Tuesday, May 24, 2016

Right now, this looks like the digital equivalent of “death by a thousand cuts.”  At some point, the victim dies.  When do targeted attacks move beyond annoying and become acts of war? 
China-Linked Attackers Target Indian Embassies Worldwide
A threat group first analyzed more than two years ago has continued to improve its malware arsenal and was recently observed targeting personnel at Indian embassies worldwide.
   FireEye linked the attackers to China and determined that they had been active since at least 2010.
   Researchers at Palo Alto Networks recently came across a piece of malware that appears to have been used by the group in an ongoing attack aimed at Indian embassies.
   The threat actor has sent out spear phishing emails using an annual report filed by more than 30 Indian embassies as a decoy.  In order to increase their chances of success, the addresses used to send the emails have been spoofed to look like the messages come from real people with ties to Indian embassies.
The spear phishing emails observed by the security firm include an MHTML document set up to exploit a Microsoft Office vulnerability (CVE-2015-2545) that was patched in September 2015.  If the flaw is exploited successfully, the TidePool malware is dropped onto the targeted user’s system.
   As for attribution, Palo Alto Networks reported finding evidence that the malware developer’s system was likely running an OS and software with Chinese set as the default language.  It’s worth noting that Chinese officials denied hacking European foreign ministries when FireEye published the first report on Operation Ke3chang.

(Related) The Russian version.
Attack on Swiss Defense Firm Linked to Turla Cyberspies
The recent cyber espionage attack aimed at Swiss defense firm RUAG was carried out by the Russia-linked threat group known as Turla, according to a report commissioned by the Swiss government.
   A report published on Monday by Switzerland’s Government Computer Emergency Response Team (GovCERT) and its parent organization, the Reporting and Analysis Centre for Information Assurance (MELANI), revealed that while the breach was discovered in January, the attackers gained access to RUAG’s systems as early as September 2014.


Interesting.  As long as member banks could only “push” their money to other banks, there was no reason to check on their security.  After all, if they thought security was adequate, why would I question it?  Now their poor security reflects on SWIFT, so naturally SWIFT wants them to tighten up.
Swift Moves to Harden Customers’ Security
   Gottfried Leibbrandt, chief executive of the Society for Worldwide Interbank Financial Telecommunication, said audits will be part of a new set of standards for how customers should protect their systems and software.
A spokeswoman said audits likely would be conducted by independent third parties based on a framework to be set up by Swift. [The audits won’t cost SWIFT a penny.  Bob]
It wasn’t clear whether they would be mandatory.
   The attacks raise a question that is increasingly relevant as critical functions are integrated into bigger networks:  Does responsibility for security lie with the network operator or with its users?  Computer-security experts increasingly say the answer is both, a conclusion that can require new thinking among network operators like Swift, which have said they aren’t liable for customer breaches but have an implied duty to protect the integrity of their entire networks.


Each “new” technology must rediscover and re-solve the same security and privacy issues that faced every previous generation. 
The Privacy Problem with Digital Assistants
For the last century, we’ve imagined a future where we’re surrounded by robotic butlers that are classy, smart, and discreet.
   Already, there are millions of proto-Jarvises running around in pockets, in the form of digital assistants like Apple’s Siri, Microsoft’s Cortana, Amazon’s Alexa, and (soon) Google’s search assistant.  These virtual helpers use artificial intelligence to parse what users say or type, and return useful information.
   Like nearly everything else on the Internet, your requests will leave a trail of breadcrumbs.  Questions directed at Siri and Google’s voice search get sent to their respective companies, paired with unique device IDs that aren’t connected to specific users.  Apple stores Siri requests with device IDs for six months, and then deletes the ID and keeps the audio for another 18 months.; Google’s  retention policy wasn’t immediately available.


This is probably a good place to mention that you should not rush to use technology that you don’t understand and have not carefully tested.
Oculus' New DRM Just Made Pirating Games Way Easier
   A software update Oculus released on Friday, which included new DRM, killed one of the VR community's favorite hacks.  Revive, as the user-made software is called, allowed people to play games exclusive to the Oculus Rift on competing VR headsets like Valve's and HTC's Vive.
   Libre VR told Motherboard that whereas the original version of Revive simply took functions from the Oculus Runtime and translated them to OpenVR calls (an API compatible with Vive and other headsets), the new version of Revive now uses the same injection technique to bypass Oculus' ownership check altogether.  By disabling the ownership check the game can no longer determine whether you legitimately own the game.


It takes all kinds…  Using a lawsuit as a marketing opportunity?  Priceless! 
The Kinky Ménage à Trois Startup That Tinder Wants to Kill (and How It's Fighting Back)
This morning I deleted a swinging email pitch from 3nder, the so-called “Tinder for threesomes.”
   Also, it stunk of a half-baked publicity stunt, yet here I am writing about it anyway.
   Oh, and speaking of love, or something like it, Trifonov founded the app in February of 2014 after his girlfriend, Ana, admitted to him that she had “feelings” for a French girl (“Who doesn’t fall for the French?”).  “He was so touched that he wanted her to know that there were many more people like her in the world,” Drake says, “and that people fall in love all the time regardless of gender, so he built 3nder as a love letter to her.”
   3nder is currently only available for iOS.  The company claims 700,000 sexually adventurous folks are on a waiting list for the Android version.


Are they incompetent, over-reaching…
Bank of America Penalty Thrown Out in Crisis-Era ‘Hustle’ Case
An appeals court dealt the federal government a major setback in its efforts to punish big banks for the financial crisis, overturning a mortgage fraud case against Bank of America Corp. that has framed the Obama administration’s legal strategy in pursuing multibillion-dollar settlements with financial institutions.
   If it stands, the decision could undermine the remaining government investigations into crisis-era mortgage securities, experts said, including those into European banks Royal Bank of Scotland, UBS AG and others.

…or downright stupid?
The Miscarriage of Justice Department
The constitutional challenge to President Obama’s executive action on immigration keeps getting more remarkable. A federal judge has now exposed how the Justice Department systematically deceived lower courts about the Administration’s conduct, and he has imposed unprecedented legal measures to attempt to sterilize this ethics rot.
   One DOJ lawyer told Judge Hanen that “I really would not expect anything between now and the date of the hearing.” As the judge notes, “How the government can categorize the granting of over 100,000 applications as not being ‘anything’ is beyond comprehension.”


Pure politics.  It has nothing to do with management.  “See, we’re doing something!”
T.S.A. Replaces Security Chief as Tension Grows at Airports and Agency
Facing a backlash over long security lines and management problems, the head of the Transportation Security Administration shook up his leadership team on Monday, replacing the agency’s top security official and adding a new group of administrators at Chicago O’Hare International Airport.
In an email to staff members, Peter V. Neffenger, the T.S.A. administrator, announced a series of changes that included the removal of Kelly Hoggan, who had been the assistant administrator for the Office of Security Operations since 2013.
Beginning late that year, Mr. Hoggan received $90,000 in bonuses over a 13-month period, even though a leaked report from the Department of Homeland Security showed that auditors were able to get fake weapons and explosives past security screeners 95 percent of the time in 70 covert tests.


Terrorist or pedophile? This start-up says it can out secrets by analyzing faces
   Faception said it’s already signed a contract with a homeland security agency to help identify terrorists.  The company said its technology also can be used to identify everything from great poker players to extroverts, pedophiles, geniuses and white collar-criminals.
“We understand the human much better than other humans understand each other,” said Faception chief executive Shai Gilboa.  “Our personality is determined by our DNA and reflected in our face.  It’s a kind of signal.” [Liberals are going to scream!  Bob]
Faception has built 15 different classifiers, which Gilboa said evaluate with 80 percent accuracy certain traits.  The start-up is pushing forward, seeing tremendous power in a machine’s ability to analyze images.


Also politics, but it does provide some insight.  “We didn’t do it and we promise not to do it again.” 
Facebook denies bias in Trending Topics, but vows changes anyway
   In a press release issued publicly and in a letter (PDF) sent directly to Senator John Thune (R-SD), Facebook denied the allegations, but nevertheless announced a number of changes to internal processes that should help appease critics. 
   If you were curious about the exact process by which a story goes from hashtag or local news to Trending Topic, read the letter to Sen. Thune; it contains lots of previously unknown details, though many will now be obsolete.  Specific allegations of bias — for instance, that stories about Glenn Beck (who wrote an interesting take on his own meeting with Facebook on this topic) were suppressed — are also addressed.
Senator Thune issued his own statement today as well, praising Facebook’s handling of the issue but at the same time getting a couple jabs in.


Would it be insulting to offer these to my students who apparently don’t speak (or read or write) English?  (Would I care?) 
Pilot Smart Earpiece Breaks Down Language Barriers With Babel Fish Translator Wearable
   New York-based company Waverly Labs has announced the Pilot, the first smart earpiece which translates between users speaking different languages.
The translator was invented by founder Andrew Ochoa who said he had the idea for it “after meeting a French girl” and wanting to communicate with her clearly.
   How the Pilot works is unclear.  Its website says that it uses “translation technology” embedded in an app.  There is no further information about this “translation technology,” however.  The first generation device works only when speaking to someone wearing an earpiece, but future generations could listen to everything happening nearby.
   Waverly Labs says that it will begin taking pre-orders through the crowdfunding site Indiegogo this spring.  The app will release this summer and the earpieces will be available by Spring 2017.  The product will be for sale for $299 including access to select languages.  Additional languages will be available via download.


Want to compete with Watson?  Cray has your hardware.  My Architecture students will need to consider this. 
Cray wants to light a fire under your big data
It's no secret that analytics is eating the enterprise world, but if there's anything in perpetually short supply, it's speed. Enter Cray, which on Tuesday unveiled a new supercomputing platform designed with that in mind.
   "In the past, you'd run some types of analytics every 24 hours or even every week," said Ryan Waite, Cray's senior vice president of products.  "Today, you might want to run them every six hours or every hour to be more in tune with what customers are doing."
   Urika-GX is a standard 19-inch rack featuring industry-standard Intel Xeon processors, up to 22 TB of DRAM and as many as 1,728 cores per system.  There's 35 TB of SSD storage and 192 TB of hard-drive storage per rack.  It also taps the Cray Aries high-speed interconnect.  [That sets my inner geek to giggling…  Bob]

(Related) Big Data keeps getting bigger!
CTIA Annual Survey – Americans used twice as much data in 2015 as in 2014
by Sabrina I. Pacifici on
“Today, CTIA® released its annual survey results, which found Americans used 9.6 trillion megabytes (MB) of data in 2015, three times the 3.2 trillion MB in 2013.  This is the equivalent of consumers streaming 59,219 videos every minute or roughly 18 million MB:
Smartphones are the number one wireless device in the U.S. and still growing
·         There were more than 228 million smartphones, which was up almost 10 percent from 2014.  70 percent of the population now owns a smartphone.
·         There were more than 41 million tablets on wireless networks, up 16 percent from 2014.
Smartphones are the number one wireless device in the U.S. and still growing
·         Americans talked more than 2.8 trillion minutes on their mobile phones, up more than 17 percent from 2014.
·         Americans exchanged more than 2.1 trillion texts, videos and photo messages, or more than four million every minute.”


This points to the start of a string of articles my Architecture students should read.  (Hint, hint)
New on LLRX – Digital Smarts Everywhere: The Emergence of Ambient Intelligence
by Sabrina I. Pacifici on
Via LLRX.comDigital Smarts Everywhere: The Emergence of Ambient IntelligenceAlan Rothman’s article is based on a TechCrunch.com posting, The Next Stop on the Road to Revolution is Ambient Intelligence.  Rothman offers an insightful analysis on how the rapidly expanding universe of digital intelligent systems wired into our daily routines is becoming more ubiquitous, unavoidable and ambient each day.


I rather like his collections of resources. 
New on LLRX – New Economy Resources 2016
by Sabrina I. Pacifici on
Via LLRX.comNew Economy Resources 2016 – This guide by Marcus Zillman aggregates significant actionable sources for researchers focused on the “new economy,” including current and historical government data, analytics and alerts from Open Source providers, the private sector, and the legislative and regulatory sectors.


For my Spreadsheet students.  Something to compare to your calculations.
Want to Retire Early? Here’s What You Need to Save Each Month


Anything to get rid of my students.
The Last 5 Resume-Building Apps and Sites You’ll Ever Need

No comments: