Friday, May 26, 2017
Forensics. Perhaps they should ‘wash it’ through Google translate a few times.
Linguistic Analysis Suggests WannaCry Authors Speak Chinese
A linguistic analysis of more than two dozen ransom notes displayed by the WannaCry ransomware suggests that its authors are fluent Chinese speakers and they also appear to know English.
While malware code similarities suggest that WannaCry has been developed by the North Korea-linked threat actor known as Lazarus, some believe the attack does not fit Pyongyang’s style and interests.
Researchers at threat intelligence firm Flashpoint have analyzed 28 WannaCry ransom notes, including ones written in Chinese (both simplified and traditional), Danish, Dutch, English, French, German, Indonesian, Italian, Japanese, Korean, Norwegian, Portuguese, Romanian, Russian, Spanish, Swedish and Turkish.
The linguistic analysis showed that there are significant differences between the notes written in Chinese and the ones written in other languages. Evidence suggests that the Chinese note, which mostly uses proper grammar, punctuation and syntax, was actually written with a Chinese-language keyboard.
… Experts pointed out that the note written in Chinese includes a significant amount of content that is not present in other versions, and they believe it may have served as the source for the English version.
Thousands of Third-Party Library Flaws Put Pacemakers at Risk
Researchers have conducted a detailed analysis of pacemaker systems from four major vendors and discovered many potentially serious vulnerabilities.
The fact that implantable cardiac devices such as pacemakers and defibrillators are vulnerable to hacker attacks has been known for years, and while steps have been taken to address issues, security experts still report finding flaws in these products.
WhiteScope, a company founded by Billy Rios, one of the first security researchers to analyze medical devices, recently conducted an analysis of the implantable cardiac device ecosystem architecture and implementation interdependencies, with a focus on pacemakers.
… Tests conducted on devices acquired from eBay showed that reverse engineering their firmware is made easy by the fact that many of them use commercial, off-the-shelf microprocessors.
… WhiteScope has analyzed four pacemaker programmers and found that they use more than 300 third-party libraries. Of these components, 174 are known to have a total of more than 8,000 vulnerabilities.
“Despite efforts from the FDA to streamline routine cybersecurity updates, all programmers we examined had outdated software with known vulnerabilities,” Rios said in a blog post.
… Another potential problem is the fact that programmers do not require any type of authentication for programming implantable cardiac devices.
Am I aiding and abetting the Streisand Effect? (I certainly hope so.) “Those who do not understand the Streisand Effect are doomed to repeat it?” Worth reading, just to list the errors.
I am really out of patience for people threatening me or my site. Look at this one:
I need to you get rid of an article off of your website: The link is:
[ … ]
If Steffan Dalsgaard didn’t like CYTTA’s press release or their 8-K SEC filing, he had remedies available to him. You threatening my site 2+ years later on his behalf is not among those remedies. If you had additional information to submit as an update or for a correction, you could have submitted it. Instead, you just attempted to intimidate me into removing a post.
So, Daniel, how’s that strategy working out for you and Steffan Dalsgaard so far?
How to get your message out when no one really wants to listen?
Russia's Disinformation Efforts Hit 39 Countries: Researchers
Russia's campaign of cyberespionage and disinformation has targeted hundreds of individuals and organizations from at least 39 countries along with the United Nations and NATO, researchers said Thursday.
A report by the Citizen Lab at the University of Toronto revealed the existence of "a major disinformation and cyber espionage campaign with hundreds of targets in government, industry, military and civil society," lead researcher Ronald Deibert said.
The findings suggest that the cyber attacks on the 2016 presidential campaign of Hillary Clinton -- which US intelligence officials have attributed to Russia -- were just the tip of the iceberg.
Citizen Lab researchers said the espionage has targeted not only government, military and industry targets, but also journalists, academics, opposition figures, and activists.
[I think this is the report they reference: https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
Oh hell yes!
Is Privacy Still a Big Deal Today?
Americans value their privacy, but they are also resigned to giving up their personal data in order to transact with a company. Is there a better way for both sides to get what they want?
Perspective. Amazon is getting into the food market by going brick and mortar?
AmazonFresh Pickup expands to Prime members in Seattle, with automatic license-plate recognition
Amazon is expanding its latest brick-and-mortar retail experiment beyond an internal employee beta today, letting Amazon Prime members order groceries online for pickup during designated windows at two locations in the company’s hometown.
The broader launch of the AmazonFresh Pickup service, in Seattle’s Ballard and SoDo neighborhoods, also brings new details about how the pickup process works. Amazon says in an online FAQ that it “may use license plates to automatically recognize your vehicle when you arrive,” helping the company quickly match arriving customers with their orders. Customers can opt-out of automatic check-in from their settings.
Helping my students see what I’m talking about?
Google launches Data GIF Maker to help storytellers convey information through animations
… GIFs continue to be used for many purposes, which is why Google has launched the Data Gif Maker, a tool aimed at helping journalists and storytellers convey information visually through simple animations.
“Data visualizations are an essential storytelling tool in journalism, and though they are often intricate, they don’t have to be complex,” said Simon Rogers, data editor at the Google News Lab, in a blog post. “In fact, with the growth of mobile devices as a primary method of consuming news, data visualizations can be simple images formatted for the device they appear on.”
… Latvian infographics and data visualization company Infogram offers a slick WYSIWYG editor that converts users’ data into infographics that can be published or embedded anywhere, and it was acquired by Prezi earlier this month.
Other companies are making moves to monetize GIFs, specifically. Last month, Tenor launched a real-time analytics tool designed to educate marketers about using GIFs.
Sounds like a candidate for study. Any grants available?
Marshall Project – New Tool That Could Revolutionize How We Measure Justice
by Sabrina I. Pacifici on May 25, 2017
Beth Schwartzapfel – The Marshall Project: “The enormity of the country’s criminal justice system — 15,000 state and local courts, 18,000 local law enforcement agencies, more than two million prisoners — looks even more daunting when you consider how little we know about what is actually going on in there. Want to know who we prosecute and why? Good luck. Curious about how many people are charged with misdemeanors each year? Can’t tell you. How about how many people reoffend after prison? We don’t really know that, either. In an age when everything is measured — when data determines the television we watch, the clothes we buy and the posts we see on Facebook — the justice system is a disturbing exception. Agencies exist in silos, and their data stays with them. Instead, we make policy based on anecdote, heavily filtered through a political lens. This week the nonprofit Measures for Justice is launching an online tool meant to shine a high beam into these dark corners. It is gathering numbers from key criminal justice players — prosecutors offices, public defenders, courts, probation departments — in each of America’s more than 3,000 counties. Staffers clean the data, assemble it in an apples-to-apples format, use it to answer a standard set of basic questions, and make the results free and easy to access and understand…”