Monday, August 10, 2015

“Hey there! This is your boss. Please send $1,000,000 to Tony Soprano, care of the Bank of Nigeria.” Do companies actually do it like that?
Brian Krebs reports:
Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
Ubiquiti, a San Jose based maker of networking technology for service providers and enterprises, disclosed the attack in a quarterly financial report filed this week with the U.S. Securities and Exchange Commission (SEC). The company said it discovered the fraud on June 5, 2015, and that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department.
Read more on KrebsOnSecurity.com.




Santayana was right, "Those who do not learn history are doomed to repeat it." This seems to be particularly true with the history of Computer Security.
Darren Pauli reports:
Four FireEye researchers have found a way to steal fingerprints from Android phones packing biometric sensors such as the Samsung Galaxy S5 and the HTC One Max.
The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open “world readable” folder.
“Any unprivileged processes or apps can steal user’s fingerprints by reading this file,” the team says, adding that the images can be made into clear prints by adding some padding.
Read more on The Register.
[From the article:
It is one of four vulnerability scenarios in which biometric data normally secure in an Android phone's TrustedZone can be pilfered.




Long suspected. Call them mercenaries, contractors, friends of the government – whatever. What happens if these guys cross the line in service to the Russian government?
Cyber crimes against NATA and its members
by Sabrina I. Pacifici on Aug 9, 2015
Via Atlantic Council – New Twists in Russia’s Cyber Campaign Against NATO and Its Members By Sam Jones, Financial Times: “Russia’s aggressive actions in cyber space are all carefully designed to fall short of warranting any kind of serious military or aggressive response. One of Moscow’s new favoured tactics is to arm crime syndicates with sophisticated hacking tools and malware and subcontract them to undertake operations against adversaries or to mount so-called “false flag” attacks [Can the hack in Chinese? Bob] to muddy the water around attribution, says a senior US military cyber command officer.”




More jobs for my Computer Security students?
Tesla Courts Hackers to Defend High-Tech Cars
Hackers swarmed a Tesla sedan in a 'hacking village' at the infamous Def Con conference on Saturday as the high-tech electric car maker recruited talent to protect against cyber-attacks.
It was the second year in a row the California-based company was at the world's largest gathering of hackers in Las Vegas, and came on the heels of a massive recall of Fiat Chrysler Automobiles vehicles to patch a flaw that could let them be remotely commandeered.
… Tesla recruiters were on hand, along with members of the California-based company's security team.
Tesla cars are highly computerized. New features as well as software updates are pushed out to vehicles over wireless Internet connections.
"They are not messing with our software," Brooklyn said with only a hint of hesitation.
She knew of no cyber-attacks aimed at Tesla cars, at Def Con or anywhere else.
… They referred to Tesla sedans as data centers on wheels, and urged great care when trying to hack vehicles that could be racing along at 100 mph (160 km) or so.
"As cars become more connected, we need to think about them a lot more like smartphones where you are constantly testing and improving products to make they as secure as you can," Brooklyn said.




Are you keeping an eye on the old home town? Following your favorite university sports? Stalking an old girlfriend? Override your phone's location...
Blockfeed App Surfaces Hyper Local News
… And that’s where Blockfeed comes in. This New York city-based startup is aggregating local news sources, from small blogs to established newspapers, geolocating relevant news stories to a hyper local location — such as a particular street or block — and then serving those stories to readers based on where they happen to be at the time they open the mobile app. Thanks to smartphone location-positioning tech, knowing a reader’s location is trivial.
… Currently the app is live in New York City only, after soft launching on iOS at the start of last month. Thus far it’s gained around 900 active users without any marketing. It’s launching on Android today, and stepping up the noise.




Another Copyright article for my IT Governance students.
Why Facebook’s video theft problem can’t last
Earlier this year, Facebook’s increased focus on video — which began with it introducing autoplay video in 2013 — began to show real results. In April, the company reported that it received more than 4 billion video views every day. If you make videos or want to sell advertising against them, this is great news: a giant platform with unparalleled reach is finally paying attention to you.
But then popular YouTuber Hank Green leveled a number of allegations at Facebook’s video team, including a charge of rampant copyright infringement from Facebook users who are uploading videos from YouTube and other platforms without creators’ consent. Facebook has responded that it has measures in place to address copyright infringement, including allowing users to report stolen content and suspending accounts guilty of repeated violations.
But that has done little to satisfy content creators, whose support Facebook needs as it works to challenge YouTube’s dominance. Green and other video makers are increasingly disgruntled, and Facebook’s weak denials could lead to expensive lawsuits. Meanwhile, the failure to protect against copyright infringement could ward off the advertisers whose ads will eventually come to Facebook video. If Facebook doesn’t act quickly, it risks alienating the two groups it needs most to establish itself as a next-generation video platform.




For my students who write – that's all of them.
Hemingway Editor Updated in Time for the New School Year
Last year I featured the Hemingway App Editor as a good tool to help students analyze their own writing. Hemingway is a free tool designed to help you analyze your writing. Hemingway offers a bunch of information about the passage you've written or copied and pasted into the site. Hemingway highlights the parts of your writing that use passive voice, adverbs, and overly complex sentences. All of those factors are accounted for in generating a general readability score for your passage.
This summer the Hemingway Editor was updated to offer a few more features. The Hemingway Editor now provides tools for formatting the text that you write in the web version of Hemingway. You can now create bullet lists, change font size and style, write numbered lists, and indent paragraphs.
StoryToolz offers a tool similar to Hemingway that you may also want to check out.




For all my students.
IT Salary Survey 2015
by Sabrina I. Pacifici on Aug 9, 2015
ComputerWorld 29th Annual Report It Salary Survey: “After years of tight budgets, employers are boosting pay to attract and retain hot IT talent. Our survey of more than 4,800 tech workers reveals who’s getting the cash — and how you can too.. Topics include: Cash Is Back!; IT Pay All the Numbers; Job Seekers Call the Shots; Security Talent Is Red-Hot.”




Amusement for my programing students.
How I wrote a Twitter bot to automatically enter contests
...and ended up winning on average 4 contests per day, every day, for about 9 months straight.


No comments: