When “Security” is
not part of the design…
Automation
Software Flaws Expose Gas Stations to Hacker Attacks
Gas
stations worldwide are exposed to remote hacker attacks due to
several vulnerabilities affecting the automation software they use,
researchers at Kaspersky Lab reported on Wednesday.
The
vulnerable product is SiteOmat from Orpak, which is advertised by the
vendor as the “heart of the fuel station.” The software,
designed to run on embedded Linux machines or a standard PC, provides
“complete and secure site automation, managing the dispensers,
payment terminals, forecourt devices and fuel tanks to fully control
and record any transaction.”
Kaspersky
researchers discovered that the
“secure” part is not exactly true and more than 1,000
of the gas stations using the product allow remote access from the
Internet. Over half of the exposed stations are located in the
United States and India.
“Before
the research, we honestly believed that all fueling systems, without
exception, would be isolated from the internet and properly
monitored. But we were wrong,” explained
Kaspersky’s Ido Naor. “With our experienced eyes, we came to
realize that even the least skilled attacker could use this product
to take over a fueling system from anywhere in the world.”
According
to the security firm, the vulnerabilities affecting SiteOmat could be
exploited by malicious actors for a wide range of purposes, including
to modify fuel prices, shut down fueling systems, or cause a fuel
leakage.
Why would a “sales
partner” have access to this data? Sounds like they just gave them
full access!
Jason Murdock reports:
A Swiss mobile phone operator has admitted its data systems were breached late last year and the contact details of about 800,000 customers were compromised.
Swisscom said on Wednesday (7 February) that the names, addresses, telephone numbers and dates of birth of customers were accessed by an unknown party, which got the data through a sales partner of Swisscom. The company was not named.
Read more on IBT
Times.
[From
the Article:
"Although the misappropriated personal data
is classified as non-sensitive under data protection legislation,
investigating the incident is a top priority for Swisscom," the
notice continued. "The relevant partner company access
was blocked immediately."
A number of changes have been made to "better
protect access to such non-sensitive personal data by third-party
companies," the company added.
The firm said changes included the introduction of
two-factor authentication on sales partners' accounts and cutting
back the ability to run high-volume queries.
It said any unusual activity on third-party
accounts would now trigger an alarm and block access.
For my Computer Security students to consider. No
new kinds of security, only failure to implement the old ones.
Surviving
Your Digital Transformation
2018
is lining up to be the year of Digital
Transformation. Just about every organization looking to remain
viable in the growing digital marketplace has some sort of digital
transformation in progress or one in the planning stages for this
year. These projects range from implementing basic applications to
better interact with online consumers, to converging OT and IT
networks, or even pushing their entire infrastructure to the cloud.
But
digital transformation without an equivalent security transformation
is leaving organizations more vulnerable than ever.
It does not have to be ‘surveillance technology’
to be used for surveillance.
PinMe:
Tracking a Smartphone User around the World
PinMe:
Tracking a Smartphone User around the World. Arsalan Mosenia,
Xiaoliang Dai, Prateek Mittal, Niraj Jha (Submitted on 5 Feb 2018).
arXiv:1802.01468
[cs.CR]
“With the pervasive use of smartphones that
sense, collect, and process valuable information about the
environment, ensuring location privacy has become one of the most
important concerns in the modern age. A few recent research studies
discuss the feasibility of processing data gathered by a smartphone
to locate the phone’s owner, even when the user does not intend to
share his location information, e.g., when the Global Positioning
System (GPS) is off. Previous research efforts rely on at least one
of the two following fundamental requirements, which significantly
limit the ability of the adversary: (i) the attacker must accurately
know either the user’s initial location or the set of routes
through which the user travels and/or (ii) the attacker must measure
a set of features, e.g., the device’s acceleration, for potential
routes in advance and construct a training dataset. In this paper,
we demonstrate that neither of the above-mentioned requirements is
essential for compromising the user’s location privacy. We
describe PinMe, a novel user-location mechanism that exploits
non-sensory/sensory data stored on the smartphone, e.g., the
environment’s air pressure, along with publicly-available auxiliary
information, e.g., elevation maps, to estimate the user’s location
when all location services, e.g., GPS, are turned off.”
“We know what you like better than you know what
you like.”
‘Fiction
is outperforming reality’: how YouTube’s algorithm distorts truth
theguardian – An
ex-YouTube insider reveals how its recommendation algorithm promotes
divisive clips and conspiracy videos: “There
are 1.5 billion YouTube users in the world, which is more than the
number of households that own televisions. What they
watch is shaped by this algorithm, which skims and ranks billions of
videos to identify 20 “up next” clips that are both relevant to a
previous video and most likely, statistically speaking, to keep a
person hooked on their screen. Company insiders tell me the
algorithm is the single most important engine of YouTube’s growth.
In one of the few public explanations of how the formula works – an
academic paper that sketches the algorithm’s deep neural
networks, crunching a vast pool of data about videos and the people
who watch them – YouTube engineers describe it as one of the
“largest scale and most sophisticated industrial recommendation
systems in existence”…
(Related) Can lots of data make a company
creative?
Do you still use Yahoo? Do you still remember
MySpace? Compaq? Kodak? The cases of startups with superior ideas
dethroning well-established incumbents are legion. This is the
beauty of “creative destruction” – the term coined by
innovation prophet Joseph Schumpeter almost a century ago.
Incumbents have to keep innovating, lest they be overtaken by a new,
more creative competitor. Arguably, at least in sectors shaped by
technical change, entrepreneurial innovation has kept markets
competitive far better than antitrust legislation ever could. For
decades, creative destruction ensured competitive markets and a
constant stream of new innovation. But what if that is no longer the
case?
The
trouble is that the source of innovation is shifting – from human
ingenuity to data-driven machine-learning. Google’s
self-driving cars are getting better through the analysis of billions
of data points collected as Google’s self-driving cars roam the
street. IBM
Watson detects skin cancer as precisely as the average dermatologist
because it has been training itself with hundreds of thousands of
skin images. Siri and Alexa are getting better at understanding what
we say because they never stop learning. Of course, it takes plenty
of talented, creative people to build these products. But their
improvement is driven less by a human “aha-moment” than by data
and improvements in how machines learn from it.
For my Data Management students.
Cliff Notes
for Managing the Data Science Function
William
Vorhies – Data Science Central: “There are an increasing
number of larger companies that have truly embraced advanced
analytics and deploy fairly large numbers of data scientists. Many
of these same companies are the one’s beginning to ask about using
AI. Here are some observations and tips on the problems and
opportunities associated with managing a larger data science
function.”
The simpler the better.
Common
Craft Explains Blockchain
Turn on any of the 24/7 cable news networks today
and you're likely to hear about Bitcoin and or blockchain. Bitcoin
is in the news because of its wild fluctuations in value over the
last year. Blockchain is what makes cryptocurrencies like Bitcoin
possible. If that seems clear as mud, you should watch Common
Craft's new video titled Blockchain
Explained by Common Craft. The video does a great job of using a
concept that we're all familiar with, ownership of physical property,
to explain the Blockchain concept.
After watching Common Craft's video about
blockchain, watch
this video from Financial Post to learn how the blockchain
concept is applied to Bitcoin and other cryptocurrencies.
Use the technology potential customers use.
TD
Ameritrade to Allow Trading via Twitter
TD Ameritrade is letting customers initialize
trades over Twitter, the latest attempt by the discount brokerage to
attract digitally savvy and younger investors.
The firm’s Twitter “chatbot” resembles the
one it launched via Facebook Messenger in August, and it is powered
by an algorithm that produces “social signals.” The algorithm
sifts through tweets and then rates the relevance of the information
to provide “intelligence” to investors, such as volume spikes,
live trading quotes and company news.
Perspective. Makes me feel very, very old.
5,000
single people have revealed what they think about calling and texting
on a date and whether having sex with a robot is 'cheating'
No comments:
Post a Comment