Paul Thurrott’s Short Takes: February 20, 2015

Posted on February 20, 2015 by Paul Thurrott in Security with 0 Comments

Poorly imitated but never duplicated, this week’s other news includes Lenovo’s about-face on Superfish, an NSA and GCHQ hack of SIM cards, AT&T jump the shark moment, a confirmation that, yes, North Korea did hack Sony, Microsoft reneges on promise of Finland data center, and Microsoft partners with Mozilla on web games.

“Microsoft Has Suddenly Gotten Serious With Mobile”

Actually, that happened over a year ago. Please wake up.

Lenovo wakes up, disables Superfish adware

You may recall this week’s news about Lenovo bundling malware on its consumer PCs. Well, you won’t be surprised to discover that the world’s biggest PC company has quickly seen the light and has now stopped bundling this software—called Superfish—on new PCs. And it is actively working to disable Superfish on the estimated 100+ million PCs out there that are already infected. Lenovo continues to insist, however, that Superfish isn’t dangerous. “We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns,” a Lenovo statement reads. “But user feedback was not positive” so it is halting its use of Superfish. I find this stance to be dangerous, frankly: Superfish is in fact known to be malicious and could lead to what one security researcher calls “realtime arbitrary eavesdropping.” Whatever. Let’s just celebrate the fact that Lenovo did wake up. And that it never ruined its ThinkPad laptops with this crap.

“Google Launching YouTube for Kids”

Once again, Google steals a play from the drug-dealer’s handbook: Get ’em hooked while they’re young

NSA and GCHQ hacked into smart phone SIMs

With the Lenovo fiasco behind us, we can now turn our attention to the next bit of security bad news: The NSA and the GCHQ (NSA’s UK-based counterpart, the Government Communications Headquarters) hacked into the world’s biggest SIM card manufacturer, according to a newly released Snowden leak, in order to gain access to the SIM cards’ encryption keys so that it could then intercept communications conducted over all four major US wireless carriers and many international carriers as well. Yep. When it rains, it pours: With over 2 billion SIMs produced per year, it also an almost certainty that this firm made the SIM card in your phone.

“What an Apple Car Would Need to Compete With Tesla”

A battery?


AT&T will charge you more if you don’t share your data for personalized advertising

OK, the Lenovo thing was terrible. And the NSA hacking into SIM cards is unconscionable. But surely that’s all the bad news this week, right? Right?! Nope. AT&T is rolling out an ultrafast fiber optic network and that speed comes with some, um, compromises: If you don’t agree to share your personal data with AT&T so that it can generate better personalized advertising, you’ll actually pay more for the service. Like Lenovo before it—the NSA has no soul, so it cannot feel bad—AT&T says it’s doing nothing wrong. “Customer have a clear choice,” an AT&T representative said, noting that “the vast majority of them have elected to opt in to the ad-supported model.” Which makes sense, since opting out costs an additional $30 every single month. And someone said money couldn’t buy you love.

“DOLE has a wearable banana you can eat”

Sometimes, there are no words.

NSA: Yes, North Korea hacked Sony

In the wake of the Sony hack late last year, security researchers got their panties in a wad when the US government told them it couldn’t publicly disclose how it knew that North Korea was behind the attack. So much so that some actually started conspiracy theories—admittedly always hilarious—offering up alternate theories about who or what “really” hacked Sony. But now, after careful examination of what happened, the NSA reveals that … yes, North Korea hacked Sony. “We ultimately ended up generating the signatures to recognize the activity … used against Sony,” SA Director Admiral Michael Rogers said this week. “From the time the malware left North Korea to the time it got to Sony’s headquarters in California, it crossed four different commanders’ lines or areas in the U.S. construct.” So while it’s nice to see the US government sticking to its original story, have no fears: the North Koreans are doing the same. “This is groundless slander,” a North Korea statement reads in its loquacious perfection.

“Why Microsoft Office isn’t the right tool for every task”

It’s terrible at video games, for example.

Microsoft’s promised Finland data center never materialized

When Microsoft announced that intended to purchase Nokia’s devices and services businesses a few years back, I was curious how this deal would pass muster with Finland’s protective government. But now we have an inkling about why the emasculation of Finnish institution Nokia was allowed to happen: Microsoft promised to build a $250 million data center in Finland, helping bring jobs and economic prosperity to a country that was about to take a big hit. But as ZDNet points out this week, that data center has never materialized. And Finland is upset, or as upset as Finland can get. Well, at least Finland doesn’t rely on Russia for energy. Oops.


“Does the death of Windows RT cast a shadow on Windows 10?”         

If it does, it’s a tiny, feeble shadow that no one even notices.

Microsoft partners with Mozilla on web games

Yes, I know the phrase “Microsoft partners with Mozilla” seems semi-impossible, but let’s face it, both companies have much bigger issues these days than each other. More important, with Microsoft no longer steadfastly refusing to bring in outside web tech, the software giant can now actually do the right thing. And when it comes to graphically-intense web-based games, nothing beats Mozilla’s asm.js technology. So what the heck, it’s a new day. And this week, Microsoft announced that it would build support for asm.js into its Chakra JavaScript engine in Internet Explorer and Project Spartan in Windows 10. “Asm.js is a clear step towards enabling near-native performance for the Web platform, which is why we’re excited to bring it to Chakra in an upcoming release,” a Microsoft statement notes as if that makes plenty of sense. (Which, actually, it does.) “We’ve also been working closely with folks from the Firefox team who are working on asm.js, to learn from and partner with them to bring asm.js to the Chakra JavaScript engine.”

“Mr. Modem: What’s the deal with Windows 8?”
A better question: what’s a “modem”?


Tagged with