For my Ethical Hacking students.
We need to examine, secure, and hack every
link in the chain.
WikiLeaks Reveals How the CIA Could Hack Your Router
Your Wi-Fi router, sitting
in the corner of your home accumulating dust and unpatched security flaws,
provides an attractive target for hackers. Including, according to a new WikiLeaks
release, the CIA.
On Thursday, WikiLeaks published a
detailed a set of descriptions and documentation for the CIA's router-hacking
toolkit.
It's the latest drip in the
months-long trickle of secret CIA files it's called Vault7,
and it hints at how the agency leverages vulnerabilities in common routers sold
by companies including D-Link and Linksys.
The techniques range from hacking network
passwords to rewriting device firmware to remotely monitor the traffic that
flows across a target's network.
After
reading up on them, you may find yourself itching to update your own
long-neglected access point.
A Security heads-up.
Industrial Companies Targeted by Nigerian Cybercriminals
Industrial companies from
around the world have been targeted in phishing attacks believed to have been
launched by cybercriminals located in Nigeria, Kaspersky Lab reported on
Thursday.
In October 2016, Kaspersky’s Industrial Control Systems
Cyber Emergency Response Team (
ICS
CERT) noticed a significant increase in malware infection attempts
aimed at industrial organizations in the metallurgy, construction, electric
power, engineering and other sectors.
The
security firm had
observed
attacks against 500 organizations in more than 50 countries.
The attacks started with spear phishing emails carrying
documents set up to exploit an Office vulnerability (
CVE-2015-1641)
patched by Microsoft in April 2015.
The
phishing messages were well written and they purported to come from the
victim’s suppliers, customers, or delivery services.
For my Software Assurance students.
EFF Tips, Tools and How-tos for Safer Online Communications
by
Sabrina
I. Pacifici on Jun 15, 2017
“Modern technology has given those in power new abilities
to eavesdrop and collect data on innocent people.
Surveillance Self-Defense is EFF’s
guide to defending yourself and your friends from surveillance by using secure
technology and developing careful practices.
Select an article from our
index
to learn about a tool or issue, or check out one of our
playlists
to take a guided tour through a new set of skills.”
The value of privacy?
Jordan Parker reports:
Hundreds of Nova Scotian hospital
patients may get to share a $1-million settlement in a case involving breaches
of their privacy.
Halifax’s Wagners Law Firm has
reached a proposed settlement with a former provincial health authority and if
it’s approved will offer $1,000 each
to nearly 700 plaintiffs they represent in a class-action lawsuit.
In 2012, the South West Nova District
Health Authority sent letters to 700 people, telling them an
employee had “inappropriately” accessed their health information, according to
a Wagners news release.
The cost of delay. Much detail omitted…
There’s a follow-up to an incident reported by
DataBreaches.net in January and February involving
CoPilot Provider Services. As I had reported in January, CoPilot took
more than one year to notify individuals of a breach involving their web site,
and
would
not answer any questions as to why it took so long.
As I subsequently reported in February, the
incident
may
not have been as the firm first described it, and OCR was reportedly
investigating.
Whether
HHS/OCR had any authority, however, was unclear, as the firm disputed that
it was a covered entity or business associate.
HIPAA aside, the company apparently violated NYS law in
terms of protecting data and making prompt notification. Today, NYS Attorney General announced a
settlement with the firm:
CoPilot has agreed to pay
$130,000 in penalties and to improve its notification and legal compliance
program.
Note that the press release does not indicate that law
enforcement ever found the suspect employee at fault.
Nor is the incident up on HHS’s breach tool.
DataBreaches.net is attempting to get updated information
on this case.
Even the big boys make mistakes.
Olivia Solon reports:
Facebook put the safety of its
content moderators at risk after inadvertently exposing their personal details
to suspected terrorist users of the social network, the Guardian has learned.
The security lapse affected more
than 1,000 workers across 22 departments at Facebook who used the company’s
moderation software to review and remove inappropriate content from the
platform, including sexual material, hate speech and terrorist propaganda.
A bug in the software, discovered
late last year, resulted in the personal profiles of content moderators
automatically appearing as notifications in the activity log of the Facebook
groups whose administrators were removed from the platform for breaching the
terms of service. The personal details
of Facebook moderators were then viewable to the remaining admins of the group.
Read more on
The
Guardian.
Don’t push those money grubbing ‘features’ too hard.
Canada rules that all new cellphones must be unlocked
Canadians
pay some of the
highest
wireless rates of any G7 nation, and to add insult to injury, they often
have to shell out $50 or more to unlock cellphones when switching operators.
However, the nation's wireless regulator, the
CRTC, has now ordered carriers to unlock devices for free and decreed that all
new smartphones must be sold unlocked.
The
move was prompted by excoriating public criticism on unlocking fees after the
CRTC
requested
comment on new wireless rules.
Big companies, big fines.
REPORT: Europe plans to hit Google with a €1 billion-plus
fine over its shopping tool
The European Commission may hit Google with a record fine
of over €1 billion (£874 million) over antitrust issues,
according
to a report from The Financial Times.
The European institution has accused the Californian
technology giant of promoting its own shopping service in its search results
over those of its competitors,
alongside
two other antitrust investigations: One over Android, its mobile operating
system, and another relating to its online search advertising business.
Unexpected? Will
they talk to us?
An Artificial Intelligence Developed Its Own Non-Human
Language
A buried line
in a new Facebook report about chatbots’ conversations with one another offers
a remarkable glimpse at the future of language.
In the
report, researchers at the Facebook Artificial Intelligence Research
lab describe using machine learning to train their “dialog agents” to
negotiate. (And it turns out bots are
actually quite good at dealmaking.) At
one point, the researchers write, they had to tweak one of their models because
otherwise the bot-to-bot conversation “led to divergence from human language as
the agents developed their own language for negotiating.”
An extreme use of texting?
But manslaughter? What if they
had been in different states? Or if the
victim had been an adult and the girl a minor?
Judge faces legal quagmire in teen texting suicide trial of
Michelle Carter; verdict to be announced Friday
… A juvenile court
judge now finds himself at the center of a legal quagmire: Should he set a
legal precedent in Massachusetts by convicting Carter of manslaughter for
encouraging Roy to take his own life through dozens of text messages? Or should he acquit her and risk sending a
message that Carter’s behavior was less than criminal?
… Carter is
accused of involuntary manslaughter, a charge that can be brought in
Massachusetts when someone causes the death of another person when engaging in
reckless or wanton conduct that creates a high degree of likelihood of
substantial harm.
… Daniel Medwed, a
law professor at Northeastern University, said the judge has a difficult task
in determining whether Carter’s actions rise to the level of manslaughter. There is no Massachusetts law against
encouraging someone to kill themselves. Medwed
said the judge could consider Carter “morally blameworthy,” but “moral blame
doesn’t always equal legal accountability. ”
Martin Healy, chief legal counsel of the Massachusetts Bar
Association, said the case also presents some novel issues of law on the use of
cellphones and text messages. Carter was
not with Roy when he killed himself, but she was talking on the phone with him
as his truck filled with carbon monoxide.
Perspective.
Amazon Is Buying Whole Foods For $13.7 Billion
… For Amazon, the
acquisition suddenly gives them a sprawling brick-and-mortar presence and
access to well-heeled consumers. The
company has been experimenting with groceries, primarily through its
AmazonFresh delivery program, but this deal makes clear the size of its
ambitions.
I find this hard to believe. (correlation does not imply causation). Does this also apply to
non-coders?
Developers Who Use Spaces Make More Money Than Those Who Use
Tabs
Do you use tabs or spaces for code indentation?
This is a bit of a
“holy war”
among software developers; one that’s been the subject of many debates and
in-jokes.
I use spaces, but I never
thought it was particularly important.
But
today we’re
releasing
the raw data behind the
Stack Overflow 2017
Developer Survey, and some analysis suggests this choice matters more than
I expected.
Perhaps a different “private” company? The Godfather would never fail to pay.
Powerball, Mega Millions may be victims of Illinois budget
impasse, lottery officials say
Lottery players will not be able to purchase
Powerball or
Mega Millions tickets in
Illinois after the end of this month unless the ongoing state budget impasse is
resolved, lottery officials said Thursday.
… It is the latest
black eye for the beleaguered state lottery, which has garnered headlines in
recent years for failing to pay its winners, and for the way it was run under
the first private management agreement in the nation.
In a series of stories published over the past six months,
the Tribune found the company tasked with running the lottery — Northstar
Lottery Group — failed to award more than 40 percent of the grand prizes in its
biggest instant ticket games, sometimes ending games before any top prizes were
claimed.
Perspective. Cable
isn’t dead yet, but my students don’t subscribe.
Netflix Is Now Bigger Than Cable TV
Netflix has, for the first time, surpassed cable in total
subscribers
according to Leichtman Research.
US cable companies have 48.61 million subscribers
while Netflix has just hit 50.85 million.
The numbers don't count minor cable networks,
which could in themselves amount to 5% of total cable customers.
Perspective. How
important (valuable) are games?
Tencent Eyeing $3 Billion Bid for Angry Birds Maker Rovio,
Reports The Information
No comment.
The surprising number of American adults who think chocolate
milk comes from brown cows
Seven percent of all American adults believe that
chocolate milk comes from brown cows, according to a nationally representative
online survey commissioned by the Innovation Center of U.S. Dairy.
Add this to your toolbox when available!
Backup and Sync Will Automatically Save Your Desktop Files
Backup and Sync is a new service coming soon from
Google.
On June 28th you will be able to
install Backup and Sync on your Mac or Windows computer.
The service will let you have your desktop
files or other folder files automatically backed up to your Google Drive
account.
You've always been able to
quickly move files from your desktop to Google Drive through Drive desktop
clients, but Backup and Sync will let you streamline that process.
A tool for e-textbooks?
Owl Eyes - Guide Students Through Classic Literature
Owl
Eyes is
a free tool that
provides teachers with a good way to provide students with guidance while they
are reading classic literature.
Owl Eyes
provides teachers with tools to insert annotations and questions into classic
literature.
Students can see the
annotations and questions that their teachers add to the digital text.
Teachers have the option to create online
classrooms through which they can monitor their students' progress through a
text and view their students' annotations and answers to questions.
The texts available through Owl Eyes are
mostly classic works that are in the public domain.
Sic semper PowerPoint!