A lesson in social engineering: president debates

In theory, we hackers are supposed to be experts in social engineering. In practice, we get suckered into it like everyone else. I point this out because of the upcoming presidential debates between Hillary and Trump (and hopefully Johnson). There is no debate, there is only social engineering.

Some think Trump will pull out of the debates, because he's been complaining a lot lately that they are rigged. No. That's just because Trump is a populist demagogue. A politician can only champion the cause of the "people" if there is something "powerful" to fight against. He has to set things up ahead of time (debates, elections, etc.) so that any failure on his part can be attributed to the powerful corrupting the system. His constant whining about the debates doesn't mean he'll pull out any more than whining about the election means he'll pull out of that.

Moreover, he's down in the polls (What polls? What's the question??). He therefore needs the debates to pull himself back up. And it'll likely work -- because social-engineering.

Here's how the social engineering works, and how Trump will win the debates.

The moderators, the ones running the debate, will do their best Continue reading

Researchers create 3D faces from online photos to defeat face authentication systems

Security researchers continue to find ways around biometric-based security features, including a new attack which can defeat face authentication systems.You might be careful about posting photos of yourself online, either refraining from it or setting the images to private, but your “friends” might post pictures of you online. It wouldn’t matter if those pictures of you are low quality or there were as few as three publicly available photos of you, researchers from the University of North Carolina have developed a virtual reality-based attack that can reproduce your face well enough to trick face authentication systems.In “Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos” (pdf), the researchers called “the ability of an adversary to recover an individual’s facial characteristics through online photos” an “immediate and very serious threat.” The team devised an attack which can bypass “existing defenses of liveness detection and motion consistency.”To read this article in full or to leave a comment, please click here

Researchers create 3D faces from online photos to defeat face authentication systems

Security researchers continue to find ways around biometric-based security features, including a new attack which can defeat face authentication systems.You might be careful about posting photos of yourself online, either refraining from it or setting the images to private, but your “friends” might post pictures of you online. It wouldn’t matter if those pictures of you are low quality or there were as few as three publicly available photos of you, researchers from the University of North Carolina have developed a virtual reality-based attack that can reproduce your face well enough to trick face authentication systems.In “Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos” (pdf), the researchers called “the ability of an adversary to recover an individual’s facial characteristics through online photos” an “immediate and very serious threat.” The team devised an attack which can bypass “existing defenses of liveness detection and motion consistency.”To read this article in full or to leave a comment, please click here

12% off Amazon Tap Alexa-Enabled Portable Bluetooth Speaker – Deal Alert

Amazon is currently discounting its Tap speaker by 12% to $114.99. It averages 4 out of 5 stars from 2,545 customers (read reviews). The Tap is a more portable version of their popular Echo speaker. The tap lasts for up to 9 hours on a single charge and is Alexa-Enabled, so you just "tap" and ask it to play your favorite music from most streaming music services, check sports scores, request an Uber, order a pizza, and much more. Learn more about the discounted Tap and explore buying options now on Amazon.To read this article in full or to leave a comment, please click here

Bugs don’t come from the Zero-Day Faerie

This WIRED "article" (aka. thinly veiled yellow journalism) demonstrates the essential thing wrong with the 0day debate. Those arguing for NSA disclosure of 0days believe the Zero-Day Faerie brings them, that sometimes when the NSA wakes up in the morning, it finds a new 0day under its pillow.

The article starts with the sentences:
WHEN THE NSA discovers a new method of hacking into a piece of software or hardware, it faces a dilemma. Report the security flaw it exploits to the product’s manufacturer so it gets fixed, or keep that vulnerability secret—what’s known in the security industry as a “zero day”—and use it to hack its targets, gathering valuable intelligence.
But the NSA doesn't accidentally "discover" 0days -- it hunts for them, for the purpose of hacking. The NSA first decides it needs a Cisco 0day to hack terrorists, then spends hundreds of thousands of dollars either researching or buying the 0day. The WIRED article imagines that at this point, late in the decision cycle, that suddenly this dilemma emerges. It doesn't.

The "dilemma" starts earlier in the decision chain. Is it worth it for the government to spend $100,000 to find and disclose a Cisco 0day? Continue reading

IoT Engineering Tip: Simplifying SSH Host ECDSA Key Checking

Those of you new to Internet of Things (IoT) engineering and using boards such as the Raspberry Pi will probably have come across an irritation: Every time you wipe the operating system on your IoT device and then try to use the Secure Shell (SSH) to access it, SSH will complain with something along the lines of:RedQueen:~ mgibbs$ ssh [email protected]@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @To read this article in full or to leave a comment, please click here

QoS? Really?

I wrote this post during Cisco Live and said “I’ll just give it a once-over tonight and publish it.”  That was something like 6 weeks ago now. What a loser I am.

Yes, really. QoS has actually gotten some attention this year. After how many years of living in the dark and being feared by junior and senior engineers alike, we’re seeing some really cool technologies coming out for it.

I was honored to be invited to Tech Field Day Extra this morning while I’m at Cisco Live.  If you don’t know about TFD, you’re missing out.  A group of influencers gather in a room and get very deep and very technical presentations from vendors.  Today, Cisco came and talked about a couple of topics including branch security and QoS.  Obviously, the QoS was the big hitter for me.

Tim Szigeti (@tim_szigeti) kicked off the QoS conversation by talking about some of the recent advancements in QoS in both hardware and software. In hardware, he discussed the programmability of the new ASICs that Cisco is using in their switches and routers.  These ASICs are dumb out of the box, but they are very willing to learn.  Want it Continue reading

Machine learning and forgery

There’s no doubt that pretty much everything humans do can be sliced, diced, and replicated by algorithms so it’s not surprising that recent work by Tom S. F. Haines, Oisin Mac Aodha, and Gabriel J. Brostow, researchers at University College London, has resulted in the fall of yet another bastion of being human: Handwriting. How did they do it? Machine learning.Their paper, called "My Text in Your Handwriting," describes software that semi-automatically analyzes a sample of a handwriting, then generates whatever text you want in what looks like the identical style of the original handwriting sample. UCL’s press release explains:To read this article in full or to leave a comment, please click here

Google is killing Chrome apps on Mac, Windows and Linux

Three years after introducing special apps that run inside the Chrome browser, Google announced Friday that it will be removing them from Windows, Mac and Linux by early 2018. Google introduced those apps in 2013 as a way to offer new functions that weren't otherwise available on the web. Chrome browser apps also gave developers a way to write one app that would run across Windows, Mac, Linux and Chrome OS.The apps come in two flavors: Hosted Apps, which are essentially installable web apps, and Packaged Apps, which are closer to a traditional app like those you might find in the iOS App Store or Google Play Store. To read this article in full or to leave a comment, please click here

Weekly Roundup: Top 5 Docker articles of the week

 

This week, we announced the launch of the Docker Scholarship program, got to know our featured Docker Captains, and aired the first #Dockercast episode. As we begin a new week, let’s recap our top 5 most-read stories for the week of August 14, 2016:

 

5 #docker stories you don’t want to miss this week cc @chanwit @vfarcic @idomyowntricks Continue reading

These are the lessons Trulia learned from building a chatbot

It's a competitive real-estate rental market out there, and Trulia wanted to capitalize on the interest with a new Facebook Messenger bot it launched earlier this month.The bot lets users search for rental properties and keep up to date on new properties when they become available. Trulia's bot came out of a quarterly hackathon project hosted by at real estate tech firm this past May, and the company learned a lot about bot-building. The experience showed that businesses should give bot-making a shot, even if they're not tech companies, said Yardley Ip, general manager for Trulia Rentals."Given that the tools are so easy to use, and it's so lightweight to develop [a bot], I think businesses should try it," Ip said. "At least, at minimum, from the customer service angle. Because there are frequently asked questions that users and customers have, and why not use a bot as a way to respond to your users quickly?"To read this article in full or to leave a comment, please click here

Your Docker Agenda for LinuxCon North America

Hey Dockers! We’re excited to be back at LinuxCon this year in Toronto and hope you are, too! We’ve a got a round-up of many of our awesome Docker speakers, as well as a booth. Come visit us in between the sessions at booth #41 inside “The Hub”. You may even be able to score yourself some Docker swag.

 

linuxcon-containercon-north-america-2016-62

Monday:

11:45am – Curious about the Cloud Native Computing Foundation, Open Container Initiative, Cloud Foundry Foundation and their role in the cloud ecosystem? Docker’s Stephen Walli joins other panelists to deliver So CFF, CNCF, and OCI Walk into a Room (or ‘Demystifying the Confusion: CFF, CNCF, OCI).

3:00pm – Docker Captain Phil Estes will describe and demonstrate the use of the new schema format’s capabilities for multiple platform-specific image references in his More than x86_64: Docker Images for Multi-Platform session.

4:20 pm – Join Docker’s Mike Coleman for Containers, Physical, and virtual, Oh My! insight on what points businesses need to consider as they decide how and where to run their Docker containers.

 

Tuesday:

2:00pm – Docker Captain Phil Estes is back with Runc: The Little (Container) Engine that Could where he will 1) give an overview Continue reading

The NBA is holding its first hackathon – should your company, too?

Companies large and small have already embraced the hackathon as a way to foster collaboration and innovation, and now the NBA has announced that it's jumping on board.Scheduled to take place next month in New York, the NBA's first-ever event is open to undergraduate and graduate student statisticians, developers and engineers in the U.S. who are interested in building basketball analytics tools. Participants will present their work to a panel of expert judges and an audience of NBA League Office and team personnel. Prizes will be awarded to the top three teams, including a tour of the NBA League Office and a lunch with NBA staff.To read this article in full or to leave a comment, please click here

See the powerful megachips that will clash at Hot Chips

Speed is kingImage by University of California, DavisThis year's Hot Chips conference is all about chips that can rake, power efficiency be damned. That's because virtual reality, machine learning, and self-driving cars demand heaps of processing power, not low power consumption. Here are some the fastest chips being detailed at the conference, starting Sunday in Cupertino, California.To read this article in full or to leave a comment, please click here

Worth Reading: Lawless government hacking

In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and “digital sabotage.” And this is no abstract question—these actions increasingly endanger everyone’s security. —Deep Links

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Lawless government hacking appeared first on 'net work.

Chinese approval clears the way for Dell’s huge EMC buy

Dell’s massive acquisition of EMC reportedly has passed legal muster in China, clearing what is expected to be its last hurdle.The acquisition, announced last October with an estimated value of US$67 billion, has been approved by Chinese regulators, according to the New York Post. That’s expected to be the last step toward closing the deal, though the companies may not announce its completion formally until next week. The combined company will be called Dell Technologies, while its PC business will keep the pure Dell name.To read this article in full or to leave a comment, please click here

Hyundai in talks with Google on developing self-driving cars

Hyundai President Jeong Jin Haeng said this week his company is talking to Alphabet's Google unit about helping it develop a self-driving car.The world's fifth largest automaker hopes to enter into a symbiotic relationship, where it will bring its manufacturing prowess to Google and the Silicon Valley giant will help the automaker's autonomous technology development."Hyundai is lagging behind the competition to develop autonomous vehicles," Ko Tae Bong, senior auto analyst at Hi Investment & Securities Co, told Bloomberg News. "It's not a choice but a critical prerequisite for Hyundai to cooperate with IT companies, such as Google, to survive in the near future."To read this article in full or to leave a comment, please click here

Why Vietnam is an attractive IT offshoring destination

Vietnam’s technical talent, retention rates and modern tech infrastructure has attracted the likes of IBM, Microsoft and Intel to set up operations there. While it will never be able to offer the scale of IT services hubs in India and China, Vietnam is increasingly an attractive alternative for IT organizations that are frustrated with high turnover and rising costs in the usual offshore locations.[ Related: Is Vietnam a viable offshore outsourcing alternative? ]To read this article in full or to leave a comment, please click here

1 2,681 2,682 2,683 2,684 2,685 3,792