Wednesday, June 21, 2017

Picking a victim that can’t fight back?  I wouldn’t be so sure.  Definitely a place to watch. 
How An Entire Nation Became Russia's Test Lab for Cyberwar
   The Cyber-Cassandras said this would happen.  For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world.  In 2009, when the NSA’s Stuxnet malware silently accelerated a few hundred Iranian nuclear centrifuges until they destroyed themselves, it seemed to offer a preview of this new era.  “This has a whiff of August 1945,” Michael Hayden, former director of the NSA and the CIA, said in a speech.  “Somebody just used a new weapon, and this weapon will not be put back in the box.”
Now, in Ukraine, the quintessential cyberwar scenario has come to life.  Twice.  On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people.  Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again.  But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality.


Another attack against a state, but probably not state sponsored?  
Spear Phishing Campaign Targets Palestinian Law Enforcement
Palestinian law enforcement agencies and other targets within Palestine were targeted in a spear phishing campaign delivering malware to remotely control infected systems, Talos researchers reveal.
The actor behind this campaign “has appeared to have used genuine documents stolen from Palestinian sources as well as a controversial music video as part of the attack,” Talos says.  The attacker also referenced TV show characters and included German language words within the attack, researchers discovered.
Information on these attacks initially emerged in March from Chinese security firm Qihoo 360, and in early April, when researchers at Palo Alto Networks and ClearSky revealed four malware families being used in targeted campaigns in the Middle East: Windows-based Kasperagent and Micropsia, and Android-focused SecureUpdate and Vamp.
Last week, ThreatConnect shared some additional information on Kasperagent, sayung the threat was mainly used as a reconnaissance tool and downloader, but that newer samples can also steal passwords from browsers, take screenshots, log keystrokes, execute arbitrary commands, and exfiltrate files. 


A security heads-up!
Microsoft admits to disabling third-party antivirus code if Win 10 doesn't like it
Windows 10 does disable some third-party security software, Microsoft has admitted, but because of compatibility – not competitive – issues.
Redmond is currently being sued by security house Kaspersky Lab in the EU, Germany and Russia over alleged anti-competitive behavior because it bundles the Windows Defender security suite into its latest operating system.  Kaspersky (and others) claim Microsoft is up to its Internet Explorer shenanigans again, but that’s not so, said the operating system giant.


Be careful with your facts.
Deep Root Analytics Downplays Giant Voter Data 'Oops'
A data contractor working on behalf of the Republican National Committee earlier this month allowed the personal data of 198 million voters to be exposed online, marking the largest ever leak of voter data in history, according to the cybersecurity firm that discovered the incident.
Deep Root Analytics left 1.1 terabytes of sensitive information -- including names, home addresses, dates of birth, phone numbers and voter registration information -- on a publicly accessible Amazon Web Server, according to UpGuard.
   The previous record for a voter data leak was the exposure of 100 million records in Mexico, UpGuard reported.
Deep Root acknowledged that "a number of files" within its storage system had been accessed but claimed that the exposed database had not been built for any specific client.  Rather, it was the firm's "proprietary analysis" meant for television advertising purposes.
The information accessed consisted of voter data that already was publicly available and readily provided by state government offices, Deep Root maintained.
   Based on information made available about the leak, it appears that Amazon Web Services is not responsible for the incident, said Mark Nunnikhoven, vice president for cloud research at Trend Micro.
"From the little technical detail that is available, it appears as if the company managing the data left it exposed to the public," he told the E-Commerce Times.  "This is not the default setting for the service they used.  Making data publicly available is a feature of this service, but one that requires explicit configuration."


Good news. Bad news. 
Time to Detect Compromise Improves, While Detection to Containment Worsens: Report
Throughout 2016, Trustwave investigated hundreds of data breaches in 21 different countries, and conducted thousands of penetration tests across databases, networks and applications.  An analysis of key findings from this activity is presented in the 2017 Trustwave Global Security Report published Tuesday (PDF).
The result is a mixed bag.  Overall, security defenses have slightly improved, but attacks continue to evolve.  Detection is improving.  Trustwave says the median time to detect a compromise has decreased from 80.5 days in 2015 to 49 days in 2016.  The difference between self-detected and third-party detections is, however, dramatic: just 16 days for self-detected and 65 days for externally detected.


Golly gee willikers!  Could this be happening here too?
Jordan Pearson reports:
For over a year, Canadian military, intelligence, police, and border agencies have been meeting to develop and coordinate their biometric capabilities, which use biological markers like facial recognition and iris scanning to identify individuals.
This initiative—details of which were revealed to Motherboard in documents obtained through an access to information request—shows that the Canadian government is reigniting its focus on biometrics after a similar attempt a decade ago fizzled out.  According to these documents, which include emails, meeting agendas, and briefing reports, the meetings are an effort to coordinate the critical mass of biometrics programs that exist across many government agencies, particularly those relating to national security.
Read more on Motherboard.


For all me smartphone-packing students.


This could get nasty.
Walmart Gears Up Anti-Amazon Stance in Wake of Whole Foods Deal
Days after arch-rival Amazon announced plans to buy Whole Foods for $13.7 billion, Walmart is apparently ramping up its defense.
That acquisition takes square aim at Walmart's bread-and-butter grocery business by giving the online retailer 465 new retail locations—thus a much bigger brick-and-mortar presence.
Now, Walmart is telling some partners and suppliers that their software services should not run on Amazon Web Services cloud infrastructure, according to the Wall Street Journal.
   A Walmart spokesman told the Journal that some suppliers do use AWS services, but that in some cases, the retailer is wary of putting sensitive data on a competitor's servers.


Open is good.
Librarian highlights open access document discovery services
by Sabrina I. Pacifici on Jun 20, 2017
Getting serious about open access discovery — Is open access getting too big to ignore? – “…Still for whatever reason, suddenly services built around helping users find free full text began to emerge all at the same time..”
[From the article:
With all the intense interest Unpaywall is getting (See coverage in academic sites like Nature, Science, Chronicle of Higher education, as well as more mainstream tech sites like Techcruch, Gimzo), you might be surprised to know that Unpaywall isn’t in fact the first tool that promises to help users unlock paywalls by finding free versions.
Predecessors like Open Access button (3K users), Lazy Scholar button (7k Users), Google Scholar button (1.2 million users) all existed before Unpaywall (70k users) and are arguably every bit as capable as Unpaywall and yet remained a niche service for years.


I think some of my students are a bit over-prepared.
Want to Work for Jaguar Land Rover? Start Playing Phone Games
The carmaker announced on Monday that it would be recruiting 5,000 people this year, including 1,000 electronics and software engineers.  The catch?  It wants potential employees to download an app with a series of puzzles that it says will test for the engineering skills it hopes to bring in.
While traditional applicants will still be considered, people who successfully complete the app’s puzzles will “fast-track their way into employment,” said Jaguar Land Rover, which is owned by Tata Motors of India.

(Related).  Have I detected a trend?
Good at Texting? It Might Land You a Job
Your next job interview might happen via text message.  Srsly.
Claiming that prospective hires are too slow to pick up the phone or respond to emails, employers are trying out apps that allow them to screen candidates and conduct early-stage interviews with texts. 


Not sure I want to share this with my students.
Microsoft’s Dictate uses Cortana’s speech recognition to enable dictation in Office
Dictate, a new project from Microsoft’s experimental R&D group, Microsoft Garage, is launching today to offer a way to type using your voice in Office programs including Outlook, Word and PowerPoint.  Available as an add-in for Microsoft’s software, Dictate is powered by the same speech recognition technology that Cortana uses in order to convert your speech to text.
This is also same speech recognition and A.I. used in Microsoft Cognitive Services, including Microsoft Translator, the company says in an announcement about the new add-in.
   An introductory video posted this morning to YouTube offers a preview of how the software works in Word, PowerPoint, and Outlook.
   It also at launch supports more than 20 languages for dictation, and can translate in real-time into 60 languages.  This is perhaps its most clever trick, as that means you can speak in your language, while Dictate types it out in another.

(Related).  However, it is clear this is coming.
When AI Can Transcribe Everything
Two companies—Trint, a start-up in London, and SwiftScribe, a subsidiary of Baidu based out of its U.S. headquarters in Silicon Valley—have begun to offer browser-based tools that can convert recordings of up to an hour into text with a word-error rate of 5 percent or less.


Interesting.
Nextdoor, now in 160,000 neighborhoods globally, expands to Germany
Nextdoor, the social network that connects you with people in your neighborhood, is taking another step up in its global growth, after launching in the Netherlands and the UK last year.  Today, the company is opening for business in Germany, the largest internet market in Europe.
The move comes as Nextdoor says it is now used in 160,000 neighborhoods across the US, UK and Netherlands, with about 145,000 of those in its home market of the US, and the company continues to grow at a steady pace.
We are growing 100 percent year over year have done that since inception,” said co-founder and CEO Nirav Tolia in an interview.  This works out to adding around 100 new neighborhoods every day.


For the toolkit!
this simple one-page site holds 19 PDF tools and converters that can save you a lot of work.  Think of it as a Swiss Army knife for your PDF workflow.
  1. Convert PDF to any document format.
  2. Convert from Word, Excel, PowerPoint, or from popular image formats to PDF.
  3. A collection of free PDF utility tools to edit a PDF document.
The interface is neat and there are no annoying advertisements.  You don’t need to register and sign-in to use the site.


Another toolkit item.

No comments: