The challenges of securing the Black Hat conference

“Things are flying [through the network] that would never, ever fly in a normal corporate environment,” said Mr. Stump in an interview on the sidelines of the five-day conference, which ended Thursday.

Their team, comprising about a dozen volunteers and specialists from technology companies, monitors and responds to more malware variants and malicious traffic over the course of a few days than they would see in an entire year on corporate networks, Mr. Wyler added.

The network operations center must maintain and defend systems that event staff, exhibitors, presenters and attendees rely on. The threats are external and internal, coming from hackers eager to make a mark. Over the course of the conference, there were 84,875 “network events,” or activities suspicious enough to make the team want to take a look.

Deciding what to police and what not to, in the spirit of running a conference for hackers, is a challenge. Attendees can hack each other; they just can’t install cryptojacking software—a program that uses the infected device to secretly mine currency—or ransomware, for example. Attacks directed at conference infrastructure are stopped.

Almost everything else is fair game, within reason, as many of the seminars at Black Hat are geared toward experimenting.

WSJ (sub required)

 

 

 

Your drug store is watching you

A startup named Cooler Screens is piloting a new door for commercial freezers and refrigerators that’s equipped with a camera, motion sensors, and eye tracking in six Walgreens pharmacies around the country, including the one off of Union Square. The doors can discern your gender, your general age range, what products you’re looking at, how long you’re standing there, and even what your emotional response is to a particular product.

The company says that the doors don’t store any of this data, which is anonymized, meaning that it won’t know that when you go to your local pharmacy you always buy ice cream (however, studies have shown that anonymized data, especially in cities, is possible to de-anonymize). Instead, it will use the data it’s collecting on you in real time to show you ads and promotions that the algorithm has determined might be relevant to you.

Fast Company

FullDoorOfVideos2 from Cooler Screens on Vimeo.

 

Giving billions a digital ID

Imagine for a moment that you are one of the estimated one billion people in the world—most of them among the poorest and the most vulnerable—who have no official identification. No birth certificates. No official ID documents. Nothing.

 

Without a way to prove who you are, you would face huge problems going to school, seeing a doctor, receiving government services, getting a bank account, finding a job, traveling across a border, or having access to many other rights and services most of us take for granted. Without an ID, you would be nameless in the eyes of the government and largely ignored.

 

For the last decade, Nandan Nilekani has been working to make these “invisible people,” as he calls them, visible by giving them access to official identification. One of India’s leading technology entrepreneurs, Nandan joined the government of India to lead the launch of India’s national biometric ID system, which uses fingerprints and other biological traits to verify the identities of the country’s more than 1.3 billion residents.

Gates Notes

 

 

The new neighborhood watch

Neighbors, an app launched by Ring, Amazon's smart-doorbell company. It's free to download and use, and lets people share, view and comment on crime and security information in their communities. Most of the posts are video clips shot by Ring video doorbells and security cameras.

Ring CEO Jamie Siminoff said in an interview last month that he sees Neighbors as a major part of his company's development, using the app to help more people work together to reduce crime in their communities. The app, which launched in the US in May, has over a million active users sharing information on alleged crimes and suspicious behavior, Siminoff said.

CNET

 

Robocop

In NYC last week I stayed at a hotel near the Knightscope store and encountered one of their security robots at LaGuardia airport. The Daily Mail explains what they can do

The robots, which can reach speeds of up to 3mph, are equipped with five cameras and feed captured patrol data to an internet-based portal which security teams can then use.

Among the robots' capabilities are the ability to record license plates, detect people, capture thermal imaging, provide 360 degree video, make broadcasts, provide intercom activity and find mobile devices within a set perimeter. 

The conical, self-propelled security robots were created by Silicon Valley company Knightscope and are being used in select cities around the US at venues including malls, hospitals, stadiums and warehouses, according to the company's website. 

Fending off GPS spoofing

Vehicles that rely on GPS navigation are vulnerable to spoofing, the sending of phony signals to lead them off their intended course. The palm-size Pyramid GPS SP from Regulus Cyber Ltd. uses a bundle of antennas and receivers to make sure the signals it’s reading are legit.

Bloomberg

Fingerprints, DNA, now voice analysis?

During his keynote at Cognizant Community, Malcolm Frank described how Rita Singh at Carnegie-Mellon U had helped the Coast Guard with machine learning applied to voice recognition use cases. It could be the next frontier in helping law enforcement agencies.

Here’s more from the Tribune-Review

“That's long enough for Singh. She can pull troves of information from short snippets of sounds.

“There are things about your voice that you simply cannot change, like the sound of your breath,” Singh said. “Any information that we give them narrows the search. We're not at the point where we can say this is what the person looks like, go get him.”

Singh wasn't really sure what she had until the Coast Guard came asking. The Coast Guard came to her with a tape. She listened to it, ran in through her computer programs and was surprised with what she found.

“That was when we realized what we could do and that was when they realized we could do it,” Singh said. “You could actually get a lot of information from sound and it was actually pretty useful.”

3D scanners at airports

Technology used in the medical field for years may soon revolutionize screening of carry-on bags at airports — bolstering security while dramatically cutting bottlenecks at checkpoints — with an expansion of testing planned for New York's John F. Kennedy International Airport early next year.

Computed-tomography (CT) machines being tested at airports in Phoenix and Boston allow Transportation Security Administration screeners to rotate a three-dimensional image of a suspicious object without opening up a bag, meaning travelers can whisk through faster without removing items such as laptops.

USA Today

Innovating the humble paper check

Even as digital payments proliferate, paper checks keep getting security enhancements

Enhanced security laser checks help guard against check fraud and identity theft with the addition of a 3D hologram medallion’ says John Ashe, senior market segment manager for Harland Clarke, Costco’s check supplier. ‘These features are very difficult to reproduce with conventional printers and copiers.”

Ashe says added levels of security include thermochromic ink, which disappears when heat is applied and reappears once cooled, and toner adhesion, which ensures that toner and ink from your printer or pen cannot be removed or lifted from the paper. Additional features include chemically reactive paper, a prismatic multicolored background and more.

Costco Connection

 

“Porch Pirates”

I would not have noticed the detail on the Amazon tracking site. I travel frequently and am often not here to accept deliveries. UPS has had a “no signature required” on my account for over a decade. But, I was in town yesterday, and waiting for neighborhood kids to show up for Halloween candy, so I can validate this package was not handed to me. It was left in front of our mailbox. The only reason I noticed the comment was because my wife wanted me to return some of the items and I had to track the order to get the return label.

The growth in ecommerce is leading to lots of unattended packages at the front door of houses, and it is leading to a growth in “porch pirates”.

Technology is allowing us to combat such theft. Amazon and Walmart are trying out courier services with access to your home.

 

Many households are protected with motion sensors, video doorbell and other surveillance technology

 

Police are starting to use “baits” with tracking devices to catch gangs of pirates as in below

 

But the simplest safeguard may be for couriers to ring the door bell and text you if you are not home so we can together also make it tough for the pirates.