India wants it to be secure, but wishes never seem
to deter hackers.
UIDAI’s
Aadhaar Software Hacked, ID Database Compromised, Experts Confirm
The authenticity of the data stored in India's
controversial Aadhaar
identity database, which contains the biometrics and personal
information of over 1 billion Indians, has been compromised by a
software patch that disables critical security features of the
software used to enrol new Aadhaar users, a three month-long
investigation by HuffPost India reveals.
The patch—freely available for as little as Rs
2,500 (around $35)— allows unauthorised persons, based anywhere in
the world, to generate Aadhaar numbers at will, and is still in
widespread use.
To stimulate the Computer Security discussion.
Doug Levin has a great piece on a real case of
curious students exploring their K-12 district’s network. Of
course, they “shouldn’t” have done that, right? Every adult in
the room knows that, and the kids knew it, too. But the temptation
was just soooooo great.
So do read The
Case of ‘Joseph Jones’ and the Rochester Community (Michigan)
Schools. Doug and I have long been on the same page that
districts’ responses to bright, curious students, can make or break
a child’s future. And hacking out of curiosity vs. hacking to
change grades or cause malicious damage are very different things.
Then, too, what responsibility do we assign to adults who are not
being diligent nor transparent with the community? As Doug writes:
To wit: when 12 year-olds can breach the IT systems of organizations with $100 million+ budgets, how should we assign blame? Penalties and disciplinary actions for students who violate acceptable use policies are established, but what of the consequences to school districts. At what point could district leadership be considered negligent? What obligation do schools have to be forthright with their communities about their digital security shortcomings? How might schools react differently to these incidents, in ways that are more proactive and even humane? These are hard questions, no doubt, but given the frequency of ‘students hacking their schools’ incidents, I believe it is time we more forthrightly address this complicated issue.
Read Doug’s thoughtful post and see what you
think.
Take your neighbor’s Tesla for a spin!
Hackers Can
Clone Tesla Key Fobs in Seconds
Researchers
claim to have discovered a new attack method that can be used to
quickly clone the wireless key fob of Tesla Model S and possibly
other vehicles.
… A
team from the COSIC research group at the KU Leuven university in
Belgium has discovered a new attack method that can be used to clone
key fobs in just seconds. Cloning a fob then allows the attacker to
open and start a car whenever they wish.
“During
normal operation the car periodically advertises its identifier. The
key will receive the car’s identifier, if it is the expected car
identifier the key fob will reply, signaling it is ready to receive a
challenge,” the researchers explained in a
blog post. “In the next step the car will transmit a random
challenge to the key fob. The key fob computes a response and
transmits it. After receiving the key fob’s response, the car must
verify it before unlocking the doors. The same challenge response
protocol is repeated to start the car.”
The
team noted that there are several security issues during this
process. For instance, there is no mutual authentication, allowing
anyone to get a response from the key fob if they know the vehicle’s
identifier, which is broadcasted by the vehicle and is easy to
record.
There
are also some crypto-related issues. Responses are computed using
DST40, an outdated proprietary cipher that uses a 40-bit secret
cryptographic key. Researchers
showed
more than a decade ago that the cryptographic key can be recovered
using at least two challenge response pairs.
A
simple question: Why? If you don’t vote are you an alien?
From EPIC.org:
ICE has reversed position and is no longer seeking the immediate release of over 18 million voting records from North Carolina. Citing administrative difficulties and the unprecedented scope of the subpoena, ICE agreed to limit its demand to preserve voter privacy and will allow state officials to respond after the midterm elections in January 2019. The demand still poses substantial privacy risks and departs from testimony by Homeland Security Secretary Kristjen Nielsen, who told Congress that DHS would not make such requests. EPIC previously highlighted these problems and explained that the data demand violates DHS policy. EPIC has long fought to ensure voter privacy and recently forced the defunct Presidential Election Commission to delete millions of state voter records unlawfully obtained.
I’m not sure this is a right.
The
'Right to Be Forgotten,' Globally? How Google Is Fighting to Limit
the Scope of Europe's Privacy Law
On Tuesday, Google
will try to convince Europe’s top court that the EU should not be
pushing its own privacy laws on the rest of the world. The case
marks the culmination of a long-running battle within Europe—but
depending how the court rules, the implications could be global.
So, is there a market for reliable, trustworthy
news? (Apparently not)
News Use
Across Social Media Platforms 2018
Most
Americans continue to get news on social media, even
though many have concerns about its accuracy: “About
two-thirds of American adults (68%) say they at least occasionally
get news on social media, about the same share as at this time in
2017, according to a new Pew Research Center survey. Many of these
consumers, however, are skeptical of the information they see there:
A majority (57%) say they expect the news they see on social media to
be largely inaccurate. Still, most social media news consumers say
getting news this way has made little difference in their
understanding of current events, and more say it has helped than
confused them (36% compared with 15%). Republicans are more negative
about the news they see on social media than Democrats. Among
Republican social media news consumers, 72% say they expect the news
they see there to be inaccurate, compared with 46% of Democrats and
52% of independents. And while 42% of those Democrats who get news
on social media say it has helped their understanding of current
events, fewer Republicans (24%) say the same. Even among those
Americans who say they prefer to get news on social media
over other platforms (such as print, TV or radio), a substantial
portion (42%) express this skepticism….”
(Related) Do computers know the difference
between real and fake news?
Hoodline
raises $10M for its hyper-local, automated data newswire
While many lament
the death
of local news, a small army of tech startups has been developing a
new set of tools to figure out how to save it. In one of the latest
developments, Hoodline — which
has built a platform to ingest and analyse hundreds of terabytes of
data to find and then write local news stories — has raised $10
million in a Series A round to help take its effort nationwide.
… Hoodline is not the only one exploring how
to tap into big data to build stories; there are many.
Among them, in the UK, the Press Association is
working
with a startup called Urbs to develop AI systems that can help
surface interesting stories for (human) journalists to write. In the
US, Automated
Insights has been developing “robot”
reporters to cover local sports and quarterly earnings beats.
Other efforts like LiveStories
is also tackling a trove of publicly available information — in its
case civic data — to visualise and shape narratives from it,
products that potentially also make their way into the news.
Deep web, Dark web, Internet. The differences are
small, but significant.
The 'deep
web' may be 500 times bigger than the normal web. Its uses go well
beyond buying drugs
… The dark web is a small subset of the deep
web, which is part of the internet that is not found using search
engines. That includes many websites that require users to log in
with an username and password, and the deep web is estimated to be
about 400 to 500 times larger than the common internet. The dark web
is relatively smaller — it is made up of a series of encrypted
networks that is able to hide users' identities and locations and can
only be accessed with special software.
The most popular of those networks is called TOR,
or The Onion Router, which was developed initially for government use
before it was made
available to the general public.
Always respond, even if the dedicated followers
won’t read it.
After Trump
Tweets that the Ford Focus Can 'BE BUILT IN THE U.S.A.,' Ford
Explains Why That Would Make No Sense
… Ford’s North America product
communications manager, Mike Levine, spelled it out for the president
in a tweet noting “it would not be profitable to build the Focus
Active in the U.S. given an expected annual sales volume of fewer
than 50,000 units and its competitive segment.”
Ford didn’t move production of the Focus to
China by accident; it did so because the U.S. market has shifted away
from smaller vehicles toward SUVs, which has made production of the
Focus in the U.S.—a relatively expensive location—an
illogical choice.
A reminder for my students.
In a Few
Days, Credit Freezes Will Be Fee-Free
… Currently, many states allow the big three
bureaus — Equifax,
Experian
and TransUnion —
to charge a fee for placing or lifting a security freeze. But thanks
to a federal law enacted earlier this year, after
Sept. 21, 2018 it will be free to freeze and unfreeze your credit
file and those of your children or dependents throughout
the United States.
KrebsOnSecurity has for many years urged readers
to freeze their files with the big three bureaus, as well as with a
distant fourth — Innovis
— and the NCTUE,
an Equifax-operated credit checking clearinghouse relied upon by most
of the major mobile phone providers.
Fulfilling my constitutional duty!
Two
Interactive Copies of the Constitution for Constitution Day
Next Monday is Constitution Day in the United
States. By law all schools that receive federal funds have to offer
some instruction on on the Constitution. If you're looking for some
activities to do with your students on Constitution Day, consider
having your students explore one of the following interactive
displays of the Constitution.
The Constitution Center's website features the
U.S.
Constitution divided into easily searchable sections. From the
main
page you can select and jump to a specific article or amendment.
What I really like about the site is that you can choose an issue
like privacy, civil rights, or health care and see how those issues
are connected to the Constitution. The Constitution Center offers an
extensive list of lesson plans for each of the Constitution's
articles and amendments. Select an article or amendment then scroll
to the bottom of the page to find the lesson plans. Alternatively,
you can find all of the lesson plans listed
here.
C-SPAN Classroom has a section called Constitution
Clips. On Constitution Clips you will find the entire text of
the U.S. Constitution. Within the text there are links to videos
that are related to each article and amendment. The videos are a mix
of scholars talking, news clips, and documentary clips. When you
click on one of the links you will be directed to a page that
contains the corresponding video. Below each video there are links
to additional resources including lesson plans.
No comments:
Post a Comment