Amnesty International – How private are your favourite
messaging apps?
by Sabrina
I. Pacifici on May 7, 2017
“We’ve ranked 11 companies that run the
world’s most popular messaging apps – including Skype, Snapchat and
Facebook Messenger – on how well they’re using encryption to protect your
online privacy. In particular, we’ve
looked at whether they apply end-to-end encryption – a way of making your
photos, videos and chats unintelligible to anyone but you and the people you’re
talking to. This is how they fared. “
No matter how well you train your employees, these still
work!
BEC attacks have hit thousands, top $5 billion in losses
globally
An updated advisory form the FBI says that Business Email
Compromise (BEC) attacks have become a multi-billion-dollar scam worldwide, as
criminals take advantage of lax policies and human nature.
… At their core,
BEC attacks are a variation on Social Engineering, designed to target a
person's normal routine. Social
Engineering isn't easily detected or defeated, so when the criminals ask for
something that isn't unusual or out of victim's comfort zone, the attack is
often successful.
… The stats are
concerning. According to the published data, between January 2015 and December
2016 the amount of exposed losses skyrocketed by more than 2,000-percent, with BEC
attacks being reported in all fifty states and 131 countries.
… BEC attacks
exist in a number of forms, including wire transfer requests or business
requests dealing with personal information, such as W-2 records. Some attacks include the use of compromised
email accounts within the organization or those tied to the victims somehow.
When it comes to BEC attacks targeting W-2 information,
2017 is a record setting year with at least 200 reported cases since
January, impacting more than 120,000 taxpayers.
… Organizations
are trying to keep ahead of the curve by focusing on awareness training –
including BEC attacks. But such measures
don't cover every situation, and they won't help if the habits placing the
organization at risk in the first place aren't changed, including office
communications dealing with sensitive information.
… The alert issued last week has a
number of tips and steps for organizations and victims when it comes to these
attacks.
(Related)
Phishing Explained by Common Craft
Last week's viral
Google Docs phishing scam provided a good reminder to many that we should
always give a critical eye to emails and social media posts that don't look
quite right. It also served as a
reminder that we need to educate students and, sometimes, our colleagues about
phishing attempts. Common Craft has an
excellent video on the topic. You can
watch the video … on the Common Craft
website.
On a related note, if you get a Facebook friend request
from someone you're already friends with, it's likely a scam.
Good news for my Ethical Hacking students?
Cyberspies tap free tools to make powerful malware framework
Over the past year, a group of attackers has managed to
infect hundreds of computers belonging to government agencies with a malware
framework stitched together from JavaScript code and publicly available tools.
The attack, analyzed
by researchers from antivirus firm Bitdefender, shows that cyberespionage
groups don't necessarily need to invest a lot of money in developing unique and
powerful malware programs to achieve their goals. In fact, the use of publicly available tools
designed for system administration can increase an attack's efficiency and
makes it harder for security vendors to detect it and link it to a particular
threat actor.
The Bitdefender researchers have dubbed the newly
discovered attack group Netrepser and traced back some of its attack campaigns
to May 2016. The group is still active,
but to Bitdefender's knowledge its attacks have never been publicly documented
before, which might be in part because its campaigns are highly targeted.
See? Celebrities
are just like real people! Or at least
their vendors are.
Nicole Perlroth reports on how hackers go after vendors
and contractors to gain access to their real targets. It’s something TheDarkOverlord emphasized
repeatedly in discussing their attacks with me since last year, and Perlroth
provides other examples as well:
In December, hackers impersonating an executive at
Interscope Records, the record label owned by Universal Music Group, managed to bypass all the latest in digital defenses
with a simple email.
In a carefully tailored message, the hackers urged an
executive at September Management, a music management business, and another at
Cherrytree Music Company, a management and record company, to send them Lady
Gaga’s stem files — files used by music engineers and producers for remixing
and remastering.
Read more on NY
Times.
Hey! The government
does it!
Cory Doctorow reports:
Comparitech commissioned a survey
of 2,000 people in the US and UK to ask whether they thought “it is legal to
install a program on a partner’s phone to snoop on their activity?” and whether
they would “ever consider adding a program to your child’s phone that allows
you to listen to their conversations and spy on their messages?”
The survey was prompted by Joseph
Cox’s excellent reporting on Flexispy,
a company that markets illegal spyware to jealous spouses and helicopter
parents through a network of shadowy, Ponzi-like “affiliates” around the world,
and by the finding that survivors of domestic abuse report that their abusers
frequently use tools like Flexispy to track them.
Read more on BoingBoing.
This might help us catch the hackers who strip ATMs of all
their cash.
Macau to require facial scans at ATMs in Chinese casino hub
Taking security to a new level, Macau is stepping up
security checks at ATMs in the Asian gambling hub by requiring facial scans and
ID card verification for cash withdrawals using China's main payment network.
The government said in a statement late Sunday that the
new measures would eventually be rolled out to all automated teller machines in
the former Portuguese colony, especially those inside casinos or nearby. It didn't give a specific timeframe.
… The measures
apply to users of UnionPay bank cards issued in mainland China, in a sign that
authorities are targeting mainland visitors. UnionPay is China's homegrown payment network
rivaling the Visa and MasterCard systems.
An AI hacker? Might
be a useful research project!
In the near future, as artificial intelligence (AI)
systems become more capable, we will begin to see more automated and
increasingly sophisticated social engineering attacks. The rise of AI-enabled cyberattacks is expected
to cause an explosion of network penetrations, personal data thefts, and an
epidemic-level spread of intelligent computer viruses. Ironically, our best hope to defend against AI-enabled hacking is by using AI. But
this is very likely to lead to an AI arms race, the consequences of
which may be very troubling in the long term, especially as big government actors join the cyber wars.
Could AI doom an entire industry? More likely, Uber will buy self-driving cars.
How Self-Driving Cars Could End Uber
Mega-startup’s greatest threat: the disappearance of car-owning drivers
caused by the rise of autonomous vehicles
I’ve had my students thinking about data centers for the
last few weeks.
Bridgestone modernizes data center, hauls out 13 tons of
copper wire
… That center
opened on Oct. 9, 1968, with racks and racks of tapes and a water-cooled mainframe. Today, it is the home of systems supporting an
almost completely virtualized environment.
Bridgestone recently finished consolidating six data
centers, totaling about 25,000 square feet, into one 10,000-square-foot
facility. The project began in 2015 and
cost $17.3 million.
… The project went
from wall to wall and included hauling out 26,000 pounds of copper wiring.
The data center now has 67 miles of fiber-optic cabling.
The near 50-year history of the place provides a benchmark
for measuring change. In 1968, the data
center had 8,500 miles of tape storing 1,986 gigabytes of data, or about 2
terabytes, an amount of data that can fit on a 2TB thumb drive. Today, the data center holds about 3.5
petabytes of data, said Bridgestone officials, or about 3.5 million GB.
…because no one reads the news in Facebook?
Facebook takes out full-page newspaper ads to help U.K.
citizens detect fake news online
… Appearing in
nationwide titles including the Guardian and the Telegraph, Facebook’s “Tips
for spotting false news” ad is similar to the one it published
in France last month, and covers areas such as being skeptical of
misleading headlines, spotting manipulated images, and checking the URL of the
story. Though the advice offered doesn’t
always help — for example, in “Consider the photos,” the text reads: “You can
search for the photo or image to verify where it came from.” Anyone
requiring advice on how to spot fake news through a newspaper ad likely isn’t
tech savvy enough to know how to do that, or even what it means. [A rather low
opinion of British citizens? Bob]
…because everyone lies on Facebook?
Google big data reveals who we are in stark contrast to
Facebook posts
by Sabrina
I. Pacifici on May 7, 2017
“It is now official. Scholars have analyzed the data and confirmed
what we already knew in our hearts. Social
media is making us miserable. We are all dimly aware that everybody else can’t
possibly be as successful, rich, attractive, relaxed, intellectual and joyous
as they appear to be on Facebook. Yet we
can’t help comparing our inner lives with the curated lives of our friends. Just how different is the real world from the
world on social media? In the real
world, The National Enquirer, a weekly, sells nearly three times as many copies
as The Atlantic, a monthly, every year. On Facebook, The Atlantic is 45 times more
popular. Americans spend about six times
as much of their time cleaning dishes as they do golfing. But there are roughly twice as many tweets
reporting golfing as there are tweets reporting doing the dishes… The search for online status takes some
peculiar twists… Sufferers of various
illnesses are increasingly using social media to connect with others and to
raise awareness about their diseases. But if a condition is considered embarrassing,
people are less likely to publicly associate themselves with it… I have actually spent the past five years
peeking into people’s insides. I have been
studying aggregate Google search data. Alone
with a screen and anonymous, people tend to tell Google things they don’t
reveal to social media; they even tell Google things they don’t tell to anybody
else. Google offers digital truth serum.
The words we type there are more honest
than the pictures we present on Facebook or Instagram… As our lives increasingly move online, I
propose a new self-help mantra for the 21st century, courtesy of big data:
Don’t compare your Google searches with other people’s Facebook posts.”
Towards automated lawyers!
AI Closes In On The Work Of Junior Lawyers
Chances are if you’re a paralegal or a junior lawyer
entering the field, you’d rather spend your time doing other things than
scanning documents for clients’ names or other mundane information. New artificial intelligence systems designed specifically for
law firms can help remedy that situation by automating some of these
lower-level jobs.
Why it matters: Although some entry-level
paralegal jobs could be replaced by automation, AI systems cannot replicate the
creativity, empathy, and argumentative reasoning required of a lawyer — so your
lawyer won’t be replaced by a robot any time soon. Furthermore, these AI advancements could open
new, more fulfilling opportunities for aspiring lawyers to break into the field
in a role that is more closely aligned to what they would do in the court room
or when working with clients.
What’s next: Deloitte predicts 116,000 legal jobs will be lost to automation in
the next 20 years.
Jeff Bezos scores another win.
Amazon is Dominating The Voice-Assisted Speaker Market
… The e-commerce
giant has a 70% share of the emerging voice-controlled speaker market compared
to 23.8% for rival Google, research firm eMarketer said on Monday.
Amazon's huge lead puts it in a strong
position in a fast growing business. In
addition to making money from selling the devices, Amazon also benefits from
Echo users buying more products from the company's marketplace.
Will California be next?
India plans to prioritize electric vehicles over hybrids
India’s most influential government think-tank has
recommended lowering taxes and interest rates for loans on electric vehicles,
while capping sales of conventional cars, signalling a dramatic shift in policy
in one of the world’s fastest growing auto markets.
A draft of the 90-page blueprint, seen by Reuters, also
suggests the government opens a battery plant by the end of 2018 and uses tax
revenues from the sale of petrol and diesel vehicles to set up charging
stations for electric vehicles.
… It would also
mark a radical response by India as it looks to cut its oil import bill to half
by 2030 and reduce emissions as part of its commitment to the Paris climate
treaty.
Perspective. And
because I follow this market, thirstily.
Salud! Mexico Passes Germany in World Beer Market Share:
Chart
Perspective. ‘cause
we gotta follow stuff like this? Something for my next statistics class?
People Are Liking Trump’s Tweets Less
The tweets posted by @realDonaldTrump, the account Trump
has used personally, are now notching fewer “likes” now than those from
January. Sixty-two percent of Trump’s
tweets posted in the first 50 days of his term amassed more than 100,000 likes,
according to a Bloomberg analysis. Just
10 percent of his tweets over the following 51 days crossed that threshold.
(Related). I don’t
think so.
The Case for a Taxpayer-Supported Version of Facebook
“A public social media platform would have the civic mission of
providing us a diverse and global view of the world.” [I’m not
sure we are ready for that. Bob]
… My colleague
Yochai Benkler and I recently offered a different explanation for
Trump’s election. With our teams at
Harvard and MIT, we analyzed 1.25 million news stories, using hyperlinks and
mentions on Twitter and Facebook to map the ecosystem of campaign media. We discovered that while left and centrist voters
relied heavily on traditional media to understand the election, the dominant
source of information shared by right-wing voters on Facebook and Twitter was
Breitbart, which anchored a media ecosystem of new, online-only outlets that
mixed propaganda and conspiracy theory with partisan news.
Would a really diverse (and divisive) field guarantee
Trump’s reelection? Note that Mark
Zuckerberg is mentioned…
The 7 Signs That Someone Might Be Running For President In
2020
Dilbert points out one downside of true AI.
No comments:
Post a Comment