Wednesday, August 09, 2017

Automating data leaks? 
From the this-can’t-be-good dept., Catalin Cimpanu reports:
Sensitive corporate data from customers protected by Carbon Black endpoint detection and response (EDR) solutions has been found on multiscanner services, according to an investigation by DirectDefense, a provider of managed security strategies.
The shocking data leak has been tied to an API key which DirectDefense claims it belongs to Carbon Black Cb Response, a next-gen anti-malware EDR product.
Read more on Bleeping Computer.
[From the article: 
EDR solutions work by managing lists of whitelisted files and applications.  When EDR products find a new file not included in its database, they upload it to their cloud service, which it would then upload it to a multiscanner service (think VirusTotal).
The EDR cloud would use the aggregated scan result from this multiscanner service to decide if to whitelist or blacklist the file.  The problem is that even if the EDR and multiscanner rename the files using hashes, copies of those files are still saved on the multiscanner service.
Most of these multiscanners work on a pay-for-access model, allowing anyone to access threat intelligence data on past scanned files, and even download copies for further analysis.  This is exactly how DirectDefense found the Carbon Black leak.

This is possible only in countries where more advanced technology has been implemented nation-wide.  
Kenya president takes strong lead in elections but opposition says results hacked
NAIROBI — Kenya’s president, Uhura Kenyatta took what appears to be an unassailable lead in elections, according to preliminary results from Kenya’s election commission, but his opponent on Wednesday called the results fraudulent, raising fears of political violence.
    But the morning after Tuesday’s elections, Odinga called the outcome “a complete fraud,” outlining an elaborate hacking scheme that he said dramatically manipulated the results.  According to Odinga, a hacker used the login information of a top election official, Chris Msando, who was mysteriously murdered last month, to enter the country’s electoral database.
    The hacker, Odinga claimed, “took control of the entire network” and dramatically altered the results.
The electoral commission said it was not prepared to dismiss Odinga’s claim outright.

For my Ethical Hacking students.  …or perhaps a picture of a picture of the accountholder’s eye? 
Bank of America, Samsung pilot iris-scan logins
by on
American Banker – “This month, Bank of America will begin piloting technology from Samsung that lets customers log in to mobile banking by taking a picture of their eye.  The pilot is part of a broader effort to gauge customers’ affinity for various forms of biometric authentication, says Michelle Moore, head of digital banking at Bank of America.  “One thing we know we need to work on with our customers is, even in today’s day and age of digital natives, there are questions about safety and security,” she said.  Biometric solutions are part of the answer.  The bank is studying what other companies are doing, inside and outside the financial industry, and it’s learning what customers want.  Moore says it is not about chasing the next thing.  Introducing new biometrics tools helps to advance the bank in building a digital identity for its customers that will make authentication easy…” 

Almost what I tell my students.  “Your job is to make your organization work better.” 
‘Every Business Is a Digital Business’

When Social Media turns anti-social?
ACLU sues Maine's governor for deleting Facebook comments and blocking users
The American Civil Liberties Union of Maine today announced that it is suing Maine Gov. Paul LePage for deleting comments from his official Facebook page that disagree with his viewpoints.  The lawsuit, filed on behalf of two women who say they’ve had their accounts blocked from further commenting on Gov. LePage’s profile, claim the act is a form of censorship and violates the country’s free speech protections.
   Today’s lawsuit mirrors one filed against President Donald Trump last month, which claims blocking users based on difference of opinion is unconstitutional.  The ACLU also filed a similar lawsuit against Maryland Gov. Larry Hogan and Kentucky Gov. Matt Bevin last week for the same reason as the case against Gov. LePage.

Huge companies and no one knows how to calculate sales tax?  The world continues to provide me with more truly bad examples than I could ever use. 
McDonald's, Walgreens hit with lawsuits over Cook County soda pop tax
Two of the Chicago area's biggest corporate names are being sued over allegedly bungling the rollout of Cook County's new penny-per-ounce sweetened beverage tax, with Walgreens accused of taxing unsweetened beverages and McDonald's accused of essentially taxing the tax.
McDonald's is allegedly adding the beverage tax to the subtotal of orders before calculating other sales taxes, which, in turn, results in overcharging of taxes, according to a lawsuit filed Tuesday in Cook County Circuit Court.  Meanwhile, a Schaumburg resident alleges in a lawsuit filed Friday in Cook County that Walgreens improperly charged the tax on unsweetened sparkling water.

Pew – State of the News Media 2017
by on
“Since 2004, Pew Research Center has issued an annual report on key audience and economic indicators for a variety of sectors within the U.S. news media industry.  These data speak to the shifting ways in which Americans seek out news and information, how news organizations get their revenue, and the resources available to American journalists as they seek to inform the public about important events of the day.  The press is sometimes called the fourth branch of government, but in the U.S., it’s also very much a business – one whose ability to serve the public is dependent on its ability to attract eyeballs and dollars.  Over the years, the Center’s approach to these indicators has evolved along with the industry, carefully considering the metrics, sectors and format in which the data appear.  This year, instead of a single summary report, a series of fact sheets showcasing the most important current and historical data points for each sector – in an easy-to-digest format – will be rolled out a few at a time over the coming months.  Listed here are the 2017 fact sheets released so far, along with links to related reports that provide other angles of analysis about the news media industry.  (State of the News Media reports from 2004-2016 are archived as PDFs and available here.)  Check back in the coming months as the collection below grows – and in the years to come as these fact sheets continue to be updated with the latest data…”

Isn’t it faster to read these?

(Related).  Not sure this is useful.  If I want to read it, I probably don’t care how long it takes me.  If I don’t want to read it, I don’t need this excuse.
   If you’re a slow reader, a short book that you finish quickly might help you feel more motivated than a long book that slows you down.  Likewise, bringing a short book with you on a long trip could leave you with nothing to do.
That’s where How Long to Read comes in. Search for any book, and you’ll see some basic information about it including the title, cover, author, and Amazon price.  The site uses an average reading speed of 300 words per minute (WPM) for its estimates.
But you can make this more personal.  On the right side, you’ll see a brief sample of the book.  Click the Start Reading Speed Timer button below it, then read the sample as you would a book. After finishing the selection at your normal pace, click the Stop button to get your customized reading time.

My students don’t use handwriting to take notes.  If they want to record anything (which they rarely do) they take a picture of the whiteboard or computer screen, or they start their thumbs dancing on their smartphone “keyboards.”

No comments: