I probably won't recommend that my Ethical Hacking
students follow this business model. Probably.
Hacking
Team Adobe Flash Zero-Day Exploited By Money-Hungry Criminals
In recent years, crypto luminary Bruce Schneier
has noted that today’s surveillance tools are tomorrow’s
cybercriminal playthings. Hacking Team has offered proof of that, as
one of its zero-days – unpatched and previously-unknown software
vulnerabilities – is being exploited by crooks.
The Adobe Flash zero-day uncovered
in the trove of 415GB data leaked by the Hacking Team hacker has
been packaged into “exploit kits”. Such kits sold for as much as
$15,000 and used to launch attack code on web users’ PCs or phones
as they peruse the internet. Two of the most popular kits, Angler
and Neutrino, have adopted the Flash flaw. Anyone who visits a site
or opens a file in which the exploit kits are hidden risks being
infected with malware and having their data stolen, as Adobe has not
yet provided a patch.
… Unlike many other vulnerability hunters,
Hacking Team doesn’t disclose its findings to the vendors, leaving
it open to criticism that it is failing to help protect users of
popular software, even though it has the knowledge and the power to
help.
(Related)
(Related)
Consider this today’s “must-read” report on
surveillance. Cora Currier and Morgan Marquis-Boire report:
Documents obtained by hackers from the Italian spyware manufacturer Hacking Team confirm that the company sells its powerful surveillance technology to countries with dubious human rights records.
Internal emails and financial records show that in the past five years, Hacking Team’s Remote Control System software — which can infect a target’s computer or phone from afar and steal files, read emails, take photos, and record conversations — has been sold to government agencies in Ethiopia, Bahrain, Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, South Sudan, Azerbaijan, and Turkey. An in-depth analysis of those documents by The Intercept shows Hacking Team’s leadership was, at turns, dismissive of concerns over human rights and privacy; exasperated at the bumbling and technical deficiency of some of its more controversial clients; and explicitly concerned about losing revenue if cut off from such clients.
Read more on The
Intercept.
A new website for my Computer Security students.
Cybersecurity
Nexus
ISACA’s Cybersecurity Nexus™ (CSX) is the
premier cyber security resource, offering everything you need to go
beyond what’s expected and stay ahead of the curve in the
ever-changing cyber landscape.
We are currently the only organization in the
cyber security field that provides a single, comprehensive source for
performance-based certification, networking, professional membership,
training, and education. Whether you want to grow, learn, or connect
with thought leaders in the industry, CSX will elevate your career
today and tomorrow.
I doubt this is the end of it. Politicians are
not interested in logic or truth when they want something. They
certainly will ignore anyone they believe is less well known or
“popular” than they are. Perhaps we could get Taylor Swift to
endorse encryption?
Iain Thomson reports:
With congressional hearings due on Wednesday to discuss US government plans to force tech companies to install backdoors in their encryption systems, some of the leading minds in the security world have published a paper on how, and if, such a system would work.
The authors of the 34-page paper [PDF] read like a who’s who of computer security: they are Whitfield Diffie (who along with Martin Hellman invented public key encryption); crypto guru Bruce Schneier; Ronald Rivest (the R in RSA), Matt Blazer, the killer of the Clipper Chip; Professor Ross Anderson from Cambridge University; and 11 other senior figures in the field.
Read more on The
Register.
@EFFLive
will be live-tweeting tomorrow morning’s hearing where FBI Director
Comey will testify about “going dark.” Read their comments here
So it's not just that guy from the Subway ads.
Nate Raymond reports:
A Federal Bureau of Investigation search warrant has provided a rare glimpse into the increasingly complex efforts of U.S. law enforcement to combat child pornography online, leading to the seizure this year of a website with nearly 215,000 users.
The search warrant, unsealed on Monday in federal court in Brooklyn, New York, showed that the FBI seized the website’s North Carolina server on Feb. 20 but allowed it to remain operating for about two weeks while authorities investigated its users.
Interestingly, they not only had a warrant, but
permission to use some offensive hacking, it seems:
Before shutting down “Website A,” as court documents call it, on March 4, the FBI obtained a search warrant from a judge in Virginia that authorized it to use a technique that would cause a computer to send it data anytime a user logged on.
Read more on Reuters.
How common is this?
FBI seeks
help in identifying 250 victims of 'sextortion' scheme
The FBI on Tuesday asked
for the public's help in identifying some 250 victims of a Florida
man who it says extorted teenage girls to send him explicit photos of
themselves or engage in sexual behavior.
… According to
court testimony, Chansler targeted about 350 girls in 26 U.S. states,
three Canadian provinces and the United Kingdom in the "sextortion"
scheme in which he typically posed as a 15-year-old boy who liked to
skateboard.
… The agency said
forensic analysis of Chansler's computer found hundreds of folders,
each with a victim's name and personal information, containing chat
logs, images and videos, some showing the girls crying or pleading
with him not to expose them.
I'm surprised this hasn't become a major
Presidential campaign issue. After all, it combines current
technology, millions of potential voters, health and narcissism, all
dear to the heart of every politician. (Digest Item #2)
Russia
Releases a Guide to Selfies
Selfies are now such an accepted
part of everyday life that the Russian government has produced a
guide
to staying safe while taking selfies. The informational pamphlet
suggests taking selfies may be much more dangerous than any of us
previously realized, with a number of Russian teenagers having
reportedly died doing this seemingly innocuous activity.
Thus, the Ministry of Internal Affairs (MVD) warns
against taking selfies while driving, standing in the road, crossing
railroads, driving a speedboat, standing on a roof, and many other
rather obvious examples. The most obvious piece of advice included
in the pamphlet is not to take a selfie while holding a gun. Because
Charles Darwin knew what he was talking about.
The general theme here is be aware of your
surroundings when taking
a selfie. If you’re walking down some stairs or near a
cliff-edge, doing so may not be such a good idea. Equally, if there
are cars driving at you, or a dog snarling in your ear, now may not
be the best time to whip out your phone and smile for your Facebook
friends. Whatever happened
to common sense? [It
was never truly common. Bob]
(Related) Now that you're sober you want to hide
the 'selfies' you took when you weren't.
Consumer
Watchdog files FTC complaint on Right to be Forgotten
by Sabrina
I. Pacifici on Jul 7, 2015
Consumer
Watchdog news release: “Google’s failure to offer U.S. users
the ability to request the removal of search engine links from their
name to information that is inadequate, irrelevant, no longer
relevant, or excessive is
an “unfair and deceptive” practice, Consumer Watchdog
said in a complaint
today to the Federal Trade Commission. In Europe where the Internet
giant has removed 41.3 percent of such links when requested, this is
known as the “Right To Be Forgotten.” More accurately this
ability is the “Right To Relevancy” or “Privacy By Obscurity”
for the digital age, said Consumer Watchdog. “Google’s refusal
to consider such requests in the United States is both unfair and
deceptive, violating Section 5 of the Federal Trade Commission Act,”
wrote John M. Simpson, Consumer Watchdog’s Privacy Project
director. “We urge the Commission to investigate and act.”
Google’s recent announcement that it would honor requests to remove
links from its search results to so-called “revenge porn” –
nude or explicit photos posted without the subject’s consent –
shows that Google could easily honor Right To Be Forgotten requests
in the U.S., Simpson said. “The Internet giant aggressively and
repeatedly holds itself out to users as being deeply committed to
privacy. Without a doubt requesting the removal of a search engine
link from one’s name to irrelevant data under the Right To Be
Forgotten (or Right to Relevancy) is an important privacy option,”
Consumer Watchdog’s complaint said. “Though Google claims it is
concerned about users’ privacy, it does not offer U.S. users the
ability to make such a basic request. Describing yourself as
championing users’ privacy and not offering a key privacy tool –
indeed one offered all across Europe – is deceptive behavior.”
(Related) How to search for everything Google
won't show you? Avoid any bias in your search? Something for the
Big Data toolkit?
Gigablast
plans to power search for Internet Archive
by Sabrina
I. Pacifici on Jul 7, 2015
News
release: “Shortly after releasing its web search engine as open
source and available for free download, Gigablast,
Inc. has inked a deal with the Internet
Archive. Gigablast has agreed to provide search for the
archive’s 400+ billion web documents. After conducting tests, the
Internet Archive found that its users prefer the quality of
Gigablast’s search results over the leading open source search
engine solutions. “We’re proud to work with the archive to help
unleash its true potential. Right now you can’t effectively search
their hundreds of billions of documents. That’s going to change,”
says Matt Wells, CEO of Gigablast. “We are providing them with the
technical support to get Gigablast up and running. When we are done,
they could be the biggest search engine ever created. They’ve
tried the other search solutions out there and they can’t scale
anywhere close to Gigablast’s levels. Gigablast is a proven, free
solution that makes information discovery easy, and saves you time
and money. It’s a considerable alternative to SOLR or
elasticsearch.” Wells continues, “On a further note, there has
been some confusion that Gigablast was recently acquired by a company
called Yippy. This is untrue. Gigablast is still a thriving
independent entity [emphasis added] and has no affiliation
with Yippy, Inc.”
The new economics? A global virtual currency.
Citigroup
Is Testing Its Own Bitcoin: 'Citicoin'
The day has come: Banks can’t
ignore Bitcoin anymore. Not even the biggest of the big.
First up is Citigroup, the New York City-based
global banking giant recently revealed to the International
Business Times that it is developing its own version of
Bitcoin. Predictably branded ‘Citicoin,’ the virtual currency
was coded by Citigroup’s research and design arm, Citi Innovation.
Still in the early testing phase, a patent has not been filed for the
mainly open-source cryptocurrency, which is based off of Bitcoin and
its core blockchain ledger technology, a chronological public ledger
of all Bitcoin transactions that have ever taken place. This
approach will allow for less complicated and less costly cross-border
payments and other transactions.
Do you think they ask: “What would capitalists
do?”
China announced a
flurry of new moves Wednesday to halt a stock market slide. The
result? Another big dive in share prices.
The government told state companies and executives
to buy shares, raised the amount of equities insurance companies can
hold and promised more credit to finance trading.
For my IT Governance students.
Banking on
Chief Data Officers
Gartner has predicted that 25 percent of
organizations will employ
chief data officers (CDOs) by 2017. The figure will be higher,
50 percent, in heavily regulated industries like banking and
insurance, the research firm believes.
The financial services industry has a head start
on many other industry sectors when it comes to appointing CDOs,
found Capgemini. According to its report titled "Stewarding
Data: Why Financial Services Firms Need a Chief Data Officer,"
nearly 16 percent of financial services companies have CDOs, vs. 11
percent in health care and 9 percent in the public sector, for
example.
There might be something here for my older
students too. Worth a quick look.
Join Me for
a Morning and Afternoon of Free Webinars
On July 22nd Simple
K12 is hosting a morning and afternoon of free
webinars about Google tools for teachers. The webinars will
start at 10:00am Eastern Time and run until 1:30pm Eastern Time.
… These free
webinars are designed for folks who are new to using Google
tools. Teachers who would like to pick up some tips for teaching
others how to take advantage of the great things that Google has to
offer will also enjoy the content of these webinars. Click
here to register.
… FreeTech4Teachers.com
will make the recordings available for 2 weeks following the event.
But be sure to register so you will be notified.
(Related) We're no longer in a Microsoft
controlled environment.
Google Docs
vs. Microsoft Word: The Death Match for Research Writing
… now we are entering the era
of the Cloud, and online solutions are gradually becoming the
norm. The main player in this area is Google Docs which resides in
Google Drive
… First off, Google Docs has got a few things
going for it — it’s online, it’s free and it syncs
across devices. That alone is probably enough for most
people to abandon even the notion of going for Office, which has to
be installed, probably on only one computer, and you have to
continually copy your files over to a USB stick or email them to
yourself.
… in Google Docs’ favor is the Research
tool.
… as you write your paper, you can search for
whatever you are looking for. It will also display information based
on what you are working on. Drag and drop text from the Research
toolbar into your paper. A click on the link adds it to your
document, and a Cite button will helpfully add the
selected page as a source in the footnotes for you.
“Stupid is as stupid does.” F. Gump
Cops hate
this gun-shaped iPhone case
I think Wally has been
coaching my students!
No comments:
Post a Comment