Archive for July 21, 2012

| July 31, 2012
Comments Off

Mommy Hacker

HackerzTime Magazine reports that a Pennsylvania woman faces six felony charges for hacking the computer system at her kids schools. Catherine Venusto, 45, hacked into the Northwestern Lehigh School District computer system and altered the grades of her two children, ABC News reports. Venusto had worked at the district as an administrative office secretary from 2008 through April, 2011. A year before she quit, Venusto, of New Tripoli, PA ad been accused of changing her daughter’s failing grade to a medical exception. And in February, 2012, she was accused of changing her son’s 98 to a 99.

Data integrityMs. Venusto was arraigned on three counts of unlawful use of a computer and three counts of computer trespassing and altering data. All six of those charges are third degree felonies. Pennsylvania State police say Venusto admitted changing the grades, saying she thought her actions were unethical but not illegal.

When ABCNews.com attempted to contact Ms. Venusto at her current job as an event coördinator at Lehigh University, a school employee said her employment ended Wednesday.Venusto’s lawyer, Thomas Carroll, declined to comment.

School grades“I’m concerned on numerous levels,” said Jennifer Holman, Northwestern Lehigh School District’s assistant superintendent. “When we say systems, there were three difference systems violated…There were 10 different users that at some point had their email violated.”

Assistant superintendent Holman told ABCNews.com that she first realized something was wrong when a teacher asked why superintendent Mary Ann Wright was in that teacher’s online grade book. Once Wright explained she was never in the grade book, administrators and state police began looking for whoever used Wright’s username and password without permission.

Bad passwordsPA State police discovered Venusto used Wright’s username and password 110 times to access the district’s online grading system, according to the District Attorney’s office. Venusto also allegedly accessed nine other faculty members’ email accounts without permission, and accessed the human resources “H-drive” to view “thousands of files associated with district policy, contract information, employee reports and personnel issues.”

Superintendent Wright released a statement on Wednesday in anticipation of Venusto’s arraignment.

“We deeply regret this incident and that this unauthorized accessMommy hacker occurred, and we sincerely regret any inconvenience this may cause,” Wright wrote. “We are doing everything we can to prevent this from happening again, and new security procedures are in place to better assure that our systems are protected from such attempts.”

The court set bail at $30,000, but Venusto will not have to pay it unless she does not appear in court for her preliminary hearing. Venusto could face a maximum of 42 years in prison or a $90,000 fine, according to District Attorney’s office spokeswoman Debbie Garlicki, who said the maximum penalty on each count is seven years or a $15,000.

rb-

Deputy Barney FifeThe mommy hacker’s defense is “I thought it was immoral but not illegal”. I will mention in passing the declining parenting standards which is creating a bunch of narcissistic and self-absorbed generation that has no conscious to what right and wrong is. 

The Administration and IT department both bear blame for this intrusion. Some easy to implement best practices could have shut the mommy hacker down quicker. They should have required regular password changes. They could have broken the bank and installed an intrusion protection systems. Those of us who work in K-12 understand that security is only important after an incident.

 

Category: Security | Tags: , , , ,
| July 28, 2012
Comments Off

LCD Tech Explained

LCD panelLCD panels are crucial to adoption of most mobile technology. Without LCD panels we would probably be stuck with mobile devices that still look a lot like the Compaq Portable. Engadget points us to a video from the EngineerGuy, aka Bill Hammack which does a great job of explaining how a LCD panel works and what backlights, light diffusion and subpixels have to do with viewing talking dogs your new iPad.

Category: Hardware | Tags: , , , , , ,
| July 27, 2012
One comment

Bill Ford Wants to Turn Michigan into “Silicon Valley of Mobility”

Michigan Ford Motor Company (F) Executive Chairman Bill Ford Jr. believes Detroit and Michigan can shed their rust belt persona. In a speech during the annual Mackinac Policy Conference, on Mackinaw Island, Mr. Ford said the Motor City can shed its rust belt image and take on high-tech communities like San Francisco, Palo Alto, California or Seattle. The Ford Chairman contends Michigan can be repositioned as the “Silicon Valley of Mobility.”

Ford Motor Company logoThe Detroit Bureau observes this is a matter of been-there-done-that. In its heyday, in the early years of the 20th Century, Detroit was the quintessential American boom town, much like Silicon Valley is today. It was dubbed by many the “Paris of the Midwest” because of its art, architecture and sophisticated lifestyle. But things began to rapidly decline in the post-War years and today some old industrial sites are being converted back to farmland.

Chairman Ford insisted continuing decline is not inevitable, especially if Detroit and Michigan embrace new “green, smart technologies.” Mr. Ford continued, “To address this issue, we will once again need new technologies, as well as new ways of looking at the world. We will need to view the automobile as one element of a transportation ecosystem.”

Detroit ZooThe automobile, Bill Ford has noted on several occasions, can no longer be viewed as a standalone machine. Industry leaders need to accept and respond to such challenges as fuel economy, emissions, safety and highway gridlock.

“This technology is in varying stages of development and deployment, but it promises to radically transform the experience of driving,” said Ford during his speech. “As it develops, I believe Michigan must become the Silicon Valley of the mobility revolution.”

The Ford Chairman noted the automaker has so far invested nearly a billion dollars in battery technology in Michigan. That includes upgrades to the Michigan Assembly Plant in the Detroit suburb of Wayne that recently began producing the new Ford Focus Electric. The factory will also add a plug-in hybrid version of Ford’s new C-Max “people-mover” later this year.

Help wantedAs TheDetroitBureau.com recently reported, there has been a significant turnaround in terms of high-tech job opportunities in Michigan. According to the Society of Automotive Engineers and other groups, there is now a shortage of trained specialists, especially with more advanced skills in areas such as fuel economy and emissions controls. And Detroit’s Big Three aren’t the only ones hiring. Virtually every major automaker and supplier now has a significant tech presence in Metro Detroit, including Toyota which has set up a major test track and engineering center near Ann Arbor.

In his speech, Chairman Ford noted a recent study by TechAmerica Foundation (which I also noted here) that found that despite the deep recession Michigan had added more high-tech jobs in 2009 and 2010 than any other state.

Investment in upgrading the electrical gridThe turnaround of the Great Lakes State will require a significant effort, the Ford Chairman acknowledged, and will take steps that ensure its competitiveness according to the article. He concluded his speech by calling on lawmakers to take several steps, including the elimination of personal property taxes and an investment in upgrading the electrical grid – which many see as a significant impediment to both expanded industrialization and the growth of the electric vehicle market.

“We can keep this momentum going if we are frank about the areas in which we can improve and we build upon our advantages,” Ford added.

rb-

I think there are more fundamental problems that Michigan is going to have to solve before it can take on Silicon Valley. The labor supply pool in Michigan is very thin even for the most basic IT positions like field technicians. Where I am working now, it is a constant struggle to find staff that have some enterprise experience and people skills. I think that anybody with some good skills is either working or has left Michigan.

 

Related articles
Category: Michigan, Wireless | Tags: , , , , , , , ,
| July 25, 2012
Comments Off

Social Networks Are Malware Launch Pads

Social networkingSocial networks’ role in the growth of the global virtual society has been well documented. What is not so well documented according to Help Net Security is the role social networks have in spreading malware. The security and privacy mechanisms of social networking firms such as LinkedIn (LNKD), Twitter and Facebook (FB) have proven insufficient to prevent exploitation.

The article notes that “To Err is Human,” and human errors lead to exploitSocial mediaation and manipulation whether the social network is online or offline. Social networks hold a plethora of personal information on the users that form the network. Individual connections between users collectively form a web of connections. To build each link between users an implicit trust is required between the two users and implicitly across the entire network. Any information provided by an individual user through chained connections becomes a part of the full network. When an attacker is able to exploit one user in the social network, they have the potential to be able to push malicious content into the network. The network’s connectivity enables the spread of the exploitation. The blog explains that attackers exploit the weakest link in the chain.

The inability of users to determine the legitimacy of content flowing through the social network aids this exploitation process. Help Net Security says the biggest problem with the online social networks is that they do not have built-in protection against malware. For example, current social networks do not scan the URL’s and embedded content coming from third-party servers such as Content Delivery Networks. Therefore, there is no way to authenticate the URL’s passed among the user objects in the social networks.

The infection process begins with the exploitation of humanWeakest link ignorance and followed by spreading of the malware through the trust upon which the network is based.

The article further explains that to start the exploitation process, an attacker will pick an issue that affects human emotions to evoke a response so the social network user will do something the attacker wishes. Phishing and spam messages about weather calamities, politics and financial transactions are used for starting infections. The author states that since social network exploitation begins by exploiting an individual’s ignorance common attack strategies have emerged.

One of the simplest infection techniques is to put malicious URLs on a Facebookuser’s Facebook message wall. When a user clicks on an illegitimate hyperlink it can result in automatic download of malware through the browser. Some of exploits used are:

  • Browser Exploit Packs (BEP) which fingerprint the browser version and other software on the user machine. Based on this information, a suitable malware is served to the user which uses exploits for that particular browser.
  • Drive-by-Download attacks begin by visiting a malicious Botnets and Browsers – Brothers in a Ghost Shellpage. They exploit vulnerabilities in browsers and plugins. Successful exploitation of the vulnerability causes a shell code to run that in turn downloads the malware into the system.
  • Malicious advertisements (malvertisements) happen when an attacker injects a malicious link in a users Facebook wall to spread malware. The fake post is linked to a third-party website which has malicious advertisements embedded in it. These advertisements are linked to malicious JavaScripts which executes the malicious content in the browser.

Trojan horseHelp Net Security states that online social networks are not harnessing the power of Safe Browsing API’s from Google (GOOG) or similar services to instantiate a verification procedure before posting a URL back to a user profile. Lack of such basic protections is a key factor in making the social networks vulnerable to exploitation.

Microsoft (MSFT) recently spotted a Facebook attack in the wild that exploited Facebook users trust in a social engineering campaign. The attack tries to trick Facebook users into installing a backdoor Trojan with keylogging capabilities according to the Help Net Security report.

MSFT says the Facebook Wall messages varied but they all lead to Computer trojan horsefake YouTube pages. Once there, the user is urged to download a new version of “Video Embed ActiveX Object” to play the video file. Unfortunately, the offered setup.exe file is the Caphaw Trojan.

The trojan bypasses firewalls, installs a FTP and a proxy server and a keylogger on the affected machine. Microsoft’s Mihai Calota says ” … has built-in remote desktop functionality based on the open source VNC project.” MSFT says the Facebook attack can be used to steal money, “We received a report .. that money had been transferred from his bank account … The keylogging component, coupled with the remote desktop functionality, makes it entirely possible for this to have happened.”

rb-

The articles correctly state that security and Boy with knife and electricityprivacy mechanisms are indispensable for safe online social networking. Built-in security is necessary because attackers exploit the trust, curiosity and ignorance of the social network customers to their own profit. User should demand safe and secure transmission of the information and user’s privacy. These should also be a focus of the social networking companies.

To protect themselves, users should:

  • Have up to date AV software running on their computers
  • Keep their browsers and operating systems fully patched
  • Change the passwords on all their sensitive accounts regularly
  • Warn friends and Facebook if an account seems to be hacked by using the Facebook “report/mark message as spam” option.
Related articles
Category: Security, Social Networking | Tags: , , , , , , , , , ,
| July 21, 2012
Comments Off

HDD in SloMo

The Slow Mo Guys videoed a hard disk drive at 1000 Frames Per Second to show how it works and then they destroyed it.

Related articles
Category: Hardware | Tags: , ,
« Older Entries  

Switch to our mobile site