Saturday, January 13, 2018

Never leave your computer unattended.
Simple Attack Allows Full Remote Access to Most Corporate Laptops
Researchers have discovered a flaw in Intel's Advanced Management Technology (AMT) implementation that can be abused with less than a minute of physical access to the device.
An Evil Maid attack could ultimately give an adversary full remote access to a corporate network without having to write a single line of code.
The flaw was discovered by F-Secure senior security consultant Harry Sintonen, and disclosed today.
"In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures."
The problem is that setting a BIOS password (standard procedure) does not usually prevent access to the AMT BIOS extension – the Intel Management Engine BIOS Extension (MEBx). Unless this separate password is changed, and usually it is not, the default 'admin' password will give the attacker access to AMT.

Have politicians learned anything about security?
Shane Harris reports:
The Russian hackers who stole emails from the Democratic National Committee as part of a campaign to interfere in the 2016 election have been trying to steal information from the U.S. Senate, according to a report published Friday by a computer security firm.
Beginning last June, the Russian hackers set up websites that were meant to look like an email system available only to people using the Senate’s internal computer network, said the report by Trend Micro Inc. The sites were designed to trick people into divulging their personal credentials, such as usernames and passwords.
The Associated Press was first to write about the report.
Read more on Washington Post.

I wonder what the FBI uses?
Microsoft Brings End-to-End Encryption to Skype
Microsoft this week announced that end-to-end encrypted communications are now available for preview to Skype insiders.
Called Private Conversations, the newly introduced feature secures both text chat messages and audio calls, Microsoft Program Manager Ellen Kilbourne revealed.
Furthermore, end-to-end encryption is also applied to any files users send to their conversational partners, including images, audio files, and videos. Not only will the contents of these conversations be hidden in the chat list, but they won’t appear in notifications either, to keep user’s information private.
Private Conversations, Kilbourne explains in a post, is using the industry standard Signal Protocol by Open Whisper Systems. The protocol is already providing end-to-end encryption to users of popular messaging applications such as Signal, WhatsApp, and Facebook Messenger.

Getting you ducks in order.
The road to AI leads through information architecture
… The evolution of the auto industry is similar in form to the currently nascent world of artificial intelligence . And like the auto industry, in order for AI to flourish, organizations must adopt and embrace a prerequisite set of conditions, or building blocks. For example, AI requires machine learning, machine learning requires analytics, and analytics requires the right data and information architecture (IA). In other words, there is no AI without IA. These capabilities form the solid rungs of what we call the “AI Ladder” — the increasing levels of analytic sophistication that lead to, and buttress, a thriving AI environment.

I want to talk this through with my Data Management class. Think of what is required to implement it?
U.S. Supreme Court to Review Bid to Collect Internet Sales Tax
The U.S. Supreme Court will consider freeing state and local governments to collect billions of dollars in sales taxes from online retailers, agreeing to revisit a 26-year-old ruling that has made much of the internet a tax-free zone.
Heeding calls from traditional retailers and dozens of states, the justices said they’ll hear South Dakota’s contention that the 1992 ruling is obsolete in the e-commerce era and should be overturned.

Because I’m hoping they let me teach Math again…
10 Good Resources for Math Teachers and Students

I’m sure the President would (like to) agree with Dilbert.

No comments: