Thursday, December 01, 2016

A simple “Internet of Things” hack.  Are we looking at a tool for the “perfect crime?”  Someone with a well documented heart problem suddenly dies from heart failure…  Would anyone bother to check the pacemaker’s logs?  (Do they keep logs?)  
Darren Pauli reports:
A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims.
Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior knowledge or special access to the devices, and used commercial off-the-shelf equipment to break the proprietary communications protocols.
From the position of blind attackers the pair managed to hack pacemakers from up to five metres away gaining the ability to deliver fatal shocks and turn off life-saving treatment.
Read more on The Register.

For my Ethical Hacking students.  It’s much easier to hack a system when you know exactly how it works.  
Why a hacker is giving away a special code that turns cars into self-driving machines
Here is a strategy for start-ups dealing with regulators who might shut down your product: Make it free.
Scrappy self-driving car start-up released a free software kit on Wednesday to help developers learn to build a device that can turn any car into an autonomous vehicle.
   A wave of companies in areas such as housing, DNA testing and aerospace is weighing whether to work with officials or to follow the playbook of companies such as Uber and Airbnb — asking forgiveness, but not permission, and seeing where the chips fall.
In Comma’s case, the strategy was an end run around the rulemakers.
   Shortly after the announcement at the TechCrunch Disrupt conference, Hotz was slapped with a warning letter from the National Highway Traffic Safety Administration.
   The code, which is available on the open-source collaboration platform GitHub, allows anyone (but really, hardcore hackers) to build a dashcam-like device that they can set up in their car.  The device plugs into a port in the car called a controller area network, or BUS (in most cars built after 2006).  Users must build the device with a 3-D printer and have an Android OnePlus 3 phone to run the code and provide the camera that can scan the road.

Interesting, but somewhat suspect.  I’d like to see more raw numbers.  How many ‘hackers’ did they survey? 
Report: Most cybercriminals earn $1,000 to $3,000 a month
Most cybercriminals make between $1,000 and $3,000 a month, but 20 percent earn $20,000 a month or more, according to a recent report.

For my Android using students.
   If you own an Android device running on anything older than Android 6.0 (Marshmallow) you should do two things: 1. Use this Check Point tool to see whether your Google account has been compromised, and 2. View the list of fake apps infected by Gooligan so you know what to avoid.

An escape from double-secret probation?
SAN FRANCISCO – CREDO Mobile representatives confirmed today that their company was at the center of the long-running legal battle over the constitutionality of national security letters (NSLs), and published the letters the government sent three years ago.
The Electronic Frontier Foundation (EFF) has represented CREDO in this matter since 2013—and the case, bundled with two other NSL challenges, has reached the United States Court of Appeals for the Ninth Circuit.  Until now, CREDO was under a gag order, preventing CREDO officials from identifying the company or discussing their role in the case.  In March, a district court found that the FBI had failed to demonstrate the need for this gag, and struck it down pending an appeal by the government.  But earlier this month, the government decided to drop its appeal of that order, leaving CREDO free to talk about why the legal challenge is important to the company and its customers.
   While the government has stopped pursuing the NSL gag orders on CREDO in this case, EFF’s two other NSL challenges are still being litigated in the appeals court.  EFF’s clients—who still must remain secret—argue that they are being unconstitutionally barred from discussion and debate about government use of NSLs and surveillance reform.

How would Coinbase know which of their customers were “U.S. taxpayers?” 
The government’s press release on an issue mentioned previously: a broad warrant for records on everyone who used Coinbase.  The government appears to be going on a fishing expedition with court authorization.  Oh well, the Fourth Amendment had a good run, I guess. 
A federal court in the Northern District of California entered an order today authorizing the Internal Revenue Service (IRS) to serve a John Doe summons on Coinbase Inc., seeking information about U.S. taxpayers who conducted transactions in a convertible virtual currency during the years 2013 to 2015.  The IRS is seeking the records of Americans who engaged in business with or through Coinbase, a virtual currency exchanger headquartered in San Francisco, California.
   The court’s order grants the IRS permission to serve what is known as a “John Doe” summons on Coinbase.  There is no allegation in this suit that Coinbase has engaged in any wrongdoing in connection with its virtual currency exchange business.  Rather, the IRS uses John Doe summonses to obtain information about possible violations of internal revenue laws by individuals whose identities are unknown.  This John Doe summons directs Coinbase to produce records identifying U.S. taxpayers who have used its services, along with other documents relating to their virtual currency transactions.

Something I definitely want to teach.
Tomorrow’s Business Leaders Learn How to Work with A.I.
Artificial intelligence is now on the syllabus at top-tier business schools.
Harvard Business School, Massachusetts Institute of Technology’s Sloan School of Management, France’s Insead and a handful of other programs recently have added M.B.A. courses on managing the applications and algorithms that help businesses make more informed decisions.

The timing is interesting.  Apparently, they saw little value in this until Hillary lost?
SearchEngineLand reports on how Google is tackling fake news
by Sabrina I. Pacifici on Nov 30, 2016
Ian Bowden reports: “Following the US election and Brexit, increased focus is being placed on how social networks and search engines can avoid showing “fake news” to users.  However, this is a battle that search engines cannot — and more fundamentally, should not — fight alone.  With search engines providing a key way people consume information, it is obviously problematic if they can both decide what the truth is and label content as the truth.  This power might not be abused now, but there is no guarantee of the safe governance of such organizations in the future.  Here are five key ways Google can deal (or already is dealing) with fake news right now.  They are:
  1. Manually reviewing websites
  2. Algorithmically demoting fake news
  3. Removing incentives to create fake news
  4. Signaling when content has been fact-checked
  5. Funding fact-checking organizations…”

(Related) Again, no thoughts about this until Trump.  Perhaps he is good for something?
Sam Thielman reports:
Public and private libraries are reacting swiftly to the election of Donald Trump, promising to destroy user information before it can be used against readers and backing up data abroad.
The New York Public Library (NYPL) changed its privacy policy on Wednesday to emphasize its data-collection policies.
Read more on The Guardian.

Perspective.  If you store ‘Big Data,’ it could take you quite a while to migrate it to the cloud.  No doubt this will soon be self-driving and will move from the US to Mexico to Canada to avoid subpoenas for your data.  Also raises the possibility of data lost due to traffic accidents. 
AWS Snowmobile – Move Exabytes of Data to the Cloud in Weeks
   In order to meet the needs of these customers, we are launching Snowmobile today.  This secure data truck stores up to 100 PB of data and can help you to move exabytes to AWS in a matter of weeks (you can get more than one if necessary).  Designed to meet the needs of our customers in the financial services, media & entertainment, scientific, and other industries, Snowmobile attaches to your network and appears as a local, NFS-mounted volume.  You can use your existing backup and archiving tools to fill it up with data destined for Amazon Simple Storage Service (S3) or Amazon Glacier.

My students should be interested.
This investment bank presentation breaks down the complicated digital ad industry in 2016
LUMA Partners has just released its annual State of Digital Marketing presentation.
This year it covers LUMA's views on the market, five industry trends — including the rise of artificial intelligence — and the future of the ecosystem with a specific focus on digital marketing.

Jobs for my students.
Winning the Digital War for Talent
Many traditional talent management processes weren’t designed for today’s increasingly digital world.  That’s why a new approach is needed.
   In our interviews with digital executives and analysts, we saw two distinct approaches to thinking about talent in an increasingly digital business environment.  Some companies expressed great interest in tapping into fluid talent markets made up of skilled contractors and consultants.  
   In contrast, other companies are focused on how to develop and manage existing employees for the long term.  Many of these companies invest heavily in new approaches to onboarding and continuous training and development.  They provide employees with opportunities to grow digitally, not only through technical training but also by offering carefully curated work experiences, different experiences over time, and career development support.

Probably works the other way too – places my students can advertise their skills?
By 2020, more than 40 percent of the U.S. workforce will be freelancers and contractors.  This is the direction we’re moving in, particularly for design and development jobs which tend to be project-based.

Too geeky for Santa.

No comments: