Monday, October 17, 2016

“Ha!  This will surely stop those nasty hackers!”
Companies Try Out Selfies as Password Alternatives
   Companies and government agencies—ranging from the ride-hailing service Uber Technologies Inc. and credit-card giant MasterCard Inc. to the Alabama Department of Revenue—are asking people to snap self-portraits on their smartphones as proof of identity.
As the quality of smartphone cameras improves and facial-recognition software becomes more affordable, the digital future might involve fewer convoluted passwords and more selfies.  But there’s a downside: some cybercrime experts worry that people might be too quick to offer up their smiling faces, saying the technology is rife with privacy and security concerns.

(Related) Surely this was to be expected.  Anything required to gain access to your data/money will be targeted/gathered by hackers.  (This is more than my bank asks for!) 
Stupid Is As Stupid Does: Android Trojan Asks Victims For A Selfie Holding Their ID
CHEESE!  Smile for the malware that is trying to steal your identity!  One Android banking Trojan is asking victims for a selfie with their ID card.
This past year victims were asked to provide information like their “mother’s maiden name” so that hackers could unearth security question answers and break into bank accounts.  McAfee Labs Mobile Research Team recently discovered this latest evolution of Android banking Trojan Acecard.  The ID selfie not only helps cybercriminals to access bank accounts, but social networks as well.  
   The Trojan Acecard completes its scam with a three-step identification process.  The first two steps require the victim to upload pictures of the front and back of the ID cards.  The last step asks the victim to take a selfie with the ID card for further validation.

(Related) How the government does it?  
Thomas Fox-Brewster reports:
In what’s believed to be an unprecedented attempt to bypass the security of Apple iPhones, or any smartphone that uses fingerprints to unlock, California’s top cops asked to enter a residence and force anyone inside to use their biometric information to open their mobile devices.
FORBES found a court filing, dated May 9 2016, in which the Department of Justice sought to search a Lancaster, California, property.  But there was a more remarkable aspect of the search, as pointed out in the memorandum: “authorization to depress the fingerprints and thumbprints of every person who is located at the SUBJECT PREMISES during the execution of the search and who is reasonably believed by law enforcement to be the user of a fingerprint sensor-enabled device that is located at the SUBJECT PREMISES and falls within the scope of the warrant.”
Read more on Forbes.
[From the article:
Legal experts were shocked at the government’s request.  “They want the ability to get a warrant on the assumption that they will learn more after they have a warrant,” said Marina Medvin of Medvin Law.  “Essentially, they are seeking to have the ability to convince people to comply by providing their fingerprints to law enforcement under the color of law – because of the fact that they already have a warrant.  They want to leverage this warrant to induce compliance by people they decide are suspects later on.  This would be an unbelievably audacious abuse of power if it were permitted.”

For both my Architecture and Governance students as we follow the decline of Samsung.   
Samsung Self-Tested Batteries in Galaxy Note 7 Phone
The batteries used in Samsung Electronics Co. ’s troubled Galaxy Note 7 were tested by a lab that belongs to the South Korean electronics giant, a practice that sets it apart from other smartphone manufacturers.
To sell smartphones at major U.S. carriers, phone makers are required to test phone batteries at one of the 28 labs certified by the U.S. wireless industry’s trade group, the CTIA, to ensure compliance with standards set by the Institute of Electrical and Electronics Engineers.
Samsung is the only such manufacturer using in-house battery-testing facilities for CTIA certification, according to the association.
   In a statement Friday, Samsung said its plans to make “significant changes” in its quality-assurance processes in light of the Note 7 crisis.  [Sound familiar?  Bob]

For my IT Governance students.
Organizations Struggle to Protect Growing Number of Endpoints
A recent study conducted by Dimensional Research has revealed that most organizations don’t have a security strategy in place to protect the growing number of endpoints on their networks.
According to the study, just 33% of the survey’s respondents admitted that such a security strategy was in place, while the rest either said they were in the process of building such a strategy (51%), or that they didn’t have plans on the matter (16%).  The stats are worrying, because the compromise of critical endpoints could have dire fiscal or operational consequences for an organization.
Traditionally, devices with which users could interact, such as desktops, tablets or phones, have been considered endpoints, but employee-owned devices, virtual machines, point-of-sale terminals, Internet of Things (IoT) devices and servers have been recently added to the list as well.  The number of critical endpoints on enterprise networks has been growing fast despite security risks, with over 200 billion connected devices forecast by 2020.
According to the study, conducted on behalf of Tripwire, organizations also lack insight on whether the devices connected to their networks receive security updates in a timely fashion.  When asked if they were confident that these devices were kept up to date, only 40% of respondents said they were.

Is this good news?
Driverless cars offer new blueprint for safety regulators
New federal guidelines for driverless cars may set the stage for how the government approaches emerging technologies in the future.
Washington has long wrestled with how to keep pace with Silicon Valley, and federal regulators sought out a different and more flexible approach for automated vehicles.
The Department of Transportation (DOT) decided to craft voluntary, non-binding guidance, which was widely applauded across the industry for leaving room for innovation.
It could also serve as the new federal model for years to come.
“For better or for worse, this is the world we now live in,” Adam Thierer, a senior research fellow at George Mason University, said during a Capitol Hill panel this week.  “Guidance documents like this are going to be a regular thing.”

(Related) A question for my students: is the software required for a closed loop significantly different (simpler?) than that for over the road vehicles?
France’s Navya raises $34M for its self-driving shuttle bus, reportedly at a $220M valuation
When it comes to self-driving cars, the public tends to focus on developments for private vehicles for individuals, but there are also some significant advances underway in other categories such as shuttle busses.
   Meeting demand from municipal organizations, and companies that have closed but large campuses that require transportation to move from point A to B, the aim is to have 30 vehicles in use by the end of this year, the company said.

Automating pro bono?  (But not in Colorado)
ABA launches Free Legal Answers
by Sabrina I. Pacifici on Oct 16, 2016
Free Legal Answers is a virtual legal advice clinic.  Qualifying users post their civil legal question to their state’s website.  Users will then be emailed when their question receives a response.  Attorney volunteers, who must be authorized to provide pro bono assistance in their state, log in to the website, select questions to answer, and provide legal information and advice.  Volunteer attorneys will not answer criminal law questions.  Participating states have their own page where qualifying residents will post their question.  Look at your state’s page for more information.  Free Legal Answers is a project of the American Bar Association’s Standing Committee on Pro Bono and Public Service.  If you would like more information about the Free Legal Answers site, contact the National Site Administrator here.  Please be advised, the National Site Administrator will not respond to email requests for legal assistance.”

Move Over Twitter, Facebook – Snapchat is the Most Engaged Social Platform
   According to a Piper Jaffray 2016 national survey of 10,000 high school students and their consumption trends, photo sharing app Snapchat is now the most engaged and most preferred social network among the teen demographic.
Piper’s semi-annual study “Taking Stock With Teens” asked survey takers about fashion and beauty, restaurants and media and device preference.  A massive 80% said they used Snapchat at least once per month and 35% said it was their favorite platform.  Instagram came in second place with 27%, followed by Twitter and Facebook.

Something for my security students?
Additional START Datasets Now Available
by Sabrina I. Pacifici on Oct 16, 2016
National Consortium for the Study of Terrorism and Responses to Terrorism – “Utilizing the Dataverse Network Project, START has created its own repository of datasets and databases on terrorism, conflict, and preparedness.  This collection includes research funded by START as well as research for which START has been given permission to release.  Users can read over detailed information about each dataset regarding its time period, geographic coverage, and sampling procedure.  Additionally, the system allows users to download codebooks, data collection instruments, and the data itself, providing a simple interface for researchers to access START-related data.
New datasets will be added periodically and announced on the START homepage.  Click here to go to the START Data Collections Page

No comments: