Thursday, July 02, 2020


War is an economic event. Can there be “war” against a single company? An article for my Computer Security students.
Did a Chinese Hack Kill Canada’s Greatest Tech Company?
Nortel was once a world leader in wireless technology. Then came a hack and the rise of Huawei.




A guide for my ethical hackers. You don’t do this, do you?
One out of every 142 passwords is '123456'
Last month, Hakçıl, a Turkish student studying at a university in Cyprus, downloaded and analyzed more than one billion leaked credentials.
The main discovery was that the 1,000,000,000+ credentials dataset included only 168,919,919 unique passwords, of which more than 7 million were the "123456" string.
This means that one out of every 142 passwords included in the sample Hakçıl analyzed was the weakest password known today – with the "123456" string being the most commonly reused password online for the past five years in a row, and counting.
The study's full results are available on GitHub, with a short summary below:




Not enough technical detail to understand how they did it. If the encryption was done on the phones, hacking Encrochat would not give them access. Something is missing from this story.
How Police Secretly Took Over a Global Phone Network for Organized Crime
Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots.
Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would.
French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.
In the press release, French authorities wrote "Despite the findings of the criminal use of Encrochat terminals [phones]," that they hope "users claiming to be of good faith and wishing to have their personal data deleted from the legal proceedings can send their request to the investigation department." They also invited administrators or managers of Encrochat itself to contact them if they wanted to discuss the legality of law enforcement deploying the technical tool to read messages.




A major escalation of ransomware?
Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities
A hacker has uploaded ransom notes on 22,900 MongoDB databases left exposed online without a password, a number that accounts for roughly 47% of all MongoDB databases accessible online, ZDNet has learned today.
The hacker is using an automated script to scan for misconfigured MongoDB databases, wiping their content, and leaving a ransom note behind asking for a 0.015 bitcoin (~$140) payment.
The attacker is giving companies two days to pay, and threatens to leak their data and then contact the victim's local General Data Protection Regulation (GDPR) enforcement authority to report their data leak.




Inevitable, since NY is now taking the pandemic seriously.
Party Guests Won’t Talk After 9 Test Positive. Now They Face Subpoenas.
The New York Times – Rushing to contain a coronavirus cluster tied to a big party in a New York City suburb, officials turned to an unusual legal strategy. “On June 17, a crowd of up to 100 people, most of them in their early 20s, attended a party at a home in Rockland County, N.Y., just north of New York City. The event violated a state order in effect at the time that capped gatherings at 10 people in an effort to slow the coronavirus’s spread. For local officials, that was just the start of the problem. The party’s host, who was showing signs of being sick at the time, later tested positive for the virus. So did eight guests. County officials, eager to keep the cluster from growing, dispatched disease tracers to try to learn who else might have been exposed to the virus at the party. The tracers hit a wall. “My staff has been told that a person does not wish to, or have to, speak to my disease investigators,” Dr. Patricia Schnabel Ruppert, the county’s health commissioner, said on Wednesday. Of those being contacted about the party, she added: “They hang up. They deny being at the party even though we have their names from another party attendee.” Frustrated by the response, county officials on Wednesday took the unusual step of issuing subpoenas to eight people who they believe were at the June 17 party. Those who do not comply and share what they know by Thursday will face fines of $2,000 a day, officials said…”




"The first thing we do, let's re-boot all the lawyers"
Robot lawyers are thriving during the pandemic
Fortune: “…I spoke with Jason Brennan, the chief executive officer of U.K.-based legal A.I. company Luminance. He told me the company, which now has more than 250 customers across the globe, including a fifth of the world’s largest 100 law firms, has had a 30% increase in customers since the start of 2020… This is important because it turns out that a lot of the “grunt work” of Big Law involves doing exactly what Luminance does: combing through vast troves of documents, trying to find those clauses that might be problematic. Maybe they need to be updated due to a regulatory change. Or maybe they are part of the contracts held by a company that is being acquired and would open up a big liability issue for the buyer. Either way, law firms once deployed small armies of paralegals and junior associates to find them. It used to be that law firms could simply charge for all this labor and pass the cost on to the client. But that hasn’t been true for at least a decade. These days, clients are more likely to demand law firms accept a flat fee for this sort of work, or pay based on some pre-agreed outcome, not on man hours. So firms have had to become much more efficient. Corporate in-house legal departments are also having to do more with less…”


(Related) Dying? There’s an App for that! (Probably something to think about during the pandemic)
Goodbye World – An Innovative Approach to Estate Planning
Goodbye World is an online estate planning tool and mobile application that helps people who want to create an estate plan by educating them and simplifying the process. The app gamifies data entry and rewards clients who complete various sections by unlocking fun bonus features. Using a series of visual tools, the app presents the entered data in different ways to ensure accuracy and completeness. The data provided by clients is used to auto fill estate planning documents that our attorneys then review.
Goodbye World is a technology tool developed for Reid Law LLC.




Another guide for my students. Emphasis on understanding the business!
How to build a machine learning model in 7 steps
All types of organizations are implementing AI projects for numerous applications in a wide range of industries. These applications include predictive analytics, pattern recognition systems, autonomous systems, conversational systems, hyper-personalization activities and goal-driven systems. Each of these projects has something in common: They're all predicated on an understanding of the business problem and that data and machine learning algorithms must be applied to the problem, resulting in a machine learning model that addresses the project's needs.


(Related) Note the need for an ethics specialist.
9 emerging job roles for the future of AI
We reached out to IT leaders, AI experts, and industry analysts to get a sense of the kinds of AI roles they see emerging as AI takes firmer hold of the enterprise. Some leading-edge companies are already filling these positions, lending insight into the mix of skills necessary to succeed in them.




Research tools
Reverse Image Search: Your Complete Guide



No comments: