This Week in Tech
Seems like that old nursery chant: 'sticks and stones may break my bones, but words can never harm me' is no longer quite as true as we'd like to believe. Last week a judge in Massachusetts found a 17 year old young woman guilty of manslaughter for using text messages and a phone call to encourage and convince her 18 year old boyfriend to commit suicide.
|“This is saying that what she did is killing him, that her words literally killed him, that the murder weapon here was her words,” |
- Matthew Segal, lawyer with the American Civil Liberties Union of Massachusetts
Our learners live in a world where constant communication and the pressures of social media are pervasive. They often post private messages to each other and public messages on social media without giving a moments thought to the impact, implication, consequences or possible collateral damage these messages might cause. As educators, we need to take the time and effort to repeatedly draw to their attention cases that vividly illustrate this - cases that redefine the law and our society. This is one such case. The New York Times has a good article on the topic, but if you have already used up your free access for the month, here's a link at CNN. If nothing else, this could open the door to Manslaughter / Murder becoming, of all things, a cybercrime.
Human error - again
Computers are stupid. they only do what you tell them to do, so you better make sure that you tell them to do the right thing. One young person, first day on the job, just out of University, unguided and working according to a document telling him how to set up his own test development database did what many of our learners do: he copied the code in the document and executed it unmodified. The result: the entire companies database deleted. Gone. Unrecoverable. The CTO promptly fired him and he posted about his experience on Reddit. Many readers have come out in support of him and believe that the CTO should have been the one to lose his job.
A complete nightmare situation. A business almost down the tubes because of human error. I say almost, because surely there were backups and recovery, though tedious and inconvenient, would be possible? Wrong! Seems like there was a problem with the databases and backups were not being restored. A company that provides a document containing a potentially destructive code snippet to a complete noob for unsupervised use is not likely to make sure they follow the best backup procedure in the world. More human error, compounding the original human error...
Quartz Media has a nice article based on the incident.
Robot, Robots, Robots
Harvard students seem to want to prove that robots can be made from anything - they are developing a spider like robot made from drinking straws and powered by air.
And now, a robot that crawls up your butt - to make an unpleasant medical procedure weirder but less unpleasant. Curious? Check it out at Boing Boing.
Finally, the BBC has a short segment from Ashitey Trebi-Ollennu, chief engineer at Nasa’s Jet Propulsion Laboratory, on 5 robots set to change the world.
Motherboard has an article on a click fraud farm busted in Thailand. Fascinating visuals and a glimpse into the world where fake likes, ratings, etc are manufactured on demand.
In Russia though, this type of click fraud is out in the open. Here's an article about a vending machine that sells Instagram likes and followers!
Whilst Google seems intent on creating AI's that defeat humans at complex games demanding strategy and insight, Facebook has built itself an AI that has learnt to lie to get what it wants. Appropriate for a system where most people create fake representations of a perfect life? A fascinating read.
AI, self driving cars and Insurance
Some interesting questions raised in this article from Readwrite.com.
Scary new malware infection technique
Digital trends has an article on how hovering your mouse over a link in a PowerPoint slide can automatically download and install malware (no clicking required).
Ransomware Ponzi scheme
A Ponzi scheme is a pyramid scheme. Popcorn Time is a new type of malware tries to maximise its profits by using the strategy behind a pyramid scheme - when you get infected and your data is encrypted and held ransom, you are given a choice: either pay up or deliberately infect at least 2 others to 'free' your data. What would you do? The New York Times has the details, also at Fortune.com.
That's it for this week - good luck with the last of exams and the reports....
Remember that whole saga of Apple vs the FBI when Apple refused to create a back door for the FBI to investigate a terrorists phone? Apple said that it was too dangerous and would make iOS vulnerable to hackers. The FBI said something like 'but you can trust us, we are a powerful government agency, we will protect the backdoor and keep it safe and no one else will ever get to use it - especially not hackers....' Apple stuck to their guns and the matter was never tested in court because the FBI withdrew their case and found an alternative solution to their problem.
Turns out Apple was very right though. A couple of weeks ago we reported on US government hacking tools and secrets being exposed by a hacker group calling itself the Shadow Brokers - and published on Wikileaks. That leak led to the biggest flood of ransomware infections in history. Computers across the globe became inaccessible - their data encrypted and unavailable. Ransoms of $300 - $600 were demanded. Here are some very important facts about the infection:
Wanna Cry infected hundreds of thousands of computers in over 100 countries world wide. It crippled businesses, government offices, health care (especially the NHS in the UK) and private computers indiscriminately.
The biggest lesson though is that machines with the latest version of the OS and up-to-date patches were pretty much safe from the attack.
Cartoon resources - great for class discussion or tests / exams:
MP3 is dead - NOT!
News articles this week tried to scare people into believing that MP3 as a music format is dead. Why? Well, basically the Fraunhofer institute that created MP3 is no longer licensing the format. Because their patents have expired. Which means that the format essentially moves into the public domain and is free for developers to write encoders and decoders for without having to pay royalties.
The articles suggested people use other formats such as AAC - which are, co-incedentally, still under patent and require royalty payments. These formats are newer and (slightly) better than MP3. I was just gearing up to explain the nonsense in detail when I came across this article by Marco Arment - who did it all for me so I don't have to!
The Working Dead - IT jobs in review
As IT and CAT teachers we have a vested interest in extolling the job market for IT savvy workers. InfoWorld has an excellent article on the evolution and turnover of IT related jobs and just how tricky the IT job market can be. Well worth a read so that you can talk in an informed manner with your learners on the topic.
Fake News corner:
You might wonder why I did not report on the supposed 'Blue Whale' suicide game last week. It's simple: what information was out there seemed sketchy, anecdotal and unreliable. It seemed like a sensationalist story, the kind that proliferates on Facebook. Here's htxt.africa doing some serious research and vindicating my opinion of the story and not giving it any kind of credence.
Welcome back to the blog. A few housekeeping changes this week before we get into the news.
Teaching about Fake News
It looks like 2017 is not only the year of fake news, but also the year in which we have to make an important change to the way we talk about the web and web content with our learners.
Yes, it is true that the web enables anyone to publish anything. Yes it is true that this has been a great enabler for people in general to express themselves and spread news that might otherwise be suppressed.
The thing is, the value of the content on the web depends very much on the sense of integrity and responsibility of those creating that content. The current trend of spreading blatant untruths without pause or hesitation or thought for the consequences devalues the web as a source of reliable content. We need to address this issue in the classroom. The least we (and our learners) can do is identify and refuse to spread fake news.
We know that Fake News has become an issue after the creation of both the CAPS and the textbooks and therefore resources for this topic are scarce. We will continue to feature 'Fake News Corner' in all the blogs throughout the year.
Why is Fake News spread?
Three main reasons are:
This Weeks Fake News links:
And, in other news - to show that accuracy and integrity is important, Wikipedia has banned the use of the Daily Mail (UK Newspaper) as a source because of its unreliability, bias and inaccuracy! Whatever you do, don't use the Daily Mail as a source to check the accuracy of something you think might be fake news! Read it at The Guardian.
This week we have a few InfoGraphics that could be useful for your classroom. Finding good material to print and put on your noticeboards / classroom walls is hard. Here's some useful stuff! To check out lots of other interesting infographics visit coolinfographics.com.
Make sure to tell your Art department that the Metropolitan Museum of Art has made 375 000 high res images of art free to download and use as you wish! What an amazing resource! They explain the move to 'open access' here.
Can you spot the phish? This article from CSO Online makes for a great classroom exercise. It shows a number of real phishing emails and asks you to try and identify why they are phishing mails. It also gives explanations that you can share with your learners.
We all know that anti-virus software works by scanning files on your storage for known signatures of viruses and other malware. The question is - what happens when the malware does not store itself as a file but simply loads itself into memory, leaving no trace for anti-malware software to find? The answer is that the malware becomes almost impossible to detect and eliminate. The scary thing is that, although a proven concept since 2015, fileless malware is hitting the news in a big way this week. It seems that a spate of this type of attacks against mainly banks has been detected in the last while. The good guys are going have to put in looooong hours to find a solution to this one!
The Ransomware Industry
CSO Online says the stats prove the move away from general malware toward Ransomware. Apparently there was a 6% decline in new types of malware last year - at only 60 million new varieties been listed. They proceed to give various reasons, but the astonishing fact is:
|The number of attacks increased 167 times. |
Not 167 percent -- 167 times, from 3.8 million ransomware attack attempts in 2015 to 638 million in 2016.
And if you are in any doubt about how Ransomware is becoming big business, read this eye-opener from Boing Boing about the customer service offered by the operators of the Spora Ransomware. They want to make sure you trust that if you pay your files will be decrypted...
Ransomware is not the only type of hacking going commercial. More proof that hacking is being run like a business is the offering of payment for insider information / passwords / logins. The Hacker News has the low down on how porn and credit card numbers is not all that you can buy on the Dark Web.
That's it for this week. We hope you'll start making use of comments and shares - if you think that what we've got to say is worth it!
We all take a lot of time and effort to teach our learners about Phishing - and about the more specialised, targeted "Spear Phishing" version of this type of attack. Well, it's time we added "Whaling" to that repertoire.
The term 'Whale' is often used in IT - and in business in general. A 'Whale' is generally a big spending customer - for example in all those 'free' games that you find available on mobile devices you are able to buy 'coins' or 'stars' or 'points' or something that will make it easier to progress through the game faster. Most people do not spend real money on these in game currencies - but there is a select group of users that do buy them - and they buy large. They are usually called 'Whales' - and they are where these companies make their money. Before science was sufficiently advanced whales were simply regarded as another type of fish - the biggest fish in the sea. So they are the biggest Phish for Phishers to focus their attention on as well. In the world of cybercrime a whale is typically a high level business person (CEO, COO, CFO, CTO = 'C' level executive, someone with 'Chief' in their title), politicians or celebrities.
The Whale phisher typically sends an urgent e-mail from a trusted colleague / business partner requesting urgent payment for some critical aspect of the business. The CEO then gives the order that payment be made, short-circuiting the usual paperwork... The phisher scores big. In May this year an Austrian aircraft company lost nearly € 41 Million (more than R 645 000 000) to a Whaling attack. The CEO and CFO lost their jobs. Read about it here.
MyBroadband.co.za has a story on Whaling and some tips from the FBI about how to avoid such attacks, whilst Social-Engineer.com asks 'Why go after minnows when you can catch a Big Phish?'. Finally CSOonline.com has got some examples of scams that CEOs could fall for (especially the spoofed 'from' addresses that rely on similar looking mis-spellings to seem as if they are from a valid source) - if you can stand their irritating multi-page slideshow format.
Fighting back against RansomWare
A great resource for learning about, identifying and fighting Ransomware is nomoreransom.org. They even have tools that will decrypt certain types of Ransomware attacks. A great resource for teaching about this type of malware.
Watch out for that cheap wireless keyboard
You better watch out, you better beware, Keysniffer is already in town.
Armed with a bit of smarts and a wireless dongle that costs less than R200 a hacker can not only intercept whatever you type on your keyboard (without even having to install key logging malware on your computer) from up to 70 m away, but they can also insert their own keystrokes to change whatever you are typing.
How is this possible? Well, makers of cheap wireless keyboards (those that use their own wi-fi dongle instead of Bluetooth) let the communication between the keyboard and the computer take place without encryption (or with poor encryption). Why? Because its cheaper and cheaper = lower price or more profits or both. Wired magazine has the lowdown on this new hacking exploit.
There is no such thing as anonymity or privacy on the web
Keep on telling your learners this fact. Repeat it until they think you are a stuck record. For those that say that they are savvy and have the skillz and the toolz to keep private - point out to them that the TOR browser and account they are using is probably compromised. Researchers recently found over 100 TOR nodes that were spying on their users... Tell them to read the article at The Hacker News. Then point out that the web is a large, wild, ungoverned place which is about as tough and secure as a bag made of wet toilet paper. They need to always assume that most of what you do, create, store, collect, download electronically is traceable and watchable and has probably been intercepted by someone somewhere.
A general Resource for all
The World Digital Library is a resource created by the US Library of Congress with support from UNESCO. It contains many digitised images, texts and maps that are interesting to browse through but could also be valuable resources for the History / Geography teachers at your school.
Building at 225 bricks per hour
3DPrint.com has an article about an Australian company which has created a robot that can lay 225 bricks in an hour - as much as a human does in half a day. Basically a truck loaded with bricks arrives at the building site, extends a robotic arm and starts laying the bricks according to the design programmed into it from a CAD model. There's a time lapse video of the robot at work near the end of the article.
That's it for this week.
Another day, another malware.
Card skimmers are physical devices that criminals attach to ATM machines to copy the magnetic stripe information from bank cards as they are put into the ATM. They are usually used with a hidden camera which spies on you as you type in your PIN code.
The problem with card skimmers is that, because they are physical devices, an alert customer can spot that there is something wrong with the ATM.
For the criminals there are two solutions to this problem:
1) Use more creative hardware
The trend for computer kit to get smaller and thinner doesn't only apply to your smartphone. Since 2014 criminals have been able to create card skimmers so thin and small that they fit inside the card slot of the ATM - making the skimmer that much harder to detect. Krebs on Security has a great and detailed article on this here.
2) Make the ATM your card skimmer
Since 2009 criminals have figured out that using malware to infect an ATM can turn the whole machine into a card skimmer - no extra hardware or camera required. The malware was called Skimer and it is back in the news again this week because; surprise, surprise; there's a new version of the malware that's just crawled out of the woodwork (making a total of 49 versions of this malware). This new version was discovered by Kaspersky and you can read the details here.
What is new is that the malware hides itself and only becomes active when a specific 'magic' card is inserted into the ATM. The card contains activation codes on its magnetic stripe that set the malware into action. The criminal is given a menu of options which include the functions:
A big advantage of using malware like this is that the ATM customer has absolutely no way of telling that their data is being stolen. The criminal can also chose to run the skimmer function when and how they need, generally making the criminal activity harder to detect.
'Till next week..
012 546 5313 or 086 293 2702
012 565 6469 or 087 230 8479
Copyright Study Opportunities 2016 - 2018. All rights reserved.