Saturday, August 04, 2018

For my Computer Security students: The opposite of a default password? Something you must turn on?
Google Offers G Suite Alerts for State-Sponsored Attacks
Google this week announced that it can now alert G Suite admins when it believes users have been targeted by government-backed attackers.
The search company has been notifying users on what it believes might be state-sponsored attacks for over six years, and reaffirmed its commitment to continue alerting users on such incidents last year.
The Internet giant is now providing G Suite admins with the option to receive alerts whenever attacks appearing to be coming from a state-sponsored actor are targeting their users. The feature will show up in the G Suite Admin console as soon as it becomes available.
If an admin chooses to turn the feature on, an email alert (to admins) is triggered when we believe a government-backed attacker has likely attempted to access a user’s account or computer through phishing, malware, or another method,” Google explains.
As usual, such alerts don’t necessarily imply that the account has been compromised or that the organization has been hit with a larger attack.
The new feature is turned off by default, but admins can easily enable or disable it in Admin Console > Reports > Manage Alerts > Government backed attack.




Will Cyber command adopt any of this?
How Governments Can Better Defend Themselves Against Cyberattacks
In the early 2000s, hackers successfully infiltrated a series of secure military computer networks across the United States. From that breach, later deemed “Titan Rain,” the hackers would successfully pilfer a wealth of sensitive data including Army helicopter specs, the Air Force’s flight-planning software, and schematics for a NASA Mars orbiter.
American leaders have typically vowed swift and fierce retaliation for any attack on the United States by a foreign actor. So why was there no retaliation for this provocation?
The answer comes down to attribution. “If North Korea attacks us with nuclear weapons, we observe that it is North Korea, so we retaliate against North Korea,” explains Sandeep Baliga, a professor of managerial economics and decision sciences at Kellogg.
But in cyber warfare, attributing an attack is not so easy. While experts suspected that the Chinese government was behind Titan Rain, it was possible that it had been the work of rogue Chinese civilians, or even another nation that manipulated its digital footprints to make China appear responsible.
This uncertainty presents a dilemma. For decades, the U.S. military has relied on the threat of retaliation to deter would-be aggressors. Most famously, the doctrine of “mutually assured destruction” warded off Soviet nukes during the Cold War. But if the U.S. can no longer pinpoint and retaliate against its aggressors, then that doctrine is hard to apply, Baliga says.
In a new paper with University of Chicago’s Ethan Bueno de Mesquita and MIT’s Alexander Wolitzky, Baliga formulates a deterrence theory for the Internet age
[Deterrence with Imperfect Attribution http://home.uchicago.edu/bdm/PDF/deterrence.pdf




“Grandma, you need to charge your phone!” What other uses are there?
… Now, sharing your location also shares your battery level.
We first became aware of the battery sharing feature early this year when some hints popped up in an APK Teardown. At the time, it looked like Google was going to give approximate battery levels in plain language—e.g. "Bob's battery is between 50 and 75 percent." However, the feature appears to be live for more people after appearing intermittently for a few weeks, and it's more precise. When checking a contact's location, there's now a battery icon right next to the distance. There's a battery percentage, and the icon indicates charging status.
… I've tested this feature out and can confirm the battery level is accurate—it's exactly the battery percentage on your friend's phone when their location was last updated. This just happens automatically, and there doesn't appear to be any way to turn it off when sharing your location.


No comments: