Tuesday, February 27, 2018

Perhaps Georgia wants to use that vulnerability?
AP reports:
Lying about your weight on an online dating site? Checking out who won the Falcons game from your work computer? Using your computer hacking knowledge as an “ethical hacker?” Those actions may become illegal if a Georgia bill gets voted into law, civil liberty advocates say.
Supporters of a bill making its way through the state legislature say it’s designed to give law enforcement the ability to prosecute “online snoopers” — hackers who break into a computer system but don’t disrupt or steal data. The legislation came in response to a recent data breach at a Georgia university in which unauthorized cybersecurity experts noticed the vulnerability of Georgia’s voting records.
Read more on Times Free Press.

Local interest.
Kirk Mitchell reports:
Russian computer hackers operating in Colorado and 15 other states used data-mining viruses to steal thousands of credit card numbers from U.S. residents in 20 states and sold them on the darknet for more than $3.6 million, according to federal court documents.
As part of the wide-scale criminal operation, so-called “carders” from Russia advertised and sold the numbers to Ukrainian operatives using the Rescator network of websites — named for a Ukranian hacker who specializes in the sale of stolen credit cards.
Read more on The Denver Post.

For my Ethical Hacking students: It’s where the money is!
Feds No Longer Need Apple Consent To Crack Nearly Any iPhone Thanks To Cellebrite iOS 11 Exploit
Cellebrite, an Israeli company known for selling solutions to law enforcement agencies around the globe to unlock smartphones, is back in the news again. This time around, the company is touting a new solution that would make it possible to crack just about any device that is currently running Apple's iOS 11 operating system.
To understand why this announcement is so pivotal, we must rewind to just over two years ago. Following the San Bernardino terrorist attack that left 14 people dead in late 2015, Apple and the U.S. Department of Justice got into a war of words about device encryption and backdoor software access, bringing the subject to a mainstream audience. Law enforcement officials – lead primarily by the FBI – argued that they needed access to one of the perpetrators' iPhones for national security reasons. Apple argued that providing backdoor access to the FBI or other agencies could lead to a reduction in security for all of its customers and stood its ground.
In the end, the FBI ended up gaining access to the iPhone 5c thanks to software [reportedly] made by Cellebrite. Now, Cellebrite's ability to crack encryption on iPhones extends to all current hardware capable of running iOS 11 including the iPhone X. According to sources for Forbes', the latest hack to circumvent Apple security was perfected over the past few months and is being shopped around to Cellebrite's usual law enforcement clientele.
Cellebrite describes its services, writing, "These new capabilities enable forensic practitioners to retrieve the full file system to recover downloaded emails, third-party application data, geolocation data and system logs, without needing to jailbreak or root the device.
… We should note that Android devices aren't immune from Cellebrite's tentacles either, as it can access data on "Samsung Galaxy and Galaxy Note devices; and other popular devices from Alcatel, Google Nexus, HTC, Huawei, LG, Motorola, ZTE, and more."

The best laid schemes o' mice an' men / Gang aft a-gley.” What about failure to plan?
USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online
In October 2017, KrebsOnSecurity warned that ne’er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could abuse this service by signing up as anyone in the household, because the USPS wasn’t at that point set up to use its own unique communication system — the U.S. mail — to alert residents when someone had signed up to receive these scanned images.
The USPS recently told this publication that beginning Feb. 16 it started alerting all households by mail whenever anyone signs up to receive these scanned notifications of mail delivered to that address. The notification program, dubbed “Informed Delivery,” includes a scan of the front of each envelope destined for a specific address each day.

Perhaps a method to identify potential school shooters?
How Companies Scour Our Digital Lives for Clues to Our Health
Your digital footprint — how often you post on social media, how quickly you scroll through your contacts, how frequently you check your phone late at night — could hold clues to your physical and mental health.
That at least is the theory behind an emerging field, digital phenotyping, that is trying to assess people’s well-being based on their interactions with digital devices. Researchers and technology companies are tracking users’ social media posts, calls, scrolls and clicks in search of behavior changes that could correlate with disease symptoms. Some of these services are opt-in. At least one is not.

(Related) At least Dilbert keeps up.

Interesting stats?
Law and reputation firms generate 21% of Right to Be Forgotten delistings, says Google
Google says that there are “tens of thousands” of Right to Be Forgotten (RTBF) requests filed each month in Europe. In a new blog post, the company explains that it’s updating its “Transparency Report,” which details RTBF requests, to include new categories of information.
In addition to reporting aggregate data on requests, their countries of origin and percentages granted, Google says it will now reveal:
  • The type of individual/entity making the request: private vs. non-private (government entity, corporations, NGOs)
  • What sort of content is associated with the request: personal information, professional information, criminal activity
  • Whether the site on which the link appears is a directory site, news site, social media or other.
  • Delisting rate by content category
Google is simultaneously releasing a report that provides more depth and detail on the nature of delisting requests, summarizing three years of data since RTBF first came into being in May 2014. The high-level findings are provided in an infographic in the blog post.
In the report, Google says there are “two dominant intents for RTBF delisting requests.” Roughly a third (33 percent) of requests are related to personal information on social media and directory sites. Another 20 percent relate to news and government websites that contain “a requester’s legal history.” The rest are diverse and span a range of content types and objectives.
… One of the more interesting disclosures in the report is that there is a category of high-volume RTBF requesters. Google reports that the top 1000 requesters “generated 14.6 percent of requests and 20.8 percent of delistings. These mostly included law firms and reputation management agencies, as well as some requesters with a sizable online presence.”

For my Data Management students. Apparently, Online is cheaper than creating and storing CDs.
Public broadcaster music library closing, CDs to be digitised, destroyed
Radio Canada International: “Canada’s public broadcaster CBC (English) and Radio-Canada (French) is going through massive changes. The sprawling headquarters of the Radio-Canada network in Montreal have been sold, and the organisation will move to new and much smaller rented quarters being built on one of the former parking lots. With huge funding cuts from the government and increasing costs, this has meant equally massive staff and production cuts. Rapidly developing technological developments are also driving the changes. The broadcaster with stations across the country has, over the decades, amassed a vast collection of recorded music and other artefacts… The main French-language production centre of Radio-Canada in Montreal has also been digitising its collection. However, recently it was revealed that most of the collection of over 200,000 CDs will be destroyed when the process is completed in 2019 and prior to the move to new quarters in 2020. The destroyed materials apparently will be recycled…”

When Social Media turns anti-social?
Meet Vero: Why a billionaire's Instagram alternative is suddenly so popular
Instagram haters are jumping on a new social media bandwagon.
Vero, a photo-sharing app that launched in 2015, is the latest app to benefit from ongoing frustration with Instagram's hated algorithm.
A week ago, the app was ranked so low it didn't even appear in the App Store's top 1,500 apps; today it's the most popular app in the entire App Store. It's gotten so popular that the app's servers have been overloaded, with many users unable to post or even sign up for an account.
… So how does it make money?
The short answer is that it doesn't — at least, not yet. Because there are no ads on the platform, Vero says it will eventually rely on user subscriptions for the bulk of its revenue.
… And while it's not clear what has prompted Vero's sudden surge, it appears to be at least partly due to frustration's with Instagram's algorithm, which has been bubbling up for months.
Instagrammers have been upset over the app's algorithm since it rolled out last year. But, unlike other changes, which people have gotten used to over time, frustration seems to have only intensified over time.
Now, Instagram users are promoting their Vero accounts to followers. There are currently more than 500,000 Instagram posts tagged as #Vero, the majority of which are users posting screenshots of their profiles and asking followers to join them on the app.

Perspective. Back in my day, it was "Duck and cover" and we couldn’t shoot back. Perhaps training on how to recognize mental illness would be more valuable?
This is America: 9 out of 10 public schools now hold mass shooting drills for students
Read this and weep – and then get busy – please: How “active shooter” drills became normal for a generation of American schoolchildren. “… Since Columbine, 32 states have passed laws requiring schools to conduct lockdown drills to keep students safe from intruders. Some states went even further after 20 children died in Newtown, Connecticut, in 2012. Now, six states require specific “active shooter” drills each year. That means the training must be specifically tailored to respond to an armed gunman out to kill. There is no consensus on what these drills should look like, but several states, including Missouri, require shooting simulations with police officers…”

For my geeks…
Google’s Flutter app SDK for iOS and Android is now in beta
Flutter is Google’s open source toolkit for helping developers build iOS and Android apps. It’s not necessarily a household name yet, but it’s also less than a year old and, to some degree, it’s going up against frameworks like Facebook’s popular React Native. Google’s framework, which is heavily focused around the company’s Dart programming language, was first announced at Google’s I/O developer conference last year.

No comments: