Serious Breach Linked to Chinese APTs Comes to Light
A report published earlier this month by RSA describes Kingslayer,
a supply chain attack that apparently targeted system administrators in some
large organizations. The attackers
breached the systems of a company that offers event log analyzers and replaced
a legitimate application and its updates with a backdoored version.
… While it’s
unclear exactly how many organizations downloaded the backdoored software in
the April 9-25 timeframe, RSA said the portal that hosted it had numerous
subscribers, including four major telecoms providers, over ten western military
organizations, more than two dozen Fortune 500 companies, five major defense
contractors, and tens of IT solutions providers, government organizations,
banks and universities.
While RSA has not named the company whose systems were
compromised, investigative journalist Brian
Krebs determined that it was Canada-based Altair Technologies Ltd.
… The EventID.Net
website hosted EvLog, the software hijacked by the attackers. A notice posted on
the site on June 2016 provides some details on the incident and recommendations
for potentially affected users.
However, as Krebs pointed out, the advisory does not
appear to have been shared on social media and there was no link to it from
anywhere on the site – a link was added this week after the journalist
contacted Altair Technologies. The company told Krebs it had no way of knowing who
downloaded the software so potential victims were not notified directly either.
Stealing data is easy!
From AirTalk:
Before fighting everyone in the
room to plug your smartphone into the communal charger: please don’t.
Or at least, beware.
Coffee shops, airports and almost
every other kind of public meeting space have become regular safe havens
whenever we’re desperate for that extra juice. But with the ubiquity of USB ports built into
today’s phone chargers, this flow of “juice” isn’t just power anymore – it’s
data. Important data.
All it takes is one easily
disguised charging kiosk, or even a power strip, for hackers to hijack your
charge, and once you’re juice-jacked,
there’s little that can be done to stop it; from installing malware onto your
device, to sucking out personal messages, photos and information – all for the
simple cost of offering sweet-relief and a fully-powered phone.
Listen to the show on SCPR.org.
Acquiring personal information is even easier.
The Facebook Algorithm Is Watching You
You can tell a lot about a person from how they react to
something.
That’s why Facebook’s various “Like” buttons are so powerful.
Clicking a reaction icon isn’t just a
way to register an emotional response, it’s also a way for Facebook to refine
its sense of who you are. So when you
“Love” a photo of a friend’s baby, and click “Angry” on an article about the
New England Patriots winning the Super Bowl, you’re training Facebook to see
you a certain way: You are a person who seems to love babies and hate Tom
Brady.
About time. Note
that apparently, there was nothing illegal here, it was ‘just’ unethical. No way to recover any money (from bonuses
already paid).
Wells Fargo Fires Four Senior Managers Amid Phony Account
Scandal Investigation
… Wells Fargo
announced Tuesday that it has terminated four current or former senior managers
from the community banking division based on the bank's board of directors'
investigation into the phony account scandal.
… All four
individuals have been terminated for cause by a unanimous vote by the board of
directors. None will receive a bonus for
2016, Wells said, and they will forfeit all of their unvested equity awards and
vested outstanding options.
… Consumers have
exacted their own sort of punishment on the bank: account openings in October,
the first full month of results after news of the account scandal broke, plunged
44%. Account openings in November fell 41% and, in a banking activity report released last
week, Wells said that account openings in December fell 31% compared to the
prior year.
Interesting but futile? “If we can’t operate under these rule, we’ll
re-write them!”
I still worry that I will have to have a (several?) smartphones
or social media accounts to get back in the country. Currently, I have neither.
A Stand Against Invasive Phone Searches at the U.S. Border
… Senator Ron
Wyden, a Democrat from Oregon, has a few questions about that legal authority. He sent a letter to the
secretary of the Department of Homeland Security on Monday, expressing dismay
at reports that people were being asked to unlock and hand over their
smartphones at the border. He also said
he’s planning on introducing a bill to require agents to get a warrant before
searching a device, and to prevent DHS from implementing a new policy that
would require foreign visitors to turn over their online passcodes before
visiting the U.S.
… Wyden asked DHS
Secretary John Kelly for detailed statistics on the number of times customs
agents asked for or demanded a smartphone or computer password in the past five
years as well as since Trump took office in January. He also asked how Customs and Border
Protection, or CBP, justifies these searches legally, focusing specifically on
the Fifth Amendment, which protects people from testifying against themselves. (I’ve written before how
the Fifth Amendment prevents law enforcement from demanding that someone give
up a password—and how it may not apply to devices that are unlocked via
fingerprint, iris scans, or speech patterns.)
… The senator also
took aim at a proposal that Kelly put forward in front of the House Homeland
Security Committee two weeks ago. He
suggested that visitors may be required to turn over
passwords to their social-media accounts or risk being denied entry. The idea alarmed privacy advocates, who say
such a rule would give CBP agents an overly broad look into travelers’ digital
lives.
Issuing a blanket approval for social-media searches at
the border could run into thorny legal issues, too. To get a subject’s personal information from a
company like Facebook, Google, or Apple, law enforcement must first obtain a
subpoena or a search warrant, which it can then use to ask the company to turn
over relevant data. Getting social media
passwords straight from a traveler would end-run this system.
Another phone search restriction.
Orin Kerr writes:
If a police agency gets a search
warrant and seizes a target’s iPhone, can the agency share a copy of all of the
phone’s data with other government agencies in the spirit of “collaborative law
enforcement among different agencies”? Not
without the Fourth Amendment coming into play, a federal court ruled last week
in United States v. Hulscher, 2017 WL 657436
(D.S.D. February 17, 2017).
Read more on The
Volokh Conspiracy.
Fast managers, not just fast computers.
AI and the Need for Speed
Artificial intelligence (AI) holds substantial promise for
organizations to reduce costs and increase quality, but how AI affects
organizations’ use of and relationship to time — in reacting, managing, and
learning — may be the most jarring.
Another interesting move.
Why start in India? A deal with
Modi? Need for workers in the smartphone
factories?
LinkedIn will help people in India train for semi-skilled
jobs
Microsoft has launched Project Sangam, a cloud service
integrated with LinkedIn that will help train and generate employment for
middle and low-skilled workers.
The professional network that was acquired by Microsoft in
December has been generally associated with educated urban professionals, but
the company is now planning to extend its reach to semi-skilled people in
India.
Having connected white-collared professionals around the
world with the right job opportunities and training through LinkedIn Learning,
the platform is now developing a new set of products that extends this service
to low- and semi-skilled workers, said Microsoft CEO Satya Nadella at an event
on digital transformation in Mumbai on Wednesday.
Project Sangam, which is in private preview, is “the first
project that is now the coming together of LinkedIn and Microsoft, where we are
building this cloud service with deep integration with LinkedIn, so that we can
start tackling that enormous challenge in front of us of how to provide every
person in India the opportunity to skill themselves for the jobs that are going
to be available.”
Will retail banks be replaced by social media?
Bank Accounts for the Unbanked: Evidence from a Big Bang
Experiment
by on
Chopra, Yakshup and Prabhala, Nagpurnanand and Tantri,
Prasanna L., Bank Accounts for the Unbanked: Evidence from a Big Bang
Experiment (February 12, 2017). Available at SSRN: https://ssrn.com/abstract=2919091
“Over 2.5 billion individuals around the world are
unbanked. How they can be brought into
the formal financial system is a question of policy and academic interest. We provide evidence on this question from
India’s PMJDY program, a “big bang” shock that supplied bank accounts to
virtually all of its 260 million unbanked. We analyze activity in the new PMJDY accounts
using actual transaction data in the accounts. While the newly included individuals are
typically poor, unfamiliar with banking, and do not undergo literacy or other
training, transaction levels nevertheless increase as accounts age and converge
or exceed levels in non-PMJDY accounts of similar vintage. Usage is led by active transactions and is
aided but not entirely explained by benefit transfer programs. The results suggest that the unbanked have
unmet (possibly latent) demand for banking, or that the supply of banking
perhaps stimulates its own demand.”
(Related).
TransferWise launches Facebook Messenger bot for easy global
money transfers
There’s no App for that?
Will the first App to check IDs make the author a fortune? Or does the law say it must be a “person?”
Amazon plans to sell beer and wine at its new high-tech
convenience store
… “When we start
offering beer and wine, there will be an associate checking identification,” an
Amazon spokesperson wrote in an email.
I’m going to be watching this one. How could they steal so much without
detection?
Switzerland's ABB hit by $100 million South Korean fraud
Swiss engineering group ABB revealed the discovery of what
it called a "sophisticated criminal scheme" in its South Korean
subsidiary on Wednesday, which it expects will result in a $100 million pre-tax
charge.
… The Swiss
company said the alleged theft was limited to South Korea, where it employs
around 800 people and generated sales of $525 million in 2015. [And this
guy stole 20% of everything they sold?
Bob]
"The treasurer of the South Korean unit is suspected
of forging documentation and colluding with third parties to steal from the
company," ABB said.
A “little” change, but a big investment. How do they “Deliver?” Fly over and just drop the package? Fly onto your porch and set it in full view
of package thieves? Open the garage door
and set it on your work bench?
UPS tests show delivery drones still need work
… The logistics
juggernaut specifically launched an octocopter, or multi-rotor drone, from the
top of a delivery van. The drone
delivered a package directly to a home, then returned to the van which had now
moved down the road to a new location.
… The truck for
the test was custom-built to be able to launch the HorseFly drone from
its roof, then grab it upon its return with robotic arms. A cage suspended beneath the drone extends
through a hatch in the truck, where the drone can be lowered down and
loaded up with another package. While
docked, the drone recharges through a physical connection between its arms and the
truck’s electric battery.
Not even as an historical collection? If I faced or used these weapons, shouldn’t I
be allowed to show others what they can do? Am I limited to guns labeled “Not for military
use?”
Appeals court rules banned assault weapons are designed to
kill or disable enemy on battlefield
by on
Slate – Appeals Court Rules that Second Amendment Doesn’t
Protect Right to Assault Weapons: “On Tuesday [February 21, 2017] , the
U.S. Court of Appeals for the 4th Circuit ruled that the Second Amendment
doesn’t protect assault weapons—an extraordinary decision keenly
attuned to the brutal havoc these firearms can wreak. Issued by the court sitting en banc, Tuesday’s
decision reversed a previous ruling in which a panel of judges had struck down
Maryland’s ban on assault weapons and detachable large capacity magazines. Today’s ruling is a remarkable victory for gun
safety advocates and a serious setback for gun proponents who believe the
Second Amendment exempts weapons of war from regulation…”
Something all my students should read. In particular, those who think our writing
center won’t help them.
… this is the
story of how a group of bank examiners at the Federal Reserve Bank of
Philadelphia, one of 12 banks in the U.S.’s Federal Reserve System,
dramatically improved the clarity and impact of their written reports.
Tools for school?
Tools for home?
No comments:
Post a Comment