Wednesday, September 13, 2017
For my Digital Forensics students.
New Bluetooth vulnerability can hack a phone in 10 seconds
Security company Armis has found a collection of eight exploits, collectively called BlueBorne, that can allow an attacker access to your phone without touching it. The attack can allow access to computers and phones, as well as IoT devices.
“Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth.
… As you can see from this video, the vector allows the hacker to identify a device, connect to it via Bluetooth, and then begin controlling the screen and apps. It’s not completely secretive, however, because in activating the exploits you “wake up” the device.
Since the DoE budget is over $28 Billion, this is not a big deal.
U.S. Energy Department Invests $20 Million in Cybersecurity
… Nine national laboratories in California, Illinois, Idaho, Tennessee, Washington, Colorado and New Mexico have been selected for a total of 20 projects focusing on protecting energy infrastructure from cyber threats and improving information sharing.
If downloading or installing or using the App is illegal, can the arrests be legal?
Turks detained for using encrypted app 'had human rights breached'
Tens of thousands of Turkish citizens detained or dismissed from their jobs on the basis of downloading an encrypted messaging app have had their human rights breached, a legal opinion published in London has found.
The study, commissioned by opponents of the Turkish president, Recep Tayyip Erdoğan, argues that the arrest of 75,000 suspects primarily because they downloaded the ByLock app is arbitrary and illegal.
… “The evidence that the [ByLock] app was used exclusively by those who were members or supporters of the Gülen movement [is] utterly unconvincing and unsupported by any evidence,” the two barristers say. “There is a great deal of evidence ... which demonstrates that the app was widely available and used in many different countries, some of which had no links to Turkey.”
This is going to have an impact on my students. Do they know how to find similar articles elsewhere?
Google Offers Olive Branch to Publishers by Relaxing Policy on Subscription Sites
Google Inc. is planning to end its "first click free" policy that enables users of its search engine to bypass paywalls on news websites, a move that could help publishers boost subscriptions, News Corp Chief Executive Robert Thomson said Tuesday.
Google for years has encouraged publishers to be part of the program, which allows search users to access a limited amount of content on subscription-based news sites free of charge. Some publishers say the policy has hurt subscription growth and say their sites are penalized in Google's search rankings if they don't participate in the program.
The Wall Street Journal, which is owned by News Corp, opted out of the program this year and saw its traffic from Google search fall 38% last month compared with a year earlier because its stories were demoted in search results, a spokesman said. [Note that this article is similar to the one in the WSJ that popped up on my RSS Feed. Bob]
… Up to now, subscription-based sites that didn't participate in first click free have been disadvantaged in Google's search results, because its algorithm only scanned the portions of articles outside the paywall. Under its new approach, Google's technology will be scanning the full article, despite any paywalls, according to one of the people familiar with the situation.
But would President Trump ever ride in one?
Department Of Transportation Rolls Out New Guidelines For Self-Driving Cars
The Department of Transportation released its revised guidelines on automated driving systems Tuesday, outlining its recommended — but not mandatory — best practices for companies developing self-driving cars. The first such guidelines released under the Trump administration, the Vision for Safety 2.0 scales back some of the recommendations outlined last year under President Obama.
Tesla's Autopilot system is partially to blame for a fatal crash, federal investigators say
The National Transportation Safety Board said Tuesday that aspects of Tesla's Autopilot played a role in a fatal crash involving Joshua Brown, 40, in May 2016.
The NTSB, an independent government investigative agency, met on Tuesday to "determine the probable cause" of the fatal crash last year in Williston, Florida. The board cannot issue recalls or force regulatory changes, but it can make recommendations.
The NTSB said Autopilot played a contributing role in the crash because the system allows drivers to avoid steering or watching the road for long periods. Autopilot was also not designed to be used on the type of road where the crash occurred, the agency said.
… Brown had his hands on the wheel for 25 seconds during the 37 minutes Autopilot was activated, the NTSB wrote in a June report. The Model S displayed a visual asking Brown to hold the steering wheel seven times during the trip, and six of those were followed by auditory warnings, it wrote.
Could be educational or a sleep aide.
NY Appellate Division, First Dept. to Broadcast Oral Arguments in Real Time
by Sabrina I. Pacifici on Sep 12, 2017
“Presiding Justice Rolando T. Acosta announced that effective Tuesday, September 12, 2017, oral argument of cases before the New York State Supreme Court, Appellate Division, First Judicial Department will be broadcast live over the internet. The public may watch the webcasts from most internet connected devices, including smart phones and tablet computers, by visiting the Court’s website at www.nycourts.gov/courts/ad1/index.shtml. Additionally, a digital archive of oral arguments will be made available on the website for on-demand viewing, generally within five business days. Oral arguments will be screened [How can they do this while streaming live? Bob] to prevent the disclosure of confidential information, and such information will not be included in the digital archive…”
Also for my Digital Forensics students.
Network issues suck. When you can’t get online, you likely get frustrated and want to get connected again as soon as you can. We’ve outlined the basic process for diagnosing network problems, and you can be even more prepared for your next outage by knowing how to use native Windows tools and downloading a few third-party utilities.