Another
one bites the dust...
One of the
'Biggest Online Security Threats Ever'? Wi-Fi Security May Have Been
Cracked
WPA2, the security protocol used to protect most
Wi-Fi connections, has reportedly been cracked. This means that
wireless internet traffic could be vulnerable to eavesdroppers and
attacks.
At 8 a.m. EDT October 16, researchers plan to
share the findings of their proof-of-concept exploit called KRACK,
which is short for Key Reinstallation Attacks.
US-CERT, the Computer Emergency Readiness Team,
issued the following warning, first published by Ars
Technica:
“US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.”
The details and severity of the threat will become
clearer once the findings have been released. However, if the
vulnerability of WPA2 is similar to that of earlier security
standards like WEP, this could be one of the “biggest
online security threats ever.” Mashable
reports that regardless of the strength of your password, Wi-Fi
connections could be open to hackers, and users concerned about the
security of their connection should avoid using Wi-Fi entirely until
a solution is in place.
[The
paper: https://papers.mathyvanhoef.com/ccs2017.pdf
Learn to hack properly: Take our Ethical Hacking
class.
Easy-to-get
hacking device puts KU professors’ information in student’s hands
… The KU hacker was an engineering student who
used a keystroke logger to pry into professors’ computers and
change all his failing grades to A’s.
“He may never even have gotten caught, but he
got greedy,” said Ron Barrett-Gonzalez, a engineering professor at
KU. “It does look a
little suspicious when you are on academic probation and the dean’s
honor roll at the same time.”
If you should decide to hack back, remember the
immortal words of Elmer Fudd, “Be vewy, vewy careful!”
Active
Cyber Defense Certainty Act
by Sabrina
I. Pacifici on Oct 15, 2017
The
Register: “Two members of the US House of Representatives today
introduced a law bill that would allow hacking victims to seek
revenge and hack the hackers who hacked them. The Active
Cyber Defense Certainty Act (ACDC) [PDF] amends the Computer
Fraud and Abuse Act to make limited retaliatory strikes against
cyber-miscreants legal in America for the first time. The bill would
allow hacked organizations to venture outside their networks to
identify an intruder and infiltrate their systems, destroy any data
that had been stolen, and deploy “beaconing technology” to trace
the physical location of the attacker. “While it doesn’t solve
every problem, ACDC brings some light into the dark places where
cybercriminals operate,” said
co-sponsor Representative Tom Graves (R-GA). “The certainty the
bill provides will empower individuals and companies use new defenses
against cybercriminals. I also hope it spurs a new generation of
tools and methods to level the lopsided cyber battlefield, if not
give an edge to cyber defenders. We must continue working toward the
day when it’s the norm – not the exception – for criminal
hackers to be identified and prosecuted.”
-
“I never thought of it this way. It’s basically the cyber version of being allowed to murder someone for entering your property.” https://t.co/vu1TxqQIMK — MalwareTech (@MalwareTechBlog) October 13, 2017
Big company, small country? Does Microsoft need
the Netherlands?
Peter Bright reports:
The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law.
To comply with the law, the DPA says that Microsoft needs to get valid user consent: this means the company must be clearer about what data is collected and how that data is processed. The regulator also complains that the Windows 10 Creators Update doesn’t always respect previously chosen settings about data collection. In the Creators Update, Microsoft introduced new, clearer wording about the data collection—though this language still wasn’t explicit about what was collected and why—and it forced everyone to re-assert their privacy choices through a new settings page. In some situations, though, that page defaulted to the standard Windows options rather than defaulting to the settings previously chosen.
Read more on Ars
Technica.
Small company, big country? This could never
happen here, could it?
Russia
Fines Telegram For Not Giving Backdoor Access
A
Russian court on Monday fined the popular Telegram messenger app for
failing to provide the country's security services with encryption
keys to read users' messaging data.
… According
to a scan of the complaint posted online by Durov, the FSB had sent a
letter to Telegram in July demanding "information necessary to
decode users' sent, received, delivered and processed electronic
messages".
(Related).
Perhaps it could happen here!
Inside
Privacy writes:
In a speech delivered at the United States Naval Academy on October 10, Deputy Attorney General Rod Rosenstein waded into the public debate between data privacy and law enforcement interests. As part of a discussion moderated by former Covington cybersecurity attorney Jeff Kosseff, Rosenstein’s remarks discussed cyber issues facing law enforcement with a particular focus on the advent of “warrant-proof” encryption. In his view, warrant-proof encrypted data and devices are unable to be intercepted or unlocked by law enforcement, even with a court order.
Noting that “[p]rivate sector entities are crucial partners” in the fight against cyber threats, Rosenstein expressed concerns about the role played by tech companies in advancing warrant-proof encryption. While recognizing the need to balance important privacy interests against law enforcement priorities, Rosenstein argued that “[w]arrant-proof encryption defeats the constitutional balance by elevating privacy above public safety.”
Read more on Covington & Burling Inside
Privacy.
The
new rules of the road?
Alphabet is
training law enforcement on how to handle self-driving car crashes
Alphabet’s self driving car
division Waymo has been testing its fleet of robot cars in four
states across the country — Washington, California, Arizona, and
Texas — and it has started to work with local law enforcement
agencies and first responders to figure out what to do after a
collision and create new protocols.
That includes what a fully
driverless car should do when it hears a siren coming toward it —
yes, Waymo driverless cars can hear — as well as how police
officers, or first responders can access the cars in emergency
situations.
In a new
43-page report (pdf) that Waymo published Thursday, the company
detailed some of its efforts to respond to (and avoid) collisions.
Those efforts can be broken up into three parts: How the cars stop in
unsafe working conditions; how the cars respond to sirens/emergency
vehicles; and what happens after an accident.
Perspective. Poor Mark Zuckerberg is going to be
broke. Maybe that’s why he want to run for President?
Nearly half
of U.S. teens prefer Snapchat over other social media
Snapchat is more popular among U.S. teens than
ever, according to new research from investment firm Piper Jaffray.
The company surveys
teens in the U.S. about their media habits every spring and fall.
Hey, it’s a start!
Pen America
Report – Faking News: Fraudulent News and the Fight for Truth
by Sabrina
I. Pacifici on Oct 15, 2017
“Warning that the spread of “fake news” is
reaching a crisis point, Faking
News: Fraudulent News and the Fight for Truth evaluates the
array of strategies that Facebook, Google, Twitter, newsrooms, and
civil society are undertaking to address the problem, stressing
solutions that empower news consumers while vigilantly avoiding new
infringements on free speech. Faking News rates the range
of fact-checking, algorithmic, educational, and standards-based
approaches being taken to counter the proliferation of fake news and
sounds a warning bell for tactics that risk suppressing controversial
speech, such as giving government new powers to regulate or calling
on social media companies to block specific content entirely.
Arguing that Facebook, Google, and Twitter—which are many
Americans’ primary channels for news consumption—must play a
critical and transparent role in curbing the spread of false news,
the report spells out a series of specific strategies that center on
empowering news consumers with access to fact-checking initiatives
and news literacy programs. The “News
Consumers Bill of Rights and Responsibilities” outlines what
consumers should expect from the outlets and social media platforms
that convey news and how they can protect themselves and others. The
report also includes an executive
summary that outlines the report’s key findings.”
I love lists like this. I wonder how many Top Ten
Techs have completely fizzled?
Gartner Top
10 Strategic Technology Trends for 2018
by Sabrina
I. Pacifici on Oct 15, 2017
Gartner:
“Artificial intelligence, immersive experiences, digital twins,
event-thinking and continuous adaptive security create a foundation
for the next generation of digital business models and ecosystems…”
No comments:
Post a Comment