Tuesday, May 17, 2016
That’s some escalation! One small bank to an entire country. What’s next?
Vietnam's Tien Phong Bank Victim of SWIFT-based Attack
Hanoi-based Tien Phong Bank (TPBank) released a statement late on Sunday saying that it had interrupted the attempted theft of approximately $1.1 million via fraudulent SWIFT messages. It would appear that the statement was in response to inquiries from Reuters, following clues in BAE System's Cyber Heist Attribution report published late last week.
BAE Systems said that it knew of a second attempted SWIFT fraud on a commercial bank in Vietnam using techniques similar to those used in the successful theft of $81 million from the Bangladesh Central Bank. BAE Systems conjectured that it was the same gang behind both attacks.
… According to Reuters, TPBank recognized suspicious SWIFT messages attempting to transfer $1.1 million and was able to prevent any loss by immediately contacting all involved parties.
… What isn't yet clear is whether TPBank discovered the attack independently or was warned by either BAE Systems or SWIFT. The published timings, however, suggest it was independent. Its own attack was towards the end of 2015, while the attack on the Bangladesh central bank and its disclosure happened in February 2016.
Apparently not much security to get past. I wonder if this was the weakest link, or merely the most obvious?
Ukranian Hacker Admits Stealing PR Newswire Press Releases
A Ukranian hacker pleaded guilty to stealing unpublished news releases that helped a criminal network make $30 million by trading on nonpublic information about corporate earnings.
… Prosecutors said that from February 2010 to November 2014, the hackers broke into computer networks at the three companies and stole draft releases that they shared with others who made stock trades in advance of the public dissemination of the corporate earnings. The hackers periodically moved among servers at the three companies as they were discovered and lost access to the releases.
The Intercept announces greater access to Snowden archive
by Sabrina I. Pacifici on May 16, 2016
Via The Intercept: The Intercept Is Broadening Access to the Snowden Archive. Here’s Why – “Today, The Intercept is announcing two innovations in how we report on and publish these materials. Both measures are designed to ensure that reporting on the archive continues in as expeditious and informative a manner as possible, in accordance with the agreements we entered into with our source about how these materials would be disclosed, a framework that he, and we, have publicly described on numerous occasions.
“SIDtoday is the internal newsletter for the NSA’s most important division, the Signals Intelligence Directorate. After editorial review, The Intercept is releasing nine years’ worth of newsletters in batches, starting with 2003. The agency’s spies explain a surprising amount about what they were doing, how they were doing it, and why.”
Never in the history of the world have males entering puberty ever found the female of the species interesting enough to snap pictures of… Sure, that’s why the most popular site in the world is named “go ogle”
Maybe it’s just selective attention, but it seems that there are more reports coming out of students taking problematic pictures of other students in public spaces of schools. In today’s news, Ryan Smith reports on a situation in Des Moines, Iowa:
Polk County authorities are investigating a scandalous blog featuring the backsides of multiple girls at Saydel High School.
School officials alerted the girls Thursday that their pictures showed up on a Tumblr page.
The school’s response does not sound as supportive of the victims as the students and their parents might hope:
Most of the pics show close ups of girls’ backsides in yoga pants. Some victims contacted KCCI upset that school officials had responded by criticizing their choice in clothing.
“Instead of putting blame where it should be, which is this little boy being a pervert, they are shaming little girls into thinking it’s their fault for wearing yoga pants,” said Dhabolt.
The district does not agree with the characterization of their response as unsupportive.
Read more on KCCI.
Do you think the district should handle this in-house as a student disciplinary issue, or do you think law enforcement should be involved? I vote for the former approach (in-house).
Somehow the “security by design” team missed this?
Graham Cluley reports:
A mix-up involving two databases allowed some users of a popular smart doorbell to view live footage from complete strangers’ front porches.
Earlier this month, Android Central began receiving reports from some Ring Doorbell Pro users that they could view video feeds that were not attached to their houses.
Read more on GrahamCluley.com.
Is “refusing to decrypt” a crime? Is he doing it at the advice of his lawyer? Should lawyers advise anyone in similar circumstances to comply with a decrypt order?
David Kravets reports:
US federal prosecutors urged a federal appeals court late Monday to keep a child-porn suspect behind bars—where he already has been for seven months—until he unlocks two hard drives that the government claims contain kid smut.
The suspect, a Philadelphia police sergeant relieved of his duties, has refused to unlock two hard drives and has been in jail ever since a judge’s order seven months ago—and after being found in contempt of court. The defendant can remain locked up until a judge lifts the contempt order.
The suspect has not been charged with any child-porn related crimes, yet he is imprisoned in Philadelphia’s Federal Detention Center for refusing to decrypt two drives encrypted with Apple’s FileVault software in a case that highlights the federal government’s war on encryption. A federal magistrate has ordered him imprisoned “until such time that he fully complies” with the decryption order. The man’s attorney, Federal Public Defender Keith Donoghue, is demanding that the appeals court immediately release his client from prison because he is being “held without charges.” (PDF)
Read more on Ars Technica.
What would happen if China did not understand the technology or just didn’t like it? Would we ever see these “executives” again?
China Quietly Targets U.S. Tech Companies in Security Reviews
Chinese authorities are quietly scrutinizing technology products sold in China by Apple and other big foreign companies, focusing on whether they pose potential security threats to the country and its consumers and opening up a new front in an already tense relationship with Washington over digital security.
Apple and other companies in recent months have been subjected to reviews that target encryption and the data storage of tech products, said people briefed on the reviews who spoke on the condition of anonymity. In the reviews, Chinese officials require executives or employees of the foreign tech companies to answer questions about the products in person, according to these people.
Now who would expect privacy at a bus stop. (Me, for one)
Jackie Ward reports:
Hidden microphones that are part of a clandestine government surveillance program that has been operating around the Bay Area has been exposed.
Imagine standing at a bus stop, talking to your friend and having your conversation recorded without you knowing. It happens all the time, and the FBI doesn’t even need a warrant to do it.
Federal agents are planting microphones to secretly record conversations.
Jeff Harp, a KPIX 5 security analyst and former FBI special agent said, “They put microphones under rocks, they put microphones in trees, they plant microphones in equipment. I mean, there’s microphones that are planted in places that people don’t think about, because that’s the intent!”
FBI agents hid microphones inside light fixtures and at a bus stop outside the Oakland Courthouse without a warrant to record conversations, between March 2010 and January 2011.
Federal authorities are trying to prove real estate investors in San Mateo and Alameda counties are guilty of bid rigging and fraud and used these recordings as evidence.
This is what I told my Computer Security class when we talked about encryption.
Stanford computer scientists show telephone metadata can reveal surprisingly sensitive personal information
Bjorn Carey of Stanford University writes:
Most people might not give telephone metadata – the numbers you dial, the length of your calls – a second thought. Some government officials probably view it as similarly trivial, which is why this information can be obtained without a warrant.
But a new analysis by Stanford computer scientists shows that it is possible to identify a person’s private information – such as health details – from metadata alone. Additionally, following metadata “hops” from one person’s communications can involve thousands of other people.
… The findings, reported today in the Proceedings of the National Academy of Sciences, provide the first empirical data on the privacy properties of telephone metadata.
… One of the government’s justifications for allowing law enforcement and national security agencies to access metadata without warrants is the underlying belief that it’s not sensitive information. This work shows that assumption is not true.
… The study, “Evaluating the privacy properties of telephone metadata”
Firefox’s market share is bigger than all Microsoft’s browsers combined
Firefox now has more desktop users than both Microsoft’s web browsers combined—but it’s a rivalry that is increasingly irrelevant as Google Chrome has almost twice the share of Firefox and Microsoft together.
The latest figures from Statcounter show that Microsoft Edge and Internet Explorer combined had a 15.5 percent share of worldwide desktop browser usage in April, a decline from 15.8 percent in March.
… Firefox’s share was just ahead of Microsoft’s, at 15.6 percent—but only by virtue of having declined more slowly, from 15.7 percent in March.
Chrome’s share just keeps on climbing, to 60.5 percent in April from 60.1 percent in March.
The only thing wrong with what politicians say is that they insist on saying it out loud.
Dust-up in West Virginia about Economic Justice
Politicians have a knack for making some of the dumbest statements. Hillary Clinton not only made one, but chose the worst place to utter it.
Saying, “...we’re going to put a lot of coal miners and coal companies out of business…” in a state that mines 10% of the nation’s output of the fossil fuel seems comparable to some of Donald Trump’s many foot-in-mouthisms.
The statement was taken out of context – Clinton did indicate her administration would help prepare coal miners for different careers – but specific solutions were neither offered nor alluded to beyond unspecified retraining.
This technology is ready. Is the insurance industry, law enforcement, etc. ready?
The Man Who Built Google’s First Self-Driving Car Is Now a Trucker
… The nation’s highways are slowly filling up with intelligent trucks. Silicon Valley start-up Peloton has carried out tens of thousands of miles of tests of its efficient platooning technologies in Texas and Utah, while Daimler has been conducting trials of semi-autonomous trucks in Nevada.
Otto, which came out of stealth today, is less interested in brand new trucks than in the estimated 4.3m big rigs already on American roads. Otto has already bought and retro-fitted three Volvo cabs with lidar, radar and cameras, and driven a handful of fully autonomous miles — without even a safety driver — on the highways of Nevada.
(Related) See cartoon number three for one more potential issue with self-driving cars.
Another “Sin Tax,” like the revenue from casinos and lottery. I have no doubt most states will follow the money.
Study Shows that States are Losing Billions by Not Legalizing Marijuana
A new study says federal and state governments are missing out on 28 billion dollars by not legalizing marijuana.
The study comes from the “Tax Foundation,” an independent think tank.
Experts say most of that revenue would be from tax on pot.
Critics worry legalizing marijuana could lead to more drug abuse and addiction.
But experts at the Tax Foundation say people who abuse marijuana do so regardless of whether or not it's legal.
Tools when I need them.
Great Tools for Creating Screencasts - A PDF Handout
This could be valuable. I’ll never miss the deadline to apply for tickets to the Great American Beer Festival again!
5 Awesome Event Calendars to Always Know What’s Coming Up
… A few event-tracking calendars will keep you updated about what’s happening across various topics. For example, knowing when the next episode is out can help you avoid Game of Thrones spoilers.
A new toy for my geeky friends.
Pint-Sized Raspberry Pi Zero Gains FPC Camera Connector, Keeps $5 Price
Oh, I want one! We could probably get plenty of funding to create a generalized version that could be taught to teach.
What happened when a professor built a chatbot to be his teaching assistant
To help with his class this spring, a Georgia Tech professor hired Jill Watson, a teaching assistant unlike any other in the world. Throughout the semester, she answered questions online for students, relieving the professor’s overworked teaching staff.
But, in fact, Jill Watson was an artificial intelligence bot.
Ashok Goel, a computer science professor, did not reveal Watson’s true identity to students until after they’d turned in their final exams.
… Now Goel is forming a business to bring the chatbot to the wider world of education. While he doesn’t foresee the chatbot replacing teaching assistants or professors, he expects the chatbot’s question-answering abilities to be an invaluable asset for massive online open courses, where students often drop out and generally don’t receive the chance to engage with a human instructor. With more human-like interaction, Goel expects online learning could become more appealing to students and lead to better educational outcomes.
… As Goel looked for a technology that could help, he settled on IBM Watson, which he had used for several other projects. Watson, an artificial intelligence system, was designed to answer questions, so it seemed like a strong fit.
To train the system to answer questions correctly, Goel fed it forum posts from the class’s previous semesters. This gave Jill an extensive background in common questions and how they should be answered.
… The system is only allowed to answer questions if it calculates that it is 97 percent or more confident in its answer. Goel found that was the threshold at which he could guarantee the system was accurate.
An App for my niece, “The Guitar Goddess”
Apple's new Music Memos app is instant gratification for musicians, backing band included
… This simple app is a new type of voice-memo recorder, built around capturing musical ideas, giving them a slight polish, and sending the best ones on to a more powerful music tool, such as Apple's own GarageBand or Logic Pro. It's completely free, and should be available on the App Store later today.
… It's what happens next that makes Music Memos stand out from a standard memo-recording app. If you recorded some acoustic guitar or piano, Music Memos analyses the audio input and attempts to chop your song demo into bars, in the appropriate time signature, and then adds chord labels.
Cut, fold, glue, watch. What could be easier?
YouTube for iOS Now Supports Google Cardboard
YouTube for iOS has been updated today with Google Cardboard support, allowing for all videos to be watched in VR mode on iPhone. The functionality was previously limited to the YouTube app on Android smartphones since November 2015.
I have got to try this with my students!