How to breach security.
The
Foundation of Cyber-Attacks: Credential Harvesting
Recent
reports
of a newly detected Smoke Loader infection campaign and the
re-emergence of Magecart-based cyber-attacks illustrate a common
tactic used by cyber criminals and state-sponsored attackers alike ―
credential harvesting. According to the Verizon 2017 Data Breach
Investigation Report, 81%
of hacking-related breaches leverage either stolen, default, or weak
credentials.
While credential harvesting is often seen as equivalent to phishing,
it uses different tactics.
Cyber
attackers long ago figured out that the easiest way for them to gain
access to sensitive data is by compromising an end user’s identity
and credentials. Betting on the human factor and attacking the
weakest link in the cyber defense chain, credential harvesting has
become the foundation of most cyber-attacks.
… In
the case of cloned websites, the victim is often unaware of the
attack, since the fake web designs are often very authentic. When
the user enters his or her credentials, the page not only captures
them but then forwards them to the actual login page, which then logs
in the user. The victim never even knows their credentials were
stolen.
Important topic for Computer Security too.
Low-Hanging
Fruit: Responding to the Digital Evidence Challenge in Law
Enforcement
Whether you believe law enforcement is “going
dark” or we are in a “golden age of surveillance,” law
enforcement faces serious challenges in identifying and accessing
digital evidence that is available and important to their criminal
investigations. Some of these problems are, no doubt, related to
encryption and ephemerality of data – the two issues that have
absorbed most of the national attention to date. But, in fact, the
problems with digital evidence and digital technologies go far beyond
those issues, as we detail in a new CSIS-issued report released
today, Low-Hanging
Fruit: Evidence Based Solutions to the Digital Evidence Challenge.
(See also coverage of the report at the Washington
Post.)
… We found that difficulties accessing and
utilizing digital evidence affect
more than a third of law enforcement cases – a
percentage that we expect only to grow over time absent national
attention to the issue.
Still think we are doing everything possible?
Poynter
guide to anti-misinformation actions around the world
Poynter has updated this very useful guide –
Here’s
where governments are taking action against online misinformation
– subject matter includes hate speech law, misinformation. media
literacy, fake news, election misinformation, political bots and
advertising, foreign disinformation campaigns, media regulation,
internet regulation.
(Related) Matches my observation.
Paper –
Susceptibility to partisan fake news is better explained by lack of
reasoning than by motivated reasoning
Lazy,
not biased: Susceptibility to partisan fake news is better explained
by lack of reasoning than by motivated reasoning. Gordon
Pennycook and David G. Rand.
https://doi.org/10.1016/j.cognition.2018.06.011.
Cognition. Available online 20 June 2018 [paywall – but Table of
Contents, Abstract, Figures and Supplementary Data are available at
no fee]
-
Participants rated perceived accuracy of fake and real news headlines.
-
Analytic thinking was associated with ability to discern between fake and real.
-
We found no evidence that analytic thinking exacerbates motivated reasoning.
“Falling for fake news is more a result of a
lack of thinking than partisanship. Why do people believe blatantly
inaccurate news headlines (“fake news”)? Do we use our reasoning
abilities to convince ourselves that statements that align with our
ideology are true, or does reasoning allow us to effectively
differentiate fake from real regardless of political ideology? Here
we test these competing accounts in two studies (total N = 3446
Mechanical Turk workers) by using the Cognitive Reflection Test (CRT)
as a measure of the propensity to engage in analytical reasoning. We
find that CRT performance is negatively correlated with the perceived
accuracy of fake news, and positively correlated with the ability to
discern fake news from real news – even for headlines that align
with individuals’ political ideology. Moreover, overall
discernment was actually better for ideologically aligned headlines
than for misaligned headlines. Finally, a headline-level analysis
finds that CRT is negatively correlated with perceived accuracy of
relatively implausible (primarily fake) headlines, and positively
correlated with perceived accuracy of relatively plausible (primarily
real) headlines. In contrast, the correlation between CRT and
perceived accuracy is unrelated to how closely the headline aligns
with the participant’s ideology. Thus, we conclude that analytic
thinking is used to assess the plausibility of headlines, regardless
of whether the stories are consistent or inconsistent with one’s
political ideology. Our findings therefore suggest that
susceptibility to fake news is driven more by lazy thinking than it
is by partisan bias per se – a finding that opens potential avenues
for fighting fake news.”
All is not peaches and cream?
Facebook’s departing chief information security
officer Alex Stamos, whose upcoming exit has been known
for months, wrote a note to staff in March amid the Cambridge
Analytica data-sharing scandal urging them to reconsider the site’s
approach to privacy, BuzzFeed
News reported on Tuesday.
In his note titled “A Difficult Week,” Stamos
wrote that the scandal—in which Facebook’s reckless approach to
sharing data on users allowed the sketchy political firm to acquire
data on somewhere
around 87 million users—as well as others such as alleged
Russian information warfare on the site were the result of “tens of
thousands of small decisions made over the last decade.” Per
BuzzFeed, he also implored his colleagues to please, for the love of
god, consider negative feedback when implementing features that
pushed the limits of users’ comfort levels, as well as limit its
data collection to that actually necessary for the company’s
functioning:
“We need to build a user experience that conveys honesty and respect, not one optimized to get people to click yes to giving us more access,” Stamos wrote. “We need to intentionally not collect data where possible, and to keep it only as long as we are using it to serve people.”
“We need to listen to people (including internally) when they tell us a feature is creepy or point out a negative impact we are having in the world,” the note continued. “We need to deprioritize short-term growth and revenue and to explain to Wall Street why that is ok. We need to be willing to pick sides when there are clear moral or humanitarian issues. And we need to be open, honest and transparent about our challenges and what we are doing to fix them.”
Perspective. What are auto manufacturers doing to
transition to the “self-driving/rides on demand” future?
Ford
follows GM's Cruise move with self-driving spinoff
Ford Motor Co (F.N)
said on Tuesday it was creating a separate $4 billion unit to house
its self-driving vehicle operations and is seeking outside investors,
following a similar move in late May by Detroit rival General Motors
Co (GM.N)
with its Cruise Automation unit.
(Related)
GM launches
a peer-to-peer car-sharing service
General Motors is launching a new service in
Chicago, Detroit and Ann Arbor, Mich. that will let owners rent out
their personal GM
-branded vehicles through its Maven car-sharing platform.
Perspective. Tired of the vast wasteland?
Cable's
Netflix bundling deals aren't stopping customers from cutting the
cord
Cable providers have been wringing
their hands and pulling out deal
after deal to try to keep cable TV subscribers. Most
recently, they started bundling Netflix subscriptions with cable
packages (because bundling
is totally something customers don't hate at all).
But a new report from eMarketer
shows that their tactics aren't panning out. Not only is the rate of
TV watchers opting for Over
The Top (OTT) service on the rise — where they just watch
internet TV providers like Netflix, instead of paying for cable —
it's also accelerating faster than projected growth rates.
Projections put the number of cord cutters —
adults who cancel pay TV, opting instead for OTT — at 33 million,
which is 32.8 percent of TV watchers.
… The growth rates of the OTT providers tell
the other side of the story. Netflix
reached 100 million subscribers in 2017. Leaked documents from
Amazon
showed that it counts 26 million prime members as US viewers. Hulu
garnered a walloping 40 percent growth in subscribers in 2017,
reaching 17 million viewers. It also launched Hulu
Live TV, which is like basic cable via a Hulu subscription —
and is proving to be incredibly
popular. And YouTube and Facebook (via Facebook Watch and IGTV)
are in all-out
war to capture the millions of eyeballs to which they already
have access.
A new record? This has really got to hurt.
Venezuela's
inflation on track to top 1 million percent, IMF says
Interesting. One of those products I see no great
market for, but then I have a history of being wrong.
Segway
Unveils Self-Balancing Electric Roller Shoes
Segway
has unveiled its latest creation, and its as off-kilter as you’d
expect from the company. Taking the hoverboard trend one step
further, it’s now created the Drift W1, which essentially splits
the board in half and works underneath your shoes. The shoes will
weigh 7.7lbs and have a top speed of 7.5 MPH, with a riding time of
around 45 minutes before needing another charge.
Each pair will also come with a helmet for anyone
trying to figure out how to work these shoes without injury. The
Segway Drift W1 will cost $399 USD and be available during August.
You can find out more information from the brand’s web page.
No comments:
Post a Comment