Thursday, November 17, 2016

I have a student who plays with Raspberry Pi computers.  I’ll have him demo this to my Computer Security class in January.
$5 Device Can Hijack Your Computer And Steal Your Data
If you follow security news at all, you’ve seen Samy Kamkar’s name before.  He’s got a knack for building incredibly inexpensive gadgets that can inflict serious harm to electronic systems.  Hotel room locks. Cars.  Garage doors.  Cash registers.  If it has a digital pulse, Kamkar can probably hack it.
His latest creation is PoisonTap, a device he built using a $5 Raspberry Pi Zero that can hijack a computer and steal data from it.  All he has to do to make that happen is to shove it into a USB port.  What makes PoisonTap particularly frightening is that it can do what it does even if you’ve locked your computer and protected it with a password.
   PoisonTap works by tricking a computer into thinking it’s an ordinary network adapter.  Once it digs its claws into a system it can wreak all kinds of havoc, like stealing all the cookies that are stored on your computer.  That, Kamkar says, allows an attacker to break into a victim’s website accounts — even if they’re protected by two-factor authentication or accessed via an SSL connection.  It can also intercept network traffic and re-route requests.

As it has done in past months, Protenus has compiled a monthly report on health data breaches in the U.S. that were disclosed during October.  Their analyses are based on data and information provided by this site and blogger.
   Many of the incidents, but not all, were reported on this site and can be found by using the “search” function.
You can find Protenus’s Breach Barometer for October here.
And after you’ve read the report, also read HIStalk’s interview of Robert Lord, CEO of Protenus, as he really articulates the challenges beautifully, e.g.:

You’ve been looking at Facebook, now Facebook wants to look back?  
Facebook acquires facial image analysis startup FacioMetrics
Facebook has acquired FacioMetrics, a facial image analysis company, as it tries to give users new features to add special effects to photos and videos.
The technology developed by the startup also includes capabilities for face tracking and recognizing emotions, which could potentially open up other applications for Facebook.

Guidelines for the next campaign?  How do they know ‘engagement’ didn’t mean ‘look at this nonsense?” 
Viral Fake Election News Outperformed Real News On Facebook In Final Months Of The US Election
In the final three months of the US presidential campaign, the top-performing fake election news stories on Facebook generated more engagement than the top stories from major news outlets such as the New York Times, Washington Post, Huffington Post, NBC News, and others, a BuzzFeed News analysis has found.
During these critical months of the campaign, 20 top-performing false election stories from hoax sites and hyperpartisan blogs generated 8,711,000 shares, reactions, and comments on Facebook.
   For details on how we identified and analyzed the content, see the bottom of this post.  View our data here.)

About time.  Keep your friends close, and your enemies closer.
Microsoft joins The Linux Foundation as a Platinum member
At its Connect(); 2016 developer event in New York City today, Microsoft announced it is joining The Linux Foundation.  And the company isn’t joining just to say it did: Microsoft is joining at the Platinum level, the highest level of membership, which costs $500,000 annually.  John Gossman, architect on the Microsoft Azure team, will sit on the foundation’s Board of Directors and help underwrite projects.

How rude.  
Whatever you might have previously thought about the notion of President Barack Obama pardoning Chelsea Manning and Edward Snowden, the election of Donald Trump changes everything.  The stunning new reality, and the threat it poses to Americans and non-Americans, shifts and strengthens the case for Obama to take this extraordinary step before he departs: pardoning these two most visible critics for their illegal disclosures.  The rationale: to empower and embolden whistleblowers over the next four years and beyond.

No comments: