Because when people fail to secure their data,
“breaching” that data is really really simple. I can see it as a
Audit tool. I’ll ask my students to debate the ethics.
New tool
helps you find 48,000+ open Amazon S3 buckets
The
Daily Swig: “Hundreds of thousands of potentially sensitive
files are publically available through open Amazon buckets, a new
online tool can reveal. The free
tool, created by software engineer GrayhatWarfare, is a
searchable database where a current list of 48,623 open S3 buckets
can be found. Amazon’s
S3 cloud storage, or Simple Storage Service, is used by the
private and public sector alike as a popular way to cache content.
Files are allocated buckets, which are secured and private by
default, but can easily be set for public access. While it is
perfectly acceptable to set S3 buckets as available for all to read,
numerous
data breaches have been the result of an administrator’s
misconfiguration. In March
of this year, for example, an unsecured bucket at a US-based
jewelry company resulted in the exposure of the personal details of
over 1.3 million people, including addresses, emails, and IP
identifiers. Bob Diachenko of Kromtech
Security was the first to report the incident, and has helped
create
a tool aimed at detecting bucket permissions, similar to the one
created by GrayhatWarefare.
“On the one hand, it [GrayhatWarfare’s tool] follows the same path as Shodan does,” Diachenko told The Daily Swig. “It gives researchers and the general audience a possibility to check if their infrastructure is safe. At the same time, it opens doors for ‘passwords-seekers’ and people with malicious intents to leverage upon data found in this ‘Semsem’ cave…”
(Related) We have access to many tools that are
so easy to use we don’t bother to learn how to use them securely.
Thousands
of US voters' data exposed by robocall firm
… A Virginia-based political campaign and
robocalling company, which claims it can "reach thousands of
voters instantly," left a huge batch of files containing
hundreds of thousands of voter records on a public and exposed Amazon
S3 bucket that anyone could access without a password.
One way to secure the November election?
A group called Protect
Democracy is suing
South Carolina because its insecure voting machines are
effectively
denying people the right to vote.
Note: I am an advisor to Protect Democracy on its
work related to election cybersecurity, and submitted a
declaration
in litigation it filed, challenging President Trump's now-defunct
"election integrity" commission.
[From
the ‘effectively’ link:
South Carolina's thousands of digital voting
machines are antiquated, break down, leave
no paper trail of votes that can be audited, and have
"deep security flaws" that make them vulnerable to hacking
by Russians and others, the 45-page lawsuit alleges.
Security standards can become obsolete. Back in
the mainframe days, “Close the door” was a universal standard.
NIST to
Withdraw 11 Outdated Cybersecurity Publications
The
U.S. National Institute of Standards and Technology (NIST) announced
on Tuesday that its Computer Security Division has decided to
withdraw eleven outdated SP 800 publications.
… NIST’s
website currently lists over 180
SP 800 publications, including drafts and final versions. Eleven
of them, which are now considered out of date, will be withdrawn
on August 1, 2018, and will not be revised or superseded.
The
documents will still be available for historical reference, but their
status will be changed from “final” to “withdrawn.”
Perspective.
And here I thought Congress had to confirm Kavanaugh…
The Biggest
Spender of Political Ads on Facebook? President Trump
President Trump’s
operation has run dozens of ads on Facebook recently that seek to
rally support to confirm Judge Brett M. Kavanaugh to the vacant spot
on the Supreme Court.
… Facebook in May began an archive of
political ads, which is a
publicly searchable database that catalogs the ads and
identifies which groups or individuals paid for them. Facebook hopes
the database will include any ad that has political content and that
was aimed at Americans. The
researchers conducted their study by scraping all of that raw
data.
Their work provides one of the most comprehensive
pictures so far of who is placing political ads on the world’s
biggest social network and how much they are spending ahead of the
midterm elections in November. Reaching voters through social media
has become one of the most effective ways to get a message out, but
up until now, the transparency around the practice has been limited.
Perspective.
Who’s afraid of the big bad Bezos?
The False
Tale of Amazon's Industry-Conquering Juggernaut
Amazon is one of the largest and most formidable
companies in the world. It’s run with brutal efficiency, a keen
focus on keeping its customers happy, and a
deep thirst for innovation. Its $50 billion of revenue per
quarter makes the company worth more than $850 billion, which is
enough to buy Walmart three times over and still have more than $100
billion in change. (It’s also enough to make founder Jeff Bezos
the
richest man in modern history.) There’s no industry that
Amazon feels incapable of taking on — not even the Google and
Facebook fief of advertising, where Amazon is already bringing in
some $2 billion in revenues every quarter.
Still, it’s really nothing to be scared of.
… It’s a testament to the cultural salience
of the publishing industry that the books precedent looms so large in
the mind of the public and stock traders, because today, 24 years
after Amazon was founded, the company has failed to achieve similar
market power in any other sector. Quite the opposite, in fact. By
opening up its platform to third-party sellers, Amazon has ensured
that it will nearly always face competition, even on its own website.
And as Amazon has become one of the most valuable companies in the
world, it has taken increasing pains to avoid doing anything that
antitrust authorities might disapprove of. Amazon’s book monopsony
is valuable, but it also comes at significant reputational
cost; it’s not at all clear that building a similar monopsony
in some other market would be a net positive for the company.
Not that it’s threatening to do so. When Amazon
bought Whole Foods, it gained no particular control over the food
industry: it merely went from having 0.2 percent of the groceries
market to having 1.4
percent. When it bought PillPack, for all that it wiped $11
billion off the market capitalization of the likes of CVS and
Walgreens, it still acquired a company that only has $100 million in
revenue. (Walgreens, by contrast, has over $100 billion.) However
Amazon intends to compete in such markets, it’s not going to do so
by being the dominant player.
No more “double secret probation!”
Court
Vacates Injunction Against Publishing the Law
EFF – Win
for Public Right to Know: Court Vacates Injunction Against Publishing
the Law – Industry Groups Want to Control Access to Legal Rules and
Regulation: “San Francisco – A federal appeals court today
ruled that industry groups cannot control publication of binding laws
and standards. This decision protects the work of
Public.Resource.org (PRO), a nonprofit organization that works to
improve access to government documents. PRO is represented by the
Electronic Frontier Foundation (EFF), the law firm of Fenwick &
West, and attorney David Halperin. Six large industry groups that
work on building and product safety, energy efficiency, and
educational testing filed suit against PRO in 2013. These groups
publish thousands of standards that are developed by industry and
government employees. Some of those standards are incorporated into
federal and state regulations, becoming binding law. As part of
helping the public access the law, PRO posts those binding standards
on its website. The industry groups, known as standards development
organizations, accused PRO of copyright and trademark infringement
for posting those standards online. In effect, they claimed the
right to decide who can copy, share, and speak the law. The federal
district court for the District of Columbia ruled in favor of the
standards organizations in 2017, and ordered PRO not to post the
standards…”
-
For the full opinion: https://www.eff.org/document/opinion-4
-
For more on ASTM v. Public.Resource.org: https://www.eff.org/cases/publicresource-freeingthelaw
For my friends who live/camp/fish in the
mountains.
This
Twitterbot keeps you up-to-date on fires burning near you
FastCompany:
“As fire seasons in the U.S. gets hotter and drier, a new
Twitterbot will show you if a wildfire is burning near your house,
where the fire is headed, and if a plume of smoke is traveling in
your direction by posting an updated time-lapse video and infrared
images every six hours. The tool, called @WildfireSignal,
went live on Twitter on July 18. Scientists and programmers at
Descartes Labs, a startup that processes images from satellites,
designed the tool to pull a list of active fires from a government
database, then clean up near-real-time images from the GOES-16
satellite at each fire’s location. Using the massive amount of
data generated by the satellite, it automatically builds a time-lapse
video of each fire and embeds it in a tweet with a hashtag of the
fire’s name…”
For my geeks.
For my students. It seems to work!
Formatically
Offers a New Instant Citation Tool
Formatically is a service that was designed by
college students to help other students create properly formatted
works cited pages. Last year I published a tutorial
about how to use it. This week Formatically introduced a new
instant citation tool. The instant citation tool can be used by
anyone to format an APA, MLA, Chicago, or Harvard citation for a book
or web page.
To use Formatically's
instant citation tool just paste the URL of the page that you
want to cite into the instant citation tool. Once pasted into the
tool you can choose the format that you want to use for your
citation. If there is an error in the citation, you can correct it
by clicking the edit icon at the end of the written citation. The
system works the same way for books except that rather than entering
a web page URL you enter a book title. Watch the video embedded
below to learn more about Formatically's instant citation tool.
No comments:
Post a Comment