For my Ethical Hacking students. Would you have
answered this guy? (Would your lawyers let you answer him?)
Ionut Ilascu writes:
Breaking
into the systems of an organization and accessing files without
authorization is regarded as trespassing. The motivation behind this
act can be anything from financial gain to proving one’s skills
among fellow hackers.
No
matter the reasons, the success of such an action is most of the
times due to lack of proper security measures.
Whitehats
also resort to this method for evaluating the resilience of a
company’s infrastructure against all sorts of attacks, as part of a
process called penetration testing.
GhostShell,
a hacker known for targeting entities from different sectors
(government, law enforcement, companies) in the past, took a break in
2013 but decided to return in the spotlight this year on June 28,
specifically to draw attention to the current state of insecurity
many entities, and that blackhats can cause a lot of damage.
Read more on Softpedia.
[From
the article:
The comeback was marked by a total of 548
announcements about compromised targets from various
industries, all accompanied by proof of the hack through links to
previews of the information accessed or exfiltrated.
Most of the victims were compromised in 2015, but
some of them had been compromised in late 2014. The hacker said that
efforts were made to report the vulnerabilities responsibly, but they
went unanswered.
“Emailed more than a thousand people, not even
one reply back,” the hacker said, adding that some of the sites
were taken down after the intrusion, indicating that someone cared
about the security of the data and made an effort to patch things up.
Also for my Ethical Hacking students. Any crime
can be forgotten if you promise not to release the really
embarrassing stuff?
Holder sees
possible DOJ deal with Snowden
… In an interview
with Yahoo News published on Monday, Holder threw cold water on
the notion that the former contractor — who has been holed up in
Moscow for two years — would never again step foot on U.S. soil.
“I certainly think there could be a basis for a
resolution that everybody could ultimately be satisfied with,”
Holder said. “I think the possibility exists.”
During the interview, Holder also appeared to go
further toward praising Snowden’s actions than other members of the
Obama administration have been willing to do.
… Snowden has been charged with multiple
crimes for his 2013 leak of classified federal documents, including
Espionage Act violations that could land him in jail for decades.
Because of the nature of the charges, Snowden’s supporters say that
he would not be able to fairly give his side of the story in court.
Can we agree on disingenuous? It is good to have
the bad guys underestimate your capabilities.
FBI
director says 'I really am not a maniac' just because he thinks he
can kill encryption
The director of the FBI has denied claims the UK
and US proposed encryption controls will “destroy” the internet,
claiming they are a necessary step in the war on terrorism and crime.
… Comey attacked the technology in a public
op-ed, where he claimed a
move towards end-to-end encryption could benefit terrorist groups,
more than general web users.
… The FBI director highlighted terrorist
groups', such as the Islamic State (ISIS), use of encrypted online
services as proof of his claim [Note
that the FBI can identify ISIS communications despite the encryption.
Or are they just guessing it is ISIS? Bob]
(Related) It is easier to buy these tools than to
constantly reinvent the wheel.
Joseph Cox reports:
The FBI is one of the clients who bought hacking software from the private Italian spying agency Hacking Team, which was itself the victim of a recent hack. It’s long been suspected that the FBI used Hacking Team’s tools, but with the publication yesterday of internal documents, invoices, emails and even product source code from the company, we now have the first concrete evidence that this is true.
Read more on Wired.
[From
the article:
The documents show that the FBI first purchased
the company’s “RCS” in 2011. RCS stands for “Remote Control
Service,” otherwise known as “Galileo,” Hacking Team’s
premiere spy product.
RCS is a simple piece of hacking software that has
been used by the Ethiopian regime to
target journalists based in Washington DC. It has
also been detected in an attack on a Moroccan media outlet, and a
human rights activist from the United Arab Emirates.
Once a target’s computer has been infected, RCS
is able to siphon off data, and listen
in on communications before they have been encrypted.
According to researchers based at the University of Toronto’s
Citizen Lab, who have monitored the use of RCS throughout the world,
the tool can also “record Skype calls, e-mails, instant messages,
and passwords typed into a Web browser.” To top that off, RCS is
also capable of switching on a target’s web camera and microphone.
… Despite this expenditure on controversial
surveillance technology, it appears that the FBI is only using
Hacking Team’s software as a “back up” to other tools,
according to internal emails.
As highlighted
by Forbes, Eric Rabe, Hacking Team’s communications chief,
wrote in a leaked email that “The FBI unit that is using our system
seems like a pretty small operation and they have purchased RCS as a
sort of back up to some other system they use.”
Oh
please. (Digest Item #4)
The NSA
Hates This Free Font
Thanks mostly to Edward
Snowden, the security whistleblower now resident in Russia, we
all know the extent to which the National
Security Agency (NSA) is spying on us all. It’s believed that
using certain words in electronic communication triggers
perfunctory surveillance, which is disconcerting to say the
least.
However, Project
Seen is a free font offering one possible solution. It
automagically redacts keywords and phrases recognized as triggers for
the NSA. So, by running an email through Seen before sending it, you
gain the opportunity to remove any references to the interception of
communications by the NSA. Nice.
A resource for my Computer Security students. Not
perfect, but it will likely get better.
Site tracks
and maps data breaches around the globe
by Sabrina
I. Pacifici on Jul 6, 2015
“ThreatWatch
is a snapshot of the data breaches hitting organizations and
individuals, globally, on a daily basis. It is not an authoritative
list, since many compromises are never reported or even discovered.
The information is based on
accounts published by outside news organizations and researchers.
We have tried to provide you with a sample of the most prevalent and
interesting cyber events. Each incident chronicled includes the
suspected attackers’ methods of penetration and apparent target to
help highlight patterns of activity and emerging threats. The
records are limited to episodes where data actually was compromised.
These are not accounts of new viruses, spam, or malicious email
campaigns that might lead to breaches. Some of the events cited are
more damaging than portrayed, while others may later turn out not to
be hacks at all: as you’ll see, the number of people affected is
one of the hardest measures to track. About the map: The global map
visualizes real-time malicious activity data captured by sensors used
by the experimental Honeynet
Project, an international non-profit security research
organization dedicated to investigating the latest attacks and
developing open source tools to improve Internet security. The green
dots indicate the geographic locations of outgoing malicious
activity. The map represents only some of the activity detected at
any given time because not all of the project’s sensors push their
data.”
Would any of the OBD Apps do the same thing?
GM to offer
teen driver tracking to parents
GM has
announced that it will be offering a way for parents to track
their teens' driving behavior in order to help cut down on accidents.
… The new system can be set to track the
distance driven, the maximum speed traveled, any over-speed warnings
issued during a drive, stability control events, antilock brake
events, forward collision alerts and forward-collision braking events
(if the vehicle is equipped to offer them).
… Driver-tracking systems are nothing new. A
vehicle's Engine Control Unit (internal computer) and on-board
diagnostics (OBDs) already
allow insurance companies to track driver behavior in order to
offer lower rates to good drivers. Those systems, however, require a
dongle to be plugged into any vehicle's OBDII port, which is located
under the driver-side dashboard.
Hey, they don't like you. Get over it.
In a precedent-setting case argued by Public
Citizen, the Washington state Court of Appeals has determined
[PDF] that anonymous online reviewers are entitled to basic First
Amendment protections.
In the case, the court denied a Florida divorce
lawyer’s attempt to learn the identity of former client who wrote
about her on Avvo, a Seattle-based website designed to allow users to
find and rate lawyers. Public Citizen urged the court to adopt a
strong standard used around the country to ensure that anonymous
online critics retain their First Amendment right to post negative
reviews online. The court agreed with Public Citizen and adopted
most of the test that the organization advocated.
“The court has protected consumers’ ability to
read criticism of businesses as well as the positive comments that
are never the subject of defamation claims,” said Paul Alan Levy,
the Public Citizen attorney who represented Jane Doe on appeal. “By
requiring proof that the criticism is false, the Washington Court of
Appeals has reassured consumers that their First Amendment right to
speak anonymously cannot lightly be flouted.”
The case stems from a series of reviews that
appeared on Yelp, Google and Avvo in September 2013 saying that Tampa
attorney Deborah Thomson had done a poor job of handling a divorce.
Thomson filed suit against the critics on May 21, 2014, in
Hillsborough County, Fla., alleging defamation.
Thomson then went to court in Washington state to
seek a subpoena to learn the identity of the critic who had posted on
Avvo. Although 12 states and the District of Columbia, as well as
many federal courts, have adopted standards that provide strong First
Amendment protections to anonymous online reviewers, before this
case, state courts in Washington had not yet set a standard. Thomson
did not seek a subpoena in California, where Yelp and Google are
based, and a state that has a strong protective standard.
A Washington trial court earlier rejected
Thomson’s request for a subpoena, and she appealed. In its brief
on behalf of Doe, Public Citizen urged the appellate court to require
people who seek to identify online critics to provide proof that the
criticisms are false and defamatory. Public Citizen’s work on
other cases throughout the country helped create the standard for
which we advocated.
“Happy Birthday! Would you like to buy a cake?”
This is the
real reason Twitter is copying Facebook and wants your birthday
Twitter wants you to celebrate your birthday on
its social network, and it will even give you some animated balloons
for your profile when it's your special day of the year.
But, that's not the only birthday present Twitter
will give you.
Buried beneath those birthday balloons is the real
reason Twitter wants to know your birthday: it wants to better target
ads.
In a link to a help center article on profile
visibility, Twitter acknowledges
that your birthday information will be used to "customize your
Twitter experience."
"For example, we will use your birthday to
show you more relevant content, including ads," the site
reads.
It's all about what you don't say? Would every
ecommerce site need to list everything that they don't sell that
might be a match for the search terms?
Amazon must
face trademark lawsuit over search results
Amazon.com
Inc must face a trademark lawsuit brought by a watchmaker which
says the online retailer's search results can cause confusion for
potential customers, a federal appeals court ruled.
… MTM Special Ops
are a military style model of watches which are not sold on Amazon's
web site, according to the court ruling. If an Amazon shopper
searches for it, however, Amazon the site will not say it does not
carry MTM products.
Instead, Amazon
displays MTM Special Ops in the search field and immediately below
the search field, along with similar watches manufactured by MTM's
competitors for sale.
MTM alleged this could
cause customers to buy from one of those competitors, rather than
encouraging the shopper to look for MTM watches elsewhere.
… In a dissent, 9th
Circuit Judge Barry Silverman said Amazon's search results page
clearly labels manufacturer for each watch.
"No reasonably
prudent consumer accustomed to shopping online would likely be
confused as to the source of the products," he wrote.
MTM attorney Eric
Levinrad on Monday said that unlike Amazon, other online retailers
will give customers a message that they don't sell a product if
that's the case.
The case in the 9th
Circuit is Multi Time Machine Inc vs. Amazon.com Inc and Amazon
Services LLC, 13-55575.
Food for thought? Do we even teach kids how to
use computers?
BBC Micro
Bit computer's final design revealed
The BBC has revealed the final design of the Micro
Bit, a pocket-sized computer set to be given to about one million
UK-based children in October.
… The BBC's director general Tony Hall said
the device should help tackle the fact children were leaving school
knowing how to use computers but not how to program them.
Wishing
us a happy fourth?
US
jets intercepted Russian bombers off the California and Alaska coasts
on July 4
Not a Spring Break thing. Florida just hates sex?
Man
convicted of having sex on Bradenton Beach sentenced to 2 1/2 years
in prison
The man convicted in May of having sex on
Bradenton Beach nearly a year ago was sentenced to 2 1/2 years in
prison on Monday.
Jose Caballero, 40, was found guilty of having sex
on a public beach in broad daylight with Elissa Alvarez, 21, on July
20, 2014. Nearby witnesses caught the two on video, with Alvarez
moving on top of Caballero in a sexual manner, and testified that a
then 3-year-old girl saw the act. [Where
were mom and Dad? Bob] Both were convicted on two counts
of lewd and lascivious exhibition.
"Our office had discretion, and we felt that
2 1/2 years was something that not only held him accountable but also
reflected his past history, as well," said Anthony Dafonseca,
assistant state attorney.
Alvarez was sentenced to time served in May, but
Dafonseca said they sought more time for Caballero because of his
previous conviction and eight years in prison for cocaine
trafficking. Originally, the prosecution filed paperwork to seek the
maximum 15 years in prison for Caballero, but dropped that move soon
after the guilty verdict.
Even
a crook can dress for success.
Man Dressed
as Armored Truck Driver Walks Out of Walmart With $75,000
…
Authorities say the suspect entered the
Walmart store in Bristow about 10:30 a.m. Saturday, walked to the
cash office, signed for the deposit and walked out of the store. He
drove away in a dark four-door Chevrolet.
"He came to the Walmart kind of dressed like
a Loomis armored car driver," Williams said. Walmart employees
called police after the real Loomis employee arrived about 45 minutes
later.
No comments:
Post a Comment