Twitter accidentally suspends its own CEO's account
For a while late Tuesday, attempts to reach Jack Dorsey's
profile produced an error message saying it had been suspended. That prompted speculation his account might
have been hacked or automatically shut down because of a high number of
complaints from other users.
After it came back online, Dorsey tweeted that the
suspension was the result of "an internal mistake."
That provoked angry responses from some people who asked
how many regular users' accounts might also have been accidentally frozen by
the company in the past.
… Which users
Twitter does or doesn't suspend has become a highly sensitive topic. The platform has struggled to find a healthy
balance between allowing free speech and protecting
users from harassment.
I wonder how common this is? Sounds like a service Tony Soprano would
offer…
Catalin Cimpanu reports:
A Cardiff court has sentenced
James Frazer-Mann, a 35-year-old man from Barry, the UK to a suspended sentence
of 12 months, a fine of £530 ($660), and 180 hours of community service for
hiring a hacker to go after his company’s competition and a website where
customers had criticized his service.
US authorities discovered
Frazer-Mann’s actions after they shut down Liberty Reserve, an online payment
system based in Costa Rica that allowed people to transfer money by entering
someone’s name, date of birth, and email address.
Read more on BleepingComputer.
Yet another government agency proposing a national ID
requirement.
From Papers, Please!
Reversing its longstanding
official position that no law or regulation requires air travelers to possess
or show any ID credentials, the TSA has given notice of
a new administrative requirement for all airline passengers:
In order to be allowed to pass
through checkpoints operated by the TSA or TSA contractors, air travelers will
be required to have been issued a REAL-ID Act compliant
government-issued ID credential, or reside in a state which has been given an
“extension” by the DHS of its administrative
deadline for a sufficient show of compliance with the REAL-ID Act of 2005.
The TSA will still have a procedure and
a form (TSA Form
415) for travelers who don’t have their ID with them at the checkpoint,
typically because it has been lost or stolen or is in the process of being
replaced or renewed. But that procedure
will no longer be available to people who haven’t been issued any ID, or who
have ID from states the DHS hasn’t certified as sufficiently compliant with the
REAL-ID Act.
Read more on Papers,
Please!
So, what else is new?
Government bureaucracies never seem to move quickly and rarely manage
well.
Audit of OPM Security Systems Shows Continued Material
Weakness
by Sabrina
I. Pacifici on Nov 22, 2016
OPM IG Federal Information Security Modernization Act Audit –
FY 2016: “This audit report again
communicates a material weakness related to OPM’s Security Assessment and
Authorization (Authorization) program. In April 2015, the then Chief Information
Officer issued a memorandum that granted an extension of the previous
Authorizations for all systems whose Authorization had already expired, and for
those scheduled to expire through September 2016. Although the moratorium on Authorizations has
since been lifted, the effects of the April 2015 memorandum continue to have a
significant negative impact on OPM. At
the end of fiscal year (FY) 2016, the agency still had at least 18 major
systems without a valid Authorization in place…”
Must have been a very well written warrant!
Joseph Cox reports:
In January, Motherboard
reported on the FBI’s “unprecedented” hacking operation, in which the
agency, using a single warrant, deployed malware to over one thousand alleged
visitors of a dark web child pornography site. Now, it has emerged that the campaign was
actually several orders of magnitude larger.
In all, the FBI obtained over
8,000 IP addresses, and hacked computers in 120 different countries, according
to a transcript from
a recent evidentiary hearing in a related case.
Read more on Motherboard.
[From the
article:
The Department of Justice has had an
intense battle on its hands over the past few months, especially around the
validity of the warrant used for this hacking operation. According
to a filing from the Department of Justice, fourteen court decisions have
found that the warrant was not properly issued pursuant to Rule
41 of the Federal Rules of Criminal Procedure, which governs how search
warrants can be authorized.
The main issue has been that the judge who signed the
warrant, Magistrate Judge Theresa C. Buchanan in the Eastern District of
Virginia, did not have the authority to greenlight searches outside of her own
district. In four cases, courts have
then decided to throw out all evidence obtained by the malware because of the
violation.
But, changes to Rule 41 will
likely come into effect on December 1, meaning that magistrate judges will
be allowed to authorize warrants just like the one used in the Playpen
investigation.
I don’t worry about computers that look out for my
health. I worry about companies that
sell that information to advertisers.
(and hackers, always hackers)
Grant Ferowich reports:
Google DeepMind and the National
Health Service will partner in a move that alerts providers about abnormalities
in patients’ vital signs and blood results—and privacy advocates have already
started to cry foul.
The artificial intelligence
branch of Google and the Royal Free NHS agreed to a five-year deal that will
allow Google’s algorithms to monitor the health data of 1.6 million patients,
the Financial Times reports.
The deal’s proponents argue that
thousands of deaths per year could be prevented from conditions such as acute
kidney damage, the article notes, but critics say such promises are “unproven.”
Read more on Fierce
Healthcare.
I take this as a good sign. Your average cop is probably not inclined to
excessive force.
Police Body Cameras Don’t Reduce Use of Force: Study
New research shows that body cameras don’t consistently
lead to a reduction in the use of force by police—nor does their use discourage officers from taking action.
The findings stand in contrast to previous studies that
looked at how cameras influence police behavior.
… The researchers
in Milwaukee also found that police officers wearing cameras conducted more
citizen contacts, traffic checks and other activities used to measure
“proactivity” than officers who didn’t.
Should you obey local laws or kiss that market goodbye? WWTD (What Will Trump Do?)
Facebook Said to Create Censorship Tool to Get Back Into
China
Mark Zuckerberg, Facebook’s chief executive,
has cultivated
relationships with China’s leaders, including President Xi Jinping. He has paid
multiple visits to the country to meet its top internet executives. He has made an effort to learn
Mandarin.
Inside Facebook,
the work to enter China runs far deeper.
The social
network has quietly developed software to suppress posts from appearing in
people’s news feeds in specific geographic areas, according to three current
and former Facebook employees, who asked for anonymity because the tool is
confidential. The feature was created to
help Facebook get into China, a market where the social network has been
blocked, these people said. Mr.
Zuckerberg has supported and defended the effort, the people added.
Something for all my students.
How to Write Email with Military Precision
… During my active
duty service, I learned how to structure emails to maximize a mission’s chances
for success. Since returning from duty,
I have applied these lessons to emails that I write for my corporate job, and
my missives have consequently become crisper and cleaner, eliciting quicker and
higher-quality responses from colleagues and clients. Here are three of the main tips I learned on
how to format your emails with military precision:
1. Subjects
with keywords
2.
Bottom Line Up Front (BLUF).
3. Be
economical.
For those of us who searched the house for hidden
Christmas presents?
Amazon Just Found a Way to Let You See Inside the Box Without
Opening It (AMZN)
… Amazon rolled
out an update for its iOS app last week which allows users to know what’s
inside their incoming Amazon boxes before opening them.
To use this latest feature on the app, simply tap your
iPhone’s camera icon besides the search box. Doing this will open up a number of options,
from which you need to select the “Package
X-Ray” button. Then hold the camera
frame over the barcode of your box and the items inside will be displayed.
… Sadly though,
despite the name, this feature does not give you a view of the actual items
inside your Amazon boxes.
Instead, the app gives you information regarding the items
inside the box. Also, you will be given
a visual of these items which link you back to the product page on the website.
I was somewhat surprised by this…
Disruptive Change in the Taxi Business: The Case of Uber
by Sabrina
I. Pacifici on Nov 22, 2016
Disruptive
Change in the Taxi Business: The Case of Uber – Judd Cramer, Alan B.
Krueger – NBER Working Paper No.
22083 – Issued in March 2016
“In most cities, the taxi industry is highly regulated and
utilizes technology developed in the 1940s. Ride sharing services such as Uber and Lyft,
which use modern internet-based mobile technology to connect passengers and
drivers, have begun to compete with traditional taxis. This paper examines the efficiency of ride
sharing services vis-à-vis taxis by comparing the capacity utilization rate of
UberX drivers with that of traditional taxi drivers in five cities. The capacity utilization rate is measured by
the fraction of time a driver has a fare-paying passenger in the car while he
or she is working, and by the share of total miles that drivers log in which a
passenger is in their car. The main conclusion is that, in most cities with data
available, UberX drivers spend a significantly higher fraction of their time,
and drive a substantially higher share of miles, with a passenger in their car
than do taxi drivers. Four
factors likely contribute to the higher capacity utilization rate of UberX
drivers: 1) Uber’s more efficient driver-passenger matching technology; 2)the
larger scale of Uber than taxi companies; 3) inefficient taxi regulations; and
4) Uber’s flexible labor supply model and surge pricing more closely match
supply with demand throughout the day.”
This is interesting.
Could it be extended to Computer Security? Law?
Tele-Mentoring Is Creating Global Communities of Practice in
Health Care
… At the start, a
team of specialists with a deep knowledge of hepatitis C gathered virtually in
a conference room at the University of New Mexico Health Sciences Center. In that conference room would be a video
screen with a matrix of individual primary care providers who were sitting in
their own offices and clinics across New Mexico. Each provider would, in turn, present their
patients with hepatitis C and get
guidance on caring for each patient from the experts at the
university hub. Each of the other providers learned from every case presentation.
Perspective.
Strategy Analytics: Apple Captures Record 91 Percent Share of
Global Smartphone Profits in Q3 2016
Linda Sui, Director at Strategy Analytics, said, “We
estimate the global
smartphone industry realized total operating profits of US$9.4 billion during
Q3 2016. Apple dominated and
captured a record 91 percent share of all smartphone profits worldwide.
… “We estimate Huawei
generated US$0.2 billion of smartphone operating profit worldwide in Q3 2016.
Huawei captured 2 percent share of all
smartphone profits, taking second spot overall, and becoming the world’s most
profitable Android vendor for the first time ever.
… The full report,
Apple Captures 91 Percent Share of Global Smartphone Profits in Q3 2016,
is published by the Strategy Analytics Wireless Smartphone Strategies (WSS)
service, details of which can be found here: http://tinyurl.com/z46xf88.
More stuff I want blocked in the Computer Labs.
… Several tools
are available that can make this happen, from emulators and virtual machines to
browser plugins.
This should be simple for my students, they often get
things backwards.
This Malware Turns Headphones Into Microphones
Researchers at Ben Gurion University in Israel have created malware that will turn your plugged in headphones
into a microphone.
Now, if you've ever plugged old headphones into a standard
line in jack, you know that headphones are basically tiny microphones anyway,
with vibrations converting themselves into electromagnetic signals. But this malware is a bit different. Dubbed
"Speake(a)r," the malware does the same thing, but through software. Wired explains:
Their malware uses a little-known
feature of RealTek audio codec chips to silently "retask" the
computer's output channel as an input channel, allowing the malware to record
audio even when the headphones remain connected into an output-only jack and
don't even have a microphone channel on their plug. The researchers say the RealTek chips are so
common that the attack works on practically any desktop computer, whether it
runs Windows or MacOS, and most laptops, too.
Wired says that in their tests, the researchers
at Ben Gurion were able to record sound from as far as 20 feet away with a pair
of Sennheiser headphones. Apparently,
even when the compressing the recording to send over the internet, the
recording was still distinguishable.
Another challenge for my “Designated Hackers.” (Why doesn’t NY use these guys?)
Israeli Firm Can Steal Phone Data in Seconds
Israeli firm Cellebrite's
technology provides a glimpse of a world of possibilities accessible to
security agencies globally that worry privacy advocates.
… Cellebrite's
technology is not online hacking. It
only works when the phone is physically connected to one of the firm's devices.
The company recently demonstrated its capabilities for an
AFP journalist.
The password on a phone was disabled and newly taken
photos appeared on a computer screen, complete with the exact location and time
they were taken.
… The real
challenge, Ben-Peretz agrees, is staying in the lead in a race where phone
manufacturers constantly launch new models and update software with ever more
complicated security.
In the firm's lab they have 15,000 phones -- with around
150-200 new models added each month.
An idea for the Computer Security club: Collect old phones
and hack them!
No comments:
Post a Comment