The best hacks always try to look like an innocent mistake.
Sometimes mistakes look like they aren’t so innocent.
Google
Internet Traffic Wasn't Hijacked, But It Was Out of Control
For two hours Monday, internet traffic that was
supposed to route
through Google's Cloud Platform instead found itself in quite
unexpected places, including Russia and China. But while the
haphazard routing invoked claims of traffic hijacking—a real
threat, given that nation states could use the technique to spy on
web users or censor services—the incident turned out to be a simple
mistake with outsized impacts.
Google
noted that almost all traffic to its services is encrypted,
and wasn't exposed during the incident no matter what. As traffic
pinballed across ISPs, though, some observers, including the
monitoring firm ThousandEyes, saw signs of malicious BGP hijacking—a
technique that manipulates the web's Border Gateway Protocol, which
helps ISPs automatically collaborate to route traffic seamlessly
across the web.
ThousandEyes saw Google traffic rerouting over the
Russian ISP TransTelecom, to China Telecom, toward the Nigerian ISP
Main One. "Russia, China, and Nigeria ISPs and 150-plus [IP
address] prefixes—this is obviously very suspicious," says
Alex Henthorne-Iwane, vice-president of product marketing at
ThousandEyes. "It
doesn’t look like a mistake."
… In this case, it appears that the Russian
and Chinese ISPs, and perhaps others as well, offered a path to the
Google traffic because they hadn't implemented protective
configurations. [Think of
it as keeping a door open for anything you can grab. Bob]
Think of this as a guide to social engineering of
senior management.
Heads rolled in this one, when executives did not
spot or prevent business email compromise. As reported by
DutchNews.nl:
The Dutch operation of the Pathé cinema group was ripped off by internet con men to the tune of over €19m, court documents published on Friday show.
The con cost both the chief executive and financial director of the Dutch operation their jobs, and it is unclear if any of the money has been recovered.
The court documents, which cover the unfair dismissal case brought by sacked finance chief Edwin Slutter, show in detail how the thieves went about scamming Pathé Nederland earlier this year.
Read more at DutchNews.nl.
One person ignoring one procedure and no one
checked?
20,667
Drunken-Driving Convictions Tainted by Bad Breathalyzer Test in New
Jersey
More than 20,000 drunken-driving convictions in
New Jersey could be in jeopardy after the state’s highest court
ruled on Tuesday that breathalyzer tests used to win those judgments
were inadmissible.
The unanimous ruling by the Supreme Court stems
from criminal charges brought more than two years ago against a State
Police sergeant who was accused of falsifying calibration records on
breath test devices that were used in five of New Jersey’s 21
counties.
It is unclear how state courts and law enforcement
officials will now proceed. The Supreme Court ruling does not
automatically expunge all the drunken-driving convictions, but the
justices did note that defendants tested by the affected breath
machines could now seek to challenge their convictions.
This looks like the “Big is always bad”
argument mixed with a bit of the “we are powerless to stop them”
rant.
Google,
Facebook, and Amazon benefit from an outdated definition of
“monopoly”
Quartz:
“…big tech companies have amassed so much power that even Apple
CEO Tim Cook has called
for stricter regulations to be placed on them. Google owns 92%
market share of internet searches, Facebook an almost 70%
share of social networks. Both have a duopoly in advertising
with no credible
competition or regulation. [Incredible!
Bob] Amazon, meanwhile, is crushing retailers and faces
conflicts of interest as both the dominant e-commerce seller and the
leading online platform for third-party sellers. Apple’s iPhone
and Google’s Android completely control the mobile app market, and
they determine whether businesses can reach their customers and on
what terms. So why hasn’t the Federal Trade Commission (FTC) taken
action to break up these companies?
I believe that an outdated interpretation of
antitrust law is partly to blame. For decades the standard for
evaluating whether to break up monopolies, or block the mergers that
create them, has been “consumer welfare.” And this consumer
welfare standard has predominantly been interpreted as low prices.
If companies can show that a merger or acquisition would not impact
prices, for the most part, they win approval. But in the context of
technology companies—which often offer “free” platforms and
instead sell user attention as their product—this
low-prices-focused paradigm makes no sense…”
(Related) ...and Facebook has replaced
governments?
Digital
Journalism and the New Public Square – Or’ Emet Lecture
A few months ago, the Guardian published
a remarkable story revealing that a Cambridge University researcher
had harvested as many as 50 million Facebook profiles for Cambridge
Analytica, a data analytics firm headed at the time by Steve Bannon,
one of Donald Trump’s key advisors.
… Most of you probably remember the Guardian’s
story. You may not be familiar, though, with what happened the day
before it was published. As the Guardian’s editors were
readying their story for print, their lawyers received a letter from
Facebook. The letter threatened a lawsuit if the Guardian
went ahead with the story. Facebook knew the story would provoke
disbelief and outrage and perhaps even a regulatory response, so it
tried to quash it with the threat of a lawsuit.
… What are the mechanisms of this influence?
In a new article,
the legal scholar Kate Klonick argues that the social media platforms
should be thought of as “systems of governance,” because they’re
now the principal regulators of speech that takes place online.
Through their control of the new public square, the platforms are
exercising power we ordinarily associate with state actors.
Perspective.
Google Data
Collection Is More Extensive and Intrusive Than You Ever Imagined
A new 55-page report
from Digital Content Next and Vanderbilt University on Google data
collection practices has raised new questions about the extent to
which the top tech companies in the world collect and collate user
data without their permission or knowledge. The report, authored by
Douglas Schmidt, a professor of Computer Science at Vanderbilt, is a
detailed look at “a day in the life” of a typical Internet user,
offering a never-before-seen look at just how much data Google
collects on the average user.
No comments:
Post a Comment