It seems more important to sell new technologies
than to secure them.
Tristan Greene reports:
A pair of independent researchers yesterday uncovered a particularly worrisome security vulnerability in Microsoft’s Windows 10. If your PC’s OS was installed with default settings this could affect you.
The simple “hack” involves activating Cortana via voice command to open websites on a PC that’s been locked.
Read more on TNW.
Democratizing crime? At least making it easier to
get untraceable payments.
Cryptocurrencies
and the Revolution in Cybercrime Economics
Over
the past year, Bitcoin and other Cryptocurrencies have increasingly
gained publicity and media attention. The focus of the reporting has
been primarily on cryptocurrencies as a financially speculative
medium, with the value of Bitcoin rising over 2000% in 2017 alone.
Although there has been some reporting on the importance of
cryptocurrencies as the payment medium of choice on the Darknet, less
attention has been given to the fact that they have revolutionized
the economics of cybercrime, with a noticeable impact on threat
actors’ Tactics, Techniques and Procedures (TTP’s).
… Cryptocurrencies
possess some characteristics that solve the complexity and risk
challenges for monetizing hacking:
1. They are anonymous
2. They are unregulated
3. They represent a direct store of purchasing value, even if they
need to be converted from one cryptocurrency into another
4. They can be stolen themselves, or resources can be stolen to mine
them
It
is these characteristics that make Cryptocurrencies so attractive and
especially useful to cybercriminals.
The
problem that cybercriminals have always had, was how to turn data
into currency. Now data is
currency.
For
my Ethical Hacking students: Always learn from the pros. If a less
sophisticated hacker is stumbling around in the machine, they may
attract attention you want to avoid. Do you exit or lock them out?
When the mysterious entity known as the
“Shadow Brokers” released a tranche of stolen NSA hacking tools
to the internet a year ago, most experts who studied the material
homed in on the most potent tools, so-called zero-day exploits that
could be used to install malware and take over machines. But a group
of Hungarian security researchers spotted something else in the data,
a collection of scripts and scanning tools that the National Security
Agency uses to detect other nation-state hackers on the machines it
infects.
My
students immediately saw how this could be monetized, but also
recognized the problems failing to disclose could cause.
Earlier this week, Mitch Lowe, CEO of the popular
all-you-can-eat movie subscription service MoviePass, made headlines
for bragging
about how the app can track the location of its users. Shortly
after that comment, MoviePass issued a statement clarifying its
actions, and now the iOS app has been updated to remove the features…
“The ghost in the machine?” A rogue AI has
taken over your machine and finds your doom laughable?
Alexa
Spooks Users As Deranged Amazon Echos Randomly Break Out In Creepy
Laughter
After being temporarily
knocked offline last week due to an Amazon Web Services (AWS)
outage, Amazon is dealing with another Alexa incident. While losing
access to Alexa Voice Services for a few hours is annoying, what is
currently happening to Amazon
Echo users (and other devices that take advantage of Alexa) was
downright puzzling and to some people, a little freaky.
Amazon Echo devices have reportedly been laughing
for absolutely no particular reason at all, which as you can imagine
is unsettling to unsuspecting ears. This isn't a fluke that was
relegated to just one person. Multiple people have confirmed that
their Echos have "gone rogue" with fits of laughter as if
they somehow had their funny bone tickled.
If this keeps happening, people might stop blindly
trusting the government.
IG Audit
finds continues flaws in OPM security of federal employee data
NextGov:
“The Office of Personnel Management inspector general again found
flaws in the agency’s contracting for the credit monitoring and ID
theft services it provides to the more than 21.5 million current,
former and prospective federal employees affected by the 2015 data
breaches. OPM has gone through two different contracts for
post-breach protections. The IG found “significant
deficiencies” in the contracting process of the first one, a
$20 million contract to Winvale Group and subcontractor CSID. When
that contract expired, OPM opted for a contract with ID Experts to
provide services for three years with a potential
value of $330 million. In a report released
Tuesday, auditors found the agency’s Office of Procurement
Operations bypassed some of the Federal Acquisition Regulation and
the agencies’ purchasing rules for the ID Experts contract. The IG
found 15 areas of noncompliance, such as designating the contracting
officer representative after the award, failing to check the System
for Award Management and data-entry errors. Auditors also found
incomplete or unapproved contractual documents, including the
acquisition plan, market research plan and technical evaluation plan.
“Without a complete and accurate history of the actions taken to
award the contract, it is impossible to know whether following all of
the FAR requirements would have resulted in an award of the credit
monitoring and identity theft services contract to someone other than
ID Experts,” the report states…”
(Related) I bet some of their systems are older
than the Department itself.
Homeland
Security's own IT security is a hot mess, watchdog finds
An inspector general
audit found dozens of systems across the agency's networks were
running old and outdated software, and in some cases, computers
hadn't received security patches for five years.
… A
newly released report by the department's Office of Inspector
General found many of the agency's systems, including both
unclassified and national security systems containing the highest
"top secret" information, were running outdated,
unsupported operating systems that in some cases hadn't been patched
with security updates for years.
Perspective. Perhaps not all of the questions
have been answered.
UK kicks
off driverless car law review to get tech on the road by 2021
… Among the questions to be reviewed and —
says the government — answered are:
-
who is the ‘driver’ or responsible person, as appropriate
-
how to allocate civil and criminal responsibility where there is some shared control in a human-machine interface
-
the role of automated vehicles within public transport networks and emerging platforms for on-demand passenger transport, car sharing and new business models providing mobility as a service
-
whether there is a need for new criminal offences to deal with novel types of conduct and interference
-
what is the impact on other road users and how they can be protected from risk
A tool for our AI class (if we had one)
Windows
10’s next major update will include Windows ML, a new AI platform
Microsoft is planning to
include more artificial intelligence capabilities inside Windows 10
soon. The software giant is unveiling a new
AI platform, Windows ML, for developers today, that will be
available in the next major Windows 10 update available this spring.
Microsoft’s new platform will enable all developers that create
apps on Windows 10 to leverage existing pre-trained machine learning
models in apps.
… Microsoft has already been using AI
throughout
Office 365, inside the Windows
10 Photos app, and even with its Windows
Hello facial recognition to allow Windows 10 users to sign into
PCs and laptops with their faces.
A little insider trading?
Peyton
Manning sold 31 local Papa John’s stores 2 days before NFL cut ties
with the chain
I went the other way (Japan)
Interesting history
of the US Army Security Agency in the early years of Cold War
Germany.
No comments:
Post a Comment