For my Ethical Hacking students. Another “Thing”
that probably should not be connected to the Internet of Things.
Serious
Security Flaws Found in Hospira LifeCare Drug Pumps
Researchers
have identified several critical vulnerabilities in Hospira LifeCare
patient-controlled analgesia (PCA) infusion systems, which can be
exploited by a remote attacker to take complete control of affected
devices.
According
to the manufacturer’s website, the LifeCare PCA drug pump is
designed to prevent medication errors that commonly arise in PCA.
The device is advertised as including features that enhance safe and
secure delivery.
Canada-based
researcher Jeremy
Richards
(@dyngnosis) published a blog post on Tuesday detailing multiple
security issues identified in Hospira LifeCare PCA3 drug infusion
pumps.
“I
would personally be very concerned if this devices was being attached
to me. It is not only susceptible to attack, it is so poorly
programmed it can be rendered a useless brick with a single typo,”
the researcher said.
… Such
an attack is possible due to several flaws. One of the
vulnerabilities is that the Wi-Fi Protected Access (WPA) keys for a
hospital’s wireless network are stored
in plain text on the device and they can be accessed over
FTP and Telnet.
For my Computer Security students. Things just
keep getting more interesting.
Cisco
Unearths ‘Rombertik’ Virus That Self-Destructs When Poked By
Security Researchers
… Take Rombertik, for example. This is a
piece of malware that was deeply analyzed by Cisco's
Talos Security Intelligence and Research Group that at the high level
hooks into a user's Web browser to read sensitive information that is
then passed along to a remote attack server.
… Once executed, Rombertik will run through a
couple of checks to make sure it's not running in a sandbox, and if
not, it will fully install itself on the victim's PC. It then copies
itself and overwrites the copy with a copy that bundles the malware's
core functionality.
… Here's where things get interesting: if the
final check fails, which is to see if it's being analyzed in memory,
Rombertik will purge the hard disk's MBR and reboot, so that the PC
becomes unbootable. If the MBR is somehow unaffected by its
attempts, Rombertik will instead render the user's home folder
useless by encrypting each file with a random key, and then reboot.
Neither of these routes are
ideal, but the former could be fixed - the latter cannot.
If you want to dig deep into how Rombertik works,
you'll want to check out the article below, as it's very in-depth,
and even a bit enlightening. For the enterprise
and home alike, this is yet
another example of why staff need to be well-aware of the dangers of
opening unsolicited attachments.
(Related) Phishing emails you want to open?
Attackers
Used CareerBuilder to Send Malicious Resumes to Victims: Proofpoint
Researchers
at Proofpoint recently identified
a clever attack campaign involving CareerBuilder.com.
… "When
a resume has been submitted to a listed job opening, the
CareerBuilder service automatically generates a notification email to
the job poster and attaches the document, which in this case is
designed to deliver malware," Proofpoint explained. "While
this approach is more manual and requires more time and effort on the
part of the attacker, the probability of the mail being delivered and
opened
is higher."
"Rather
than attempt to create a realistic lure, the attackers here have
instead capitalized on the brand and service of a real site: the
recipients are likely to read them and open the attachments because
not only are they legitimate emails from a reputable service, but
these emails are expected
and even desired by the recipient," the researchers
added.
Unfortunately,
this language is not unique.
David Allison reports:
Consumers hurt in the giant Home Depot data breach have filed a consolidated lawsuit that accuses the company’s management of “overarching complacency when it came to data security.”
In a 187-page complaint filed in federal court in Atlanta on May 1, consumers state their case that by allowing the data breach to occur, Home Depot (NYSE: HD) breached its obligation to protect customers’ personal and financial information and violated its own internal policies and standards.
Read more on Atlanta
Business Chronicle.
The
pendulum of “Do! Don't! Do! Don't!” Interesting because you
don't have to make a phone call for your phone to “connect” to a
cellphone tower.
Curt Anderson reports:
Investigators do not need a search warrant to obtain cellphone tower location records in criminal prosecutions, a federal appeals court ruled Tuesday in a closely-watched case involving the rules for changing technology.
The Atlanta-based 11th U.S. Circuit Court of Appeals, overturning a three-judge panel of the same court, concluded that authorities properly got 67 days’ worth of records from MetroPCS for Miami robbery suspect Quartavious Davis using a court order with a lower burden of proof.
In its 9-2 decision, the 11th Circuit decided Davis had no expectation of privacy regarding historical records establishing his location near certain cellphone towers
Read more on PhysOrg.
Related: Here’s the published
opinion (pdf) from the court.
Thanks to Joe Cadillic for this link.
Update: Orin Kerr comments on the
opinion, here.
[From
the opinion:
The court reasoned: (1) the cell user has
knowledge that his cell phone must send a signal to a nearby cell
tower in order to wirelessly connect his call; (2) the signal only
happens when a user makes or receives a call;
A new word! At least a new definition of DWI.
Driving
While ‘Intexticated':
Texting, Driving, and Punishment
by Sabrina
I. Pacifici on May 5, 2015
Weaver, Russell L. and Friedland, Steven, Driving
While ‘Intexticated': Texting, Driving, and Punishment (May 4,
2015). 47 Tex. Tech L. Rev. 101 2014-2015; University of Louisville
School of Law Legal Studies Research Paper Series No. 2015-09.
Available for download at SSRN: http://ssrn.com/abstract=2602301
“In this short article, we argue that texting
while driving presents a special danger to society for
which preventive solutions are needed. Although a variety of
societal responses might be possible, and some other (softer)
approaches should generally be preferred (e.g., education), since
this is a symposium on homicide, it is appropriate to note that there
will be situations when a prosecutor might justifiably (and probably
should) bring murder or manslaughter charges against a driver whose
texting causes a fatal accident. This article outlines the problems
associated with texting, explains the legal basis on which homicide
charges might be brought, and suggests some less drastic alternatives
for dealing with the problem.”
A Privacy Law database?
EPIC
Launches State Policy Project
by Sabrina
I. Pacifici on May 5, 2015
“EPIC has launched the EPIC
State Policy Project to track
legislation across the county concerning privacy and civil liberties.
The EPIC State Project will identify new developments and model
legislation. The Project builds on EPIC’s extensive work on
emerging privacy and civil liberties issues in the states. The new
State Project will focus on student
privacy, drones,
consumer
data security, data
breach notification, location
privacy, genetic
privacy, the
right to be forgotten, and auto
black boxes.”
I think this was inevitable. After all, it's what
the police cameras should be doing. (Upload to department servers I
mean, not the ACLU)
Film the
Police
… A new app tries to answer this question by
offering, in effect, a different kind of backup. Called Mobile
Justice CA, the app uploads all video footage as it’s being
captured to servers owned by the American Civil Liberties Union
(ACLU). Even if the phone is destroyed, the video will survive.
The app was co-released Friday by the ACLU of
Southern California and the Oakland-based Ella Baker Center for Human
Rights, and it’s available now for iOS
and Android
devices.
Mobile Justice CA does more than automatically
upload video. It includes
a “witness” button, which a user can press to notify other app
users within a three-mile radius that they are observing a police
interaction. It also lets users file written reports with
a local ACLU office and includes versions of the ACLU’s “Know
Your Rights” guides for photographers, protesters, and citizens.
Perspective.
As Mobile
Grabs Over Half Of All Searches, Google Hits Refresh Button On Its
Ads
More than half of all Google
searches now happen on mobile
devices. Since you’re probably reading this on your smartphone,
that may not surprise you.
But it’s still a milestone
that Google has just
reached in the U.S., Japan, and eight other unnamed countries.
And today, the search giant today is using it as a hook to release a
slew of new types of mobile ads and tools to measure their impact all
the way to sales in stores.
Interesting. It used to be that millionaires
hated Democrats. Then they realized that lots of Democratic
politicians were millionaires. Who needs the little people?
http://www.cnbc.com/id/102650475?__source=google|editorspicks|&par=google&google_editors_picks=true
Hillary is
the favorite among millionaire voters: Survey
Hillary
Clinton is the favorite U.S. presidential candidate among
millionaire voters and would win a head-to-head contest with former
Florida Governor Jeb
Bush, according to the third CNBC Millionaire Survey conducted in
March that was released today.
Perspective. I
haven't subscribed to a newspaper for years. They keep tossing the
free local paper in my driveway every week. Is free the way of the
future?
Murdoch's
News Corp profits slashed by half
Rupert Murdoch's News Corp, which publishes The
Sun, The Times and the Wall Street Journal,
saw net profits more than halve in the three months to March 31, due
to declining advertising revenues and falling newspaper circulations.
Net
income attributable to shareholders dropped by 52% to $23
million (£15.1 million) for the quarter to the end of March. Total
revenues for the global group slipped 1% to $2.06 billion.
(Related)
State of
the News Media 2015
Call it a mobile majority. At the start of 2015,
39 of the top 50 digital
news websites have more traffic to their sites and associated
applications coming from mobile devices than from desktop computers,
according to Pew Research Center’s analysis of comScore data.
For my spreadsheet
students.
Need Help
with Excel Formulas? 7 Resources to Consult
… A few Internet instructors understand that
Excel is a sore spot for many, and these people have created free
resources that start with the basics
of Excel and eventually move onto the harder stuff, all in a
clear and concise manner.
For my Data Management and Business Intelligence
students. Not really new, but increasingly useful. Podcasts, local
TV and Radio news, etc. Search for any mention of your company.
The National Security Agency (NSA) has for years
used sophisticated technology that can turn audio content from phone
calls or news broadcasts into rough transcripts that can be easily
searched and stored.
The spy agency’s ability — revealed in
documents from former contractor Edward Snowden posted by the
Intercept on Tuesday — resembles commercial services that turn
speech into text, but it was developed in secret with the assistance
of massive data archives and ultra high-speed computing power.
… The first version of the technology was
rolled out in 2004, under the code name "Rhinehart,"
designed to search real-time audio as well as months-old archives.
No comments:
Post a Comment