Perhaps the hacker's high school would qualify for
extra STEM grants from the same government they are hacking. If
teenagers can consistently hack “people who should know better”
what can China do?
US Spy
Chief's Personal Accounts Hacked
US
spy chief James Clapper's personal online accounts have been hacked,
his office confirmed Tuesday, a few months after CIA director John
Brennan suffered a similar
attack.
Clapper's
Office of the Director of National Intelligence confirmed the hack
but refused to provide details.
… A
teen hacker who goes by "Cracka" claimed to have hacked
Clapper's home telephone and Internet accounts, his personal email,
and his wife's Yahoo email, online magazine Motherboard reported.
Cracka
told Motherboard that he had changed the settings on Clapper's
Verizon account so that calls to his home were rerouted to the
California-based Free Palestine Movement.
For my Ethical Hacking students. Likely this is a
flaw in the phone, not PGP.
Cops Say
They Can Access Encrypted Emails on So-Called PGP BlackBerrys
Dutch investigators have confirmed to Motherboard
that they are able to read encrypted messages sent on PGP BlackBerry
phones—custom, security-focused BlackBerry devices that come
complete with an encrypted email feature, and which reportedly may be
used by organized criminal groups.
“We are capable of obtaining encrypted data from
BlackBerry PGP devices,” Tuscha Essed, a press officer from the
Netherlands Forensic Institute (NFI), told Motherboard in an email.
The NFI is a body that assists law enforcement in forensic evidence
retrieval, and which, according
to its website, deals with most of the forensic investigations in
criminal cases in the Netherlands.
… Very little information is available
regarding the specific technique that the NFI use to access encrypted
communications on custom BlackBerrys.
The Crime News report says that out of 325
encrypted emails recovered from a device, only 279 were deciphered,
and that the workaround is only
applicable when law enforcement have physical access to the device.
(Related) Well, they would be, wouldn't they?
Iain Thomson reports:
Claims by the Netherlands Forensic Institute (NFI) that it has successfully decrypted emails stored on BlackBerry smartphones have caused bafflement at the Canadian firm.
Documents seen by Dutch blog Crime News show the NFI claiming to have decrypted 275 out of 325 emails encrypted with PGP from a handset in their possession. The NFI reportedly used software from Israeli firm Cellebrite to crack the encryption.
Read more on The
Register.
Why?
Patrick Howell O’Neill reports:
The French Parliament is considering a legislative provision that would ban strong encryption by requiring tech companies to configure their systems so that police and intelligence agencies could always access their data.
The amendment to the vast “Digital Republic” bill was introduced in the French National Assembly, parliament’s lower house, by eighteen politicians from the conservative Republican Party.
Read more on Daily
Dot.
Only in Europe?
Kevin Rawlinson reports:
The European Court of Human Rights (ECHR) said a firm that read a worker’s Yahoo Messenger chats sent while he was at work was within its rights.
Judges said he breached the company’s rules and that his employer had a right to check he was completing his work.
Such policies must also protect workers against unfettered snooping, they said.
The judges, sitting in the ECHR in Strasbourg, handed down their decision on Tuesday. It binds all countries that have ratified the European Convention on Human Rights, which includes Britain.
Read more on BBC.
Part of the “Double secret probation” program?
How many “little-known” lists are there? Are they all
controlled through a single office in DHS?
Muslim
professor blocked from game because his name was on US blacklist
Epic Games
has apologised after mistakenly barring an American professor from
playing its online game Paragon because someone who has the same name
as him was on a US government blacklist.
Muhammad Zakir Khan, an assistant professor at
Florida’s Broward College, had tried to sign
up for the beta of first-person shooter Paragon, a multiplayer
game inspired by esports hits such as Dota2. But instead of being
given an account for the game, Khan was hit with an unusual error
message.
“Your account creation has been blocked as a
result of a match against the Specially Designated Nationals list
maintained by the United States of America’s Office of Foreign
Assets Control,” the message read, before advising Khan to email
Epic’s customer service.
The Specially
Designated Nationals list is a
little-known blacklist produced by the US government as
part of its enforcement of economic sanctions against nations such as
Iran, Syria and Russian-controlled Crimea, in order to help companies
avoid accidentally doing business with high-profile citizens of, or
corporations controlled by, those blocked nations.
… Khan tweeted his issue to Epic Games, with
the hashtag #iamnotaterrorist. In a reply, Tim Sweeney, the founder
of the company, apologised, and said that the ban was a result of
errors on top of errors. Not only should Khan’s name not have
matched against the list at all, a simple name match shouldn’t have
been enough to spark a block.
What’s more, the filter wasn’t supposed to
have even been applied to the simple consumer-level ability to sign
up to the beta for Paragon. Instead, Sweeney
explained, it was intended to control access to Epic’s game
creation tools – built around the Unreal
Engine – for large commercial projects. The
company had re-used the code without considering how it would work
with orders of magnitude more names running through it.
Khan tweeted
that he was thankful for Sweeney’s apology, but added
that despite it, he was still concerned by the issues it raised.
“First, the fact that the problem existed in the
first place frustrates me. Someone designed Epic’s system without
thinking of its impacts. Second, someone overseeing said system
being put into place didn’t provide oversight of said system.
Thus, they were careless and sloppy. Third, if they had just taken a
moment to think about what they had done they could realise how
hurtful it could be for someone.
This should be no surprise to my Computer Security
students.
IoT Devices
Easily Hacked to be Backdoors: Experiment
Many consumer-grade Internet of Things (IoT)
products, such as Wi-Fi security web cameras, include security flaws
that allow attackers to reprogram them and use them as persistent
backdoors, Vectra Networks warns.
According to the security firm, which focuses on
detection of cyber-attacks, insecure IoT devices enable potential
attackers to remotely command and control an attack while avoiding
detection from traditional security products. By turning an IoT
device into a backdoor, attackers gain 24x7 access to an
organization’s network without infecting a laptop, workstation or
server, which are usually protected by firewalls, intrusion
prevention systems and antivirus software.
… The
researchers explain in a blog
post that the reprogramming process started with taking the
camera apart and dumping the content of the flash memory chip on the
PCB (printed circuit board) for further analysis.
… As
Rafal Los, director of solutions research and development within the
Office of the CISO for Optiv, explains
in a SecurityWeek column, many of these IoT devices (even secured
and not hacked) are always-on, always connected, which could pose a
privacy risk to end-users and a security risk to companies, if they
are brought at the office. After all, companies might not have a
policy for bringing IoT devices, although they might have BYOD
policies in place.
… The
industry joined hands last year and launched the Internet
of Things Security Foundation (IoTSF)
in September to address concerns regarding the security of IoT
devices.
In
November 2015, security researchers presented at the DefCamp
conference in Bucharest the findings of a study on the firmware of
IoT devices, explaining that such firmware images are often
susceptible
to multiple security flaws because
manufacturers do not properly test them
for security flaws. Also in November, IT security consultancy SEC
Consult revealed that millions of IoT devices use the same
cryptographic secrets, which expose
them to various malicious attacks.
Interesting hypothetical. What if the
“instructions” are actually a review of a video game?
Suppose a laptop were found at the apartment of
one of the perpetrators of last year’s Paris attacks. It’s
searched by the authorities pursuant to a warrant, and they find a
file on the laptop that’s a set of instructions for carrying out
the attacks.
The discovery would surely help in the prosecution
of the laptop’s owner, tying him to the crime. But a junior
prosecutor has a further idea. The private document was likely
shared among other conspirators, some of whom are still on the run or
unknown entirely. Surely Google has the ability to run a search of
all Gmail inboxes, outboxes, and message drafts folders, plus Google
Drive cloud storage, to see if any of its 900 million users are
currently in possession of that exact document. If Google could be
persuaded or ordered to run the search, it could generate a list of
only those Google accounts possessing the precise file — and all
other Google users would remain undisturbed, except for the briefest
of computerized “touches” on their accounts to see if the file
reposed there.
A list of users with the document would spark
further investigation of those accounts to help identify whether
their owners had a role in the attacks — all according to the law,
with a round of warrants obtained from the probable cause arising
from possessing the suspect document.
I can't tell you how many times my students have
suggested my next destination. “Professor, you can go to ...”
… Among a few other updates in Maps v9.19
spotted by Android
Police, Google has introduced a new ‘Driving Mode’.
While you’re driving around town without a destination dialed in,
Google will use your frequent locations and search history to come up
with a predicted destination, and then push traffic information or
news about road closures as you’re driving, so you can adjust the
route as you see fit.
Old social media site never die, do they?
Twitter Inc
in Renovation Mode, Places Periscope up Front
Twitter Inc shares closed at an all-time low
Monday and company is looking for anything to help bring its stock
back to prominence, even integrating Periscope, the live streaming
video service, into your timeline.
… Beginning Tuesday, some mobile users will be
able to watch
live broadcasts within the Twitter timeline. As the new feature
enhances the real-time capabilities of the social network, Periscope,
which was purchased early last year, could be introduced to millions
of new users.
… iOS users can only take advantage of the
Periscope integration. Users can watch live broadcasts and replay
old broadcasts until they expire.
Perspective. Even if there is an App for that
(and there is) it doesn't do us phoneless folks any good!
Lyft Works
To Connect Smartphoneless Seniors To The Digital Age
… Said simply: The older Americans get, the
less likely they are to be holding a smartphone. About a quarter of
the U.S. population over 65 doesn’t have a smartphone, and that is
rather unevenly distributed (many 65-year-olds, particularly those
still in the workforce, are avid smartphone users) among the age
cohort.
But Lyft, as a disruptive innovator that never met
a citizen it didn’t think it could give a ride to, is not about to
let the small issue of lack of enabling technology stand in the way
of seniors on the go. The ridesharing service has announced a
partnership with National
MedTrans Network that will provide seniors in New York City a way
to access Lyft for non-emergency medical appointments, even if they
don’t have a smartphone they call their own.
Yeah, I ain't buying it. There is something else
going on here. Call up a map of the Gulf. Draw a line from
easternmost Kuwait to easternmost Bahrain. Note that the lone comes
no closer to Farsi Island than roughly 20 miles. Even if one boat
had mechanical problems (Both engines?) the other boat should have
been able to tow it. So what really happened? GPS was down? The
Navy can't read a compass? Something sounds fishy.
Iran
has released two United States Navy patrol boats and 10 crew members
who were described
as “trespassing” in Iranian waters near a major naval base,
state news media reported on Wednesday.
… The American sailors were aboard two
riverine patrol boats — 38-foot, high-speed boats that are used to
patrol rivers and littoral waters. One official said the two
vessels, which often patrol shallow waters near Bahrain, had failed
to make a scheduled meeting with a larger ship to refuel.
I know which cause I would place my money on…
GOP report
slams FCC on open records
The Federal Communications Commission might be
deliberately withholding public records, according to a
Republican-led report released this week.
The House Oversight and Government Reform
Committee report concluded that the
FCC's is either incompetent or intentionally misused redactions
under the Freedom of Information Act to withhold internal
communication about its controversial Internet regulations.
… The conclusion was reached in a
40-page report that concluded the open records process
is broken within the broader federal government. About a quarter of
the report was dedicated to side-by-side comparisons of FCC
documents, which were redacted when sent to journalists but provided
in full to the committee.
Actually, zip guns are easy. It used to be that
the bottom section of telescoping car antennas was almost exactly .22
caliber.
The
3-D-Printed Gun Is Retro, Not Futuristic
You don’t need 3-D-printing technology to make
your own gun.
Individuals have been fashioning homemade firearms
for as long as guns have existed. Zip guns, crude but functional
weapons often made from taped-together pieces of pipe and rubber
bands, were particularly popular in the 1940s and 1950s.
… For instance, it’s not illegal to print
your own gun for personal use, but there are rules
about selling homemade guns, and restrictions on what materials can
be used when you make them. All-plastic
guns, undetectable by weapon-screening scanners, are prohibited.
One of the more alarming prospects of a world in which 3-D printing
might be widely used for home gun-making is not just that firearms
might be built to slip through metal detectors, but that the guns
would’t be traceable at all. There would be no official serial
numbers, no records of ownership, nothing.
When we understand gravity we may be able to
generate it – or generate anti-gravity. If that is so, then we can
go to the stars.
This morning, the
Internet erupted with rumors
that physicists have finally observed gravitational waves; ripples in
the fabric of spacetime predicted by Albert Einstein a century ago.
While it isn’t the first time we’ve heard excited whispers about
the elusive phenomena, the gossip feels more promising in light of
the recently upgraded detector at the Laser Interferometer
Gravitational Wave Observatory (LIGO) that’s behind all the hubbub.
Or you could teach.
Highbrow -
Learn a New Subject or Skill in Small Chunks
Highbrow
is a neat service that delivers short courses to your email inbox in
bite-size chunks. When the service launched last year the course
offerings were fairly limited. I took another look at the site today
and noticed that course catalog has expanded. You will now find
courses in history, logic, science, and art. There are also courses
designed to help you improve your health and your productivity
habits.
The idea behind Highbrow is to provide you with
one short (5-10 minutes) lesson per day for your chosen course.
Lessons are delivered in the form of videos, images, and text.
Courses contain 10 to 20 lessons.
Highbrow
allows you to create your own courses that people can subscribe to.
Using Highbrow might be a good way to deliver to students a course on
studying habits, test-taking skills, or content to supplement your
in-person instruction.
For my iPad toting friends. Join the BYOD
generation.
Free eBook:
iPad
at Work for Dummies
… The book digs into how to use the iPad for
productivity-related tasks. It also covers things like syncing the
iPad so you can use it at work and home, backing up data, and other
basic tasks that will help you make the most of the iPad as a useful
tool.
A lot of the stuff in this book is about teaching
you to use your iPad
for things you’d traditionally turn to a computer for. Tasks like
working with spreadsheets, enterprise-level word processing, task
management, graphic design, communication, and much more are covered
in-depth.
Not only does it go over how to actually get these
things done, but it also breaks down the best apps for actually doing
everything.
… To redeem your copy and download the free
eBook, just head over to this
page and sign up for a free account. The process
will take just a few seconds, and then you will be sent an email with
a link to download a free copy.
How statisticians follow the game.
Everyone Is
Freaking Out About The $1.5 Billion Powerball, And The Stats Agree
… In all the trajectories of the model we’re
playing around with, there’s a ballpark 95 percent chance someone
wins this.
Here’s where we stand: based on the old forecast
— the
one we used for Friday’s estimate — we’d estimate about
1.008 billion tickets will be sold for Wednesday’s jackpot. Based
on that number — which is totally unprecedented and based on far
too much extrapolation, keep in mind — we’d estimate a 97
percent chance of at least one winner on Wednesday’s drawing.
No comments:
Post a Comment