Friday, July 27, 2018

School for hackers? I’d hazard a guess that this did not take much skill to do. Once one inmate figured it out, he could just email instructions to all his friends. No indication how long this has been going on.
Idaho inmates hacked nearly a quarter million dollars
Idaho prison officials say 364 inmates hacked the JPay tablets they use for email, music and games and collectively transferred nearly a quarter million dollars into their own accounts.
The department’s special investigations unit discovered the problem earlier this month, and the improper conduct involved no taxpayer dollars, Idaho Department of Correction spokesman Jeff Ray said.
The hand-held computer tablets are popular in prisons across the country, and they are made available to Idaho inmates through a contract with CenturyLink and JPay. Neither company immediately responded to a request for comment from The Associated Press.
The tablets allow inmates to email their families and friends, purchase and listen to music or play simple electronic games.
The inmates were “intentionally exploiting a vulnerability within JPay to improperly increase their JPay account balances,” Ray said in a prepared statement on Thursday. He said 50 inmates credited their accounts in amounts exceeding $1,000; the largest amount credited by a single inmate was just under $10,000.
The total amount was nearly $225,000.
“This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every inmate who exploited the system’s vulnerability to improperly credit their account,” Ray said in a prepared statement.




Phishing requires the right lure.
Password Check Required Immediately’ – most effective phishing line
Leveraging a key human trait that machines would not fall for, cybercriminals can easily manipulate or fool humans using social engineering tactics. A new study on the most effective phishing scams shows that, ironically, the subject lines relating to security are most likely to trick users into handling their credentials insecurely.
“By playing into a person’s psyche to either feel wanted or alarmed, hackers continue to use email as a successful entry point for an attack,” according to KnowBe4, which deals with security awareness and simulated phishing.
… After examining tens of thousands of subject lines, including some “in-the-wild” emails, researchers compiled the following “Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018” (frequency percentage in brackets):
  1. Password Check Required Immediately (15%)
  2. Security Alert (12%)
  3. Change of Password Required Immediately (11%)
  4. A Delivery Attempt was made (10%)
  5. Urgent press release to all employees (10%)
  6. De-activation of [[email]] in Process (10%)
  7. Revised Vacation & Sick Time Policy (9%)
  8. UPS Label Delivery, 1ZBE312TNY00015011 (9%)
  9. Staff Review 2017 (7%)
  10. Company Policies-Updates to our Fraternization Policy (7%)




We haven’t heard much about the Exactis data breach, but Troy Hunt pointed me to this record layout.
Exactis Data Sample




The cost of doing the right thing? More like an accurate user count now that they are doing the right things.
Twitter to prioritize fixing platform over user growth, shares plunge
Twitter Inc on Friday reported fewer monthly active users than analysts expected and warned that the closely-watched figure could keep falling as it deletes phony accounts, sending shares sharply lower in early trading.
The company said the work it was doing to clean up Twitter by purging automated and spam accounts had some impact on its user metrics in the second quarter, and that it would prioritize work to improve suspicious accounts and reduce hate speech and other abusive content over projects that could attract more users.




The clash of technologies? Requires a thoughtful architecture to avoid disaster.
The GDPR and Blockchain
Blockchain technology has the potential to revolutionise many industries; it has been said that “blockchain will do to the financial system what the internet did to media”. Its most famous use is its role as the architecture of the cryptocurrency Bitcoin, however it has many other potential uses in the financial sector, for instance in trading, clearing and settlement, as well as various middle- and back-office functions.
… in order for the technology to unfold its full potential there needs to be careful consideration as to how the technology can comply with new European privacy legislation, namely the General Data Protection Regulation (the “GDPR”) which came into force on 25 May 2018. This article explores some of the possible or “perceived” challenges blockchain technology faces when it comes to compliance with the GDPR.
… One of the most widely perceived challenges of blockchain and the GDPR is the inability to delete data. The main benefit of blockchain technology is that the blocks in the chain cannot be deleted or modified, to ensure the security and accuracy of the record. However, under the GDPR, data subjects have the right to rectification, where the personal data concerning them is inaccurate, and they may have the right to have their data erased (“right to be forgotten”).




Legal tech. No robot lawyers yet?
Three Technologies Transforming the Legal Field
Law Technology Today: “Is your staff using analytics, blockchain and OCR yet? Corporations are ever-focused on their legal spend and demand more value from their outside counsel. Further disrupting the legal field are alternative legal service providers fueling the competitive landscape to become more crowded and innovative. As a result, Thomson Reuters’ 2018 Report on the State of the Legal Market surmised that declining profit margins, weakening collections, falling productivity, and loss of market share to alternative legal service providers are chipping away at the foundations of firm profitability. To counteract these market pressures and to differentiate themselves from competitors, law firms are embracing technology to improve operational efficiencies and transform the way attorneys and their firms interact with clients, answer their questions, and tackle their legal challenges. The law firms that embrace technology as a means to provide more cost-effective services to their clients will have a competitive advantage. For example, digitization and automation technologies have emerged that streamline internal processes and reduce workloads, so lawyers can spend more time advising clients and less time with administrative work…”




Perspective. Amazon the advertising powerhouse?
Amazon challenges Google and Facebook with surprising new multi-billion dollar business
Amazon’s cloud business may get much of the attention for bolstering the company’s bottom line. But an emerging new advertising arm of Amazon is also fueling record profits for the Seattle tech giant.
… Amazon does not break out financials for advertising and lumps it into the “Other” category, which “primarily includes sales of advertising services, as well as sales related to our other service offerings,” according to financial statements.
Amazon reported revenue of $2.2 billion for that category in the second quarter, up 129 percent year-over-year. For comparison, Amazon’s online store sales grew 12 percent and AWS sales grew 49 percent.
Amazon has become a formidable e-commerce search engine, competing with Google to be the first place where shoppers start when they want to buy products online. Its growing advertising business is another example of the battle between Amazon and Alphabet-owned Google, which compete across a number of areas such as voice technology, cloud computing, and online shopping.




Interesting. I was about to try loading Kali Linux on a thumb drive.
Ethical hacking is a great way to uncover your inner Mr. Robot. And what better way to build those skills than by using one of the foremost hacking toolkits?
We’re talking Kali Linux on your Raspberry Pi 3! A Raspberry Pi 3 running Kali Linux is surprisingly formidable for hacking. The tiny computer is cheap, powerful, and versatile.
In fact, Kali Linux comes packed with everything you need to expand your ethical hacking skills.


No comments: