Unprecedented new iPhone malware discovered

[Note:  This item comes from friend Steve Goldstein.  DLH]

Unprecedented new iPhone malware discovered
By Thomas Reed
Aug 30 2019
https://blog.malwarebytes.com/mac/2019/08/unprecedented-new-iphone-malware-discovered/

A post by Ian Beer of Google Project Zero released late yesterday evening sent the security community reeling. According to Beer, a small set of websites had been hacked in February and were being used to attack iPhones, infecting them with malware. These sites, which see thousands of visitors per week, were used to distribute iOS malware over a two-year period.

History of iOS infections

Historically, iOS has never been completely free of malware, but it has mostly been limited to one of two scenarios: Either you jailbroke your device, hacking it to remove the security restrictions and installing something malicious as a result, or you were the target of a nation-state adversary. A classic example of the latter was the case of Ahmed Mansoor, in which he was targeted with a text message in an attempt to infect his phone with the NSO’s malware, now referred to as Trident.

The difficulty with infecting an iPhone is that it requires some kind of zero-day vulnerability (i.e., unknown to the security community at time of its release), and these vulnerabilities can be worth $1 million or more on the open market. Companies like Zerodium will purchase them, but widespread use of such vulnerabilities “burns” them, making it more likely that Apple will learn of their existence and apply fixes. 

This is exactly what happened in the Trident case—a clumsy text message to an already-wary journalist resulted in three separate million-dollar vulnerabilities being discovered and patched.

Thus, iPhone malware infections were always seen as problems that didn’t affect average people. After all, who would burn $1 million or more to infect individuals, unless the gain was greater than the potential cost? There was never any guarantee, of course, and Beer’s findings have upended that conventional wisdom.

Mechanism of infection

According to Beer, the websites in question “were being used in indiscriminate watering hole attacks against their visitors,” using 14 different vulnerabilities in iOS that were combined into five different attack chains.

An attack chain is a series of two or more vulnerabilities that can be used together to achieve a particular goal, typically infection of the target system. In such cases, one of the vulnerabilities alone is not sufficient to achieve the goal, but combining two or more makes it possible.

Among the vulnerabilities used, only two were mentioned as still being zero-days at the time of discovery (CVE-2019-7286 and CVE-2019-7287). These were fixed by Apple in the iOS 12.1.4 release on February 7. The remaining 12 were not zero-days at the time, meaning they were already known, and they had already been patched by Apple. The various attack chains were capable of infecting devices running iOS 10 up through iOS 12.1.3.

[snip]

The Guardian view on genetics: diversity is destiny

The Guardian view on genetics: diversity is destiny
Same sex attraction isn’t genetic. It’s human
By Editorial
Aug 30 2019
https://www.theguardian.com/commentisfree/2019/aug/30/the-guardian-view-on-genetics-diversity-is-destiny

The argument that some behaviour is “in our genes” is distrusted by the left. Too often it is used to whitewash terrible injustices. Yet it cannot be entirely dismissed. Certain patterns of behaviour and thought, such as the faculty of language acquisition, are very clearly a part of our genetic inheritance as a species. The instinct for justice itself appears to arise spontaneously in small children. The escape from the idea that genes determine our fate is not to pretend that they have no influence, but to come to understand that they can have many different, often conflicting influences, even within the same peopleand certainly within populations. This is true both of their effects on behaviour and on bodies.

Biology is a science that deals with variations. There is no one perfect type of a species. Diversity, in this sense, is not just something to aim at but something necessary for a population to flourish. The idea that natural selection works only on mutations is a deeply misleading oversimplification. It is much more likely to alter the proportions of an already existing mixture of genes. What is more, game theory shows that the balance of advantage will shift as a result of the shift in a gene’s frequency. With very few exceptions, such as the change that Noam Chomsky postulates makes possible the complexity of human syntax, few mutations are going to be so overwhelmingly advantageous that they drive out all other variants. More often, if any one variation becomes dominant, there will be an advantage for its opposite. “Normal” is thus a shifting, fuzzy category.

This is especially true of the genes which can influence human behaviour and emotional predispositions. Not only is the chain of causation from gene expression to behaviour unimaginably complex, it is also profoundly affected by outside circumstances. Identical twins, who share the same DNA, are not identical people, because they cannot entirely share the same life and experiences.

What science can do, under these circumstances, is to look for correlations between DNA sequences and observable behaviour. The correlations can, at best, give pointers towards where causes might be found. The latest effort has been to see if there is a genetic cause for homosexuality and the result is clear. There isn’t.

Using a data set of nearly half a million people, of whom 27,000 reported same sex contact, researchers found – in their own words – “In aggregate, all tested genetic variants … do not allow meaningful prediction of an individual’s sexual behaviour”. There are five loci which appear to have a measurable, though far from decisive, influence on sexual preference. Some are also involved with the sense of smell, and one is associated with male pattern baldness.

[snip]

California advances bill that would ‘lead the world’ on gig worker rights

California advances bill that would ‘lead the world’ on gig worker rights
Assembly Bill 5 would enact protections for workers, requiring them to meet three standards to be considered a contractor
By Kari Paul
Aug 30 2019
https://www.theguardian.com/technology/2019/aug/29/california-lawmakers-consider-bill-that-would-lead-the-world-on-gig-worker-rights

A bill that would fundamentally change the way tech giants – such as Lyft and Uber – engage with workers has passed a major hurdle in the California legislature.

Assembly Bill 5 would change the way businesses classify employees and dramatically expand protections for gig workers. If it becomes law, it would represent a big win for labor advocates across the state.

“This bill not only does important things immediately for workers, but also sets a framework for the future we think is really important,” said Steve Smith of the California Labor Federation.

AB5 passed California’s state assembly 53 to 11 in May and was passed Friday in a vote of 5 to 2 in the state senate’s appropriations committee. It will now move to the full senate for a vote on 13 September.

The legislation will enact protections established by the California state supreme court in a May 2018 decision known as Dynamex, which uses a three-part test to determine if contractors qualify as employees entitled to protections and benefits.

Under Dynamex, a company will have to complete an “ABC test” to classify a worker as a contractor, proving they are (a) free from the company’s control, (b) doing work that isn’t central to the company’s business, and (c) have an independent business in that industry.

If the worker doesn’t meet all three of these standards, they will be classified as an employee and entitled to benefits including unemployment insurance, health care subsidies, paid parental leave, overtime pay, and a guaranteed $12 minimum hourly wage.

AB5 would affect a number of industries relying on workers classified as contractors, including nail salons, construction companies, day cares, and others – with some exemptions. It would also fundamentally change the way gig economy companies such as Lyft and Uber function in California.

Uber and Lyft drivers demonstrated in San Francisco on Tuesday to rally support for the legislation.A bill that would fundamentally change the way tech giants – such as Lyft and Uber – engage with workers has passed a major hurdle in the California legislature.

Assembly Bill 5 would change the way businesses classify employees and dramatically expand protections for gig workers. If it becomes law, it would represent a big win for labor advocates across the state.

“This bill not only does important things immediately for workers, but also sets a framework for the future we think is really important,” said Steve Smith of the California Labor Federation.

AB5 passed California’s state assembly 53 to 11 in May and was passed Friday in a vote of 5 to 2 in the state senate’s appropriations committee. It will now move to the full senate for a vote on 13 September.

The legislation will enact protections established by the California state supreme court in a May 2018 decision known as Dynamex, which uses a three-part test to determine if contractors qualify as employees entitled to protections and benefits.

Under Dynamex, a company will have to complete an “ABC test” to classify a worker as a contractor, proving they are (a) free from the company’s control, (b) doing work that isn’t central to the company’s business, and (c) have an independent business in that industry.

If the worker doesn’t meet all three of these standards, they will be classified as an employee and entitled to benefits including unemployment insurance, health care subsidies, paid parental leave, overtime pay, and a guaranteed $12 minimum hourly wage.

AB5 would affect a number of industries relying on workers classified as contractors, including nail salons, construction companies, day cares, and others – with some exemptions. It would also fundamentally change the way gig economy companies such as Lyft and Uber function in California.

Uber and Lyft drivers demonstrated in San Francisco on Tuesday to rally support for the legislation.

“We are here today to say ‘enough is enough’, that drivers deserve the same rights and protections as employees,” said Edan Alva, a driver who lives in Alameda, California, at the demonstration. “We are here to show we have been organizing for a long time and that we are not going to go away, we will keep fighting until we get what we deserve,” he added.

“No longer will we stand back while Uber makes a fortune off the backs of workers who are increasingly an afterthought,” added Carlos Ramos, an Uber driver and organizer.

Uber and Lyft have been outspoken against the bill, arguing that their workers enjoy flexibility and should not be classified as full-time employees, and implying they cannot afford to pay benefits and higher wages to drivers.

The ride-share companies, who have intensified campaigns against AB5 in the weeks leading up to its vote, sent drivers in-app notifications to sign a petition against the legislation and reportedly even paid them to attend events in opposition to AB5. Uber and Lyft drivers were promised $25 to $100 to attend a rally in Sacramento to express opposition to AB5, according to the Los Angeles Times.

Lyft circulated a petition in emails to both drivers and customers of the ride-hailing app in California, imploring them to sign and encourage legislators to “fix AB5”.

On Wednesday, Uber proposed a policy it said would pay drivers a minimum wage of $21 per hour and provide workplace protections including sick leave and compensation for injuries while driving. Drivers say the minimum wage, which applies to time after a trip is accepted, would affect 40-60% of a driver’s time on the road and would not adequately address complaints.

In a statement, Uber argued its proposal would set a minimum earnings standard, providing stability to workers while allowing for flexibility. It touted its proposal as the first in the nation to give drivers a collective bargaining process, and stressed it would include access to benefits like sick leave and injury protections.

[snip]

Men now avoid women at work – another sign we’re being punished for #MeToo

Men now avoid women at work – another sign we’re being punished for #MeToo
A new study has found US men appear to be following Mike Pence’s lead. Maybe they’re angry that #MeToo ever happened
By Arwa Mahdawi
Aug 29 2019
https://www.theguardian.com/lifeandstyle/2019/aug/29/men-women-workplace-study-harassment-harvard-metoo

It looks like Mike Pence is quite the trendsetter. The US vice-president famously refuses to have dinner alone with any woman who isn’t his wife – and now working men across corporate America appear to be following his lead.

A new study, due to be published in the journal Organizational Dynamics, has found that, following the #MeToo movement, men are significantly more reluctant to interact with their female colleagues. A few highlights from the research include:

• 27% of men avoid one-on-one meetings with female co-workers. Yep, that’s right, almost a third of men are terrified to be alone in a room with a woman.

• 21% of men said they would be reluctant to hire women for a job that would require close interaction (such as business travel).

• 19% of men would be reluctant to hire an attractive woman.

The data above was collected in early 2019 from workers across a wide range of industries. Researchers had asked the same questions (albeit to different people and with more of a focus on future expectations) in early 2018, just as #MeToo was in full swing, and depressingly, things appear to have got worse. In 2018, for example, 15% of men said they would be more reluctant to hire women for jobs that require close interpersonal interactions with women, compared to 21% in 2019.

It’s not just men who are afraid of women, by the way. Women also appear to be increasingly wary of hiring women. The 2018 survey results found that 10% of men and women said they expected to be less willing than before to hire attractive women. (Note: the 2019 results for women are not yet public.) Internalized misogyny really is a bitch.

There’s been a lot of talk about “grey areas” in #MeToo. All this harassment business is very difficult for men, we’re told, because nobody even knows what sexual harassment is any more! Men are afraid to even shake a woman’s hand in case she thinks it’s harassment! Easier to just avoid contact altogether! What’s really interesting about this study, however, is that it thoroughly debunks the argument that men are confused about what constitutes unacceptable behavior. The very first thing researchers did was look at 19 behaviours (emailing sexual jokes to a subordinate, for example) and get people to classify it as harassment or not. Surprise, surprise, both genders basically agreed on what harassment entails.

“Most men know what sexual harassment is, and most women know what it is,” Leanne Atwater, a professor at the University of Houston and one of the study’s authors, told the Harvard Business Review. “The idea that men don’t know their behavior is bad and that women are making a mountain out of a molehill is largely untrue. If anything, women are more lenient in defining harassment.”

So there you go: most men are perfectly aware of the difference between a friendly hug and a creepy hug. They are perfectly aware of what constitutes harassment and what doesn’t. Which makes you wonder why so many men are afraid to interact with women at work?

[snip]

Teaching America’s truth

Teaching America’s truth
For generations, children have been spared the whole, terrible reality about slavery’s place in U.S. history, but some schools are beginning to strip away the deception and evasions
By Joe Heim
Aug 28 2019
https://www.washingtonpost.com/education/2019/08/28/teaching-slavery-schools/

Pacing his classroom in north-central Iowa, Tom McClimon prepared to deliver an essential truth about American history to his eighth-grade students. He stopped and slowly raised his index finger in front of his chest.

“Think about this. For 246 years, slavery was legal in America. It wasn’t made illegal until 154 years ago,” the 26-year-old teacher told the 23 students sitting before him at Fort Dodge Middle School. “So, what does that mean? It means slavery has been a part of America much longer than it hasn’t been a part of America.”

It is a simple observation, but it is also a revelatory way to think about slavery in America and its inextricable role in the country’s founding, evolution and present. Ours is a nation born as much in chains as in freedom. A century and a half after slavery was made illegal — and 400 years after the first documented arrival of enslaved people from Africa in Virginia — the trauma of this inherited disease lingers.

But telling the truth about slavery in American public schools has long been a failing proposition. Many teachers feel ill-prepared, and textbooks rarely do more than skim the surface. There is too much pain to explore. Too much guilt, ignorance, denial.

It is why, just four years ago, textbooks told students “workers” were brought from Africa to America, not men, women and children in chains. It is why, last year, a teacher asked students to list “positive” aspects of slavery. It is why, even in 2019, there are teachers in schools who still think holding mock auctions is a good way for students to learn about slavery. Misinformation and flawed teaching about America’s “original sin” fills our classrooms from an early age.

And yet as issues of race and prejudice and privilege continue to roil America, an understanding of how slavery forged the country seems all the more necessary.

Many of the Democratic presidential candidates say the nation should explore whether to pay some form of reparations to descendants of enslaved people — an issue that has been off the radar in previous presidential campaigns. And the rise of violence and vitriol fueled by white supremacy over the past decade — from the Charleston, S.C., church massacre to torchlight marches and murder in Charlottesville to the casual racism of public officials and leaders — reinforces the need for a deeper understanding of how slavery fostered and upheld that belief system.

A range of critics — historians, educators, civil rights activists — want to change how schools teach the subject. The evidence of slavery’s legacy is all around us, they say, pointing to the persistence of segregation in schools, the gaping racial disparities in income and wealth, and the damage done to black families by the U.S. criminal justice system. According to a 2018 report to the United Nations by the Sentencing Project, a nonprofit organization that advocates reducing racial disparities in prison sentences, American judges will send one in three black boys born in 2001 to prison in their lifetimes, compared with one in 17 white boys born the same year.

The failure to educate students about slavery prevents a full and honest reckoning with its ongoing cost in America. Teaching the truth about slavery, critics argue, could help remedy that. But that means acknowledging and exploring slavery’s depravity. It means telling the personal stories of enslaved people, the physical and psychological cruelty they endured, the sexual violence inflicted upon them, the separation of husbands and wives, parents and children.

The difficult truth means explaining to students not just how this practice of institutionalized evil came to be but also how it was accepted, embraced and inculcated in American daily life since enslaved Africans were brought to Jamestown, Va., 400 years ago. Slavery was not accepted by everyone, of course, but by enough that it was protected by laws, reinforced by practice and justified or excused in all corners of the country.

For the 50 million students attending public school in America, how they are taught about America’s history of slavery and its deprivations is as fundamental as how they are taught about the Declaration of Independence and its core assertion that “all men are created equal.” A deep understanding of one without a deep understanding of the other is to not know America at all.

McClimon wanted the hard lessons about slavery to sink in as he led students through course work that didn’t shrink from describing its horrors. He showed them a photo of an enslaved man so severely whipped that his back was more scar tissue than smooth skin. They watched Hollywood actors read devastating personal accounts of former slaves, some of whom had been separated from loved ones they would never see again. They discussed resistance, escapes, uprisings.

[snip]

Finger lickin’ fake chicken: KFC’s Beyond Chicken is as tasty as the real thing

[Note:  This item comes from friend Steve Goldstein.  DLH]

Finger lickin’ fake chicken: KFC’s Beyond Chicken is as tasty as the real thing
By Patrick HearnAug 28 2019
https://www.digitaltrends.com/cool-tech/review-beyond-fried-chicken-kfc-taste-test/

When I arrived at the KFC at 11:15 a.m., I expected maybe a little more the usual lunch rush — not the line that wound around the building or the backup of traffic that stretched a mile up the highway. I also didn’t expect the green-and-white stripes that replaced the traditional red-and-white color scheme of America’s favorite fried chicken restaurant.

Everyone there had turned out to try the new Beyond Fried Chicken from KFC, a plant-based alternative to real chicken. The product was created through a partnership with Beyond Meat. KFC used the Smyrna, Georgia location as a test to gauge customer interest in the product and determine whether Beyond Fried Chicken might be a candidate for expanded distribution. After all, no one likes fried chicken like southerners.

I parked at a nearby lot and made my way to the KFC, where I had to search for the end of the line. So many people had gathered that the line had looped around on itself in a sort of chicken-fueled ouroboros. While the customer demographic definitely skewed toward the younger generation, people from all walks of life turned out to try the food. A couple that ran a local, plant-based pizzeria chatted with everyone in line and rocked matching hats and tee-shirts to represent their restaurant. An elderly couple smiled at those around them. Even a few people wearing PETA shirts were there.

The sign outside the restaurant read, “A Kentucky Fried Miracle,” and the scent of fresh food made my mouth water. And finally, after two and a half hours in line, I had the chance to order. By then the location had limited orders to a single six-piece combo per person. Supply had begun to run low within hours of the restaurant opening and some of those in line worried they might not get to try the food we had all waited for.

I ordered a six-piece combo with a side and drink for a total of $6.88. Compared to the normal cost of a menu item at KFC (and the cost of Beyond Meat products in general), this felt like a steal. Excited and ready for lunch, I sat down and tore open the box to take my first bite.

The Beyond Fried Chicken is tasty, with a sort of reminiscent of school cafeteria chicken nuggets. The Beyond nuggets were just a tad dry and a bit light on seasoning given KFC’s usual fare, but they blow the competition out of the water. The Beyond Fried Chicken nuggets had the taste of texture of real chicken. Held against competing vegetarian products like the Morningstar Farms chicken nuggets, where the taste is right but the texture is just a bit lacking, there’s no competition: Beyond Fried Chicken wins out.

[snip]

Brace for impact, Washington. Progressives are going to win.

Brace for impact, Washington. Progressives are going to win.
By Cenk Uygur
Aug 28 2019
https://beta.washingtonpost.com/opinions/2019/08/28/brace-impact-washington-progressives-are-going-win/

Cenk Uygur is the host and founder of “The Young Turks” and chief executive of TYT.

In 2016, I warned that Donald Trump could win. Right after that year’s Democratic National Convention, with Hillary Clinton peaking in the polls, I made that predictionon ABC News’s “This Week.” Several other panelists, all members of the Washington establishment, laughed. But I stuck with my view, and I told our audience on “The Young Turks” on election night: Buckle up, and brace for impact. Trump is going to be president.

Now, I have another prediction for the Washington establishment. Brace for impact: Progressives are going to win.

Why did I think Trump was going to win? Because he was a populist — a fake one, yes, but at least he was savvy enough to fake it. Whereas the Democratic Party thought it was savvy to pick the most status quo, establishment candidate it had ever picked. That was wrong then, and it’s wrong now. That thirst for anti-establishment populism is the same reason I’ve been saying from Day One in this cycle that a progressive is going to win the Democratic nomination and easily defeat Trump.

In fact, at the end of Election Day 2016, I declared that Sen. Elizabeth Warren (D-Mass.) would destroy Trump in 2020. Now an Economist-YouGov poll puts Warren within one point of former vice president Joe Biden. A Monmouth University poll has Warren and Sen. Bernie Sanders (I-Vt.) at 20 percent, one point ahead of Biden. Biden’s lead in an average of polls has already crumbledsince shortly after he announced in late April. And if Biden loses his lead, does anyone think he will retake it? Not a chance.

Neither Biden nor centrist Democratic leadership will simply admit defeat. They have plenty of money and plenty of sympathetic media voices to amplify their message. But do you really expect Biden to turn things around? He has already changed his entire strategy once. He makes huge gaffes day after day. While Warren and Sanders draw thousands, his audiences are far smaller. His campaign is gasping for breath, and we’re only in August. The Biden fade has begun. I’m not sure he will even be in the race by Iowa.

Pundits keep insisting that Americans want a moderate Democrat. They will even bring on figures such as Claire McCaskill to say this, even when they lost their seats running as moderate Democrats. Your bias has to be pretty thick not to see the irony of that. Do you really think it’s an accident that two of the top three candidates are the two biggest progressives in the country? Do you think it’s a coincidence that John Hickenlooper and John Delaney peaked at 2 percent? The electorate does not want a moderate or conservative Democrat, no matter how much the mainstream media tries to will it into existence.

This race now isn’t between Warren and Biden; it’s between Warren and Sanders. And for progressives, that’s a dream come true.

Why has so much of Washington failed to take Sanders and Warren seriously? Because almost everyone in power in Washington dislikes progressives and can’t believe that anyone else would ever like them. For years now, pundits, reporters and even Democratic leaders have struggled to figure out why young voters love Sanders so much when so few in Washington support him. It’s because for 40 straight years he has been fighting for the same principles: decent health care, good wages and more equality. Washington Democrats find that annoying, unmalleable and uncooperative. The rest of us see a hero who refuses to bend to the will of the establishment.

This is why we progressives are going to win: The rest of the country doesn’t like politicians, big business or big media. I know that’s a tough pill to swallow if you’re in those crowds, but it’s true. Politicians, big media and big business all poll horribly.

TV pundits keep insisting that “the American people” want what they want. The commentators and the lobbyists want a standard, polished politician who will say one thing and do another. They find that strategic. Real Americans find it gross.

[snip]