Companies Try Out Selfies as Password Alternatives
… Companies and
government agencies—ranging from the ride-hailing service Uber Technologies
Inc. and credit-card giant MasterCard Inc. to the Alabama Department of
Revenue—are asking people to snap self-portraits on their smartphones as proof
of identity.
As the quality of smartphone cameras improves and
facial-recognition software becomes more affordable, the digital future might
involve fewer convoluted passwords and more selfies. But there’s a downside: some cybercrime
experts worry that people might be too quick to offer up their smiling faces,
saying the technology is rife with privacy
and security concerns.
(Related) Surely this was to be expected. Anything required to gain access to your
data/money will be targeted/gathered by hackers. (This is more than my bank asks for!)
Stupid Is As Stupid Does: Android Trojan Asks Victims For A
Selfie Holding Their ID
CHEESE! Smile for
the malware that is trying to steal your identity! One Android banking Trojan is asking victims for a
selfie with their ID card.
This past year victims were asked to provide information
like their “mother’s maiden name” so that hackers could unearth security
question answers and break into bank accounts. McAfee
Labs Mobile Research Team recently discovered this latest evolution of Android
banking Trojan Acecard. The ID selfie
not only helps cybercriminals to access bank accounts, but social networks as
well.
… The Trojan Acecard completes its scam with a three-step
identification process. The first two steps
require the victim to upload pictures of the front and back of the ID cards. The last step asks the victim to take a selfie
with the ID card for further validation.
(Related) How the government does it?
Thomas Fox-Brewster reports:
In what’s believed to be an
unprecedented attempt to bypass the security of Apple iPhones, or any
smartphone that uses fingerprints to unlock, California’s top cops
asked to enter a residence and force anyone inside to use
their biometric information to open their mobile devices.
FORBES found a court filing, dated May 9 2016, in which the Department of
Justice sought to search a Lancaster, California, property. But there was a more remarkable aspect of the
search, as pointed out in the memorandum: “authorization to depress the
fingerprints and thumbprints of every person who is located at the SUBJECT
PREMISES during the execution of the search and who is reasonably believed by
law enforcement to be the user of a fingerprint sensor-enabled device that is
located at the SUBJECT PREMISES and falls within the scope of the warrant.”
Read more on Forbes.
[From the
article:
Legal experts were shocked at the government’s request. “They want
the ability to get a warrant on the assumption that they will learn more after
they have a warrant,” said Marina Medvin of Medvin Law. “Essentially, they are seeking to have the
ability to convince people to comply by providing their fingerprints to law
enforcement under the color of law – because of the fact that they already have
a warrant. They want to leverage this
warrant to induce compliance by people they decide are suspects later on. This would be an unbelievably audacious abuse
of power if it were permitted.”
For both my Architecture and Governance students as we
follow the decline of Samsung.
Samsung Self-Tested Batteries in Galaxy Note 7 Phone
The batteries used in Samsung
Electronics Co. ’s troubled Galaxy Note 7 were tested
by a lab that belongs to the South Korean electronics giant, a practice that
sets it apart from other smartphone manufacturers.
To sell smartphones at major U.S. carriers, phone makers
are required to test phone batteries at one of the 28 labs certified by the
U.S. wireless industry’s trade group, the CTIA, to ensure compliance with
standards set by the Institute of Electrical and Electronics Engineers.
Samsung is the only such manufacturer using in-house
battery-testing facilities for CTIA certification, according to the
association.
… In a statement
Friday, Samsung said its plans to make “significant changes” in its
quality-assurance processes in light of the Note 7 crisis. [Sound
familiar? Bob]
For my IT Governance students.
Organizations Struggle to Protect Growing Number of Endpoints
A recent study
conducted by Dimensional Research has revealed that most organizations don’t
have a security strategy in place to protect the growing number of endpoints on
their networks.
According to the study,
just 33% of the survey’s respondents admitted that such a security strategy was
in place, while the rest either said they were in the process of building such
a strategy (51%), or that they didn’t have plans on the matter (16%). The stats are worrying, because the compromise
of critical endpoints could have dire fiscal or operational consequences for an
organization.
Traditionally, devices with which users could interact,
such as desktops, tablets or phones, have been considered endpoints, but
employee-owned devices, virtual machines, point-of-sale terminals, Internet of
Things (IoT) devices and servers have been recently added to the list as well. The number of critical endpoints on enterprise
networks has been growing fast despite security risks, with over 200 billion
connected devices forecast by 2020.
According to the study, conducted on behalf of Tripwire, organizations also lack insight on whether the devices
connected to their networks receive security updates
in a timely fashion. When
asked if they were confident that these devices were kept up to date, only 40%
of respondents said they were.
Is this good news?
Driverless cars offer new blueprint for safety regulators
New federal guidelines for driverless cars may set the
stage for how the government approaches emerging technologies in the future.
Washington has long wrestled with how to keep pace with
Silicon Valley, and federal regulators sought out a different and more flexible
approach for automated vehicles.
The Department of Transportation (DOT) decided to craft voluntary, non-binding guidance, which was
widely applauded across the industry for leaving room for innovation.
It could also serve as the new federal model for years to
come.
“For better or for worse, this is the world we now live
in,” Adam Thierer, a senior research fellow at George Mason University, said
during a Capitol Hill panel this week. “Guidance
documents like this are going to be a regular thing.”
(Related) A question for my students: is the software
required for a closed loop significantly different (simpler?) than that for
over the road vehicles?
France’s Navya raises $34M for its self-driving shuttle bus,
reportedly at a $220M valuation
When it comes to self-driving cars, the public tends to
focus on developments for private vehicles for individuals, but there
are also some significant advances underway in other categories such as
shuttle busses.
… Meeting demand
from municipal organizations, and companies that have closed but large campuses
that require transportation to move from point A to B, the aim is to have 30
vehicles in use by the end of this year, the company said.
Automating pro bono? (But not in Colorado)
ABA launches Free Legal Answers
by Sabrina
I. Pacifici on Oct 16, 2016
“Free Legal Answers is a virtual legal advice
clinic. Qualifying users post their
civil legal question to their state’s website. Users will then be emailed when their question
receives a response. Attorney
volunteers, who must be authorized to
provide pro bono assistance in their state, log in to the website,
select questions to answer, and provide legal information and advice. Volunteer attorneys will not answer criminal
law questions. Participating states have
their own page where qualifying residents will post their question. Look at your state’s page for more
information. Free Legal Answers is a
project of the American Bar Association’s Standing Committee on Pro Bono and
Public Service. If you would like more
information about the Free Legal Answers site, contact the National Site
Administrator here. Please be
advised, the National Site Administrator will not respond to email requests for
legal assistance.”
Perspective.
Move Over Twitter, Facebook – Snapchat is the Most Engaged
Social Platform
… According to a
Piper Jaffray 2016 national survey
of 10,000 high school students and their consumption trends, photo sharing app
Snapchat is now the most engaged and most preferred social network among the
teen demographic.
Piper’s semi-annual study “Taking Stock With Teens” asked
survey takers about fashion and beauty, restaurants and media and device
preference. A massive 80% said they used Snapchat at least once per month
and 35% said it was their favorite platform. Instagram came in second place with 27%,
followed by Twitter and Facebook.
Something for my security students?
Additional START Datasets Now Available
by Sabrina
I. Pacifici on Oct 16, 2016
National Consortium for the Study of Terrorism and
Responses to Terrorism – “Utilizing the Dataverse Network Project, START has
created its own repository of datasets and databases on terrorism, conflict,
and preparedness. This collection
includes research funded by START as well as research for which START has been
given permission to release. Users can
read over detailed information about each dataset regarding its time period,
geographic coverage, and sampling procedure. Additionally, the system allows users to
download codebooks, data collection instruments, and the data itself, providing
a simple interface for researchers to access START-related data.
New datasets will be added periodically and announced on
the START homepage. Click here to go to the START Data Collections Page
No comments:
Post a Comment