Yahoo warning users that hackers forged cookies to access
accounts
Yahoo is warning some customers that state-sponsored attackers have accessed their accounts by
using a sophisticated cookie forging attack, which doesn't require obtaining
user passwords.
… An email from
Yahoo forwarded to ZDNet said:
"Our outside forensic experts have been investigating
the creation of forged cookies that could allow an
intruder to access users' accounts without a password. Based on the ongoing investigation, we believe
a forged cookie may have been used in 2015 or 2016 to access your account."
… It's not known
how many customers are affected, though state-sponsored attacks are typically
targeted and are in small numbers.
… Yahoo said that
hackers were later able to get access to accounts without needing passwords
after stealing the company's source code
used to generate cookies.
… Yahoo began
sending out emails on Wednesday, as news broke that Verizon, which is buying
the web giant, lowered its price for the
company by $250 million as a result of the two hacks.
…because it’s not always Russia.
Iranian Spies Target Saudi Arabia in "Magic Hound"
Attacks
A cyber espionage operation
linked to Iran and the recent Shamoon 2 attacks has targeted several
organizations in the Middle East, particularly in Saudi Arabia.
Researchers at Palo Alto Networks have been monitoring the
campaign, which dates back to at least mid-2016. Dubbed “Magic
Hound,” the operation has been aimed at energy, government and
technology sector organizations that are located or have an interest in Saudi
Arabia.
Grounds for immediate termination? Surely, they are not defending themselves
against the President of the United States?
GOP demands inquiry into EPA use of encrypted messaging apps
… Federal
employees with concerns about the impact of President Donald Trump's
administration have turned to encrypted messaging apps, new email addresses and
other ways to coordinate their defense
strategies, according to a report earlier this month from Politico.
That article and others prompted Rep. Darin LaHood, a
Republican from Illinois, and Rep. Lamar Smith, a Republican from Texas, to send a letter to EPA Inspector
General Arthur A. Elkins, Jr. asking him to "determine whether it's
appropriate to launch a full-scale review" of EPA workers' use of
encrypted apps.
… "Over the past few years, we have seen
several examples of federal officials' circumventing Federal Records Act
requirements and transparency generally," they wrote. "In this instance, the Committee is
concerned that these encrypted and off-the-record communication practices, if
true, run afoul of federal record-keeping requirements, leaving information
that could be responsive to future Freedom of Information Act (FOIA) and
congressional requests unattainable."
… The letter on
Wednesday cited a recent review from the EPA inspector general that found
between July 1, 2014 and June 30, 2015, only 86 of
the 3.1 million text messages sent or received on government-issued devices
were preserved and archived as a federal record.
(Related). Perhaps
it’s just because encryption is much more available?
Disruption. Is the telephone
industry doomed?
Amazon and Google Want to Turn Their Smart Home Speakers Into
Telephone Replacements
Both Amazon and Google are working on turning their
popular AI-based speaker products into replacements for a home telephone,
reports The
Wall Street Journal.
The Amazon Echo and/or the Google Home could be used to
make and receive phone calls, with the two companies planning to add the
updated functionality as soon as this year.
… Google and
Amazon are said to be working to overcome concerns about privacy, telecom
regulations, and emergency services, plus the "inherent awkwardness"
of making phone conversations via a speaker. The two companies are worried consumers won't
want to speak on a device that is able to record conversations. Both the
Echo and the Home continuously record audio to enable AI responses.
Interesting to see software
companies trying to lock in car manufacturers.
Who will win the self-driving wars?
Tata Motors drives with Microsoft: Here’s what the deal is
about; 10 key points of the tie-up
Reading is good.
No comments:
Post a Comment