Hackers can use a security exploit in Facebook to “decrypt and sniff out” IDs of Facebook users by using one of the vulnerable Facebook API. Allowing them to gain access to the personal information of millions of Facebook users Including their name, location, phone number, pictures and other personal data.
Wednesday, August 12, 2015
Again, no one noticed the hack? For 5 years? Short sales that pay off in just 30 minutes should stand out like a sore thumb. Who was asleep on the job?
Feds: Hackers Stole News Releases, Made $100M from Trades
… The group includes two Ukrainian men who are believed to be the hackers, plus 30 other people from the U.S. and elsewhere who made the stock trades.
… The Ukrainian men are said to have led the scheme over a five-year period. They hacked at least two newswire services, stealing hundreds of corporate earnings announcements before they were released.
… In some cases, the traders shared a portion of their illicit profits with the hackers. [How else were they compensated? Bob]
(Related) Does Facebook have “”insider” access or can I safely trade on this information?
Facebook is reportedly working on an app that breaks news alerts
Deny. Deny. Deny!
Farzan Hussain writes:
Read more on HackRead – and keep reading so that you read Facebook’s response to the researcher’s multiple attempts to get them to take the vulnerability more seriously.
Here's my idea for a final exam: my Ethical Hacking students try to stop my Corvette, my Computer Security students try to protect it. (Assumes I can talk the University into buying me a Corvette “for academic purposes.”)
How texting a Corvette could stop it in its tracks
As if recent research on car hacking wasn't frightening enough, a new study shows yet another danger to increasingly networked vehicles.
This time around, academics with the University of California analyzed small, third-party devices that are sometimes plugged into a car's dashboard, known as telematic control units (TCUs).
Insurance companies issue the devices to monitor driving metrics in order to meter polices. Other uses include fleet management, automatic crash reporting and tracking stolen vehicles.
In order to collect vehicle data, TCUs have access to the electronic brain of an automobile, the CAN (Controller Area Network) bus, which transmits and receives messages from many vehicle systems. The TCUs also have SIM cards, which give them cellular network connectivity in order to send information.
The researchers found a variety of security vulnerabilities which allowed them in a real-world demonstration to cause a Corvette to suddenly brake by sending a text message to the TCU, which then accessed the CAN bus, according to a study made public Tuesday.
Not hacking, but not very good IT Governance either. My students should be able to design a process that does not rely on the same employee to give the written test, score the driving test, enter and then “correct” computer records.
Feds Say California DMV Employees Traded Cash for Licenses
As many as 100 commercial truck drivers paid up to $5,000 each to bribe state Department of Motor Vehicles employees for illegal California licenses, federal authorities said Tuesday.
… Court records say the employees changed computer records to falsely show that drivers had passed written and behind-the-wheel tests after they were bribed by the owners of three truck-driving schools between June 2011 and March 2015.
“Social media, it's where the evidence is!”
The number of times that governments asked Twitter to provide account information in the first half of 2015 was more than 50 percent greater than in the previous six months, the company said on Tuesday.
Twitter revealed the data as part of its twice-yearly transparency report, which also covers requests made by private copyright holders.
From Jan. 1 through June 30, the company received 4,363 government requests worldwide for account information related to 12,711 accounts on Twitter, Periscope or Vine. Twitter provided at least some information in response to 58 percent of the requests.
That represented a roughly 52 percent increase from the number of requests received in the second half of 2014, during which the company received 2,871.
(Related) See for yourself.
Gnip Launches Full-Archive Search API To Provide Instant Access To Nine Years Worth Of Tweets
… Until now, companies have been able to pull instant reports using up to 30 days’ worth of historical tweets. Today, through Gnip, Twitter is turning that instant access on for its treasure trove — the full archive. All nine years’ worth of tweets.
(Related) Is your message getting out?
t factor: A metric for measuring impact on Twitter
by Sabrina I. Pacifici on Aug 11, 2015
“Based on the definition of the well-known h index we propose a t factor for measuring the impact of publications (and other entities) on Twitter. “The new index combines tweet and retweet data in a balanced way whereby retweets are seen as data reflecting the impact of initial tweets.
Implications for 3D printing?
A court case argued Tuesday over a product to straighten teeth has become the latest front in the battle over the open Internet.
Major technology trade groups and open Internet advocates have urged the U.S. Appeals Court for the Federal Circuit to strike down a ruling by the U.S. International Trade Commission (ITC) that found it has the authority over the import of data that represents a digital good — an expansion from its historical authority over the import of physical goods.
Chief Circuit Judge Sharon Prost, one of the three judges reviewing the case, put the issue into clear focus Tuesday. She said she was confused by the government's attempt to try and "cabin" what would be a huge legal precedent into nothing more than a case about straight teeth.
"It does seem to me that if we were to affirm the commission here, we would be saying the ITC has jurisdiction over electronic transmissions," she said during oral arguments. "I don't see very many limiting principles there that might apply to future cases."
… The case was brought by Align Technology — the maker of Invisalign — which successfully urged the ITC to bar rival company ClearCorrect from importing infringing products into the United States. ClearCorrect has appealed.
The quirk that has riled tech companies and open Internet supporters is that ClearCorrect did not import physical dental aligners, over which the trade commission has historically had authority. Instead, the company imported digital files that allowed it to print the dental aligners in the United States.
In an alleged attempt to circumvent U.S. patent protections, ClearCorrect scanned customers' teeth and eventually printed out the clear dental aligners in the United States. But the patented method used to create the blueprints for the corrective braces was done in Pakistan. This back-and-forth was done digitally by uploading and downloading data online.
This has been handled poorly. Who has been advising Hillary to stall? Will anyone ask her to name the system she used to handle classified emails if the only device she had only handled unclassified?
Hillary Clinton to Turn Over Private Email Server to Federal Authorities
Hillary Clinton is turning over to federal authorities the private computer server she used to handle her emails when she served as secretary of state, an unexpected move and an attempt to quash concerns that her unorthodox approach included insufficient safeguards to protect government secrets.
A spokesman for Mrs. Clinton’s presidential campaign on Tuesday said she had directed her team to give to the Justice Department both the computer server—which had been kept at her home in Chappaqua, N.Y.—and a thumb drive containing copies of her emails. [At last! An electronic copy of the emails! Bob]
… She also has said the server was wiped clean of more than 31,000 emails that involved personal matters such as wedding plans, vacations and yoga routines.
… A subsequent review by federal government watchdogs found four emails out of a sample of 40 that contained classified material, although the information hadn’t been marked classified at the time it was sent.
One of the watchdogs—the intelligence community’s inspector general—sent a letter to lawmakers on Tuesday saying two of those four emails contained “top secret” information, a higher classification than previously known.
… Secretary of State John Kerry said in an interview with CBS on Tuesday that it was highly likely that his emails were being intercepted and read by Russia or China, an acknowledgment that there is an extreme level of foreign intelligence interest in collecting communications from the U.S. government’s top diplomat.
Not so social media?
Tinder just lost its mind on Twitter over a Vanity Fair story
Tinder is not happy with Vanity Fair.
The tech company's PR just went on a 30+ tweet tweetstorm lambasting the magazine for a recent feature story in the September issue of Vanity Fair.
The article, titled "Tinder and the Dawn of the 'Dating Apocalypse,'" uses Tinder to talk about the effects of technology and smartphone dating apps on youth "hook-up" culture and dating.
Using a series of anecdotes of millennials at bars, big city hangouts, and colleges, Nancy Jo Sales paints a picture of Tinder and its competitors (Bumble, Hinge, OkCupid, etc) as signaling a death knell for modern courtship.
I'm not the only one who thinks this is a bit of a stretch. Why do politicians talk like the world is made of wishes?
Dollar could suffer if U.S. walks away from Iran deal: John Kerry
If the United States walks away from the nuclear deal with Iran and demands that its allies comply with U.S. sanctions, a loss of confidence in U.S. leadership could threaten the dollar's position as the world's reserve currency, the top U.S. diplomat said on Tuesday.
"If we turn around and nix the deal and then tell them, 'You're going to have to obey our rules and sanctions anyway,' that is a recipe, very quickly ... for the American dollar to cease to be the reserve currency of the world," U.S. Secretary of State John Kerry said at a Reuters Newsmaker event.
… New York-based Boris Schlossberg, managing director of FX Strategy, BK Asset Management, challenged Kerry's reasoning. He said the dollar’s status could be compromised only if the United States was unable to compete economically on a global scale.
“The reality of the situation is that the U.S. dollar hasn’t been this strong in decades. The thought that it could be replaced as a reserve currency is laughable at this point on a geopolitical basis and nothing in the Iran deal even remotely touches upon that issue,” he added.
Economists and financial analysts have often conjectured that a competing currency like the euro or the Chinese yuan will eventually dethrone the dollar as global trade and financial patterns shift. But the U.S. currency’s position has been largely immune – mostly for lack of any good alternative.
Being a world class cheap bastard, my answer is, “Yes.” (See next article for a hint about how I do it)
Can You Get By Using Purely Open Source Software?
For all my students.
This Is How You Can Get Microsoft Word for Free
For my Homeland Security, Ethical Hacking, and other students.
American Military University To Host National Security Virtual Career Fair
For those people interested in pursuing a career in national security, mark your calendars for Aug. 20 as American Military University (AMU) will be hosting a Virtual Career Fair featuring federal and private sector employers. AMU employee Jaymie Pompeo offers some pointers in preparation for the Virtual Career Fair.