Thursday, July 19, 2018

Because when people fail to secure their data, “breaching” that data is really really simple. I can see it as a Audit tool. I’ll ask my students to debate the ethics.
New tool helps you find 48,000+ open Amazon S3 buckets
The Daily Swig: “Hundreds of thousands of potentially sensitive files are publically available through open Amazon buckets, a new online tool can reveal. The free tool, created by software engineer GrayhatWarfare, is a searchable database where a current list of 48,623 open S3 buckets can be found. Amazon’s S3 cloud storage, or Simple Storage Service, is used by the private and public sector alike as a popular way to cache content. Files are allocated buckets, which are secured and private by default, but can easily be set for public access. While it is perfectly acceptable to set S3 buckets as available for all to read, numerous data breaches have been the result of an administrator’s misconfiguration. In March of this year, for example, an unsecured bucket at a US-based jewelry company resulted in the exposure of the personal details of over 1.3 million people, including addresses, emails, and IP identifiers. Bob Diachenko of Kromtech Security was the first to report the incident, and has helped create a tool aimed at detecting bucket permissions, similar to the one created by GrayhatWarefare.
“On the one hand, it [GrayhatWarfare’s tool] follows the same path as Shodan does,” Diachenko told The Daily Swig. “It gives researchers and the general audience a possibility to check if their infrastructure is safe. At the same time, it opens doors for ‘passwords-seekers’ and people with malicious intents to leverage upon data found in this ‘Semsem’ cave…”


(Related) We have access to many tools that are so easy to use we don’t bother to learn how to use them securely.
Thousands of US voters' data exposed by robocall firm
… A Virginia-based political campaign and robocalling company, which claims it can "reach thousands of voters instantly," left a huge batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password.




One way to secure the November election?
Suing South Carolina Because Its Election Machines Are Insecure
A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote.
Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a declaration in litigation it filed, challenging President Trump's now-defunct "election integrity" commission.
[From the ‘effectively’ link:
South Carolina's thousands of digital voting machines are antiquated, break down, leave no paper trail of votes that can be audited, and have "deep security flaws" that make them vulnerable to hacking by Russians and others, the 45-page lawsuit alleges.




Security standards can become obsolete. Back in the mainframe days, “Close the door” was a universal standard.
NIST to Withdraw 11 Outdated Cybersecurity Publications
The U.S. National Institute of Standards and Technology (NIST) announced on Tuesday that its Computer Security Division has decided to withdraw eleven outdated SP 800 publications.
NIST’s website currently lists over 180 SP 800 publications, including drafts and final versions. Eleven of them, which are now considered out of date, will be withdrawn on August 1, 2018, and will not be revised or superseded.
The documents will still be available for historical reference, but their status will be changed from “final” to “withdrawn.”




Perspective. And here I thought Congress had to confirm Kavanaugh…
The Biggest Spender of Political Ads on Facebook? President Trump
President Trump’s operation has run dozens of ads on Facebook recently that seek to rally support to confirm Judge Brett M. Kavanaugh to the vacant spot on the Supreme Court.
… Facebook in May began an archive of political ads, which is a publicly searchable database that catalogs the ads and identifies which groups or individuals paid for them. Facebook hopes the database will include any ad that has political content and that was aimed at Americans. The researchers conducted their study by scraping all of that raw data.
Their work provides one of the most comprehensive pictures so far of who is placing political ads on the world’s biggest social network and how much they are spending ahead of the midterm elections in November. Reaching voters through social media has become one of the most effective ways to get a message out, but up until now, the transparency around the practice has been limited.




Perspective. Who’s afraid of the big bad Bezos?
The False Tale of Amazon's Industry-Conquering Juggernaut
Amazon is one of the largest and most formidable companies in the world. It’s run with brutal efficiency, a keen focus on keeping its customers happy, and a deep thirst for innovation. Its $50 billion of revenue per quarter makes the company worth more than $850 billion, which is enough to buy Walmart three times over and still have more than $100 billion in change. (It’s also enough to make founder Jeff Bezos the richest man in modern history.) There’s no industry that Amazon feels incapable of taking on — not even the Google and Facebook fief of advertising, where Amazon is already bringing in some $2 billion in revenues every quarter.
Still, it’s really nothing to be scared of.
… It’s a testament to the cultural salience of the publishing industry that the books precedent looms so large in the mind of the public and stock traders, because today, 24 years after Amazon was founded, the company has failed to achieve similar market power in any other sector. Quite the opposite, in fact. By opening up its platform to third-party sellers, Amazon has ensured that it will nearly always face competition, even on its own website. And as Amazon has become one of the most valuable companies in the world, it has taken increasing pains to avoid doing anything that antitrust authorities might disapprove of. Amazon’s book monopsony is valuable, but it also comes at significant reputational cost; it’s not at all clear that building a similar monopsony in some other market would be a net positive for the company.
Not that it’s threatening to do so. When Amazon bought Whole Foods, it gained no particular control over the food industry: it merely went from having 0.2 percent of the groceries market to having 1.4 percent. When it bought PillPack, for all that it wiped $11 billion off the market capitalization of the likes of CVS and Walgreens, it still acquired a company that only has $100 million in revenue. (Walgreens, by contrast, has over $100 billion.) However Amazon intends to compete in such markets, it’s not going to do so by being the dominant player.




No more “double secret probation!”
Court Vacates Injunction Against Publishing the Law
EFF – Win for Public Right to Know: Court Vacates Injunction Against Publishing the Law – Industry Groups Want to Control Access to Legal Rules and Regulation: “San Francisco – A federal appeals court today ruled that industry groups cannot control publication of binding laws and standards. This decision protects the work of Public.Resource.org (PRO), a nonprofit organization that works to improve access to government documents. PRO is represented by the Electronic Frontier Foundation (EFF), the law firm of Fenwick & West, and attorney David Halperin. Six large industry groups that work on building and product safety, energy efficiency, and educational testing filed suit against PRO in 2013. These groups publish thousands of standards that are developed by industry and government employees. Some of those standards are incorporated into federal and state regulations, becoming binding law. As part of helping the public access the law, PRO posts those binding standards on its website. The industry groups, known as standards development organizations, accused PRO of copyright and trademark infringement for posting those standards online. In effect, they claimed the right to decide who can copy, share, and speak the law. The federal district court for the District of Columbia ruled in favor of the standards organizations in 2017, and ordered PRO not to post the standards…”




For my friends who live/camp/fish in the mountains.
This Twitterbot keeps you up-to-date on fires burning near you
FastCompany: “As fire seasons in the U.S. gets hotter and drier, a new Twitterbot will show you if a wildfire is burning near your house, where the fire is headed, and if a plume of smoke is traveling in your direction by posting an updated time-lapse video and infrared images every six hours. The tool, called @WildfireSignal, went live on Twitter on July 18. Scientists and programmers at Descartes Labs, a startup that processes images from satellites, designed the tool to pull a list of active fires from a government database, then clean up near-real-time images from the GOES-16 satellite at each fire’s location. Using the massive amount of data generated by the satellite, it automatically builds a time-lapse video of each fire and embeds it in a tweet with a hashtag of the fire’s name…”




For my geeks.




For my students. It seems to work!
Formatically Offers a New Instant Citation Tool
Formatically is a service that was designed by college students to help other students create properly formatted works cited pages. Last year I published a tutorial about how to use it. This week Formatically introduced a new instant citation tool. The instant citation tool can be used by anyone to format an APA, MLA, Chicago, or Harvard citation for a book or web page.
To use Formatically's instant citation tool just paste the URL of the page that you want to cite into the instant citation tool. Once pasted into the tool you can choose the format that you want to use for your citation. If there is an error in the citation, you can correct it by clicking the edit icon at the end of the written citation. The system works the same way for books except that rather than entering a web page URL you enter a book title. Watch the video embedded below to learn more about Formatically's instant citation tool.


No comments: