Tuesday, August 01, 2017
Oh gosh, it’s the old ‘baby monitor’ attack, re-designed for the whole family!
Amazon Echo Could Become an Attacker's Listening Device
The Amazon Echo is an always-listening device designed to play music, answer questions via the Alexa voice service, and control connected home devices such as WeMo, Hive and Nest. Now researchers have demonstrated that while it listens to you, attackers could be listening to you as well.
Mike Barnes, a researcher at MWR Infosecurity, has published details of an attack that can compromise the device while leaving no evidence of tampering. The attack requires physical access, and continues work (PDF) published last year by researchers from The Citadel, The Military College of South Carolina.
… In effect, everything that the Echo hears can now also be heard by attackers without any alteration to the functionality of the Echo or evidence of tampering.
You can fool all the people some of the time…
White House officials tricked by email prankster
A self-described "email prankster" in the UK fooled a number of White House officials into thinking he was other officials, including an episode where he convinced the White House official tasked with cyber security that he was Jared Kushner and received that official's private email address unsolicited.
… Cyber experts consulted by CNN say the incidents are illustrative of how vulnerable Americans -- even those in the highest reaches of power -- remain to the potential threat of spear-phishing, the process through which officials are duped by hackers, and expose government computers and systems to various cyber threats.
Remember, these companies were NOT the target of this attack. This is all collateral damage.
Malware Attack Disrupts Merck's Worldwide Operations
American pharmaceutical giant Merck revealed in its financial results announcement for the second quarter of 2017 that a recent cyberattack has disrupted its worldwide operations, including manufacturing, research and sales.
While Merck has not provided details about the incident in its financial report, the June 27 attack referenced by the company is most likely the NotPetya malware outbreak that affected tens of thousands of systems in more than 65 countries.
… Merck, which was named as one of the victims of the NotPetya attack shortly after the outbreak started, said on Friday that it had yet to fully assess the impact of the disruption. The company said it had still been working on restoring operations and minimizing the effects of the incident.
… Merck is just one of several major companies affected by the NotPetya attack. The list also includes Ukraine's central bank, Russian oil giant Rosneft, UK-based advertising group WPP, Danish shipping giant A.P. Moller-Maersk, and FedEx-owned TNT Express.
FedEx reported last month that it had still been working on restoring systems hit by the destructive malware attack, and admitted that it may not be able to fully restore all affected systems and recover all the critical business data encrypted by NotPetya.
Reckitt Benckiser, the British consumer goods company that makes Nurofen, Dettol and Durex products, said the attack disrupted its ability to manufacture and distribute products. The firm estimated that the incident could have an impact of £100 million ($130 million) on its revenue.
No encryption? Pity.
Hackers Threaten ‘Game of Thrones,’ as HBO Confirms Cyberattack
HBO confirmed on Monday that the network had been the target of a cyberattack, as an anonymous hacker boasted about leaking full episodes of upcoming shows along with written material from next week’s episode of “Game of Thrones.”
In an email to journalists, the hacker or hackers claimed to have obtained 1.5 terabytes of data from HBO, according to Entertainment Weekly, which broke the news
Not really complete, but a place to start.
…and you thought Google was only an online threat.
EPIC has filed a complaint with the FTC asking the Commission to investigate Google’s tracking of in-store purchases. According to EPIC, Google collects billions of credit and debit card transactions and then links that personal data to the activities of Internet users. Google claims that it protects online privacy but refuses to reveal details of the algorithm that “deidentifies” consumers while tracking their purchases. EPIC’s complaint asks the FTC to stop Google’s tracking of in-store purchases and determine whether Google adequately protects consumer privacy. EPIC has filed several successful FTC complaints that led to FTC investigations, including complaints about changes to Facebook’s privacy preferences and the launch of Google Buzz. EPIC has also focused on the adequacy of privacy techniques, with complaints against AskEraser (search histories that are not deleted) and Snapchat (images that do not “vanish”). EPIC’s recent complaint against Google notes that the company is seeking to extend its dominance of online advertising to the physical world.
“Those who do not understand Privacy are willing to deny it to all those ‘second class’ citizens out there.”
UK home secretary Amber Rudd says 'real people' don't need end-to-end encryption
UK home secretary Amber Rudd has called on messaging apps like WhatsApp to ditch end-to-end encryption, arguing that it aids terrorists.
Writing in The Telegraph on Tuesday, the Conservative minister said that "real people" don't need the feature and that tech companies should do more to help the authorities deal with security threats.
… "The inability to gain access to encrypted data in specific and targeted instances ... is right now severely limiting our agencies' ability to stop terrorist attacks and bring criminals to justice."
I find this amusing.
Citing ‘basic physics,’ a judge berated the FAA over shrinking airline seats
… In a fiery ruling on Friday, an appeals court judge in Washington ordered the Federal Aviation Administration to look into it what she called “the Case of the Incredible Shrinking Airline Seat.”
Judge Patricia Millett upbraided the FAA for “vacuous” and “vaporous” evidence that the agency previously used to argue that diminishing leg room was not a problem — or at least not its problem.
… But when it came to emergency evacuations — you know, those things a flight attendant reminds you about before every departure — the court agreed with FlyersRights.org that the “Incredible Shrinking Airline Seat” might be a problem.
The FAA had argued otherwise, the judge wrote, citing studies and internal reviews to contend that seat spacing had no impact on evacuations.
But FAA hadn’t actually shown anyone some of those reports, the judge complained, writing information that “no one can see does not count.” [Exactly what I tell my students! Bob]
I bet I could think of a hundred similar tests. If not, I’ll keep drinking beer until I do! Purely for science, of course.
Can Alcohol Fuel Creativity?
… The study featured 70 young adults between the ages of 19 and 32. They began the experiment by taking one test measuring executive function, and two measuring creative potential
… Upon completion, participants were given beers to drink while they watched a half-hour documentary. For half of them, it was a standard alcoholic beer, while, for the others, it was a non-alcoholic brew of nearly identical taste and color. The subjects were not told which they were drinking. As planned, those who drank the real beer ended up with a blood alcohol concentration of nearly 0.03.
Having quenched their thirst, all participants performed the tests a second time. The key result: Solution rates on the Remote Associates Test were higher among those who had been drinking. There were no significant differences on the Alternative Uses Task.
Even dumb questions can provoke good discussions.