Friday, April 15, 2016
For my Computer Security students.
Phishing Attacks Hit the C-Suite With High Value Scams
Any information security professional knows that spear-phishing is effective. Cloudmark calls it "The Secret Weapon Behind the Worst Cyber Attacks", and lists 10 recent major breaches, from Target to OPM, that started with a successful spear-phish.
… Two examples of CEO frauds come with the recent W-2 spear-phishing scams, and what the FBI calls the Business E-Mail Scam (BEC). For the former, Cloudmark's Tom Landesman has compiled a list of 55 companies that were taken in by the W-2 attacks, and comments, "It's likely that even more have been compromised, but have not come forward."
… CEO frauds are even more successful than spear-phishing. There are probably two major reasons: firstly, few companies deliver security awareness training (such as simulated phishing attacks) against their own C-suite; and secondly, many senior executives still don't believe that security is their personal concern.
See FBI? All you have to do is ask nicely.
Exclusive: Canadian Police Obtained BlackBerry’s Global Decryption Key
A high-level surveillance probe of Montreal's criminal underworld shows that Canada's federal policing agency has had a global encryption key for BlackBerry devices since 2010.
The revelations are contained in a stack of court documents that were made public after members of a Montreal crime syndicate pleaded guilty to their role in a 2011 gangland murder. The documents shed light on the extent to which the smartphone manufacturer, as well as telecommunications giant Rogers, cooperated with investigators.
… Government lawyers spent almost two years fighting in a Montreal courtroom to keep this information out of the public record.
Because in New Jersey, everyone is a Soprano.
Joe Cadillic writes:
Thanks, to DHS & TSA grants totaling nearly $3 million, the NJ Transit has nearly finished installing DriveCam LTYX’s cameras with microphones to spy on every commuter 24/7. (Note: NJ’s Transit has been using DriveCam surveillance cameras since 2006.)
NJ Transit officials say spying on commuters conversations is “necessary to fight crime and maintain security!” NJ Transit spokesman Jim Smith said, “the onboard surveillance systems are also a deterrent for crime and unruly behavior.”
Cameras with microphones aren’t the only thing police use to spy on us, “smart” LED lights installed at numerous airports are illegally recording everyone’s conversations.
Read more on MassPrivateI.
Is this what happens when “the right to be forgotten” isn’t the law of the land? Did they believe it would work? Have they never heard of the Streisand effect?
UC Davis spent thousands to scrub pepper-spray references from Internet
UC Davis contracted with consultants for at least $175,000 to scrub the Internet of negative online postings following the November 2011 pepper-spraying of students and to improve the reputations of both the university and Chancellor Linda P.B. Katehi, newly released documents show.
The payments were made as the university was trying to boost its image online and were among several contracts issued following the pepper-spray incident.
[In case you missed it:
If it was simple, we wouldn’t need years of conflicting opinions.
This Very Common Cellphone Surveillance Still Doesn't Require a Warrant
The government does not need a warrant to access the location data created on an ordinary, often minute-to-minute basis by cellphones and logged with cell providers, the Sixth Circuit for the U.S. Court of Appeals ruled Wednesday.
The ruling adds to a growing consensus among federal appeals courts that law enforcement can request this type of data—called “cell-site location information,” or CSLI—without violating the Fourth Amendment’s protection against unreasonable search or seizure. But it only complicates the legal situation of their use, which is now so complex that driving across the border from Illinois to Kentucky changes how federal authorities can use the technology.
… Right now, CSLI comes in three flavors. The first is “real-time,” where police work with a cell provider to access location data immediately after it’s created. This usually does require a warrant. The second is a “tower dump,” when authorities ask for all the phones that have communicated with a certain tower during a period of time. There’s not a lot of law about how tower dumps work, but as of September of last year cops rarely sought a warrant for them.
The third is historical CSLI, where law enforcement requests a backlog of location data created by a certain phone. This does not require a warrant, and hundreds of these requests happen per day. In 2015, AT&T alone handled more than 58,000 requests for historic CSLI. (By contrast, it received about 17,000 real-time CSLI warrants and fewer than 1,500 tower-dump requests.) Warrantless CSLI may be the most common kind of cellphone surveillance that Americans are subject to.
Encouraging the creation of the tools of the trade.
SOFT ROBOTS THAT can grasp delicate objects, computer algorithms designed to spot an “insider threat,” and artificial intelligence that will sift through large data sets — these are just a few of the technologies being pursued by companies with investment from In-Q-Tel, the CIA’s venture capital firm, according to a document obtained by The Intercept.
Yet among the 38 previously undisclosed companies receiving In-Q-Tel funding, the research focus that stands out is social media mining and surveillance; the portfolio document lists several tech companies pursuing work in this area, including Dataminr, Geofeedia, PATHAR, and TransVoyant.
Economics for techies.
Network Revolution: Creating Value Through Platforms, People and Technology
In the first article of a series that will be published over the coming year, authors Barry Libert, Megan Beck and Jerry (Yoram) Wind explore why companies whose business models involve leveraging networks generate more value than traditional firms
If it was a game, students would be rich!
How to Make More Money with Google Rewards
One of the best ways to get Android apps for free is to use the Google Opinion Rewards app, a mobile survey tool that rewards you with cash in your Google account every time you complete a few brief questions. With over 5 million installs, this is a popular app, but are you making the best of it? Could you be making more money with Google Opinion Rewards?
See yesterday’s blog for Illustrator templates we might be able to use here.
Don’t Pay for Adobe Illustrator: This Free Alternative Is Great
Want to learn how to use Illustrator but don’t want to subscribe to Adobe Creative Cloud? Or need to access its features on the go while using someone else’s computer? With Gravit you get a lot of the key features offered in expensive standards like Illustrator or Fireworks.
Best of all, Gravit is completely free. You just have to sign up for an account to use it. Gravit includes basic vector tools: a pen tool, line tool, and a Bezigon tool, as well as shapes including a rectangle, ellipse, triangle, polygon, and star.
Some of this is Windows 10 only, but some is available now.
Microsoft kicks off back-to-school wave with new Windows 10, Office 365 Education apps, services
Microsoft is previewing today, April 14, what's coming on the Windows 10 Anniversary Update, Office 365 and Minecraft fronts for educators and students as its way of kicking off its back-to-school 2016/2017 wave.
… The company also is adding a new "Set Up School PCs" app to help teachers set of a "Shared Cart of Devices" for classrooms which make use of shared devices. For schools with dedicated IT support, the updated Windows Imaging and Configuration Designer tool will aid with setting up shared devices in bulk. And a new "Take a Test" app will create a browser-based, locked-down environment for quickly taking standardized tests. The "Set Up School PCs" and "Take a Test" apps will be preloaded with the Windows 10 Education Edition.
I know students with a dozen of these.
Get A Raspberry Pi 2 Starter Kit for 85% OffToday, we have 85% off a giant Raspberry Pi 2 starter kit that comes with the device itself, the cables and cards you need to make it all work, and courses that will teach you how to use the Pi to its fullest. It would normally sell for over $800, but you can get it for just $115! It’s a steal at this price.