the OS that you see and interact with: Android, iOS, Windows Phone, BlackBerry, etc. The other is the OS running on the baseband processor. It is responsible for everything to do with the radios in the phone, and is designed to handle all the real time processing requirements.

The baseband processor OS is generally proprietary, provided by the maker of the baseband chip, and generally not exposed to any scrutiny or review. It also contains a huge amount of historical cruft. For example, it responds to the old Hays AT command set. That was used with old modems to control dialing, answering the phone, and setting up the speed, and other parameters required to get the devices to handshake.

It turns out that if you can feed these commands to many baseband processors, you can tell them to automatically and silently answer the phone, allowing an attacker to listen in on you.

Unfortunately the security model of these things is ancient and badly broken. Cell towers are assumed to be secure, and any commands from them are trusted and executed. As we saw at Def Con in 2010, it is possible for attackers to spoof those towers.

The baseband processor, and its OS, is generally superior to the visible OS on the phone. That means that the visible OS can’t do much to secure the phone against these vulnerabilities.

There is not much you can do about this as an end user, but I thought you should know. :)

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook and Google+.

The Privacy Blog

How to Save Money by Crocheting

With the price of yarn these days it is almost hard to imagine that one could actually save money with crocheting. But it is true, crocheting can help to save a lot of money. Ah but crochet takes time, and time is money; which means by the time I factor in all the time it’ll […]

ONE MINUTE BLOG

The paradox of irresponsible responsibility

This article got me thinking: People’s ignorance of online privacy puts employers at risk – Network World

There is an interesting paradox for security folks. On the one hand, almost two thirds of people feel that security is a matter of personal responsibility. On the other hand, few are actually doing very much to protect themselves.

In the workplace we see this manifest in the BYOD (bring your own device) trend. Workers want to use their own phones, tablets, and often laptops. Because it is their personal device, they don’t think the company has any business telling them how to secure it, or what they can or can’t do with it. Yet they want to be able to work with the company’s documents and intellectual property, and access company sensitive networks from that device.

When that trend intersects with the poor real-world security practiced by most people, the security perimeter of businesses just got both larger and weaker.

Realistically, it is too much to expect that users will be able to fully secure their devices, or that security professionals will be able to do it for them. The productivity impact of locking users out of the devices they use (whether BYOD or company provided) is often too high, especially in the case of technical workers. Spear Phishing attacks eventually penetrate a very high fraction of targets, even against very sophisticated users. How then can we expect average, or below average, users to catch them, and catch them all.

Increasing use of sandboxing and virtualization is allowing a change in the security model. Rather than assuming the user will detect attacks, the attack is encapsulated in a very small environment where it can do little or no damage, and from which it is quickly eliminated and prevented from spreading. The trick will be to get people to actually use these tools on their own devices.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook and Google+.

The Privacy Blog

Update: States Settle with Google Over Safari Privacy Case

To recap: In February 2012, the Wall Street Journal reported on new research by Stanford researcher Jonathan Mayer that shows four companies seek to circumvent consumers’ privacy settings in Apple’s browser, Safari. The four companies are: Google, Vibrant Media, Media Innovation Group and PointRoll. Google said the circumvention was a mistake and it has disabled the code, but there was (pdf) public criticism, including a [...]
Privacy Lives

Typhoon Haiyan – being a hero for each other

The devastation in the wake of Typhoon Haiyan on Iloilo in the Philippines.
Photo: SBS/AFP

Reflections by Joan Cybil Yao

I NEED to tell you: Typhoon Haiyan was worse than any of us could ever have imagined. The Philippines receives 20+ typhoons every year – floods, landslides and partly-blown off roofs are par for the course.

Believe me when I say we have never before seen the likes of
Café Pacific – David Robie | Media freedom and transparency

Change economic direction or face ‘bleak’ future warning for Timor-Leste

The La’o Hamutuk logo sign outside the development advocacy group’s office
in Bebora in the Timor-Leste capital of Dili. Photo: David Robie

THE INDEPENDENT Timor-Leste development advocacy group
La’o Hamutuk has called for an urgent review of national budget planning
priorities for next year or the country will face a “bleak” future.

The Asia-Pacific nation’s oil and gas revenues are
Café Pacific – David Robie | Media freedom and transparency

LEVANT: Trudeau two-step

ez jt.jpg

Last Wednesday, Justin Trudeau gave a speech to an Aboriginal school in Manitoba.

There are a lot of things a political leader could say to Indian children in Canada — and coming from someone with the celebrity cachet of Trudeau, it could serve as an inspiration.

The importance of staying in school; stories of successful Aboriginal role models who have made a difference in Canadian political life. Maybe a personal anecdote of overcoming adversity, though coming from a rich, trust-fund kid like Trudeau, that might be a bit tough to swallow.

Still, you’d think Trudeau would have his cliches down pat, given the dozens of school speeches he’s given. Until last year, he charged schools ,000 a pop for the honour of hearing him — an elected MP — speak.

But this time Trudeau chose a different message. He told these Indian kids — on a reserve with chronic issues of drug and alcohol addiction — that he wants to legalize marijuana. A local reporter declared that line received “big applause.” From the students.

Not so much from drug addiction counsellors. Or teachers. Or parents. Or really anyone who lives at the Sioux Valley First Nation 365 days a year, not just a celebrity who breezes through for a few hours with his entourage.

Trudeau has styled himself as a youth role model, who is all about being cool. And he uses that form of peer pressure to tell school kids pot shouldn’t be illegal.

It’s terrible judgment. And it’s downright bizarre, given the lifelong struggle his own mother, Margaret Trudeau, has had with marijuana.

She told the Vancouver Sun that using pot pushed her into mental illness. “Marijuana can trigger psychosis,” she said. “Every time I was hospitalized it was preceded by heavy use of marijuana. I miss it. It is a daily struggle. If it’s around, I just don’t stay around.”

And now comes Margaret’s son, winning cheers from children at risk, with his plans for pot.

This wasn’t a gaffe. A gaffe implies a mistake. This wasn’t a mistake.

Trudeau just won’t shut up about pot. He brings it up constantly; and when others bring it up, he dives in deeply — even if he’s in front of children. He laughs off his own use of pot — once saying his coffee habits are more scandalous.

But of course, this is just the first half of any Trudeau story — the blunder. The second half is the Media Party cover-up.

Not a lot of media reported on Trudeau’s pot comments. That’s the first line of defence the Media Party runs for Trudeau — simply ignoring his mistakes, like most did when Trudeau told some Toronto society ladies he admires China’s “basic dictatorship.”

But Justice Minister Peter MacKay made a public statement about Trudeau’s pot campaign.

“To discuss this subject matter in front of children, some of them pre-teens, about his proposal to legalize marijuana, I find just appalling,” he said.

So the story couldn’t be ignored anymore. So it had to be spun.

Enter the Canadian Press, a national newswire service with a track record of covering for Trudeau. It wrote about the story.

What do you think their headline was? Maybe, “Trudeau promotes pot at school, MacKay criticizes?” Or, “MacKay and Trudeau spar over pot?” No. Here’s the actual headline that appeared in media across Canada: “MacKay Spouts Off as Justice Ministers Meet.”

Here’s the first sentence in the story: “Lack of legal aid, overcrowded courts and victims rights are all serious issues facing Canada’s justice system, but Justice Minister Peter MacKay upstaged those troubles Thursday with a tirade against Liberal Leader Justin Trudeau.”

No mention of pot in the headline or first sentence. No mention of minor children in an at-risk community.

And Trudeau isn’t the instigator — he’s the victim of MacKay’s “tirade.” MacKay shouldn’t even be talking about this. Not when there are “serious issues” he should be talking about instead.

It’s the Trudeau Two-Step. Trudeau blunders and the Media Party covers for him. You’ll see it a lot in the next two years.

This column was written for Sun News November 17 2013.

Ezra Levant

Markey, Barton, Kirk, Rush Introduce ‘Do Not Track Kids’ Act

Senators Ed Markey (D-Mass.), Joe Barton (R-Tex.), Mark Kirk (R-Ill.) and Bobby Rush (D-Ill.) have introduced the Do Not Track Kids Act of 2013, a bill to protect the privacy of children, in both the House and Senate. (The bill is here (pdf) and a summary is here (pdf).) Here’s more from the press release: [...]
Privacy Lives