Joseph Cox reports:
The industry for so-called
encrypted or secure phones is a lively one. Several firms sell custom BlackBerry or
Android devices that may come pre-loaded with tools such as PGP email for
sending messages, and some of these companies’ products have allegedly
been used by organized crime.
But it’s also a competitive
market. Customer data from one company,
including email addresses and unique IMEI numbers from users’ phones, is now
available online for anyone to dig into, and Ciphr, the victim company, claims the data dump was the work of a competitor.
Read more on Motherboard.
Risky burritos. With
2,000 locations, this could be big.
Melissa Stephenson reports:
Chipotle Mexican Grill announced
Tuesday that they have detected a data security breach.
The company believes the breach
may have affected transactions from March 24 through April 18.
Read more on WTKR.
Not bad enough you were hacked, now you have blackmailers
using the hacked data against you.
Graham Cluley reports:
Blackmailers are once again
trying to make money out of the notorious Ashley Madison hack, which exposed
the details of registered members of the cheating website in 2015.
Robin Harris writes on ZDNet
that he has received a blackmail threat, alerting him that unless he pays up
$500 worth of Bitcoin his personal details will be shared on a new website
being created by the extortionists.
The site, which the blackmailers
claim will be launched on May 1 2017, is said to be called “Cheater’s Gallery”:
“On May 1 2017 we are launching
our new site — Cheaters Gallery – exposing those who cheat and destroy
families. We will launch the site with a
big email to all the friends and family of cheaters taken from Facebook, LinkedIn
and other social sites. This will
include you if do not pay to opting out.”
Read more on HotForSecurity.
Do you really want to play around in Tony Soprano’s back
yard?
Paul Milo reported this yesterday:
Hackers have disabled some City
of Newark computers and are now demanding about $30,000 worth of the online currency
Bitcoin to render them operable once again, TAPInto reported Monday.
The computers were infected over
the weekend with an encryption that affects nearly all files that operate on a
desktop, according to a document obtained by TAPInto.
Read more on NJ.com.
A hardcoded key is the same as an unchangeable default
password.
Flaws in Hyundai App Allowed Hackers to Steal Cars
The Blue Link application, available for both iOS and
Android devices, allows users to remotely access and monitor their car. The list of features provided by the app
includes remote engine start, cabin temperature control, stolen vehicle
recovery, remote locking and unlocking, vehicle health reports, and automatic
collision notifications.
… Versions 3.9.4
and 3.9.5 of the Blue Link apps upload an encrypted log file to a pre-defined
IP address over HTTP. The name of the
file includes the user’s email address and the file itself contains various
pieces of information, such as username, password, PIN, and historical GPS
data.
While the log file is encrypted, the encryption relies on a hardcoded key that cannot be modified.
A man-in-the-middle (MitM) attacker —
e.g. via a compromised or rogue Wi-Fi network — can intercept HTTP traffic
associated with the Blue Link application and access the log file and the data
it contains.
“How brave a world where devices doth conspire!” A possible AI Shakespeare?
Man Arrested in Wife's Murder After Fitbit Data Pokes Holes
in His Alibi
A Connecticut man was arrested and charged with the murder
of his wife after police found that Fitbit data didn't match his
alibi.
Connecticut's Richard Dabate was accused
of killing his wife Connie, who was found dead from gunshot wounds at their
home in December 2015. Dabate said an
unknown intruder broke into their house before shooting his wife and subduing
Dabate with precision use of pressure points. But investigators have uncovered
inconsistencies between his account and that of the devices he and Connie used,
including the fitness tracker she wore on her wrist.
Evidence from her Fitbit, which works as a digital pedometer to keep track of the wearer's
daily activity, shows she was up and moving an hour after Dabate claimed she
had been attacked. It further pokes
holes into his account of her morning, noting just how far she moved after
arriving home. Electronic records from
e-mail, phone, and text messages also contribute to a complicated picture,
showing a marriage in trouble and the presence of a pregnant girlfriend. Dabate claimed his wife's life insurance
policy the day after the crime.
A source of used Stingrays?
Mike Maharrey writes:
…Arizona Gov. Doug Ducey
signed a bill that bans the use of “stingrays” to track the location
of phones and sweep up electronic communications without a warrant in most
situations. The new law
will not only protect privacy in Arizona, but will also hinder one
aspect of the federal surveillance state.
Sen. Bob Worsley (R-Mesa)
introduced Senate bill 1342 (SB1342)
back in January. The legislation will
help block the use of cell site simulators, known as “stingrays.” These devices essentially spoof cell phone
towers, tricking any device within range into connecting to the stingray
instead of the tower, allowing law enforcement to sweep up communications
content, as well as locate and track the person in possession of a specific
phone or other electronic device.
Read more on Tenth
Amendment Center.
Determining what to block or take down in real time is
almost impossible. Perhaps AI can speed
up detection, but can it anticipate a user’s post? When do you merely block or take down and when
do you notify the police?
Thai Police Will Review Ways to Take Down Content After Man
Murders Baby in Facebook Video
Police in Thailand on Wednesday said they would discuss
how to speed up taking down "inappropriate online content" after a
man broadcast himself killing his 11-month-old daughter in a
live video on Facebook.
(Related). Tips for
hackers. Problems for Forensic
students.
A Trick That Hides Censored Websites Inside Cat Videos
A pair of researchers behind a system for avoiding
internet censorship wants to deliver banned websites inside of cat videos. Their system uses media from popular,
innocuous websites the way a high schooler might use the dust jacket of a
textbook to hide the fact that he’s reading a comic book in class. To the overseeing authority—in the classroom,
the teacher; on the internet, a government censor—the content being consumed
appears acceptable, even when it’s illicit.
The researchers, who work at the University of Waterloo’s
cryptography lab, named Slitheen after a race
of aliens from Doctor Who who wear the skins of their human victims to
blend in. The system uses a technique
called decoy routing, which allows users to view blocked sites—like a
social-networking site or a news site—while generating a browsing trail that
looks exactly as if they were just browsing for shoes or watching silly videos
on YouTube.
For my Computer Security students. Possible exam question: There are 65000 X 2
ports, name them!
Securing risky network ports
Data packets travel to and from numbered network ports
associated with particular IP addresses and endpoints, using the TCP or UDP
transport layer protocols. All ports are
potentially at risk of attack. No port
is natively secure.
… There is a total
of 65,535 TCP ports and another 65,535 UDP ports; we’ll look at some of the
diciest ones.
Also, an issue for my Computer Security students to
consider. (AKA: Need to know) All new files should start with a “no one can
access” rule and that will change only when managers specifically authorize a
change.
Organizations Fail to Maintain Principle of Least Privilege
Security requires that confidential commercial data is
protected; compliance requires the same for personal information. The difficulty for business is the sheer
volume of data generated makes it difficult to know where all the data resides,
and who has access to it. A new report
shows that 47% of analyzed organizations in 2016 had at least 1,000 sensitive
files open to every employee; and 22% had 12,000 or more.
These figures come from the Varonis 2016 Data Risk
Assessments report.
Each year Varonis conducts more than
1,000 risk assessments for both existing and potential customers.
… Varonis believes
that organizations spend too much time and money in defending specific threats
to keep attackers off the network; rather than protecting the data itself from
both opportunistic insiders and hackers that breach the 'perimeter'. In January of this year, a separate report (PDF)
from Forrester (commissioned by Varonis) concluded that "an overwhelming
majority of companies face technical and organizational challenges with data
security, are focused on threats rather than their data, and do not have a good
handle on understanding and controlling sensitive data."
Only China? No
other country is a risk? Wake up,
DHS.
Adam Schwartz writes:
EFF has joined a coalition effort,
led by Asian Americans Advancing Justice (AAAJ), to oppose the federal
government’s proposal to scrutinize the social media activities of Chinese visitors.
Specifically, U.S. Customs and Border
Protection (CBP) seeks
to ask certain visa applicants from China to disclose the existence of their
social media accounts and the identifiers or handles associated with those
accounts.
Last year, EFF opposed
a
similar CBP
proposal concerning foreign visitors from countries that participate in the
Visa Waiver Program (VWP). CBP finalized this proposal in December 2016.
Read more on EFF.
My students seem reluctant to use self-driving cars. Will they even consider self-flying?
Uber plans to rule the skies by 2020
Uber has revealed plans to team up with Aurora Flight
Sciences to create and test out a network of aerial taxis for passengers to
hire by 2020.
On Tuesday at Uber's Elevate Summit in Dallas, Texas, the
companies said the electric vertical takeoff and landing (eVTOL) aircraft
will be part of the Uber Elevate Network, a scheme designed to eventually give
Uber users the opportunity to use both land and air to reach their destination.
[What? No submarines? Bob]
My Indian students seem to think it is already an equal to
Amazon.
http://knowledge.wharton.upenn.edu/article/funding-flipkart-can-indias-internet-unicorn-take-amazon/
Funding Flipkart: Can India’s Internet ‘Unicorn’ Take on
Amazon?
Let’s hope this is not United’s fault.
United Airlines investigates giant bunny death
United Airlines is investigating the death of a giant
rabbit which was being transported on one of its planes.
The 90cm-long bunny, called Simon, was found dead in the
cargo hold when the flight arrived at Chicago's O'Hare airport from London
Heathrow.
Reports in UK media say the 10 month-old giant rabbit was
being delivered to a new "celebrity" owner.
… Owner Annette
Edwards told the
paper: "Simon had a vet's check-up three hours before the flight and
was fit as a fiddle.
"Something very strange has happened and I want to
know what. I've sent rabbits all around
the world and nothing like this has happened before."
Something to record my lectures for later listening?
This Online Audio Editor Is Beautiful
Beautiful Audio Editor is a free audio editor that you can
use in the Chrome and Firefox web browsers. Beautiful Audio Editor lets you record spoken
audio directly and or import audio that you have previously recorded in MP3 and
WAV formats. You can edit and blend
multiple tracks in the Beautiful Audio Editor. When your audio editing project is complete
you can download it as an MP3 file, download it as a WAV file, or you can save
it in Google Drive.
No comments:
Post a Comment