For my Ethical Hacking students. Check with your
lawyers before you try something like this.
Love it!
Steve Nichols reports:
A cyber hacker gets scammed when he targeted a Clearwater cyber security firm.
KnowBe4 trains corporate clients on defending against “phishing attacks”, a term for using realistic-looking but fake emails for illicit gain.
Last Friday, the company’s chief financial officer received an email purportedly from the chief technology officer requesting instructions on wire transferring nearly $20,000.
Read what happened next on Fox13.
[From
the article:
Then they sent a fake email appearing to be from
AOL, the scammer's email provider. It said the email account was
locked for security purposes, and the user needed to "click
here" to log in and unlock the account. "And of course
this link doesn't go to AOL, that link goes to us" Irimie
explained.
"Indeed he entered his user name and password
so we could get his IP address, his internet address" Sjouwerman
said, adding that information in turn provided the scammer's
geographic location. "We know where it is but we refrain from
making that public because we've transferred it to law enforcement,
and it's now in their hands" he told FOX 13 News.
It is intelligence laundering. You have a source
you don't want to compromise (say a spy in the Kremlin) so you use
the intelligence from that source to ensure you “stumble upon”
the same intelligence in a way that “explains” how you got the
information without getting your spy shot.
FBI and DEA
under review for use of NSA mass surveillance data
… The investigations surfaced in a
report to Congress from the Justice Department's inspector
general.
Parallel construction is a controversial
investigative technique that takes information gained from sources
like the NSA's mass surveillance, covers up or lies about the
sources, and then utilizes them in criminal investigations inside the
United States. The information was passed to other federal agencies
like the Internal Revenue Service (IRS).
The technique was described
as “decades old, a bedrock concept” by a DEA official.
Critics at the Electronic Frontier Foundation
(EFF) described the
technique as “intelligence
laundering” designed to cover up "deception and
dishonesty" that ran contrary to the original intent of
post-9/11 surveillance laws.
… The DEA’s use of parallel construction was
revealed
by Reuters a few months later.
… The NSA sent daily metadata reports to the
FBI from at least 2006 to 2011, according
to the director of national intelligence.
The ongoing review will examine how the FBI
processed the NSA’s information, how much information was passed
along, and the results of the initiated investigations.
… The Justice Department’s Office of
Inspector General is also investigating the FBI’s use of Patroit
Act Section 215 from 2012 to 2014 that allowed it to obtain “any
tangible thing” from any business or entity as part of
investigations against international terrorism or spying.
A previous investigation revealed that every
single Section 215 application submitted by the FBI to the secretive
Foreign Intelligence Surveillance Court (FISA)
was approved.
(Related) Compromising your field agents is
always a bad thing.
Aditya Tejas reports:
The U.S. Central Intelligence Agency (CIA) pulled a number of officers from the American Embassy in Beijing as a precautionary measure after a massive cyberattack in June compromised the personal data of over 22 million federal employees, according to a report Tuesday.
U.S. officials reportedly said the data breach was conducted by a hostile party to identify spies and other American officials who could be blackmailed to provide information. The records, stolen from the Office of Personnel Management (OPM), contain the background checks of State Department employees.
Read more on International
Business Times.
An interesting way to identify and ensure everyone
is using Best Practices!
Excellent. NewsOK reports:
State Auditor Nicole Galloway on Wednesday announced the launch of a cybersecurity audit initiative in Missouri schools.
The initiative will focus on identifying practices that improve the security of information that schools have on students and their families.
Read more on NewsOK.
[From
the article:
According to the Privacy Rights Clearinghouse, a
nonprofit based in San Diego, more than 250 K-12 schools across the
United States experienced a data breach event in the past 10 years.
[I'd bet that number is
low. Bob]
Do they care what the customer's want? What will
happen if Google blocks Digical?
Mobile
Operator Digicel Will Block Advertising Across Its Network
Who needs an ad-blocking app when your telecom
operator will prevent ads from reaching your mobile device?
Wireless operator Digicel will soon begin blocking
online advertising from traveling across its networks in the
Caribbean and South Pacific, the company announced Wednesday.
German telecommunications group Deutsche
Telekom is also
considering blocking advertising on its networks, a person familiar
with the matter said.
Jamaica-based
Digicel said online advertising companies such as Google, Facebook
and Yahoo will now be required to pay to deliver ads to its
subscribers, or can expect to have them blocked.
… For now, U.S. consumers are blocking ads by
installing software on their computers or mobile devices. The
practice is growing, threatening the business model of many
ad-supported online sites and services.
Because vast improvements don't work well with
half-vast implementations. Europe has been using these for 5 years.
Why are there any surprises here? Because no one tried to learn from
the Europeans, they tried to make it all up on their own.
Chips, Dips
and Tips: 5 Potential Problems With New Credit Cards
… Thursday's "deadline" for
merchants to support the new EMV technology — or face the
consequences if fraud occurs — is really a soft target, and
consumers are unlikely to notice any dramatic changes or encounter
difficulties as they make their shopping rounds.
… the chip generates a unique purchase code
every time the card is used, transactions will take a few seconds
longer to process. Added to unfamiliarity with the "dip"
process and there may be checkout delays, experts warn.
"Some people are experiencing a 20 second
wait times with these chips," said Avivah Litan, vice president
and analyst at Gartner Research.
… "I have several credit cards with chips
in them and all but my American Express work really well," said
chip credit card user Marilyn Barnicke Belleghem. "Apparently,
the chip (on that card) is
placed in the wrong position to be accurately read on the
machine at the grocery store where I like to shop."
… In other countries, chip cards come with
PINs, which require the user to remember a four-digit number in order
to use the card. Most U.S. chip cards won't come with PIN technology
initially, meaning shoppers will still confirm purchases with a
signature. The problem is, some chip credit card machines in other
countries aren't equipped to accept signatures, so you might not be
able to pay if you're traveling and don't have a card with a PIN.
… With only a signature required, we won't
have the full protection that a PIN offers. If a thief steals your
chip card, they can still use it. They just have to forge your
signature.
The new technology doesn't protect against fraud
in online purchases, either. Online transactions don't require a
terminal at checkout, so there's no way to read your card and
generate a code. All anyone needs is your credit card number,
three-digit security code, and expiration date.
… The added hassle might motivate consumers to
use phones to make wireless NFC (near-field communication) payments,
which is quicker.
"I think this is going to spur an adoption of
mobile payments," said Gartner's Litan. "They're much more
convenient. This is exactly what the credit card companies want you
to do. The same culprits pushing chips, they would also like us to
use our mobile phones. Then they don't have to pay for physical
cards, and it has the same security as a chip."
An interesting question for my lawyer friends.
Why Are So
Many Law Firms Trapped in 1995?
Replacing project management? Turning tasks into
just another thing on the Internet of Things?
Asana's New
Plan: Tracking Every Aspect Of Your Work, With Help From Developers
… Asana has some 140,000 companies who use it
to track projects and tasks, with the hope of eliminating
back-and-forth conversations that happen in email and meetings in
favor of, you know, actual work. While most use it for free, more
than 10,000 companies pay per-team fees that start at $21 a month,
and Asana now has "tens of millions of dollars" in annual
recurring revenue, Moskovitz said.
… The problem is that not everything you deal
with at work is a task. Asana, historically, has presented itself as
a task-management
tool. Now, Moskovitz and Rosenstein want to expand its scope to
the larger category of "work tracking," an area of
collaboration they see as coequal to file sharing, like Box and
Dropbox, and messaging, the field of Slack, Convo and similar apps.
Sections are essentially additional data fields
that can be assigned to an object in Asana. Venture-capital firms
might track companies by stage and amount invested. A DNA analysis
firm might track vials. A nonprofit orchestrating healthcare in a
developing country might track patients. All of those require a more
structured approach than a generic task.
That, in turn, opens up Asana to far more
interesting possibilities for third-party developers. A healthcare
systems integrator might build a generalized case-management tool for
hospitals. A publishing company might create a system for tracking
an article from assignment to editing and fact-checking to
publication.
A case study of political disconnect? “We knew
it couldn't be done until 2019 so we set the deadline at 2015. Then
we can claim we're statesmanlike by extending it to 2018.”
Bill to
extend safety system deadline would avert rail shutdown, help Metra
A measure introduced in the U.S. House on
Wednesday seeks to avert the threatened year-end shutdown of the
nation's freight and commuter railroads, including Metra.
Leaders of the Transportation and Infrastructure
Committee said their bipartisan legislation would give U.S. railroads
an additional three years to implement the congressionally mandated
safety system known as positive train control.
The lawmakers acknowledged that the Dec. 31
deadline for installation of PTC on the vast majority of the
railroads is not achievable, and that extending the period until the
end of 2018 will prevent significant disruptions of both passenger
and freight rail service across the country.
… Without an extension, railroads say their
crews would be prohibited by law from operating trains beyond that
date. They say freight shipments will be halted, commuter lines will
cease operations, and Amtrak service outside of portions of the
Northeast Corridor will be suspended.
A shutdown could have a huge impact on Chicago,
the nation's rail hub. Each day, the city has 500 freight trains
pass through, Metra operates 753 trains, and 56 Amtrak trains come
and go.
… The agency has said previously that
installing PTC will cost $350 million and won't be fully in place
until at least mid-2019.
Perspective. Why “free” works.
The price
of free: how Apple, Facebook, Microsoft and Google sell you to
advertisers
Is Office365 getting all of Microsoft's attention?
Likes and
@Mentions coming to Outlook on the web
Over the last several years, social networks have
changed the way we communicate. In our personal lives, we show our
approval by “Liking” a friend’s status update on Facebook and
we “@Mention” others in a Twitter post to call attention to it.
In our workplace, these same social concepts became popular through
enterprise social tools such as Yammer. Today we’re taking the
next step and introducing Like and @Mention to workplace email in
Outlook on the web.
… To Like a message, simply click the
thumbs-up icon in the reading pane. This turns the
icon from gray to blue, notes within the email that you liked the
message and adds a thumbs-up icon in the email list view. Anyone on
the thread can Like a message, and their Likes are identified and
captured within the message as well. If someone likes your email,
you’ll receive a notification letting you know.
While the focus of Likes is on specific emails,
the focus of Mentions is on specific individuals. When collaborating
on email, it is common to call out a specific person for an action or
request. Another scenario is adding a person to an existing thread
for their attention—perhaps you are on a thread and know that the
person who can answer a question was not initially included. Using
the Mentions feature ensures that the person is not only aware of the
request but is also included in the thread.
… The Like feature in Outlook on the web will
begin to roll out today to Office 365 First Release customers whose
Office 365 plan includes Exchange Online. We expect the feature to
roll out broadly to eligible Office 365 commercial customers starting
in late October. The Mention feature will begin rolling out to First
Release customers in mid-October and broadly to all eligible Office
365 commercial customers in mid-November.
In addition, our Outlook.com users who have been
migrated to the new
version of the service will start seeing Mentions in the December
time frame as well.
Ain't technology wonderful? Power for devices on
the Internet of Things.
Freevolt
generates power from thin air
… Drayson Technologies today announced
Freevolt, a
system that harvests energy from radio frequency (RF) signals
bouncing around in the ether and turns it into usable, "perpetual
power."
… We're constantly surrounded by an
ever-denser cloud of RF signals. They're the reason your smartphone
gets 2G, 3G and 4G coverage, your laptop gets WiFi, and your TV
receives digital broadcasts.
… According to Drayson, Freevolt is the first
commercially available technology that powers devices using ambient
RF energy, no dedicated transmitter required.
For my students who are serious about their field
of study.
The 5 Best
News Curation Apps to Fight Information Overload
No comments:
Post a Comment