China-Linked Attackers Target Indian Embassies Worldwide
A threat group first analyzed more than two years ago has continued to
improve its malware arsenal and was recently observed targeting personnel at
Indian embassies worldwide.
… FireEye linked
the attackers to China and determined that they had been active since at least
2010.
… Researchers at
Palo Alto Networks recently came across a piece of malware that appears to have
been used by the group in an ongoing attack aimed at Indian embassies.
… The threat actor
has sent out spear phishing emails using an annual report filed by more than 30
Indian embassies as a decoy. In order to
increase their chances of success, the addresses used to send the emails have
been spoofed to look like the messages come from real people with ties to
Indian embassies.
The spear phishing emails observed by the security firm
include an MHTML document set up to exploit a Microsoft Office vulnerability
(CVE-2015-2545) that was patched in September 2015. If the flaw is exploited successfully, the
TidePool malware is dropped onto the targeted user’s system.
… As for attribution, Palo Alto Networks reported finding
evidence that the malware developer’s system was likely running an OS and
software with Chinese set as the default language. It’s worth noting that Chinese officials denied
hacking European foreign ministries when FireEye published the first report on
Operation Ke3chang.
(Related) The Russian version.
Attack on Swiss Defense Firm Linked to Turla Cyberspies
The recent cyber espionage attack aimed at Swiss defense
firm RUAG was carried out by the Russia-linked threat group known as Turla,
according to a report commissioned by the Swiss government.
… A report published on Monday
by Switzerland’s Government Computer Emergency Response Team (GovCERT) and its
parent organization, the Reporting and Analysis Centre for Information
Assurance (MELANI), revealed that while the breach was discovered in January,
the attackers gained access to RUAG’s systems as early as September 2014.
Interesting. As
long as member banks could only “push” their money to other banks, there was no
reason to check on their security. After
all, if they thought security was adequate, why would I question it? Now their poor security reflects on SWIFT, so
naturally SWIFT wants them to tighten up.
Swift Moves to Harden Customers’ Security
… Gottfried
Leibbrandt, chief executive of the Society for Worldwide Interbank Financial
Telecommunication, said audits will be part of a new set of standards for how
customers should protect their systems and software.
A spokeswoman said audits likely would be conducted by
independent third parties based on a framework to be set up by Swift. [The audits won’t cost SWIFT a penny. Bob]
It wasn’t clear whether they would be mandatory.
… The attacks
raise a question that is increasingly relevant as critical functions are
integrated into bigger networks: Does
responsibility for security lie with the network operator or with its users? Computer-security experts increasingly say the
answer is both, a conclusion that can require new thinking among network
operators like Swift, which have said they aren’t liable for customer breaches
but have an implied duty to protect the integrity of their entire networks.
Each “new” technology must rediscover and re-solve the
same security and privacy issues that faced every previous generation.
The Privacy Problem with Digital Assistants
For the last century, we’ve imagined a future where we’re
surrounded by robotic butlers that are classy, smart, and discreet.
… Already, there
are millions of proto-Jarvises running around in pockets, in the form of
digital assistants like Apple’s Siri, Microsoft’s Cortana, Amazon’s Alexa, and (soon) Google’s search
assistant. These virtual helpers use
artificial intelligence to parse what users say or type, and return useful
information.
… Like nearly
everything else on the Internet, your requests will leave a trail of
breadcrumbs. Questions directed at Siri
and Google’s voice search get sent to their respective companies, paired with
unique device IDs that aren’t connected to specific users. Apple stores Siri requests with device IDs for
six months, and then deletes the ID and keeps the audio for another 18 months.;
Google’s retention policy wasn’t immediately available.
This is probably a good place to mention that you should not
rush to use technology that you don’t understand and have not carefully tested.
Oculus' New DRM Just Made Pirating Games Way Easier
… A software
update Oculus released on Friday, which included new DRM, killed
one of the VR community's favorite hacks. Revive, as the user-made software is called,
allowed people to play games exclusive to the Oculus Rift on competing VR
headsets like Valve's and HTC's Vive.
… Libre VR told
Motherboard that whereas the original version of Revive simply took functions
from the Oculus Runtime and translated them to OpenVR calls (an API compatible
with Vive and other headsets), the new version of Revive now uses the same
injection technique to bypass Oculus' ownership check altogether. By disabling the ownership check the game can
no longer determine whether you legitimately own the game.
It takes all kinds…
Using a lawsuit as a marketing opportunity? Priceless!
The Kinky Ménage à Trois Startup That Tinder Wants to Kill
(and How It's Fighting Back)
This morning I deleted a swinging email pitch from 3nder, the so-called “Tinder for threesomes.”
… Also, it stunk of a half-baked
publicity stunt, yet here I am writing about it anyway.
… Oh, and speaking of love, or something like it, Trifonov
founded the app in February of 2014 after his girlfriend, Ana, admitted to him
that she had “feelings” for a French girl (“Who doesn’t fall for the French?”).
“He was so touched that he wanted her to
know that there were many more people like her in the world,” Drake says, “and
that people fall in love all the time regardless of gender, so he built 3nder
as a love letter to her.”
… 3nder is
currently only available for iOS. The company
claims 700,000 sexually adventurous folks are on a waiting list for the Android version.
Are they incompetent, over-reaching…
Bank of
America Penalty Thrown Out in Crisis-Era ‘Hustle’ Case
An appeals court dealt the federal government a major
setback in its efforts to punish big banks for the financial crisis,
overturning a mortgage fraud case against Bank of America Corp. that has framed
the Obama administration’s legal strategy in pursuing multibillion-dollar
settlements with financial institutions.
… If it
stands, the decision could undermine the remaining government investigations
into crisis-era mortgage securities, experts said, including those into
European banks Royal Bank of Scotland, UBS AG and others.
…or downright stupid?
The Miscarriage of Justice Department
The constitutional challenge to President Obama’s
executive action on immigration keeps getting more remarkable. A federal judge
has now exposed how the Justice Department systematically deceived lower courts
about the Administration’s conduct, and he has imposed unprecedented legal
measures to attempt to sterilize this ethics rot.
… One DOJ lawyer
told Judge Hanen that “I really would not expect anything between now and the
date of the hearing.” As the judge notes, “How the government can categorize
the granting of over 100,000 applications as not being ‘anything’ is beyond
comprehension.”
Pure politics. It
has nothing to do with management. “See,
we’re doing something!”
T.S.A. Replaces Security Chief as Tension Grows at Airports
and Agency
Facing a backlash over long security lines and management
problems, the head of the Transportation
Security Administration shook up his leadership team on Monday, replacing
the agency’s top security official and adding a new group of administrators at
Chicago O’Hare International Airport.
In an email to
staff members, Peter V. Neffenger, the T.S.A. administrator, announced a series
of changes that included the removal of Kelly Hoggan, who had been the
assistant administrator for the Office of Security Operations since 2013.
Beginning late
that year, Mr. Hoggan received $90,000 in bonuses over a 13-month period, even
though a leaked report from the Department of Homeland Security showed that
auditors were able to get fake weapons and explosives past security screeners
95 percent of the time in 70 covert tests.
Did TSA buy this technology? (Can we send them photographs of political
candidates?) https://www.washingtonpost.com/news/innovations/wp/2016/05/24/terrorist-or-pedophile-this-start-up-says-it-can-out-secrets-by-analyzing-faces/
Terrorist or pedophile? This start-up says it can out secrets
by analyzing faces
… Faception said
it’s already signed a contract with a
homeland security agency to help identify terrorists. The company said its technology also can be
used to identify everything from great poker players to extroverts, pedophiles,
geniuses and white collar-criminals.
“We understand the human much better than other humans
understand each other,” said Faception chief executive Shai Gilboa. “Our
personality is determined by our DNA and reflected in our face. It’s a kind of signal.” [Liberals are going to
scream! Bob]
Faception has built 15 different classifiers, which Gilboa
said evaluate with 80 percent accuracy certain traits. The start-up is pushing forward, seeing
tremendous power in a machine’s ability to analyze images.
Also politics, but it does provide some insight. “We didn’t do it and we promise not to do it
again.”
Facebook denies bias in Trending Topics, but vows changes
anyway
… In a press release issued publicly and in a letter (PDF) sent directly to Senator John Thune (R-SD),
Facebook denied the allegations, but nevertheless announced a number of changes
to internal processes that should help appease critics.
… If you were
curious about the exact process by which a story goes from hashtag or local
news to Trending Topic, read the letter to Sen. Thune; it contains lots of
previously unknown details, though many will now be obsolete. Specific allegations of bias — for instance,
that stories about Glenn Beck (who wrote an interesting take on his own meeting with Facebook
on this topic) were suppressed — are also addressed.
Senator Thune issued his own statement today as well, praising Facebook’s
handling of the issue but at the same time getting a couple jabs in.
Would it be insulting to offer these to my students who
apparently don’t speak (or read or write) English? (Would I care?)
Pilot Smart Earpiece Breaks Down Language Barriers With Babel
Fish Translator Wearable
… New York-based
company Waverly Labs has announced the Pilot, the first smart earpiece which
translates between users speaking different languages.
The translator
was invented by founder Andrew Ochoa who said he had the idea for it “after
meeting a French girl” and wanting to communicate with her clearly.
… How the Pilot works
is unclear. Its website says that it
uses “translation technology” embedded in an app. There is no further information about this
“translation technology,” however. The
first generation device works only when speaking to someone wearing an
earpiece, but future generations could listen to everything happening nearby.
… Waverly Labs
says that it will begin taking pre-orders through the crowdfunding site Indiegogo this spring. The app will release this summer and the
earpieces will be available by Spring 2017. The product will be for sale for $299 including
access to select languages. Additional
languages will be available via download.
Want to compete with Watson? Cray has your hardware. My Architecture students will need to
consider this.
Cray wants to light a fire under your big data
It's no secret that analytics is eating
the enterprise world, but if there's anything in perpetually short supply,
it's speed. Enter Cray, which on Tuesday unveiled a new supercomputing platform
designed with that in mind.
… "In the past, you'd run some types of analytics every 24
hours or even every week," said Ryan Waite, Cray's senior vice president
of products. "Today, you might want
to run them every six hours or every hour to be more in tune with what
customers are doing."
… Urika-GX is a standard 19-inch rack featuring
industry-standard Intel Xeon processors, up to 22 TB of DRAM and as many as
1,728 cores per system. There's 35 TB of
SSD storage and 192 TB of hard-drive storage per rack. It also taps the Cray Aries high-speed
interconnect. [That sets
my inner geek to giggling… Bob]
(Related) Big Data keeps getting bigger!
CTIA Annual Survey – Americans used twice as much data in
2015 as in 2014
by Sabrina I. Pacifici on May 23, 2016
“Today, CTIA®
released its annual survey results, which found Americans used
9.6 trillion megabytes (MB) of data in 2015, three times the 3.2 trillion MB in
2013. This is the equivalent of
consumers streaming 59,219 videos every minute or roughly 18 million MB:
Smartphones are the number one wireless device in the U.S. and still growing
Smartphones are the number one wireless device in the U.S. and still growing
·
There were more than 228 million smartphones,
which was up almost 10 percent from 2014. 70 percent of the population now owns a
smartphone.
·
There were more than 41 million tablets on
wireless networks, up 16 percent from 2014.
Smartphones are the number one
wireless device in the U.S. and still growing
·
Americans talked more than 2.8 trillion minutes
on their mobile phones, up more than 17 percent from 2014.
·
Americans exchanged more than 2.1 trillion
texts, videos and photo messages, or more than four million every minute.”
This points to the start of a string of articles my
Architecture students should read. (Hint,
hint)
New on LLRX – Digital Smarts Everywhere: The Emergence of
Ambient Intelligence
by Sabrina I. Pacifici on May 23, 2016
Via LLRX.com
– Digital
Smarts Everywhere: The Emergence of Ambient Intelligence – Alan Rothman’s
article is based on a TechCrunch.com posting, The Next Stop on the Road to
Revolution is Ambient Intelligence. Rothman
offers an insightful analysis on how the rapidly expanding universe of digital
intelligent systems wired into our daily routines is becoming more ubiquitous,
unavoidable and ambient each day.
I rather like his collections of resources.
New on LLRX – New Economy Resources 2016
by Sabrina I. Pacifici on May 23, 2016
Via LLRX.com
– New Economy Resources 2016
– This guide by Marcus
Zillman aggregates significant actionable sources for researchers focused
on the “new economy,” including current and historical government data,
analytics and alerts from Open Source providers, the private sector, and the
legislative and regulatory sectors.
For my Spreadsheet students. Something to compare to your calculations.
Want to Retire Early? Here’s What You Need to Save Each Month
Anything to get rid of my students.
The Last 5 Resume-Building Apps and Sites You’ll Ever Need
No comments:
Post a Comment