How
would you determine that hackers claiming to be ISIS maniacs are
really teenagers playing at hacking?
I
can’t remember whether I’ve ever seen parents keep their children
home from school as a result of a school web site defacement, but
that’s what happened in Yorkshire when the defacement suggested an
Islamist group.
Kenny
Toal reports:
A local authority has advised all public bodies and organisations to
make sure their security software is up to scratch after hackers,
claiming to be from an Islamist group, targetted a primary school
website.
Some parents at Sowerby Community Primary, in
Thirsk, kept their children off school today after the security
breach last night.
But police say while they are investigating there
is no threat to the school or its pupils. [A
bit too far to the “no worries” side. Bob]
Read
more on ITV.
For
my Ethical Hackers (and my friends in the banking world)
Thieves
Jackpot ATMs With ‘Black Box’ Attack
Previous
stories on KrebsOnSecurity about ATM skimming attacks have focused on
innovative fraud devices made to attach to the outside of compromised
ATMs. Security experts are now warning about the emergence of a new
class of skimming scams aimed at draining ATM cash deposits via a
novel and complex attack.
At
issue is a form of ATM fraud known as a “black box” attack. In a
black box assault, the crooks gain physical access to the top of the
cash machine. From there, the attackers are able to disconnect the
ATM’s cash dispenser from the “core” (the computer and brains
of the device), and then connect their own computer that can be used
to issue commands forcing the dispenser to spit out cash.
…
If you liked this story, check out my ongoing
series about ATM skimmers.
For
my Ethical Hackers. Could work like a “Stingray for Wifi”...
Wi-Fi
Password Phishing Attacks Automated With New Tool
Wifiphisher
attacks work in three stages. In the first stage, victims are
deauthenticated from their access point with the aid of
deauthentication packets sent to the broadcast address, from the
client to the access point, and from the access point to the client.
In
the second phase, the victim access point’s settings are copied and
a rogue access point is set up. Because the legitimate access point
is jammed, clients will connect to the rogue access point. In this
stage, the tool also sets up a NAT/DHCP server and forwards the right
ports, the developer explained.
In
the final phase, a man-in-the-middle (MitM) attack is launched by
using a minimal Web server that responds to HTTP and HTTPS requests,
and victims are presented with a fake router configuration page when
they try to access a website. This configuration page informs users
that a firmware update is available for the device and instructs them
to enter their WPA password.
Why
does the education community fail to understand parental concerns?
Do they view the entire world as children?
BreakingNews.ie
reports:
Concern is being expressed about a new Primary Online Database being
established by the Department of Education.
Under the plan, all children’s PPS numbers along with details
of their religion and ethnic backgrounds will be included
on the database, which the Department said will be used to develop
education policy into the future.
Read
more on BreakingNews.ie.
[From
the article:
…
Parents of all primary school children are being sent letters
outlining how the new POD will work and what information will be
stored, the letter states that the
information will be kept until the child reaches the age of 30.
…
"They themselves say they will be sharing the data with the
Department of Social Protection and other agencies," McGarr
said.
…
The Department of Education's website says the scheme "has
been thoroughly piloted with a selection of schools" [So
they are already doing this? Bob] and "extensively
discussed with the education partners and management bodies."
[But not parents. Bob]
…
The Department also reports that only information on ethnic and
religious background requires the consent of a parent of guardian.
"All
other information… was deemed by the Data Protection Commissioner
as nonsensitive personal data and therefore does not
require written permission from parents for transfer of the
information to the Department," the letter to parents says.
Why,
exactly? An infographic.
These
50 Apps Will Track Everything. And We Mean Everything
When
we say these apps let you track
anything, we’re not kidding. If you can think of it, your
phone can track it.
One
of the coolest (and creepiest) uses of a device that’s always
connected is the ability to keep track of things. We can track our
sleep, movement, money, and so much more thanks to these incredibly
powerful devices that are at our sides 24 hours a day, seven days
a week.
Of
course, in order to take advantage of all of this tracking, you’ll
need the right apps. Here’s 50 apps that track everything you
could ever imagine.
Via
Voucher
Cloud
Why?
Does James Bond need sensors disguised as buttons on his tux? Does
everyone need a wear-it-on-your-wrist selfie-taking-camera?
Intel
CEO shows off wrist-worn drone, pledges to employ more women
Chief
Executive Brian Krzanich demonstrated a tiny computer built into the
button of his jacket and a wristband that was capable of transforming
into a flying camera at the 2015 Consumer Electronics Show in Las
Vegas on Tuesday.
Intel,
known more for its computer chips, is attempt to expand into the area
of smart gadgets that you can wear. Krzanich said during his keynote
that Intel was pushing to create computerized apparel and other
gadgets equipped with sensors, an area that Intel hopes is rife with
growth as the demand for smartphones and tablets begins to taper off,
according to a Reuters
report.
…
The drone on his wrist is called Nixie, and it can be launched into
the air equipped with a camera and is capable of navigating around
obstacles.
(Related)
Better late than never I suppose. Note that Ramirez never suggested
that the FTC would do anything.
The
head of the Federal Trade Commission (FTC) raised alarms on Tuesday
about the potential hazards to people’s privacy that come with the
rise of connected bracelets, cars and other devices.
The
billions of “smart” devices on the so-called “Internet of
Things” pose serious threats to personal privacy, Chairwoman Edith
Ramirez said at the Consumer Electronics Show in Las Vegas, even
while they may help with daily tasks or improve people’s health.
…
To counter the concerns, Ramirez told companies to “build security
into their devices from the very outset.”
Device
developers should also limit the data they collect to that which is
necessary for a specific purpose and then get rid of it when it is no
longer needed, she suggested, and make sure that users are fully
aware of what it collected and why.
A
Big Data tool. Any change should be investigated and explained.
(That's my inner auditor speaking.)
Twitter
Releases Anomaly Detection Tool
AnomalyDetection
is a package for R, the free software environment for statistical
computing and graphics. Twitter has been using the tool to detect
anomalies such as spikes caused by user engagement on the social
media platform during breaking news, major sporting events and
holidays.
From
a security standpoint, AnomalyDetection can be utilized to detect
activities associated with bots and spam, which may cause anomalies
in the number of followers and favorites. Anomalies can also be
detected in system metrics after the release of new software, Twitter
said.
“An
anomaly can be positive or negative. An example of a positive
anomaly is a point-in-time increase in number of Tweets during the
Super Bowl. An example of a negative anomaly is a point-in-time
decrease in QPS (queries per second). Robust detection of positive
anomalies serves a key role in efficient capacity planning.
Detection of negative anomalies helps discover potential hardware and
data collection issues,” Twitter software engineer Arun Kejariwal
explained in a blog
post.
The
social media giant has released AnomalyDetection as open source
to give the community the chance to contribute to improving the tool.
The R package is available on GitHub.
Dang
copyright! Not the diagnostic codes but the parts! Don't you need
the part information to order the proper replacements?
Ford
Tries to Shut Down Independent Repair Tool with Copyright
EFF
– “…The Ford Motor Company…recently
sued Autel, a manufacturer of third-party diagnostics for
automobiles, for creating a diagnostic tool that includes
a list of Ford car parts and their specifications. Ford
claims that it owns a copyright on this list of parts, the “FFData
file,” and thus can keep competitors from including it in their
diagnostic tools. It also claims that Autel violated the
anti-circumvention provisions of the Digital Millennium Copyright Act
by writing a program to defeat the “encryption technology and
obfuscation” that Ford used to make the file difficult to read.
We’re pretty skeptical of Ford’s claims. Mere facts and data
cannot be copyrighted, but sometimes a “compilation” of data can
be—if the selection and arrangement are sufficiently creative. It
seems unlikely that Ford broke new creative ground when deciding
which parts to include in the database and the order in which they
would appear. Ford does allege that it included fictitious part
descriptions in the database, but that’s probably not enough to
pass muster. After all, similar fictions were included in the
phonebook that the Supreme Court found to lack originality in the
leading case defining the limits of copyrightability for
compilations, Feist
v. Rural. Feist, the Supreme Court
explained that compiling the names, towns, and phone numbers of all
of a company’s telephone subscribers in alphabetical order was not
sufficiently original for the compilation to be copyrighted. It
explained that alphabetical ordering was “commonplace,” and that
the “selection” of all current subscribers and basic information
about them was not a creative decision. Without seeing the FFData
compilation, we can’t be sure whether or not it is creative enough
for copyright coverage. Of course, even if we had a copy of the
file, under Ford’s theory we couldn’t look at it without running
afoul of the DMCA. And that points to a deeper problem. When the
Supreme Court recognized the copyrightability of creative data
compilations, it noted that people are free to copy the facts out of
such a work as long as they don’t copy the creative elements of
selection and arrangement. But because the DMCA restricts access to
a work in the first place, this important limitation on copyright’s
scope does not apply in circumvention cases,
according to most courts’ interpretation of the DMCA. If
a data compilation is copyrightable, then people are not free to
extract non-copyrightable facts from the work, look at the work to
figure out whether it is copyrightable, or access the work for other
legitimate purposes such as news reporting, scholarship, and remix.”
For
my gamer students.
Play
Thousands Of MS-DOS Games For Free
You
can now play thousands of classic (and not-so-classic) MS-DOS
games online and directly in your Web browser for free. This is
thanks to the latest release from the Internet Archive, which has
compiled the collection and made them available to play within the
DOSBox
emulator running on a virtual machine.
This
is the latest addition to the Internet Archive, which already
contains hundreds of classic video games offered through the
Internet Arcade. Look out for a longer article exploring
the MS-DOS collection later this week.
No comments:
Post a Comment