Friday, June 02, 2017

This is not encouraging.  Also, it seems you need to do more than just change your password! 
Password manager OneLogin hacked, exposing sensitive customer data
In a brief blog post, the company's chief security officer Alvaro Hoyos said that it was aware of "unauthorized access to OneLogin data in our US data region," and that it had reached out to customers.
   "OneLogin believes that all customers served by our US data center are affected and customer data was potentially compromised," the email read.
Later in the day, the company said in an update: "Our review has shown that a threat actor obtained access to a set of [Amazon Web Services, or AWS] keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US."
   The company added that although it encrypts "certain sensitive data at rest," it could not rule out the possibility that the hacker "also obtained the ability to decrypt data".
But a spokesperson did not say what kind of data is and isn't encrypted.  We have asked for clarity, and will update when we hear back.
   "Am I the only 1 to find it disturbing OneLogin had a decryption method for customer data accessible enough to be grabbed via breach?" said one user on Twitter.
The company has advised customers to change their passwords, generate new API keys for their services, and create new OAuth tokens -- used for logging into accounts -- as well as to create new security certificates.  The company said that information stored in its Secure Notes feature, used by IT administrators to store sensitive network passwords, can be decrypted.

Ethical hacking: tools & Techniques.
CIA Tool 'Pandemic' Replaces Legitimate Files With Malware
Documents published by WikiLeaks on Thursday describe a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to spread malware on a targeted organization’s network.
The tool, named “Pandemic,” installs a file system filter driver designed to replace legitimate files with a malicious payload when they are accessed remotely via the Server Message Block (SMB) protocol.
What makes Pandemic interesting is the fact that it replaces files on-the-fly, instead of actually modifying them on the device the malware is running on.  By leaving the legitimate file unchanged, attackers make it more difficult for defenders to identify infected systems.

How does this change anything? 
Putin: Patriotic Russians Could Be Behind Election Hacks
Russian President Vladimir Putin says patriotic citizens may have launched politically motivated cyberattacks against foreign countries, but denied any government involvement in such operations.
   Thomas Rid, a professor in the department of War Studies at King's College London, believes the comments made by Putin are strategic.
Putin is a professional.  He knows his intel history.  He likely knows that sooner or later operators will talk, write memoirs; may take years  

Ethical waivers are easier than ethical behavior. 
POGO – White House Releases Ethics Waivers After Battle with OGE
by Sabrina I. Pacifici on Jun 1, 2017
Scott H. Amey, J.D. – General Counsel, POGO: “Late {May 31, 2017], the White House updated its ethics waiver page with a list of 11 named White House staffers, all Executive Office of the President Appointees, White House Office Commissioned Officers, and “Former Jones Day employees” (the law firm that employed Donald F. McGahn II, Counsel to the President, and handled legal matters for the Trump campaign).  The waivers allow the staffers to work on certain matters and policy issues despite conflicts of interest covered by President Trump’s ethics pledge and other laws and regulations.  Until yesterday, the ethics waiver page stated that the “information on this page is being updated. Ethics pledge waivers will be published as they become available.”

Will everyone need a social media account to enter the US?
Trump administration approves tougher visa vetting, including social media checks
The Trump administration has rolled out a new questionnaire for U.S. visa applicants worldwide that asks for social media handles for the last five years and biographical information going back 15 years.

Overtime, increased liability, longer workers comp coverage…  Is this really cheaper? 
Walmart is asking employees to deliver packages on their way home from work
The idea, Walmart executives said Thursday, is to cut costs on the so-called last-mile of deliveries, when packages are driven to customers’ homes, often the most expensive part of the fulfillment process.
   Employees will be paid extra for the voluntary program, and offered overtime pay as necessary to make the deliveries, Walmart spokesman Ravi Jariwala said Thursday.
“Walmart is uniquely qualified, uniquely positioned, to be able to offer this,” he said, adding that 90 percent of Americans live within 10 miles of a Walmart store.
   The company is billing the program as a way for employees to earn extra money, although there were few details on how they would be paid.  Jariwala declined to clarify whether employees would be paid based on distance, time, number of deliveries or a combination of those things.
Labor experts say the arrangement, a mash-up of sorts between an Uber-style gig economy and traditional employment arrangements, raises a number of questions related to employees having to shoulder much of the risk, cost and liability associated with deliveries.
“The practice seems ripe for abuse if the company does not compensate workers for the full cost of their journey, the expenses related to gas, car depreciation, and potential problems like accidents, tickets or parking expenses,” said Stephanie Luce, a labor professor at the City University of New York.

Helping my students understand how analytics can be used.
The NBA’s Adam Silver: How Analytics Is Transforming Basketball
   “Analytics have become front and center with precisely when players are rested, how many minutes they get, who they’re matched up against,” said Silver.
He talked about biometrics and wearables.  “[Analytics] are tracking every movement of those players….  It’s not just that they’re moving on the court during games, but during practice.”  At night, most players wear sleep monitors.  Information about their diets is quantified and recorded.  “Sometimes there are very sophisticated markers, even in terms of saliva and other things,” that indicate a player is fatigued, Silver said.  And because there is a proven correlation between fatigue and injuries, a red flag goes up.
   He contrasted hiring for the NBA with hiring for the average large firm: When a Fortune 500 company makes a hiring decision, the worst-case scenario is the individual needs to be terminated and the company hires someone else.  But in a draft system like the NBA’s, “you live with those mistakes for years.”  Consequently, scouts will take any edge they can get.  “The number of analytics fields they’re looking at now, for example when they’re doing college scouting or drafting internationally, is incredible.”

For the toolkit.
Adobe Rolls Out Free Scanning App For Android And iOS: Adobe Scan Transforms Documents Into Editable PDFs
Software developer Adobe has rolled out Adobe Scan, a new scanning app for iOS and Android devices that transforms documents into searchable and editable PDF files.
Adobe Scan is free

(Related).  And once you have all those PDFs…
Try Kami for Annotating PDFs
Kami is a tool that you can use to draw, type, and highlight on PDFs.  You can import PDFs into Kami from your Google Drive or you can import them from your desktop.  Kami can be integrated with Google Classroom to make it easy to share annotated PDFs with your students and for them to share with you.

No comments: