Profile

Cover photo
Sean Gallagher
Attended University of Wisconsin, Madison
11,769 followers|779,521 views
AboutPostsPhotosYouTube+1's

Stream

Sean Gallagher

Shared publicly  - 
 
Latest patch fixed one test case, but more vulnerabilities remain, say experts.
1
Add a comment...

Sean Gallagher

Shared publicly  - 
1
Add a comment...

Sean Gallagher

Shared publicly  - 
 
No crew. A tenth of a captain. Broadband remote control. This is the future of oceanic cargo.
MUNIN Project seeks to set robotic cargo ships loose on the oceans.
1
3
Dean Robinson's profile photoSnow Andrews's profile photoElectrotechnology&GeneralEngineeringStudents's profile photoSnowandrews-TheOther's profile photo
 
Wonder if pirates will stay in their armchairs too? "Help my ship got hacked!"...
Add a comment...

Sean Gallagher

Shared publicly  - 
 
 
I've just learned that my sometimes boss, long-time work colleague, and good friend +Eric Lundquist  has passed on. I am  told  that he was cycling last weekend and had a massive heart attack. He was in a medically induced coma and they took him off life support today. He was 64."

I am so, so sorry to hear this. I had the pleasure of seeing him just a few weeks ago. He was a truly good guy and I will be far from the only person, in or out of tech journalism who will miss him.
9 comments on original post
1
Cristiana Gillies's profile photo
 
condolences...
Add a comment...

Sean Gallagher

Shared publicly  - 
 
This feature? Hey, +Google+ This creeps me out a little. Especially the part where it rummages through photos I don't even have on my phone anymore. good thing I have no naked selfies. 
1
Matt Ballard's profile photo
 
Turn off autobackup on your devices. Also, stories should be private until shared so you have an opportunity to review, edit and delete them. :)
Add a comment...

Sean Gallagher

Shared publicly  - 
 
So, here's an outline of what I wish I had time to say on +PBS NewsHour tonight.
1) We have lots of ideas of how the accounts of Jennifer Lawrence et al were hijacked, but we only know that attackers exploited their passwords— by using personal information and guessing, or by building a dictionary of guesses and automatically checking them by trying to log into Find My IPhone, or some combination of those two—or by using personal info to guess at the security questions used for the victims' accounts. 
2)Home Depot getting hacked is a symptom of the same problem as the celebrity photo hack: high value targets, and persistent attackers that take advantage of the weakest links in the security chain. The celebrity naked photo club and the financial cyber-mafia underground are both examples of hidden cultures empowered by technology, willing to invest time and money to get what they want: in one case, naked pictures of Jennifer Lawrence, and in the other more money via credit card data.
3)Apple's two-factor authentication is limited in its protection, but it's the only protection we've got right now (and I say we because I'm an iPhone and Mac user, and my wife and teen daughter are iPhone and iPad users).  Google's two-factor authentication is stronger. But "recovery keys" (and Google's printed keys for access away from a mobile phone) are still a weak point, because they have to be stored somewhere, and treated like the keys to the kingdom that they are.
4) There are claims via Wired that the people collecting the images may have used law-enforcement grade forensics tools from Elcomsoft to recover the contents of iPhone backups, in combination with some password exploit. The pieces of that are kind of iffy, so I'm not going to comment on that until I've seen more evidence. But the fact that there are bittorrents of forensic software floating around out there should be enough to concern everyone, because it makes it even easier to harvest the content of cloud backups.
5)Complex passwords are great in theory, but they typically fail because of how users implement them. Password managers that generate randomized passwords (such as the one built into Safari, for example) are great. But since these services usually store the passwords in the cloud, take a hard look at how they secure themselves before you use one.
6)If you'r tech savvy at all, take a few minutes, or a half hour, or a day, to explain to people you know what the hell the cloud is, and where all this stuff on their phone goes. 
7) Apple and Google need to make it easier to manage the content of users' clouds. I should be able to go and delete old backups manually,  search and destroy images I don't want in the archive, and have a way of organizing the notes and files and other mishmash that get dropped into iCloud by various apps. I should be able to have granular control over what syncs to and from each device. I should be able to time-bomb documents to delete them from the cloud after a certain amount of time. In other words, I want users to have personal DRM.
8)It would also be helpful to have in-place encryption that is based on a key other than my cloud credentials. Kthxbai.
A slew of intimate celebrity photos have surfaced this week after several celebrities’ personal online storage accounts were hacked. Though it is not clear who hacked the accounts or posted them, Apple said that the breach on its iCloud server was “very targeted.” Judy Woodruff talks to Dmitri Alperovitch of CrowdStrike and Sean Gallagher of Ars Technica. Continue reading →
5
2
Sean Gallagher's profile photoCristiana Gillies's profile photoMarie Domingo's profile photoSuzanne Kantra's profile photo
5 comments
 
Thanks for taking the time to explain, very interesting subject
Add a comment...
In his circles
361 people
Have him in circles
11,769 people
Kelly Lockhart's profile photo
吴鹏's profile photo
Theodore Kyrios's profile photo
Mark Bradley's profile photo
naika ivanie's profile photo
George Paul's profile photo
Joe Dzado's profile photo
Blaine Pike's profile photo
zio benny's profile photo
 
So, is open source really "inherently more secure"? Maybe someone should start paying people to review and patch code like bash.
1
Olivier Lamotte's profile photo
 
Isn't the big G paying for the bug bounty of open source projects?
Add a comment...
 
TL;DR: if you have stuff you don't want someone else to see, and must use iCloud, get 2 factor authentication and use a really long, non-dictionary password. Better, back up locally and encrypt. And Windows iCloud users—if you get malware'd, your account token could be snagged and used without your password.
High-end tools, simple hacks can still make iPhone data less private than we'd like.
2
1
Napoleon Batalao's profile photo
Add a comment...

Sean Gallagher

Shared publicly  - 
1
Cristiana Gillies's profile photo
 
Your daughter is so grown up since bmpcs (don't know if you want her name stated publicly!) always a great student and beautifully mannered young lady. hope she's doing wonderfully (i'm sure she is) :)
Add a comment...

Sean Gallagher

Shared publicly  - 
3
Add a comment...
6
Steven Vaughan-Nichols's profile photoZahir Gudiño's profile photoFin Wright's profile photo
3 comments
 
OK, maybe we are too connected?

Add a comment...
People
In his circles
361 people
Have him in circles
11,769 people
Kelly Lockhart's profile photo
吴鹏's profile photo
Theodore Kyrios's profile photo
Mark Bradley's profile photo
naika ivanie's profile photo
George Paul's profile photo
Joe Dzado's profile photo
Blaine Pike's profile photo
zio benny's profile photo
Work
Occupation
Tech Journalist, Researcher, Guinea Pig.
Basic Information
Gender
Male
Story
Tagline
Tech wiseacre
Introduction
I'm IT editor of Ars Technica. I've written a bunch of other places. You can see some of my clips here

I've been a telecommuter since 1994, and have been a blogger since 1996. I've been a smart-ass for a lot longer than that.




Bragging rights
Rode in an Expedition with Ice T, Richard Belzer, and Steve Gillmor once.
Education
  • University of Wisconsin, Madison
  • University of Baltimore
Links
Contributor to
Sean Gallagher's +1's are the things they like, agree with, or want to recommend.
US Navy looks to Norway for answer to under-armed Littoral Combat Ship
arstechnica.com

USS Coronado will test launch Kongsberg Naval Strike Missile this fall.

Russia publicly joins war on Tor privacy with $111,000 bounty
arstechnica.com

Interior Ministry wants way to crack down on anonymous bloggers, other criminals.

Pakistan, Iran, and… USA? New heatmap shows where NSA hacks
arstechnica.com

Slide of active computer network exploitations reveals NSA hacks all over the world.

My week as an Internet spy
arstechnica.com

Ars tests Internet surveillance—by spying on an NPR reporter.

Russians capture cigarette-smuggling drone
arstechnica.com

Low-flying Lithuanian drone flew smokes across border, guided by GPS.

Arduino gets bigger—and smaller—at Maker Faire
arstechnica.com

Arduino unveils 32-bit Zero board; LittleBits introduces Lego-like starter kit.

Iran claims to have cloned US stealth drone, but it looks fake
arstechnica.com

"Their fiberglass work has improved," says one observer.

DARPA wants drones that work like Ender’s Game
arstechnica.com

CODE project seeks autonomous, collaborating drones that respond to one commander.

Littoral failure: Navy hedges bets on high-tech littoral combat ships
arstechnica.com

DoD looks for alternatives to modular ship that are less likely to be cannon fodder.

How the NSA would get phone data under Obama administration’s new plan
arstechnica.com

Just because phone companies keep the data doesn't mean NSA won't have broad access.

White House to propose law to end NSA bulk collection of phone data
arstechnica.com

Phone companies will keep data, provided only with new court's order.

Malaysian airliner’s path ultimately tracked by satellite pings’ Doppler...
arstechnica.com

Inmarsat analysis of other planes’ signals and paths helped determine course.

Freedom-schmeedum: Turkey’s government moves to “wipe out” Twitter
arstechnica.com

Turkish ISPs use DNS redirect to try to block access to service, and fail.

Gears of war: When mechanical analog computers ruled the waves
arstechnica.com

In some ways, the Navy's latest computers fall short of the power of 1930s tech.

How CIA snooped on Senate Intel Committee’s files
arstechnica.com

It's easy to search someone's network when you hired the IT department.

FAA can’t regulate small RC aircraft as “drones,” judge rules
arstechnica.com

NTSB judge strikes down $10,000 fine against man for unlicensed "commercial use."

Facebook open-sources Thrift, again, with fbthrift overhaul
arstechnica.com

Fork of original project, now at Apache, adds guts for bigger cloud services.

The GOP arms itself for the next “war” in the analytics arms race
arstechnica.com

Para Bellum Labs, an RNC incubator, looks to change the business of campaigning.