What actually happened? The article raises some
interesting questions.
Thieves
hack Marathon gas station, steal $1,800 of gas
An hour past high noon, hackers allegedly used a
“remote device” to control a prepaid gas pump at a Marathon gas
station in Detroit, allowing 10 vehicles to steal $1,800 of gas over
a 90-minute period.
How many gallons of gas can your vehicle hold?
Surely not 60? Yet the Detroit gas “hack” reportedly included a
“convoy” of 10 vehicles, pulling in and pumping one after another
for an hour and a half, managing to steal 600 gallons of gas. That
implies each vehicle stole 60 gallons. There is no mention of people
in those vehicles also filling up gas cans, barrels or other storage,
so the total of 10 vehicles filling up for free to make off with 600
gallons doesn’t seem quite right.
… The police aren’t quite sure what
happened. It is also unclear if all the vehicles that filled up for
free were in on it or if they just took advantage of the free gas.
Detroit Police have the surveillance video and are still
investigating.
(Related)
Hackers
Have a New Favorite Target: Gas Stations
… What sounds like an isolated incident is
actually happening more than you might think. One week ago, police
just north of Austin, Texas arrested a man for using an “elaborate”
device to steal
at least $800 worth of gas from a station that was closed at the
time. And in June, a BP employee in New Jersey was arrested for
allegedly manipulating
gas pump computers to steal over $300,000.
They (the researchers) keep giving away our
(social media) secrets!
This does not surprise me at all. Chris
Stokel-Walker reports:
Metadata
is everywhere. Everything you tweet, every picture you take, and
every status update you post on Facebook. It’s used by police and
security forces to identify people who try to hide their identities
and locations, while associated metadata in selfies can inadvertently
ensnare criminals unaware that the data can destroy their alibi.
And
metadata on Twitter can also be used in extremely precise
identification each and every one of us – according to a new
paper by researchers at University College London and the Alan
Turing Institute. Your tweets, it turns out, no matter how anonymous
you might think they are, can be traced back to you with unerring
accuracy. All someone needs to do is look at the metadata.
The
scientists used tweets and the associated metadata to identify any
user in a group of 10,000 Twitter users with 96.7 per cent accuracy.
Read more on Wired
(UK).
This could be amusing. “Psst! Want a good deal
on dis laptop that fell off dat truck?”
Patrick Marshall writes:
You’re about to cross a downtown street and your smartphone beeps to tell you that a text message has arrived. As you pull out your phone to check the message as you walk, the phone receives an alert from your local police — you’re about to step into the path of a rapidly approaching SUV!
Such a scenario may become possible with a technology called PHADE that allows public surveillance cameras to send personalized messages to people without knowing the address of the phone.
Developed by researchers at Purdue University, PHADE digitally associates people in the camera’s view with their smartphones by using the subjects’ behavioral address, or the identifiers extracted from their movements in the video.
Read more on GCN.
A call to arms? Is our government willing to
respond?
Information
Operations are a Cybersecurity Problem: Toward a New Strategic
Paradigm to Combat Disinformation
Disinformation, misinformation, and social media
hoaxes have evolved from a nuisance into high-stakes information war.
State actors with geopolitical motivations, ideological true
believers, non-state violent extremists, and economically-motivated
enterprises are able to manipulate narratives on social media with
ease, and it’s happening each and every day. Traditional analysis
of propaganda and disinformation has focused fairly narrowly on
understanding the perpetrators and trying to fact-check the
narratives (fight narratives with counter-narratives, fight speech
with more speech). Today’s information operations, however, are
materially different – they’re computational. They’re driven
by algorithms and are conducted with unprecedented scale and
efficiency. To push a narrative today, content is quickly assembled,
posted to platforms with large standing audiences, targeted at those
most likely to be receptive to it, and then the platform’s
algorithms are manipulated to make the content go viral (or at least,
to make it easily discoverable). These operations are exploiting
weakness in our information ecosystem. To combat this evolving
threat, we have to address those structural weaknesses… but as
platform features change and determined adversaries find new tactics,
it often feels like whack-a-mole. It’s time to change our way of
thinking about propaganda and disinformation: it’s not a
truth-in-narrative issue, it’s an adversarial attack in the
information space. Info ops are a cybersecurity issue.
Perhaps it has no merit, but it is amusing.
Here’s a discovery question: Did they detect this malware anywhere
else?
Catalin Cimpanu reports:
Two insurance companies are suing a cyber-security firm to recover insurance fees paid to a customer after the security firm failed to detect malware on the client’s network for months, an issue that led to one of the biggest security breaches of the 2000s.
Read more on Bleeping
Computer about how Lexington Insurance Company and Beazley
Insurance Company are suing TrustWave over the massive 2009 Heartland
Payment Systems breach. TrustWave says the suit is meritless.
[From
the article:
The two insurance firms claim that Chicago-based
Trustwave Holdings, Inc. —the security firm— had failed
to detect that an attacker used an SQL injection attack to
breach Heartland's systems on July 24, 2007.
Furthermore, the two say Trustwave also failed
to detect that attackers installed malware on the payments
processor's servers on May 14, 2008, and did not raise a sign of
alarm about the event.
The lawsuit points out that Trustwave did
not detect any signs of suspicious activity during its security
audits it provided Heartland for almost two years as part
of its contracts, which also included testing for PCI DSS compliance
and attestation.
Can you redefine yourself contractually?
Several publishers are pushing back on demands by
agency giant Publicis that are meant to get the agency in compliance
with the
General Data Protection Regulation. The concerns center around
Publicis’ shifting liability for the new European privacy law to
publishers.
The GDPR requires companies to justify collecting
people’s data for the purpose of targeting them with ads and other
business objectives. Confusion and controversy have followed as
players in the ad supply chain dispute who’s responsible for what.
In the Publicis case, publishers say the holding company is asking
the publishers to collect users’ consent to be ad-targeted and to
assume all liability for collecting that consent, per its new terms
and conditions. The publishers’ concern is that agreeing to this
demand would leave the publisher responsible if the agency retargets
users who haven’t consented to be targeted.
“The ask before was, ‘Add us to your consent
form.’ Now they just reworded it to say, ‘You’re responsible
for getting consent, and we aren’t,” groused one publisher that’s
been presented with the demands and who, like all publishing execs in
this article, spoke on condition of anonymity since they were still
in talks with the holding company.
… Under GDPR, publishers are classed as data
controllers because they are regarded as the source of the
first-party audience data, which other businesses will marry
advertiser data to for the purpose of targeting ads. Advertisers are
also classed as data controllers, given their own customer data is
sourced from them and not third parties. Agencies and vendors are
typically defined as data
processors, because they work with data that’s sourced
either from the publisher or the client. Agencies therefore process
data on behalf of their clients, but publishers don’t believe they
should share accountability for whatever is done with that data on
the clients’ sites, when that is controlled by the agency.
How would this work? Divide them geographically?
The Balkanization of
a global user community?
Coalition
to breakup Facebook gains momentum
Bloomberg:
“The top U.S. communications union is joining a coalition calling
for the Federal Trade Commission to break up Facebook
Inc., as the social media company faces growing government
scrutiny and public pressure. “We should all be deeply concerned
by Facebook’s power over our lives and democracy,” said Brian
Thorn, a researcher for the 700,000-member Communications Workers of
America, the newest member of the Freedom
From Facebook coalition. For the FTC not to end
Facebook’s monopoly and impose stronger rules on privacy “would
be unfair to the American people, our privacy, and our democracy,”
Thorn said in an email. Facebook disclosed
July 2 that it’s cooperating with probes by the U.S. Securities and
Exchange Commission and the Federal Bureau of Investigation on how
political consulting firm Cambridge Analytica obtained personal
information from as many as 87 million of the site’s users without
their consent. The FTC, the Department of Justice and some state
regulators were already probing
the matter, which prompted Facebook Chief Executive Officer Mark
Zuckerberg to testify
before Congress in April. Facebook also faces calls for regulation
from many lawmakers and the public over the privacy issue, Russian
efforts to manipulate the 2016 presidential election and the spread
of false information on the platform. Facebook declined to comment
on the union’s move. The CWA doesn’t represent Facebook
employees, but it does represent more than 100,000 workers at AT&T
Inc., which has clashed with Facebook on public policy before. And
although Facebook’s workers don’t belong to unions, the
contracted shuttle drivers and cafeteria
workers are unionized…”
Perspective.
The Best
Influencers Are Babies
Welcome to the
lucrative world of spawn con.
… influencer marketing has exploded, And more
recently, one area has proven to be particularly lucrative: sponsored
content that involves kids, or spawn con, if you will.
What a surprise!
How Brett
Kavanaugh Would Change The Supreme Court
Create your own Karaoke?
No comments:
Post a Comment