Thursday, February 16, 2017

If you had poor Computer Security for years, you can expect to find years’ worth of security breaches when you finally take a good hard look!  
Yahoo warning users that hackers forged cookies to access accounts
Yahoo is warning some customers that state-sponsored attackers have accessed their accounts by using a sophisticated cookie forging attack, which doesn't require obtaining user passwords.
   An email from Yahoo forwarded to ZDNet said:
"Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password.  Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account."
   It's not known how many customers are affected, though state-sponsored attacks are typically targeted and are in small numbers.
   Yahoo said that hackers were later able to get access to accounts without needing passwords after stealing the company's source code used to generate cookies.
   Yahoo began sending out emails on Wednesday, as news broke that Verizon, which is buying the web giant, lowered its price for the company by $250 million as a result of the two hacks.

…because it’s not always Russia. 
Iranian Spies Target Saudi Arabia in "Magic Hound" Attacks
A cyber espionage operation linked to Iran and the recent Shamoon 2 attacks has targeted several organizations in the Middle East, particularly in Saudi Arabia.
Researchers at Palo Alto Networks have been monitoring the campaign, which dates back to at least mid-2016.  Dubbed “Magic Hound,” the operation has been aimed at energy, government and technology sector organizations that are located or have an interest in Saudi Arabia.

Grounds for immediate termination?  Surely, they are not defending themselves against the President of the United States? 
GOP demands inquiry into EPA use of encrypted messaging apps
   Federal employees with concerns about the impact of President Donald Trump's administration have turned to encrypted messaging apps, new email addresses and other ways to coordinate their defense strategies, according to a report earlier this month from Politico.
That article and others prompted Rep. Darin LaHood, a Republican from Illinois, and Rep. Lamar Smith, a Republican from Texas, to send a letter to EPA Inspector General Arthur A. Elkins, Jr. asking him to "determine whether it's appropriate to launch a full-scale review" of EPA workers' use of encrypted apps.
   "Over the past few years, we have seen several examples of federal officials' circumventing Federal Records Act requirements and transparency generally," they wrote.  "In this instance, the Committee is concerned that these encrypted and off-the-record communication practices, if true, run afoul of federal record-keeping requirements, leaving information that could be responsive to future Freedom of Information Act (FOIA) and congressional requests unattainable."
   The letter on Wednesday cited a recent review from the EPA inspector general that found between July 1, 2014 and June 30, 2015, only 86 of the 3.1 million text messages sent or received on government-issued devices were preserved and archived as a federal record.

(Related).  Perhaps it’s just because encryption is much more available?

Disruption.  Is the telephone industry doomed? 
Amazon and Google Want to Turn Their Smart Home Speakers Into Telephone Replacements
Both Amazon and Google are working on turning their popular AI-based speaker products into replacements for a home telephone, reports The Wall Street Journal.
The Amazon Echo and/or the Google Home could be used to make and receive phone calls, with the two companies planning to add the updated functionality as soon as this year.
   Google and Amazon are said to be working to overcome concerns about privacy, telecom regulations, and emergency services, plus the "inherent awkwardness" of making phone conversations via a speaker.  The two companies are worried consumers won't want to speak on a device that is able to record conversations.  Both the Echo and the Home continuously record audio to enable AI responses.

Interesting to see software companies trying to lock in car manufacturers.  Who will win the self-driving wars?
Tata Motors drives with Microsoft: Here’s what the deal is about; 10 key points of the tie-up

Reading is good.

No comments: