New technology, same security learning curve.
IoT_reaper
Botnet Looms Ready To Strike With Millions Of Zombie Devices At Its
Disposal
A security firm is warning of a new botnet
targeting IoT (Internet
of Things) devices that is on the move. Dubbed IoT_reaper, the
new botnet borrows
some of the source code from Mirai,
which took down the popular security blog KrebsOnSecurity with a
massive DDoS attack, ultimately forcing Brian Krebs, the security
expert in charge of the blog, to find
a new hosting company and seek shelter behind Google
Shield for DDoS
protection. Unfortunately, it is believed that this new strain
called Reaper could be even more virulent than Mirai.
Whereas Mirai was able to spread by cracking
weak passwords on IoT devices that oftentimes were never
changed from their defaults, Reaper looks for multiple
vulnerabilities to exploit, making it potentially capable of
spreading to even more devices. Reaper is far more aggressive in
this manner—it is actively hacking devices based on multiple
security holes, versus simply inputting default or easy-to-guess
passwords
… Reaper is quickly evolving to exploit an
increasing number of vulnerabilities in IoT devices, including
wireless IP cameras by companies such as GoAhead, D-Link,
AVTech, Netgear, MikroTik, Linksys,
Synology, and
others. There are patches available for many of the affected
devices, but when its comes
to IoT devices, consumers are not in the same habit as applying
security updates as they are for PCs. As such, Check
Point has found Reaper doling out attacks from 60 percent of the
corporate networks it tracks.
Interesting that piggybacking on widely used tools
is being presented as a new idea…
Kaspersky Lab has come under intense
scrutiny after its antivirus software was linked to the breach of an
NSA employee’s home computer in 2015 by Russian government hackers;
U.S. government sources, quoted in news reports, suggested the
Moscow-based company colluded with the hackers to steal classified
documents or tools from the worker’s machine, or at least turned a
blind eye to this activity. The Department of Homeland Security
banned Kaspersky products from civilian government systems, and Best
Buy has removed the software from computers it sells based on
concerns that the software can be used to spy on customers.
But a closer look at the allegations and technical
details of how Kaspersky’s products operate raises questions about
the accuracy of the narrative being woven in news reports and
suggests that U.S. officials could be technically correct in their
statements about what occurred, while also being incorrect about
collusion on the part of Kaspersky.
Hackers exist on every side of any political
question. So, anything and everything can trigger a reaction like
this.
Hacktivism is alive and well in Spain. Joshua
Taylor reports:
Spain’s most senior court fell victim to a massive cyber attack as hackers launched an “Operation Free Catalonia” campaign.
The country’s constitutional court said unknown hackers had accessed its computer systems on Friday.
The Spanish National Security Department said the hack was part of a recent campaign to flood government websites with slogans in support of independence for the Spanish region of Catalonia.
Read more on The
Mirror.
Don’t all hockey fans wear goalie masks?
Joe Cadillic writes:
It’s official, big brother has invaded sports arenas, stadiums and parks.
According to an article in TSN, The National Hockey League (NHL) plans to install facial recognition cameras in their arenas.
The above video, is a perfect example of how law enforcement uses our fears of terror to justify losing our privacy.
Retired, Secret Service agent Mike Verden, claims the NHL’s facial recognition cameras are for everyone’s safety. Near the end of the video, he reveals that unnamed sports teams are secretly using facial recognition cameras to spy on fans.
Read more on MassPrivateI.
Perhaps this would make a good question for the
midterm Computer Security exam: Name six techniques not listed in
this article.
Cool! Now we can re-write it to be perfect.
Right?
Federal
Judge Unseals New York Crime Lab’s Software for Analyzing DNA
Evidence
A federal judge this week unsealed the source code
for a software program developed by New York City’s crime lab,
exposing to public scrutiny a disputed technique for analyzing
complex DNA evidence.
Judge Valerie Caproni of the Southern District of
New York lifted a protective order in response to a
motion by ProPublica, which argued that there was a public
interest in disclosing the code. ProPublica has obtained the source
code, known as the Forensic Statistical Tool, or FST, and published
it on GitHub;
two newly unredacted defense expert affidavits are also
available.
I’m guessing that my students might find some of
these interesting too.
Free PD for
Teachers
All
teachers love learning and there is nothing better than when we can
learn for free! This is a collection of resources that will help
quench you thirst for learning. Whether you prefer to read online,
watch webinars, or listen to podcasts you are sure to find something
on here that will fit your needs.
-
Classroom2.0 Live- This hour long show takes place each Saturday at 12pm EST. Every week a different educator shares their ideas or how they use different tools in their classrooms. The archives for all of the previous episodes are available and there are hundreds of them!
-
ISTE- While there is a fee to join ISTE, many of their resources are available free on their website. One of the most useful and important resources available on the site are their technology standards.
-
Collection of Podcasts- Edutopia compiled this list of podcasts for educators a couple of years ago. Another podcast that is popular with educators that was not included on the list is The Cult of Pedagogy.
-
ASCD Webinars- ASCD is another professional organization that shares lots of resources free of charge.
-
Edcamp- Edcamps happen all over the world and they are completely free! This is also a great way to meet amazing educators face to face.
-
Google Training Center- This free training center has all of the resources you need to learn about all things Google and get your Level I and Level 2 Google certification.
No comments:
Post a Comment