Password manager OneLogin hacked, exposing sensitive customer
data
In a brief blog post, the company's chief security officer
Alvaro Hoyos said that it was aware of "unauthorized access to OneLogin
data in our US data region," and that it had reached out to customers.
… "OneLogin
believes that all customers served by our US data center are affected and
customer data was potentially compromised," the email read.
Later in the day, the company said in an update: "Our
review has shown that a threat actor obtained access to a set of [Amazon Web
Services, or AWS] keys and used them to access the AWS API from an intermediate
host with another, smaller service provider in the US."
… The company
added that although it encrypts "certain sensitive data at rest," it
could not rule out the possibility that the hacker "also obtained the
ability to decrypt data".
But a spokesperson did not say what kind of data is and
isn't encrypted. We have asked for
clarity, and will update when we hear back.
… "Am I the
only 1 to find it disturbing OneLogin had a decryption method for customer data
accessible enough to be grabbed via breach?" said one user on Twitter.
The company has advised customers to change their passwords,
generate new API keys for their services, and create new OAuth tokens -- used
for logging into accounts -- as well as to create new security certificates. The company said that information stored in
its Secure Notes feature, used by IT administrators to store sensitive network
passwords, can be decrypted.
Ethical hacking: tools & Techniques.
CIA Tool 'Pandemic' Replaces Legitimate Files With Malware
Documents published by
WikiLeaks on Thursday describe a tool allegedly used by the U.S. Central
Intelligence Agency (CIA) to spread malware on a targeted organization’s
network.
The tool, named “Pandemic,”
installs a file system filter driver designed to replace legitimate files with
a malicious payload when they are accessed remotely via the Server Message
Block (SMB) protocol.
What makes Pandemic interesting is the fact that it
replaces files on-the-fly, instead of actually modifying them on the device the
malware is running on. By leaving the legitimate file unchanged, attackers
make it more difficult for defenders to identify infected systems.
How does this change anything?
Putin: Patriotic Russians Could Be Behind Election Hacks
Russian President Vladimir Putin says patriotic
citizens may have launched politically motivated cyberattacks against foreign
countries, but denied any government involvement in such operations.
… Thomas Rid, a professor in the department of
War Studies at King's College London, believes the comments made by Putin are
strategic.
Putin is a professional. He knows his intel history. He likely knows that sooner or later operators
will talk, write memoirs; may take years
Ethical waivers are easier than ethical behavior.
POGO – White House Releases Ethics Waivers After Battle with
OGE
by Sabrina
I. Pacifici on Jun 1, 2017
Scott H. Amey, J.D. – General Counsel, POGO: “Late {May 31,
2017], the White House updated its ethics waiver page with a list of 11 named
White House staffers, all Executive Office of the President
Appointees, White House Office Commissioned
Officers, and “Former Jones Day employees” (the
law firm that employed Donald F. McGahn II, Counsel to the President, and handled legal matters for the Trump
campaign). The waivers allow the
staffers to work on certain matters and policy issues despite conflicts of
interest covered by President Trump’s ethics pledge and other laws and
regulations. Until yesterday, the ethics
waiver page stated that the “information on this page is being updated. Ethics
pledge waivers will be published as they become available.”
Will everyone need a social media account to enter the US?
Trump administration approves tougher visa vetting, including
social media checks
The Trump administration has rolled out a new
questionnaire for U.S. visa applicants worldwide that asks for social media handles for the last five years and
biographical information going back 15 years.
Overtime, increased liability, longer workers comp
coverage… Is this really cheaper?
Walmart is asking employees to deliver packages on their way
home from work
The idea, Walmart executives said Thursday, is to cut
costs on the so-called last-mile of deliveries, when packages are
driven to customers’ homes, often the most expensive part of the
fulfillment process.
… Employees will
be paid extra for the voluntary program, and offered overtime pay as necessary
to make the deliveries, Walmart spokesman Ravi Jariwala said Thursday.
“Walmart is uniquely qualified, uniquely positioned, to be
able to offer this,” he said, adding that 90 percent of Americans live within
10 miles of a Walmart store.
… The company is
billing the program as a way for employees to earn extra money, although there
were few details on how they would be paid. Jariwala declined to clarify whether employees
would be paid based on distance, time, number of deliveries or a combination of
those things.
Labor experts say the arrangement, a mash-up of sorts
between an Uber-style gig economy and traditional employment arrangements, raises
a number of questions related to employees having to shoulder much of the risk,
cost and liability associated with deliveries.
“The practice seems ripe for abuse if the company does
not compensate workers for the full cost of their journey, the expenses related
to gas, car depreciation, and potential problems like accidents, tickets or
parking expenses,” said Stephanie Luce, a labor professor at the City
University of New York.
Helping my students understand how analytics can be used.
The NBA’s Adam Silver: How Analytics Is Transforming
Basketball
… “Analytics have
become front and center with precisely when players are rested, how many
minutes they get, who they’re matched up against,” said Silver.
He talked about biometrics and wearables. “[Analytics] are tracking every movement of
those players…. It’s not just that
they’re moving on the court during games, but during practice.” At night, most players wear sleep monitors. Information about their diets is quantified
and recorded. “Sometimes there are very
sophisticated markers, even in terms of saliva and other things,” that indicate
a player is fatigued, Silver said. And
because there is a proven correlation between fatigue and injuries, a red flag
goes up.
… He contrasted
hiring for the NBA with hiring for the average large firm: When a Fortune 500
company makes a hiring decision, the worst-case scenario is the individual
needs to be terminated and the company hires someone else. But in a draft system like the NBA’s, “you
live with those mistakes for years.” Consequently,
scouts will take any edge they can get. “The number of analytics fields they’re
looking at now, for example when they’re doing college scouting or drafting
internationally, is incredible.”
For the toolkit.
Adobe Rolls Out Free Scanning App For Android And iOS: Adobe
Scan Transforms Documents Into Editable PDFs
Software developer Adobe has
rolled out Adobe Scan, a new scanning app for iOS and Android devices that
transforms documents into searchable and editable PDF files.
Adobe Scan is free
(Related). And once
you have all those PDFs…
Try Kami for Annotating PDFs
Kami
is a tool that you can use to draw, type, and highlight on PDFs. You can import PDFs into Kami from your Google
Drive or you can import them from your desktop. Kami can be integrated with Google Classroom
to make it easy to share annotated PDFs with your students and for them to
share with you.
No comments:
Post a Comment