Wednesday, May 21, 2014

The kind of article I'm hoping our student “Computer Security Club” will start producing.
How Easy Is It For Someone To Hack Your Webcam?
Without wishing to scare you, the short answer is: it’s very easy for anyone to view your webcam. The long answer is: some networked webcams require nothing more than a secret URL, while most USB or built-in laptop webcams would need the computer to be compromised first.
Here are three ways of viewing a webcam without your knowledge.

Nothing new here – unfortunately.
Trend Micro Analyzes Targeted Attack Trends
In a new report, researchers at Trend Micro found the majority of exploits involved in these incidents during the second half of 2013 focused on vulnerabilities that had patches available, including some that were patched as early as 2009.
Nearly 60 percent of the time the malware used in targeted attacks are Trojans or spyware. Next in line were backdoors (22 percent) used to establish command and control communications.
"Spear phishing is still the most seen entry point for targeted attacks," Irinco continued. "These email messages use relevant-sounding subjects that trick users into opening it and the file attachments therein that serve as malware carriers. In our 2014 prediction, we noted that mobile devices will also be leveraged by threat actors to gain entry to networks."
The full report can be read here.

The ethics of intelligence services. Long debated, long resolved. The answer is “it depends.”
Should U.S. Hackers Fix Cybersecurity Holes or Exploit Them?
There’s a debate going on about whether the U.S. government—specifically, the NSA and United States Cyber Command—should stockpile Internet vulnerabilities or disclose and fix them. It's a complicated problem, and one that starkly illustrates the difficulty of separating attack and defense in cyberspace.
… If vulnerabilities are plentiful—and this seems to be true—the ones the U.S. finds and the ones the Chinese find will largely be different. This means that patching the vulnerabilities we find won’t make it appreciably harder for criminals to find the next one. We don’t really improve general software security by disclosing and patching unknown vulnerabilities, because the percentage we find and fix is small compared to the total number that are out there.

Sic 'em, Steve! (An open letter!)
Steve Wozniak to the FCC: Keep the Internet Free

Perhaps the Privacy Foundation could work with local entrepreneurs to suggest a few areas for development? (They also moved their HQ to Switzerland)
Proving there’s money in privacy these days, secure communications firm Silent Circle has announced a $30 million funding round from investors including Ross Perot Jr. and Cain Capital. What’s more, Perot and Sir Peter Bonfield, once upon a time the head of British Telecom, have joined Silent Circle’s advisory board.
Silent Circle is most notable for the Blackphone, a privacy-centric handset, produced alongside manufacturer Geeksphone, that uses an Android fork called PrivatOS and comes loaded with all sorts of security tools including Silent Circle’s encrypted voice and text communications tools. The much-anticipated device will start shipping in June, probably mostly to enterprise and government customers.
The firm is also working with shuttered secure email service Lavabit on “Email 3.0″, which will supposedly be both secure and easy to use, and leak less metadata than today’s encrypted email protocols.

(Related) Because it occurs to me that we had discussed each of these points at one Privacy Foundation seminar or another...
Harrison Weber reports:
The National Security Agency and the FBI teamed up in October 2010 to develop techniques for turning Facebook into a surveillance tool.
Documents released alongside security journalist Glenn Greenwald’s new book, “No Place To Hide,” reveal the NSA and FBI partnership, in which the two agencies developed techniques for exploiting Facebook chats, capturing private photos, collecting IP addresses, and gathering private profile data.
According to the slides below, the agencies’ goal for such collection was to capture “a very rich source of information on targets,” including “personal details, ‘pattern of life,’ connections to associates, [and] media.”
Read more on VentureBeat.

Trust me, this is worth looking at even if just for the Internet of Things section.
Gartner's Hype Cycle report for smart-city technologies
City planners will have access to an amazing collection of technologies to build their smart cities of the future. But what technologies are coming, and when, and how will they be used? Gartner separates hype from reality with its largest Hype Cycle report.
Read Gartner's report The report is free and ungated. No sign-up required

Brief article suggesting that there are companies who can move with the times/technology. (Looks like that's good for the CEO too)
Burberry Struts Ahead With Tech Transformation Begun By Apple's Angela Ahrendts
Burberry – the high-end fashion brand and retail chain – has posted record results, aided by an advanced digital transformation. That effort was begun eight years ago by former CEO Angela Ahrendts, now the retail boss at Apple.

No doubt this will result in a bunch of “Google doesn't pay taxes!” stories. I see it as yet another indication that the tax system isn't allowing US firms to be as flexible as firms in other countries.
Google plans international acquisitions worth up to $30B, it tells SEC
Google plans to spend US$20 billion to $30 billion of its of its accumulated international profits to fund potential acquisitions of non-U.S. companies and technology rights.
The company disclosed its plans to the U.S. Securities and Exchange Commission (SEC) last year, in a document that was published Tuesday. The SEC had asked Google to describe its plans for reinvesting its undistributed earnings in greater detail.
In 2012, Google generated about half its revenue in non-U.S. markets.

Can't wait to hear what my wife says about this App. Looks like it is targeted to mixed breed owners – after all, one collie looks pretty much like another.
PetMatch uses machine vision technology to help you replace your beloved pet
Unlike Superfish’s Windowshopper app, PetMatch offers a more benign and benevolent alternative for your wallet. Just upload an image of your pet, or even someone else’s pet and let the app match you up with a nearby puppy or kitten. The app acts as an intelligent learning machine, so theoretically, it might improve your chances over time.

I get a bit cranky when I run into companies that insist on a fax rather than an email attached document. Tools/services like this keep me from running around looking for someone with antique machines. (Remember, the fax predates the phone by at least 25 years.)
No Fax Machine? No Problem — Easily Sign And Send Faxes From Your Computer
Faxing is an out-dated mode of communication, but it still lingers around at some places for one reason or another. Until we can finally kill off this antiquated machine of the past, you might need to send a fax every once in a while but find yourself without a fax machine — try HelloFax.
We have covered HelloFax briefly in the past, and even took a look at 5 other online fax services, but things have changed in the years since then, and it’s time to take an in-depth look at the best free online faxing service there is.

No comments: