Saturday, May 28, 2016
If this claim is true, does it suggest hacking is even easier than we thought?
Lorenzo Franceschi-Bicchierai reports:
There’s an oft-repeated adage in the world of cybersecurity: There are two types of companies, those that have been hacked, and those that don’t yet know they have been hacked.
MySpace, the social media behemoth that was, is apparently in the second category. The same hacker who was selling the data of more than 164 million LinkedIn users last week now claims to have 360 million emails and passwords of MySpace users, which would be one of the largest leaks of passwords ever. And it looks like the data is being circulated in the underground by other hackers as well.
Read more on Motherboard.
There has been a significant increase in ATM thefts recently. Here’s how to do it.
3 Danger Signs to Look for Each Time You Use an ATM
Encrypt everything. Use TOR. Pretend to be someone else (like a law professor or Secretary of State, for example)
A provision snuck into the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy.
If passed, the change would expand the reach of the FBI’s already highly controversial national security letters.
… In February, FBI Director James Comey testified during a Senate Intelligence Committee hearing on worldwide threats that the FBI’s inability to get email records with NSLs was a “typo” — and that fixing it was one of the FBI’s top legislative priorities.
Greene warned at the time: “Unless we push back against Comey now, before you know it, the long slow push for an [electronic communication transactional records] fix may just be unstoppable.”
The FBI used to think that it was, in fact, allowed to get email records with NSLs, and did so routinely until the Justice Department under George W. Bush told the bureau that it had interpreted its powers overly broadly.
Ever since, the FBI has tried to get that power and has been rejected, including during negotiations over the USA Freedom Act. [If at first you don’t succeed, try over and over and over and over, until you do. Bob]
Perhaps we should call politicians and claim they owe a ‘Federal Stupid Tax?” I wonder how many would bite?
IRS Warns Taxpayers About New Scam Involving Bogus 'Federal Student Tax'
… the Internal Revenue Service (IRS) issued a warning about a new scam making the rounds. The latest IRS impersonation scheme involves bogus phone calls to demanding payment for a non-existent tax, the “Federal Student Tax.”
The lack of such a tax hasn’t kept scammers from targeting students, and threatening to report them to the police if they do not immediately wire money via MoneyGram or other untraceable method. According to the FTC, the callers generally have some piece of information that makes the call seem legit. That information might be the name of the student’s school or info that is designed to make the student feel like the caller is a real authoritative figure. Sometimes, if the student hangs up on the caller, the caller follows up with spoofed caller-ID information advising that 911 or the U.S. Government is calling.
Something my Computer Security students agreed should be built into every password system.
Microsoft bans ‘12345’ and other common passwords to boost security
Microsoft wants you to stop using “password” as your account password, and the company knows just how to do that — ban it outright.
The company wrote in a technical blog, noticed by online news site Mashable, that it will ban users from setting up some of the most commonly used passwords.
Microsoft hopes the practice will increase security for user accounts, as those with passwords such as “football” and “12345” are some of the most susceptible to hackers.
If users try to set up an account with many of the passwords found on the annual Worst Passwords List put together by SplashData, Microsoft will show a red warning that says, “Choose a password that’s harder for people to guess.”
Something my Ethical Hacking class should consider. When we find holes in FBI systems, should we tell anyone?
Over on Daily Dot this morning, I reported that the FBI executed a search warrant at the home of researcher Justin Shafer. Shafer’s name will be amiliar to regular readers of DataBreaches.net because he exposed a long-standing security vulnerability in Dentrix software and challenged Henry Schein’s claims that their product provided “encryption.” Our combined efforts resulted in the recent consent order announced by the FTC.
… If Shafer did nothing wrong, how did a prosecutor convince a magistrate judge to issue a search warrant based on probable cause when there was no code bypassed, no login required, no evidence that any data downloaded had been used in furtherance of a crime, and no personal data disclosed publicly in Shafer’s reporting on the incident or this site’s reporting on it? Unfortunately, the probable cause affidavit is under seal, but this blogger wonders if the magistrate judge really understood the nature of an anonymous FTP server.
For my next talk on encryption…
The Downside of the FCC’s New Internet Privacy Rules
There may soon be a new cop on the privacy beat — the Federal Communications Commission. Last month, the FCC issued a 150-page document proposing sweeping new rules and regulations for broadband Internet Service Providers (ISPs). But in my analysis, this is not good news for those who genuinely care about promoting consumer privacy.
To understand why the FCC’s involvement would create more problems than it would solve, it helps to understand a massive shift in web security over the last few years: the overwhelmingly successful campaign to encrypt data flowing to and from consumers over the Internet.
My government in action! Should we say government is slow and poorly managed or no matter how much money they toss at a problem, still manages to be slow?
OPM IG Report on Information Infrastructure Improvement Project
by Sabrina I. Pacifici on May 27, 2016
Second Interim Status Report on the U.S. Office of Personnel Management’s (OPM) Infrastructure Improvement Project – Major IT Business Case (Report No. 4A-CI-00-16-037). May 18, 2016.
“OPM has still not performed many of the critical capital project planning practices required by the Office of Management and Budget (OMB). Of primary concern, prior to initiating the Infrastructure Improvement Project (Project), OPM did not perform the mandatory Analysis of Alternatives to evaluate whether moving all infrastructure and systems to a new environment (initially known as Shell, but now referred to as IaaS [Infrastructure as a Service]) was the best solution to address the stated objective of this initiative: to provide a secure operating environment for OPM systems at a lower cost. In light of recent developments involving the creation of the National Background Investigations Bureau within OPM to replace the Federal Investigative Services, the current Federal background investigations program, and the shifting of the responsibility for developing and maintaining the associated information technology systems to the Department of the Defense, this analysis is even more important. In addition, most, if not all, of the supporting project management activities required by OMB have still not been completed…”
See also related posting, CRS Insights – OPM Data Breach
I sense a business opportunity here. Skype into our classes?
FT Business Education – Executive education rankings 2016
by Sabrina I. Pacifici on May 27, 2016
FT Business Education Report, May 23, 2016: ” For the dream of life long learning to be realised fully, those in the 35-60 age group must also be given the opportunity to refine and revise their skills through out their careers, which could well stretch into their seventies. This is not happening enough. Executive education has traditionally been one niche in which the middle aged have been able to polish theirs kills. But the super charged intensity of the modern office makes it hard to get away from daily duties. Glenn Hubbard, dean of Columbia Business School, ruefully observes that its MBA graduates have a lifetime entitlement to come back and sit in on any class—but they almost never find the time. “People don’t take me up on it because they are busy,” he says.”
Might be fun to try.
Amazon Alexa Hits The Browser With Echo Simulator Skill Testing Tool: Here's How It Works
Amazon recently unveiled Echosim.io, a site that emulates the functionality of an Amazon Echo speaker, bringing the Alexa voice assistant technology to desktops.
… It's really easy to tap into Alexa's potential on desktop systems. Simply go to Echosim.io and sign in with your Amazon username and password, then hold your mouse over the microphone button and start interacting with the voice assistant. Obviously, you will need a working microphone to throw more or less serious questions at the AI.
For anyone who likes to look up.
5 Tools to Watch the Night Sky and Track Events in Astronomy
[And one of my favorites: http://iss.astroviewer.net/observation.php?lon=-104.990251&lat=39.7392358&name=Denver
Friday, May 27, 2016
…and suddenly the banking system seems much less secure.
Michael Riley and Alan Katz report:
Investigators are examining possible computer breaches at as many as 12 banks linked to Swift’s global payments network that have irregularities similar to those in the theft of $81 million from the Bangladesh central bank, according to a person familiar with the probe.
FireEye, the security firm hired by the Bangladesh bank, has been contacted by the other banks, most of which are in Southeast Asia, because of signs that hackers may have breached their networks, the person said. They include banks in the Philippines and New Zealand but not in Western Europe or the United States. There is no indication of whether money was taken.
Read more on Bloomberg.
Do insurers routinely audit banks?
Ken Kronstadt and Crystal Skelton of Kelley Drye & Warren LLP write:
Last week, the Eighth Circuit upheld a lower court’s ruling in State Bank of Bellingham v. BancInsure Inc., finding that a bank employee’s negligence in securing its computer network did not preclude coverage for a data breach resulting in a fraudulent funds transfer. The decision affirms the lower court’s ruling granting summary judgment in favor of the Bank of Bellingham, holding that the loss was covered even if employee negligence contributed to the loss.
Read more on JDSupra.
The downside of those “double secret” hacks.
Patrick Howell O’Neill reports:
A federal judge has thrown out all the evidence gathered by the FBI using a hacking tool targeting Tor users in a child-porn investigation.
U.S. District Court Judge Robert Bryan on Wednesday shut down the FBI’s case against defendant Jay Michaud, a Vancouver middle-school teacher accused of downloading child porn through the Tor anonymity network while the FBI surreptitiously took control of a child-porn site called Playpen for two weeks in early 2015.
Read more on Daily Dot.
[From the article:
Bryan's order came after the FBI refused to reveal the full code behind the hack.
One area of biometrics analyzes how you walk, why not extend that to how you drive?
Andy Greenberg reports:
The way you drive is surprisingly unique. And in an era when automobiles have become data-harvesting, multi-ton mobile computers, the data collected by your car—or one you rent or borrow—can probably identify you based on that driving style after as little as a few minutes behind the wheel.
In a study they plan to present at the Privacy Enhancing Technology Symposium in Germany this July, a group of researchers from the University of Washington and the University of California at San Diego found that they could “fingerprint” drivers based only on data they collected from internal computer network of the vehicle their test subjects were driving, what’s known as a car’s CAN bus.
Read more on Wired.
How do I explain this to my students? I tell them to hire a good lawyer.
Google Doesn’t Owe Oracle a Cent for Using Java in Android, Jury Finds
Google’s use of the Oracle’s Java programming language in the Android operating system is legal, a federal jury found today in a verdict that could have major implications for the future of software development.
The case, which has dragged on for six years, could have cost Google as much as $9 billion in damages had it lost. But the decision affects more than just Google. The case is important because it helps clarify the copyright rules around what programmers can borrow for their own work. Programmers routinely borrow APIs from existing products either to ensure compatibility between products or simply to make it easier to learn a new product. An Oracle victory could have seriously curtailed that practice, hindering the creation of new software.
… The ruling is good news for programmers in general, but the Electronic Frontier Foundation (EFF) has argued that techies and the public have already lost because of the earlier decision that found that APIs are subject to copyright.
Up ‘til now, cars have been blind?
Intel buys a Russian machine vision firm for IoT devices and self-driving cars
Intel (NASDAQ:INTC) is buying Itseez, a Russian developer of computer vision algorithms and related technology for embedded systems. Terms are undisclosed.
Intel: "This acquisition furthers Intel’s efforts to win in IoT market segments like automotive and video, where the ability to electronically perceive and understand images paves the way for innovation and opportunity. Itseez will become a key ingredient for Intel’s Internet of Things Group (IOTG) roadmap, and will help Intel’s customers create innovative deep-learning-based CV applications like autonomous driving, digital security and surveillance, and industrial inspection."
IT Architecture, again. Instead of a plain old computer screen you get a cute(?) little robot.
Will Pizza Hut soon be run by robots?
Some restaurants have started experimenting with human-like robots instead of human cashiers, allowing consumers to pay for their meals without interacting with another person. Although many restaurants have allowed digital ordering, either online, by kiosk or on tablets at the table, the practice of using humanoid, or human-like robots, is still in its earliest stages, and it’s primarily happening in Asia so far. Experts say the robots could benefit restaurants and lead to wider adoption — if diners aren’t too freaked out by them.
Why I’m teaching two sections of my Computer Security class.
Cybersecurity recruitment in crisis
Globally cybersecurity is in crisis not solely from a lack of skilled personnel, but also from a lack of strategic direction and companies inability to hire staff in an expedient, effective and efficient manner.
ISSA, (ISC)2, ISACA, Cisco, and PwC have all released major studies showing the cybersecurity skills gap has reached a crisis point worldwide. The number of positions to be filled vary widely from each study, but the majority of them put the gap at over a million positions by the end of the decade. One might go so far as to call it a cybersecurity skills gulf. This is not a new challenge, but one that has been developing over time.
(Related) Security includes ethics?
Tech Savvy: Two Questions for Managers of Learning Machines
… The first, which Dhar takes up in a new article on TechCrunch, is how to “design intelligent learning machines that minimize undesirable behavior.”
… The second question, which Dhar explores in an article for HBR.org, is when and when not to allow AI machines to make decisions.
Perhaps more for lawyers and future politicians?
Congress.gov adds RSS and email alerts for researchers
by Sabrina I. Pacifici on May 26, 2016
Via Emily Carr, LC – “…new email alerts and RSS feeds are now available from Congress.gov. For more details, see New Email Alerts and RSS Feeds on Congress.gov:
“Building on those email alerts, there is now an additional set of email alerts and the first RSS feeds that you can subscribe to from Congress.gov
- Most-Viewed Bills (email | RSS)
- Search Tips (email | RSS)
- Bills Presented to the President (email | RSS)
- On the House Floor Today (email | RSS)
- On the Senate Floor Today (email | RSS)
- In Custodia Legis: Law Librarians of Congress (email | RSS)”
Moneyball, but understandable! Worth reading.
What a Minor League Moneyball Reveals About Predictive Analytics
(Related) I see this as a business opportunity,
Data Analytics Rarely Leveraged to Detect Fraud
A new report released by KPMG this week on fraud shows little major change when compared to previous reports - except perhaps that there are more female fraudsters today than there were previously. Statistically, fraudsters tend to be male, management, working in groups colluding with outsiders, and aged between 35 and 55. But there is one particularly worrying statistic: technology-assisted fraud is increasing while technology-assisted detection is falling.
… A major recommendation of the report (PDF) is the increased use of technological defenses.
Saturday silly a day early.
Hack Education Weekly News
… Via the AP: “A complaint filed Tuesday with Texas education officials accuses a charter-school network of abusing a visa program to import large numbers of Turkish teachers and violating state and federal laws by paying them more than American teachers. The complaint also asserts that the network, Harmony Public Schools, skirts competitive bidding rules to award contracts to Turkish vendors.”
… Via Boing Boing: “JJ Abrams urges Paramount to drop its lawsuit over fan Star Trek movie.” The lawsuit in question involves Paramount’s claim that the Klingon language is copyrightable.… Via The New York Times: “Group Urging Free Tuition at Harvard Fails to Win Seats on Board.”
Thursday, May 26, 2016
I still think Donald Trump will not get too deep into this – unless the FBI finds something more interesting.
Hillary Clinton Is Criticized for Private Emails in State Dept. Review
The State Department’s inspector general has sharply criticized Hillary Clinton’s exclusive use of a private email server while she was secretary of state, saying she had not sought permission to use it and would not have received it if she had.
In a report delivered to members of Congress on Wednesday, the inspector general said that Mrs. Clinton “had an obligation to discuss using her personal email account to conduct official business” with officials responsible for handling records and security but that inspectors “found no evidence” that she had requested or received approval from anyone at the department to conduct her state business on a personal email.
… It also added new detail about Mrs. Clinton’s motivation for using the private server, which she has said was set up for convenience. In November 2010, her deputy chief of staff for operations prodded her about “putting you on state email or releasing your email address to the department so you are not going to spam.” Mrs. Clinton, however, replied that she would consider a separate address or device “but I don’t want any risk of the personal being accessible.”
… through her lawyers, she declined to be interviewed by the State Department’s inspector general as part of his review. So did several of her senior aides.
… While State Department officials never directly told Mrs. Clinton or Mr. Powell that they needed to end their use of personal email, the report found, they did do so with Mr. Gration, a lower-level diplomat who did not have the same political clout.
State Dept. inspector general report sharply criticizes Clinton’s email practices
… The new report focuses on record keeping and how Clinton and previous secretaries of state maintained documents regarding public business. She has said she complied with laws requiring the preservation of documents, including emails, because she emailed other government officials at their official accounts, knowing their emails would be retained on public servers. [No need for her to do it. She has Minions! Bob]
But she has not explained how she intended to preserve emails sent to private citizens, who did not use government email.
(Related) Probably not all due to the emails.
Hillary Clinton Now Loses to Trump in Polls. Bernie Sanders Beats Trump by 10.8 Points.
For my Enterprise Architecture students. Plan to keep up with technology.
Government agencies keep sacrificing cash to zombie IT systems, GAO finds
Some of the most critical business systems run by US government agencies are older than many of the IT people who support them, written in mainframe assembler code or COBOL. That might not shock or surprise anyone who works in mainframe-centric industries like insurance and finance, where the time-tested reliability of some systems has granted them lives that reach back to the Johnson administration. But a new GAO report has called out some of these systems as being so archaic that they're consuming increasingly larger portions of agencies' IT budgets just for operation and maintenance. As the breach at the Office of Personnel Management demonstrated, old systems are also a security risk—particularly when they've been "updated" with now-unsupported versions of Windows Server and Internet and database components that were end-of-life'd by their creators years ago.
(Related) Could the government change this quickly?
Facebook Is Shutting Down Its Desktop-Based Ad Retargeting Exchange
… Idema told Adweek that the company has already begun moving clients and ad tech partners over to newer products with the goal of being fully migrated by Nov. 1. Idema said advertisers started moving their budgets over to newer products even before the "sunset" of Facebook Exchange was announced, largely due to the results they've seen. According to the company's most recent earning's report, mobile now accounts for 82 percent of the company's overall revenue.
Another Architecture consideration. How do you structure IT to handle this?
Where Predictive Analytics Is Having the Biggest Impact
… Survey-based reports find that firms are currently spending an estimated $36 billion on storage and infrastructure, and that is expected to double by 2020.
Once companies are logging and storing detailed data on all their customer engagements and internal processes, what’s next?
… Our goal in this article is to offer specific, real-world case studies to show how big data has provided value for companies that have worked with Microsoft’s analytics teams. These cases reveal the circumstances in which big data predictive analytics are likely to enable novel and high-value solutions, and the situations where the gains are likely to be minimal.
Incentive (blood in the water) for lawyers?
Eriq Gardner reports that Gawker’s appeal of the jury verdict in Hulk Hogan’s lawsuit failed to persuade the judge:
After a review of the stunning verdict in March in Hulk Hogan’s lawsuit against Gawker over the publishing of an excerpt of a sex tape, Florida Circuit Judge Pamela Campbell on Wednesday decided not to order a new trial nor touch the $140 million verdict.
The decision comes as the case has gained renewed attention thanks to a report that PayPal co-founder and early Facebook investor Peter Thiel provided financial backing to Hogan as the former professional wrestler pursued claims of having his privacy violated and his publicity rights infringed through an October 2012 post viewed by an estimated 7 million people. Campbell’s decision will soon allow this dispute to proceed to a Florida appeals court.
Read more on Hollywood Reporter.
Peter Thiel, Tech Billionaire, Reveals Secret War With Gawker
A billionaire Silicon Valley entrepreneur was outed as being gay by a media organization. His friends suffered at the hands of the same gossip site. Nearly a decade later, the entrepreneur secretly financed a lawsuit to try to put the media company out of business.
Perspective. Are robots cheaper than cheap labor? Apparently. Another article for my Architecture students.
Foxconn replaces '60,000 factory workers with robots'
One factory has "reduced employee strength from 110,000 to 50,000 thanks to the introduction of robots", a government official told the South China Morning Post.
Xu Yulian, head of publicity for the Kunshan region, added: "More companies are likely to follow suit."
China is investing heavily in a robot workforce.
… Economists have issued dire warnings about how automation will affect the job market, with one report, from consultants Deloitte in partnership with Oxford University, suggesting that 35% of jobs were at risk over the next 20 years.
Former McDonald's chief executive Ed Rensi recently told the US's Fox Business programme a minimum-wage increase to $15 an hour would make companies consider robot workers.
"It's cheaper to buy a $35,000 robotic arm than it is to hire an employee who is inefficient, making $15 an hour bagging French fries," he said.
Wednesday, May 25, 2016
Failure to secure the organization can be costly. (Something to share with your CEO?)
Austrian Firm Fires CEO After $56-million Cyber Scam
Austrian aircraft parts maker FACC said Wednesday that it has fired its chief executive of 17 years after cyber criminals stole some 50 million euros ($55.7 million) in a so-called "fake president" scam.
FACC, whose customers include Airbus, Boeing and Rolls-Royce, said that the its supervisory board sacked Walter Stephan with immediate effect after he "severely violated his duties".
Press reports said that in January a FACC employee wired around 50 million euros, equivalent to almost 10 percent of annual revenues, after receiving emailed instructions from someone posing as Stephan.
… The company said Wednesday that the scam, also known as "bogus boss" or "CEO fraud" and increasingly popular with sophisticated organized criminals, cost it 41.9 million euros in its 2015/16 business year.
It has managed to claw back 10.9 million euros, it said, but still posted a pretax loss of 23.4 million euros. In February the company also sacked its finance chief because of the slip-up.
There was no suggestion that either executive was involved in the scam.
(Related) The latest Class Action fad?
So here’s another case where employees are suing their employer after their W-2 data was phished. I wonder how many more lawsuits like this we may see, keeping in mind that I’ve listed over 120 entities whose employees had their W-2 data phished.
Joe Robertson reports:
A Rockhurst University employee hopes to represent some 1,200 school staffers in seeking damages for a data breach last month.
Someone duped university staff into supplying information on IRS W-2 forms, including Social Security numbers, in an act of fraud April 4.
The lawsuit filed Thursday in Jackson County Circuit Court by Alexandria Stobbe said the university was willful and reckless in exposing the personal information in “flagrant disregard” for the employees’ rights to privacy and property.
Read more on Kansas City Star.
Could these be the guys who hit Japanese ATMs?
On 18 May 2016, the French Gendarmerie of Pau, in close cooperation with the Investigative Unit of the Italian State Police of Imperia and Europol, disrupted an international criminal group responsible for large-scale ATM skimming and money laundering. Composed mainly of French-Italian nationals, the criminal network used sophisticated ATM skimming devices which allowed them to compromise ATMs and perform fraudulent withdrawals outside the EU. Estimated losses incurred by the criminals’ activities amount to more than half a million euros.
This operation resulted in multiple house searches and the final arrest of nine individuals in France. Micro camera bars, card readers, magnetic strip readers and writers, computers, phones and flash drives, two hand guns, five vehicles, as well as thousands of plastic cards ready to be encoded, were seized in several locations between France and Italy as part of this operation.
The primary modus operandi of the criminals was to harvest financial data from ATMs in different areas of France. The compromised card data, which was used to create fake payment cards, was stored on a cloud server managed by the members of the criminal organisation. These fake cards were used to withdraw large amounts of cash from ATMs outside the European Union (Asia and the US).
Europol’s European Cybercrime Centre (EC3) initiated the case early this year and supported the involved law enforcement authorities in their efforts to identify the suspects. Operational meetings were held at Europol’s headquarters in The Hague and EC3 provided analytical and forensic support throughout the investigation including the deployment of a mobile office and a forensic expert during the final action day to assist the French authorities.
In addition, Europol’s information and analysis systems were used to exchange and cross-check intelligence received from EU Member States and non-EU countries with which Europol has operational agreements.
 Section de Recherches de Pau.
 Squadra Mobile della Questura di Imperia.
 Squadra Mobile della Questura di Imperia.
This should make future clashes interesting. (Something for my Computer Security classes)
Bad News, FBI: Apple Hires Security Pro Jon Callas
If the FBI was hoping Apple CEO Tim Cook was all talk when he said his company is digging in its heels to protect user privacy, it's time to put on the disappointed face because Jon Callas is back on the payroll. His credentials in the security and privacy world make him a strong asset for Apple—just as he was when he previously worked for the company—and should have the FBI very worried about how far it'll be able to hack into future iPhones and Macs.
Mr. Callas rejoined Apple in May, according to Reuters, although the company isn't saying which projects he'll be working on. Considering his history and skills, it's a safe bet it'll be security and encryption-related.
This isn't the first security related hire for Apple since its standoff with the FBI. George Stathakopoulos joined the company in March and is tasked with protecting customer and corporate data, and it's a safe bet other experts have come on board to help shore up iOS and OS X security.
Should law enforcement be banned from using public information that any teenager can access, or is it the tool that makes it simple that causes concern? Can I get a copy for my students?
Joe Cadillic is working on a series of posts. I was going to wait to post the whole series, but I’ve decided to go ahead and post something about the first one now, because I don’t think the topic’s gotten enough attention.
Thanks to Purdue University and Homeland Security, police can now access public CCTV cameras anywhere.
Purdue researchers have developed a prototype system called ‘Visual Analytics for Command, Control and Interoperability Environments‘ (VACCINE) which allows law enforcement to tap into thousands of CCTV cameras. This means police can spy on you in parking garages, college campuses, national parks, highways etc., no place is safe from Big Brother.
VACCINE allows police to spy on millions of images of citizens daily.
“Although the [CCTV] cameras are not deployed for surveillance purposes, they can be utilized to increase public safety by properly integrating with current surveillance systems” said Yung-Hsiang Lu, an associate professor of electrical and computer engineering.
Read more of Part 1 on MassPrivateI.
A new legal specialty?
Tech woes stymie jury in Oracle case aginst Google
As if the jury deciding the Oracle v. Google trial didn't have enough on its plate already.
Deliberations were interrupted Tuesday when the 10-member panel ran into technical problems trying to review evidence from the case given to them on a PC.
Tuesday, May 24, 2016
Right now, this looks like the digital equivalent of “death by a thousand cuts.” At some point, the victim dies. When do targeted attacks move beyond annoying and become acts of war?
China-Linked Attackers Target Indian Embassies Worldwide
A threat group first analyzed more than two years ago has continued to improve its malware arsenal and was recently observed targeting personnel at Indian embassies worldwide.
… FireEye linked the attackers to China and determined that they had been active since at least 2010.
… Researchers at Palo Alto Networks recently came across a piece of malware that appears to have been used by the group in an ongoing attack aimed at Indian embassies.
… The threat actor has sent out spear phishing emails using an annual report filed by more than 30 Indian embassies as a decoy. In order to increase their chances of success, the addresses used to send the emails have been spoofed to look like the messages come from real people with ties to Indian embassies.
The spear phishing emails observed by the security firm include an MHTML document set up to exploit a Microsoft Office vulnerability (CVE-2015-2545) that was patched in September 2015. If the flaw is exploited successfully, the TidePool malware is dropped onto the targeted user’s system.
… As for attribution, Palo Alto Networks reported finding evidence that the malware developer’s system was likely running an OS and software with Chinese set as the default language. It’s worth noting that Chinese officials denied hacking European foreign ministries when FireEye published the first report on Operation Ke3chang.
(Related) The Russian version.
Attack on Swiss Defense Firm Linked to Turla Cyberspies
The recent cyber espionage attack aimed at Swiss defense firm RUAG was carried out by the Russia-linked threat group known as Turla, according to a report commissioned by the Swiss government.
… A report published on Monday by Switzerland’s Government Computer Emergency Response Team (GovCERT) and its parent organization, the Reporting and Analysis Centre for Information Assurance (MELANI), revealed that while the breach was discovered in January, the attackers gained access to RUAG’s systems as early as September 2014.
Interesting. As long as member banks could only “push” their money to other banks, there was no reason to check on their security. After all, if they thought security was adequate, why would I question it? Now their poor security reflects on SWIFT, so naturally SWIFT wants them to tighten up.
Swift Moves to Harden Customers’ Security
… Gottfried Leibbrandt, chief executive of the Society for Worldwide Interbank Financial Telecommunication, said audits will be part of a new set of standards for how customers should protect their systems and software.
A spokeswoman said audits likely would be conducted by independent third parties based on a framework to be set up by Swift. [The audits won’t cost SWIFT a penny. Bob]
It wasn’t clear whether they would be mandatory.
… The attacks raise a question that is increasingly relevant as critical functions are integrated into bigger networks: Does responsibility for security lie with the network operator or with its users? Computer-security experts increasingly say the answer is both, a conclusion that can require new thinking among network operators like Swift, which have said they aren’t liable for customer breaches but have an implied duty to protect the integrity of their entire networks.
Each “new” technology must rediscover and re-solve the same security and privacy issues that faced every previous generation.
The Privacy Problem with Digital Assistants
For the last century, we’ve imagined a future where we’re surrounded by robotic butlers that are classy, smart, and discreet.
… Already, there are millions of proto-Jarvises running around in pockets, in the form of digital assistants like Apple’s Siri, Microsoft’s Cortana, Amazon’s Alexa, and (soon) Google’s search assistant. These virtual helpers use artificial intelligence to parse what users say or type, and return useful information.
… Like nearly everything else on the Internet, your requests will leave a trail of breadcrumbs. Questions directed at Siri and Google’s voice search get sent to their respective companies, paired with unique device IDs that aren’t connected to specific users. Apple stores Siri requests with device IDs for six months, and then deletes the ID and keeps the audio for another 18 months.; Google’s retention policy wasn’t immediately available.
This is probably a good place to mention that you should not rush to use technology that you don’t understand and have not carefully tested.
Oculus' New DRM Just Made Pirating Games Way Easier
… A software update Oculus released on Friday, which included new DRM, killed one of the VR community's favorite hacks. Revive, as the user-made software is called, allowed people to play games exclusive to the Oculus Rift on competing VR headsets like Valve's and HTC's Vive.
… Libre VR told Motherboard that whereas the original version of Revive simply took functions from the Oculus Runtime and translated them to OpenVR calls (an API compatible with Vive and other headsets), the new version of Revive now uses the same injection technique to bypass Oculus' ownership check altogether. By disabling the ownership check the game can no longer determine whether you legitimately own the game.
It takes all kinds… Using a lawsuit as a marketing opportunity? Priceless!
The Kinky Ménage à Trois Startup That Tinder Wants to Kill (and How It's Fighting Back)Also, it stunk of a half-baked publicity stunt, yet here I am writing about it anyway.
… Oh, and speaking of love, or something like it, Trifonov founded the app in February of 2014 after his girlfriend, Ana, admitted to him that she had “feelings” for a French girl (“Who doesn’t fall for the French?”). “He was so touched that he wanted her to know that there were many more people like her in the world,” Drake says, “and that people fall in love all the time regardless of gender, so he built 3nder as a love letter to her.”
… 3nder is currently only available for iOS. The company claims 700,000 sexually adventurous folks are on a waiting list for the Android version.
Are they incompetent, over-reaching…
Bank of America Penalty Thrown Out in Crisis-Era ‘Hustle’ Case
An appeals court dealt the federal government a major setback in its efforts to punish big banks for the financial crisis, overturning a mortgage fraud case against Bank of America Corp. that has framed the Obama administration’s legal strategy in pursuing multibillion-dollar settlements with financial institutions.… If it stands, the decision could undermine the remaining government investigations into crisis-era mortgage securities, experts said, including those into European banks Royal Bank of Scotland, UBS AG and others.
…or downright stupid?
The Miscarriage of Justice Department
The constitutional challenge to President Obama’s executive action on immigration keeps getting more remarkable. A federal judge has now exposed how the Justice Department systematically deceived lower courts about the Administration’s conduct, and he has imposed unprecedented legal measures to attempt to sterilize this ethics rot.
… One DOJ lawyer told Judge Hanen that “I really would not expect anything between now and the date of the hearing.” As the judge notes, “How the government can categorize the granting of over 100,000 applications as not being ‘anything’ is beyond comprehension.”
Pure politics. It has nothing to do with management. “See, we’re doing something!”
T.S.A. Replaces Security Chief as Tension Grows at Airports and Agency
Facing a backlash over long security lines and management problems, the head of the Transportation Security Administration shook up his leadership team on Monday, replacing the agency’s top security official and adding a new group of administrators at Chicago O’Hare International Airport.
In an email to staff members, Peter V. Neffenger, the T.S.A. administrator, announced a series of changes that included the removal of Kelly Hoggan, who had been the assistant administrator for the Office of Security Operations since 2013.
Beginning late that year, Mr. Hoggan received $90,000 in bonuses over a 13-month period, even though a leaked report from the Department of Homeland Security showed that auditors were able to get fake weapons and explosives past security screeners 95 percent of the time in 70 covert tests.
Did TSA buy this technology? (Can we send them photographs of political candidates?) https://www.washingtonpost.com/news/innovations/wp/2016/05/24/terrorist-or-pedophile-this-start-up-says-it-can-out-secrets-by-analyzing-faces/
Terrorist or pedophile? This start-up says it can out secrets by analyzing faces
… Faception said it’s already signed a contract with a homeland security agency to help identify terrorists. The company said its technology also can be used to identify everything from great poker players to extroverts, pedophiles, geniuses and white collar-criminals.
“We understand the human much better than other humans understand each other,” said Faception chief executive Shai Gilboa. “Our personality is determined by our DNA and reflected in our face. It’s a kind of signal.” [Liberals are going to scream! Bob]
Faception has built 15 different classifiers, which Gilboa said evaluate with 80 percent accuracy certain traits. The start-up is pushing forward, seeing tremendous power in a machine’s ability to analyze images.
Also politics, but it does provide some insight. “We didn’t do it and we promise not to do it again.”
Facebook denies bias in Trending Topics, but vows changes anyway
… In a press release issued publicly and in a letter (PDF) sent directly to Senator John Thune (R-SD), Facebook denied the allegations, but nevertheless announced a number of changes to internal processes that should help appease critics.
… If you were curious about the exact process by which a story goes from hashtag or local news to Trending Topic, read the letter to Sen. Thune; it contains lots of previously unknown details, though many will now be obsolete. Specific allegations of bias — for instance, that stories about Glenn Beck (who wrote an interesting take on his own meeting with Facebook on this topic) were suppressed — are also addressed.
Senator Thune issued his own statement today as well, praising Facebook’s handling of the issue but at the same time getting a couple jabs in.
Would it be insulting to offer these to my students who apparently don’t speak (or read or write) English? (Would I care?)
Pilot Smart Earpiece Breaks Down Language Barriers With Babel Fish Translator Wearable
… New York-based company Waverly Labs has announced the Pilot, the first smart earpiece which translates between users speaking different languages.
The translator was invented by founder Andrew Ochoa who said he had the idea for it “after meeting a French girl” and wanting to communicate with her clearly.
… How the Pilot works is unclear. Its website says that it uses “translation technology” embedded in an app. There is no further information about this “translation technology,” however. The first generation device works only when speaking to someone wearing an earpiece, but future generations could listen to everything happening nearby.
… Waverly Labs says that it will begin taking pre-orders through the crowdfunding site Indiegogo this spring. The app will release this summer and the earpieces will be available by Spring 2017. The product will be for sale for $299 including access to select languages. Additional languages will be available via download.
Want to compete with Watson? Cray has your hardware. My Architecture students will need to consider this.
Cray wants to light a fire under your big data
It's no secret that analytics is eating the enterprise world, but if there's anything in perpetually short supply, it's speed. Enter Cray, which on Tuesday unveiled a new supercomputing platform designed with that in mind.
… "In the past, you'd run some types of analytics every 24 hours or even every week," said Ryan Waite, Cray's senior vice president of products. "Today, you might want to run them every six hours or every hour to be more in tune with what customers are doing."
… Urika-GX is a standard 19-inch rack featuring industry-standard Intel Xeon processors, up to 22 TB of DRAM and as many as 1,728 cores per system. There's 35 TB of SSD storage and 192 TB of hard-drive storage per rack. It also taps the Cray Aries high-speed interconnect. [That sets my inner geek to giggling… Bob]
(Related) Big Data keeps getting bigger!
CTIA Annual Survey – Americans used twice as much data in 2015 as in 2014
“Today, CTIA® released its annual survey results, which found Americans used 9.6 trillion megabytes (MB) of data in 2015, three times the 3.2 trillion MB in 2013. This is the equivalent of consumers streaming 59,219 videos every minute or roughly 18 million MB:
Smartphones are the number one wireless device in the U.S. and still growing
Smartphones are the number one wireless device in the U.S. and still growing
· There were more than 228 million smartphones, which was up almost 10 percent from 2014. 70 percent of the population now owns a smartphone.
· There were more than 41 million tablets on wireless networks, up 16 percent from 2014.
Smartphones are the number one wireless device in the U.S. and still growing
· Americans talked more than 2.8 trillion minutes on their mobile phones, up more than 17 percent from 2014.
· Americans exchanged more than 2.1 trillion texts, videos and photo messages, or more than four million every minute.”
This points to the start of a string of articles my Architecture students should read. (Hint, hint)
New on LLRX – Digital Smarts Everywhere: The Emergence of Ambient Intelligence
Via LLRX.com – Digital Smarts Everywhere: The Emergence of Ambient Intelligence – Alan Rothman’s article is based on a TechCrunch.com posting, The Next Stop on the Road to Revolution is Ambient Intelligence. Rothman offers an insightful analysis on how the rapidly expanding universe of digital intelligent systems wired into our daily routines is becoming more ubiquitous, unavoidable and ambient each day.
I rather like his collections of resources.
New on LLRX – New Economy Resources 2016
Via LLRX.com – New Economy Resources 2016 – This guide by Marcus Zillman aggregates significant actionable sources for researchers focused on the “new economy,” including current and historical government data, analytics and alerts from Open Source providers, the private sector, and the legislative and regulatory sectors.
For my Spreadsheet students. Something to compare to your calculations.
Want to Retire Early? Here’s What You Need to Save Each Month
Anything to get rid of my students.
The Last 5 Resume-Building Apps and Sites You’ll Ever Need