Never
leave your computer unattended.
Simple
Attack Allows Full Remote Access to Most Corporate Laptops
Researchers
have discovered a flaw in Intel's Advanced Management Technology
(AMT) implementation that can be abused with less
than a minute of physical access to the device.
An
Evil Maid attack could ultimately give an adversary full remote
access to a corporate network without having to write a single line
of code.
The
flaw was discovered by F-Secure senior security consultant Harry
Sintonen, and disclosed
today.
… "In
practice, it can give an attacker complete control over an
individual's work laptop, despite even the most extensive security
measures."
The
problem is that setting a BIOS password (standard procedure) does not
usually prevent access to the AMT BIOS extension – the Intel
Management Engine BIOS Extension (MEBx). Unless this separate
password is changed, and usually it is not, the
default 'admin' password will give the attacker access to AMT.
Have politicians learned anything about security?
Shane Harris reports:
The Russian hackers who stole emails from the Democratic National Committee as part of a campaign to interfere in the 2016 election have been trying to steal information from the U.S. Senate, according to a report published Friday by a computer security firm.
Beginning last June, the Russian hackers set up websites that were meant to look like an email system available only to people using the Senate’s internal computer network, said the report by Trend Micro Inc. The sites were designed to trick people into divulging their personal credentials, such as usernames and passwords.
The Associated Press was first to write about the report.
Read more on Washington
Post.
I wonder what the FBI uses?
Microsoft
Brings End-to-End Encryption to Skype
Microsoft
this week announced that end-to-end encrypted communications are now
available for preview to Skype insiders.
Called
Private Conversations, the newly introduced feature secures both text
chat messages and audio calls, Microsoft Program Manager Ellen
Kilbourne revealed.
Furthermore,
end-to-end encryption is also applied to any files users send to
their conversational partners, including images, audio files, and
videos. Not only will the contents of these conversations be hidden
in the chat list, but they won’t appear in notifications either, to
keep user’s information private.
Private
Conversations, Kilbourne explains in a post,
is using the industry standard Signal Protocol by Open Whisper
Systems. The protocol is already providing end-to-end encryption to
users of popular messaging applications such as Signal,
WhatsApp,
and Facebook
Messenger.
Getting you ducks in order.
The road to
AI leads through information architecture
… The evolution of the auto industry is
similar in form to the currently nascent world of artificial
intelligence . And like the auto industry, in order for AI to
flourish, organizations must adopt and embrace a prerequisite set of
conditions, or building blocks. For example, AI requires machine
learning, machine learning requires analytics, and analytics requires
the right data and information architecture (IA). In other words,
there is no AI without IA. These capabilities form the solid rungs
of what we call the “AI Ladder” — the increasing levels of
analytic sophistication that lead to, and buttress, a thriving AI
environment.
I want to talk this through with my Data
Management class. Think of what is required to implement it?
U.S.
Supreme Court to Review Bid to Collect Internet Sales Tax
The U.S. Supreme Court will consider freeing state
and local governments to collect billions of dollars in sales taxes
from online retailers, agreeing to revisit a 26-year-old ruling that
has made much of the internet a tax-free zone.
Heeding calls from traditional retailers and
dozens of states, the justices said they’ll hear South Dakota’s
contention that the 1992 ruling is obsolete in the e-commerce era and
should be overturned.
Because I’m hoping they let me teach Math again…
10 Good
Resources for Math Teachers and Students
I’m sure the President would (like to) agree
with Dilbert.