Friday, May 04, 2018

Another case of “We never noticed...”
Twitter Warns 336 Million Users to Change Their Passwords After Leaving Them Vulnerable to Hackers
Twitter warned its users on Thursday to change their passwords after it discovered that it had mistakenly stored them internally prior to fortifying them through a security technique, leaving the passwords vulnerable to hackers.
… The company also disclosed the password flaw in a regulatory filing on Thursday, indicating that the bug was serious enough to warrant more formal disclosure than a corporate blog post. Twitter has about 336 million users, according to its latest letter to shareholders.
… Agrawal said that Twitter discovered the error without the help of outside security researchers, removed the passwords from the internal log, and is “implementing plans” to prevent future errors.
It’s unclear when Twitter found out about the problem or how long the passwords were left unsecured.
… Ironically, Twitter’s password mishap was announced on the corporate holiday known as World Password Day, created by Intel security researchers and celebrated on the first Thursday in May as a way to promote good password and cyber security hygiene.

Yet another tool for frightening informing my Computer Security students.

Improving my outline for Computer Security. Includes sample test questions.
Amazon Introduces AWS Security Specialty Certification Exam
Security professionals looking to demonstrate and validate their knowledge of how to secure the Amazon Web Services (AWS) platform can now do so by taking the new AWS Certified Security – Specialty exam.
Intended for individuals who hold either an Associate or Cloud Practitioner certification, the security exam covers a broad range of areas, including incident response, logging and monitoring, infrastructure security, identity and access management, and data protection.
Individuals interested in taking the exam should have at least five years of IT security experience designing and implementing security solutions, Amazon says. At least two years of hands-on experience securing AWS workloads is also recommended.

This is a first for me. Will the FBI now try to ban drones, or perhaps ask for a backdoor so they can override them? (There is a bill in Congress…)
An FBI hostage rescue team ran into some unexpected obstacles while conducting a raid last winter when a criminal gang unleashed a swarm of drones to disrupt the operation and obscure the view of agents conducting the mission from an elevated observation post.
According to Defense One, the incident—which took place outside of an undisclosed major US city—was recounted by Joe Mazel, the head of the FBI’s Operational Technology Law unit, at the AUVSI Xponential conference in Denver, Colorado. It’s just the latest example of criminals leveraging drones and other technology to fluster law enforcement.
Defense One reported the chief of the operational tech unit for the FBI said the suspects carried the drones in backpacks in anticipation of law enforcement’s arrival. Once the FBI showed up, the criminals unleashed the drones and buzzed the agents attempting to conduct the raid.
In addition to obstructing the view of the hostage rescue team members, the criminals also used camera-equipped drones to track the location of agents on the ground. The drones provided a live video feed of the action from overhead, which members of the gang were able to watch in real time on YouTube.
“They had people fly their own drones up and put the footage to YouTube so that the guys who had cellular access could go to the YouTube site and pull down the video,” Mazel told the conference.
Police have warned in recent years that drones have been used to surveil buildings and homes being targeted by robbers. Smugglers have started to utilize the technology to move contraband across borders. Criminals have even found ways to weaponize drones with explosives and other harmful materials.
Of course, law enforcement isn’t exactly innocent on this front either, as they have their own questionable intentions for the technology. Local and federal agencies have been all too happy to try to push for drones that can be used to do everything from intercepting cell phone signals to spying on citizens without a warrant to killing people.
Lawmakers will have an opportunity to help curb some of the criminal activity committed with drones in an upcoming Federal Aviation Administration reauthorization bill. A current version of the legislation would make it illegal to weaponize consumer drones and would require drone pilots operating the devices outside of their line of sight to remotely identify themselves so law enforcement can connect the device to a person. Those rules will only work if the FAA actually enforces them, and the agency has been pretty bad at that so far.

Criminals used a swarm of drones to surveil and disrupt an FBI hostage operation
Defense One notes there is some recourse in battling criminal use of drones. Drone jamming equipment has been deployed by the US military in Syria and Iraq, though those techniques would likely not be appropriate for use in cities given the risk of interference with mobile phone and airplane signals. There are legal options, like requiring drones to broadcast their operator’s identity, or to make “weaponized” consumer drones illegal. There are also anti-drone guns that jam all possible radio frequencies a drone can use to communicate with the operator, forcing it to land or return home. They remain illegal under FCC laws, though.

Not an Amazon killer, but definitely an Amazon worrier.
Now It Looks Like Walmart Has Defeated Amazon in the War to Buy Flipkart
It’s increasingly looking like Walmart and its partners will beat Amazon to take over Flipkart, the Indian e-commerce giant.
Bloomberg reported Friday that Flipkart’s board has approved the sale of a roughly 75% stake to the Walmart group, which also includes Google parent Alphabet. The report states that Japan’s SoftBank will also sell the group its stake, which is in excess of 20%. The deal would value Flipkart at around $20 billion.
… A Flipkart takeover would be a huge coup for Walmart international business chief, Judith McKenna, who took the role a few months ago. While the U.S. giant’s international locations have been relatively underperforming compared to those at home—hence Walmart selling off its Asda chain in the U.K., for example—Flipkart offers the leading online retail experience in a market of 1.3 billion people.
If the Walmart deal goes through, it’s likely to step up price competition in India, where Amazon CEO Jeff Bezos last month claimed his e-commerce platform was the fastest-growing.

Keeping an eye on the big guys. Because they can or because they must?
Is Facebook secretly building an internet satellite? Signs point to yes
Facebook may be secretly working on its own satellite broadband service.
The possible move comes just a few months after SpaceX launched its first two prototype satellites for an internet constellation it hopes may one day be over 11,000 strong.
A partially redacted FCC application obtained by IEEE Spectrum outlines a plan for an experimental satellite from a mysterious company called PointView Tech LLC, which IEEE goes on to connect to Facebook.
The application describes a plan to launch a satellite named Athena that would test the use of high-frequency millimeter wave radio signals, the same technology many in the cellular industry are using to build next-generation 5G networks with more speed and capacity.

How Microsoft learns about you?
Microsoft expands ad business beyond Bing search results with help from LinkedIn data and AI
Microsoft, which has quietly built a $6.9 billion/year advertising business through its Bing search engine, will attempt to expand its reach with a new advertising network that extends the Bing Ads platform beyond search results to other Microsoft properties such as MSN,, and the Microsoft Edge browser.
The new Microsoft Audience Network, announced this morning, will use artificial intelligence and data from Microsoft services including Bing, MSN, Outlook, Skype and LinkedIn to help advertisers target native ads to specific audiences based on what their online activities say about them.
… “The core of how we will understand these audiences will still come from our Bing data and our browse data, but this is our first foray into what can we do with an understanding of where someone works, on top of websites that they visit and the explicit search query that they input through Bing or through any one of our partner sites,” said Rob Wilk, a Microsoft vice president who leads the company’s North American Search ad sales business, in an interview this week.

No comments: