Wednesday, July 25, 2018

How to breach security.
The Foundation of Cyber-Attacks: Credential Harvesting
Recent reports of a newly detected Smoke Loader infection campaign and the re-emergence of Magecart-based cyber-attacks illustrate a common tactic used by cyber criminals and state-sponsored attackers alike ― credential harvesting. According to the Verizon 2017 Data Breach Investigation Report, 81% of hacking-related breaches leverage either stolen, default, or weak credentials. While credential harvesting is often seen as equivalent to phishing, it uses different tactics.
Cyber attackers long ago figured out that the easiest way for them to gain access to sensitive data is by compromising an end user’s identity and credentials. Betting on the human factor and attacking the weakest link in the cyber defense chain, credential harvesting has become the foundation of most cyber-attacks.
In the case of cloned websites, the victim is often unaware of the attack, since the fake web designs are often very authentic. When the user enters his or her credentials, the page not only captures them but then forwards them to the actual login page, which then logs in the user. The victim never even knows their credentials were stolen.




Important topic for Computer Security too.
Low-Hanging Fruit: Responding to the Digital Evidence Challenge in Law Enforcement
Whether you believe law enforcement is “going dark” or we are in a “golden age of surveillance,” law enforcement faces serious challenges in identifying and accessing digital evidence that is available and important to their criminal investigations. Some of these problems are, no doubt, related to encryption and ephemerality of data – the two issues that have absorbed most of the national attention to date. But, in fact, the problems with digital evidence and digital technologies go far beyond those issues, as we detail in a new CSIS-issued report released today, Low-Hanging Fruit: Evidence Based Solutions to the Digital Evidence Challenge. (See also coverage of the report at the Washington Post.)
… We found that difficulties accessing and utilizing digital evidence affect more than a third of law enforcement cases – a percentage that we expect only to grow over time absent national attention to the issue.




Still think we are doing everything possible?
Poynter guide to anti-misinformation actions around the world
Poynter has updated this very useful guide – Here’s where governments are taking action against online misinformation – subject matter includes hate speech law, misinformation. media literacy, fake news, election misinformation, political bots and advertising, foreign disinformation campaigns, media regulation, internet regulation.


(Related) Matches my observation.
Paper – Susceptibility to partisan fake news is better explained by lack of reasoning than by motivated reasoning
Lazy, not biased: Susceptibility to partisan fake news is better explained by lack of reasoning than by motivated reasoning. Gordon Pennycook and David G. Rand. https://doi.org/10.1016/j.cognition.2018.06.011. Cognition. Available online 20 June 2018 [paywall – but Table of Contents, Abstract, Figures and Supplementary Data are available at no fee]
  • Participants rated perceived accuracy of fake and real news headlines.
  • Analytic thinking was associated with ability to discern between fake and real.
  • We found no evidence that analytic thinking exacerbates motivated reasoning.
“Falling for fake news is more a result of a lack of thinking than partisanship. Why do people believe blatantly inaccurate news headlines (“fake news”)? Do we use our reasoning abilities to convince ourselves that statements that align with our ideology are true, or does reasoning allow us to effectively differentiate fake from real regardless of political ideology? Here we test these competing accounts in two studies (total N = 3446 Mechanical Turk workers) by using the Cognitive Reflection Test (CRT) as a measure of the propensity to engage in analytical reasoning. We find that CRT performance is negatively correlated with the perceived accuracy of fake news, and positively correlated with the ability to discern fake news from real news – even for headlines that align with individuals’ political ideology. Moreover, overall discernment was actually better for ideologically aligned headlines than for misaligned headlines. Finally, a headline-level analysis finds that CRT is negatively correlated with perceived accuracy of relatively implausible (primarily fake) headlines, and positively correlated with perceived accuracy of relatively plausible (primarily real) headlines. In contrast, the correlation between CRT and perceived accuracy is unrelated to how closely the headline aligns with the participant’s ideology. Thus, we conclude that analytic thinking is used to assess the plausibility of headlines, regardless of whether the stories are consistent or inconsistent with one’s political ideology. Our findings therefore suggest that susceptibility to fake news is driven more by lazy thinking than it is by partisan bias per se – a finding that opens potential avenues for fighting fake news.”




All is not peaches and cream?
Facebook’s departing chief information security officer Alex Stamos, whose upcoming exit has been known for months, wrote a note to staff in March amid the Cambridge Analytica data-sharing scandal urging them to reconsider the site’s approach to privacy, BuzzFeed News reported on Tuesday.
In his note titled “A Difficult Week,” Stamos wrote that the scandal—in which Facebook’s reckless approach to sharing data on users allowed the sketchy political firm to acquire data on somewhere around 87 million users—as well as others such as alleged Russian information warfare on the site were the result of “tens of thousands of small decisions made over the last decade.” Per BuzzFeed, he also implored his colleagues to please, for the love of god, consider negative feedback when implementing features that pushed the limits of users’ comfort levels, as well as limit its data collection to that actually necessary for the company’s functioning:
“We need to build a user experience that conveys honesty and respect, not one optimized to get people to click yes to giving us more access,” Stamos wrote. “We need to intentionally not collect data where possible, and to keep it only as long as we are using it to serve people.”
“We need to listen to people (including internally) when they tell us a feature is creepy or point out a negative impact we are having in the world,” the note continued. “We need to deprioritize short-term growth and revenue and to explain to Wall Street why that is ok. We need to be willing to pick sides when there are clear moral or humanitarian issues. And we need to be open, honest and transparent about our challenges and what we are doing to fix them.”




Perspective. What are auto manufacturers doing to transition to the “self-driving/rides on demand” future?
Ford follows GM's Cruise move with self-driving spinoff
Ford Motor Co (F.N) said on Tuesday it was creating a separate $4 billion unit to house its self-driving vehicle operations and is seeking outside investors, following a similar move in late May by Detroit rival General Motors Co (GM.N) with its Cruise Automation unit.


(Related)
GM launches a peer-to-peer car-sharing service
General Motors is launching a new service in Chicago, Detroit and Ann Arbor, Mich. that will let owners rent out their personal GM -branded vehicles through its Maven car-sharing platform.




Perspective. Tired of the vast wasteland?
Cable's Netflix bundling deals aren't stopping customers from cutting the cord
Cable providers have been wringing their hands and pulling out deal after deal to try to keep cable TV subscribers. Most recently, they started bundling Netflix subscriptions with cable packages (because bundling is totally something customers don't hate at all).
But a new report from eMarketer shows that their tactics aren't panning out. Not only is the rate of TV watchers opting for Over The Top (OTT) service on the rise — where they just watch internet TV providers like Netflix, instead of paying for cable — it's also accelerating faster than projected growth rates.
Projections put the number of cord cutters — adults who cancel pay TV, opting instead for OTT — at 33 million, which is 32.8 percent of TV watchers.
… The growth rates of the OTT providers tell the other side of the story. Netflix reached 100 million subscribers in 2017. Leaked documents from Amazon showed that it counts 26 million prime members as US viewers. Hulu garnered a walloping 40 percent growth in subscribers in 2017, reaching 17 million viewers. It also launched Hulu Live TV, which is like basic cable via a Hulu subscription — and is proving to be incredibly popular. And YouTube and Facebook (via Facebook Watch and IGTV) are in all-out war to capture the millions of eyeballs to which they already have access.




A new record? This has really got to hurt.
Venezuela's inflation on track to top 1 million percent, IMF says




Interesting. One of those products I see no great market for, but then I have a history of being wrong.
Segway Unveils Self-Balancing Electric Roller Shoes
Segway has unveiled its latest creation, and its as off-kilter as you’d expect from the company. Taking the hoverboard trend one step further, it’s now created the Drift W1, which essentially splits the board in half and works underneath your shoes. The shoes will weigh 7.7lbs and have a top speed of 7.5 MPH, with a riding time of around 45 minutes before needing another charge.
Each pair will also come with a helmet for anyone trying to figure out how to work these shoes without injury. The Segway Drift W1 will cost $399 USD and be available during August. You can find out more information from the brand’s web page.


No comments: