Tools
& Techniques. For my Ethical Hackers and Computer Security
students.
OS
X malware infecting connected iPhones, iPads
Palo
Alto Networks says that "...this malware family heralds a new
era in malware" and if the claims are true, the find is indeed
significant. It is the first malware to generate malicious iOS
applications automatically through binary file replacement and can
infect installed iOS applications.
[From
the report:
Characteristics
of this malware family, including its ability to infect even
non-jailbroken iOS devices
(Related)
Keep up guys.
Stealthy
Phishing Tactic Targets Online Shoppers
Researchers
at Trend Micro say they have uncovered a crafty phishing technique
that can help attackers steal information while flying under the
radar of site owners.
…
In the case of Operation Huyao, the attacker's malicious site acts
as a relay for the original site, and as long as the victim is only
browsing the page, they will only see the content they would on the
legitimate site. When they go to enter payment information however,
things change.
"It
does not matter what device (PC/laptop/smartphone/tablet) or browser
is used, as the attacker proxies all parts of the victim’s HTTP
request and all parts of the legitimate server’s response,"
the researcher blogged.
Really
nothing new here.
Top
5 Facebook Scams Revealed in Two-Year Study
A
two-year study by Bitdefender sheds some light on the most popular
types of scams on Facebook and who is falling for them.
The
study examines more than 850,000 Facebook scams. Analyzing each
of them revealed the following top five bait categories for attackers
looking to hit users with spam, malware or other attacks: profile
viewer scams (45.5 percent); Facebook functionality scams such as
claims about adding a dislike button (29.53 percent); gift
card/gadget giveaway scams (16.51 percent); celebrity scams such as
death hoaxes (7.53 percent); and atrocity videos with subjects like
animal cruelty (0.93 percent).
[The
“top 5” cover 100%? Bob]
Perhaps a new topic for my
Ethical Hacking class, “Quasi-Ethical Vigilantism?”
U.S.
Mulls New Tactics to Stem Wave of Cyberattacks
As
hacking attacks reach epidemic proportions, the US cybersecurity
community is looking at new ways to step up defense, including
counterattacking the hackers themselves.
…
Stewart
Baker, a former assistant secretary of homeland security who now
practices law in Washington, argues that limited "hacking back"
could be justified, even though the legal issues are unclear.
Morally
justified?
Baker
said any actions a company takes outside its own network could be
viewed as illegal, but there is a strong case to be made for reaching
out to networks of third parties used by hackers to transit stolen
data.
"I
think you are morally justified for sure" in taking such
actions, Baker told AFP. "And I think the
probability of being prosecuted is very low."
Baker
said if a firm can locate its stolen data and has a way to recover
it, "they would be crazy not to."
"They
can't wait for the government to get a court order. By the time that
happened, everything is going to be gone."
But
going beyond that, such as seeking to take out a hacker network,
would mean "taking on risks" of legal liability.
US
Justice Department guidelines caution against any retaliation.
Baker
said the guidelines "don't
quite say it's illegal, they say it's a bad idea."
Sure
to get the attention of lawyers and insurance companies.
Daniel
Tepfer reports:
In a case involving a Westport doctor’s office, the state Supreme
Court has ruled that patients can sue for negligence if a medical
office violates regulations that dictate how medical offices must
maintain patient confidentiality.
This is the first time the state’s highest court has ruled
regarding this issue. Connecticut now joins Missouri, West Virginia
and North Carolina in similar rulings.
“Before this ruling, individuals could not file a lawsuit claiming
violation of their privacy under the (Health Insurance Portability
and Accountability Act of 1996) regulations,” said Trumbull lawyer
Bruce Elstein, who brought the case. “It was for that reason that
we filed a negligence claim, claiming the medical office was
negligent when it released confidential medical records contrary to
the requirements set forth in the regulations.”
“Stupid
is as stupid does!” F. Gump
Warrant: Eric Frein surfed
Internet while on the run
The man accused of ambushing two Pennsylvania state troopers, killing
one, used a laptop and surfed the Internet during the weeks-long
manhunt that ended with his arrest last week, according to court
documents.
… The fact that Frein exposed himself to capture by using a cell
phone is somewhat surprising, given that officials said he had
conducted Internet searches on his home computer in the last two
years with queries such as "can police track cell phone"
and "how to escape a manhunt.
… Frein told investigators "he had used the laptop to access
the Internet using open Wi-Fi accounts he could find in the area
while he was evading authorities," according to the warrant.
Because most wireless Internet routers' signals can't reach farther
than a couple of hundred feet at most,
Frein
probably was quite close to homes or businesses that had unsecured
Wi-Fi.
“Saving
face,” government style? Our 'Right to know' vs. our 'Right to
what the government wants us to know?'
ACLU slams no-fly zone over
Ferguson
The
Federal Aviation Administration (FAA) violated constitutionally
protected free-press rights with a media-specific flight ban over
Ferguson, Mo., earlier this year, the American Civil Liberties Union
(ACLU) says.
The
ACLU wrote a
scathing
letter to the FAA this week, accusing the agency of
trying to “suppress aerial press coverage” during the events that
unfolded after Michael Brown, an unarmed black teen, was shot to
death by a police officer in Ferguson.
The
FAA established a “no-fly zone” that was targeted at news
helicopters, as well as drones, the ACLU charges.
"An
air ban singling out media aircraft is an unacceptable and unlawful
abridgement of the rights of a free press,” the ACLU wrote Tuesday.
"It is particularly alarming when implemented during events at
which law enforcement may be engaging in practices that violate
constitutional rights.”
(Related)
Perhaps this is a good place to point to an Infographic.
The
Ethics of Data, Visualized
TRACEY
WALLACE – Truth in Data: “Big data sparked public interest
in the U.S. beginning with the NSA scandal. Suddenly, it was mass
knowledge that not only could the government, or any entity, collect
your social media, email or cell data, but they could use it against
you. This concept certainly isn’t brand new, and it certainly was
occurring long before the NSA’s data collection and use methods
were revealed. In fact, social media platforms like Facebook are
explicit in their Terms of Service as to whom your on-platform
activity belongs. And, if you think it is you, you are wrong.
Disable cookies from your
browser and you won’t be able to use Facebook, Twitter, LinkedIn,
Google and many otherwise free digital services. That’s
because these platforms are not free. We all exchange our data for
the service, and in turn receive more targeted ads based on who our
friends are, what we say to them in email, who we retweet most often
and what keywords are typically found in our digital resumes.
…
In all, the biggest problem with data collection for most people is
this: they didn’t know it was happening.
…
Here, we break down how all the world feels about big data, the
internet and how these two entities are affecting worldwide privacy
and security.
Interesting.
Perhaps I should “friend” Warren Buffet?
The
Surprising Ways that Social Media Can Be Used for Credit Scoring
Many
employers today are looking at the social media accounts of potential
employees to get an idea of the type of person they might be hiring.
They’re not the only ones — lending companies are also getting in
on the act. And new research shows that some of the more unusual
things you post or the people you might be connected to could have an
impact on your credit score.
The
paper, “Credit
Scoring with Social Network Data,” was authored by Yanhao Wei,
a Ph.D. student in economics at the University of Pennsylvania,
Wharton marketing professors Christophe Van den Bulte and Pinar
Yildirim, and Boston University professor Chrysanthos Dellarocas.
Yildirim recently discussed their findings on the Knowledge@Wharton
show on Wharton Business Radio, which you can find on SiriusXM
Channel 111.
An
edited transcript of the conversation appears below.
Inevitable.
...and simple physics. If I've printed a gun, I need ammunition.
(I thought I was clever when I printed targets)
Shot
Heard 'Round The 3D Printing World, A Bullet Designed For Printed
Guns
…
It was only a matter of time before
someone realized that a printer could produce a pistol, but early
prints have proven to be of little threat. Why? Because traditional
ammunition essentially destroys the printed firearm after a single
shot, plus, misfires are common. In other words, the physics of the
operation make it dangerous to be on the firing side, too. By and
large, that's why you haven't seen an uproar of attention around 3D
weapons -- they're just
entirely too impractical to be worried about. [Not
the proper way to assess risk. Bob]
That
could change, however, as a crafter from Pennsylvania has revealed a
handmade bullet that effectively wraps the shot in a barrel that will
absorb the impact.
Something
for my website students.
The
Amazing Pattern Library
“A
PROJECT BY
TIM
HOLMAN &
CLAUDIO
GUGLIERI THIS ON GOING PROJECT COMPILES PATTERNS SHARED BY THE
MOST TALENTED DESIGNERS OUT THERE FOR YOU TO USE FREELY IN YOUR
DESIGNS.”
New
technique to share with my spreadsheet class. (Google's answer to
Office 365)
Google
gives Microsoft office an awkward hug with new plugin
…
Google has now created a Chrome plugin and new desktop Drive client
that instead offers the chance to suck a document out of its cloud
and into the desktop app of your choice.
…
The company is also promising that when you save a document stored
in Drive, the changes will be saved back to Drive.
The
plugin, client, and Gmail account needed to get this going are all
free to individuals.
(Related)
I could use this in my spreadsheet class, but I'm leaning toward
Statistics... (I have mentioned this in an earlier post.)
Zip
Lookup - Demographics by Zip Code
Zip
Lookup is a nice use of the Esri mapping platform. The map
allows you to enter any US zip code to discover demographic data
about that area. Whenever I see something like this I am skeptical
of how well it will work for very small towns like the one that I
live in (Woodstock, Maine). I was pleasantly surprised to find that
Zip
Lookup was quite accurate. In fact, it even included a blurb
about the most popular satellite television stations in my zip code
(my zip code is actually shared with a town, a village, and an
unorganized township).
For
my Android toting students.
The
8 Best Office Suites On Android For Getting Work Done
For
my students who read...
Tools
for Working With ePub Files In Your Browser
From
time to time when you're conducting research online you may find
yourself coming across an ePub file. While you may have a tablet
that can read open ePub files, it may be more convenient to simply
open the file in your browser. For example, when you just need to
search a document rather than read the whole thing opening the ePub
in your browser could save you some time. Here are a couple of tools
for accessing ePub files in your web browser.
EPUBReader
is a Firefox add-on that will allow you to read ePub documents within
your browser. EPUBReader downloads ePub files and displays them
directly in your browser. The video below offers a short
demonstration.
Magic
Scroll is a Chrome web app that you can use to read ePub files on
your desktop or laptop even if you do not have an internet
connection.
Dilbert
gives you a PhD level understanding of Marketing in one cartoon!