Wednesday, January 13, 2016

Perhaps the hacker's high school would qualify for extra STEM grants from the same government they are hacking. If teenagers can consistently hack “people who should know better” what can China do?
US Spy Chief's Personal Accounts Hacked
US spy chief James Clapper's personal online accounts have been hacked, his office confirmed Tuesday, a few months after CIA director John Brennan suffered a similar attack.
Clapper's Office of the Director of National Intelligence confirmed the hack but refused to provide details.
A teen hacker who goes by "Cracka" claimed to have hacked Clapper's home telephone and Internet accounts, his personal email, and his wife's Yahoo email, online magazine Motherboard reported.
Cracka told Motherboard that he had changed the settings on Clapper's Verizon account so that calls to his home were rerouted to the California-based Free Palestine Movement.

For my Ethical Hacking students. Likely this is a flaw in the phone, not PGP.
Cops Say They Can Access Encrypted Emails on So-Called PGP BlackBerrys
Dutch investigators have confirmed to Motherboard that they are able to read encrypted messages sent on PGP BlackBerry phones—custom, security-focused BlackBerry devices that come complete with an encrypted email feature, and which reportedly may be used by organized criminal groups.
“We are capable of obtaining encrypted data from BlackBerry PGP devices,” Tuscha Essed, a press officer from the Netherlands Forensic Institute (NFI), told Motherboard in an email. The NFI is a body that assists law enforcement in forensic evidence retrieval, and which, according to its website, deals with most of the forensic investigations in criminal cases in the Netherlands.
… Very little information is available regarding the specific technique that the NFI use to access encrypted communications on custom BlackBerrys.
The Crime News report says that out of 325 encrypted emails recovered from a device, only 279 were deciphered, and that the workaround is only applicable when law enforcement have physical access to the device.

(Related) Well, they would be, wouldn't they?
Iain Thomson reports:
Claims by the Netherlands Forensic Institute (NFI) that it has successfully decrypted emails stored on BlackBerry smartphones have caused bafflement at the Canadian firm.
Documents seen by Dutch blog Crime News show the NFI claiming to have decrypted 275 out of 325 emails encrypted with PGP from a handset in their possession. The NFI reportedly used software from Israeli firm Cellebrite to crack the encryption.
Read more on The Register.

Patrick Howell O’Neill reports:
The French Parliament is considering a legislative provision that would ban strong encryption by requiring tech companies to configure their systems so that police and intelligence agencies could always access their data.
The amendment to the vast “Digital Republic” bill was introduced in the French National Assembly, parliament’s lower house, by eighteen politicians from the conservative Republican Party.
Read more on Daily Dot.

Only in Europe?
Kevin Rawlinson reports:
The European Court of Human Rights (ECHR) said a firm that read a worker’s Yahoo Messenger chats sent while he was at work was within its rights.
Judges said he breached the company’s rules and that his employer had a right to check he was completing his work.
Such policies must also protect workers against unfettered snooping, they said.
The judges, sitting in the ECHR in Strasbourg, handed down their decision on Tuesday. It binds all countries that have ratified the European Convention on Human Rights, which includes Britain.
Read more on BBC.

Part of the “Double secret probation” program? How many “little-known” lists are there? Are they all controlled through a single office in DHS?
Muslim professor blocked from game because his name was on US blacklist
Epic Games has apologised after mistakenly barring an American professor from playing its online game Paragon because someone who has the same name as him was on a US government blacklist.
Muhammad Zakir Khan, an assistant professor at Florida’s Broward College, had tried to sign up for the beta of first-person shooter Paragon, a multiplayer game inspired by esports hits such as Dota2. But instead of being given an account for the game, Khan was hit with an unusual error message.
“Your account creation has been blocked as a result of a match against the Specially Designated Nationals list maintained by the United States of America’s Office of Foreign Assets Control,” the message read, before advising Khan to email Epic’s customer service.
The Specially Designated Nationals list is a little-known blacklist produced by the US government as part of its enforcement of economic sanctions against nations such as Iran, Syria and Russian-controlled Crimea, in order to help companies avoid accidentally doing business with high-profile citizens of, or corporations controlled by, those blocked nations.
… Khan tweeted his issue to Epic Games, with the hashtag #iamnotaterrorist. In a reply, Tim Sweeney, the founder of the company, apologised, and said that the ban was a result of errors on top of errors. Not only should Khan’s name not have matched against the list at all, a simple name match shouldn’t have been enough to spark a block.
What’s more, the filter wasn’t supposed to have even been applied to the simple consumer-level ability to sign up to the beta for Paragon. Instead, Sweeney explained, it was intended to control access to Epic’s game creation tools – built around the Unreal Engine – for large commercial projects. The company had re-used the code without considering how it would work with orders of magnitude more names running through it.
Khan tweeted that he was thankful for Sweeney’s apology, but added that despite it, he was still concerned by the issues it raised.
“First, the fact that the problem existed in the first place frustrates me. Someone designed Epic’s system without thinking of its impacts. Second, someone overseeing said system being put into place didn’t provide oversight of said system. Thus, they were careless and sloppy. Third, if they had just taken a moment to think about what they had done they could realise how hurtful it could be for someone.

This should be no surprise to my Computer Security students.
IoT Devices Easily Hacked to be Backdoors: Experiment
Many consumer-grade Internet of Things (IoT) products, such as Wi-Fi security web cameras, include security flaws that allow attackers to reprogram them and use them as persistent backdoors, Vectra Networks warns.
According to the security firm, which focuses on detection of cyber-attacks, insecure IoT devices enable potential attackers to remotely command and control an attack while avoiding detection from traditional security products. By turning an IoT device into a backdoor, attackers gain 24x7 access to an organization’s network without infecting a laptop, workstation or server, which are usually protected by firewalls, intrusion prevention systems and antivirus software.
The researchers explain in a blog post that the reprogramming process started with taking the camera apart and dumping the content of the flash memory chip on the PCB (printed circuit board) for further analysis.
As Rafal Los, director of solutions research and development within the Office of the CISO for Optiv, explains in a SecurityWeek column, many of these IoT devices (even secured and not hacked) are always-on, always connected, which could pose a privacy risk to end-users and a security risk to companies, if they are brought at the office. After all, companies might not have a policy for bringing IoT devices, although they might have BYOD policies in place.
The industry joined hands last year and launched the Internet of Things Security Foundation (IoTSF) in September to address concerns regarding the security of IoT devices.
In November 2015, security researchers presented at the DefCamp conference in Bucharest the findings of a study on the firmware of IoT devices, explaining that such firmware images are often susceptible to multiple security flaws because manufacturers do not properly test them for security flaws. Also in November, IT security consultancy SEC Consult revealed that millions of IoT devices use the same cryptographic secrets, which expose them to various malicious attacks.

Interesting hypothetical. What if the “instructions” are actually a review of a video game?
Suppose a laptop were found at the apartment of one of the perpetrators of last year’s Paris attacks. It’s searched by the authorities pursuant to a warrant, and they find a file on the laptop that’s a set of instructions for carrying out the attacks.
The discovery would surely help in the prosecution of the laptop’s owner, tying him to the crime. But a junior prosecutor has a further idea. The private document was likely shared among other conspirators, some of whom are still on the run or unknown entirely. Surely Google has the ability to run a search of all Gmail inboxes, outboxes, and message drafts folders, plus Google Drive cloud storage, to see if any of its 900 million users are currently in possession of that exact document. If Google could be persuaded or ordered to run the search, it could generate a list of only those Google accounts possessing the precise file — and all other Google users would remain undisturbed, except for the briefest of computerized “touches” on their accounts to see if the file reposed there.
A list of users with the document would spark further investigation of those accounts to help identify whether their owners had a role in the attacks — all according to the law, with a round of warrants obtained from the probable cause arising from possessing the suspect document.

I can't tell you how many times my students have suggested my next destination. “Professor, you can go to ...”
… Among a few other updates in Maps v9.19 spotted by Android Police, Google has introduced a new ‘Driving Mode’. While you’re driving around town without a destination dialed in, Google will use your frequent locations and search history to come up with a predicted destination, and then push traffic information or news about road closures as you’re driving, so you can adjust the route as you see fit.

Old social media site never die, do they?
Twitter Inc in Renovation Mode, Places Periscope up Front
Twitter Inc shares closed at an all-time low Monday and company is looking for anything to help bring its stock back to prominence, even integrating Periscope, the live streaming video service, into your timeline.
… Beginning Tuesday, some mobile users will be able to watch live broadcasts within the Twitter timeline. As the new feature enhances the real-time capabilities of the social network, Periscope, which was purchased early last year, could be introduced to millions of new users.
… iOS users can only take advantage of the Periscope integration. Users can watch live broadcasts and replay old broadcasts until they expire.

Perspective. Even if there is an App for that (and there is) it doesn't do us phoneless folks any good!
Lyft Works To Connect Smartphoneless Seniors To The Digital Age
… Said simply: The older Americans get, the less likely they are to be holding a smartphone. About a quarter of the U.S. population over 65 doesn’t have a smartphone, and that is rather unevenly distributed (many 65-year-olds, particularly those still in the workforce, are avid smartphone users) among the age cohort.
But Lyft, as a disruptive innovator that never met a citizen it didn’t think it could give a ride to, is not about to let the small issue of lack of enabling technology stand in the way of seniors on the go. The ridesharing service has announced a partnership with National MedTrans Network that will provide seniors in New York City a way to access Lyft for non-emergency medical appointments, even if they don’t have a smartphone they call their own.

Yeah, I ain't buying it. There is something else going on here. Call up a map of the Gulf. Draw a line from easternmost Kuwait to easternmost Bahrain. Note that the lone comes no closer to Farsi Island than roughly 20 miles. Even if one boat had mechanical problems (Both engines?) the other boat should have been able to tow it. So what really happened? GPS was down? The Navy can't read a compass? Something sounds fishy.
Iran Releases U.S. Sailors Accused of ‘Trespassing’
Iran has released two United States Navy patrol boats and 10 crew members who were described as “trespassing” in Iranian waters near a major naval base, state news media reported on Wednesday.
… The American sailors were aboard two riverine patrol boats — 38-foot, high-speed boats that are used to patrol rivers and littoral waters. One official said the two vessels, which often patrol shallow waters near Bahrain, had failed to make a scheduled meeting with a larger ship to refuel.

I know which cause I would place my money on…
GOP report slams FCC on open records
The Federal Communications Commission might be deliberately withholding public records, according to a Republican-led report released this week.
The House Oversight and Government Reform Committee report concluded that the FCC's is either incompetent or intentionally misused redactions under the Freedom of Information Act to withhold internal communication about its controversial Internet regulations.
… The conclusion was reached in a 40-page report that concluded the open records process is broken within the broader federal government. About a quarter of the report was dedicated to side-by-side comparisons of FCC documents, which were redacted when sent to journalists but provided in full to the committee.

Actually, zip guns are easy. It used to be that the bottom section of telescoping car antennas was almost exactly .22 caliber.
The 3-D-Printed Gun Is Retro, Not Futuristic
You don’t need 3-D-printing technology to make your own gun.
Individuals have been fashioning homemade firearms for as long as guns have existed. Zip guns, crude but functional weapons often made from taped-together pieces of pipe and rubber bands, were particularly popular in the 1940s and 1950s.
… For instance, it’s not illegal to print your own gun for personal use, but there are rules about selling homemade guns, and restrictions on what materials can be used when you make them. All-plastic guns, undetectable by weapon-screening scanners, are prohibited. One of the more alarming prospects of a world in which 3-D printing might be widely used for home gun-making is not just that firearms might be built to slip through metal detectors, but that the guns would’t be traceable at all. There would be no official serial numbers, no records of ownership, nothing.

When we understand gravity we may be able to generate it – or generate anti-gravity. If that is so, then we can go to the stars.
This morning, the Internet erupted with rumors that physicists have finally observed gravitational waves; ripples in the fabric of spacetime predicted by Albert Einstein a century ago. While it isn’t the first time we’ve heard excited whispers about the elusive phenomena, the gossip feels more promising in light of the recently upgraded detector at the Laser Interferometer Gravitational Wave Observatory (LIGO) that’s behind all the hubbub.

Or you could teach.
Highbrow - Learn a New Subject or Skill in Small Chunks
Highbrow is a neat service that delivers short courses to your email inbox in bite-size chunks. When the service launched last year the course offerings were fairly limited. I took another look at the site today and noticed that course catalog has expanded. You will now find courses in history, logic, science, and art. There are also courses designed to help you improve your health and your productivity habits.
The idea behind Highbrow is to provide you with one short (5-10 minutes) lesson per day for your chosen course. Lessons are delivered in the form of videos, images, and text. Courses contain 10 to 20 lessons.
Highbrow allows you to create your own courses that people can subscribe to. Using Highbrow might be a good way to deliver to students a course on studying habits, test-taking skills, or content to supplement your in-person instruction.

For my iPad toting friends. Join the BYOD generation.
Free eBook: iPad at Work for Dummies
… The book digs into how to use the iPad for productivity-related tasks. It also covers things like syncing the iPad so you can use it at work and home, backing up data, and other basic tasks that will help you make the most of the iPad as a useful tool.
A lot of the stuff in this book is about teaching you to use your iPad for things you’d traditionally turn to a computer for. Tasks like working with spreadsheets, enterprise-level word processing, task management, graphic design, communication, and much more are covered in-depth.
Not only does it go over how to actually get these things done, but it also breaks down the best apps for actually doing everything.
… To redeem your copy and download the free eBook, just head over to this page and sign up for a free account. The process will take just a few seconds, and then you will be sent an email with a link to download a free copy.

How statisticians follow the game.
Everyone Is Freaking Out About The $1.5 Billion Powerball, And The Stats Agree
… In all the trajectories of the model we’re playing around with, there’s a ballpark 95 percent chance someone wins this.
Here’s where we stand: based on the old forecast — the one we used for Friday’s estimate — we’d estimate about 1.008 billion tickets will be sold for Wednesday’s jackpot. Based on that number — which is totally unprecedented and based on far too much extrapolation, keep in mind — we’d estimate a 97 percent chance of at least one winner on Wednesday’s drawing.

No comments: