Mobile Forensics Firm Cellebrite Hacked
A hacker claims to have
stolen hundreds of gigabytes of data from Cellebrite, the Israel-based mobile
forensics company rumored to have helped the FBI hack an iPhone belonging to
the terrorist Syed Rizwan Farook.
Vice’s Motherboard reported that an unnamed hacker
breached Cellebrite’s systems and managed to steal
900 Gb of data, including customer usernames and passwords,
databases, data collected by the company from mobile devices, and other
technical information.
The stolen files were reportedly traded in some IRC chat
rooms, but the hacker claimed he had not leaked the data to the public. The motives of the attack are unclear, but the
hacker apparently decided to disclose the breach as a result of changes in surveillance
legislation and the “recent stance taken by Western governments.”
Motherboard said the data provided by the hacker appeared
to be legitimate and Cellebrite confirmed that one of its external servers had
been accessed by an unauthorized party. The
company has launched an investigation, but its initial analysis suggests that
the attacker breached a server storing a legacy database backup of
my.Cellebrite, the firm’s end-user license management system.
For my Ethical Hacking students.
Suspected NSA tool hackers dump more cyberweapons in farewell
… The Shadow
Brokers' latest dump includes 61 files, many of which have never been seen
before by security firms, said Jake Williams, founder of Rendition InfoSec, a
security provider.
Williams has been examining the tools, and said it will
take time to verify their capabilities. His
initial view is that they’re designed for detection evasion.
For instance, one of the
tools is built to edit Windows event logs. Potentially, a hacker could use the tool to
selectively delete notifications and alerts in the event logs, preventing
victims from realizing they’ve been breached, he said.
But all iPhone users know this, right?
There's a hidden map in your iPhone of everywhere you've been
There's a feature on your iPhone that tracks your frequent
locations on a map and logs the times you arrived and departed. Here's how to access it and turn it off, in
case this freaks you out.
Steps my Computer Security students may want to take.
Microsoft Launches Privacy Dashboard
… To take
advantage of the dashboard, users
simply need to log in with their Microsoft accounts, then head to
account.microsoft.com/privacy to review the collected data and clear it if they
want to.
An interesting approach.
(If “Separate” is invulnerable, go after the “Equal” but.)
Kate Martin reports:
Public records advocate Arthur
West has filed a lawsuit against the city of Tacoma.
This time, West says he wants
access to more information about the Tacoma Police Department’s use of a
controversial piece of surveillance equipment called a cell site simulator,
commonly known by the brand name Stingray.
[…]
In his December filing, though,
West says the police’s device interferes with cellphone signals without a
license from the Federal Communications Commission, the federal agency that
regulates the use of the airwaves.
West, an Olympia resident who
says he travels frequently to Tacoma, wrote in his filing that the Tacoma Police Department’s use of the Stingray
prevents him and others from calling 911 in an emergency.
Read more on The
News Tribune.
I’m going to go with, “Why not? Big Brother is inevitable.” I would also question if access to “raw” data
is the best way to go. Who will turn
that into usable intelligence?
Why Is Obama Expanding Surveillance Powers Right Before He
Leaves Office?
On Thursday, the Obama administration finalized new rules
that allow the National Security Agency to share information it gleans from its
vast international surveillance apparatus with the 16 other agencies that make
up the U.S. intelligence community.
With the new changes, which were long in the works, those
agencies can apply for access to various feeds of raw, undoctored NSA intelligence.
Sadly, only one in Colorado.
The CSO guide to top security conferences
… From major
events to those that are more narrowly focused, this list from the editors of
CSO, will help you find the security conferences that matter the most to you.
We’ll keep it updated with registration deadlines and new conferences so check back often.
For my Data Management students. Now everything (100%) must work perfectly. Was the infrastructure ready?
India’s Digital ID Rollout Collides With Rickety Reality
… The system, which
relies on fingerprints and eye scans to eventually provide IDs to all 1.25
billion Indians, is also expected to improve the distribution of state food
and fuel rations and eventually facilitate daily needs such as banking and buying
train tickets.
But Mr. Prakash couldn’t confirm his customers’ identities
until he dragged them to a Java plum tree in a corner of his village near New
Delhi’s international airport. That was
the only place to get the phone signal needed to tap into the government
database.
… But the
technology is colliding with the rickety reality of India, where many people
live off the grid or have fingerprints compromised by manual labor or age.
… Iris scans are
meant to resolve situations where fingerprints don’t work, but shops don’t yet
have iris scanners.
… Ajay Bhushan
Pandey, chief executive of the government agency that oversees Aadhaar, said
kinks will be ironed out as the system is used, as is the case with software
rollouts. It works 92% of the time, and
that will rise to 95%, he said.
I’ll add this to my RSS feed, assuming this isn’t a false
news report.
the guardian – BBC sets up team to debunk fake news
by Sabrina
I. Pacifici on Jan 12, 2017
“The BBC is to assemble a team to fact
check and debunk deliberately misleading and false stories masquerading as real
news. Amid growing concern among
politicians and news organisations about the impact of false information
online, news chief James Harding told staff on Thursday that the BBC would be
“weighing in on the battle over lies, distortions and exaggerations”. The plans will see the corporation’s Reality
Check series become permanent, backed by a dedicated team targeting false
stories or facts being shared widely on social media. “The BBC can’t edit the internet, but we won’t
stand aside either,” Harding said. “We
will fact check the most popular outliers on Facebook, Instagram and other
social media. “We are working with
Facebook, in particular, to see how we can be most effective. Where we see deliberately misleading stories
masquerading as news, we’ll publish a Reality Check that says so…”
These don’t all work yet.
Pew Fact Sheets – Evolution of Technology
by Sabrina
I. Pacifici on Jan 12, 2017
For my Raspberry Pi geeks: I want the Harry Potter
newspaper!
Raspberry Pi roundup: Read all about it, in today’s Daily
Prophet online
Appropriately, then, for the first Raspberry Pi roundup
after the festive season, we’ve got a copy of the Daily Prophet that does what
a wizarding newspaper is supposed to do, thanks to the technical wizardry of
Piet Rullens.
Rullens turned a trip to the Harry Potter theme park in
Orlando into an attractively designed and authentic-looking Daily Prophet
poster, thanks to a cunningly placed Raspberry Pi 3 and some skillful cutting. An IR distance sensor, when tripped, fires up
the screen, which plays a clip of Rullens at the amusement park.
For my students who still have a hard time believing that
large companies don’t always show a profit.
Lyft lost $600 million last year, but it's making progress in
its ride-hailing war with Uber
Lyft lost $600 million in 2016 in its battle with Uber for
ride-hailing dominance, according
to leaked financial data obtained by The Information's Amir Efrati.
While that loss seems staggering, things are looking up
for Lyft: the $5.5 billion startup generated $700 million in revenue last year,
The Information reports.
No comments:
Post a Comment