This Week in Tech
Remember the whole FBI suing Apple to create a backdoor for iOS to get access to a terrorists phone? Apple's whole argument against doing that is that backdoors are dangerous and even 'just this once, only for the good guys' is too dangerous. Because when there's a backdoor there's no controlling that information - somehow it's going to get out... WELL:
Microsoft accidentally leaks it's own Backdoor Key to Windows...
Secure Boot is firmware code that only allows an OS digitally signed by Microsoft to load when the computer starts. It features mainly on Tablets and Phones where MS definitely does not want the user to be able to turn it off and load other OS's such as Linux. The thing is MS engineers may need to turn Secure Boot off to be able to test new, unsigned development builds of the OS and for debugging purposes. So they built a backdoor 'Golden Key' into Secure Boot to allow them to do just that. Now researchers say that in March this year they found the key included in the OS installed on some retail devices: someone left the debugging tool with the key in the version of Windows installed on these devices.
Since then the debugging tool / key has been made available online and theoretically can allow anyone to install their own hacked, malware version of Windows onto mobile devices.... MS has released some patches but, because firmware is involved, seems unable to completely fix the problem. Read it at Ars Technica.
To the FBI & Governments everywhere: PLEASE NOTE that a Backdoor is a bad idea!!!!
PAT: Free maps that you can print and use anywhere
A great resource for the geography department - Free maps available at pat (portable atlas). FOR TRUE GEEKS ONLY: pat is also a tool that allows you to generate your own maps and provides free data sets that you can use, not only for mapping but in any way you want. IT Teachers - here's some large text files that you can get your learners to process for information :)
Computer glitch cancels over 600 flights and strands thousands
A reminder of just how dependant we are on computers. On Monday Delta Airlines suffered a 'computer glitch'. Delta says it was a problem with power supply. The power company says it was problems with the computer system. No one knows for sure. But the result is that 600 flights were cancelled and thousands of passengers stranded world wide on Monday alone (the problem continued through Thursday, though some flights were operational from Tuesday onwards). Read about it at Motherboard.vice.com and Wired.
Bug Bounties: How valuable is a Zero Day?
Zero day: a bug or vulnerability allowing a hacker to access a system that has just been discovered and for which no patch exists. Many companies offer 'bug bounties' (find out more about bug bounties at Bugcrowd.com) to security researchers and the hacking community. If the hackers or researchers discover a bug or vulnerability and report it to the company then they will get some sort of reward. Some companies give you 'swag' (gifts / products often branded), some just have a 'Hall of Fame' where you can get listed if you find and report a significant bug / vulnerability. Some pay out financial rewards. Many do all three - and what you get depends on the significance of the bug you find.
The problem is that governments and cyber criminals also want zero day hacks. There is a thriving underground market for this kind of hack and figures talked about run into thousands of US Dollars. Apple just announced their own (invite only) bug bounty program at 2016 Black Hat hacker conference. They offered up to $200 000 for the most serious bugs - making their bug bounty one of the richest out there. Just days after the Apple announcement a company called Exodus Intelligence (worth a look at their site) upped that figure to $500 000 if you report the bug to them instead. Read it here on The Next Web.
Be socially responsible on the Social Web - or else!!
My Broadband has an article detailing how simply liking or sharing a Facebook post that contains questionable information or is defamatory or libellous can result in you being sued, arrested or both. Think before you click!
Wirelessly unlock every VW sold since 1995
The headline says it all. Read the article at The Hacker News to find out how hackers were able to intercept and decrypt the remote locking system for VW cars with kit that only costs $40.
Nigerian scammers infect themselves with their own malware
Security researchers monitoring email attachments found something suspicious being mailed out to an internet database. Upon investigation they found the attachments contained screenshots and files of keystrokes from users infected by key logging malware. looking closer, they found that some of this data was actually coming from the scammers that had created the malware! They had accidentally infected themselves with their own product - and this enabled the security researchers to see exactly what they were doing.
Basically the scammers created databases of email addresses for businesses that they 'scraped' from corporate web sites. They then sent out phishing and spear phishing mails to these addresses, needing only one person to fall for their attack for them to get access to the corporate system. They then send e-mails from the infected person's account to others in the company, infecting more people as they do so. Finally they get enough access to intercept and compromise real business transactions so that companies dealing with each other end up paying the scammers instead.
That's it for this week.
012 546 5313 or 086 293 2702
012 565 6469 or 087 230 8479
Copyright Study Opportunities 2016. All rights reserved.