This Week in Tech
Two HUGE hacks dominate the news this week.
KRACK - patch your WiFi fast!
KRACK affects WiFi at its lowest level - the WPA2 password security that encrypts and protects communication on the network. The bad news is that this security has been cracked, making all communication on the affected network vulnerable. The good news is that most new OS's have patches out there or patches will be coming in the near future. Fixes for routers may take time, but as long as your OS is fixed you should be safe, so make sure you install those updates as soon as they become available! Ars Technica explains how the KRACK exploit works.
SA Database leak - 60 Million affected - and that includes YOU!
This one is a bit more tricky. A database of more than 60 Million South Africans' information has been leaked online - the source of the leak is yet to be determined (read it at My Broadband). The bad news: The leak contains Names, full ID numbers, email addresses, contact details, age, marital status and income estimates. It is a perfect source for identity thieves. The database contains records of almost anyone involved in economic activity between 1990 and 2015. This includes people who have passed away in that time - hence the fact that the leak is larger than our current population!
The good news: There is none. The information is out there and you can't get it back. Watch out for any signs of Identity Theft... You can check if your data is in the leak - go to Have I Been Pwned, enter your email and hold your breath...
What can you do? Not much. Check your credit status now and regularly to see if someone has stolen your identity and obtained credit in your name. Then try to get the credit cancelled / revoked.
Backup and data recovery
The Hacker News has an interesting article on how a ransomware attack took down an American city for four days. Their point is to show the cost of the breach - I think it is a good illustration of the importance of doing backup right...
Microwaves make 40tb hard drive possible
Western Digital has announced that a new microwave technology will enable 40tb hard drives by 2025. Engadget has the details.
LED foils copyright breaking photography
This is an interesting story of how pulsing LED lights can ruin the photos taken by digital cameras and prevent them being used to take copyright breaking images in museums, etc. Digital Trends has the story.
Ever wondered how your smart device (or home speaker, or smart TV) is able to tell when you want to give it a command by using its own special trigger phrase? Apple has published a full explanation of how its "Hey Siri" feature works. As complex as the process is, the astonishing thing is that it takes place all the time without having a noticeable effect on battery life. NB: The same explanation cannot be applied to other devices (all companies use their own technology).
The Uncanny Valley
What is it? This video explains perfectly!
The same people have a well reasoned explanation of why to be sceptical (as I am) of the VR hype...
That's it for this week....
Social interaction has always (in my mind) been humanities Achilles' Heel. It is in this area where our insecurities and fears are most exposed - and where our need to dominate and profit often rise above our more redeeming characteristics. The rise of mobile, always on, always connected computing has gone hand in hand with the rise of mega-companies that are little more than symbiotic parasites - they ostensibly offer 'free' services that add value to our lives yet - leech like - drain much of the good and decent and substantive from our lives and social interactions. It would seem as if there is no low they will not stoop to in order to maximise their own profits.
In recent weeks we have seen these giant corporations scrambling to explain how and why they sold adverts that influenced the American election; how and why they publish and promote fake news; how and why it is OK for the American President to spout divisive, bullying hate speech on their platform... I find myself viscerally sickened and repulsed by it all.
And yet their quest to inveigle themselves into our lives is ever more persistent, determined --- and creepy. Two stories on Gizmodo this week particularly creeped me out:
Both stories deal with PYMK (People You May Know). Facebook wants you to make 'friends'. Their thinking (and research) is that the more friends you have, the more you will interact with their site (and the more money they will make from you). So they keep on suggesting people for you to connect with and be friends with. How they find these people is a closely guarded algorithmic secret (after all, other companies want you to connect to people using their network so that they can make money from you) and no one outside of Facebook really knows how it works.
PYMK uses '100 signals' to work out who to connect you to. Facebook refuses to say what these signals are. They deny that they use data bought from third parties or location data / location tracking in this mysterious algorithm. Yet they only vaguely describe around five of these 100 signals.
Both the articles describe extremely creepy connections that Facebook has made between users - connections that should not be possible.
Should any company have this kind of invasive power that they can wield at their own discretion without our having any recourse to prevent them?
The Reed Dance and social media
Facebook and Google and most other social media tries to block and censor nudity. But what if being bare breasted is part of your culture?
The Mail and Guardian has an article on how local girls protest their bare-breasted photos from the Reed Dance being deleted from social media....
In case you missed it, Microsoft has discontinued support for Office 2007 (upgrade if you haven't already) and says that Windows 10 Mobile (and physical phones) is no longer a priority. The mobile space really belongs to Apple's iOS and Google's Android.
Kaspersky - Anti-Virus or Hacking tool?
If you use Windows then going without anti-virus software is like going into space without a spacesuit. It feels kinda suicidal. Of course, the fact that everyone needs anti-virus to protect themselves from the baddies who want to hack and steal data means that, well, the AV programs themselves are the perfect way to hack...
In the news this week is a complicated story of how Israeli intelligence hacked into Kaspersky AV to find proof that the Russians had hacked the AV software so that it would steal American spies' secrets. Sounds more complicated than a badly written Hollywood tech-spy thriller? Probably - but it is true nonetheless. Read it at Ars Technica (and many other places).
Technology and the future
MIT Technology Review has an interesting article on predicting the future of AI (and technology). It does a good job of explaining the limits of AI in its current forms (including the 'machine learning' that is a buzz concept today). Excellent, thoughtful and worth a read.
|We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.|
|Roy Amara - Amara's Law|
A robotic massage
Digital Trends has an article on a massaging robot that has just started work in Singapore.
That's it for this week. Enjoy.
Remember the whole FBI suing Apple to create a backdoor for iOS to get access to a terrorists phone? Apple's whole argument against doing that is that backdoors are dangerous and even 'just this once, only for the good guys' is too dangerous. Because when there's a backdoor there's no controlling that information - somehow it's going to get out... WELL:
Microsoft accidentally leaks it's own Backdoor Key to Windows...
Secure Boot is firmware code that only allows an OS digitally signed by Microsoft to load when the computer starts. It features mainly on Tablets and Phones where MS definitely does not want the user to be able to turn it off and load other OS's such as Linux. The thing is MS engineers may need to turn Secure Boot off to be able to test new, unsigned development builds of the OS and for debugging purposes. So they built a backdoor 'Golden Key' into Secure Boot to allow them to do just that. Now researchers say that in March this year they found the key included in the OS installed on some retail devices: someone left the debugging tool with the key in the version of Windows installed on these devices.
Since then the debugging tool / key has been made available online and theoretically can allow anyone to install their own hacked, malware version of Windows onto mobile devices.... MS has released some patches but, because firmware is involved, seems unable to completely fix the problem. Read it at Ars Technica.
To the FBI & Governments everywhere: PLEASE NOTE that a Backdoor is a bad idea!!!!
PAT: Free maps that you can print and use anywhere
A great resource for the geography department - Free maps available at pat (portable atlas). FOR TRUE GEEKS ONLY: pat is also a tool that allows you to generate your own maps and provides free data sets that you can use, not only for mapping but in any way you want. IT Teachers - here's some large text files that you can get your learners to process for information :)
Computer glitch cancels over 600 flights and strands thousands
A reminder of just how dependant we are on computers. On Monday Delta Airlines suffered a 'computer glitch'. Delta says it was a problem with power supply. The power company says it was problems with the computer system. No one knows for sure. But the result is that 600 flights were cancelled and thousands of passengers stranded world wide on Monday alone (the problem continued through Thursday, though some flights were operational from Tuesday onwards). Read about it at Motherboard.vice.com and Wired.
Bug Bounties: How valuable is a Zero Day?
Zero day: a bug or vulnerability allowing a hacker to access a system that has just been discovered and for which no patch exists. Many companies offer 'bug bounties' (find out more about bug bounties at Bugcrowd.com) to security researchers and the hacking community. If the hackers or researchers discover a bug or vulnerability and report it to the company then they will get some sort of reward. Some companies give you 'swag' (gifts / products often branded), some just have a 'Hall of Fame' where you can get listed if you find and report a significant bug / vulnerability. Some pay out financial rewards. Many do all three - and what you get depends on the significance of the bug you find.
The problem is that governments and cyber criminals also want zero day hacks. There is a thriving underground market for this kind of hack and figures talked about run into thousands of US Dollars. Apple just announced their own (invite only) bug bounty program at 2016 Black Hat hacker conference. They offered up to $200 000 for the most serious bugs - making their bug bounty one of the richest out there. Just days after the Apple announcement a company called Exodus Intelligence (worth a look at their site) upped that figure to $500 000 if you report the bug to them instead. Read it here on The Next Web.
Be socially responsible on the Social Web - or else!!
My Broadband has an article detailing how simply liking or sharing a Facebook post that contains questionable information or is defamatory or libellous can result in you being sued, arrested or both. Think before you click!
Wirelessly unlock every VW sold since 1995
The headline says it all. Read the article at The Hacker News to find out how hackers were able to intercept and decrypt the remote locking system for VW cars with kit that only costs $40.
Nigerian scammers infect themselves with their own malware
Security researchers monitoring email attachments found something suspicious being mailed out to an internet database. Upon investigation they found the attachments contained screenshots and files of keystrokes from users infected by key logging malware. looking closer, they found that some of this data was actually coming from the scammers that had created the malware! They had accidentally infected themselves with their own product - and this enabled the security researchers to see exactly what they were doing.
Basically the scammers created databases of email addresses for businesses that they 'scraped' from corporate web sites. They then sent out phishing and spear phishing mails to these addresses, needing only one person to fall for their attack for them to get access to the corporate system. They then send e-mails from the infected person's account to others in the company, infecting more people as they do so. Finally they get enough access to intercept and compromise real business transactions so that companies dealing with each other end up paying the scammers instead.
That's it for this week.
We all take a lot of time and effort to teach our learners about Phishing - and about the more specialised, targeted "Spear Phishing" version of this type of attack. Well, it's time we added "Whaling" to that repertoire.
The term 'Whale' is often used in IT - and in business in general. A 'Whale' is generally a big spending customer - for example in all those 'free' games that you find available on mobile devices you are able to buy 'coins' or 'stars' or 'points' or something that will make it easier to progress through the game faster. Most people do not spend real money on these in game currencies - but there is a select group of users that do buy them - and they buy large. They are usually called 'Whales' - and they are where these companies make their money. Before science was sufficiently advanced whales were simply regarded as another type of fish - the biggest fish in the sea. So they are the biggest Phish for Phishers to focus their attention on as well. In the world of cybercrime a whale is typically a high level business person (CEO, COO, CFO, CTO = 'C' level executive, someone with 'Chief' in their title), politicians or celebrities.
The Whale phisher typically sends an urgent e-mail from a trusted colleague / business partner requesting urgent payment for some critical aspect of the business. The CEO then gives the order that payment be made, short-circuiting the usual paperwork... The phisher scores big. In May this year an Austrian aircraft company lost nearly € 41 Million (more than R 645 000 000) to a Whaling attack. The CEO and CFO lost their jobs. Read about it here.
MyBroadband.co.za has a story on Whaling and some tips from the FBI about how to avoid such attacks, whilst Social-Engineer.com asks 'Why go after minnows when you can catch a Big Phish?'. Finally CSOonline.com has got some examples of scams that CEOs could fall for (especially the spoofed 'from' addresses that rely on similar looking mis-spellings to seem as if they are from a valid source) - if you can stand their irritating multi-page slideshow format.
Fighting back against RansomWare
A great resource for learning about, identifying and fighting Ransomware is nomoreransom.org. They even have tools that will decrypt certain types of Ransomware attacks. A great resource for teaching about this type of malware.
Watch out for that cheap wireless keyboard
You better watch out, you better beware, Keysniffer is already in town.
Armed with a bit of smarts and a wireless dongle that costs less than R200 a hacker can not only intercept whatever you type on your keyboard (without even having to install key logging malware on your computer) from up to 70 m away, but they can also insert their own keystrokes to change whatever you are typing.
How is this possible? Well, makers of cheap wireless keyboards (those that use their own wi-fi dongle instead of Bluetooth) let the communication between the keyboard and the computer take place without encryption (or with poor encryption). Why? Because its cheaper and cheaper = lower price or more profits or both. Wired magazine has the lowdown on this new hacking exploit.
There is no such thing as anonymity or privacy on the web
Keep on telling your learners this fact. Repeat it until they think you are a stuck record. For those that say that they are savvy and have the skillz and the toolz to keep private - point out to them that the TOR browser and account they are using is probably compromised. Researchers recently found over 100 TOR nodes that were spying on their users... Tell them to read the article at The Hacker News. Then point out that the web is a large, wild, ungoverned place which is about as tough and secure as a bag made of wet toilet paper. They need to always assume that most of what you do, create, store, collect, download electronically is traceable and watchable and has probably been intercepted by someone somewhere.
A general Resource for all
The World Digital Library is a resource created by the US Library of Congress with support from UNESCO. It contains many digitised images, texts and maps that are interesting to browse through but could also be valuable resources for the History / Geography teachers at your school.
Building at 225 bricks per hour
3DPrint.com has an article about an Australian company which has created a robot that can lay 225 bricks in an hour - as much as a human does in half a day. Basically a truck loaded with bricks arrives at the building site, extends a robotic arm and starts laying the bricks according to the design programmed into it from a CAD model. There's a time lapse video of the robot at work near the end of the article.
That's it for this week.
If you have an Android phone then Google has just released a cool app called Science Journal (get it here for free on the Google Play store). You use the app to record data from the sensors on your device (light, sound, movement) - which you can use as measuring equipment in experiments! The app also connects to Arduino powered electronics for additional sensors and data. The Google for education post about the software is here. Tell your school's science teacher about it - it's really great for use in practical physics experiments.
Some follow up on previous news:
SCARY: Old tech runs nuclear missiles....
How scary? Remember floppy disks? Not stiffies (as they were known in South Africa) not even the large old 5 1/4" floppy disk drives that held 360 K of data and powered the first Apple and IBM personal computers. No we are talking about the giant 8" floppy disks used in 1970's IBM mainframes.
Well, those same floppy disks and 1970's IBM mainframes are still being used to control Americas Nuclear missiles, bombers and other related military tech. Even older 1950's mainframe based outdated tech is the backbone of American Tax data, whilst other American departments still run systems that use DOS! CNBC has a summary of the revelations.
The full detailed tech report (for the real geeks) is available as a PDF here.
Short snippets for this week:
Until next week....
012 546 5313 or 086 293 2702
012 565 6469 or 087 230 8479
Copyright Study Opportunities 2016. All rights reserved.