Recalls follow Jeep hack | Is Flash finished? | Scourge of secret ads

The Hack and the Furious

Nothing is sacred when it comes to hacking – not even cars. This week in Wired, security researchers Charlie Miller and Chris Valasek demonstrated an attack that allowed them to take control of a Chrysler Jeep Cherokee from a remote Internet connection.

Not surprisingly, the experiment raised plenty safety concerns. After the story came out, Chrysler posted how drivers can patch the vulnerability exploited by Mr. Miller and Mr. Valasek, and today recalled 1.4 million cars in the US. Rob Graham, cofounder of Errata Security, argued in a blog post that the benefits of conducting car hacking tests far outweigh the safety risks of the experiment itself. “I, for one, praise these two,” he wrote, “and hope they continue their research – knowing full well that they'll likely continue to make other sorts of minor mistakes in the future.”

Transportation Secretary Anthony Foxx said at a Christian Science Monitor breakfast this morning his agency has "urged the auto industry to develop a roundtable of sorts to focus in on issues like cybersecurity" and wants more public-private collaboration "to make sure the security of our vehicles is air tight."

But the Electronic Frontier Foundation worries that automakers will wield laws to prevent other research from exposing vulnerabilities within vehicle computers. Specifically, it says, the Digital Millennium Copyright Act has chilled independent research on automobiles. Any action that could break security measures to get to a technology’s copyrighted source code, even for research, could be interpreted as breaking the law. The EFF filed for an exemption to the law for research, which was met with opposition from automakers. // Malena Carollo

Flash back, Flash forward The life and uncertain future of Adobe’s troubled multimedia Flash Player. // Joe Uchill

Opinion: Why the US government must lose cryptowars 2.0 Law enforcement’s argument today is just as flawed now as it was in the 1990s. We cannot bend software or cryptography to our will – technology is science, not magic. // Elissa Shevinsky The cost of secret ads  A study by security company Forensiq found that more than 5,000 apps were secretly running ads in the background unbeknownst to users. The ads, found on both Apple and Android devices, can slow down the phones significantly and cheat advertisers out of revenue generated from mobile ads. The study projects that nearly $1 billion will be lost by advertisers to this kind of fraud, as it distorts the clicks per minute rate and provides false information on user traffic. In some cases, five ads at a time were running in the background. The study did not name any of the apps, but Bloomberg reported that a company called Girls Games Only created several of the affected apps. Its apps were taken out of the Google Play store Thursday. This practice is not allowed by either Google or Apple. // Bloomberg   You're Invited: Rethinking Commercial Cyber Espionage The United States is nearly alone in professing that states should not spy for the private sector's commercial benefit. But should the United States join its adversaries in spying for profit? Or would experimenting with economic espionage erode the West's credibility and moral high-ground, leaving us worse off than before? Register here to join CrowdStrike's Dmitri Alperovitch, Steptoe & Johnson's Stewart Baker and Harvey Rishikof of the American Bar Association at the Atlantic Council on Wednesday, July 29th for a conversation moderated by American University's Melanie Teplinsky. The event runs from 4 p.m. to 5:30 p.m. and will be livestreamed on Passcode. Google study shows that security pros don't trust antivirus. Trust the pros  A study by Google shows that while most people's top security strategy is an antivirus program, it doesn't even make security pros' top five security measures. Why don't people in the know like antiviruses? Antiviruses were long the gold standard in stopping viruses – it's even in the name. They work by finding identifiable blocks in malware. That made sense when viruses spread by one infected computer strike a new victim. But most current attacks come straight from an attacker, who can change the program just enough to avoid detection or even design it to change automatically. Even Symantec, makers of Norton Antivirus, acknowledge that antiviruses alone are no longer capable of protecting a system. An antivirus might be useful as part of a comprehensive strategy to stop malware, but the front line of defense is to eliminate the vulnerabilities that malware uses to invade a computer. That means keeping software up-to-date – the security pros' top strategy for cybersecurity. // Joe Uchill   Hacking Team: A business plan  A case study in the private market for vulnerabilities based on contracts exposed in the Hacking Team data breach. // Vlad Tsyrklevich Homeland Security Chief acknowledges there's plenty of surveillance But it probably is a stretch for the headline to say he's going "off  [law enforcement's] 'going dark' script" on encryption // The Intercept Hacking Team: We're '100% complian[t] with laws and regulations' – our attackers aren't  Hacking Team would like the media to emphasize the point that it is the victim after a data breach released its e-mails, which did reveal the firm's questionable business practices. // Hacking Team TECHNOLOGY FRIDAY Windows 10 Review - Mark Hachman, PC World Best Cellphone Plans 2015 - Stewart Wolpin, Tom's Guide The Top 12 Disruptive Tech Trends - Anne VanderMey, Fortune You Might Want to Rethink Your Email Introductions - A. Sanwal, Quartz Why Apple Won't Allow Reviews For iOS 9 Yet - David Nield, ReadWrite Apple's Secret Android Plan for the Apple Watch - Computerworld Pandora's Growth Continues as Competition Heats Up - Fortune Why Investors Are So Happy with Amazon - Ruth Reader, Venturebeat Google Glass Gaining Ground in Business - Rachel Metz, MIT Tech Review Why Is Comcast Interested in New Media? - Zach Epstein, BGR