Archive for December, 2011

WiFi, DDoS Vulnerabilities, Cyber-Attacks Lead Week’s Security News

Software security flaws dominated news headlines this week, as security experts discussed the implications of a vulnerability that was found in several Web application frameworks.

Microsoft issued a security advisory highlighting the flaw in ASP.NET with workarounds on how to mitigate the issue. The flaw, publicized at the Chaos Communication Club’s security conference in Germany, involved the way that Web application frameworks create too large hash tables in order to process certain parameters in a Web request. An attacker could exploit this large hash table flaw to trigger a denial-of-service condition.

The company followed up the advisory with an out-of-band patch later in the week to fix the issue. Microsoft managed to quickly turn around the fix by packaging it with a.NET patch that had already been scheduled for January’s Patch Tuesday release. Adding the fix of the new hashdos bug to the .NET patch provided the fastest possible response, according to Andrew Storms, director of security operations for nCircle.

“We consider Microsoft’s reaction and implementation speed outstanding, as they were only notified at the tail end of the German security researchers’ work,” said Wolfgang Kandek, CTO of Qualys. Apache said it has already addressed the issue in its Tomcat software, but Oracle did not respond to eWEEK’s queries on its plans to update Java and related products. PHP, Python and Ruby are also affected.

The emergency patch was the first, and last, out-of-band update issued by Microsoft in 2011. It brought the company’s total number of patches released this year to an even 100.

Another serious vulnerability uncovered this week was in WiFi Protected Setup, a protocol commonly used to secure wireless networks. The standard was adopted in 2007 and was intended to make it easy for home users and small office administrators to set up secure wireless networks by requiring devices to enter the router’s eight-digit PIN before being allowed to connect.

However, a flaw in how the protocol was designed meant attackers had to guess only the first four-digits of the PIN in a brute-force attack. US-CERT issued a warning, acknowledging there was no fix available at this time and users should disable WPS and use WPA2 encryption with strong passwords instead.

Over the Christmas holidays, a group of hackers claiming to be part of the Anonymous group targeted Stratfor, a publisher of global intelligence data, and dumped email addresses of more than a quarter-million people and some credit card information online. Another group of Anonymous members issued a statement criticizing the attack, highlighting the collective’s loose structure. Stratfor said the list contained information of people who subscribe to its publications and did not include its client list. The Website will remain down for the time being and victims will receive a year of identity protection coverage from CSID, a Stratfor spokesperson told eWEEK.

The dumped data contained 859,311 email addresses, 68.063 credit card numbers and 50,618 addresses, according to analysis performed by Identity Finder.

Raytheon acquired Henggeler Computer Consultants for an undisclosed sum this week, making it the last security acquisition of 2011. Henggeler Computer Consultants provides enterprise architecture, software, analytics and cloud services to the intelligence and defense community.

 

 



Article source: http://feeds.ziffdavisenterprise.com/~r/RSS/eweeksecurity/~3/PXIax-fk6F4/

,

No Comments

Latest Phishing Scams Target Users of New Christmas Gadgets

Cyber-criminals have been busy in the days after Christmas, targeting users with new gadgets and computers with phishing and malware campaigns.

Malware infections spiked 25 percent on the day after Christmas, according to data released by SpywareRemove.com, a site that tracks malware infections by visits to its site. There was a small jump, about 4 percent, between Dec. 24 and Dec. 25, and a 25 percent spike between Dec. 25 and Dec. 26, according to the site.

“The bad guys know there is fresh blood out there and they do their best to infect and destroy,” said Alvin Estevez, editor of SpywareRemove.com and CEO of Enigma Software, suggesting that many of the infected machines were new systems users had received for the holidays.

There was a high number of rogue anti-spyware and fake antivirus activity during this time period, according to SpywareRemove.com, with five scareware programs accounting for more than 35 percent of the infections reported by the site. The fake tools had names such as “Win 7 Security 2012,” “Vista Security 2012,” “XP Security 2012,” “XP Antivirus 2012” and “Win 7 Anti Virus 2012.”

“We saw a lot of rogues having a field day on Christmas Day and the day after,” Estevez said.

Mac security-software company Intego reported a “vast phishing attack” targeting Apple customers that emerged “on or around” Christmas day. The phishing email attempted to trick Apple customers into clicking on a link in order to update the billing information on their accounts because it was “out of date,” Intego said in its Mac Security blog.

The fake messages were sent with the subject “Apple update your Billing Information” and appeared to come from [email protected] The link in the email appeared to be leading to store.apple.com, but actually pointed to a numeric IP address that was not part of Apple’s network.

Users who clicked on the forged link were directed to a page that looks nearly identical to the real sign-in page and encouraged to enter their Apple ID and password, according to Intego. Users were then asked to update the account profile, as well as the credit card information. The phishing page looks very realistic as many of the elements on the page were taken from Apple’s official pages, Intego said. The malicious email was also well-written and grammatically correct, which is unusual for these kinds of scams.

“These well-crafted emails could fool many new Apple users, especially those who may have found an iPhone, iPod or iMac under their Christmas tree, and set up accounts with the iTunes Store or the Mac App Store for the first time,” Intego wrote on the blog.

There have been several “aggressive” phishing attacks targeting .mil email accounts this month, according the United States Army. In one campaign, criminals sent an email with the subject line “Deposit Posted,” and pretending to be sent by the United Services Automobile Association, a financial services company for veterans, military personnel and their families.

The email itself did not have any links, but contained a file infected by the Zeus Trojan which would compromise user computers when it was opened. Other attacks targeted military installations and defense facilities by sending personnel official-looking emails appearing to come from senior officers. The messages contained instructions to download and install some kind of software as part of a “critical security measure,” according to an article on the U.S. Army Website.

Researchers at Dell SecureWorks had noted an “uptick” in phishing scams referencing problems with shipping orders or recent purchases and cancelled deposit slips during the holiday season.

 



Article source: http://feeds.ziffdavisenterprise.com/~r/RSS/eweeksecurity/~3/rXvKy4UVq5Y/

,

No Comments

Duqu, Stuxnet Built on Common Platform With Other Similar Super-Malware

Further
analysis of the Duqu Trojan has revealed that the platform that was used to
develop Stuxnet and Duqu may have been used to create similar Trojans,
according to Kaspersky Lab.

By analyzing
the software drivers used by both Stuxnet and Duqu, Kaspersky researchers
determined that both Trojans were built on the same platform, which the
security firm has dubbed “Tilded,” Alex Gostev, head of the global
research and analysis team at Kaspersky Lab wrote Dec. 28 on the Securelist blog.

Both Stuxnet
and Duqu appear to have been created back in late 2007 or early 2008, and other
pieces of malware with similar capabilities were built on the same platform,
Gostev said.

Gostev
examined two key drivers and variants that were used in both Stuxnet and Duqu,
as well as two previously unknown drivers that were similar to the ones used.
Not only did the same group of people develop Stuxnet and Duqu, but they likely
worked simultaneously on multiple variants, Gostev said. The other pieces may
be in the wild and not yet detected, or the developers may have decided not to
release them, he said.

“Stuxnet
and Duqu are two of them—there could have been others, which for now remain
unknown. The platform continues to develop, which can only mean one thing—we’re
likely to see more modifications in the future,” Gostev wrote.

Stuxnet was
first discovered in June 2010 when it attacked and damaged software and
equipment used in Iranian nuclear facilities. Stuxnet took advantage of
multiple zero-day vulnerabilities in Microsoft Windows, including an
escalation-of-privilege flaw and exploited Microsoft’s AutoRun functionality to
spread across computers via infected USB drives.

Duqu was
discovered
by researchers at CrySyS lab at the Budapest University of Technology
and Economics in September and has infected machines in various countries
around the world, including France, the Ukraine and Sudan. Duqu also took
advantage of a zero-day vulnerability in the Microsoft Windows kernel. Unlike
Stuxnet, Duqu doesn’t appear to have been designed to attack industrial control
systems, but to steal information.

“We
believe Duqu and Stuxnet were simultaneous projects supported by the same team
of developers,” Gostev wrote.

The
architecture used to create Duqu and Stuxnet appears to be the same, relying on
a driver file that loads a main module designed as an encrypted library,
according to the analysis. There is also a separate configuration file for the
whole malicious package, as well as an encrypted block in the system registry that
defines the location of the module being loaded.

Gostev said
“with a fair degree of certainty” that the Tilded platform had been
created around the end of 2007 or early 2008 and underwent significant changes
in the summer and autumn of 2010. The malware developers had compiled a new
version of a driver file a few times a year, and used the newly created
reference file to load and execute the main module of some other malicious
software, according to Gostev.

The developers
are tweaking ready-made files instead of creating new drivers from scratch,
which allows them to make as many different driver files as they like, each
having exactly the same functionality and creation date, Gostev said. These
files can also be signed with legitimate digital certificates and packaged into
different variants.

 





Article source: http://feeds.ziffdavisenterprise.com/~r/RSS/eweeksecurity/~3/jvbNAItuVs8/

,

No Comments

Data breaches in 2011 carry unknown personal costs

datatheft.JPGView full sizePortland Police said in February that Steven Terrill of Northeast Portland was the ringleader of a network of suspects who were involved in vehicle thefts, creating fake credit cards and selling stolen property on Craigslist and eBay. Portland police, Clackamas County sheriff’s deputies and Tigard police confiscated trucks full of stolen property. They searched seven locations after an investigation into the fencing of more than $2 million worth of commercial and residential goods the past two years. The searches marked the end of an eight-month investigation into what police described as one of the largest burglary, identity theft and stolen property operations in recent history in the metropolitan Portland area. In 2011, news about the loss of personal data became background noise. Unless it happened to you.

Dec. 26: Hackers obtain personal records for as many as 44 million Internet users, especially gamers and social media users.

Dec. 25: The Anonymous collective claims to have stolen thousands of credit card numbers and other personal data from clients of Texas-based Stratfor, a security think tank.

Dec. 24: Criminals take personal data for about 20,000 applicants for credit cards at China’s Taishin International Bank.

Dec. 23: The Virginia Department of General Services starts notifying 600 or more people that their Social Security numbers have been visible on an agency website for 10 years.

Dec. 22: The Oregon Department of Human Services says someone stole a computer that contained private information for about 300 people.

Those are just some of the known breaches reported recently.

In Oregon, repercussions are still echoing from the loss of data servers by health insurance firm Health Net Inc., which acknowledged learning in January that as many 1.9 million current and former policyholders, including 124,000 Oregonians, could be affected.

The nonprofit Privacy Rights Clearinghouse lists Health Net as one of the nation’s six most significant data breaches in 2011. A state investigation is under way into the reason for Health Net’s delay in notifying its Oregon clients.

Health Net subscribers weren’t notified of the lost data until March, and then, in August, the company notified the state that an additional 6,000 Oregonians were affected. And it sent corrective letters to 40,000 other state residents to tell them that, contrary to what they were told in March, their data may have been lost after all.

The delay was “completely, totally outrageous,” said Jeremy Gray, a Health Net client who is also the benefits administrator for the Oregon State Public Interest Research Group (OSPIRG). “Health Net didn’t do anything for three months. That seems weird to me.”

Following a nudge from OSPIRG, the state Department of Business and Consumer Services opened an investigation into the Health Net breach. Investigators are examining whether the insurer complied with a relatively new Oregon law that requires companies or agencies to notify clients “in the most expeditious time possible” when it learns that their personal data may be lost or exposed.

That investigation is continuing, David Tatman, administrator of the state’s Division of Finance and Corporate Securities, confirmed Thursday.

OSPIRG health care advocate Laura Etherton says the Health Net case is one of the first big tests of Oregon’s law. “Is the law strong enough?” she asked. If consumers weren’t told for two months that their personal information was exposed, that’s two months when they weren’t checking their credit reports or their billing statements. And in cases when data are lost or stolen, she said, “time is of the essence.”

OSPIRG’s Gray says the contractor Health Net hired to respond to queries has given inconsistent responses about whether members’ data were compromised. He said he’s had no contact from Health Net since March, even though he is responsible for informing OSPIRG staffers about their benefits.

The health care sector is seeing a startling growth in the number of reported breaches of personal data, driven by the increasing use of mobile devices, new federal requirements and, often, a failure by employees to focus on securing personal data, according to Portland’s ID Experts, a data security solution firm.

ID Experts sponsored a patient privacy study released last month by the Ponemon Institute that found health care data breaches rose 32 percent last year, costing organizations $2.24 million each, on average.

Part of the reason for the sharp rise, said Richard Kam, ID Experts president, is that the health care sector has “so much less fraud detection” than there is in the financial services industry. Health care providers and insurers, generally, practice a “pay and chase” model of pursuing fraud, he said, meaning that most interdiction occurs after a violation has occurred.

At the same time, Kam noted, health care is highly regulated, making health sector participants more motivated to report breaches than, say, nurseries or makers of flat-panel screens. In fact, it’s impossible to know how many firms or agencies expose private data, because many firms prefer to protect their reputations by concealing such lapses.

They know they risk the ire of clients and customers who learn that the company failed to protect their private information.

“Joe,” a 58-year-old, Sebring, Fla., man interviewed by The Oregonian after he posted on Reddit about his case of identity theft, still doesn’t know how his personal information was hijacked. But he knows in excruciating detail how it was used. He agreed to discuss the matter on the condition that his name not be published, as he’s still cleaning up the mess.

Just before Halloween, he found that data thieves had used his information to acquire a Sears MasterCard, a Macy’s American Express card, a Nordstrom Visa card and individual store accounts at Bass Pro Shops, Kohl’s, Mattress Giant and others. When retailers issued the fraudulent cards, he said, the thieves instantly charged them up to the limit. “They were experts,” he said.

Joe took it upon himself to start calling the banks and retailers that issued the cards. He estimated last week that he’s spent 20 hours on the phone so far — “and I was probably on hold for 18 of those.”

He said he is a careful consumer, shredding correspondence, checking ATMs before using them and avoiding dubious e-commerce sites. But it wasn’t until he got a call asking whether he had charged $3,500 on his Visa card that he knew he had a problem. He didn’t have a Visa card, and the charge occurred 200 miles from where he lived.

By being diligent, Joe hasn’t suffered any losses. But he says, “when I go to the mailbox, I cringe a little.”

–Mike Francis

Article source: http://www.oregonlive.com/business/index.ssf/2011/12/data_breaches_in_2011_carry_un.html

,

No Comments

Android 4.0 update hell makes NoDo look like heaven

The NoDo update, which brought copy and paste to Windows Phone, was a low point for the OS, with the update taking about 3 months to roll out to all handsets.

Now Fudzilla has written an article calling the Android 4 update a joke.  The OS update was first demoed in May 2011, and released in October 2011.

Since then the only one device with the OS has been released, the Samsung Galaxy Nexus, and one handset, the Samsung Google Nexus S, has received the update.

FudZilla writes:

crying_android_thumb180-5203074Google announced ICS Android 4.0 Ice Cream Sandwich a couple of months back, and so far it has managed to ship a single device with this new OS, the Galaxy Nexus. The second device to get an ICS 4.0 update was the old Google Nexus S, but OTA updates for the Nexus have been suspended due to technical issues. There is still no third device with ICS on board and we won’t see any for at least a few weeks.

Companies are now announcing their own ICS upgrade schedules. LG says that their top devices get ICS in Q2 2012 (April 1 to June 30), while others will have to wait a few more months. Sony Ericsson should have ICS around Q2, if not earlier. Motorola and Samsung are reportedly scheduled to start updating their devices in Q1, but the process will inevitably drag on well into Q2. Worse, Samsung won’t roll out an ICS update for the Galaxy S, which sold in record numbers last year and it’s still a pretty nice phone with an affordable price tag.

In best case scenario, we might see some Android 2.3 to 4.0 update in Q1 but the best chance is to see some new phones launching with Ice Cream Sandwich at the Mobile World Conference, in Barcelona in last days of February. 

Apple has IOS 5 in all of its phones capable of supporting the new OS for months now and at least the top two iPhones today, if not the top three, will get an update to the next version, guaranteed. Microsoft is also doing a pretty good job in the update department with Mango.

By the time LG and Samsung roll out updates for the Optimus 2X, the world’s first dual-core phone and the best selling Samsung Galaxy 2 phones, Optimus 3 should be launching as well as Samsung Galaxy S III. In some countries, LG rolled Android 2.3 just a month ago and by that time, Google already announced and showed Android 4.0.

Sounds a lot like the bad old Windows Mobile days, does it not? Charlie Kindel blamed poor sales of Windows Phone on Microsoft’s commitment to its users at the expense of OEMs and carriers.  While I would love Windows Phone to do a lot better, as an existing owner I really appreciate Microsoft doing it right, rather Google’s antiquated way.

Would our readers rather have 200 million other Windows Phone 7 users and a bad update story, or have a much rarer handset which will get regular updates on time? Let us know below.

Thanks Milad for the tip.

25

About Surur

Site Admin and Windows Phone enthusiast, he has been using Windows Mobile devices since before they were called PocketPC’s. He is currently sporting a HTC 7 Trophy.


Article source: http://wmpoweruser.com/android-4-0-update-hell-makes-nodo-look-like-heaven/

, ,

No Comments

China says man dies of bird flu

BEIJING—A bus driver in southern China who contracted the bird flu virus died Saturday, health authorities said, in the nation’s first reported human case of the deadly disease in 18 months.

We Also Recommend:

Recent Stories:

Tags:

Asia
,

Bird flu
,

China
,

Health

Article source: http://newsinfo.inquirer.net/120433/china-says-man-dies-of-bird-flu

, ,

No Comments

Watercooler: Tips for protecting personal data while shopping online

As more shoppers turn to their computers and mobile devices to shop, spending smartly is about more than knowing how to get a good deal.

Consumers can save money, time and hassle by buying online, but they’re also targets for identity theft and online scams.

So before you whip out that credit card and power up your laptop or tablet, here are some tips to protect your personal information:

Update your computer’s anti-virus and anti-spyware software » If you’re using a wireless connection, make sure it’s encrypted with a password.

Strengthen your online passwords » Avoid predictable passwords such as pet and spouse names, birthdays and consecutive numbers. Instead, incorporate random numbers, symbols and capitalized letters.

Use credit cards instead of debit cards » A stolen debit card gives an identity thief a direct line to your bank account; by using a credit card, you’ll be better protected from fraud and face less liability in the event your card number is stolen. Review your credit card statements monthly for unauthorized charges.

Shop at trusted brands with secure websites » Before making a purchase, check your browser’s status bar for “https://” URLs that indicate secure connections when placing orders. Look for delivery guarantees from online retailers and keep hard copies of order confirmations.

Be on the lookout for phishing and email scams » One popular scam sends emails, purportedly from UPS or DHL, alerting recipients that a package has been sent and asking them to fill out an attached form with their personal information. Don’t open any attachments; instead, delete the emails.

Use common sense » Beware of suspicious emails that request information such as your social security number or that promise a special deal. If something sounds too good to be true, it probably is.

Article source: http://www.sltrib.com/sltrib/money/53005444-79/online-card-credit-personal.html.csp

, ,

No Comments

Tech To Watch 2012: Android Gets Secure?

Android is the leading smartphone operating system, but it’s not just its ubiquity that makes it a juicy target for hackers. The open Android Market is highly vulnerable to software threats. According to Juniper Networks, malware in the Market has skyrocketed 472 percent since July 2011—although Google refutes those figures.

 To help shape up Android’s defenses, some of the leading PC security software companies have released security suites for the OS, complete with virus and malware protection. Plus, Android’s Ice Cream Sandwich OS beefs up security. With an average of 700,000 Android device activations daily, and 3.7 million activated over the Christmas weekend, those improvements can’t come soon enough.

Why It’s Important

According to Mark Kanok, Symantec product manager, malware developers working hard to develop new types of malicious code. Some of the more dangerous known types of malware are premium dialers. These nasty apps force a device to call or text “premium” numbers, which rack up huge wireless charges.

Another growing threat preys on users who look up trending search terms. Text- and email-based attacks are also on the rise, as are attacks that use a phone’s near field communications chip against it. For now, there are just a few NFC-enabled smartphones, such as the Samsung Galaxy Nexus, but malware writers and hackers could wreak havoc with the identities of users who participate in programs such as Google Wallet or who share information via Android Beam.

How It Will Change Your Life

Beyond not opening links sent to you from strangers, you might consider adding McAfee’s Mobile Security for Android ($29.99 per year), Symantec’s Norton Mobile Security ($29.99 per year), or Lookout Mobile Security ($29.99). Each provides users with antivirus, anti-spyware, anti-fishing protection, as well as backup, remote lock, wipe, and tracking features. Each app is also available as a free version with fewer features.

In Android 4.0, Google will help protect devices by featuring full encryption and by making it harder to install malicious code.

“This is a very important feature for these devices to be considered enterprise-ready,” said Stacy Crook, senior research analyst for mobile enterprise at research firm IDC.

Outlook

While Ice Cream Sandwich plugs some of Android’s security holes, it will take a long while for the OS to become the most popular flavor. In the meantime, expect mobile security suites to help protect devices running older software, as well as help even the latest Google-powered phones stay one step ahead of the bad guys.

Article source: http://blog.laptopmag.com/tech-to-watch-2012-android-gets-secure

, ,

No Comments

Hackers release credit card, other data from Stratfor breach


The hackers released e-mail addresses, credit card numbers and other data from people who had signed up or paid for geopolitical intelligence briefings from Stratfor.

The hackers released e-mail addresses, credit card numbers and other data from people who had signed up or paid for geopolitical intelligence briefings from Stratfor.

Hackers released more data obtained from a breach of Stratfor, including e-mail addresses and credit card numbers, the geopolitical intelligence firm confirmed to CNET today.

In a post on Pastebin by someone using the “AntiSec” moniker, there are links to downloads of data on different sites, some of which were removed by midday today. The data dump follows the release of a list of Stratfor (Strategic Forecasting) clients on December 25 and a warning from hackers that they had more sensitive data to release, including unencrypted credit card data.

“It’s time to dump the full 75,000 names, addresses, CCs and md5 hashed passwords to every customer that has ever paid Stratfor. But that’s not all: we’re also dumping ~860,000 usernames, email addresses, and md5 hashed passwords for everyone who’s ever registered on Stratfor’s site,” the post says, adding that 50,000 of the e-mail addresses end in .mil or .gov domains.

“We almost have sympathy for those poor DHS employees and australian billionaires who had their bank accounts looted by the lulz … But what did you expect?” the post says. “All our lives we have been robbed blindly and brutalized by corrupted politicians, establishmentarians and government agencies sex shops, and now it’s time to take it back.”

The post then goes on to warn that hackers will attack “multiple law enforcement targets from coast to coast” on New Year’s Eve and that there will be “noise demonstrations” outside of jails and prisons around the world in solidarity with the prisoners.

“Stratfor regrets the latest disclosure of information obtained illegally from the company’s data systems,” the company said in a statement. “We want to assure our customers and friendsthis was not a new cyberattack, but was instead a release of information obtained during the previous security breach. The latest disclosure included credit card information of paid subscribers and many e-mail addresses of those who receive Stratfor’s free services.”

Asked to comment on the timing of the breach and why the company was not using encryption, Stratfor provided this statement: “We don’t have any information on that at the moment. But I want to assure you Stratfor is working with law enforcement to investigate the cyberattacks and will release results soon. In the meantime, we will be providing periodic updates on our response to the attacks.”

Meanwhile,the company is offering to pay for a one-year subscription to identity protection services for anyone affected by the breach. The corporate Web site will not be back up for another week or so, Stratfor CEO George Friedman wrote in a post on the company’s Facebook page that was also sent to subscribers via e-mail.

“To say we wish this hadn’t happened is a massive understatement,” he wrote. “As I have stated in prior emails to you, I sincerely apologize for these unfortunate events. Our investigation and coordination with law enforcement is ongoing, and we will continue to update you as more details become available.”

On Thursday, the hackers said they had breached the Web site of SpecialForces.com and claimed to have 14,000 passwords and data on 8,000 credit cards, although the data was encrypted. The hackers also claim to have copies of as many as 2.7 million Stratfor e-mails that they plan to release.

AntiSec, which is a coalition of members of the de-centralized Anonymous group of hactivists and the more mischievous LulzSec offshoot, claimed credit for attacks earlier this year on police, sheriffs and other law enforcement agencies in the U.S. and Italy, defense and government contractors including Booz Allen Hamilton and HBGary Federal, and government agencies in Chile, Zimbabwe, and Brazil.

Stratfor may have hit the hackers’ radar when it warned members of Anonymous in November not to wage war on the Zetas drug cartel in retaliation for the alleged kidnapping of an Anonymous member. “As Mexican cartels have targeted online journalists and bloggers in the past, hackers could well be targeted for reprisal attacks,” Stratfor wrote in a report on OpCartel.

Article source: http://news.cnet.com/8301-27080_3-57350361-245/hackers-release-credit-card-other-data-from-stratfor-breach/

,

No Comments

Stop reading this and pay attention to the road!

It’s a good thing Gertrude Stein never said, “A phone is a phone is a phone.” Clearly, these days, her tautology would be a disconnect, received like a dropped call. The mobile devices we’re so dependent on, attached like an extension of our brains, are so much more. Ultimately, they allow everything to be knowable.

But while the smooth, mirrored glass on an iPhone presents a funhouse from which anyone can observe all the YouTube videos, Facebook updates, Tweets and apps, ad infinitum and at an instant – when blended with the speed of driving, it’s enough to send a person careening through the glass of a car windshield onto the hard, real world pavement.

Reconciling the collision of these two worlds will take some discipline, growing pains and – if the National Transportation Safety Board has its way – regulation. Last week, the NTSB recommended that every state ban the use of mobile devices by drivers. That includes hands-free devices too. No texting, no phoning, no nothin’.

Today, nine states and D.C. prohibit all drivers from using handheld cell phones while driving. Except in Maryland, all laws are “primary enforcement” – an officer may cite a driver for using a handheld cell phone without any other traffic offense taking place. As for text messaging: 35 states and D.C. ban it for all drivers. And even if you’re thinking of reading that text message at a stoplight, don’t. Maryland’s texting-while-driving law, which took effect in October, prohibits all drivers in Maryland from using an electronic device to write, send, or even read a text message while operating a motor vehicle in the travel lanes of the roadway.

Clear as a lens at the Space Telescope Science Institute, these laws make sense.

It’s all too common a phenomenon to look over, behind or in front and see a fellow commuter juggling the wheel, his coffee mug and his lifeline to the Internet, and want to honk a wake-up call so he get back to reality.

Yet, he who is without fingers should cast the first PDA out the window.

The challenge is, if these apparatuses are becoming extensions of us, providing guidance on how we live, shop, work and play, then how conceivable is it that we can actually exist sans contraption?

After all, we live in a world where media cannot not be found. We’ve become so accustomed to it always there, always on, that we reference it before we even look to the reality it’s supposed to be displaying. The postmodern philosopher Jean Baudrillard described this brave new world as hypereality, or as a map so detailed that it ends up taking the place of that which it is referencing. (By the way, he wrote about this long before there were Garmin GPS devices loaded in every new car.)

Navigating around the obstacles all this media displays, and more than a bit ironic (just as part of the virus is needed to create the antibody), Sergey Brin, co-founder of Google and an investor in Tesla Motors, has recently been on the road to achieving the vision of a driverless car. Indeed, it was reported that via artificial intelligence, deploying GPS video cameras and radar sensors, driverless cars – which have been successfully tested in California – could soon be all over our roads, with the result being fewer accidents and lighter, streamlined vehicles. Holy Knight Rider!

But until all our cars can drive themselves, we should continue to heed the advice given by the band The Doors: “Keep your eyes on the road, your hands upon the wheel.”

ABOUT THE WRITER

Abe Novick is a writer and communications consultant in Towson, Md. His email is [email protected] He wrote this for the Baltimore Sun.

Article source: http://www.sacbee.com/2011/12/30/4152687/stop-reading-this-and-pay-attention.html

, ,

No Comments