Friday, June 16, 2017
For my Ethical Hacking students. We need to examine, secure, and hack every link in the chain.
WikiLeaks Reveals How the CIA Could Hack Your Router
Your Wi-Fi router, sitting in the corner of your home accumulating dust and unpatched security flaws, provides an attractive target for hackers. Including, according to a new WikiLeaks release, the CIA.
On Thursday, WikiLeaks published a detailed a set of descriptions and documentation for the CIA's router-hacking toolkit. It's the latest drip in the months-long trickle of secret CIA files it's called Vault7, and it hints at how the agency leverages vulnerabilities in common routers sold by companies including D-Link and Linksys. The techniques range from hacking network passwords to rewriting device firmware to remotely monitor the traffic that flows across a target's network. After reading up on them, you may find yourself itching to update your own long-neglected access point.
A Security heads-up.
Industrial Companies Targeted by Nigerian Cybercriminals
Industrial companies from around the world have been targeted in phishing attacks believed to have been launched by cybercriminals located in Nigeria, Kaspersky Lab reported on Thursday.
In October 2016, Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT) noticed a significant increase in malware infection attempts aimed at industrial organizations in the metallurgy, construction, electric power, engineering and other sectors. The security firm had observed attacks against 500 organizations in more than 50 countries.
The attacks started with spear phishing emails carrying documents set up to exploit an Office vulnerability (CVE-2015-1641) patched by Microsoft in April 2015. The phishing messages were well written and they purported to come from the victim’s suppliers, customers, or delivery services.
For my Software Assurance students.
EFF Tips, Tools and How-tos for Safer Online Communications
by Sabrina I. Pacifici on Jun 15, 2017
“Modern technology has given those in power new abilities to eavesdrop and collect data on innocent people. Surveillance Self-Defense is EFF’s guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices. Select an article from our index to learn about a tool or issue, or check out one of our playlists to take a guided tour through a new set of skills.”
The value of privacy?
Jordan Parker reports:
Hundreds of Nova Scotian hospital patients may get to share a $1-million settlement in a case involving breaches of their privacy.
Halifax’s Wagners Law Firm has reached a proposed settlement with a former provincial health authority and if it’s approved will offer $1,000 each to nearly 700 plaintiffs they represent in a class-action lawsuit.
In 2012, the South West Nova District Health Authority sent letters to 700 people, telling them an employee had “inappropriately” accessed their health information, according to a Wagners news release.
Read more on The Chronicle Herald.
The cost of delay. Much detail omitted…
There’s a follow-up to an incident reported by DataBreaches.net in January and February involving CoPilot Provider Services. As I had reported in January, CoPilot took more than one year to notify individuals of a breach involving their web site, and would not answer any questions as to why it took so long. As I subsequently reported in February, the incident may not have been as the firm first described it, and OCR was reportedly investigating. Whether HHS/OCR had any authority, however, was unclear, as the firm disputed that it was a covered entity or business associate.
HIPAA aside, the company apparently violated NYS law in terms of protecting data and making prompt notification. Today, NYS Attorney General announced a settlement with the firm:
CoPilot has agreed to pay $130,000 in penalties and to improve its notification and legal compliance program.
Note that the press release does not indicate that law enforcement ever found the suspect employee at fault.
Nor is the incident up on HHS’s breach tool.
DataBreaches.net is attempting to get updated information on this case.
Even the big boys make mistakes.
Olivia Solon reports:
Facebook put the safety of its content moderators at risk after inadvertently exposing their personal details to suspected terrorist users of the social network, the Guardian has learned.
The security lapse affected more than 1,000 workers across 22 departments at Facebook who used the company’s moderation software to review and remove inappropriate content from the platform, including sexual material, hate speech and terrorist propaganda.
A bug in the software, discovered late last year, resulted in the personal profiles of content moderators automatically appearing as notifications in the activity log of the Facebook groups whose administrators were removed from the platform for breaching the terms of service. The personal details of Facebook moderators were then viewable to the remaining admins of the group.
Read more on The Guardian.
Don’t push those money grubbing ‘features’ too hard.
Canada rules that all new cellphones must be unlocked
Canadians pay some of the highest wireless rates of any G7 nation, and to add insult to injury, they often have to shell out $50 or more to unlock cellphones when switching operators. However, the nation's wireless regulator, the CRTC, has now ordered carriers to unlock devices for free and decreed that all new smartphones must be sold unlocked. The move was prompted by excoriating public criticism on unlocking fees after the CRTC requested comment on new wireless rules.
Big companies, big fines.
REPORT: Europe plans to hit Google with a €1 billion-plus fine over its shopping tool
The European Commission may hit Google with a record fine of over €1 billion (£874 million) over antitrust issues, according to a report from The Financial Times.
The European institution has accused the Californian technology giant of promoting its own shopping service in its search results over those of its competitors, alongside two other antitrust investigations: One over Android, its mobile operating system, and another relating to its online search advertising business.
Unexpected? Will they talk to us?
An Artificial Intelligence Developed Its Own Non-Human Language
A buried line in a new Facebook report about chatbots’ conversations with one another offers a remarkable glimpse at the future of language.
In the report, researchers at the Facebook Artificial Intelligence Research lab describe using machine learning to train their “dialog agents” to negotiate. (And it turns out bots are actually quite good at dealmaking.) At one point, the researchers write, they had to tweak one of their models because otherwise the bot-to-bot conversation “led to divergence from human language as the agents developed their own language for negotiating.”
An extreme use of texting? But manslaughter? What if they had been in different states? Or if the victim had been an adult and the girl a minor?
Judge faces legal quagmire in teen texting suicide trial of Michelle Carter; verdict to be announced Friday
… A juvenile court judge now finds himself at the center of a legal quagmire: Should he set a legal precedent in Massachusetts by convicting Carter of manslaughter for encouraging Roy to take his own life through dozens of text messages? Or should he acquit her and risk sending a message that Carter’s behavior was less than criminal?
… Carter is accused of involuntary manslaughter, a charge that can be brought in Massachusetts when someone causes the death of another person when engaging in reckless or wanton conduct that creates a high degree of likelihood of substantial harm.
… Daniel Medwed, a law professor at Northeastern University, said the judge has a difficult task in determining whether Carter’s actions rise to the level of manslaughter. There is no Massachusetts law against encouraging someone to kill themselves. Medwed said the judge could consider Carter “morally blameworthy,” but “moral blame doesn’t always equal legal accountability. ”
Martin Healy, chief legal counsel of the Massachusetts Bar Association, said the case also presents some novel issues of law on the use of cellphones and text messages. Carter was not with Roy when he killed himself, but she was talking on the phone with him as his truck filled with carbon monoxide.
Amazon Is Buying Whole Foods For $13.7 Billion
… For Amazon, the acquisition suddenly gives them a sprawling brick-and-mortar presence and access to well-heeled consumers. The company has been experimenting with groceries, primarily through its AmazonFresh delivery program, but this deal makes clear the size of its ambitions.
I find this hard to believe. (correlation does not imply causation). Does this also apply to non-coders?
Developers Who Use Spaces Make More Money Than Those Who Use Tabs
Do you use tabs or spaces for code indentation?
This is a bit of a “holy war” among software developers; one that’s been the subject of many debates and in-jokes. I use spaces, but I never thought it was particularly important. But today we’re releasing the raw data behind the Stack Overflow 2017 Developer Survey, and some analysis suggests this choice matters more than I expected.
Perhaps a different “private” company? The Godfather would never fail to pay.
Powerball, Mega Millions may be victims of Illinois budget impasse, lottery officials say
Lottery players will not be able to purchase Powerball or Mega Millions tickets in Illinois after the end of this month unless the ongoing state budget impasse is resolved, lottery officials said Thursday.
… It is the latest black eye for the beleaguered state lottery, which has garnered headlines in recent years for failing to pay its winners, and for the way it was run under the first private management agreement in the nation.
In a series of stories published over the past six months, the Tribune found the company tasked with running the lottery — Northstar Lottery Group — failed to award more than 40 percent of the grand prizes in its biggest instant ticket games, sometimes ending games before any top prizes were claimed.
Perspective. Cable isn’t dead yet, but my students don’t subscribe.
Netflix Is Now Bigger Than Cable TV
Netflix has, for the first time, surpassed cable in total subscribers according to Leichtman Research. US cable companies have 48.61 million subscribers while Netflix has just hit 50.85 million. The numbers don't count minor cable networks, which could in themselves amount to 5% of total cable customers.
Perspective. How important (valuable) are games?
Tencent Eyeing $3 Billion Bid for Angry Birds Maker Rovio, Reports The Information
The surprising number of American adults who think chocolate milk comes from brown cows
Seven percent of all American adults believe that chocolate milk comes from brown cows, according to a nationally representative online survey commissioned by the Innovation Center of U.S. Dairy.
Add this to your toolbox when available!
Backup and Sync Will Automatically Save Your Desktop Files
Backup and Sync is a new service coming soon from Google. On June 28th you will be able to install Backup and Sync on your Mac or Windows computer. The service will let you have your desktop files or other folder files automatically backed up to your Google Drive account. You've always been able to quickly move files from your desktop to Google Drive through Drive desktop clients, but Backup and Sync will let you streamline that process.
A tool for e-textbooks?
Owl Eyes - Guide Students Through Classic Literature
Owl Eyes is a free tool that provides teachers with a good way to provide students with guidance while they are reading classic literature. Owl Eyes provides teachers with tools to insert annotations and questions into classic literature. Students can see the annotations and questions that their teachers add to the digital text. Teachers have the option to create online classrooms through which they can monitor their students' progress through a text and view their students' annotations and answers to questions. The texts available through Owl Eyes are mostly classic works that are in the public domain.
[Also check their library: https://www.owleyes.org/text
Sic semper PowerPoint!