Well, that
explains everything. Maybe.
FBI enlists
Israeli firm to unlock encrypted iPhone
Israel’s
Cellebrite, a provider of mobile forensic software, is helping the
U.S. Federal Bureau of Investigation’s attempt to unlock an iPhone
used by one of the San Bernardino, California shooters, the Yedioth
Ahronoth newspaper reported on Wednesday.
If Cellebrite succeeds, then the FBI will no
longer need the help of Apple Inc, the Israeli daily said, citing
unnamed industry sources.
Cellebrite officials declined to comment on the
matter.
(Related) Logic, as to what might be happening.
Very interesting read!
My Take on
FBI’s “Alternative” Method
… All of this paints a pretty clear picture:
the leading theory at present, based on all of this, is that an
external forensics company, with hardware capabilities, is likely
copying the NAND storage off the chip and frequently re-copying all
or part of the chip’s contents back to the device in order to brute
force the pin – and may or may not also be using older gear from
iOS 8 techniques to do it. The two weeks the FBI has asked for are
not to develop this technique (it’s most likely already been
developed, if FBI is willing to vacate a hearing over it), but rather
to demonstrate, and possibly sell, the technique to FBI by means of a
field test on some demo units.
… The FBI is rumored to have classified this
technique, only 24 hours after requesting a two-week window to give
report. If true, FBI wouldn’t classify something that they haven’t
validated, which means they validated it too. This suggests the
technique *could* also be an exploit, so now we’ve two different
possibilities to consider. The classification also suggests a little
bit about the company. The company must have engineers capable of
holding (or already holding) clearances, suggesting it’s a rather
large company.
(Related) I liked some of these too. Perhaps I
can get a laser drill for my Ethical Hacking students?
Acid? Laser
drill? How the FBI might hack into an iPhone without Apple’s help
… federal officials have been mum about who
came forward and what method they’ve proposed. Here are some of the
leading options outside experts think the FBI might be exploring.
BACK UP AND ATTACK
RESET THE COUNT
RESET THE COUNT
Another approach,
sometimes known as “chip de-capping,” calls for physically
removing the casing of the iPhone’s processor chip, using acid or a
laser drill. In theory, investigators could then connect electronic
probes capable of reading the phone’s unique identification code
bit by bit from the location where it is “fused” into the phone’s
hardware. This method would also have to read the algorithm that
combines that code with the user passcode to unlock the phone.
Once they get that
information, investigators could then load it onto another computer,
where they can run thousands of attempts at guessing the passcode
without worrying about triggering the auto-erase function on the
phone itself.
A BRAND NEW ‘ZERO
DAY’
What's in your water?
Attackers
Alter Water Treatment Systems in Utility Hack: Report
Verizon’s
data
breach digest for March 2016 describes several attacks
investigated by the company, including one aimed at the systems of an
unnamed water utility referred to by Verizon as the Kemuri Water
Company (KWC).
The
water district had asked Verizon to conduct a proactive assessment as
part of its efforts to keep systems and networks healthy, but experts
soon discovered clear signs of malicious activity.
They
immediately noticed that the organization had a poor security
architecture, with Internet-facing systems plagued by high-risk
vulnerabilities known to be exploited in the wild, and
outdated operation technology (OT) systems that had been more than
ten years old.
The
water utility’s SCADA platform was powered by an
IBM AS/400 system, which was first introduced by the vendor in 1988.
This system was used to connect both OT functions, such as the water
district’s valve and flow control applications, and IT functions,
such as financial systems that stored customer and billing
information.
… Verizon
investigators believe the hackers exploited a vulnerability in the
payment application web server. This server stored the internal IP
address and admin credentials for the AS/400 system, from which the
attackers are believed to have stolen 2.5 million records containing
customer and payment information.
… Since
the compromised AS/400 system also ran valve and flow control
applications used to manipulate the utility’s hundreds of
programmable logic controllers (PLCs), the hackers managed to access
this software and alter
settings related to water flow and the amount of chemicals used to
treat the water.
Sometimes a sentence just does not seem to fit
with the rest of the talk (or article). Does this strike you funny
too?
Abraham J. Rein of Post & Schell has a nice
recap of some of the recurring themes at last week’s PHI Protection
Network conference in Philadelphia. Here’s a snippet of his post
from the section about about law enforcement’s message to
attendees:
…. Michael Stawasz, Deputy Chief of the U.S. Department of Justice Computer Crime and Intellectual Property Section (“CCIPS”), and Rich Goldberg, Chief of the Economic Crimes Unit for the U.S. Attorney’s Office of the Eastern District of Pennsylvania, both worked to assuage corporate anxiety around reporting a data breach to law enforcement. Such anxiety is reasonable, given the risk of the company finding itself on the wrong end of enforcement scrutiny. But Stawasz and Goldberg both emphasized that, when a company suffers a data breach, “you [the company] are our victim” – indeed, “our goal is to protect you.” Companies need not be concerned, according to Stawasz, about turning information over to the government to assist in its investigation of the breach: “Your information will not be FOIA’d,” Stawasz told the audience; moreover, “it won’t be immediately shared with your regulators,” because “I’m not interested in holding you liable for unreasonable security.”
Read more on Post
& Schell.
Interesting. Is this an indication that Privacy
is becoming a large part of legal practices or that you can't get
anything done on the FTC Board?
FTC
commissioner to resign at end of month
The Federal Trade Commission's Julie Brill is
slated to leave the agency at the end of the month, opening up the
second vacancy on the five-person panel.
Brill, a Democrat, is slated to join Hogan Lovells
to help lead the law firm's privacy and security practices. She will
also help out with the firm's antitrust work.
Perspective.
Well, I find it interesting.
Report:
Half of all mobile games revenue comes from only 0.19% of players
Mobile
games publishers have to take incredible care when acquiring new
users, since the vast majority of them don’t buy anything. In
fact, only 0.19 percent of all players contribute 48 percent of
revenue, according to a new report from mobile
marketing automation and engagement firm Swrve.
Swrve also found that a full 64 percent of players
who spend money in games only do so once in the month (up from 49
percent in the original study last year). But it’s not all bad
news for publishers. Total volume of spending per month increased by
nearly $3 per player to $24.66.
Perspective.
US
recorded-music revenues rose slightly in 2015 says RIAA
US music
industry body the RIAA has published its figures for 2015, revealing
that recorded-music revenues rose by 0.9% last year to $7bn.
That’s
estimated retail value: the amount of money people spent on physical
music, downloads and streams. The wholesale value – the money
flowing back to rightsholders – rose 0.8% to $4.95bn.
Another key
point from the RIAA’s announcement: streaming
is now the biggest chunk of US recorded-music revenues,
rising from 27% in 2014 to 34% in 2015 – overtaking download sales
in the process.
Perspective.
Anecdotes, not strategy.
Leveraging
the Internet of Things for Competitive Advantage
… John Deere offers a case in point. The
company has been making steel ploughs since 1837 and the name brand
is synonymous with farming and tractors in the U.S. But beginning in
2012, John Deere embedded new sensors in its products and marketed
connectivity as a key product benefit. Today, those sensors provide
farms with decision-support information on where to plow, what crops
to plant and when to plant. That information is potentially more
valuable over time than the tractor pulling the plow.
How
strange. My students seem to have a problem with class-long
learning.
Pew –
Lifelong Learning and Technology
by Sabrina
I. Pacifici on Mar 22, 2016
“A
large majority of Americans seek extra knowledge for personal and
work-related reasons. Digital technology plays a notable role in
these knowledge pursuits, but place-based learning remains vital to
many and differences in education and income are a hallmark of
people’s learning activities.. Most Americans feel they are
lifelong learners, whether that means gathering knowledge for “do
it yourself” projects, reading up on a personal interest or
improving their job skills. For the most part, these learning
activities occur in traditional places–at home, work, conferences
or community institutions such as government agencies or libraries.
The internet is also an important tool for many adults in the process
of lifelong learning. A new Pew Research Center survey shows the
extent to which America is a nation of ongoing learners:
-
73% of adults consider themselves lifelong learners.
-
74% of adults are what we call personal learners– that is, they have participated in a t least one of a number of possible activities in the past 12 months to advance their knowledge about something that personally interests them. The se activities include reading, taking courses or attending meetings or events tied to learning more about their personal interests.
-
63% of those who are working (or 36% of all adults) are what we call professional learners – that is, they have taken a course or gotten additional training in the past 12 months to improve their job skills or expertise connected to career advancement.”
No comments:
Post a Comment