Designed to be hacked?
T-Mobile
website bug let hackers steal data with a phone number
Up until last week, a T-Mobile
website had a serious security hole that let hackers access user's
email addresses, accounts and a phone's IMSI network code, according
to a report from Motherboard.
Attackers only needed your
phone number to obtain the information, which could be
used in social engineering attacks to commandeer your line, or worse.
The security research who discovered the hole,
Karan Saini from startup Secure7, notes that anyone could have run a
script to scrape the data of all 76 million T-Mobile users and create
a searchable database.
… T-Mobile said in a statement that "we
were alerted to an issue that we investigated and fully resolved in
less than 24 hours. There is no indication that it was shared more
broadly."
… However, an anonymous hacker disputes
T-Mobile's claim that the bug wasn't shared broadly, telling
Motherboard that "a bunch of SIM swapping kids had [the
hack] and used it for quite a while." They could have exploited
the data to "socially engineer," or basically con, T-Mobile
technicians into handing over replacement SIMs by pretending they're
the owners of the line. Motherboard also discovered a
YouTube video
dated August 6th that describes exactly how to execute the hack.
Beware of any system that defaults to “No
Protection!”
Accenture
Exposed Data via Unprotected Cloud Storage Bucket
Consulting
and technology services giant Accenture inadvertently exposed
potentially sensitive information by leaving it unprotected in four
Amazon Web Services (AWS) S3 buckets.
The
cloud storage containers were discovered on September 17 by Chris
Vickery of cyber resilience company UpGuard and they were secured a
couple of days later after Vickery notified Accenture of his
findings.
An Equifax update. Seems like a lot of disputes
to me.
Equifax
breach included 10 million US driving licenses
10.9 million US driver's licenses were stolen in
the massive
breach that Equifax suffered
in mid-May, according to a new report by The
Wall Street Journal. In addition, WSJ has revealed
that the attackers got a hold of 15.2 million UK customers' records,
though only 693,665 among them had enough info in the system for the
breach to be a real threat to their privacy. Affected customers
provided most of the driver's licenses on file to verify their
identities when they disputed their credit-report information
through an Equifax web page. That page was one of the entry points
the attackers used to gain entry into the credit reporting agency's
system.
Security concerns and a few potential solutions.
IoT and the
Effects of Other Emerging Tech in the Workplace
Technology professionals are gathered here at
Spiceworld in Austin, Texas, Spiceworks' annual conference, to share
their tips and tricks on making their CIOs happy, ensuring their
end-users satisfied, and more importantly, keeping their IT
operations up and running. But these days, no discussion about IT is
complete without mentioning effects that the Internet of Things
(IoT), artificial intelligence (AI) and other emerging technologies
are having on the workplace.
The industry has high hopes for these
next-generation technologies.
In June, IDC forecast that spending on IoT
devices and services would balloon to nearly $1.4 trillion in
2021. Recently, technology research firm Tractica predicted that the
AI market will reach $43.5 billion by 2024.
… But first, IT professionals are
laser-focused on the security implications of adding IoT, AI and
augmented and virtual reality (AR, VR) solutions to their IT
environments. Expecting to
get hacked, William Brown, information security officer at
Engaging Solutions, an Indianapolis, Ind. IT consulting firm, takes
zero chances.
As a precautionary measure, Brown's team places
IoT devices on a guest network, preventing attackers from
reaching deep into the main network and accessing sensitive data.
Additionally, he advises his fellow IT professionals to make
sure their IoT vendors stick to their patch schedules.
"If you don't patch, there's a bot waiting out there waiting,"
he warned.
An update.
A judge ordered the web hosting company DreamHost
to redact identifying information about visitors to a website used to
coordinate a protest during President Trump’s inauguration,
imposing further limits on an extensive warrant obtained by the
Justice Department that initially aimed to collect visitors’ IP
addresses.
Chief Judge Robert E. Morin of the Superior Court
of D.C. had previously ordered DreamHost to turn over information
about the operators of the website, disruptj20.org. The Justice
Department alleged that the site was used to privately communicate
plans for a riot, and that it needed the IP addresses of the millions
of visitors to the site in order to discover who had incited the
violence. After resistance from DreamHost, the Justice Department
narrowed the scope of its request.
In an order issued today, Morin said that the
government would need to submit a report explaining the minimization
procedures it would use when searching DreamHost’s data—in short
the government would need to explain why it needs everything it
needs. Only then would Morin allow the DoJ to review redacted data,
and the government would again have to provide the court with its
justification for removing any redactions.
Similar thinking to the “Walmart puts groceries
in your ‘fridge” idea. Is this just a small extension of the “we
trade privacy for convenience” trend?
Report:
Amazon Testing In-Trunk Deliveries
Don't have a front porch or a doorman? In the
future, you may be able to receive packages from Amazon inside your
home or the trunk of your car.
CNBC
on Tuesday reported that the online retail giant is "in advanced
talks" with the smart license plate maker Phrame about a new
trunk delivery idea.
Phrame makes a device that fits around your
license plate and turns it into a "military strength lockbox for
your keys" that can be accessed with your permission using an
accompanying app, according to the company's website. [Would
there be a lot of call for this other than Amazon, Walmart, et. al.?
Bob]
(Related). Of course, Amazon wants to enter your
home too.
Amazon to
develop a smart doorbell to deliver packages inside your home
An update you might have
missed.
Footage
‘tells the truth,’ Utah nurse says after the SLC officer who
arrested her was fired
Salt Lake City Police Chief Mike Brown has fired
one officer and demoted another in response to the July 26 arrest of
University Hospital nurse Alex Wubbels, according to records obtained
by The Salt Lake Tribune.
Detective Jeff Payne, who arrested Wubbels, was
fired Tuesday. Payne’s watch commander the day of the
confrontation, Lt. James Tracy, was demoted to police officer III
effective Wednesday, according to the documents signed by Brown and
sent to the men.
Brown’s decision is the culmination
of an internal affairs investigation that began a day after the
confrontation between Wubbels and Payne. The probe ultimately found
that both officers had violated a number of department policies.
This would be a rather significant change.
Britain
considers regulating Facebook and Google as news publishers
Britain is considering classifying
and regulating Facebook and Google as news publishers, rather
than platforms.
… Consultancy group Enders Analysis says 6.5M
British internet users get most of their news from Facebook.
For my students.
Amazon
launches $5.49 monthly Prime Student subscription in the U.S
… For students, however, Amazon has offered a
50 percent discount on the annual subscription, meaning those in an
eligible two- or four-year program in the U.S. would only pay $49 for
the year.
… Amazon is attempting to lure more students
on board with a $5.49
monthly subscription plan bundled into a free six-month trial
offer. So basically anyone with an .edu email address can get Amazon
Prime totally free for six months, after which they can elect to
remain on the plan without committing to a full year’s
subscription.
For my Spreadsheet students.
Working in Excel spreadsheets is
all about saving time. You don’t want to have any slowdowns in
your workflow that decrease your productivity. To that end, you’ve
hopefully set
up your own Excel keyboard shortcuts and know the best ways
around the software.
There’s a small but useful change you can make
to how the Enter button functions. Out of the box,
pressing Enter will move the highlighted box down by one cell. But
if you prefer, you can change this so Enter moves the selected box
one cell to the right instead.
Though it’s a bit unnatural, you can also set
this to Up or Left if you prefer.
In fact, if you uncheck the After pressing Enter
box, you can completely disable Enter‘s
functionality. With this unchecked, pressing Enter
does nothing.
For my students who enter the Great Pumpkin
contest.
No comments:
Post a Comment