Sunday, October 22, 2017

New technology, same security learning curve.
IoT_reaper Botnet Looms Ready To Strike With Millions Of Zombie Devices At Its Disposal
A security firm is warning of a new botnet targeting IoT (Internet of Things) devices that is on the move. Dubbed IoT_reaper, the new botnet borrows some of the source code from Mirai, which took down the popular security blog KrebsOnSecurity with a massive DDoS attack, ultimately forcing Brian Krebs, the security expert in charge of the blog, to find a new hosting company and seek shelter behind Google Shield for DDoS protection. Unfortunately, it is believed that this new strain called Reaper could be even more virulent than Mirai.
Whereas Mirai was able to spread by cracking weak passwords on IoT devices that oftentimes were never changed from their defaults, Reaper looks for multiple vulnerabilities to exploit, making it potentially capable of spreading to even more devices. Reaper is far more aggressive in this manner—it is actively hacking devices based on multiple security holes, versus simply inputting default or easy-to-guess passwords
… Reaper is quickly evolving to exploit an increasing number of vulnerabilities in IoT devices, including wireless IP cameras by companies such as GoAhead, D-Link, AVTech, Netgear, MikroTik, Linksys, Synology, and others. There are patches available for many of the affected devices, but when its comes to IoT devices, consumers are not in the same habit as applying security updates as they are for PCs. As such, Check Point has found Reaper doling out attacks from 60 percent of the corporate networks it tracks.




Interesting that piggybacking on widely used tools is being presented as a new idea…
Kaspersky Lab has come under intense scrutiny after its antivirus software was linked to the breach of an NSA employee’s home computer in 2015 by Russian government hackers; U.S. government sources, quoted in news reports, suggested the Moscow-based company colluded with the hackers to steal classified documents or tools from the worker’s machine, or at least turned a blind eye to this activity. The Department of Homeland Security banned Kaspersky products from civilian government systems, and Best Buy has removed the software from computers it sells based on concerns that the software can be used to spy on customers.
But a closer look at the allegations and technical details of how Kaspersky’s products operate raises questions about the accuracy of the narrative being woven in news reports and suggests that U.S. officials could be technically correct in their statements about what occurred, while also being incorrect about collusion on the part of Kaspersky.




Hackers exist on every side of any political question. So, anything and everything can trigger a reaction like this.
Hacktivism is alive and well in Spain. Joshua Taylor reports:
Spain’s most senior court fell victim to a massive cyber attack as hackers launched an “Operation Free Catalonia” campaign.
The country’s constitutional court said unknown hackers had accessed its computer systems on Friday.
The Spanish National Security Department said the hack was part of a recent campaign to flood government websites with slogans in support of independence for the Spanish region of Catalonia.
Read more on The Mirror.




Don’t all hockey fans wear goalie masks?
Joe Cadillic writes:
It’s official, big brother has invaded sports arenas, stadiums and parks.
According to an article in TSN, The National Hockey League (NHL) plans to install facial recognition cameras in their arenas.
The above video, is a perfect example of how law enforcement uses our fears of terror to justify losing our privacy.
Retired, Secret Service agent Mike Verden, claims the NHL’s facial recognition cameras are for everyone’s safety. Near the end of the video, he reveals that unnamed sports teams are secretly using facial recognition cameras to spy on fans.
Read more on MassPrivateI.




Perhaps this would make a good question for the midterm Computer Security exam: Name six techniques not listed in this article.




Cool! Now we can re-write it to be perfect. Right?
Federal Judge Unseals New York Crime Lab’s Software for Analyzing DNA Evidence
A federal judge this week unsealed the source code for a software program developed by New York City’s crime lab, exposing to public scrutiny a disputed technique for analyzing complex DNA evidence.
Judge Valerie Caproni of the Southern District of New York lifted a protective order in response to a motion by ProPublica, which argued that there was a public interest in disclosing the code. ProPublica has obtained the source code, known as the Forensic Statistical Tool, or FST, and published it on GitHub; two newly unredacted defense expert affidavits are also available.




I’m guessing that my students might find some of these interesting too.
Free PD for Teachers
All teachers love learning and there is nothing better than when we can learn for free! This is a collection of resources that will help quench you thirst for learning. Whether you prefer to read online, watch webinars, or listen to podcasts you are sure to find something on here that will fit your needs.
  • Classroom2.0 Live- This hour long show takes place each Saturday at 12pm EST. Every week a different educator shares their ideas or how they use different tools in their classrooms. The archives for all of the previous episodes are available and there are hundreds of them!
  • ISTE- While there is a fee to join ISTE, many of their resources are available free on their website. One of the most useful and important resources available on the site are their technology standards.
  • Collection of Podcasts- Edutopia compiled this list of podcasts for educators a couple of years ago. Another podcast that is popular with educators that was not included on the list is The Cult of Pedagogy.
  • ASCD Webinars- ASCD is another professional organization that shares lots of resources free of charge.
  • Edcamp- Edcamps happen all over the world and they are completely free! This is also a great way to meet amazing educators face to face.
  • Google Training Center- This free training center has all of the resources you need to learn about all things Google and get your Level I and Level 2 Google certification.


No comments: