Thursday, November 06, 2014
Tools & Techniques. For my Ethical Hackers and Computer Security students.
OS X malware infecting connected iPhones, iPads
Researchers at network security company Palo Alto Networks have uncovered a new and sophisticated form of malware which attacks iOS devices through USB connections from OS X systems. They have called it WireLurker.
Palo Alto Networks says that "...this malware family heralds a new era in malware" and if the claims are true, the find is indeed significant. It is the first malware to generate malicious iOS applications automatically through binary file replacement and can infect installed iOS applications.
The company provides more detail in a report entitled "WireLurker: A New Era in OS X and iOS Malware." [Register for access Bob]
[From the report:
Characteristics of this malware family, including its ability to infect even non-jailbroken iOS devices
(Related) Keep up guys.
Stealthy Phishing Tactic Targets Online Shoppers
Researchers at Trend Micro say they have uncovered a crafty phishing technique that can help attackers steal information while flying under the radar of site owners.
… In the case of Operation Huyao, the attacker's malicious site acts as a relay for the original site, and as long as the victim is only browsing the page, they will only see the content they would on the legitimate site. When they go to enter payment information however, things change.
"It does not matter what device (PC/laptop/smartphone/tablet) or browser is used, as the attacker proxies all parts of the victim’s HTTP request and all parts of the legitimate server’s response," the researcher blogged.
Really nothing new here.
Top 5 Facebook Scams Revealed in Two-Year Study
A two-year study by Bitdefender sheds some light on the most popular types of scams on Facebook and who is falling for them.
The study examines more than 850,000 Facebook scams. Analyzing each of them revealed the following top five bait categories for attackers looking to hit users with spam, malware or other attacks: profile viewer scams (45.5 percent); Facebook functionality scams such as claims about adding a dislike button (29.53 percent); gift card/gadget giveaway scams (16.51 percent); celebrity scams such as death hoaxes (7.53 percent); and atrocity videos with subjects like animal cruelty (0.93 percent).
[The “top 5” cover 100%? Bob]
Perhaps a new topic for my Ethical Hacking class, “Quasi-Ethical Vigilantism?”
U.S. Mulls New Tactics to Stem Wave of Cyberattacks
As hacking attacks reach epidemic proportions, the US cybersecurity community is looking at new ways to step up defense, including counterattacking the hackers themselves.
… Stewart Baker, a former assistant secretary of homeland security who now practices law in Washington, argues that limited "hacking back" could be justified, even though the legal issues are unclear.
Baker said any actions a company takes outside its own network could be viewed as illegal, but there is a strong case to be made for reaching out to networks of third parties used by hackers to transit stolen data.
"I think you are morally justified for sure" in taking such actions, Baker told AFP. "And I think the probability of being prosecuted is very low."
Baker said if a firm can locate its stolen data and has a way to recover it, "they would be crazy not to."
"They can't wait for the government to get a court order. By the time that happened, everything is going to be gone."
But going beyond that, such as seeking to take out a hacker network, would mean "taking on risks" of legal liability.
US Justice Department guidelines caution against any retaliation.
Baker said the guidelines "don't quite say it's illegal, they say it's a bad idea."
Sure to get the attention of lawyers and insurance companies.
Daniel Tepfer reports:
In a case involving a Westport doctor’s office, the state Supreme Court has ruled that patients can sue for negligence if a medical office violates regulations that dictate how medical offices must maintain patient confidentiality.
This is the first time the state’s highest court has ruled regarding this issue. Connecticut now joins Missouri, West Virginia and North Carolina in similar rulings.
“Before this ruling, individuals could not file a lawsuit claiming violation of their privacy under the (Health Insurance Portability and Accountability Act of 1996) regulations,” said Trumbull lawyer Bruce Elstein, who brought the case. “It was for that reason that we filed a negligence claim, claiming the medical office was negligent when it released confidential medical records contrary to the requirements set forth in the regulations.”
Read more on CTPost.
“Stupid is as stupid does!” F. Gump
The man accused of ambushing two Pennsylvania state troopers, killing one, used a laptop and surfed the Internet during the weeks-long manhunt that ended with his arrest last week, according to court documents.
… The fact that Frein exposed himself to capture by using a cell phone is somewhat surprising, given that officials said he had conducted Internet searches on his home computer in the last two years with queries such as "can police track cell phone" and "how to escape a manhunt.
… Frein told investigators "he had used the laptop to access the Internet using open Wi-Fi accounts he could find in the area while he was evading authorities," according to the warrant. Because most wireless Internet routers' signals can't reach farther than a couple of hundred feet at most, Frein probably was quite close to homes or businesses that had unsecured Wi-Fi.
“Saving face,” government style? Our 'Right to know' vs. our 'Right to what the government wants us to know?'
The Federal Aviation Administration (FAA) violated constitutionally protected free-press rights with a media-specific flight ban over Ferguson, Mo., earlier this year, the American Civil Liberties Union (ACLU) says.
The ACLU wrote a scathing letter to the FAA this week, accusing the agency of trying to “suppress aerial press coverage” during the events that unfolded after Michael Brown, an unarmed black teen, was shot to death by a police officer in Ferguson.
The FAA established a “no-fly zone” that was targeted at news helicopters, as well as drones, the ACLU charges.
"An air ban singling out media aircraft is an unacceptable and unlawful abridgement of the rights of a free press,” the ACLU wrote Tuesday. "It is particularly alarming when implemented during events at which law enforcement may be engaging in practices that violate constitutional rights.”
(Related) Perhaps this is a good place to point to an Infographic.
The Ethics of Data, Visualized
TRACEY WALLACE – Truth in Data: “Big data sparked public interest in the U.S. beginning with the NSA scandal. Suddenly, it was mass knowledge that not only could the government, or any entity, collect your social media, email or cell data, but they could use it against you. This concept certainly isn’t brand new, and it certainly was occurring long before the NSA’s data collection and use methods were revealed. In fact, social media platforms like Facebook are explicit in their Terms of Service as to whom your on-platform activity belongs. And, if you think it is you, you are wrong. Disable cookies from your browser and you won’t be able to use Facebook, Twitter, LinkedIn, Google and many otherwise free digital services. That’s because these platforms are not free. We all exchange our data for the service, and in turn receive more targeted ads based on who our friends are, what we say to them in email, who we retweet most often and what keywords are typically found in our digital resumes.
… In all, the biggest problem with data collection for most people is this: they didn’t know it was happening.
… Here, we break down how all the world feels about big data, the internet and how these two entities are affecting worldwide privacy and security.
Interesting. Perhaps I should “friend” Warren Buffet?
The Surprising Ways that Social Media Can Be Used for Credit Scoring
Many employers today are looking at the social media accounts of potential employees to get an idea of the type of person they might be hiring. They’re not the only ones — lending companies are also getting in on the act. And new research shows that some of the more unusual things you post or the people you might be connected to could have an impact on your credit score.
The paper, “Credit Scoring with Social Network Data,” was authored by Yanhao Wei, a Ph.D. student in economics at the University of Pennsylvania, Wharton marketing professors Christophe Van den Bulte and Pinar Yildirim, and Boston University professor Chrysanthos Dellarocas. Yildirim recently discussed their findings on the Knowledge@Wharton show on Wharton Business Radio, which you can find on SiriusXM Channel 111.
An edited transcript of the conversation appears below.
Inevitable. ...and simple physics. If I've printed a gun, I need ammunition. (I thought I was clever when I printed targets)
Shot Heard 'Round The 3D Printing World, A Bullet Designed For Printed Guns
they're just entirely too impractical to be worried about. [Not the proper way to assess risk. Bob]It was only a matter of time before someone realized that a printer could produce a pistol, but early prints have proven to be of little threat. Why? Because traditional ammunition essentially destroys the printed firearm after a single shot, plus, misfires are common. In other words, the physics of the operation make it dangerous to be on the firing side, too. By and large, that's why you haven't seen an uproar of attention around 3D weapons --
That could change, however, as a crafter from Pennsylvania has revealed a handmade bullet that effectively wraps the shot in a barrel that will absorb the impact.
The Amazing Pattern Library
“A PROJECT BY TIM HOLMAN & CLAUDIO GUGLIERI THIS ON GOING PROJECT COMPILES PATTERNS SHARED BY THE MOST TALENTED DESIGNERS OUT THERE FOR YOU TO USE FREELY IN YOUR DESIGNS.”
New technique to share with my spreadsheet class. (Google's answer to Office 365)
Google gives Microsoft office an awkward hug with new plugin
… Google has now created a Chrome plugin and new desktop Drive client that instead offers the chance to suck a document out of its cloud and into the desktop app of your choice.
… The company is also promising that when you save a document stored in Drive, the changes will be saved back to Drive.
The plugin, client, and Gmail account needed to get this going are all free to individuals.
(Related) I could use this in my spreadsheet class, but I'm leaning toward Statistics... (I have mentioned this in an earlier post.)
Zip Lookup - Demographics by Zip Code
Zip Lookup is a nice use of the Esri mapping platform. The map allows you to enter any US zip code to discover demographic data about that area. Whenever I see something like this I am skeptical of how well it will work for very small towns like the one that I live in (Woodstock, Maine). I was pleasantly surprised to find that Zip Lookup was quite accurate. In fact, it even included a blurb about the most popular satellite television stations in my zip code (my zip code is actually shared with a town, a village, and an unorganized township).
For my Android toting students.
The 8 Best Office Suites On Android For Getting Work Done
For my students who read...
Tools for Working With ePub Files In Your Browser
From time to time when you're conducting research online you may find yourself coming across an ePub file. While you may have a tablet that can read open ePub files, it may be more convenient to simply open the file in your browser. For example, when you just need to search a document rather than read the whole thing opening the ePub in your browser could save you some time. Here are a couple of tools for accessing ePub files in your web browser.
EPUBReader is a Firefox add-on that will allow you to read ePub documents within your browser. EPUBReader downloads ePub files and displays them directly in your browser. The video below offers a short demonstration.
Magic Scroll is a Chrome web app that you can use to read ePub files on your desktop or laptop even if you do not have an internet connection.
Dilbert gives you a PhD level understanding of Marketing in one cartoon!