Fourth Amendment Beats Surveillance State In Court
Calendar Malware / Rep-destruction as-a-service / Robot Rocket Factory / Pwned For Sale / Pole Camera Legal Challenge
Charlie Osborne: This is how scammers are now abusing Google Calendar to pillage your data
In the name of collaboration, invitations which appear on your calendar can be useful functions, especially for those in business and management. However, scam artists exploit what are usually valuable features for users.
Back in February, researchers from GreatHorn came across a Microsoft scam which used the spoofed name and email address of a chief executive at the company they were targeting.
Victims were sent a calendar invitation relating to a fake meeting organized by the ‘CEO,’ and those that clicked the link were taken to a phishing website designed to look like Microsoft Outlook for the purpose of stealing their account credentials.
Now, it appears scammers are targeting Google Calendar. Kaspersky researchers said on Monday that multiple cases of the latest invite scheme were detected throughout May, in which fraudsters sent unsolicited event invitations by abusing a “free online calendar service that adds invitations and events to users’ calendars automatically.”
The spam message blast exploited a smartphone-based feature for Gmail which automatically added and notified potential victims of the fraudulent calendar invitations.
These pop-up notifications were not as sophisticated as the aforementioned business scam which pretended to be legitimate communication from a CEO; rather, the invitations they connected to contained a phishing link which sent victims to a survey website offering money for questionnaire completion.
Get the whole story about disabling the public to add to your calendar over at ZDnet.
This surface allows attackers to verify availability, and on an C-level calendar that can be a problem. Calendar abuse is another place where we should be educating users about what information they’re really making available. So many times open visibility and availability is important for making business connections with those who aren’t yet a trusted contact. What solutions have you found that work? Have you experienced calendar spam? Leave me a comment below or engage with me on Twitter at Weym0
Lisa Vaas: It’s a SCAM — Send Bitcoin or your company’s reputation is TOAST!
…extortion is coming from spoofed email addresses and threatening to rain down locusts and hellfire and halitosis unless the recipient sends the blackmailer 0.3 BTC (US $2,385.37).
If you don’t send the money, the extortionist threatens, they’ll send millions of emails from your domain, leave boatloads of derogatory reviews about your site, and spoof your domain so as to submit foul messages to other people’s contact forms.
It’s a full-service reputation-ruining package aimed at your site and its/your reputation.
…This is basically just a twist on the sextortion scams we’ve been writing and talking about over the past few months.
While sextortion combines sex and extortion, with online crooks claiming to have embarrassing pictures of you that they threaten to send to friends and family, this new scam instead focuses on the reputation of your site. It’s easy to see how individuals or businesses might well take that threat seriously, given how much money is at stake when you’re talking about reputation.
Just like with sextortion scams, these reputation extortion scams don’t mean you’ve been hacked.
Could an attacker do everything that this one is claiming they’ll do? Yes, but it sounds like an awful amount of work, doesn’t it?
Lisa goes on to explain exactly who the scammers are and what you can do about it over at Sophos’ Naked Security blog. And if you’re concerned about messages that say you’ve been naughty on your webcam and they have the pictures to prove it, cover your webcam with tape and get off those red light district sites…they’re dangerous for all sorts of reasons.
Eric Berger: Where will the world’s first autonomous rocket factory be built? Mississippi
“This building will be a long-term enabler of our vision,” said Jordan Noone, co-founder and chief technology officer for Relativity. Based in Los Angeles, the company aspires to use 3D printing, machine learning, and automated technologies to build rockets at a lower cost in days or weeks instead of years.
The nine-year lease, which includes options for extensions, came at a “very low cost” said Noone. The state of Mississippi also offered an incentive package because the company says it will bring high-paying, high-tech jobs to the region. Over the next five years, Relativity will invest $30 million in infrastructure and grow its on-site team from 10 employees — presently engaged in engine and stage testing at a Stennis facility — to 200 workers.
There are many details about how Relativity will use this factory near its test firing range for the Terran 1 rocket in the article at Ars Technica.
Tim Anderson: Have I Been S0ld? Troy Hunt’s security website is up for acquisition
Tory Hunt, inventor and operator of the popular security website Have I Been Pwned (HIBP), is putting the service up for sale.
Hunt, a Microsoft Regional Director and MVP for security, created the site in 2013 after Adobe leaked 153 million usernames and weakly encrypted passwords. Users can enter an email address and discover if it is included in the exposed data. You can also enter a password to see if it features in a data breach.
The site was soon extended with data from other breaches and now contains nearly 8 billion records. HIBP publishes an API which gets over 12 million hits a day, most of them checking whether a password is safe to use. Mozilla’s Firefox is one of a number of products that integrates with the API to help users choose strong passwords. Commercial subscribers, governments and law enforcement agencies use the service too.
Hunt said in today’s announcement that “to date, every line of code, every configuration and every breached record has been handled by me alone. There is no ‘HIBP team’, there’s one guy keeping the whole thing afloat.”
What is happening to this treasure trove of hacked information? Get the rest of the story over at The Register.
You may recall that about this time last year Firefox began including HIBP alerts in its services. It has been an indispensable aggregated source for average people to discover if they’ve been compromised. It’s sad to see the end of this tool and I hope a big name in security will acquire it, treat it with the care it deserves, and continue to use it for the good of the people.
Tim Cushing: Federal Court: Eight Months Of Utility Pole Camera Surveillance Is A Fourth Amendment Violation
…it is not declaring all surveillance camera use a search under the Fourth Amendment. Instead, it’s saying that this set of circumstances makes it a search that interferes with the defendants’ reasonable expectation of privacy. The camera setup used here could focus on multiple areas, zoom in close enough to read license plate numbers, and — perhaps most importantly — create a searchable set of recordings the government could browse at its leisure and use to reconstruct the lives of the home’s occupants over…several months. That exceeds what the court — and the defendants — find reasonable.
This article over at TechDirt is worth a read. It discusses whether or not Americans have any right to privacy outside their homes and just what surveillance goes too far. Extrapolated, I wonder if a greater case could be made about our movements and lives online in general. We know we are tagged and tracked constantly, but by whom and for what purpose? Is it just to provide us with appropriate ads we might be interested in? Or, is there something more sinister at play with the intelligence community? How do balance civil liberties with our need to protect citizens? I like to believe that our intel system should work like an iron dome, protecting us from enemies to provide an umbrella of freedom underneath, like federalism. But what if the enemy is domestic? What if the enemy is already at the front door? And do our alternative reality politics reflect what serves #WeThePeople best?
Speaking of politics, I’m happy to announce my latest tract, “The Dirty Deeds Playbook” is available now for pre-order at just $2.99 as a pre-launch price for Kindle. Paperback to follow.
It’s a satirical field manual for using fools and fanatics to sew chaos in American elections for 2020 and beyond.
It is based on tools and techniques, observations and deception that I’ve seen in the American election process over the past few years.
