Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘cybersecurity

Apple AR Acquisition

leave a comment »

Happy Thursday.

Reuters is reporting that Apple has acquired a startup focused on making lenses for augmented reality glasses, a sign that Apple has ambitions to make a wearable device that would superimpose digital information on the real world.

The company, Akonia, could not be immediately reached for comment, according to Reuters. it reports the company was founded in 2012 by a group of holography scientists and had originally focused on holographic data storage before pivoting to creating displays for AR glasses.

Neither the purchase price nor the date of the acquisition was revealed, although one executive in the AR industry said the Akonia team had become “very quiet” over the past six months.

Reuter’s suggests that this acquisition is the first clear indication about Apple might handle one of the most daunting challenges in AR hardware: producing crystal clear optical displays thin and light enough to fit in the glasses similar to everyday frames with images bright enough for outdoor use and suited to mass manufacturing at a relatively low price.

Meanwhile, from The Verge we learn that Google’s Titan Security key set — which includes a USB key, a Bluetooth key, and various connectors — is now available to we mere mortals for only $50.

The Titan keys work as a second factor for a number of services, including Google Cloud customers, Facebook, Dropbox, and GitHub. But as The Verge points out, they’re built particularly for Google account logins, and, specifically, the Advanced Protection Program announced last October.

The Verge writes that “Because the keys verify themselves with a complex handshake rather than a static code, they’re far more resistant to phishing attacks than a conventional confirmtion code. The key was initially designed for internal Google use, and has been in active use within the company for more than eight months.”

Google has also indicated the production process makes the keys more resistant to supply chain attacks, because the firmware is sealed permanently Into a secure element hardware chip at production time in the chip production factory. Google says that the chip used is designed to resist physical attacks aimed at extracting firmware and secret key material.

Anything to keep the very bad people away from my data.

Written by turbotodd

August 30, 2018 at 9:49 am

Facebook Deletes 600+ Accounts Linked to Influence Campaigns from Iran and Russia

leave a comment »

Happy Thursday.

Facebook has once again removed multiple pages, groups and accounts for coordinated and authentic behavior on Facebook and Instagram.

The company indicated that “some of this activity originated in Iran, and some originated in Russia.”

The Verge reported that Facebook took down 652 fake accounts and pages that published political content, the existence of which was first uncovered by the cybersecurity firm FireEye.

“These were networks of accounts that were misleading people about who they were and what they were doing,” CEO Mark Zuckerberg said in a call with reporters. “We ban this kind of behavior because authenticity matters. People need to be able to trust the connections they make on Facebook.”

Separately, CNBC is reporting that Apple has removed Facebook’s Onavo security app from the App Store because it does not comply with its privacy rules.

Citing a Wall Street Journal story from Wednesday, Apple officials told Facebook that Onavo violated the company’s rules on data collection by developers, and suggested last Thursday that Facebook voluntarily remove the app. 

Facebook acquired Israel-based Onavo in 2013, snapping up the free security app that lets users access a virtual private network, or VPN, to browse the web and download apps with a greater degree of privacy. Facebook in the past has offered that service to users without clearly disclosing that it owns the app, and has collected data about what other types of apps those customers use.

Written by turbotodd

August 23, 2018 at 9:55 am

Posted in Uncategorized

Tagged with , ,

The Spy Who Tracked Me

with one comment

This is a juicy headline from Bloomberg: U.K. Reveals its First Major Cyber-Attack Was Against IS

GCHQ isn’t typically known for advertising its very-much-behind-the-scenes-on-the-down-low headline making when it comes to espionage, cyber or otherwise.

But according to this Bloomberg report, Britain “carried out its first major cyber-attack in 2017, disrupting Islamic State’s communications and propaganda for much of the year.”

“This is the first time the U.K. has systematically and persistently degraded an adversary’s online efforts as part of a wider military campaign,” [GCHQ Director Jeremy] Fleming told a cybersecurity conference in Manchester, England, “Did it work? I think it did.”

Fleming (great last night for a spy head, right?) also mentioned Russia in his comments:

The use of a nerve agent against former double agent Sergei Skripal, he said, “demonstrates how reckless Russia is prepared to be, how little the Kremlin cares for the international rules-based order.” Russia “widely uses its cyber capabilities,” Fleming said, “blurring the boundaries between criminal and state activity” and deploying “industrial-scale disinformation to sway public opinion.”

Written by turbotodd

April 12, 2018 at 12:59 pm

Too Fit To Hack?

leave a comment »

We’ve become aware of two more major cyber security breach events over the past several days.

First, Under Armour went public with the news that in February around 150 million MyFitnessPal user accounts were hacked, stating that “an unauthorized party acquired data associated with MyFitnessPal user accounts.”

That data included usernames, passwords, and email addresses, but not bank, driving license or social security information.

No word on whether or not how many steps you took on average per day was revealed!

And The New York Times is reporting that a well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor. 

The company indicated that the data appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers.

Hudson’s Bay, the Canadian company that owns both firms, suggested that its e-commerce platforms appeared to have been unaffected by the breach.

The Times’ story suggests that the Lord & Taylor theft is one of the largest known breaches of a retailer, and demonstrates how difficult it is to secure credit-card transaction systems.

Check out this white paper from IBM Security to learn more how your organization can take a proactive approach to threat detection and prevention.

P.S. Another one that missed my radar…Boeing was hacked by the “WannaCry” virus last week. CBSNews reported Boeing announced that it “detected a limited intrusion of malware” that “infiltrated “a small number of systems.”

An initial report from chief engineer Mike VanderWel at Boeing Commercial Airplane production engineering that “the virus would affect equipment used in functionality tests of airplanes and potentially ‘spread to airplane software’” and that it was metastasizing rapidly.”

Fasten your seat belts.

Written by turbotodd

April 2, 2018 at 9:20 am

Posted in 2018, cyber security, e-commerce

Tagged with

Atlanta’s Cyber Attack

leave a comment »

In case you hadn’t heard or read, the city of Atlanta has been hamstrung by a ransomware attack that began last Thursday.

The New York Times’ Alan Blinder and Nicole Perlroth provided an update yesterday.  The key facts thus far:

  • This was one of the most “sustained and consequential cyberattacks ever mounted against a major American city.”
  • It “laid bare once again the vulnerabilities of governments as they rely on computer networks for day-to-day operations.”
  • The attackers, the “SamSam” hacking crew, locked up the city’s files, and gave the city a week to pay ~ $51,000 in ransom via Bitcoin.
  • While the attack didn’t impact Atlanta’s 911 calls or wastewater treatment, “other arms of city government have been scrambled for days.” 
  • But the Atlanta Municipal Court has been unable to validate warrants, police officers have been writing reports by hand, and the city has stopped taking employment applications.
  • Dell SecureWorks and Cisco Security are working to restore the city’s systems, and the city’s mayor, Keisha Lance Bottoms, has not yet indicated whether the city would pay the ransom.

The Times also cited a 2016 survey of CIOs for jurisdictions across the country found that obtaining ransom was the “most common purpose of cyberattacks on a city or county government, accounting for nearly one-third of all attacks.”

In the meantime, many of Atlanta’s core public services are being delivered by that trusty and dependable standby, pen and paper.

If you’re interested in learning more about how to contend with ransomware, IBM Incident Response Services published this “Ransomeware Response Guide (Registration required).” 

Written by turbotodd

March 28, 2018 at 10:02 am

A Kilowatt for A Bitcoin!

leave a comment »

Happy Friday.

If you’re looking for cheap energy to do your Bitcoin mining, don’t head for Plattsburgh, New York. 

Its city council last evening unanimously voted to impose an 18-month moratorium on Bitcoin mining in the city.

Motherboard reports that the moratorium was proposed by Plattsburgh Mayor Colin Read earlier this month after residents began reporting wildly inflated electricity bills in January (some up to $100 or $200 more than average).

And this in a place that advertises itself as having the “cheapest electricity in the world” because of its proximity to a hydroelectric dam on the St. Lawrence river.

Meanwhile, following up on my post yesterday about the cyber escapades in Saudi Arabia, the plot thickens.

According to a report from Reuters, the Trump Administration yesterday blamed the Russian government for a campaign of cyber attacks stretching back at least two years that targeted the U.S. power grid. That’s the first time the U.S. has publicly accused Moscow of hacking into American energy infrastructure.

The attempts started in/around March 2016, with the Russian government hackers seeking to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing.  

You know, pretty much everything to keep a modern industrialized society’s wheels turning!

And if you’re looking for some lighter fare, Facebook Lite will soon be coming to Canada, Australia, the U.K. and U.S. 

Facebook Lite is Facebook’s pared down version of its app that had originally been designed for people in developing countries with limited data plans, but hey, we’re rapidly becoming a third world country here in the U.S., so bring on the Lite Facebook…err, the Facebook Lite. 

How about some new old ad slogans for the newest Lite?

You can call me Ray, and you can call me Jay!

Great taste, less filling!

If you’ve got the time…we’ve got the social network?!  No?

The app will only be available for Android for today’s release, I guess suggesting that we iOS users aren’t in need of such bandwidth relief??!

Written by turbotodd

March 16, 2018 at 9:40 am

Saudi Cyber

leave a comment »

Don’t miss this doozy of a story from The New York Times’ Nicole Perlroth and Clifford Krauss about last year’s cyberattack in Saudi Arabia.

The executive summary: Last August, a petrochemical plant in Saudi Arabia was struck by a cyberassault that intended to sabotage the firm’s operations and trigger an explosion.

The only thing that prevented the explosion was a mistake in the attackers’ computer code. 

For cyber warriors on the front line, it’s a must read.

On the flip side, Google recently released its “Android Security 2017 Year in Review” report earlier today, and it cited that 60.3 percent of Potentially Harmful Apps were detected via machine learning.

As reported by VentureBeat, its detection is done by a service called Google Play Protect, which is enabled on over 2 billion devices (running Android 4.3 and up) to constantly scan Android apps for malicious activity.

In other words, artificial intelligence and machine learning are the future of cyber monitoring, and the future has already arrived.

Speaking of the future and cybersecurity, at next week’s IBM Think 2018 conference in Las Vegas, you’ll be able to tune in to over 100 sessions LIVE via the IBM UStream. 

Be sure to check out the schedule here, and to case the cyber keynote from 12:30-1:10 PST on Tuesday, March 20th, entitled “Ready for Anything: Build a Cyber Resilient Organization.”

Written by turbotodd

March 15, 2018 at 10:16 am

%d bloggers like this: