Flaws in Bosch Car Dongle Allow Hackers to Stop Engine
Vulnerabilities found by
researchers in Bosch’s Drivelog Connect product can be exploited by hackers to
inject malicious messages into a vehicle’s CAN bus. The vendor has implemented some fixes and is
working on adding more attack protections.
Bosch’s Drivelog Connect is a service that provides
information about the condition of a vehicle, including potential defects,
service deadlines, and data on fuel consumption and driving behavior. The product includes a dongle called Drivelog
Connector, which is connected to the car’s OBD2 diagnostics interface, and a
mobile application that communicates with the dongle via Bluetooth.
Researchers at automotive cybersecurity firm Argus have
identified some potentially serious vulnerabilities
in the communications between the mobile app and the dongle.
“Why” might be an interesting question. Has the risk doubled? Has ISIS (et. al.) doubled in size?
Microsoft says U.S. more than doubled its FISA requests
Microsoft said on Thursday it had received at least a
thousand surveillance requests from the U.S. government that sought user content
for foreign intelligence purposes during the first half of 2016.
(Related). Do we
assume schoolchildren are terrorists? Do
schools really want to assume the liability for missing something (like a
suicide note) on the student’s phone?
Nick Cahill reports:
Hampered by widespread resistance
from civil rights groups, backers of a bill that
would allow California teachers and principals to search students’ cellphones
pulled their proposal Wednesday.
Brought by the Association of
California School Administrators, Assembly
Bill 165 seeks to exempt students from recently enacted digital privacy
protections against warrantless cellphone and electronic device searches. Critics warned the bill could “sledgehammer”
the Fourth Amendment and open up millions of K-12 students to unfettered school
and government searches.
“This bill has massive
ramifications to the privacy of 6 million students and families,” said Nicole
Ozer, of the American Civil Liberties Union of California.
Read more on Courthouse
News.
Perspective on one industry?
Protenus has
released their Breach
Barometer report for March. The
report is based on 39 incidents that reportedly affected 1,519,521
patients’ records.
As noted in recent months, we’ve reached that unhappy stage
where we are seeing an average of one or
more breach disclosures every day. If this just represented greater transparency,
that would be great, but it may also represent an increase in the number of
breaches.
On a positive note: almost all of the entities for whom we
had date of breach or discovery and date of report reported their breaches
within 60 days from date of discovery. Protenus
understandably wonders whether that could indicate that a recent $475,000
settlement between HHS and Presence Health over late notification might be
getting entities more calendar-conscious.
Some breaches are still taking too long to discover,
however, as three breaches that were first
disclosed in March had gone undetected for more than one year. Two of those three incidents involved
insider-wrongdoing.
As in past months, insider breaches represented a significant
percentage (44%) of all reported incidents, but did not account for the bulk of
breached records. As we have seen
before, hacking accounted for a smaller percentage of incidents but a larger
percentage of breached records. This
month, there were 11 reports to HHS submitted as “Hacking/IT incidents.” Four of those entities specifically
described their hacking incidents as ransomware incidents in their
notifications. A fifth entity declined
to answer the question of whether their incident involved ransomware. Several other entities reported “hacking”
incidents, but did not respond to inquiries from this site requesting more
information.
Who defines the targets?
Would the US, France, and Russia agree on what is fake?
Facebook Is Cracking Down on Thousands of Fake Accounts in
France
Facebook said on Thursday it is taking action against tens
of thousands of fake accounts in France as the social network giant seeks to
demonstrate it is doing more to halt the spread of spam as well as fake news,
hoaxes and misinformation.
The Silicon Valley-based company is under
intense pressure as governments across Europe threaten new laws unless Facebook
moves quickly to remove extremist propaganda or other content illegal
under existing regulation.
Social media sites including Twitter, Google's YouTube,
and Facebook also are under scrutiny for their potential to be used to
manipulate voters in national elections set to take place in France and Germany
in coming months.
In a blog post, Facebook said it was
taking action against 30,000 fake accounts in France, deleting them in some,
but not all, cases. It said its priority
was to remove fake accounts with high volumes of posting activity and the
biggest audiences. [Fake accounts have real audiences?
Bob]
… For example, the
company said it is using automated detection to identify repeated posting of
the same content or an increase in messages sent by such profiles.
Automating your protest?
What if this App is downloaded a million times?
This Chrome extension blocks United Airlines from flight
searches
United Airlines has been the topic of a pretty steady stream
of bad press. Following a viral video
of a man forcibly removed from a United Airlines flight, somehow someone got stung by a scorpion on a United flight, and today
DropUnited launched.
DropUnited
is a Chrome extension that removes
United Airlines flights from your flight searches.
Should I remove my doorbell?
Orin Kerr writes:
In Florida v. Jardines
(2013), the U.S. Supreme Court held that a front porch is a Fourth Amendment
protected area but that there is an “implied license” allowing the police to
walk up to the front door and knock in at least some cases. If the police are just coming to talk to the
homeowner, the court concluded, that’s within the implied license and no Fourth
Amendment search occurs. Homeowners
implicitly consent to people coming to knock on the door and talk to them; that’s why they have doorbells. On the other hand, if the police are bringing
a drug sniffing dog to smell for drugs, that is outside the implied license. People don’t implicitly consent to people
coming to search them, and bringing a drug-sniffing dog to the front porch is a
clear objective sign that the officers intend to search them. Coming to the front porch with a drug-sniffing
dog is therefore a search, and the police ordinarily can’t do that without a
warrant.
Now consider this question: How
does Jardines apply when properties have “no trespassing” signs
posted?
Read more on The
Volokh Conspiracy.
Soon, everyone will have access to AI?
The Democratization of Machine Learning: What It Means for
Tech Innovation
… The
democratization of ML gives individuals and startups a chance to get their
ideas off the ground and prove their concepts before raising the funds needed
to scale.
But access to data is only one way in which ML is being
democratized. There is an effort
underway to standardize and improve access across all layers of the machine
learning stack, including specialized chipsets, scalable computing platforms,
software frameworks, tools and ML algorithms.
(Related). Something
for my Computer Security students to ponder.
Cognitive computing and artificial
intelligence (AI) are spawning what many are calling a new type of
industrial revolution. While both
technologies refer to the same process, there is a slight nuance to each. To be specific, cognitive uses a suite of many
technologies that are designed to augment the cognitive capabilities of a human
mind. A cognitive system can perceive
and infer, reason and learn. We’re
defining AI here as a broad term that loosely refers to computers that can
perform tasks that once required human intelligence. Because these systems can be trained to
analyze and understand natural language, mimic human reasoning processes, and
make decisions, businesses are increasingly deploying them to automate routine
activities. From self-driving cars to
drones to automated business operations, this technology has the potential to
enhance productivity, direct human talent on critical issues, accelerate
innovation, and lower operating costs.
Yet, like any technology that is not properly managed and
protected, cognitive systems that use humanoid robots and avatars — and less
human labor — can also pose immense cybersecurity vulnerabilities for
businesses, compromising their operations.
Another billion dollar company none of my students have
ever heard of…
Yext Joins $1B Club With Successful IPO, Continuing
Software's Hot Market Run
Yext wasn't quite a unicorn as a private software company.
After its first day trading on the New
York Stock Exchange, it's even better: a $1 billion public one instead.
… Yext is betting
that it can become the leader in what its chief executive calls, somewhat
grandly, "digital knowledge management." With micro-services booming to help us find
the answers to questions from where to eat, how to find the right expert for a
problem or when a business opens, Yext wants to be the layer of common
information that ensures a business's correct information is conveyed the same
across Google, a phone app or over Siri and Alexa.
I find this interesting.
How Tight-knit and Individualistic Communities Adopt New
Technologies Differently
… Sometimes
tight-knit groups have an advantage; other times, they are actually at a
disadvantage. The difference comes down
to the type of technology being spread. Is
it a “low threshold” technology that is valuable even without a large number of
adopters, such as computers or agricultural innovations, or is it “high
threshold,” like a messaging app, which needs lots of adopters at once?
… In Mexico, which
consists of highly cohesive communities, 78 percent of the population used
instant messaging apps in 2013 compared with just 23 percent of the U.S.
population, which is ranked as one of the most individualistic societies.
Think this is boring?
Search for “Trump.”
DATO Capital – Database of private companies and directors
by Sabrina
I. Pacifici on Apr 13, 2017
Something to get my students outside.
Explore National Parks for Free In Person or Online
Entry to national parks in the United States is free each of the next two weekends. If there is a national park near you, go out
and explore. Bring your phone to take
some pictures. Otherwise put it down and
take in the experience. Better yet, skip
the phone all together and use a good old camera to take some pictures.
If there aren't any national parks near you, you can still
explore them through some nice online resources. National Parks virtual tours are available in
the Google Arts & Culture apps for Android and iOS. If you have VR headsets available to you, take
a look at Google Expeditions virtual tours of the "hidden
treasures" of National Parks.
Interesting! Want
to share new technology? $0.00 Want to
complain about your grade? $99.99 (and
the answer will still be NO)
… “We think
money is a good proxy of saying ‘I really want to reach you’,” says Gupta. Users set their own pricing for receiving
messages (think something like $.50 or $1). They also set what topics they’re interested
in hearing about. Messages about things
you’re interested in are free for other users to send. If someone wants to message you about
something else, they’ll have to pay. Money
only exchanges hands when you respond. You can take the cash for yourself, or choose
to have it go directly to a charity like the ACLU or code.org.
You can also cap your inbox for the
week, so you only receive 10 messages instead of 50.
No comments:
Post a Comment