Thursday, October 08, 2015

For my Ethical Hacking students. It is much easier to hack a technology when you know exactly how it works. And remember, this is “strategic hacking.” Each step has a goal of enabling more hacks, not just owning one system.
Chinese Hackers Breached LoopPay, Whose Tech Is Central to Samsung Pay
Months before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers.
As early as March, the hackers — alternatively known as the Codoso Group or Sunshock Group by those who track them — had breached the computer network of LoopPay, a start-up in Burlington, Mass., that was acquired by Samsung in February for more than $250 million, according to several people briefed on the still-unfolding investigation, as well as Samsung and LoopPay executives.
LoopPay executives said the Codoso hackers appeared to have been after the company’s technology, known as magnetic secure transmission, or MST, which is a key part of the Samsung Pay mobile payment wallet that made its public debut in the United States last week.
LoopPay did not learn of the breach until late August, when an organization came across LoopPay’s data while tracking the Codoso Group in a separate investigation.
… two people briefed on the investigation, as well as security experts who have been tracking the Codoso hackers as they have targeted hundreds of victims around the world, said it would be premature to say what the hackers did and did not accomplish since they were discovered in August.
To start, the hackers were inside LoopPay’s network for five months before they were discovered. And the Codoso Group is known for maintaining a hidden foothold in its victims’ systems. Security experts say the group’s modus operandi is to plant hidden back doors across victims’ systems so that they continue to infiltrate their networks long after the initial breach.

...because the “victims” were “asking for it?” Sound familiar?
David Wells reports:
A cyber criminal hijacked computers to spy on people having sex through their webcams, the National Crime Agency (NCA) has said.
Stefan Rigo, 33, used malware called Blackshades to give him control over strangers’ cameras and spent five to 12 hours a day watching what they were doing in front of their computers.
The NCA said he was addicted to monitoring his victims, some of whom he knew and some who were complete strangers.
Rigo was given a 40-week suspended prison sentence, placed on the Sex Offenders Register for seven years and ordered to do 200 hours of unpaid work by magistrates in Leeds after he admitted voyeurism at a previous hearing, the agency confirmed.
Read more on Western Morning News.
And he didn’t get any prison time…. why?!

“Because it's more important to have the information than to protect the information.” Makes the government sound like a Silicon Valley start-up.
Feds push forward with controversial health rule
The Obama administration is moving ahead with controversial new rules that require doctors to switch to electronic health records or face fees, resisting calls from both parties to delay implementation.
Federal health officials said the final rules released Tuesday will make “significant changes" in the "meaningful use" electronic health records program, such as lowering the number of standards each provider must meet and allowing providers to apply for hardship exemptions.
… It’s an attempt to move away from a paper-based system that depends on a doctor’s handwriting and paper copies of files – and one that could become a major part of Obama’s health legacy.
Groups like the American Academy of Family Physicians have said many of its providers’ issues with electronic health records are the result of the technology itself.
“We believe this is the fault of the vendors and their lack of accountability while reaping huge profits from the HITECH act,” the group’s president, Dr. Robert Wergin, wrote in a statement hours before the rules were announced.
“Vendors, not providers, must be held fiscally accountable for not yet achieving an appropriate level of interoperability.”

Local. I was a bit concerned that the “I can hack an airplane” claim was a bid for attention. Perhaps they saw this coming even back then.
Sorry to hear of this.
Katy Stech reports:
A Colorado cybersecurity firm whose founder said he hacked into more than a dozen airline flights by plugging his laptop into a passenger jet’s entertainment system has filed for bankruptcy.
One World Labs Inc., founded by Chris Roberts in 2009, filed for bankruptcy protection on Friday, saying it faces roughly $720,000 in debt.
Company officials are negotiating a deal to sell the Denver-based intelligence firm, which says it has “access to the world’s largest index of dark content to protect corporations, governments and nonprofit organizations,” enabling clients to search the database for stolen data. The firm took in $3 million in revenue last year, according to documents filed in U.S. Bankruptcy Court in Denver.
Read more on WSJ.

Perspective. Not bad for a company started in a dorm room.
Dell Is in Talks With EMC Over Possible Merger
Dell Inc. and private-equity firm Silver Lake are in advanced talks to buy EMC Corp. according to people familiar with the matter, a deal that would rank as the biggest technology-industry takeover ever and remove questions about EMC that have hung over the data-storage giant for more than a year.

There's a market for all that hippie stuff?
Amazon Challenges Etsy With Strictly Handmade Marketplace

Interesting. I wonder if my students would be interested in research?
Our mission at YC is to enable as much innovation as we can. Mostly this means funding startups. But startups aren’t ideal for some kinds of innovation—for example, work that requires a very long time horizon, seeks to answer very open-ended questions, or develops technology that shouldn’t be owned by any one company.
We think research institutions can be better than they are today. So we’re starting a new research lab, which we’re calling YC Research, to work on some of these areas.
… YCR is a non-profit. Any IP developed will be made available freely to everyone.
… Because of the openness, the researchers will be able to freely collaborate with people in other institutions.

Perspective. Maybe peoples in O-re-gone are just not too smart? Or is everyone getting dumber?
Shakespeare in Modern English?
THE Oregon Shakespeare Festival has decided that Shakespeare’s language is too difficult for today’s audiences to understand. It recently announced that over the next three years, it will commission 36 playwrights to translate all of Shakespeare’s plays into modern English.

No comments: