Thursday, April 07, 2016

I share this with my Ethical Hacking students. 
James Temperton and Matt Burgess report:
The front-end computer systems of Mossack Fonseca are outdated and riddled with security flaws, analysis has revealed.
The law firm at the centre of the Panama Papers hack has shown an “astonishing” disregard for security, according to one expert.  Amongst other lapses, Mossack Fonseca has failed to update its Outlook Web Access login since 2009 and not updated its client login portal since 2013.
Mossack Fonseca‘s client portal is also vulnerable to the DROWN attack, a security exploit that targets servers supporting the obsolete, insecure SSL v2 protocol.  The portal, which runs on the Drupal open source CMS, was last updated in August 2013, according to the site’s changelog.
Read more on Wired.


I also share this with my Ethical Hacking students.  They will probably make more money defending than attacking.  Probably.
Hackers Will Break Into Email, Social Media Accounts for Just $129
   Dell says almost any type of data or cybercriminal service is available for sale: credit card data, online banking accounts, malware, hacking services, tutorials, online payment accounts, hotel points, and the like.
According to Dell’s new report (PDF) on the underground hacker market, those interested in hiring a hacker to compromise a Gmail, Hotmail, or Yahoo account only have to pay $129 for the service.  Popular U.S. social media and Ukrainian email accounts are priced the same, popular Russian email accounts range between $65 and $103, while Russian social media accounts are priced higher, at $194.


Update.
Judge approves settlement in Sony Pictures hacking case
A judge on Wednesday approved a multimillion dollar settlement in a class-action lawsuit filed by former Sony Pictures Entertainment employees whose private information was stolen in a massive data breach.
The U.S. government blamed the hack on North Korea in an attempt to derail the release of the North Korean-focused comedy "The Interview."
U.S. District Judge R. Gary Klausner approved the agreement that gives roughly 437,000 people impacted by the breach identity theft protection from the time of the 2014 hack through 2017.
Under the deal, Sony agreed to provide identity theft protection - as well as an optional service that will cover up to $1 million in losses - and create a fund to cover any additional losses.


The next fight of the ignorant? 
Overnight Tech: Senators spar over WhatsApp encryption
Republican Sen. Tom Cotton (Ark.) was outraged by the move, saying that "the WhatsApp and Facebook decision to add end-to-end encryption to all of WhatsApp's services with no secure method to comply with valid search warrants continues a dangerous trend in the tech and data world."
"We cannot allow companies to purposefully design applications that make it impossible to comply with court orders," he continued.
"I strongly urge WhatsApp and Facebook to reevaluate their decision before they help facilitate another terrorist attack.
But Democratic Sen. Ron Wyden (Ore.) defended the company in his own letter.  "This is a significant step to strengthen online security for millions of people worldwide," Wyden said.  "While some continue to spread fear about modern technology, the fact is strong encryption is essential to Americans' individual security."

(Related)  Staying out of the mud?
Mark Hosenball and Dustin Volz report:
The White House is declining to offer public support for long-awaited legislation that would give federal judges clearer authority to order technology companies like Apple to help law enforcement crack encrypted data, according to sources familiar with the discussions.
The Obama administration’s refusal to either endorse or oppose legislation from Senators Richard Burr and Dianne Feinstein, the Republican chair and top Democrat respectively of the Senate Intelligence Committee, stems in part from ongoing divisions among various federal agencies over encryption, the sources said.
Read more on Reuters.


Interesting.  Are they sure? 
FBI says hack tool works only on iPhone 5c
   The tool does not work on the iPhone 5s or 6, so it addresses only a "narrow slice" of iPhones, Federal Bureau of Investigation director James Comey said late Wednesday at Kenyon College.
The government is considering whether it should disclose to Apple the flaw that aided the hack: "We just haven't decided yet," he said at the Ohio college's Center for the Study of American Democracy.


Europe is leading the way!
Platoons of autonomous trucks took a road trip across Europe
Six vehicle manufacturers just proved that self-driving trucks are perfectly capable of driving across a whole continent.  These companies, including Volvo and Daimler, participated in the European Truck Platooning challenge organized by the Dutch government.  "Truck platooning" is the term used when a fleet of autonomous trucks closely follow one another on the road.  Since the rigs behind the first ride in its slipstream, they tend to use less fuel and emit less carbon dioxide.
The self-driving rigs started their journey from different parts of Europe and ended in the Port of Rotterdam in the Netherlands.


The same formulas I use in my Spreadsheet Budgets.  Aren’t my students lucky?
Take the same finance class the NFL gives its players
The NFL held its second annual Personal Finance Camp for players from April 4 to 7 in Fort Lauderdale, Fla.  The first session, “Funding an Uncertain Lifespan,” was led by Patrick Kerney, who played in the NFL for 11 years and is now director of business development at National Fire & Casualty Investments.  After retiring from the league, he got his MBA at Columbia University and was the vice president of player benefits at the NFL.
Here’s the slideshow he used in the class, which focused on staying ahead of inflation and the importance of controlling what you can: Where you live, what you spend, what level of goods and services you purchase, and realizing the difference between what you want to buy and what you need to buy.


We don’t offer this as a class, yet.
How to Keep Up with the Trends on Social Media
Modern journalists always have an eye on social media to see which stories are trending and why.  Do you want to track social media trends like the professionals do?
Tracking trending topics on social media is beneficial for news-gathering, and can really help you learn more about topics you’re interested in.


Making my students more secure. 
The 5 Best Alternatives To Google Authenticator
I have been interested for quite some time now about the importance of two-factor authentication – 2FA – (or two-step authentication).
   you will need a good smartphone authentication app to generate the codes to get into your account.  Today, we will look at five possibilities.  Others have been tried, tested, and ultimately discarded; these survived the rigorous testing at O’Neill Labs, helped by my assistant, Beaker.


For the students in my spreadsheet class. 
Need to Learn Excel? 10 Experts Will Teach You for Free!
   In the past, we’ve recommended places where you can learn the basics of Excel.  With these basics covered, you’ll be able to use Excel’s main data storage, organization, and manipulation features.  We’ve also listed resources for figuring out Excel formulas, and the types of charts you should be using.
But if you want to take your knowledge even further, you’ll need reliable Excel specialists, who are willing to share their growing, in-depth knowledge of this program with you.
The following ten Excel gurus fit this description perfectly.  Each guru regularly publishes step-by-step tutorials that walk you through these more advanced Excel features that you could otherwise be wrestling with for weeks.


Stay current.
The Best Programming Newsletters for Every Kind of Developer
   The true value of a programming newsletter: the fact that it has been curated by someone who knows the topic inside and out.  This means you don’t have to waste your own precious time keeping up with hundreds of sites and sorting through the mess to find the occasional gems.
And the best part?  All of the following newsletters are free.

No comments: