Millions Download "System Update" Android Spyware
via Google Play
Millions of users looking to get Android software updates
have been tricked into downloading spyware on their devices through the Google
Play marketplace, Zscaler reveals.
Posing as a legitimate application called “System Update”
and claiming to provide users with access to the latest Android software
updates, the spyware made it to Google Play in 2014, and has registered between
1,000,000 and 5,000,000 downloads by the time Google was alerted and removed it
from the store.
…
Is there no one responsible for Security in the White
House?
Confide gets slapped with a lawsuit that says it’s not as
secure as it claims
A new lawsuit claims that Confide, a privacy-focused
messaging app
reportedly used by several politicians including
those in the Trump administration in February, may not be as
secure as it has advertised.
Filings from a proposed class-action lawsuit in New York
say that Confide's contention that it does not allow its users to take
screenshots of their messages isn't true.
It specifically accuses Confide of breaching false advertising and
deceptive business practices laws.
The inability to keep a record of Confide messages is one
of the product's most-touted features. [Are we looking at another “Hillary email” problem if
the White House does not keep messages?
Bob] If someone tries
to take a picture of a conversation, Confide is supposed to kick out the person
who took the screenshot and alert the other person in the conversation.
… The court filing
includes screenshots of full messages that the complaint says were taken on
personal computers running the Windows version of the app.
(Related).
Apparently, security is not a priority.
Trump blows his deadline on anti-hacking plan
President-elect Donald Trump was very clear: “I will
appoint a team to give me a plan within 90 days of taking office,” he said
in January, after getting a U.S. intelligence assessment of Russian interference
in last year’s elections and promising to address cybersecurity.
Thursday, Trump hits his 90-day mark. There is no team, there is no plan, and there
is no clear answer from the White House on who would even be working on what.
It’s one of the last great intellectual challenges
available. That’s why I like to get
students thinking like White hats. It
costs nothing to start. Tools are
available online for free.
The National Crime Agency has today published research
into how and why some young people become involved in cyber crime.
The report, which is based on debriefs with offenders and
those on the fringes of criminality, explores why young people assessed as
unlikely to commit more traditional crimes get involved in cyber crime.
The report emphasises that financial gain is not necessarily a priority for young offenders. Instead, the sense of accomplishment at
completing a challenge, and proving oneself to peers in order to increase
online reputations are the main motivations for those involved in cyber
criminality.
During his debrief, Subject 7, who was jailed for Computer
Misuse Act and fraud offences, told officers, “…it made me popular, I enjoyed
the feeling… I looked up to those users with the best reputations”.
The report identifies that some offenders begin by
participating in gaming cheat websites and ‘modding’ (game modification) forums
before progressing to criminal hacking forums.
The assessment notes that off-the-shelf tools such as
DDOS-for-hire services and Remote Access Trojans (RATs) are available with step
by step tutorials at little to no cost to the user, making the skills barrier for entry into cyber crime lower than it has
ever been.
It also highlights that whilst there is no
socio-demographic bias, with people across the country from different
backgrounds among offenders, the average
age of cyber criminals is significantly younger than other crime types.
In 2015, the average age of suspects in
NCA cyber crime investigations was 17 years old, compared to 37 in NCA drugs
cases and 39 in NCA economic crime cases.
Subject 1, a member of a hacking collective who sold DDoS
tools and Botnet services, told officers that a warning from law enforcement would have made him stop his activities.
The report also identifies education and opportunities to
use skills positively as helpful in steering potential offenders towards a
future career in cyber security.
Richard Jones, Head of the National Cyber Crime Unit’s
Prevent team, said:
“Even the most basic forms of cyber crime can have huge
impacts and the NCA and police will arrest and prosecute offenders, which can
be devastating to their future. That
means there is great value in reaching young people before they ever become
involved in cyber crime, when their skills can still be a force for good.
“The aim of this assessment has been to understand the
pathways offenders take, and identify the most effective intervention points to
divert them towards a more positive path.
“That can be as simple as highlighting opportunities in
coding and programming, or jobs in the gaming and cyber industries, which still
give them the sense of accomplishment and respect they are seeking.”
The full report can be viewed and downloaded here.
SOURCE: National
Crime Agency
For my serious Computer Security students.
The future of credit card security?
Mastercard Launches Fingerprint-Based Biometric Card
Mastercard announced on Thursday the launch of a biometric
card that combines chip technology with fingerprints in order to allow
consumers to easily authorize financial transactions and verify their identity
when making a purchase.
Before using the fingerprint feature, cardholders need to
register the card with their bank. During
this process, the user’s fingerprint is converted into an encrypted digital
template and stored on the card.
When making an in-store payment, customers dip their card
into the point-of-sale (PoS) terminal and scan their fingerprint on the
embedded sensor. If the fingerprint
matches the one stored on the card, the user is authenticated and the
transaction is approved.
The objection was made in 2015. Nothing has changed?
Alex Emmons reports:
In her first appearance representing
the American public before the top-secret Foreign Intelligence Surveillance
Court in 2015, Amy Jeffress argued that the FBI is violating the Fourth
Amendment by giving agents “virtually unrestricted” access to data from one of
the NSA’s largest surveillance programs, which includes an untold amount of
communications involving innocent Americans.
Read more on The
Intercept.
[From the
article:
The ACLU obtained the hearing transcript and other legal
documents related to the secret court proceedings under the Freedom
of Information Act, and released them to the public on Friday.
For my “everybody has one” students.
Can mobile phones give you a brain tumor? An Italian court
just ruled yes.
Public statements can be confusing. That’s one reason why we have satellites. (Remember, Russia shares a small part of its border
with North Korea and Vladivostok is easily in range of those missiles Kim is
playing with.)
Russia denies it is moving troops close to North Korea
Russian authorities are denying reports that they are
moving troops to the border with North Korea over growing tensions in the
Korean peninsula.
(Related)
Russia refuses to deny troops amassing on North Korea border
Vladimir Putin is refusing to comment on media reports
that Russia is quietly moving military hardware and troops towards the border with
North Korea.
According to the RIA news agency, Kremlin spokesman Dmitry
Peskov said that deployments of Russian troops inside Russia’s own borders were
not a public matter.
An interesting article recalling Google’s big loss.
Torching the Modern-Day Library of Alexandria
No comment.
How Did NY Gov. Andrew Cuomo Make $783,000 In Royalties From
A Book That Sold Only 3,200 Copies?
… In 2015, the
governor reportedly earned zero income from book sales and in the nearly
three years that it's been on the market, it has sold just 3,200 copies. But Cuomo, the Buffalo News found, reported
that he received a total of $783,000 from
HarperCollins in book sales over the past three years, a number that would
translate to royalty payments of nearly $244.69 per copy. On Wednesday, the book was selling on Amazon
for $13.05.
A spokesperson for Gov. Cuomo told International Business
Times, “This payment was contractual and per the agreement with the publisher.”
Can my students “reverse engineer” this to get a job at
Google?
Google shares hiring documents and techniques
by Sabrina
I. Pacifici on Apr 20, 2017
Structure your hiring process with these re:Work tools:
“Hiring someone new is a critical decision for a team or organization, and
every step of the hiring process contributes to the final outcome. Use these resources from Google to help you
approach hiring in a fair and structured way.
- Job description checklist [document]
- Sample structured interview grading rubric [document]
- Interviewer best practices [cheat sheet handout]
- Sample candidate survey [Google Forms survey]
- Interviewer training checklist [document] “
No comments:
Post a Comment