Tuesday, May 30, 2017
Interesting implications. Suggests governments are relying on ‘computer reading’ of intercepted communication rather than human reading of the website.
Wikipedia’s Switch to HTTPS Has Successfully Fought Government Censorship
… Determining how to prevent these acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption.
… when you try to connect to a website using HTTPS, your browser will first ask the web server to identify itself. Then the server will send its unique public key which is used by the browser to create and encrypt a session key. This session key is then sent back to the server which it decrypts with its private key. Now all data sent between the browser and server is encrypted for the remainder of the session.
In short, HTTPS prevents governments and others from seeing the specific page users are visiting.
Did they think hackers would not notice?
Synaptics warns that fingerprint spoofing makes laptops vulnerable
… Synaptics, which makes fingerprint identification sensors and touchpad technology, earlier this month issued a warning that some computer makers, seeking to save about 25 cents per machine, have chosen to use insecure smartphone fingerprint sensors instead of more secure laptop sensors, said Godfrey Cheng, vice president of product for the Santa Clara, Calif.-based company, in an interview with VentureBeat.
“Fingerprint identification has taken off because it is secure and convenient when it’s done right,” he said. “When it’s not secure all of the way through, then that’s an exposure that an attacker can exploit.”
The smartphone fingerprint sensors typically use unencrypted methods to store and send the fingerprint to a central processing unit (CPU) for processing. That makes the data vulnerable to snooping software and other hacks. Synaptics sensors, by contrast, use encryption and a secondary host processor to do the recognition work.
This sounds like a consulting service waiting to be organized and monetized.
India's Ethical Hackers Rewarded Abroad, Ignored at Home
Kanishk Sajnani did not receive so much as a thank you from a major Indian airline when he contacted them with alarming news -- he had hacked their website and could book flights anywhere in the world for free.
It was a familiar tale for India's army of "ethical hackers", who earn millions protecting foreign corporations and global tech giants from cyber attacks but are largely ignored at home, their skills and altruism misunderstood or distrusted.
India produces more ethical hackers -- those who break into computer networks to expose, rather than exploit, weaknesses -- than anywhere else in the world.
The latest data from BugCrowd, a global hacking network, showed Indians raked in the most "bug bounties" -- rewards for red-flagging security loopholes.
Facebook, which has long tapped hacker talent, paid more to Indian researchers in the first half of 2016 than any other researchers.
Indians outnumbered all other bug hunters on HackerOne, another registry of around 100,000 hackers.
I hope so. As I get older, I find myself saying “I forget” more and more. At least I think I do, I can’t remember.
David Kravets reports:
On May 30, two suspects accused of extorting the so-called “Queen of Snapchat” as part of a sex-tape scandal are scheduled to appear in a Florida court. But as wild as the premise sounds, primarily the accused need only to answer a simple question on this visit. Miami-Dade Circuit Judge Charles Johnson wants an explanation as to why Hencha Voigt and her then boyfriend, Wesley Victor, can’t remember the passcodes to their mobile phones.
If he doesn’t believe them or if they remain silent, the two suspects face possible contempt charges and indefinite jail time for refusing a court order to unlock their phones so prosecutors can examine text messages. Their defense to that order, however, rests on an unsettled area of law. Voigt and Victor maintain that a court order requiring them to unlock an encrypted device is a breach of the Fifth Amendment right to be free from compelled self-incrimination.
If things don’t go their way in court Tuesday, the duo certainly wouldn’t be the first ones ordered to prison for failing to abide by a judge’s decryption order. They likely won’t be the last ones, either.
Read more on Ars Technica.
A simple tool Mr. Anonymous never considered, because it didn’t exist 32+ years ago.
As the debate about re-identification of “anonymized” data rages on, this story may be of interest:
A Dutch woman has managed to trace her donor father using commercial dna banks in the US, the Volkskrant reports on Tuesday. Emi Stikkelman, 32, sent three dna samples to dna banks, where a match was found with an Australian woman. Together with family history researcher Els Leijs, she was able to put together a family tree and finally identify her biological father. Normal dna banks use 20 key markers but commercial agencies can use thousands, allowing them to cast a much wider net of potential relatives, the paper said. Leijs uses commercial data banks such as Family Tree, Ancestry and 23andMe which are particularly popular in the US and have been set up to allow people to trace their heritage. ‘Almost all Americans have roots outside the US, in Europe and Africa,’ she said.
Read more on DutchNews.nl.
Think back to 2007. A young U.S. senator named Barack Obama announced his candidacy for president. The housing bubble started to burst. Apple released the first iPhone.
It wasn’t long ago and, yet, in technology terms, it’s almost an eternity — ride- or hotel-sharing companies didn’t exist yet and the first generation of social media platforms were just hitting the mainstream. So much has changed since then. We’ve seen it here at PwC, as well. During the past decade, we surveyed the leaders at the world’s largest companies annually through our Global Digital IQ Survey, tracking their evolving sentiments, priorities, and challenges of how they’re using technology to transform their own businesses.
… So one would expect that today’s companies have a much better Digital IQ than they did way back in 2007, right? The answer, surprisingly, is no.
Our latest survey, which polled 2,216 executives at companies with annual revenue of more than $500 million, found executives’ confidence in their organization’s digital abilities is actually at the lowest it has been since we started tracking. Just 52% of executives rated their Digital IQ as strong, down 15% from the year before.
Job search tools.
For the Computer Security toolkit. Detect phishing links.
For the research toolkit?
Is there a ‘classroom’ version? I think that’s what my students have…