Infiltrated is not the same as disrupted. Think
of it as building roadmaps for later use.
Danny Yadron reports:
Iranian hackers infiltrated the control system of a small dam less than 20 miles from New York City two years ago, sparking concerns that reached to the White House, according to former and current U.S. officials and experts familiar with the previously undisclosed incident.
Read more on WSJ.
[From
the article:
Security experts say companies have done little
to protect these systems from would-be hackers.
“Everything is being integrated, which is great,
but it’s not very secure,” said Cesar Cerrudo, an Argentine
researcher and chief technology officer at IOActive Labs, a
security-consulting firm. At a hacker conference last year in Las
Vegas, Mr. Cerrudo wowed the audience when he showed how he could
manipulate traffic lights in major U.S. cities.
Operators of these systems “don’t think about
security,” he said.
Not just educating employees, but keeping them
alert. What would a serious hacker do?
Robin Sidel reports:
Terrified by a string of recent hacks, banks are spending billions of dollars trying to fend off a faceless army of digital intruders.
But the biggest threats may come from within.
Banks fear a growing number of employees are unwittingly exposing valuable information to hackers or in some cases leaving digital clues that make a breach possible. To boost their defenses, firms are banning workers from using portable devices such as USB drives, warning employees to be careful what they post on social media and even discouraging workers from posting “out-of-office” replies on their emails.
Read more on Nasdaq.
A backgrounder for my Ethical Hacking students.
Juniper
Firewall Backdoor Password Found in 6 Hours
Networking
and security company Juniper Networks revealed last week that it had
identified unauthorized
code in ScreenOS, the operating system powering the company’s
NetScreen firewalls.
… The
vulnerabilities have been analyzed by several external researchers.
Fox-IT experts said it took them just 6 hours to find
the password for the ScreenOS authentication backdoor.
After
analyzing
the differences between the vulnerable and patched versions of
ScreenOS, Rapid7’s HD Moore determined that the authentication
backdoor, which can be exploited via SSH or Telnet, involves the
default password <<<
%s(un='%s') = %u
This
backdoor password, which was presumably set this way so that it would
be mistaken for one of the many debug format strings present in the
code, can be leveraged by an attacker who knows a valid username for
the device.
On
one hand, it’s difficult to say if this vulnerability has been
exploited in the wild since even though an unauthorized access
attempt would normally be logged, it’s easy for an attacker to
delete the relevant log entries. However, as Moore has highlighted,
the logs might be sent to a centralized server, which could result in
an alert being triggered.
It's not Hillary's fault. (Bet you never expected
to see those words on this Blog) No politicians understand
technology and that's Okay. Very few politicians bother to ask the
people who do know and that's the problem.
Clueless
Hillary Clinton On Encryption, Doesn't Understand The Concept Of The
'Back Door'
… On one hand, Clinton doesn't want back
doors, but on the other, she wants law enforcement to be able to gain
access to data if needed. She seals the deal with: "I just
think there's got to be a way, and I would hope our tech companies
would work with government to figure it out." Making matters
worse she ponders, "maybe the back door is the wrong door?"
Clinton went on to say that maybe we need a
"Manhattan-like project" [Because
politicians understand spending lots and lots of money Bob]
to accomplish this goal. What she doesn't seem to realize is that
what she's effectively asking for is a back door, and as soon
as any company (or person, for that matter) deliberately punches a
hole in their product's security, it's no longer secure. Period.
(Related)
Tim Cook
says there isn't a trade-off between security and privacy
In a strong defense of encryption, Apple's CEO Tim
Cook said that there can be no trade-off between privacy and national
security when it comes to encryption.
"I think that's an overly simplistic view.
We're America. We should have both," he told Charlie Rose on
CBS' 60 Minutes program on Sunday, according to a
transcript of the interview posted online.
What does this suggest? If it sounds foreign,
kill it? (Agrabah is the country from Disney’s “Aladdin”)
PublicPolicyPolling
We asked the Agrabah question
to Dem primary voters too. They oppose bombing 'it' 36/19, while GOP
supports bombing 'it' 30/13
Perspective. Just because I find it amusing.
What would have happened if this was an auction?
… When tickets for Adele's North American tour
went on sale Wednesday morning, the virtual box office was literally
crushed when over ten million fans rushed the site. Up for
grabs were some 750,000 tickets for her 25 album tour across
the continent.
… Just how unprecedented was the demand?
Ticketmaster says that the ten million-plus figure represents an
"all-time record," and according to Billboard's
source, over four million tried to buy tickets for the six shows in
New York City alone. Perhaps the craziness isn't so surprising
considering sales of Adele's 25, which crushed
all single-week records.
Perspective. Another of those “Year End”
articles. Some charts are interesting even to me.
Goldman
Sachs: 21 of the World's Most Interesting Charts
… While there are loads of billion-dollar
startups in the software and internet sectors, education and energy
are still a relatively small portion of that space.
… Taking a look at the largest companies in
2005 and comparing it to the largest firms in 2015 shows how
important tech has become in the economy.
… the top-earning YouTube channels, with a toy
review channel and Taylor Swift's VEVO account earning the most and
garnering more than 250 million views per month.
Perspective. Most of my students are over 25.
The first
website went online 25 years ago today
Tim Berners-Lee's first World Wide Web page
flickered to life at CERN on December 20th, 1990.
No comments:
Post a Comment