Saturday, August 11, 2018

Another case of “Sorry. Security wasn’t on our checklist.”
Researcher Finds Hundreds of Planes Exposed to Remote Attacks
A researcher has discovered that hundreds of airplanes from several airlines could have been hacked remotely from the ground through vulnerabilities in satellite communications systems.
Back in 2014, IOActive Principal Security Consultant Ruben Santamarta published a research paper describing theoretical attack scenarios on satellite communications. The expert resumed his research in November 2017, after taking a look at the in-flight entertainment system during a Norwegian flight.
After passively collecting traffic from the airplane’s Wi-Fi network, Santamarta noticed that several commonly used services, such as Telnet, HTTP and FTP, were available for certain IP addresses, and some interfaces associated with the plane’s on-board satellite communications (satcom) modems were accessible without authentication.
According to the researcher, the flaws he has identified can be exploited to hack millions of devices found in aircraft, government agencies, and smart cities.




We just assumed the vendor check it.”
… TSMC’s personnel set up a new manufacturing tool on Friday, August 3, and then installed software for the device. The machine was not isolated and confirmed to be malware-free before connecting it to TSMC’s internal network. Consequently, the introduction of a malware-infected machine to TSMC's internal production network allowed the malware to quickly spread and infect computers, production equipment, and automated materials handling systems across TSMC’s fabs.
According to the chipmaker, the malware was a variant of the WannaCry ransomware cryptoworm.




Interesting. If this was used by a political party to influence an election, would it be illegal? Should elected officials ignore emails or Tweets like these?
Forget Astroturfing: Startups Can Just "Brobilize" Customers For Lobbying Efforts
Despite $415 million in funding and a giant fleet of electric scooters scattered all across the streets of San Francisco, the startup Bird only lasted a few months before city supervisors voted to boot them from the City by the Bay. But then, nine weeks after the sidewalks were cleared, San Francisco customers got an email asking them to help “Bring Bird Back to San Francisco!” by contacting their local elected official. The email contains a link to a website where customers can send a prewritten message, in the form of a tweet or an email, to city officials by just entering their name and contact information and clicking send.
“Please bring Bird back to San Francisco,” the email message says. “While I understand the need for reasonable regulations, it has been nearly two months since I’ve had access to this affordable, sustainable transportation option.” While it’s hard to know (for anyone other than Bird) how many people emailed, there were plenty who weren’t shy about sending a tweet.
Unlike the neighborhood bakery that wants customers to add their names and addresses to a petition for expanded outdoor seating, tech companies typically already know who and where their users are. It means startups can mobilize — or brobilize — thousands of people via a simple email or push notification to blast targeted messages to their elected officials, often with just a few clicks. It’s like astroturfing for the always-on, location-aware era.
… These click-to-lobby efforts have been ramping up for a few years now as elected officials get more serious about regulating tech (or more cognizant of the political value of appearing to do so) and startups increasingly ask their user bases to defend them in response.




Legal technology, when nothing else works!
DNC serves WikiLeaks with lawsuit via Twitter
As CBS News first reported last month, the DNC filed a motion with a federal court in Manhattan requesting permission to serve its complaint to WikiLeaks on Twitter, a platform the DNC argued the website uses regularly. The DNC filed a lawsuit in April against the Trump campaign, Russian government and WikiLeaks, alleging a massive conspiracy to tilt the 2016 election in Donald Trump's favor.
All of the DNC's attempts to serve the lawsuit via email failed, the DNC said in last month's motion to the judge, which was ultimately approved.
The lawsuit was served through a tweet from a Twitter account established Friday by Cohen Milstein, the law firm representing the DNC in the suit, with the intent of serving the lawsuit.







It’s fun to speculate. I would say option three is most useful.
What the Facebook Crypto team could build
Facebook is invading the blockchain, but how? Back in May, Facebook formed a cryptocurrency team to explore the possibilities, and today it removed a roadblock to revealing its secret plans.
Former head of Messenger David Marcus, who leads the Facebook Crypto team, today announced he was stepping down from the board of Coinbase, the biggest crypto startup.
… So what could Facebook be building? I see three main consumer-facing opportunities.
3% off with FaceCoin
Facebook could build a cryptocurrency wallet with its own token that people could use to pay for things with partnered businesses or that they discover through Facebook ads. Because blockchain can make transactions free or very cheap, Facebook and its partners could sidestep the typical credit card processing fees. That would potentially allow Facebook to offer users “3% off purchases made with FaceCoin” or a similar promotion.
P2P and micropayments
Facebook already lets you send friends money through Messenger for free, but only with a connected debit card or PayPal account. Facebook could offer cryptocurrency-based payments between friends to let a wider range of users settle debts for shared dinners or taxis through Messenger.
Facebook Connect for crypto
A top problem in the world of decentralized blockchain apps is how you bring your identity with you. Securely connecting your wallet, blockchain-based virtual goods and biographical info to new dApps can be a laborious process.
… Facebook could use its expertise in operating a popular identity platform to ease login to dApps. While the company has faced plenty of privacy issues and attacks on election integrity, Facebook has a strong record of not being traditionally hacked. It hasn’t suffered a massive user data breach like LinkedIn, Twitter and other social networks. Using an overtly centralized identity system to connect with decentralized apps might be counterintuitive, but Facebook could deliver the UX convenience necessary to unlock a new wave of blockchain utility.




Another stock I never heard of…
Google's data privacy concerns are a surprising boon for ad-tech firm Trade Desk
In April, pressured by new privacy rules in Europe, Google told advertisers they would no longer have access to some critical measurement data when building online campaigns.
Digital ad company Trade Desk is reaping the rewards.
Trade Desk shares soared 32 percent on Friday, a day after the company reported earnings that blew by analysts' estimates and raised its forecast. On the conference call with analysts, CEO Jeff Green said one of the primary drivers in the quarter was Google's move on privacy, which pushed advertisers to Trade Desk.
Here's what happened. In conjunction with the General Data Protection Regulation (GDPR) that the European Union implemented in May, Google told clients that they could no longer have access to the DoubleClick ID to analyze ad measurement data across the web.
The data is highly valuable because it allows marketers to see how ads are performing on Google sites, including YouTube, compared with the rest of the web.
… "In my view, Google's decision to remove this ID offering is driven by their increasing need to reduce risk against malicious data enablement, like what we saw Cambridge Analytica do with social data," Green said. "The risk is similar for both Google and Facebook. The risk exists because Google, at the fundamental level of their business, transacts in directly identifiable consumer data. Google knows so much about billions of consumers because of their core product, their search engine."
Green said that marketers are shifting to Trade Desk, because it gives them a neutral tool to see how campaigns are performing. Advertisers can "compare every destination on their media plan to every other destination objectively," he said.




Interesting. Would this translate to other fields? Probably.
… We’ve explored the nature of the new value-enhancing roles that will emerge and identified three new categories of AI-driven jobs:
Trainers who help AI systems learn how to perform, which includes everything from helping natural language processors and language translators make fewer errors, to teaching AI algorithms how to mimic human behaviors.
Explainers who interpret the results of algorithms to improve transparency and accountability for AI decision making and processes.
Sustainers who ensure intelligent systems stay true to their original goals without crossing ethical lines or reinforcing bias.




I always like to read about New Records! (Even if it is in a narrow area.)
Ford: This may be one of the largest frauds in the history of the United States
Ford Motor Credit filed additional documents with the bankruptcy court Friday morning, claiming this may be one of the largest floor-plan financing frauds in the history of the United States.
The documents said Reagor-Dykes Auto Group hid the "massive breach" from Ford Credit by fraudulently misrepresenting sales-reporting data to Ford Credit. The company believed Reagor-Dykes was timely paying off cars it sold to the public, however, Ford Credit said the company was selling vehicles on average of 55 days before reporting it to Ford Credit.
… The document also said Reagor-Dykes fraudulently secured double-flooring from Ford Credit. Double-flooring means automobile dealers receive funding twice for the same vehicle; it is an illegal practice where a single vehicle is used as collateral for more than one loan.
Ford Credit also claims Reagor-Dykes obtained inventory financing for cars it had already sold, representing to Ford Credit they still had the car as inventory and then obtained additional financing.


No comments: