Friday, January 13, 2017

Who would want to hack the hackers?  (Pretty much everyone.) 
Mobile Forensics Firm Cellebrite Hacked
A hacker claims to have stolen hundreds of gigabytes of data from Cellebrite, the Israel-based mobile forensics company rumored to have helped the FBI hack an iPhone belonging to the terrorist Syed Rizwan Farook.
Vice’s Motherboard reported that an unnamed hacker breached Cellebrite’s systems and managed to steal 900 Gb of data, including customer usernames and passwords, databases, data collected by the company from mobile devices, and other technical information.
The stolen files were reportedly traded in some IRC chat rooms, but the hacker claimed he had not leaked the data to the public.  The motives of the attack are unclear, but the hacker apparently decided to disclose the breach as a result of changes in surveillance legislation and the “recent stance taken by Western governments.”
Motherboard said the data provided by the hacker appeared to be legitimate and Cellebrite confirmed that one of its external servers had been accessed by an unauthorized party.  The company has launched an investigation, but its initial analysis suggests that the attacker breached a server storing a legacy database backup of my.Cellebrite, the firm’s end-user license management system.


For my Ethical Hacking students.
Suspected NSA tool hackers dump more cyberweapons in farewell
   The Shadow Brokers' latest dump includes 61 files, many of which have never been seen before by security firms, said Jake Williams, founder of Rendition InfoSec, a security provider.
Williams has been examining the tools, and said it will take time to verify their capabilities.  His initial view is that they’re designed for detection evasion.  
For instance, one of the tools is built to edit Windows event logs.  Potentially, a hacker could use the tool to selectively delete notifications and alerts in the event logs, preventing victims from realizing they’ve been breached, he said.  


But all iPhone users know this, right?
There's a hidden map in your iPhone of everywhere you've been
There's a feature on your iPhone that tracks your frequent locations on a map and logs the times you arrived and departed.  Here's how to access it and turn it off, in case this freaks you out.


Steps my Computer Security students may want to take. 
Microsoft Launches Privacy Dashboard
   To take advantage of the dashboard, users simply need to log in with their Microsoft accounts, then head to account.microsoft.com/privacy to review the collected data and clear it if they want to.


An interesting approach.  (If “Separate” is invulnerable, go after the “Equal” but.)
Kate Martin reports:
Public records advocate Arthur West has filed a lawsuit against the city of Tacoma.
This time, West says he wants access to more information about the Tacoma Police Department’s use of a controversial piece of surveillance equipment called a cell site simulator, commonly known by the brand name Stingray.
[…]
In his December filing, though, West says the police’s device interferes with cellphone signals without a license from the Federal Communications Commission, the federal agency that regulates the use of the airwaves.
West, an Olympia resident who says he travels frequently to Tacoma, wrote in his filing that the Tacoma Police Department’s use of the Stingray prevents him and others from calling 911 in an emergency.
Read more on The News Tribune.


I’m going to go with, “Why not?  Big Brother is inevitable.”  I would also question if access to “raw” data is the best way to go.  Who will turn that into usable intelligence? 
Why Is Obama Expanding Surveillance Powers Right Before He Leaves Office?
On Thursday, the Obama administration finalized new rules that allow the National Security Agency to share information it gleans from its vast international surveillance apparatus with the 16 other agencies that make up the U.S. intelligence community.
With the new changes, which were long in the works, those agencies can apply for access to various feeds of raw, undoctored NSA intelligence.


Sadly, only one in Colorado.
The CSO guide to top security conferences
   From major events to those that are more narrowly focused, this list from the editors of CSO, will help you find the security conferences that matter the most to you.

We’ll keep it updated with registration deadlines and new conferences so check back often.
Cyber Security Training & Technology Forum (CSTTF)
August 30 - 31, 2017
Colorado Springs, Colorado


For my Data Management students.  Now everything (100%) must work perfectly.  Was the infrastructure ready? 
India’s Digital ID Rollout Collides With Rickety Reality
   The system, which relies on fingerprints and eye scans to eventually provide IDs to all 1.25 billion Indians, is also expected to improve the distribution of state food and fuel rations and eventually facilitate daily needs such as banking and buying train tickets.
But Mr. Prakash couldn’t confirm his customers’ identities until he dragged them to a Java plum tree in a corner of his village near New Delhi’s international airport.  That was the only place to get the phone signal needed to tap into the government database.
   But the technology is colliding with the rickety reality of India, where many people live off the grid or have fingerprints compromised by manual labor or age.
   Iris scans are meant to resolve situations where fingerprints don’t work, but shops don’t yet have iris scanners.
   Ajay Bhushan Pandey, chief executive of the government agency that oversees Aadhaar, said kinks will be ironed out as the system is used, as is the case with software rollouts.  It works 92% of the time, and that will rise to 95%, he said.


I’ll add this to my RSS feed, assuming this isn’t a false news report.
the guardian – BBC sets up team to debunk fake news
by Sabrina I. Pacifici on Jan 12, 2017
“The BBC is to assemble a team to fact check and debunk deliberately misleading and false stories masquerading as real news.  Amid growing concern among politicians and news organisations about the impact of false information online, news chief James Harding told staff on Thursday that the BBC would be “weighing in on the battle over lies, distortions and exaggerations”.  The plans will see the corporation’s Reality Check series become permanent, backed by a dedicated team targeting false stories or facts being shared widely on social media.  “The BBC can’t edit the internet, but we won’t stand aside either,” Harding said.  “We will fact check the most popular outliers on Facebook, Instagram and other social media.  “We are working with Facebook, in particular, to see how we can be most effective.  Where we see deliberately misleading stories masquerading as news, we’ll publish a Reality Check that says so…”


These don’t all work yet.
Pew Fact Sheets – Evolution of Technology
by Sabrina I. Pacifici on Jan 12, 2017


For my Raspberry Pi geeks: I want the Harry Potter newspaper!
Raspberry Pi roundup: Read all about it, in today’s Daily Prophet online
Appropriately, then, for the first Raspberry Pi roundup after the festive season, we’ve got a copy of the Daily Prophet that does what a wizarding newspaper is supposed to do, thanks to the technical wizardry of Piet Rullens.
Rullens turned a trip to the Harry Potter theme park in Orlando into an attractively designed and authentic-looking Daily Prophet poster, thanks to a cunningly placed Raspberry Pi 3 and some skillful cutting.  An IR distance sensor, when tripped, fires up the screen, which plays a clip of Rullens at the amusement park.


For my students who still have a hard time believing that large companies don’t always show a profit.
Lyft lost $600 million last year, but it's making progress in its ride-hailing war with Uber
Lyft lost $600 million in 2016 in its battle with Uber for ride-hailing dominance, according to leaked financial data obtained by The Information's Amir Efrati.
While that loss seems staggering, things are looking up for Lyft: the $5.5 billion startup generated $700 million in revenue last year, The Information reports.

No comments: