Friday, January 26, 2018

I see a topic for our next Computer Security class. This was never secret. Is Reuters saying the US Government never noticed?
Tech firms let Russia probe software widely used by U.S. government
In order to sell in the Russian market, the tech companies let a Russian defense agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers.




How much damage could a deliberate cyber attack cause? Oodles!
Maersk Reinstalled 50,000 Computers After NotPetya Attack
In a panel on securing a common future in cyberspace, Hagemann Snabe, former co-CEO of SAP, said the NotPetya malware had hit a large number of systems housed by the company.
According to Hagemann Snabe, Maersk’s IT team had to reinstall software on its entire infrastructure, including 45,000 PCs and 4,000 servers, totaling 2,500 applications.
The mammoth task took only 10 days to complete, during which time the company manually coordinated operations. This was not easy considering that Maersk is the largest container shipping company in the world and it’s responsible for roughly 20 percent of world trade. Hagemann Snabe noted that a ship carrying 10,000-20,000 containers docks into a port every 15 minutes.




Unusual for counter-intelligence to reveal their targets and their results. What am I missing? (A message to Vladimir Putin for example?)
Report: Dutch spies caught Russian hackers on tape
The Netherlands' spy service broke into the computers used by a powerful Russian hacking group and may be sitting on evidence relating to the breach of the U.S. Democratic National Committee, a Dutch newspaper and television show jointly reported Friday.
Reports carried in the respected daily Volkskrant and the current affairs show Nieuwsuur say hackers working for the Dutch General Intelligence and Security Service penetrated the computers used by the group, often nicknamed Cozy Bear, in mid-2014 and watched them for at least a year, even managing to catch the hackers on camera.
… Volkskrant and Nieuwsuur said that the Dutch spies used their access to help oust Cozy Bear from U.S. State Department computers in late 2014. Volkskrant said American spies were so grateful they sent the Dutch cake and flowers.




Skimming, Russian style. (Are you getting poor gas mileage lately?)
Hacker uses malware to steal, resell gas in major Russian fraud scheme
… According to the investigation, Denis Zayev created a malicious program that he sold to dozens of gas station employees to inject in the pumps’ software and cash registers. In some schemes he was also a partner, getting a share of the money from the stolen fuel.
The scam was simple: after the malware was installed on the IT systems, a gas tank would be left empty on purpose so some of the fuel that customers bought would be diverted to the empty tank. Customers would get less fuel than they paid for, while employees resold the fuel collected in the empty tank.
Zayev and his partners stole between 3% and 7% of the fuel for some “hundreds of millions or rubles.” The malicious program was undetectable and they fully covered their tracks by showing fake data and deleting any information about the resale operation.




Trying to keep up or catch up to technology is always a losing game.
BocaNewsNow writes:
Several teachers in schools throughout South Palm Beach County are using “Bloomz,” a Facebook-like app to communicate in a social network style with parents. This app is not approved by the Palm Beach County School District. Teachers are not authorized to use the app.
Potentially violating Florida public records laws, Bloomz presents a “back channel” communication tool that isn’t monitored by, and can’t be accessed by, administrators, principals, school district attorneys or members of the public filing freedom of information act requests.
[…]
At issue: teachers are storing confidential student information in the app which may be used by Bloomz for marketing purposes, potentially violating FERPA, the Family Educational Rights and Privacy Act. Calendars, photos, testing schedules, lists of students completing field trip permission slips, even photos and videos are being posted online by teachers with no guarantee of privacy or confidentiality.
Read more on BocaNewsNow.
If the allegations are true, this is a good example of the risks and pitfalls with edtech. Did the districts do a training with teachers about permissible and impermissible tech? Did teachers have to sign any statement of understanding about what they can use and not use? Do teachers ever get actually disciplined or suspended for using tech that they were not permitted to use?




Perspective. Self-driving cars are coming, no matter what my students think.
Ford Scoops Up Software Firms as It Drives Toward the Driverless
Ford Motor Co. is acquiring two small software firms to help build out its mobility business, a move that highlights the need for auto companies to seed their management teams with technology talent to keep pace in a fast-changing transportation sector.
Ford said Thursday it is buying Autonomic Inc., a Palo Alto, Calif., startup with 70 employees that is developing a software backbone for Ford to provide urban transit services to consumers and businesses.




Something for my next Computer Forensics class.
PDF Forensic Analysis and XMP Metadata Streams
Arman Gungor – Meridian Discovery – Link to complete posting: “Portable Document Format (PDF) forensic analysis is a type of request we encounter often in our computer forensics practice. The requests usually entail PDF forgery analysis or intellectual property related investigations. In virtually all cases, I have found that the PDF metadata contained in metadata streams and the document information dictionary have been instrumental. I will provide a brief overview of these metadata sources and then provide an example of how they can be useful during PDF forensic analysis. PDF is an electronic file format created by Adobe Systems in the early 1990s. It is used primarily to reliably exchange documents independent of platform—hardware, software or operating system. PDF is also an ISO Standard (ISO 32000-1). Due to its platform independent nature, numerous personal and business documents such as reports, agreements and operational documents are created and exchanged in PDF format. Consequently, we encounter them very often during e-Discovery processing, productions and PDF forensic analysis—especially during fraudulent document analysis…”




Imagine what the next 1000 years will bring!
Oxford University admits more women than men for first time – Ucas
The University of Oxford offered more undergraduate places to British women than men last year for the first time in its more than 1,000-year history.
Of the total figure, female sixth-formers also outnumbered their male peers, according to data published from Ucas, the university and college admissions body.
A total of 1,070 18-year-old female UK applicants to Oxford took places on undergraduate course in autumn 2017, compared with 1,025 men of the same age.




Perspective. (But you have to explain what I’m seeing?)
Nutella 'riots' spread across French supermarkets
A discount on Nutella has led to violent scenes in a chain of French supermarkets, as shoppers jostled to grab a bargain on the sweet spread.
Intermarch√© supermarkets offered a 70% discount on Nutella, bringing the price down from €4.50 (£3.90) to €1.40.
But police were called when people began fighting and pushing one another.
"They are like animals. A woman had her hair pulled, an elderly lady took a box on her head, another had a bloody hand," one customer told French media.
Similar scenes have been reported across France, with some being described as "riots".




This seems off topic, but it ties into this week’s homework in Computer Security. (Yes, I give very strange assignments.)
Bill Gates is funding genetic research into how to create the perfect cow




Is Scott Adams trying to explain politics in the Trump era?


No comments: