Friday, April 21, 2017

Computer Security means never having to say “Oops!”
Millions Download "System Update" Android Spyware via Google Play
Millions of users looking to get Android software updates have been tricked into downloading spyware on their devices through the Google Play marketplace, Zscaler reveals.
Posing as a legitimate application called “System Update” and claiming to provide users with access to the latest Android software updates, the spyware made it to Google Play in 2014, and has registered between 1,000,000 and 5,000,000 downloads by the time Google was alerted and removed it from the store.
  


Is there no one responsible for Security in the White House?
Confide gets slapped with a lawsuit that says it’s not as secure as it claims
A new lawsuit claims that Confide, a privacy-focused messaging app reportedly used by several politicians including those in the Trump administration in February, may not be as secure as it has advertised.
Filings from a proposed class-action lawsuit in New York say that Confide's contention that it does not allow its users to take screenshots of their messages isn't true.  It specifically accuses Confide of breaching false advertising and deceptive business practices laws.
The inability to keep a record of Confide messages is one of the product's most-touted features.  [Are we looking at another “Hillary email” problem if the White House does not keep messages?  Bob]  If someone tries to take a picture of a conversation, Confide is supposed to kick out the person who took the screenshot and alert the other person in the conversation.
   The court filing includes screenshots of full messages that the complaint says were taken on personal computers running the Windows version of the app.

(Related).  Apparently, security is not a priority.
Trump blows his deadline on anti-hacking plan
President-elect Donald Trump was very clear: “I will appoint a team to give me a plan within 90 days of taking office,” he said in January, after getting a U.S. intelligence assessment of Russian interference in last year’s elections and promising to address cybersecurity.
Thursday, Trump hits his 90-day mark.  There is no team, there is no plan, and there is no clear answer from the White House on who would even be working on what.  


It’s one of the last great intellectual challenges available.  That’s why I like to get students thinking like White hats.  It costs nothing to start.  Tools are available online for free.
The National Crime Agency has today published research into how and why some young people become involved in cyber crime.
The report, which is based on debriefs with offenders and those on the fringes of criminality, explores why young people assessed as unlikely to commit more traditional crimes get involved in cyber crime.
The report emphasises that financial gain is not necessarily a priority for young offenders.  Instead, the sense of accomplishment at completing a challenge, and proving oneself to peers in order to increase online reputations are the main motivations for those involved in cyber criminality.
During his debrief, Subject 7, who was jailed for Computer Misuse Act and fraud offences, told officers, “…it made me popular, I enjoyed the feeling… I looked up to those users with the best reputations”.
The report identifies that some offenders begin by participating in gaming cheat websites and ‘modding’ (game modification) forums before progressing to criminal hacking forums.
The assessment notes that off-the-shelf tools such as DDOS-for-hire services and Remote Access Trojans (RATs) are available with step by step tutorials at little to no cost to the user, making the skills barrier for entry into cyber crime lower than it has ever been.
It also highlights that whilst there is no socio-demographic bias, with people across the country from different backgrounds among offenders, the average age of cyber criminals is significantly younger than other crime types.  In 2015, the average age of suspects in NCA cyber crime investigations was 17 years old, compared to 37 in NCA drugs cases and 39 in NCA economic crime cases.
Subject 1, a member of a hacking collective who sold DDoS tools and Botnet services, told officers that a warning from law enforcement would have made him stop his activities.
The report also identifies education and opportunities to use skills positively as helpful in steering potential offenders towards a future career in cyber security.
Richard Jones, Head of the National Cyber Crime Unit’s Prevent team, said:
“Even the most basic forms of cyber crime can have huge impacts and the NCA and police will arrest and prosecute offenders, which can be devastating to their future.  That means there is great value in reaching young people before they ever become involved in cyber crime, when their skills can still be a force for good.
“The aim of this assessment has been to understand the pathways offenders take, and identify the most effective intervention points to divert them towards a more positive path.
“That can be as simple as highlighting opportunities in coding and programming, or jobs in the gaming and cyber industries, which still give them the sense of accomplishment and respect they are seeking.”
The full report can be viewed and downloaded here.


For my serious Computer Security students.


The future of credit card security?
Mastercard Launches Fingerprint-Based Biometric Card
Mastercard announced on Thursday the launch of a biometric card that combines chip technology with fingerprints in order to allow consumers to easily authorize financial transactions and verify their identity when making a purchase.
Before using the fingerprint feature, cardholders need to register the card with their bank.  During this process, the user’s fingerprint is converted into an encrypted digital template and stored on the card.
When making an in-store payment, customers dip their card into the point-of-sale (PoS) terminal and scan their fingerprint on the embedded sensor.  If the fingerprint matches the one stored on the card, the user is authenticated and the transaction is approved.


The objection was made in 2015.  Nothing has changed? 
Alex Emmons reports:
In her first appearance representing the American public before the top-secret Foreign Intelligence Surveillance Court in 2015, Amy Jeffress argued that the FBI is violating the Fourth Amendment by giving agents “virtually unrestricted” access to data from one of the NSA’s largest surveillance programs, which includes an untold amount of communications involving innocent Americans.
Read more on The Intercept.
[From the article:  
The ACLU obtained the hearing transcript and other legal documents related to the secret court proceedings under the Freedom of Information Act, and released them to the public on Friday.


For my “everybody has one” students.
Can mobile phones give you a brain tumor? An Italian court just ruled yes.


Public statements can be confusing.  That’s one reason why we have satellites.  (Remember, Russia shares a small part of its border with North Korea and Vladivostok is easily in range of those missiles Kim is playing with.)  
Russia denies it is moving troops close to North Korea
Russian authorities are denying reports that they are moving troops to the border with North Korea over growing tensions in the Korean peninsula.

(Related)
Russia refuses to deny troops amassing on North Korea border
Vladimir Putin is refusing to comment on media reports that Russia is quietly moving military hardware and troops towards the border with North Korea.
According to the RIA news agency, Kremlin spokesman Dmitry Peskov said that deployments of Russian troops inside Russia’s own borders were not a public matter.


An interesting article recalling Google’s big loss.
Torching the Modern-Day Library of Alexandria


No comment. 
How Did NY Gov. Andrew Cuomo Make $783,000 In Royalties From A Book That Sold Only 3,200 Copies?
   In 2015, the governor reportedly earned zero income from book sales and in the nearly three years that it's been on the market, it has sold just 3,200 copies.  But Cuomo, the Buffalo News found, reported that he received a total of $783,000 from HarperCollins in book sales over the past three years, a number that would translate to royalty payments of nearly $244.69 per copy.  On Wednesday, the book was selling on Amazon for $13.05.
A spokesperson for Gov. Cuomo told International Business Times, “This payment was contractual and per the agreement with the publisher.”


Can my students “reverse engineer” this to get a job at Google?
Google shares hiring documents and techniques
by Sabrina I. Pacifici on Apr 20, 2017
Structure your hiring process with these re:Work tools: “Hiring someone new is a critical decision for a team or organization, and every step of the hiring process contributes to the final outcome.  Use these resources from Google to help you approach hiring in a fair and structured way.

No comments: