School for hackers? I’d hazard a guess that
this did not take much skill to do. Once one inmate figured it out,
he could just email instructions to all his friends. No indication
how long this has been going on.
Idaho
inmates hacked nearly a quarter million dollars
Idaho prison officials say 364 inmates hacked the
JPay tablets they use for email, music and games and collectively
transferred nearly a quarter million dollars into their own accounts.
The department’s special investigations unit
discovered the problem earlier this month, and the improper conduct
involved no taxpayer dollars, Idaho Department of Correction
spokesman Jeff Ray said.
The hand-held computer tablets are popular in
prisons across the country, and they are made available to Idaho
inmates through a contract with CenturyLink and JPay. Neither
company immediately responded to a request for comment from The
Associated Press.
The tablets allow inmates to email their families
and friends, purchase and listen to music or play simple electronic
games.
The inmates were “intentionally exploiting a
vulnerability within JPay to improperly increase their JPay account
balances,” Ray said in a prepared statement on Thursday. He said
50 inmates credited their accounts in amounts exceeding $1,000; the
largest amount credited by a single inmate was just under $10,000.
The total amount was nearly $225,000.
“This conduct was intentional, not accidental.
It required a knowledge of the JPay system and multiple actions by
every inmate who exploited the system’s vulnerability to improperly
credit their account,” Ray said in a prepared statement.
Phishing requires the right lure.
‘Password
Check Required Immediately’ – most effective phishing line
Leveraging a key human trait that machines would
not fall for, cybercriminals can easily manipulate or fool humans
using social engineering tactics. A new study on the most effective
phishing scams shows that, ironically, the subject
lines relating to security are most likely to trick users
into handling their credentials insecurely.
“By playing into a person’s psyche to either
feel wanted or alarmed, hackers continue to use email as a successful
entry point for an attack,” according to KnowBe4,
which deals with security awareness and simulated phishing.
… After examining tens of thousands of subject
lines, including some “in-the-wild” emails, researchers compiled
the following “Top 10 Most-Clicked General Email Subject Lines
Globally for Q2 2018” (frequency percentage in brackets):
-
Password Check Required Immediately (15%)
-
Security Alert (12%)
-
Change of Password Required Immediately (11%)
-
A Delivery Attempt was made (10%)
-
Urgent press release to all employees (10%)
-
De-activation of [[email]] in Process (10%)
-
Revised Vacation & Sick Time Policy (9%)
-
UPS Label Delivery, 1ZBE312TNY00015011 (9%)
-
Staff Review 2017 (7%)
-
Company Policies-Updates to our Fraternization Policy (7%)
We haven’t heard much about the Exactis data
breach, but Troy Hunt pointed me to this record layout.
Exactis
Data Sample
The cost of doing the right thing? More like an
accurate user count now that they are doing the right things.
Twitter to
prioritize fixing platform over user growth, shares plunge
Twitter Inc on Friday reported fewer monthly
active users than analysts expected and warned that the
closely-watched figure could
keep falling as it deletes phony accounts, sending shares
sharply lower in early trading.
The company said the work it was doing to clean up
Twitter by purging automated and spam accounts had some impact on its
user metrics in the second quarter, and that it would prioritize work
to improve suspicious accounts and reduce hate speech and other
abusive content over projects that could attract more users.
The clash of technologies? Requires a thoughtful
architecture to avoid disaster.
The GDPR
and Blockchain
Blockchain technology has the potential to
revolutionise many industries; it has been said that “blockchain
will do to the financial system what the internet did to media”.
Its most famous use is its role as the architecture of the
cryptocurrency Bitcoin, however it has many other potential uses in
the financial sector, for instance in trading, clearing and
settlement, as well as various middle- and back-office functions.
… in order for the technology to unfold its
full potential there needs to be careful consideration as to how the
technology can comply with new European privacy legislation, namely
the General Data Protection Regulation (the “GDPR”) which came
into force on 25 May 2018. This article explores some of the
possible or “perceived” challenges blockchain technology
faces when it comes to compliance with the GDPR.
… One of the most widely perceived challenges
of blockchain and the GDPR is the inability to delete data. The main
benefit of blockchain technology is that the blocks in the chain
cannot be deleted or modified, to ensure the security and accuracy of
the record. However, under the GDPR, data subjects have the right to
rectification, where the personal data concerning them is inaccurate,
and they may have the right to have their data erased (“right to be
forgotten”).
Legal tech. No robot lawyers yet?
Three
Technologies Transforming the Legal Field
Law
Technology Today: “Is your staff using analytics,
blockchain and OCR yet? Corporations are ever-focused
on their legal spend and demand more value from their outside
counsel. Further disrupting the legal field are alternative legal
service providers fueling the competitive landscape to become more
crowded and innovative. As a result, Thomson Reuters’ 2018 Report
on the State of the Legal Market surmised that declining profit
margins, weakening collections, falling productivity, and loss of
market share to alternative legal service providers are chipping away
at the foundations of firm profitability. To counteract these market
pressures and to differentiate themselves from competitors, law firms
are embracing technology to improve operational efficiencies and
transform the way attorneys and their firms interact with clients,
answer their questions, and tackle their legal challenges. The law
firms that embrace technology as a means to provide more
cost-effective services to their clients will have a competitive
advantage. For example, digitization and automation technologies
have emerged that streamline internal processes and reduce workloads,
so lawyers can spend more time advising clients and less time with
administrative work…”
Perspective. Amazon the advertising powerhouse?
Amazon
challenges Google and Facebook with surprising new multi-billion
dollar business
Amazon’s cloud business may get much of the
attention for bolstering
the company’s bottom line. But an emerging new advertising
arm of Amazon is also fueling record profits for the Seattle tech
giant.
… Amazon does not break out financials for
advertising and lumps it into the “Other” category, which
“primarily includes sales of advertising services, as well as sales
related to our other service offerings,” according to financial
statements.
Amazon reported revenue of $2.2 billion for that
category in the second quarter, up 129 percent year-over-year. For
comparison, Amazon’s online store sales grew 12 percent and AWS
sales grew 49 percent.
… Amazon
has become a formidable e-commerce search engine, competing with
Google to be the first place where shoppers start when they want to
buy products online. Its growing advertising business is another
example of the battle between Amazon and Alphabet-owned Google, which
compete across a number of areas such as voice technology, cloud
computing, and online shopping.
Interesting. I was about to try loading Kali
Linux on a thumb drive.
Ethical hacking is a great way to uncover your
inner Mr. Robot. And what better way to build those skills than by
using one of the foremost hacking toolkits?
We’re talking Kali Linux on your
Raspberry Pi 3! A Raspberry Pi 3 running Kali Linux is
surprisingly formidable for hacking. The tiny computer is cheap,
powerful, and versatile.
In fact, Kali Linux comes packed with everything
you need to expand your ethical hacking skills.
No comments:
Post a Comment