Wednesday, October 07, 2015

For my Ethical Hacking students. Perhaps we need a “drone swatter” to keep our secrets?
Hacking Wireless Printers With Phones on Drones
… researchers in Singapore have demonstrated how attackers using a drone plus a mobile phone could easily intercept documents sent to a seemingly inaccessible Wi-Fi printer. The method they devised is actually intended to help organizations determine cheaply and easily if they have vulnerable open Wi-Fi devices that can be accessed from the sky. But the same technique could also be used by corporate spies intent on economic espionage.
The drone is simply the transport used to ferry a mobile phone that contains two different apps the researchers designed. One, which they call Cybersecurity Patrol, detects open Wi-Fi printers and can be used for defensive purposes to uncover vulnerable devices and notify organizations that they’re open to attack. The second app performs the same detection activity, but for purposes of attack. Once it detects an open wireless printer, the app uses the phone to establish a fake access point that mimics the printer and intercept documents intended for the real device.
… Any organizations that are more interested in uncovering vulnerable devices than attacking them can simply install the Cybersecurity Patrol app on a phone and attach it to a drone to scan their buildings for unsecured printers and other wireless devices. A drone isn’t essential for this, however. As the researchers show in their demo video (above), a phone containing their app can also be attached to a robot vacuum cleaner and set loose inside an office to scan for vulnerable devices as it cleans a company’s floors.

(Related) Really not clear from the article what evidence exists to base these fines on. I doubt the FAA had adequate “drone monitoring” technology deployed. Are they relying on anecdotal information from SkyPan? Can they derive anything from analyzing the videos taken (if any?)
65 Unauthorized Flights Could Cost a Drone Company Nearly $2 Million
… on Tuesday, ... it announced that it is seeking to fine SkyPan International, a Chicago-based drone company, $1.9 million for “endangering the safety of our airspace.” If SkyPan ends up having to pay, it’d be the largest civil penalty ever for a drone company.
… an FAA spokesperson said that while SkyPan was granted the Section 333 UAS exemption, the flights SkyPan is being fined for occurred before the company secured the exemption.

For a lot of my students, including Computer Security, Ethical Hacking, Forensics and Data Management. Easy data access for the company/industry may not be the best way to protect your clients. Definitely read the article.
Brian Krebs reports:
The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.

Surveillance is easy. Opting out does not stop Facebook's data gathering, it only stops target ads.
Nate Cardozo of EFF writes:
The ubiquitous blue “Like” or “Share” buttons that you see all over the Internet are hiding an ugly secret. Starting this month, Facebook will use them to track your visit to every Web page that displays the buttons–even if you don’t click on anything.
Facebook will use the data it collects to build a dossier of your browsing habits, logging every site you visit, so it can learn those last few details about your life that it doesn’t already know. And there’s nothing you can do about it, short of staying totally logged out of the social media site or tracking down and installing a special browser extension to protect from this kind of sneaky behavior.
Read more on The Mercury News.

(Related) What's good enough for Facebook...
Verizon’s Zombie Cookie Gets New Life
Verizon is giving a new mission to its controversial hidden identifier that tracks users of mobile devices. Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL’s ad network, which in turn monitors users across a large swath of the Internet.
That means AOL’s ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including — “your gender, age range and interests.” AOL’s network is on 40 percent of websites, including on ProPublica.
AOL will also be able to use data from Verizon’s identifier to track the apps that mobile users open, what sites they visit, and for how long. Verizon purchased AOL earlier this year.

Strange we haven't heard of this firm until now. Do you think there are others we don't know about? Did anyone contact them ask them to preserve evidence? If we are just now starting to look at other firms, this investigation could go on for a long, long time. Perhaps the FBI should assign more that one part-time agent?
Tom Hamburger and Rosalind S. Helderman report:
The FBI’s probe into the security of Hillary Rodham Clinton’s e-mail has expanded to include a second private technology company, which said Tuesday it plans to provide the law enforcement agency with data it preserved from Clinton’s account.
The additional data, provided by Connecticut-based Datto Inc., could open a new avenue for investigators interested in recovering e-mails deleted by the former secretary of state — now the Democratic presidential front-runner — that have caught the interest of GOP lawmakers.
Read more on Washington Post.
[From the article:
Datto was hired to provide backups for the Clinton e-mail accounts starting in May 2013 by Platte River Networks, the Colorado-based tech firm hired earlier that year by the Clinton family to manage the system after Hillary Clinton concluded her term as secretary.
… Late Tuesday, officials from the two tech firms disagreed about the possibility that years-old e-mails Clinton has deemed personal and deleted could be recovered by the FBI.
A Datto official said that investigators may be able to recover the e-mails if the data existed at the time the company was hired in May 2013 and had not been altered since.
A spokesman for Platte River, Andy Boian, said his company assumed that Datto would have retained data for only a short period and older e-mails would no longer be available.
… The letter to Datto from Sen. Ron Johnson (R-Wis.) cited e-mails and other documents that have been turned over to the committee by Platte River in recent weeks that show a more complicated array of companies involved in managing the Clinton e-mail system than had previously been publicly known.
… Of particular interest to Johnson, according to his letter, is whether Datto was authorized to store classified information and whether the firm has come under cyberattack.

Does this explain my student's reluctance to discuss the topics in my lecture?
The Flight From Conversation
… Sherry Turkle, a clinical psychologist and sociologist at the Massachusetts Institute of Technology, has spent the past 30 years observing how people react and adapt when new technologies change the ways we communicate. In her latest book, Reclaiming Conversation: The Power of Talk in a Digital Age, Turkle argues that texts, tweets, Facebook posts, emails, instant messages, and snapchats—simultaneous, rapid-fire “sips” of online communication—have replaced face-to-face conversation, and that people are noticing the consequences. Over-reliance on devices, she argues, is harming our ability to have valuable face-to-face conversations, “the most human thing we do,” by splitting our attention and diminishing our capacity for empathy.

(Related) Is it a “want” or a “need?” Interesting graphic.
Can Americans Keep Up With Buying the New, New Technology?
… A startling 69 percent of Americans said that having the latest technology is “total[ly] necessary” to their lives, according to the results of the most recent Heartland Monitor Poll. Just 12 percent of those surveyed called new technology “not at all necessary.”

Something to help my students take notes? No! I don't want them all muttering into their phones.
Here’s How to Get Accurate Voice-to-Text Conversion for Free
Free dictation apps that convert your speech accurately to onscreen text do exist. I learned that when I stumbled upon Dictanote in the Chrome Web Store.
Speech recognition technology has become quite impressive in recent times. It has given you assistants like Google Now, Siri, and Cortana to make your routine digital tasks easier.
… It turns out that there are other Chrome-based speech-to-text apps, such as Voice Recognition, that share Dictanote’s accuracy levels. That’s because they all function on Chrome’s Web Speech API, which now boasts a 92% accuracy rate.
Of course, these apps may be accurate, but they’re not flawless. If you use one, do copy-paste your notes to your regular text editor for backup. You could even skip the app installation altogether and use the Web Speech API demo to dictate notes.
By the way, did you know that you can type with your voice in Google Docs?

No comments: