Tuesday, April 17, 2018

Is it election season already?
U.S. and U.K. Are Blaming Russia for a Global Hacking Campaign and Giving Advice on How to Thwart It
… This is the second time this year that the U.S. and U.K. have attributed cyberattacks on Russia, following their unprecedented attribution in February of last year’s extremely expensive NotPetya attack. It is also the first time that British and American agencies have combined such an announcement with technical advice on countering the threat, aimed at organizations who might be affected.
The new announcement, which comes in the context of tensions over Syria, relates to attacks on government and private-sector organizations, as well as critical infrastructure providers. The Internet service providers serving these organizations were also targeted, according to a joint statement by the U.S.’s Federal Bureau of Investigation (FBI) and Department of Homeland Security, and the National Cyber Security Centre division of the U.K.’s GCHQ intelligence agency.

The difference between competent security researchers and Facebook? Two hours vs. nine years!!!
Deleted Facebook Cybercrime Groups Had 300,000 Members
Hours after being alerted by KrebsOnSecurity, Facebook last week deleted almost 120 private discussion groups totaling more than 300,000 members who flagrantly promoted a host of illicit activities on the social media network’s platform. The scam groups facilitated a broad spectrum of shady activities, including spamming, wire fraud, account takeovers, phony tax refunds, 419 scams, denial-of-service attack-for-hire services and botnet creation tools. The average age of these groups on Facebook’s platform was two years.
On Thursday, April 12, KrebsOnSecurity spent roughly two hours combing Facebook for groups whose sole purpose appeared to be flouting the company’s terms of service agreement about what types of content it will or will not tolerate on its platform.
… Each of these closed groups solicited new members to engage in a variety of shady activities. Some had existed on Facebook for up to nine years; approximately ten percent of them had plied their trade on the social network for more than four years.

Of course, Google, Facebook, et. al. have our (user) agreement for email scanning…
Protecting Email Privacy—A Battle We Need to Keep Fighting
EFF: “We filed an amicus brief in a federal appellate case called United States v. Ackerman Friday, arguing something most of us already thought was a given—that the Fourth Amendment protects the contents of your emails from warrantless government searches. Email and other electronic communications can contain highly personal, intimate details of our lives. As one court noted, through emails, “[l]overs exchange sweet nothings, and businessmen swap ambitious plans, all with the click of a mouse button.” In an age where almost all of us now communicate via email, text, or some other messaging service, electronic communications are, in effect, no different from letters, which the Supreme Court held were protected by the Fourth Amendment way back in 1878. Most of us thought this was pretty uncontroversial, especially since another federal appellate court held as much in a 2010 case called United States v. Warshak. However, in Ackerman, the district court added a new wrinkle. It held the Fourth Amendment no longer applies once an email user violates a provider’s terms of service and the provider shuts down the user’s account…

Something my Computer Security students will do in Week Six.
France builds WhatsApp rival due to surveillance risk
The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday.
None of the world’s major encrypted messaging apps, including Facebook’s WhatsApp and Telegram – a favorite of President Emmanuel Macron – are based in France, raising the risk of data breaches at servers outside the country.

Continuing our exploration of Facebook.
Hard Questions: What Data Does Facebook Collect When I’m Not Using Facebook, and Why?
When does Facebook get data about people from other websites and apps?
Many websites and apps use Facebook services to make their content and ads more engaging and relevant. These services include:
  • Social plugins, such as our Like and Share buttons, which make other sites more social and help you share content on Facebook;
  • Facebook Login, which lets you use your Facebook account to log into another website or app;
  • Facebook Analytics, which helps websites and apps better understand how people use their services; and
  • Facebook ads and measurement tools, which enable websites and apps to show ads from Facebook advertisers, to run their own ads on Facebook or elsewhere, and to understand the effectiveness of their ads.

These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database
… over the last five years a secretive surveillance company founded by a former Israeli intelligence officer has been quietly building a massive facial recognition database consisting of faces acquired from the giant social network, YouTube and countless other websites.
… That database forms the core of a facial recognition service called Face-Int, now owned by Israeli vendor Verint after it snapped up the product's creator, little-known surveillance company Terrogence, in 2017. Both Verint and Terrogence have long been vendors for the U.S. government, providing bleeding-edge spy tech to the NSA, the U.S. Navy and countless other intelligence and security agencies.

How they hack the iPhone?
Stop Using 6-Digit iPhone Passcodes
… In September 2014, Apple made disk encryption the default on iPhone. In theory, that means that if your phone is locked and protected with a passcode, someone who gets their hands on it can’t read or extract the data from it unless they know or can guess the passcode.
… To protect against these kind of attacks, Apple has made a few changes in recent years. First of all, iPhones now require 6 digit passcodes by default (but people who have restored backups when upgrading to newer iPhones may still have 4 digit PINs). Second, after a certain amount of wrong guesses to unlock the device, iPhones are programmed to delay new guesses. Finally, there’s even a setting that you can turn on to wipe all data from the phone after 10 failed passcode attempts, as Apple’s iOS security guide explains.
If GrayKey works as advertised, it means Grayshift has found a way to avoid these delays and just keep guessing passcodes.

Too good to be true?
Clients hang up in disbelief when lawyer calls to tell them of $61M verdict over unwanted calls
… Lawyer John Barrett and his colleagues are having a hard time getting their message across when they call to deliver the news, the Wall Street Journal reports. The clients are hanging up before the lawyers or a paralegal can explain, or they are hanging up in disbelief after hearing the figures.
Barrett and co-counsel Brian Glaser won a $20.4 million verdict against Dish last year, an amount that was tripled by the judge. As a result, more than 18,000 people who received the calls are each eligible receive $2,400 to $30,000, before payment of attorney fees and expenses.
The firm began making the calls after fewer than 8 percent of clients who received a letter about the verdict failed to return the required forms.

Something for my Software Architecture student project. (Building an ATM APP to replace physical ATMs)
Asian consumers love digital banking — here’s why Americans are less excited about it

NBER – The Impact of Artificial Intelligence on Innovation
The Impact of Artificial Intelligence on Innovation, Iain M. Cockburn, Rebecca Henderson, Scott Stern, NBER Working Paper No. 24449. Issued in March 2018.
“Artificial intelligence may greatly increase the efficiency of the existing economy. But it may have an even larger impact by serving as a new general-purpose “method of invention” that can reshape the nature of the innovation process and the organization of R&D.

Netflix hits 125 Million streaming subscribers
… Since, it was a financial data from the company, they have also disclosed the revenue and profit they have earned through the first quarter of this current year. As per their official financial report, Netflix has generated $3.7 billion in revenue for Q1 with a net profit of $290 million.

Preparing my geeks.
Google’s new DIY AI kits could help shape the future
… Google just announced two new “AIY” (it’s like DIY, but for artificial intelligence) kits that build upon the ideas the company set forth with its first-generation kits. This time around, however, the new kits ship with everything a student might need to build AI solutions, including a Raspberry Pi Zero WH board.
“We’re taking the first of many steps to help educators integrate AIY into STEM lesson plans and help prepare students for the challenges of the future by launching a new version of our AIY kits,” Billy Rutledge, Director of AIY Projects at Google, wrote in a blog post. “The Voice Kit lets you build a voice controlled speaker, while the Vision Kit lets you build a camera that learns to recognize people and objects. The new kits make getting started a little easier with clearer instructions, a new app and all the parts in one box.”
He continued, “To make setup easier, both kits have been redesigned to work with the new Raspberry Pi Zero WH, which comes included in the box, along with the USB connector cable and pre-provisioned SD card. Now users no longer need to download the software image and can get running faster. The updated AIY Vision Kit v1.1 also includes the Raspberry Pi Camera v2.”
Here’s a video of the Vision Kit in action:
This is a very cool example of a tech company taking some initiative to help encourage communities to enhance their STEM programs in schools. Google’s new AIY Voice Kit and Vision Kit are already available online at Target.com and in Target stores across the country, and Google hopes to offer them in other regions in the coming months. The Voice Kit is available for $49.99, while the more complex Vision Kit costs $89.99.

No comments: