Uber Hid Hack of 57 Million Users and Drivers

But hey, they paid the hackers to delete the data. (And if you can’t trust black-hat hackers…) Uber hid a hack that exposed data of 57 million users and drivers for more than a year

The hackers stole names and driver’s license numbers of around 600,000 drivers in the U.S., as well as rider names, email addresses and mobile phone numbers.

More sensitive data pertaining to users of Uber (credit card data, etc.) was NOT hacked. Those 600,000 drivers should have been notified last year.

Last year? That’s right. This hack was in October of 2016. But taking care of the drivers would have meant bad publicity. And like Uber cares about anything but Uber. They did can the chief of security who helped hide the breach.

Advertisements

Amazon Gets Internet of Things Wrong – Part 2

And you thought it was bad that Amazon Echo would let people hack into your home network. Amazon Key flaw could let a courier disable your Cloud Cam. So Amazon came up with a system to allow couriers to unlock your door and deliver packages inside house. What could go wrong?

Now, researchers from Rhino Security Labs have shown that it’s possible, under rare circumstances, to hack the camera so that everything looks fine while someone takes all your stuff.

The attack would work like this. A courier unlocks your door with their Key app, drops off the package and closes the door behind them. Rather than re-locking it, they then run a program on a custom-built device or laptop that spoofs the home’s router and disconnects the Cloud Cam from the network.

And keeping the camera disconnected from the network means that they are not being monitored. While they steal all your stuff.

Amazon is promising to “address the issue.” But really, this is the kind of thing that should have been done in INITIAL design. (Gee, you think we should consider all the ways that bad-actors might attack the system?) Idiots. (Part 1 is at this link.)

Time-lapse of All Nuclear Explosions (1945 thru 1998)

This is awful – in all meanings of that word. Japanese artist Isao Hashimoto has created something both beautiful and terrifying.

Starting with the Trinity Test of the Gadget, near Los Alamos, New Mexico, and ending with Pakistan’s tests in 1998. It leaves out the few tests by North Korea.

If you take a guess at the number of atomic and thermonuclear bombs that were exploded during that period, I can almost guarantee that you will be wrong, by guessing low. The video is 14 minutes and change, so grab a coffee. If you are really impatient, jump ahead to 1960, (4:20) or the late 50s. But watching it build is really the point. Watch the beginning even if you are impatient.

Worldwide total is in the bottom right corner.

Oh sure, there are shorter videos out there, but this one is mesmerizing.

Who Even Knew There Was An Overwatch World Cup?

Overwatch World Cup 2017We are down to the semifinals. Overwatch World Cup: UK out, Sweden, Canada, France, and Korea through

The whole match lasted less than an hour, including a lengthy break, as Sweden comfortably won all their games against Team UK.

In the first game on Oasis, UK had opportunities, but were unable to capitalise on their leads.

I’m not sure I’m really into the whole eSports thing, but it is an interesting concept.

The next match is Sweden vs Canada, this afternoon. Not sure if it is streamed live, but I would guess it probably is somewhere.

What, you think the NFL has more interesting game play? At least no one will end up with CTE.

DHS Warns of Cyber Attack on Infrastructure

DHS LogoThis has been talked about since forever. So if this is an actual announcement that stuff is a problem, I’m guessing that attacks have probably started. U.S. warns public about attacks on energy, industrial firms

(Reuters) – The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.

Like it or not, hackers are coming for everything they can get at. And corporations – everything from energy to IoT – have been completely stupid about the way they handle security. As I’ve said before, it is easy to put things on the internet; it is hard to do it correctly. And so it is never done correctly, because executives never want to pay money for something they don’t understand. And they never understand why they should care about security. (Witness things like Equifax, or Target, or Home Depot, or The Office of Personnel Management or NHS, or any of the other hacks that have made the news.)

That’s not to say that employees of those organizations need to wise up. (Phishing is still a thing in 2017? Really?).

U.S. authorities have been monitoring the activity for months, which they initially detailed in a confidential June report first reported by Reuters. That document, which was privately distributed to firms at risk of attacks, described a narrower set of activity focusing on the nuclear, energy and critical manufacturing sectors.

Just because you CAN put something on the internet, doesn’t mean you SHOULD put it on the public internet. (I think nuclear power should top that list!)

YouTube Censors Mike Rowe

Mike RoweWhy? Because he calls for hard work over being a layabout gadfly, apparently. Thomas Gallatin: YouTube Restricts… Mike Rowe? — The Patriot Post

Mike Rowe recorded a 5 minute video for the graduation “ceremony” of the on-line university, PragerU. The video is entitled “Don’t Follow Your Passion.” You can see the video for yourself at this link. (It isn’t objectionable in anyway. Unless you’re a snowflake liberal who can’t abide dissenting opinions, I guess.)

So if it isn’t objectionable, why suddenly was YouTube having a problem with Mike Rowe’s entire YouTube channel?

Rowe explains that he was shocked at the news as he had not run afoul of YouTube’s appropriate content policies, or so he thought. Rowe said that he then reread YouTube’s policy fine print and found the following sentence: “Some videos don’t violate our policies, but may not be appropriate for all audiences. In these cases, our review team may place an age restriction when we’re notified of the content.” In other words, YouTube’s censors are essentially saying they will restrict you if they don’t like your message.

The video is full of words like “hard work” and “opportunity” and it dares to poke fun at folks in Hollywood. It says you should consider opportunity, not just your wild imagination (or dreams as they are called) because there are a lot folks with college degrees working at Starbucks, but there are 6 million jobs going wanting that no one is trained for. Oh, and there are 3 trillion dollars in student debt. So it must be “inappropriate” to make available to high school students.

The “Occupy Wherever” movement was full of people who had “followed their passion” to a degree in something meaningless, and they were cheesed off because they had a mountain of student debt, and no job, and no prospects. The refrain was “we did everything we were told to do.” Well you got bad advice.

Now Mike Rowe has a big enough following on YouTube and Facebook to get that censorship “reviewed” and eliminated. But that doesn’t mean that YouTube isn’t restricting everyone they believe to be conservative on a wholesale basis.

Dark Overlord Hacking Group Turns Attention to Schools

Because as mentioned, schools love to put sensitive data online, but can’t be bothered to secure it properly. Dark Overlord hacks schools across U.S., texts threats against kids

The hacking group responsible is the Dark Overlord, the group that leaked new Orange Is the New Black episodes because Netflix didn’t pay a ransom. The same group tried to sell millions of pilfered healthcare records and was responsible for other attacks such as on Gorilla Glue and an Indiana cancer service agency. Now, it is targeting schools and scaring the snot out of parents by sending personalized text messages threatening their kids.

Iowa, Montana, Texas, and Alabama have had schools that were targeted.

Why target schools? In part, it is because they have crappy security.

Schools had better get on it and batten down the security hatches because there is no excuse for their lax security.

If you don’t have the money for security, you shouldn’t be putting students’ data on the web. Probably shouldn’t do it in any case, but there you have it.