AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets – March 18, 2019

1 The Hottest Chat App for Teens Is … Google Docs

When the kids in Skyler’s school want to tell a friend something in class, they don’t scrawl a note down on a tiny piece of paper and toss it across the room. They use Google Docs. “We don’t really pass physical notes anymore,” said Skyler, 15, who, like all the other students in this story, is identified by a pseudonym. As more and more laptops find their way into middle and high schools, educators are using Google Docs to do collaborative exercises and help students follow along with the lesson plan. The students, however, are using it to organize running conversations behind teachers’ backs.


2 Cyberattacker demands ransom from Northern Colorado utility

It reads like a cybercrime novel, but it's all too real for a local utility company. When employees of the Fort Collins Loveland Water District and South Fort Collins Sanitation District got to work the morning of Feb. 11, they were locked out of technical and engineering data and drawings stored on their computers. The districts had fallen victim to a ransomware cyber attack, the second in two years, General Manager Chris Matkins said. Hackers were holding the data hostage and demanding a ransom payment before they'd unlock the information. Matkins won't say how big the ransom demand was or how payment was to be made. "It's not something we will talk about," he said. "It didn't have any bearing on how we responded."


3 Slack says it removed dozens of accounts affiliated with hate groups

Workplace chat company Slack said today it’s removed 28 accounts for having a “clear affiliation with known hate groups.” The announcement, posted as a message to its website this morning, is a rare admission from the company that its platform can and has been used as a way to organize hateful groups of users, some of which may in the future take real-world violent action. Slack competitor Discord has a history of taking similar action against such groups over the past few years, starting with the banning of servers promoting neo-Nazi ideologies in 2017. Numerous other online platforms have taken action against hate speech and groups that propagate and organize around it, including not just Discord, but Facebook, Google, GoDaddy, GoFundMe, Reddit, Uber, YouTube, and many others. A turning point for a number of these companies was the August 2017 white supremacist rally in Charlottesville, Virginia that resulted in the murder of counter-protestor Heather Heyer.


4 DARPA Is Building a $10 Million, Open Source, Secure Voting System

For years security professionals and election integrity activists have been pushing voting machine vendors to build more secure and verifiable election systems, so voters and candidates can be assured election outcomes haven’t been manipulated. Now they might finally get this thanks to a new $10 million contract the Defense Department’s Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking. The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems. The system will use fully open source voting software, instead of the closed, proprietary software currently used in the vast majority of voting machines, which no one outside of voting machine testing labs can examine. More importantly, it will be built on secure open source hardware, made from special secure designs and techniques developed over the last year as part of a special program at DARPA.


5 Students Hack School System to Change Grades and Attendance

Like a modern day WarGames, students in Michigan have hacked into a school district's computer system and changed grades and attendance records. According to a statement made on Facebook and the district's web site, Jim Nielsen, the superintendent of Orchard View Schools, stated that they became aware of a data breach in their PowerSchool student information system last week. When the data breach was discovered, the school launched an investigation and discovered that unauthorized changes to student's grades and attendance records were made. The statement further states that this breach "appears to be limited to the high school." The school district has notified the parents of the students that were involved, but it is not known if law enforcement has also been notified.


6 Top Pentagon officials say Google work is 'benefiting the Chinese military'

Top defense officials on Thursday blasted Google for its work in China, saying that the company’s efforts are serving the interests of the U.S. adversary. “The work that Google is doing in China is indirectly benefiting the Chinese military,” Gen. Joseph Dunford, the chairman of the Joint Chiefs of Staff, told the Senate Armed Services Committee in a hearing. “We watch with great concern when industry partners work in China knowing there is that indirect benefit,” Dunford added. “And frankly, ‘indirect’ may not be a full characterization of the way it really is, it’s more of a direct benefit to the Chinese military.”


7 ‘Privacy Is Becoming a Luxury’: What Data Leaks Are Like for the Poor

When Jayne checked her email on the morning of February 13, she didn't expect to find anything particularly exciting. The 34-year-old, who asked her real name be withheld out of fear that speaking out could affect her housing benefits, was enjoying a rare moment of relative peace on a snow day in a household with five kids. But when she opened the attachment from a note sent by the Seattle Housing Authority, she did not see the routine newsletter she anticipated. Instead, she was staring at a list of names, addresses, e-mail addresses, and tenant code numbers for the more than 500 clients of the city’s Scattered Sites low-income housing program, which includes low-income complexes that are typically smaller and more family-oriented than bigger housing projects. Jayne's own name and personal information were included on the list.


8 Telegram Gained 3 Million New Users During Facebook Outage

Facebook outage period turn profitable for Telegram, within 24 hours the instant messaging app gained more than 3 million new users. Telegram is a free instant messaging app like WhatsApp, well-known for its encryption, privacy, and self-destructive private messages. With Telegram, you can access your messages across multiple devices. With Telegram, all your messages, media, etc are encrypted using a combination of 256-bit symmetric AES encryption, 2048-bit RSA encryption, and Diffie–Hellman secure key exchange. Telegram runs on user donation’s and the company claims it will never sell ads or monetize users’ data.


9 The man who takes tech apart – so we can learn how to fix it

By his own admission, photographer Todd McLellan was “kind of a weird kid”. As an eight-year-old, the Canadian had a workbench in his bedroom, where he would use a hammer, a soldering iron and an oscilloscope to tinker around with household objects. He particularly enjoyed taking apart his brother’s toy cars to try to see what was inside. “I thought the little seats were so cool,” he says now. “But it was so disappointing there were no pedals or steering wheel. I was like: ‘What – is that it?’” In 2019, he has upgraded from the mechanical to the digital: in Things Come Apart 2.0, “a teardown manual for modern living”, the artist chronicles the components of a digital camera, an Amazon Echo speaker, a laptop, a 3D printer, and of course a smartphone.


10 Qualcomm wins $31M verdict in patent infringement fight with Apple

The trial between Apple and Qualcomm sought to decide whether Apple had violated a trio of patents, including ones relating to power conservation and operating efficiency in portable devices. The jury ultimately sided with Qualcomm over the matter, as well as its request for damages in full. As part of the deliberations, the jury struck down an argument by Apple that its former employee had helped create one patent to do with booting devices, reports CNET. It was argued the engineer should have been declared an inventor on the patent, effectively invalidating it and preventing Apple from being accused of infringing it. Last week, engineer Arjuna Siva was pulled from a scheduled court appearance, prompting speculation of potential witness tampering. Under subpoena, Siva did acknowledge the basis of one of the patents was his idea, but fell short of claiming inventor status.


11 Training unlikely techies

In several midsize cities across the U.S., unusual software teams are programming apps and websites. In past lives, these workers delivered pizzas and parcels, tended stores and taught in schools, or drove Ubers and forklifts. They made the unlikely jump to tech by way of apprenticeships — free intensive training followed by jobs at the companies that taught them. Why it matters: This train-and-hire model is a potential answer to a huge outstanding issue: how to get people whose jobs are likely to be automated into new, future-proof work that requires vastly different skills.


12 House Dem introduces bill requiring public firms to disclose cybersecurity expertise in leadership

A Democrat on the House Intelligence Committee introduced a bill on Wednesday that would require publicly traded companies to disclose to investors whether any members of their board of directors have cybersecurity expertise amid growing cyberattacks targeting U.S. companies. Rep. Jim Himes (D-Conn.) introduced the Cybersecurity Disclosure Act of 2019, a companion bill introduced in the upper chamber, that would make the Securities and Exchange Commission issue a new set of rules requiring U.S. companies to tell their investors whether they have someone who has cyber expertise on their board. If they don't, they must explain to their investors why this is the case.


13 WhatsApp co-founder urges users to delete their Facebook accounts — again

According to Buzzfeed News, Acton spoke during an undergraduate course called Computer Science 181 alongside another former Facebook employee, Ellora Israni, founder of She++. During the class, Acton spoke about why he sold Whatsapp to Facebook in the first place, and why he left, and criticized the drive to prioritize monetization over user privacy. During his talk, he noted that major technology and social media companies like Apple and Google have struggled to moderate their content. “These companies are not equipped to make these decisions,” he said. “And we give them the power. That’s the bad part. We buy their products. We sign up for these websites. Delete Facebook, right?”


14 Stanford Medicine Presents Results of the Apple Heart Study

Over 400,000 people participated in the Apple Heart Study, which used the Apple Watch to collect irregular heart rhythm data from participants for eight months. When an irregular rhythm was detected and suggested the possibility of arterial fibrillation, the Watch sent the user a notification. Study participants who got the notification were contacted telephonically by a doctor and given an electrocardiogram patch for further monitoring. This weekend, Stanford Medicine reported the results of the study at the American College of Cardiology’s Annual Scientific Session and Expo in New Orleans. The study showed that 0.5% of participants received irregular rhythm notifications putting to rest concerns in some quarters that the Apple Watch’s sensor would overburden health professionals with false positives.

Related Posts