Saturday, July 02, 2016
For my Ethical Hacking students. (and the FBI) Again, I suggest writing your own encryption software, there are many examples and tutorials.
Android’s full-disk encryption just got much weaker—here’s why
… A blog post published Thursday revealed that in stark contrast to the iPhone's iOS, Qualcomm-powered Android devices store the disk encryption keys in software. That leaves the keys vulnerable to a variety of attacks that can pull a key off a device. From there, the key can be loaded onto a server cluster, field-programmable gate array, or supercomputer that has been optimized for super-fast password cracking.
The independent researcher that published the post included exploit code that extracts the disk encryption keys by exploiting two vulnerabilities in TrustZone. TrustZone is a collection of security features within the ARM processors Qualcomm sells to handset manufacturers.
For my Computer Security students.
Kaspersky: Ransomware that encrypts is booming
Over the past year the number of machines hit by ransomware that encrypts all or part of the hard drive is five-and-a-half times what it was the year before, according to Kaspersky Lab.
The number in 2014-2015 was 131,111 compared to 718,536 in 2015-2016, according to the company’s report Ransomware in 2014-2016.
… “Mobile ransomware merged as a follow-up to PC ransomware and it is likely that it will be followed-up with malware targeting devices that are very different to a PC or a smartphone,” the report says. These include smart watches and smart TVs, and entertainment systems in homes and cars. “There are a few proof-of concepts for some of these devices, and the appearance of actual malware targeting smart devices is only a question of time.”
With some advanced preparation, you can survive a ransomware attack
… There are ways to protect your systems to prevent becoming the next victim, or at least to mitigate the effects of the attack, but you need to act before an attack strikes. Researchers say it can take less than 5 minutes from the time the malware gets on a system to the time when primary files are encrypted, backup files are deleted, and the demand for ransom is presented.
That said, here are some steps for surviving a ransomware attack:
I’ve followed this report for years.
2015 Wiretap Report: Intercept Orders Rise 17 Percent
by Sabrina I. Pacifici on Jul 1, 2016
United States Courts, June 30, 2016: “The number of federal and state wiretaps terminated in 2015 increased nearly 17 percent over 2014, according to an annual report submitted to Congress by the Administrative Office of the U.S. Courts. As in previous years, drug investigations and telephone wiretaps accounted for the large majority of cases. The 2015 Wiretap Report covers intercepts—of wire, oral or electronic communications—that were concluded between January 1, 2015, and December 31, 2015. The report does not include data on interceptions regulated by the Foreign Intelligence Surveillance Act of 1978. A total of 4,148 wiretaps were reported in 2015, compared with 3,554 the previous year. Of those, 1,403 were authorized by federal judges, 10 percent more than in 2014, and 2,745 were authorized by state judges, an increase of 21 percent. No wiretap applications were reported as denied in 2015.”
[The encryption section:
The number of state wiretaps in which encryption was encountered decreased from 22 in 2014 to 7 in 2015. In all of these wiretaps, officials were unable to decipher the plain text of the messages. Six federal wiretaps were reported as being encrypted in 2015, of which four could not be decrypted. Encryption was also reported for one federal wiretap that was conducted during a previous year, but reported to the AO for the first time in 2015. Officials were not able to decipher the plain text of the communications in that intercept.
What could possibly go wrong? (What’s next?)
Mark Walker, Patrick Anderson and John Hult report:
Police in South Dakota are collecting urine samples from uncooperative suspects through the use of force and catheters, a procedure the state’s top prosecutor says is legal but is criticized by others as unnecessarily invasive and a potential constitutional violation.
The practice isn’t new, according to attorneys, but it’s been brought to light in a recent case in Pierre.
Read more on Argus Leader.
Because you can never introduce your children to surveillance too soon?
Alphabet’s Nest Patents Smart Surveillance Crib For The Ultimate Helicopter Parent
… Nest (now part of Alphabet since its acquisition by Google), the company best known for its smart thermostats, applied to patent a smart crib or toddler bed that would monitor infants and displays soothing images and sounds. [Big Brother loves you. We have always been at war with Eastasia. Bob]
(Related) Dilbert predicts the future?
Perspective. Over, but not really over.
In Senate, Blackberry Era Officially Over
… The reign of the Blackberry lasted a good decade or more in Congress, early on due to the advanced nature of the devices and obsession with email checking. Even when the iPhone and Androids came about, the Blackberry still kept the throne for awhile because typing on those tiny little keys was faster, a mastered skill with which the iPhone could not compete. (This being government, they were slow to adopt other devices and Bring Your Own Device policies.)
[From the notice:
BlackBerry device support will continue for the foreseeable future. BlackBerry is committed to maintaining their support of our devices to include uninterrupted warranty and technical support.
Once we have exhausted our current in-house stock, new device procurements will be limited, while supplies last, to warranty exchanges only.
Perspective. “We’re # 16! We’re # 16!” Not very catchy, is it?
Superfast internet? South Korea wins, U.S. lags far behind
Internet speeds are getting faster worldwide — including the U.S. But speeds here are far worse than many other countries, particularly on mobile.
Akamai, an internet platform used by websites to ensure high speeds and high quality streaming, aggregates data from the up to 200 trillion content requests it receives each quarter.
Global average connection speed rose 12% in the first quarter of 2016 from the fourth quarter of 2015, to 6.3 Mbps, according to Akamai's latest "State of the Internet" report. Year over year, global internet speeds shot up 23%, said the content delivery network.
South Korea led the way with the highest average connection speed at 29.0 Mbps, an 8.6% increase from last quarter. Norway (21.3 Mbps) and Sweden (20.6 Mbps) followed to make up the top three.
The United States didn't make the top 10, ranking No. 16 with average connection speed of 15.3 Mbps, a 7.7% rise from the prior quarter.
… In mobile, you're best off in the United Kingdom. The country by far had the highest average mobile speed with 27.9 Mbps. Belgium, in contrast, had only 70% of the U.K.'s average speed with 19.4 Mbps. Algeria had the lowest average connection speed with 2.2 Mbps. Speeds in Iran, the country that had the slowest average speed in the fourth quarter with 1.8 Mbps, improved to 4.7 Mbps this quarter.
The U.S. had an average mobile speed of 5.1, on par with Thailand.
This is more for my Excel class than PowerPoint users.
Improve Your PowerPoint Presentation with Excel Data Visualizations
For my IT Architecture students.
WhatsApp Grew to One Billion Users by Focusing on Product, Not Technology
… when Mubarik Imam, head of growth and partnerships for WhatsApp, told the company’s extraordinary story to a group of high-level executives and technology experts at a conference in Palo Alto last year, the narrative was conspicuously free of digital breakthroughs or “aha!” moments. For those who hoped to hear the secret of how digital wizardry turned two disgruntled Yahoo veterans into overnight billionaires, the real story was an eye-opener. Transforming a relatively simple idea into a $19 billion windfall, it turns out, was more about solving problems with the tools at hand than inventing new solutions from scratch.
If it’s Saturday, Education foibles…
Hack Education Weekly News
… The US Department of Education released its “#GoOpenDistrict Launch Packet,” encouraging schools to use OER. As Stephen Downes comments, “I find it interesting that they refer throughout to ‘openly licensed educational materials’ rather than ‘open educational resources’ – I wonder what the reasoning was behind that.” Rebrand. Realign. Rewrite history. The usual, I’d wager.
… Hillary Clinton unveiled her tech platform this week. Excuse me. Her “innovation agenda.” She promises that every kid will learn to code (of course) by having the private sector train CS teachers. She wants federal financial aid for coding bootcamps and nanodegrees. Her plan also involved a talking point about diversifying the tech workforce, but then she went ahead and announced this doozy: a student loan deferment program for startup founders. Alexander Holt offers a pretty good argument as to why this is a “giveaway to Silicon Valley.” (The whole platform sounds like that, to be honest.) “Is Student-Loan Debt Really Holding Would-Be Entrepreneurs Back?” asks The Chronicle of Higher Education. More on Clinton’s plans via Edweek’s Market Brief, Inside Higher Ed, and The New York Times.
… Via The Chronicle of Higher Education: “As Big Data Comes to College, Officials Wrestle to Set New Ethical Norms.”