Sometimes you just have to grin when the bad guys screw
up, misconfigure their backup, and expose their entire operation to the world. This is one of those times. Chris Vickery of the MacKeeper Security
Research team and Steve Ragan of Salted Hash have the mega leak of the
year.
Steve writes:
This is the story of how River
City Media (RCM), Alvin Slocombe, and Matt Ferris, accidentally exposed their entire operation to
the public after failing to properly configure their Rsync backups.
The data from this well-known,
but slippery spamming operation, was discovered by Chris Vickery, a security researcher for
MacKeeper and shared with Salted Hash, Spamhaus, as well as relevant law
enforcement agencies.
While security practitioners are
familiar with spammers and their methods, this story afforded Salted Hash with
a rare opportunity to look behind the curtain and view their day-to-day
operations.
Grab your coffee and read their coverage on MacKeeper
and Salted
Hash while I try to wake up more. Why should you read it, you wonder? Because you or someone in your family is
probably affected. As Chris explains:
The situation presents a tangible
threat to online privacy and security as it involves a database of 1.4 billion email accounts combined with
real names, user IP addresses, and often physical address. Chances are that you, or at least someone you
know, is affected.
"The Capitalists will sell us the rope with which we
will hang them." Vladimir Ilyich
Lenin Was that the start of the Russian
kleptocracy?
Michael Riley reports:
Russian hackers are targeting
U.S. progressive groups in a new wave of attacks, scouring the organizations’
emails for embarrassing details and attempting to extract hush money, according
to two people familiar with probes being conducted by the FBI and private
security firms.
At least a dozen groups have faced
extortion attempts since the U.S. presidential election, said the people, who
provided broad outlines of the campaign. The ransom demands are accompanied by
samples of sensitive data in the hackers’ possession.
Read more on Bloomberg.
Dang! I hope they
don’t find the others…
Bug Bounty Hunter exposes glitch in Uber that let users ride
for free
Bengaluru-based Anand Prakash, a web applications security
expert and a bug bounty hunter discovered a glitch in Uber’s payment system
which could have been used to get unlimited rides. The bug has been fixed now by Uber’s security
team but the white hat hacker lays it all on his blog.
[Anand’s blog: http://www.anandpraka.sh/
Because it is better to have a tool to find perpetrators
than to let them know how the FBI does it?
Either way, this means jobs for my Ethical Hacking students.
To keep Tor hack source code secret, DOJ dismisses child porn
case
Rather than share the
now-classified technological means that investigators used to locate a
child porn suspect, federal prosecutors in Washington state have dropped
all charges against a man accused of accessing Playpen, a notorious and
now-shuttered website.
The case, United States v. Jay Michaud, is one of
nearly 200 cases nationwide that have raised new questions about the
appropriate limitations on the government’s ability to hack criminal suspects. Michaud marks just the second time
that prosecutors have asked that case be dismissed.
… The DOJ has
called this exploit a "network investigative technique," (NIT)
while many security experts have dubbed it as "malware."
Defense attorneys have attempted to gain access to some,
if not all, of the NIT’s source code as part of the criminal discovery process. In a related case prosecuted in New
York, an FBI
search warrant affidavit described both the types of child pornography
available to Playpen’s 150,000 members and the NIT’s
capabilities.
Last year, US District Judge Robert Bryan ordered
the government to hand over the NIT's source code in Michaud. Since that
May 2016 order, the government has classified
the source code itself, thwarting efforts for criminal discovery in more
than 100 Playpen-related cases that remain pending.
… However, some
legal experts have argued that such "lawful hacking" is an
appropriate way for the government to combat the so-called
"going dark" problem—the widespread use of sophisticated
anti-surveillance tools, such as Tor and other forms of encryption that stymie
traditional law enforcement.
A carrot to match the VX nerve gas stick? Is the North finally crumbling?
Hoping to Lure High-Level Defectors, South Korea Increases
Rewards
SEOUL, South Korea — South Korea said on
Sunday that it would quadruple the cash reward it provides for North Korean
defectors arriving with sensitive information to 1 billion won, or $860,000, in
an effort to encourage more elite members from the North to flee.
(Related). A flurry
before crashing?
North Korea launches more missiles; 3 land in Japanese waters
TOKYO — North Korea launched
four missiles Monday morning, a provocative barrage that coincided both with
joint U.S.-South Korean military exercises on the southern half of the
peninsula and with the opening of the annual National People’s Congress in
China.
… “Every year this
time, they try to do something to defy the exercises,” said Bruce Bennett, a
North Korea expert at the Rand Corp. in California. “This time, I think they’re also interested in
making a statement to the Chinese and to let Beijing know this coal ban is
going to hurt,” he said, referring to Beijing’s decision last month to stop
importing coal from North Korea, cutting off a major economic lifeline.
… China expressed
its dismay over the launch, with a Foreign Ministry spokeswoman saying it
“opposes” launches that undermine U.N. resolutions. Russia, meanwhile, was more blunt, describing
itself as “seriously worried” about the launches which raise tensions in the
region.
Those who don’t study history are doom to have an AI do it
for them? Will reliance on AI always
result in making the right decisions?
Kensho's AI For Investors Just Got Valued At Over $500
Million In Funding Round From Wall Street
When the United Kingdom voted to leave the European
Union in June, ultimately tanking the British pound, traders with access to
Cambridge, Massachusetts-based artificial intelligence platform Kensho had a
special advantage.
With a few keystrokes on Kensho's AI-powered platform,
traders quickly combed through an intelligence-grade
database [What does than mean? Bob]
of information and in seconds learned that populist
votes such as Brexit historically led to an extended drop in the local
currency, washing out any short-term recovery. That's exactly what happened in the days and
months after Brexit. The pound plunged
to three-decade lows in July, sinking to $1.28 versus the dollar, before
rallying slightly to $1.33. The currency
has been in a slump since then and currently sits at $1.24. It was one of the biggest trades in currency
markets since billionaire
George Soros broke the Bank of England in 1992.
Perspective. Worth
reading.
Will Democracy Survive Big Data and Artificial Intelligence?
The digital revolution is in full swing. How will it change our world? The amount of data we produce doubles every
year. In other words: in 2016 we
produced as much data as in the entire history of humankind through 2015. Every minute we produce hundreds of thousands
of Google searches and Facebook posts. These
contain information that reveals how we think and feel. Soon, the things around us, possibly even our
clothing, also will be connected with the Internet. It is estimated that in 10 years’ time there
will be 150 billion networked measuring sensors, 20 times more than people on
Earth. Then, the amount of data will
double every 12 hours
A geeky future! I
wonder if I can finally get a Jaguar XKE body with modern Ford running gear?
Ford Starts Pilot Testing Stratasys Infinite Build 3D Printer
… Stratasys, one
of the leading manufacturers of additive manufacturing systems has developed a
means to build parts that theoretically have no size limit. They use a combination of industrial robots
and a print-head that extrudes the material in a way that is somewhat similar
to the desktop Makerbot printers that it also produces.
… For its infinite
build system, Stratasys uses containers of micropellets rather than a
continuous filament in a process known as fused deposition modeling (FDM). The FDM process still builds up layers of
material like other systems, but because the robot head can move and rotate in
3 dimensions, the layers don’t have to be flat slices. This enables the production of more complex
shapes and potentially the optimizing the layout of the layers to maximize
properties like the strength while reducing weight.
Or, I could just ask my students.
We’ve lost empathy and critical thinking.
We no longer try to understand things from the perspectives of
others. Instead, we’re quick to demonize
dissenters. We don’t want thoughtful
discourse. We want to be right
and we want everyone else to agree.
But that’s not how life works. Most issues are complex, so much so that
black-and-white answers are often disingenuous at best and outright harmful at
worst, which is why ProCon
is such an important website for us today.
Helping my students get rich.
Y Combinator opens registration for its free Startup School
online course
Y Combinator is
making its Startup School event
available to more people in the form of a massively open
online course (MOOC). Starting
today, you can register for a spot to watch the various industry leaders and
entrepreneurs that the startup program has lined up to guest lecture during this
10-week course. Participants will also
receive access to a Slack-powered community so they can converse with their
classmates.
As for the final exam, participants will be invited to
present what they’ve built to the entire class in what is essentially a pseudo
Demo Day. The best part is that Y
Combinator is giving this all away for free.
For my students.
IBM's online quantum machine gets faster
The machine, based in New York, has been available via the
internet since May last year.
… While the system
it has made publicly available is currently only as powerful as a standard
laptop, it is an important first step, said IBM scientist Dr Jerry Chow.
"It is about growing an eco-system of users,
developing a community that can grow and define the software that will run
it," he explained.
He added that the system now includes an interface which
allows programmers to launch instructions for the machine using traditional
programming languages.
… Most agree that
when quantum computing hits 50 qubits - more powerful than the most powerful
supercomputers currently available - that will be something of a magic number.
IBM's quantum computer will now offer simulation of 20
qubits, up from its original five.
"Classical computers are extraordinarily powerful and
will continue to advance and underpin everything we do in business and
society," said Tom Rosamilia, senior vice president of IBM Systems.
"But there are many problems that will never be
penetrated by a classical computer. To
create knowledge from much greater depths of complexity, we need a quantum
computer."
Just for me and my minions.
Mockaroo
Need some mock data to test your app?
Mockaroo lets you generate up to 1,000 rows of realistic
test data in CSV, JSON, SQL, and Excel formats.
No comments:
Post a Comment