Saturday, November 26, 2016

Want to test drive a Tesla?
Researchers Hijack Tesla Car by Hacking Mobile App
In a video released this week, experts showed how they could obtain the targeted user’s credentials and leverage the information to track the vehicle and drive it away.  There are several conditions that need to be met for this attack and the victim must be tricked into installing a malicious app on their mobile phone, but the researchers believe their scenario is plausible.

Politics or mere amusement?
European Commission target of DDoS attack
by Sabrina I. Pacifici on Nov 25, 2016
Via Politico: “This afternoon, the European Commission was subject to a cyberattack (denial of service) which resulted in the saturation of our Internet connection.”

For my Governance and Software Architecture classes.
The Secret Ballot At Risk: Recommendations for Protecting Democracy
by Sabrina I. Pacifici on Nov 25, 2016
The right to cast a secret ballot in a public election is a core value in the United States’ system of self-governance.  Secrecy and privacy in elections guard against coercion and are essential to integrity in the electoral process.  Secrecy of the ballot is guaranteed in state constitutions and statutes nationwide.  However, as states permit the marking and transmitting of marked ballots over the Internet, the right to a secret ballot is eroded and the integrity of our elections is put at risk.  Thirty-two states and the District of Columbia allow some form of Internet voting–transmitting votes either via email, electronic fax, or Internet portal–typically for use by overseas and military voters.  Because of current technological limitations, and the unique challenges of running public elections, it is impossible to maintain separation of voters’ identities from their votes when Internet voting is used.  Most states that offer Internet voting recognize this limitation and require voters to sign a waiver of their right to a secret ballot.  The authors believe that Internet voting creates a second-class system for some voters–one in which their votes may not be private and their ballots may be altered without their knowledge.  This report examines state laws regarding the right to a secret ballot and the ways in which states are asking voters to waive that right.  We also offer recommendations for how voters and officials can preserve privacy in voting while making use of the Internet and technological advances.  Our findings show that the vast majority of states (44) have constitutional provisions guaranteeing secrecy in voting, while the remaining states have statutory provisions referencing secrecy in voting.  Despite that, 32 states allow some voters to transmit their ballots via the Internet which, given the limitations of current technology, eliminates the secrecy of the ballot.  Twenty-eight of these states require the voter to sign a waiver of his or her right to a secret ballot.  The remainder fail to acknowledge the issue…”

Worth a try, but I bet the courts won’t allow it.  
Wells Fargo Wants Claims Over Fake Accounts Decided Out of Court
Wells Fargo & Co. is trying to keep dozens of customers suing over bogus accounts opened by its employees out of court, saying they agreed to resolve any disputes in arbitration when they began doing business with the bank.
The lender also asked for the lawsuits, filed by 80 customers in federal court in Salt Lake City to be thrown out.

(Related) "It depends on what the meaning of the word 'is' is.”   
Uber seeks EC ruling that it is a digital service, not a transportation company
Uber will seek to convince Europe’s top court next week that it is a digital service, not a transport company, in a case that could determine whether app-based startups should be exempt from strict laws meant for regular companies.
The European Commission is trying to boost e-commerce, a sector where the EU lags behind Asia and the United States, to drive economic growth and create jobs.
The U.S. taxi app, which launched in Europe five years ago, has faced fierce opposition from regular taxi companies and some local authorities, who fear it creates unfair competition because it is not bound by strict local licensing and safety rules.

The downside of ‘really fast access to news!’ 
The CNN porn scare is how fake news spreads
Last night, a twitter account by the name of @solikearose tweeted out a surprising image of CNN broadcasting porn instead of Anthony Bourdain’s scheduled show Parts Unknown.  And then without really much questioning, a bunch of news sites ran with it, claiming that the network showed the footage for about 30 minutes.  
   It looks like the chaos all started when The Independent wrote up a story from this person’s tweets, which was then tweeted out by the Drudge Report.  After that, it spread fast.  Mashable, The New York Post, The Daily Mail, Esquire, and Variety have all published a story, and pretty much all of these articles are based on one or two tweets from @solikerose.  Plus, many of the original stories didn’t include statements from CNN or RCN, the cable company that supposedly aired the porn.
Fact-checking largely didn’t begin until the stories were published.

(Related) Did the Post get suckered too?  Surely not just bad reporting?
No, Russian Agents Are Not Behind Every Piece of Fake News You See
One of the themes that has emerged during the controversy over “fake news” and its role in the election of Donald Trump is the idea that Russian agents of various kinds helped hack the process by fueling this barrage of false news.  But is that really true?
In a recent story, the Washington Post says that this is definitely the case, based on information provided by two groups of what the paper calls “independent researchers.”  But the case starts to come apart at the seams the more you look at it.

A billion-dollar niche?  I wonder how many there are and how I could start my own. 
Amazon in Talks to Buy Dubai’s in $1 Billion Deal Inc. is in talks to acquire Dubai-based online retailer FZ for about $1 billion in a deal that will give the e-commerce giant a footprint in the high-growth Middle East market, according to people familiar with the matter.

One of my students is building one of these for a demonstration in my January Computer Security class.  
$5 PoisonTap Tool Easily Breaks Into Locked PCs
Proving once again that you can do a lot of damage with a little investment and a lot of ingenuity, security researcher Samy Kamkar recently managed to take down a locked, password-protected computer armed with only a US$5 Raspberry Pi.
The low-tech cookie-siphoning intrusion is one of Kamkar's simplest hacks ever.  He previously has unlocked car doors, garages, wireless remote cameras and other devices, with MacGyver-like precision.

Trivia for my geeky students.

Will the TSA open a video feed at US airports?  

Update: I couldn’t find a link to the report the first time I posted about this study.
A Stanford University team won a lot of attention this week by releasing a study on how badly teenagers assess information online.  “Evaluating Information: The Cornerstone of Civic Online Reasoning” examined more than 7,000 students to check their information literacy skills.

My industry.
Hack Education Weekly News
[This blogger is not happy with anything Trump.  You can tell by the icon she uses for the ‘Trump news’ section.  Bob]
   “The United States Department of Education’s Office of Inspector General has found in a recent report that the department’s overall information technology security is ‘not generally effective’ in meeting several federal requirements,” Campus Technology reports.  “The ed department (ED) and its Federal Student Aid (FSA) office scored only 53 points out of 100 in a recent security audit.”
   “Attorneys for Gov. Rick Snyder and state education officials say no fundamental right to literacy exists for Detroit schoolchildren who are suing the state over the quality of their education,” The Detroit News reports.
   Via the Lansing State Journal: “An email sent to Michigan State University last weekend attempting to ‘extort money’ helped the university identify a data breach that affected about 400,000 records and included names, Social Security numbers and MSU identification numbers, a university spokesman said Friday evening.”
   Via EdWeek’s Market Brief: “Two recent reports that track K–12 spending reveal schools’ strong interest in purchasing security-related hardware, products, and technology.”  One of the most popular pieces of technology: gun detectors.  Yes, gun detectors are ed-tech.

No comments: