Linguistic Analysis Suggests WannaCry Authors Speak Chinese
A linguistic analysis of
more than two dozen ransom notes displayed by the WannaCry ransomware suggests
that its authors are fluent Chinese speakers and they also appear to know
English.
While malware
code similarities suggest that WannaCry
has been developed by the North Korea-linked threat actor known as Lazarus,
some believe the attack does not
fit Pyongyang’s style and interests.
Researchers at threat intelligence firm Flashpoint have
analyzed 28 WannaCry ransom notes, including ones written in Chinese (both
simplified and traditional), Danish, Dutch, English, French, German,
Indonesian, Italian, Japanese, Korean, Norwegian, Portuguese, Romanian,
Russian, Spanish, Swedish and Turkish.
The linguistic
analysis showed that there are significant differences between the
notes written in Chinese and the ones written in other languages. Evidence suggests that the Chinese note, which
mostly uses proper grammar, punctuation and syntax, was actually written with a
Chinese-language keyboard.
… Experts pointed
out that the note written in Chinese includes a significant amount of content
that is not present in other versions, and they believe it may have served as
the source for the English version.
Heartless hackers?
Thousands of Third-Party Library Flaws Put Pacemakers at Risk
Researchers have conducted a
detailed analysis of pacemaker systems from four major vendors and discovered
many potentially serious vulnerabilities.
The fact that implantable cardiac devices such as
pacemakers and defibrillators are vulnerable to
hacker attacks has been known for years, and while steps have been
taken to address issues, security experts still report finding flaws in these
products.
WhiteScope, a company founded by Billy Rios, one of the
first security researchers to analyze medical
devices, recently conducted an analysis
of the implantable cardiac device ecosystem architecture and implementation
interdependencies, with a focus on pacemakers.
… Tests conducted
on devices acquired from eBay showed that reverse engineering their firmware is
made easy by the fact that many of them use commercial, off-the-shelf
microprocessors.
… WhiteScope has
analyzed four pacemaker programmers and found that they use more than 300
third-party libraries. Of these
components, 174 are known to have a total of more than 8,000 vulnerabilities.
“Despite efforts
from the FDA to streamline routine cybersecurity updates, all
programmers we examined had outdated software with known vulnerabilities,” Rios
said in a blog
post.
… Another
potential problem is the fact that programmers do not require any type of authentication
for programming implantable cardiac devices.
Am I aiding and abetting the Streisand Effect? (I certainly hope so.) “Those who do not understand the Streisand
Effect are doomed to repeat it?” Worth
reading, just to list the errors.
I am really out of patience for people
threatening me or my site. Look at
this one:
I need to you get rid of an
article off of your website: The link is:
[ … ]
If Steffan Dalsgaard didn’t like CYTTA’s press
release or their 8-K SEC
filing, he had remedies available to him. You threatening my site 2+ years later on his
behalf is not among those remedies. If you had additional information to submit as
an update or for a correction, you could have submitted it. Instead, you just attempted to intimidate me
into removing a post.
So, Daniel, how’s that strategy working out for you
and Steffan Dalsgaard so far?
How to get your message out when no one really wants to
listen?
Russia's Disinformation Efforts Hit 39 Countries: Researchers
Russia's campaign of cyberespionage and disinformation has
targeted hundreds of individuals and organizations from at least 39 countries
along with the United Nations and NATO, researchers said Thursday.
A report by the Citizen Lab at the University of Toronto
revealed the existence of "a major disinformation and cyber espionage
campaign with hundreds of targets in government, industry, military and civil
society," lead researcher Ronald Deibert said.
The findings suggest that the cyber attacks on the 2016
presidential campaign of Hillary Clinton -- which US intelligence officials
have attributed to Russia -- were just the tip of the iceberg.
Citizen Lab researchers said the espionage has targeted
not only government, military and industry targets, but also journalists,
academics, opposition figures, and activists.
[I think
this is the report they reference:
https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
Oh hell yes!
Is Privacy Still a Big Deal Today?
Americans value their
privacy, but they are also resigned to giving up their personal data in order
to transact with a company. Is there a better way for both sides to get
what they want?
Perspective. Amazon
is getting into the food market by going brick and mortar?
AmazonFresh Pickup expands to Prime members in Seattle, with
automatic license-plate recognition
Amazon is expanding its latest brick-and-mortar retail
experiment beyond an internal employee beta today, letting Amazon Prime members
order groceries online for pickup during designated windows at two locations in
the company’s hometown.
The broader launch of the AmazonFresh Pickup service,
in Seattle’s Ballard and SoDo neighborhoods, also brings new details about how
the pickup process works. Amazon
says in an online FAQ that it “may use license plates to automatically
recognize your vehicle when you arrive,” helping the company quickly match
arriving customers with their orders. Customers
can opt-out of automatic check-in from their settings.
Helping my students see what I’m talking about?
Google launches Data GIF Maker to help storytellers convey
information through animations
… GIFs continue to
be used for many purposes, which is why Google has launched the Data Gif Maker, a tool aimed at
helping journalists and storytellers convey information visually through simple
animations.
“Data visualizations are an essential storytelling tool in
journalism, and though they are often intricate, they don’t have to be
complex,” said Simon Rogers, data editor at the Google News Lab, in a blog
post. “In fact, with the growth of
mobile devices as a primary method of consuming news, data visualizations can be
simple images formatted for the device they appear on.”
… Latvian
infographics and data visualization company Infogram
offers a slick WYSIWYG
editor that converts users’ data into infographics that can be published or
embedded anywhere, and it was acquired
by Prezi earlier this month.
Other companies are making moves to monetize GIFs,
specifically. Last month, Tenor launched
a real-time analytics tool designed to educate marketers about
using GIFs.
Sounds like a candidate for study. Any grants available?
Marshall Project – New Tool That Could Revolutionize How We
Measure Justice
by Sabrina
I. Pacifici on May 25, 2017
Beth Schwartzapfel – The Marshall Project: “The enormity of
the country’s criminal justice system — 15,000 state and local courts, 18,000
local law enforcement agencies, more than two million prisoners — looks even
more daunting when you consider how little we know about what is actually going
on in there. Want to know who we
prosecute and why? Good luck. Curious about how many people are charged with
misdemeanors each year? Can’t tell you. How about how many people reoffend after
prison? We don’t really know that,
either. In an age when everything is
measured — when data determines the television we watch, the clothes we buy and
the posts we see on Facebook — the justice system is a disturbing exception. Agencies exist in silos, and their data stays
with them. Instead, we make policy based on anecdote, heavily filtered through a political
lens. This week the nonprofit
Measures for Justice is launching an online tool meant to shine a high beam
into these dark corners. It is gathering
numbers from key criminal justice players — prosecutors offices, public
defenders, courts, probation departments — in each of America’s more than 3,000
counties. Staffers clean the data,
assemble it in an apples-to-apples format, use it to answer a standard set of
basic questions, and make the results free and
easy to access and understand…”
No comments:
Post a Comment