Another case of “Sorry. Security wasn’t on
our checklist.”
Researcher
Finds Hundreds of Planes Exposed to Remote Attacks
A
researcher has discovered that hundreds of airplanes from several
airlines could have been hacked remotely from the ground through
vulnerabilities in satellite communications systems.
Back
in 2014, IOActive Principal Security Consultant Ruben Santamarta
published a research paper describing theoretical attack scenarios on
satellite communications. The expert resumed his research in
November 2017, after taking a look at the in-flight entertainment
system during a Norwegian flight.
After
passively collecting traffic from the airplane’s Wi-Fi network,
Santamarta noticed that several commonly used services, such as
Telnet, HTTP and FTP, were available for certain IP addresses, and
some interfaces associated with the plane’s on-board satellite
communications (satcom) modems were accessible
without authentication.
… According
to the researcher, the flaws he has identified can be exploited to
hack
millions of devices found in aircraft, government agencies, and
smart cities.
“We
just assumed the vendor check it.”
… TSMC’s personnel set up a new
manufacturing tool on Friday, August 3, and then installed software
for the device. The machine was not isolated and confirmed to be
malware-free before connecting it to TSMC’s internal network.
Consequently, the introduction of a malware-infected machine to
TSMC's internal production network allowed the malware to quickly
spread and infect computers, production equipment, and automated
materials handling systems across TSMC’s fabs.
According to the chipmaker, the malware was a
variant of the WannaCry ransomware cryptoworm.
Interesting. If this was used by a political
party to influence an election, would it be illegal? Should elected
officials ignore emails or Tweets like these?
Forget
Astroturfing: Startups Can Just "Brobilize"
Customers For Lobbying Efforts
Despite $415 million in funding and a giant fleet
of electric scooters scattered all across the streets of San
Francisco, the startup Bird only lasted a few months before city
supervisors voted to boot them from the City by the Bay. But then,
nine weeks after the sidewalks
were cleared, San Francisco customers got an email asking them to
help “Bring Bird Back to San Francisco!” by contacting their
local elected official. The email contains a link to a website
where customers can send a prewritten message, in the form of a tweet
or an email, to city officials by just entering their name and
contact information and clicking send.
“Please bring Bird back to San Francisco,” the
email message says. “While I understand the need for reasonable
regulations, it has been nearly two months since I’ve had access to
this affordable, sustainable transportation option.” While it’s
hard to know (for anyone other than Bird) how many people emailed,
there were plenty who
weren’t shy about sending a tweet.
Unlike the neighborhood bakery that wants
customers to add their names and addresses to a petition for expanded
outdoor seating, tech companies typically already know who and where
their users are. It means startups can mobilize — or brobilize —
thousands of people via a simple email or push notification to blast
targeted messages to their elected officials, often with just a few
clicks. It’s like astroturfing for the always-on, location-aware
era.
… These click-to-lobby efforts have been
ramping up for a few
years now as elected officials get more serious about regulating
tech (or more cognizant of the political value of appearing to do so)
and startups increasingly ask their user bases to defend them in
response.
Legal
technology, when nothing else works!
DNC serves
WikiLeaks with lawsuit via Twitter
As CBS News first reported last month, the DNC
filed a motion with a federal court in Manhattan requesting
permission to serve its complaint to WikiLeaks on Twitter, a platform
the DNC argued the website uses regularly. The DNC
filed a lawsuit in April against the Trump campaign, Russian
government and WikiLeaks, alleging a massive conspiracy to tilt the
2016 election in Donald Trump's favor.
All of the DNC's attempts to serve the lawsuit via
email failed, the DNC said in last month's motion to the judge, which
was ultimately approved.
The lawsuit was served through a tweet from a
Twitter account established Friday by Cohen Milstein, the law firm
representing the DNC in the suit, with the intent of serving the
lawsuit.
It’s fun to speculate. I would say option three
is most useful.
What the
Facebook Crypto team could build
Facebook is invading the blockchain, but how?
Back in May, Facebook
formed
a cryptocurrency team to explore the possibilities, and today it
removed a roadblock to revealing its secret plans.
Former head of Messenger David
Marcus, who leads the Facebook Crypto team, today announced he
was stepping down from the board of Coinbase, the biggest crypto
startup.
… So what could Facebook be building? I see
three main consumer-facing opportunities.
3% off with FaceCoin
Facebook could build a cryptocurrency wallet with
its own token that people could use to pay for things with partnered
businesses or that they discover through Facebook ads. Because
blockchain can make transactions free or very cheap, Facebook and its
partners could sidestep the typical credit card processing fees.
That would potentially allow Facebook to offer users “3% off
purchases made with FaceCoin” or a similar promotion.
P2P and micropayments
Facebook already lets you send
friends money through Messenger for free, but only with a
connected debit card or PayPal account. Facebook could offer
cryptocurrency-based payments between friends to let a wider range of
users settle debts for shared dinners or taxis through Messenger.
Facebook Connect for crypto
A top problem in the world of decentralized
blockchain apps is how you bring your identity with you. Securely
connecting your wallet, blockchain-based virtual goods and
biographical info to new dApps can be a laborious process.
… Facebook could use its expertise in
operating a popular identity platform to ease login to dApps. While
the company has faced plenty of privacy issues and attacks on
election integrity, Facebook has a strong record of not being
traditionally hacked. It hasn’t suffered a massive user data
breach like LinkedIn, Twitter and other social networks. Using an
overtly centralized identity system to connect with decentralized
apps might be counterintuitive, but Facebook could deliver the UX
convenience necessary to unlock a new wave of blockchain utility.
Another stock I never heard of…
Google's
data privacy concerns are a surprising boon for ad-tech firm Trade
Desk
In April, pressured by new privacy rules in
Europe, Google
told advertisers they would no longer have access to some critical
measurement data when building online campaigns.
Digital ad company Trade
Desk is reaping the rewards.
Trade Desk shares soared 32 percent on Friday, a
day after the company reported earnings that blew by analysts'
estimates and raised its forecast. On the conference call with
analysts, CEO Jeff Green said one of the primary drivers in the
quarter was Google's move on privacy, which pushed advertisers to
Trade Desk.
Here's what happened. In conjunction with the
General
Data Protection Regulation (GDPR) that the European Union
implemented in May, Google told clients that they could no longer
have access to the DoubleClick ID to analyze ad measurement data
across the web.
The data is highly valuable because it allows
marketers to see how ads are performing on Google sites, including
YouTube, compared with the rest of the web.
… "In my view, Google's decision to
remove this ID offering is driven by their increasing need to reduce
risk against malicious data enablement, like what we saw Cambridge
Analytica do with social data," Green said. "The risk
is similar for both Google and Facebook. The
risk exists because Google, at the fundamental level of their
business, transacts in directly identifiable consumer data.
Google knows so much about billions of consumers because of their
core product, their search engine."
Green said that marketers are shifting to Trade
Desk, because it gives them a neutral tool to see how campaigns are
performing. Advertisers can "compare every destination on their
media plan to every other destination objectively," he said.
Interesting. Would this translate to other
fields? Probably.
… We’ve explored the nature of the new
value-enhancing roles that will emerge and identified three new
categories of AI-driven jobs:
Trainers who help AI systems learn how to
perform, which includes everything from helping natural language
processors and language translators make fewer errors, to teaching AI
algorithms how to mimic human behaviors.
Explainers who interpret the results of
algorithms to improve transparency and accountability for AI decision
making and processes.
Sustainers who ensure intelligent systems
stay true to their original goals without crossing ethical lines or
reinforcing bias.
I always like to read about New Records! (Even if
it is in a narrow area.)
Ford: This
may be one of the largest frauds in the history of the United States
Ford Motor Credit filed additional documents with
the bankruptcy court Friday morning, claiming this may be one
of the largest floor-plan financing frauds in the history
of the United States.
The documents said Reagor-Dykes Auto Group hid the
"massive breach" from Ford Credit by fraudulently
misrepresenting sales-reporting data to Ford Credit. The company
believed Reagor-Dykes was timely paying off cars it sold to the
public, however, Ford Credit said the company was selling vehicles on
average of 55 days before reporting it to Ford Credit.
… The document also said Reagor-Dykes
fraudulently secured double-flooring from Ford Credit.
Double-flooring means automobile dealers receive funding twice for
the same vehicle; it is an illegal practice where a single vehicle is
used as collateral for more than one loan.
Ford Credit also claims Reagor-Dykes obtained
inventory financing for cars it had already sold, representing to
Ford Credit they still had the car as inventory and then obtained
additional financing.