About a year ago, Zachary McCoy took a bike ride around his neighborhood in Gainesville, Florida. It may have been forgettable to him, but not to history. Because McCoy used an app to track his mileage, the route was forever etched in the Google-verse and attached to his name.
On the day of this ill-fated bike ride, McCoy passed a certain neighbor’s house three times. While this normally wouldn’t raise alarm, the neighbor happened to be the victim of a burglary that day, and had thousands of dollars worth of jewelry stolen. The Gainesville police had zero leads after a four-day investigation, so they went to the county to get a geofence warrant. Thanks to all the location data McCoy had willingly generated, he became the prime suspect.
Continue reading “Geofence Warrant Sends Bicyclist’s Privacy Over The Handlebars”
[Mary Ann Davidson], chief security officer of Oracle, is having a bad Tuesday. The internet has been alight these past few hours over a blog post published and quickly taken down from oracle’s servers. (archive) We’re not 100% sure the whole thing isn’t a hack of some sort. Based on [Mary’s] previous writing though, it seems to be legit.
The TL;DR version of Mary’s post is that she’s sick and tired of customers reverse engineering Oracle’s code in an attempt to find security vulnerabilities. Doing so is a clear violation of Oracle’s license agreement. Beyond the message, the tone of the blog says a lot. This is the same sort of policy we’re seeing on the hardware side from companies like John Deere and Sony. Folks like [Cory Doctorow] and the EFF are doing all they can to fight it. We have to say that we do agree with [Mary] on one point: Operators should make sure their systems are locked down with the latest software versions, updates, and patches before doing anything else.
[Mary] states that “Bug bounties are the new boy band”, that they simply don’t make sense from a business standpoint. Only 3% of Oracles vulnerabilities came from security researchers. The rest come from internal company testing. The fact that Oracle doesn’t have a bug bounty program might have something to do with that. [Mary] need not worry. Bug Bounty or not, she’s placed her company squarely in the cross-hairs of plenty of hackers out there – white hat and black alike.
[Adam Dachis] published an essay a couple of days ago called Why We Hack. In it he discusses the outlook that hacking, on all of its various levels, is a simple form of disobedience. We have to agree with him. Manufacturers would like you to think that voiding the warranty is as good as smashing the product to bits. But we all know that if you can’t crack it open you don’t really own it. [Adam] says we can sit around and complain about it, or we can do better. So crack it open, dump the firmware, and make it do your bidding.
If you haven’t already seen it, you should also go back and watch [Corey Doctorow’s] keynote address from Toorcon 8. He discusses freedom of information and hits especially hard on End User License Agreements (EULA) and the ills they cause. We’ve never seen someone hit the target quite as well as he does in this fantastic speech.
Installing OSX on commodity PC hardware has advanced a lot since the early days of OSx86 when Apple switched to Intel. With the advent of netbooks, a new target platform has emerged; one that doesn’t have an official Apple equivalent. The small subset of models means that it’s easy to find someone else that has the same machine as you, but it still takes some forum walking to bring all the pieces together. Gizmodo has done this and compiled a comprehensive guide for the Dell Mini 9. The Mini 9 is a very nice machine and according to Boing Boing Gadgets’ chart, one of the most compatible with OSX. Earlier this week you could purchase a new one for just $200.
For Gizmodo’s install, they used a Leopard retail DVD with [Type11]’s bootloader. They’re breaking the EULA, but at least it’s not piracy. They had to use both a DVD drive and a USB hard drive because device recognition was flakey. Despite this, the actual install process doesn’t appear to be too difficult. They say all the hardware works, “The Mini 9 is a beautiful OS X machine.” Check out this Hackit to learn about netbook OSX experiences from other Hack a Day readers.