My Ethical Hackers love
it! No one would really be dumb enough to use the default settings,
would they?
Popular
Remote Management Tool Allows Login Without Authentication
A
remote management tool used in some enterprises can be exploited by
attackers to remotely connect to a host without needing any
passwords, according to a Trustwave researcher.
Many
organizations use the NetSupport
software to remotely manage and connect to PCs and servers from a
central location. These systems normally are set up with either
Domain or local credentials, and shouldn't be accessible without the
person logging in. However, if the system has NetSupport installed
for remote desktop support, it
most likely has the default configuration, which allows remote users
to connect automatically without authentication,
David Kirkpatrick, a principal consultant at Trustwave, wrote in a
blog
post. The software also leaks detailed information about the
device, such as the hostname, version number, and the username.
Another
Ethical Hacker perk. Stop and go driving wastes gas, so make certain
tet you have green lights all the way to your destination!
Security
Researcher Explains Ease of Hacking Traffic Control Systems
Hacking
critical infrastructure looks extremely easy in movies, but up until
now, there was some reassurance that it wasn't as simple as just
typing a few keys. A security researcher has uncovered issues in
devices that communicate with traffic control systems that make them
highly vulnerable to attack.
Anyone
could exploit the vulnerabilities to take complete control of these
controllers and send fake data to connected traffic control systems,
Cesar
Cerrudo,
CTO of research firm IOActive,
wrote in a blog
post. According to Cerrudo, the controllers lacked basic
security features, such as encrypting communications and
authentication, which means attackers could potentially monitor and
modify what instructions were being sent to the systems.
"Basically
anyone could cause a traffic mess by launching an attack with a
simple exploit programmed on cheap hardware," Cerrudo said.
For
my Statistics students. This seems to suggest that 70-75% of
customers don't care if their data is stolen. Or perhaps the crooks
only use 25-30% of customer's credit cards? It makes no difference
to the company, they need to replace those customers.
Data
Breaches Can Lead to Customer Drop-Off, Survey Finds
Customer
churn can be one of the more painful and unpredictable parts of a
data breach, and a new study from Javelin Strategy & Research
offer some insight into how serious it can be.
According
to a survey of people who had their information exposed in a
breach, 33 percent of consumers will shop elsewhere if their retailer
of choice is breached. In addition, 30 percent of patients will find
new healthcare providers if their hospital/doctor's office is
breached, and 25 percent of consumers will switch bank/credit card
providers in the aftermath of a breach.
How big an “Oops!”
could this have been? Will we see drones launching missiles at the
wrong targets? (Oh wait, we've already done that haven't we.)
One of the downsides of
all of the new gee-whiz identification technology law enforcement is
adopting (usually with hefty federal subsidies) is that it never
works quite as well as advertised. The FBI touts
facial recognition software as the bad guy-tagging tool of the
future, but you have to dig through documents to discover that the
feds consider a false
positive rate of 20 percent to be perfectly acceptable.
We don't really know
what the false positive rate for license
plate scanners is, but we do know it has one. At least, Mark
Molner, a Prairie Village, Kansas, attorney knows it, because a
scanner misread his BMW's license plate for that of a stolen
Oldsmobile plate, and the next thing he knew, cops with guns in hand
had him surrounded and wanted to know his business.
It seems this posture
will force the use of subpoenas. Less formal requests result in
notification. Perhaps another example of corporations
changing/replacing government?
Craig Timberg reports
that tech companies are finally finding their spine to stand up for
and notify users when the government seeks users’ information:
Major
U.S. technology companies have largely ended the practice of quietly
complying with investigators’ demands for e-mail records and other
online data, saying that users have a right to know in advance when
their information is targeted for government seizure.
This
increasingly defiant industry stand is giving some of the tens of
thousands of Americans whose Internet data gets swept into criminal
investigations each year the opportunity to fight in court to prevent
disclosures. Prosecutors, however, warn that tech companies may
undermine cases by tipping off criminals, giving them time to destroy
vital electronic evidence before it can be gathered.
Read
more on Washington
Post.
“Clearly, my privacy
is more important than your privacy.” Unfortunately, this is the
wrong way to go about obtaining privacy. (see The Streisand Effect)
Prosecutors should wear Headsman's Hoods when practicing their trade.
If the prosecutor succeeds in getting his information locked out,
should they also remove the information for the judge, jury,
witnesses, court clerks, police officers, jailers, etc., etc.
Matt Reynolds reports:
Three
people-search and background-check websites jeopardize the safety of
a state prosecutor by listing his home address and telephone number,
the prosecutor claims in court.
California
Deputy Attorney General John Doe sued Radaris America and its
principal Edgar Lopin, Instant Check Mate, and Inome dba Intelius, in
Superior Court.
All
three websites allow users to pay a fee to download people’s
personal information, including criminal background checks, phone
numbers, and court judgments.
Read more on Courthouse
News.
Is this argument for
the sake of an argument? Could Big Data discriminate? No, people
discriminate. Perhaps there should be a law against discrimination.
(Oh wait, there is!) Perhaps we should continue to
analyze Big Data to determine if there is discrimination.
Tom Simonite reports:
When
President Obama spoke in January about reforming
U.S. surveillance, he also asked a panel of experts to
spend 90 days investigating the potential consequences of the use of
technology that falls under the umbrella term “big data.” The
68-page report was published
today and repeatedly emphasizes that big data techniques
can advance the U.S. economy, government, and public life. But it
also spends a lot of time warning of the potential downsides, saying
in the introduction that:
“A
significant finding of this report is that big data analytics have
the potential to eclipse longstanding civil rights protections in how
personal information is used in housing, credit, employment, health,
education, and the marketplace.”
Read more on MIT
Technology Review.
Over on The Hill, Kate
Tummarello reports:
The
White House on Thursday released a sweeping review of “big data”
practices that calls for an update to privacy laws.
Officials
who conducted the review recommended that Congress enact legislation
based on the “Consumer Privacy Bill of Rights” that President
Obama first introduced in 2012.
The
report also calls for a law to create notification requirements for
companies that suffer data breaches and urges an update to a
decades-old statute that allows warrantless access to emails.
Read more on The
Hill.
(Related?) At last!
Someone who realizes my students are terrorists!
Unless you're in the
business of defense, you may never have heard of ISS. Intelligent
Software Solutions' usual customers for data analysis solutions
include the Department of Defense, the National Intelligence
Community Agencies, NATO, the United States Coast Guard and other
military organizations here in the U.S. and abroad. Its areas of
expertise include coming up with systems for command and control,
special ops, intelligence, counter-terrorism, homeland security and
other disciplines straight from the Spy vs. Spy playbook.
Now it's pondering its
prospects for a bright future in higher education. The idea: to
apply its complex and sophisticated data integration, data analysis
and data visualization environment in helping colleges and
universities retain students.
The company, based in
Colorado, already works with
institutions such as Auburn
University in a small business and university technology
transition partnership program
What is this about? Is
there some secret underground in Australia planning revolution? If
so, shouldn't they be importing something more substantial? Is China
now in the “annoying weapons” business? (and where can I get
one?)
A
weaponized iPhone? Aussie customs seizes fakes that deliver a shock
Australia's customs
service on Thursday seized more than 6,000 weapons that arrived in
the country from China, including a batch of fake iPhones that
deliver electric shocks.
… The device looks
similar to an older iPhone. Another photo published by customs showed
the shocking mechanism on the top of the phone opposite the headphone
jack.
The fake iPhones were
among other weapons in the shipment, including brass knuckles,
extendable batons and other shock devices, according to a press
release.
Is a company a monopoly
because a majority of users prefer them or do they actually have to
do something like “charge monopoly prices?”
Antitrust
lawsuit accuses Google of mobile and Internet search monopoly
More legal mud has been
slung against Google, and this time it's an antitrust class action
lawsuit over in the US which accuses the big G of holding an illegal
monopoly over Internet and mobile search in America.
The suit,
which was filed in Northern California by consumer and employee
rights law outfit Hagens Berman, claims that this search monopoly has
been driven by Google's purchase of Android. The law firm contends
that by preloading its services and apps (Google Play and YouTube are
named as examples) onto the mobile operating system via "secret"
Mobile Application Distribution Agreements with smartphone vendors,
Google has maintained (and indeed expanded) its search monopoly.
The suit further notes
that this move by Google has pushed up prices for Android devices to
the detriment of the consumer.
I shouldn't laugh, but
I can't help it.
… The
big huge major celebrity-filled edu news this week: comedian Louis
CK tweeted
in frustration about his kids’ math homework. And really that’s
all we need to know: a famous parent questioned standardized
testing and the
Common Core.
… A Florida
elementary school will no
longer offer Mountain Dew to students pre-test. If their scores
suffer, I hope some Dew-sponsored celebrity intervenes on Twitter.
For justice’s sake.
[From
the article:
The
school had been giving students about three tablespoons of soda
before the FCAT.
Officials
at Brevard Public schools halted the practice after receiving
complaints from a grandmother who was shocked at what her
granddaughter said about her assessment test.
"She
said every morning, they had Mountain Dew," Martha Thorp told
News 13. "To me, it's a poor precedent. We're setting for
young children that they should be hyped up before a test."
… The
great LAUSD iPad saga continues: this time WiFi
issues in the schools are getting in the way of testing. (Because
clearly testing is the reason for buying all those expensive
devices.)
… An
FDA advisory panel
has recommend
that, yes, we should ban “aversive
conditioning devices”
– electric shock treatment still used in schools to manage and
discipline students with disabilities.
No comments:
Post a Comment