Monday, March 06, 2017
You didn’t think that only the ‘good guys’ made dumb mistakes, did you?
Sometimes you just have to grin when the bad guys screw up, misconfigure their backup, and expose their entire operation to the world. This is one of those times. Chris Vickery of the MacKeeper Security Research team and Steve Ragan of Salted Hash have the mega leak of the year.
This is the story of how River City Media (RCM), Alvin Slocombe, and Matt Ferris, accidentally exposed their entire operation to the public after failing to properly configure their Rsync backups.
The data from this well-known, but slippery spamming operation, was discovered by Chris Vickery, a security researcher for MacKeeper and shared with Salted Hash, Spamhaus, as well as relevant law enforcement agencies.
While security practitioners are familiar with spammers and their methods, this story afforded Salted Hash with a rare opportunity to look behind the curtain and view their day-to-day operations.
Grab your coffee and read their coverage on MacKeeper and Salted Hash while I try to wake up more. Why should you read it, you wonder? Because you or someone in your family is probably affected. As Chris explains:
The situation presents a tangible threat to online privacy and security as it involves a database of 1.4 billion email accounts combined with real names, user IP addresses, and often physical address. Chances are that you, or at least someone you know, is affected.
"The Capitalists will sell us the rope with which we will hang them." Vladimir Ilyich Lenin Was that the start of the Russian kleptocracy?
Michael Riley reports:
Russian hackers are targeting U.S. progressive groups in a new wave of attacks, scouring the organizations’ emails for embarrassing details and attempting to extract hush money, according to two people familiar with probes being conducted by the FBI and private security firms.
At least a dozen groups have faced extortion attempts since the U.S. presidential election, said the people, who provided broad outlines of the campaign. The ransom demands are accompanied by samples of sensitive data in the hackers’ possession.
Read more on Bloomberg.
Dang! I hope they don’t find the others…
Bug Bounty Hunter exposes glitch in Uber that let users ride for free
Bengaluru-based Anand Prakash, a web applications security expert and a bug bounty hunter discovered a glitch in Uber’s payment system which could have been used to get unlimited rides. The bug has been fixed now by Uber’s security team but the white hat hacker lays it all on his blog.
[Anand’s blog: http://www.anandpraka.sh/
Because it is better to have a tool to find perpetrators than to let them know how the FBI does it? Either way, this means jobs for my Ethical Hacking students.
To keep Tor hack source code secret, DOJ dismisses child porn case
Rather than share the now-classified technological means that investigators used to locate a child porn suspect, federal prosecutors in Washington state have dropped all charges against a man accused of accessing Playpen, a notorious and now-shuttered website.
The case, United States v. Jay Michaud, is one of nearly 200 cases nationwide that have raised new questions about the appropriate limitations on the government’s ability to hack criminal suspects. Michaud marks just the second time that prosecutors have asked that case be dismissed.
… The DOJ has called this exploit a "network investigative technique," (NIT) while many security experts have dubbed it as "malware."
Defense attorneys have attempted to gain access to some, if not all, of the NIT’s source code as part of the criminal discovery process. In a related case prosecuted in New York, an FBI search warrant affidavit described both the types of child pornography available to Playpen’s 150,000 members and the NIT’s capabilities.
Last year, US District Judge Robert Bryan ordered the government to hand over the NIT's source code in Michaud. Since that May 2016 order, the government has classified the source code itself, thwarting efforts for criminal discovery in more than 100 Playpen-related cases that remain pending.
… However, some legal experts have argued that such "lawful hacking" is an appropriate way for the government to combat the so-called "going dark" problem—the widespread use of sophisticated anti-surveillance tools, such as Tor and other forms of encryption that stymie traditional law enforcement.
A carrot to match the VX nerve gas stick? Is the North finally crumbling?
Hoping to Lure High-Level Defectors, South Korea Increases Rewards
SEOUL, South Korea — South Korea said on Sunday that it would quadruple the cash reward it provides for North Korean defectors arriving with sensitive information to 1 billion won, or $860,000, in an effort to encourage more elite members from the North to flee.
(Related). A flurry before crashing?
North Korea launches more missiles; 3 land in Japanese waters
TOKYO — North Korea launched four missiles Monday morning, a provocative barrage that coincided both with joint U.S.-South Korean military exercises on the southern half of the peninsula and with the opening of the annual National People’s Congress in China.
… “Every year this time, they try to do something to defy the exercises,” said Bruce Bennett, a North Korea expert at the Rand Corp. in California. “This time, I think they’re also interested in making a statement to the Chinese and to let Beijing know this coal ban is going to hurt,” he said, referring to Beijing’s decision last month to stop importing coal from North Korea, cutting off a major economic lifeline.
… China expressed its dismay over the launch, with a Foreign Ministry spokeswoman saying it “opposes” launches that undermine U.N. resolutions. Russia, meanwhile, was more blunt, describing itself as “seriously worried” about the launches which raise tensions in the region.
Those who don’t study history are doom to have an AI do it for them? Will reliance on AI always result in making the right decisions?
Kensho's AI For Investors Just Got Valued At Over $500 Million In Funding Round From Wall Street
When the United Kingdom voted to leave the European Union in June, ultimately tanking the British pound, traders with access to Cambridge, Massachusetts-based artificial intelligence platform Kensho had a special advantage.
With a few keystrokes on Kensho's AI-powered platform, traders quickly combed through an intelligence-grade database [What does than mean? Bob] of information and in seconds learned that populist votes such as Brexit historically led to an extended drop in the local currency, washing out any short-term recovery. That's exactly what happened in the days and months after Brexit. The pound plunged to three-decade lows in July, sinking to $1.28 versus the dollar, before rallying slightly to $1.33. The currency has been in a slump since then and currently sits at $1.24. It was one of the biggest trades in currency markets since billionaire George Soros broke the Bank of England in 1992.
Perspective. Worth reading.
Will Democracy Survive Big Data and Artificial Intelligence?
The digital revolution is in full swing. How will it change our world? The amount of data we produce doubles every year. In other words: in 2016 we produced as much data as in the entire history of humankind through 2015. Every minute we produce hundreds of thousands of Google searches and Facebook posts. These contain information that reveals how we think and feel. Soon, the things around us, possibly even our clothing, also will be connected with the Internet. It is estimated that in 10 years’ time there will be 150 billion networked measuring sensors, 20 times more than people on Earth. Then, the amount of data will double every 12 hours
A geeky future! I wonder if I can finally get a Jaguar XKE body with modern Ford running gear?
Ford Starts Pilot Testing Stratasys Infinite Build 3D Printer
… Stratasys, one of the leading manufacturers of additive manufacturing systems has developed a means to build parts that theoretically have no size limit. They use a combination of industrial robots and a print-head that extrudes the material in a way that is somewhat similar to the desktop Makerbot printers that it also produces.
… For its infinite build system, Stratasys uses containers of micropellets rather than a continuous filament in a process known as fused deposition modeling (FDM). The FDM process still builds up layers of material like other systems, but because the robot head can move and rotate in 3 dimensions, the layers don’t have to be flat slices. This enables the production of more complex shapes and potentially the optimizing the layout of the layers to maximize properties like the strength while reducing weight.
Or, I could just ask my students.
We’ve lost empathy and critical thinking. We no longer try to understand things from the perspectives of others. Instead, we’re quick to demonize dissenters. We don’t want thoughtful discourse. We want to be right and we want everyone else to agree.
But that’s not how life works. Most issues are complex, so much so that black-and-white answers are often disingenuous at best and outright harmful at worst, which is why ProCon is such an important website for us today.
Helping my students get rich.
Y Combinator opens registration for its free Startup School online course
Y Combinator is making its Startup School event available to more people in the form of a massively open online course (MOOC). Starting today, you can register for a spot to watch the various industry leaders and entrepreneurs that the startup program has lined up to guest lecture during this 10-week course. Participants will also receive access to a Slack-powered community so they can converse with their classmates.
As for the final exam, participants will be invited to present what they’ve built to the entire class in what is essentially a pseudo Demo Day. The best part is that Y Combinator is giving this all away for free.
For my students.
IBM's online quantum machine gets faster
The machine, based in New York, has been available via the internet since May last year.
… While the system it has made publicly available is currently only as powerful as a standard laptop, it is an important first step, said IBM scientist Dr Jerry Chow.
"It is about growing an eco-system of users, developing a community that can grow and define the software that will run it," he explained.
He added that the system now includes an interface which allows programmers to launch instructions for the machine using traditional programming languages.
… Most agree that when quantum computing hits 50 qubits - more powerful than the most powerful supercomputers currently available - that will be something of a magic number.
IBM's quantum computer will now offer simulation of 20 qubits, up from its original five.
"Classical computers are extraordinarily powerful and will continue to advance and underpin everything we do in business and society," said Tom Rosamilia, senior vice president of IBM Systems.
"But there are many problems that will never be penetrated by a classical computer. To create knowledge from much greater depths of complexity, we need a quantum computer."
Just for me and my minions.
Need some mock data to test your app?
Mockaroo lets you generate up to 1,000 rows of realistic test data in CSV, JSON, SQL, and Excel formats.