Wells Fargo Cites New API as Screen Scraping Countermeasure
… Wells Fargo
recently announced that it has created an API to make business bank account
data available in accounting software Xero. According to a recent
article by Penny Crosman for American Banker, the turnaround comes in
response to the continued use of screen scraping to access bank data.
… These security
concerns are largely founded on the fact that consumers are giving out their online banking username and password
to third parties to access accounts and perform the scraping. Several prominent banks are currently
attempting to reduce the risk of financial data aggregation through the use of
OAuth, as Wells Fargo is doing with Xero to leverage its commitment
to the API concept.
(Related)
The practice is commonplace. And the end-users are cooperating!
Fintech Firm Plaid Raises $44 Million
Plaid Technologies Inc., whose software allows a variety
of financial-technology startups to access their customers’ bank account
information, has raised $44 million in a new round led by a fund at Goldman Sachs Group Inc.
… Many upstart financial-services providers such as online
financial adviser Betterment Inc. use Plaid’s software to access or check
customers’ account data when providing mobile and web services like budgeting,
investing or lending.
I wish the government would stop providing my Computer
Security students with such excellent “Bad Examples!”
Jack Moore reports:
After a wildfire tears through
your community, the last thing you may be worried about is having your identity
stolen or your personal information breached.
But maybe you should be.
A new inspector
general report finds the Federal Emergency Management Agency
still struggles to properly handle the safeguarding of personally identifiable
information, or PII, at its disaster recovery centers.
Read more on NextGov.
(Related). Proof
that Liberals are Airheads?
Yet another security incident linked to failure to change default passwords.
CJAD in Canada reports
that the Quebec Liberals’ failure to change the default password on their
videoconferencing system allowed anyone to gain access to strategy meetings.
The user who found the flaw showed off the unlimited
access to the Journal de Montreal. Published screenshots show archived
videos of various meetings.
No need to
hack opposition research, when you can just wait for the security clueless to
leak their own data.
The competition continues. The term “government malware” is not yet in
common use.
Joshua Kopstein writes:
The FBI has had a fair amount of
success de-anonymizing Tor users over the past few years. Despite the encryption software’s well-earned
reputation as one of the best tools for online privacy, recent
court cases have shown that government malware has compromised Tor
users by exploiting bugs in the underlying Firefox browser—one of which was controversially
provided to the FBI in 2015 by academic researchers at Carnegie Mellon
University.
But according to a new paper,
security researchers are now working closely with the Tor Project to create a
“hardened” version of the Tor Browser, implementing new anti-hacking techniques
which could dramatically improve the anonymity of users and further frustrate
the efforts of law enforcement.
Read more on Motherboard.
Inspiration for our Ethical Hacking students?
How to Use an Undocumented Facebook API to Identify Friends
in Photos
… Tagging friends
in photos is nothing new, but the more recent Facebook
feature that pops up asking ‘Do you want to tag X?’ when hovering over an
image got developer Narendra Rajput wondering how Facebook identifies who the
person is. In this recent
post, Rajput explained how he figured out the undocumented API.
No matter who is right, this provides insight. Do all Facebook users know this is what
happens?
Facebook litigating $15B user internet track case
by Sabrina
I. Pacifici on Jun 19, 2016
Facebook Accused Of Tracking Users’ Internet Activity By Consuella Pachico – – “Facebook is facing multidistrict litigation over allegations
that the social media site tracked users’ internet activity after they logged
off. Facebook is insisting that users
cannot sue because they were not harmed by the site’s tracking activities.
In response to users’ claim that their
privacy rights were violated by post-logoff tracking, Facebook states that
nothing in the amended complaint identifies “how the alleged violations caused
plaintiffs to suffer real, actually existing injuries that are not abstract,
conjectural, or hypothetical.”
·
In re: Facebook Internet Tracking Litigation,
case number 5:12-md-02314, in
the U.S. District Court for the Northern District of California.
Something for Contract Law students to debate? If I use your program to do what you program
was designed to do, have I done anything wrong?
You may feel like you’re entering the Twilight Zone after
reading this report from Russell Brandom:
One day after $53
million abruptly disappeared from an experimental cryptocurrency
project, a note claiming to be from
the attacker has surfaced on PasteBin, claiming that the money drained
from the system is now legally his. The
attacker withdrew the money by exploiting a
contract bug in the code of the DAO (or Decentralized Autonomous
Organization), a collective investment fund that uses the Ethereum
cryptocurrency. The DAO had raised well
over $100 million from Ethereum users at the time of the attack.
“I have carefully
examined the code of The DAO and decided to participate after finding the
feature where splitting is rewarded with additional ether,” the note reads. “I… have rightfully claimed 3,641,694 ether,
and would like to thank the DAO for this reward,” the note reads. “I am disappointed by those who are
characterizing the use of this intentional feature as ‘theft.’” The note also threatens legal action against
any who attempt to reclaim the money through technical means.
Read more on The
Verge.
The note from the “attacker” is very well
written, suggesting a certain level of education. But the gist of the note is that the
individual thinks s/he’s found a loophole or clause in the contract that can be
legally exploited and seems to be bragging about it.
This will be interesting to follow.
Pick one:
There are some things man was not
meant to know.
The American people are too
delicate to hear such things!
His words would convince millions
to join ISIS.
He is right, we is wrong.
Have we become so afraid of terrorists that we can’t let
people decide for themselves how crazy this guy was?
Lynch: "Partial Transcript" Of Orlando 911 Calls
Will Have References To Islamic Terrorism Removed
In an interview with NBC's Chuck Todd, Attorney General
Loretta Lynch says that on Monday, the FBI will release edited transcripts of
the 911 calls made by the Orlando nightclub shooter to the police during his
rampage.
"What we're not going to do is further proclaim this
man's pledges of allegiance to terrorist groups, and further his
propaganda," Lynch said. "We
are not going to hear him make his assertions of allegiance [to the Islamic
State]."
A little “one-upmanship?” I thought all US chips were already made in
China – or is that only smartphones?
China builds world’s fastest supercomputer without U.S. chips
China on Monday revealed its latest supercomputer, a
monolithic system with 10.65 million compute cores built entirely with Chinese
microprocessors. This follows a U.S.
government decision last year to deny China access to Intel's fastest
microprocessors.
There is no U.S.-made system that comes close to the
performance of China's new system, the Sunway TaihuLight. Its theoretical peak performance is 124.5
petaflops, according to the latest biannual release today of the world's Top500 supercomputers. It is the first system to exceed 100
petaflops. A petaflop equals one
thousand trillion (one quadrillion) sustained floating-point operations per
second.
Perspective. Is
this real competition or is everyone not Uber or Lyft just another small
player? It’s hard to keep track of them
all!
Uber Finds Passage to India Blocked by 30-Year-Old Ola
Founder
(Related)
Black cab app Gett is launching a billboard campaign that
mocks Uber for being expensive
(Related)
Americans and the new digital economy: 8 key findings
by Sabrina
I. Pacifici on Jun 19, 2016
“Digital technology has ushered in a slew of new shared, collaborative
and on-demand online services ranging from virtual marketplaces to home
sharing. These services have potentially
far-reaching implications for consumers and regulators and for the future of
work in this country. To examine the scope and impact of these new services, Pew Research Center conducted its first
survey devoted to the broader issues of the new digital economy. Here are eight findings from the report…”
Reading with your ears is not really reading, but it beats
not reading at all.
This Site Has Thousands of Free Public Domain Audiobooks
… If you want to
experience a few audiobooks yourself without shelling out so much cash,
consider heading over to Librivox. It’s
home to thousands of public domain audiobooks. No price tags.
The key is that these audiobooks are read by volunteers
from around the world, mainly those who are training to be
voiceover artists. Also, you won’t find
newly released books, but you’ll find a lot of classics and hidden gems.
No comments:
Post a Comment