For my Ethical Hacking students. Perhaps we need
a “drone swatter” to keep our secrets?
Hacking
Wireless Printers With Phones on Drones
… researchers in Singapore have demonstrated
how attackers using a drone plus a mobile phone could easily
intercept documents sent to a seemingly inaccessible Wi-Fi printer.
The method they devised is actually intended to help organizations
determine cheaply and easily if they have vulnerable open Wi-Fi
devices that can be accessed from the sky. But the same technique
could also be used by corporate spies intent on economic espionage.
The drone is simply the transport used to ferry a
mobile phone that contains two different apps the researchers
designed. One, which they call Cybersecurity Patrol, detects open
Wi-Fi printers and can be used for defensive purposes to uncover
vulnerable devices and notify organizations that they’re open to
attack. The second app performs the same detection activity, but for
purposes of attack. Once it detects an open wireless printer, the
app uses the phone to establish a fake access point that mimics the
printer and intercept documents intended for the real device.
… Any organizations that are more interested
in uncovering vulnerable devices than attacking them can simply
install the Cybersecurity Patrol app on a phone and attach it to a
drone to scan their buildings for unsecured printers and other
wireless devices. A drone isn’t essential for this, however. As
the researchers show in their demo video (above), a phone containing
their app can also be attached to a robot vacuum cleaner and set
loose inside an office to scan for vulnerable devices as it cleans a
company’s floors.
(Related) Really not clear from the article what
evidence exists to base these fines on. I doubt the FAA had adequate
“drone monitoring” technology deployed. Are they relying on
anecdotal information from SkyPan? Can they derive anything from
analyzing the videos taken (if any?)
65
Unauthorized Flights Could Cost a Drone Company Nearly $2 Million
… on Tuesday, ... it announced
that it is seeking to fine SkyPan International, a Chicago-based
drone company, $1.9 million for “endangering the safety of our
airspace.” If SkyPan ends up having to pay, it’d be the largest
civil penalty ever for a drone company.
… an FAA spokesperson said that while SkyPan
was granted the Section 333 UAS exemption, the flights SkyPan is
being fined for occurred before the company secured the exemption.
For a lot of my students, including Computer
Security, Ethical Hacking, Forensics and Data Management. Easy data
access for the company/industry may not be the best way to protect
your clients. Definitely read the article.
Brian Krebs reports:
The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.
Read more on KrebsOnSecurity.com.
Surveillance is easy. Opting out does not stop
Facebook's data gathering, it only stops target ads.
Nate Cardozo of EFF writes:
The
ubiquitous blue “Like” or “Share” buttons that you see all
over the Internet are hiding an ugly secret. Starting this month,
Facebook will use them to track your visit to every Web page that
displays the buttons–even if you don’t click on anything.
Facebook will use the
data it collects to build a dossier of your browsing habits, logging
every site you visit, so it can learn those last few details about
your life that it doesn’t already know. And
there’s nothing you can do about it, short of staying
totally logged out of the social media site or tracking down and
installing a special browser extension to protect from this kind of
sneaky behavior.
Read more on The
Mercury News.
(Related) What's
good enough for Facebook...
Verizon’s
Zombie Cookie Gets New Life
Verizon is giving a new mission to its
controversial hidden identifier that tracks users of mobile devices.
Verizon said in a little-noticed announcement
that it will soon begin sharing the profiles with AOL’s ad network,
which in turn monitors users across a large swath of the Internet.
That means AOL’s ad network will be able to
match millions of Internet users to their real-world details gathered
by Verizon, including — “your
gender, age range and interests.” AOL’s network is on 40
percent of websites, including on ProPublica.
AOL will also be able to use data from Verizon’s
identifier to track the apps that mobile users open, what sites they
visit, and for how long. Verizon purchased AOL earlier this year.
Strange we haven't heard of this firm until now.
Do you think there are others we don't know about? Did anyone
contact them ask them to preserve evidence? If we are just now
starting to look at other firms, this investigation could go on for a
long, long time. Perhaps the FBI should assign more that one
part-time agent?
Tom Hamburger and Rosalind S. Helderman report:
The FBI’s probe into the security of Hillary Rodham Clinton’s e-mail has expanded to include a second private technology company, which said Tuesday it plans to provide the law enforcement agency with data it preserved from Clinton’s account.
The additional data, provided by Connecticut-based Datto Inc., could open a new avenue for investigators interested in recovering e-mails deleted by the former secretary of state — now the Democratic presidential front-runner — that have caught the interest of GOP lawmakers.
Read more on Washington
Post.
[From
the article:
Datto was hired to provide backups for the Clinton
e-mail accounts starting in May 2013 by Platte River Networks, the
Colorado-based tech firm hired earlier that year by the Clinton
family to manage the system after Hillary Clinton concluded her term
as secretary.
… Late Tuesday, officials from the two tech
firms disagreed about the possibility that years-old e-mails Clinton
has deemed personal and deleted could be recovered by the FBI.
A Datto official said that investigators may be
able to recover the e-mails if the data existed at the time the
company was hired in May 2013 and had not been altered since.
A spokesman for Platte River, Andy Boian, said his
company assumed that Datto would have retained data for only a short
period and older e-mails would no longer be available.
… The letter to Datto from Sen. Ron Johnson
(R-Wis.) cited e-mails and other documents that have been turned over
to the committee by Platte River in recent weeks that show
a more complicated array of companies involved in managing the
Clinton e-mail system than had previously been publicly known.
… Of particular interest to Johnson, according
to his letter, is whether Datto was authorized to store classified
information and whether the firm has come under cyberattack.
Does this explain my student's reluctance to
discuss the topics in my lecture?
The Flight
From Conversation
… Sherry Turkle, a clinical psychologist and
sociologist at the Massachusetts Institute of Technology, has spent
the past 30 years observing how people react and adapt when new
technologies change the ways we communicate. In her latest book,
Reclaiming Conversation: The Power of Talk in a Digital Age,
Turkle argues that texts, tweets, Facebook posts, emails, instant
messages, and snapchats—simultaneous, rapid-fire “sips” of
online communication—have replaced face-to-face conversation, and
that people are noticing the consequences. Over-reliance on devices,
she argues, is harming our ability to have valuable face-to-face
conversations, “the most human thing we do,” by splitting our
attention and diminishing our capacity for empathy.
(Related) Is it a “want” or a “need?”
Interesting graphic.
Can
Americans Keep Up With Buying the New, New Technology?
… A startling 69 percent of Americans said
that having the latest technology is “total[ly] necessary” to
their lives, according to the results of the most recent Heartland
Monitor Poll. Just 12 percent of those surveyed called new
technology “not at all necessary.”
Something to help my students take notes? No! I
don't want them all muttering into their phones.
Here’s
How to Get Accurate Voice-to-Text Conversion for Free
Free dictation apps that convert
your speech accurately to onscreen text do exist. I learned
that when I stumbled upon Dictanote
in the Chrome Web Store.
Speech recognition technology has become quite
impressive in recent times. It has given you assistants like Google
Now, Siri, and Cortana to make
your routine digital tasks easier.
… It turns out that there are other
Chrome-based speech-to-text apps, such as Voice
Recognition, that share Dictanote’s accuracy levels. That’s
because they all function on Chrome’s Web Speech API,
which
now boasts a 92% accuracy rate.
Of course, these apps may be accurate, but they’re
not flawless. If you use one, do copy-paste your notes to your
regular text editor for backup. You could even skip the app
installation altogether and use
the Web Speech API demo to dictate notes.
By the way, did you know that you can type
with your voice in Google Docs?
No comments:
Post a Comment