Category: Data Management & Networks

16 year old Miami highschool student hacks school system

Big Data, Business, Communications, Data Management & Networks, Digital Systems Technology, Education, Government, North America, Politics, Regulation News, Software, Technology, Technology News

It’s every kids dream for school to be cancelled, but for many students 2020 has already been stressful enough. Students in Florida, USA however were shocked to find themselves locked out of their online classrooms come the first day of term this September. Having to adapt to new online learning environments already, students found themselves rightfully confused by their failed attempts for online access. 

So what happened?

Miami-Dade Schools’ online classes were brought down, a crash of the entire school system that saw students locked out of their online classes for the first three days back to school. Students and teachers alike however were taken a back to find out this was not the result of a complex hacking attack or situation: it was a 16 year student from the same school district. An unlikely teenager to carry out the attack, the result made national and international news headlines.

The 275,000 students in the school’s districts who tried to log on that morning found the system to be overloaded by data. The 16 year old junior in high school – who’s personal details have not been released – was called ‘polite’ and ‘intelligent’ by his neighbours. One neighbour, a Ben Herrera was quoted by the Miami Herald as saying: “He’s an awesome kid, […] What saddens me is how he’s going to be portrayed, and we’ve got to realize with this pandemic that kids are bored, isolated, stuck with too much time on their hands and maybe they do something irresponsible.” 
While neighbours might be showing sympathy for the boy, the school district is persuing their multiple charges of Distributed Denial-of-Service attacks. The boy claims his attack was constituted from a free and easily available free software download, which begs the question: why was the My School Online learning platform so vulnerable to an amateur attack?

Trump backs down, supports TikTok deal

Asia, Business, China, Countries, Data Management & Networks, Digital Systems Technology, General, Social Media, Technology, USA

TikTok’s US operations got a new lease on life Sunday after President Donald Trump announced that he was supporting a deal between the Chinese app’s parent company ByteDance and American tech company Oracle.

“I have given the deal my blessing,” Trump said. “I approve the deal in concept.”

So much for all of his anti TikTok histrionics. Just a few days ago he stated that, beginning Sunday, he would prohibit Americans from downloading the app. This came after he said he was “conceptually” opposed to a deal that allowed ByteDance to hold onto a majority stake of TikTok.

But Trump has given his “blessing” to a deal that does just that.

As Reuters reports, the deal places TikTok in the hands of a new company called TikTok Global. While headquartered in the US, TikTok Global is majority owned by ByteDance, which has an 80 percent stake. What remains is split between Oracle Corp (12.5 percent) and Walmart (7.5 percent).

Critically, though, all of TikTok’s user data from the US will be hosted by Oracle. The user data question was the main sticking point, as Washington argued that the Chinese Communist Party had access to TikTok’s databases, putting the privacy and security of American users at risk. Indeed, Trump and his lackeys routinely and melodramatically asserted that TikTok posed a grave “national security threat” to the United States.

Again, Trump previously stated that he would not support a deal that resulted in ByteDance retaining a majority stake. But he’s moved the goal posts and is justifying his reversal by pointing to the fact that approximately 40 percent of ByteDance stock is owned by American investors.

Add that 40 percent to Oracle’s 12.5 percent and Walmart’s 7.5 percent, and Americans technically have a majority stake. So goes the new argument, which your average online tutor will tell you is specious at best.

Of course, Trump will approve the deal not because it satisfies his administration’s “national security” concerns, but because it gives him one more thing to boast about in the run up to the presidential election on 3 November.

A new national poll from the Wall Street Journal and NBC News has Democratic nominee Joe Biden up 8 points on Trump.

UK becomes the next country to ban Chinese tech company Huawei

Australia, Big Data, Business, China, Communications, Data Management & Networks, Digital Systems Technology, Europe, Social Issues, Technology, Technology News

Following the ban of Huawei from Australia back in August 2018, the Chinese giant tech firm has been making headlines in the UK recently in a recent controversial battle. The debate stems from a wide range of concerns, with some conspiracy theories ranging from the 5g network it was working on being the cause of the coronavirus, or rumours of it being able to supposedly break down blood cells like acid, to more serious concerns regarding data privacy. 

Similar to the decision from the Australian government back in 2018 to ban Huawei and fellow Chinese firm ZTE from supplying Australia with 5g technology. The ban came over much discussion and investigation into the companies as a security risk. This sentiment has not been successfully dissipated by Huawei, who have continued to face trouble around the world. At the time the responded in a tweet with the following statement: ‘We have been informed by the Govt that Huawei & ZTE have been banned from providing 5G technology to Australia. This is a [sic] extremely disappointing result for consumers. Huawei is a world leader in 5G. Has safely & securely delivered wireless technology in Aust for close to 15 yrs’. 

The most recent trouble comes as Huawei is banned from the UK from taking part in setting up its 5g wireless network for heightened connectivity. With much debate and protest from both sides the decision was made in July 2020 that there would be no more sale of Huawei technology in the UK after December of this year, and removed entirely from Britain’s 5g network by 2027, it was announced by the government. 

The decision has been suggested to be influenced by geopolitical tensions between the USA and China currently, with US Secretary of State Mike Pompeo declaring last month that “The tide is turning against Huawei as citizens around the world are waking up to the danger of the Chinese Communist Party’s surveillance state.” 

Let them eat packages

Business, Communications, Data Management & Networks, General

As of this writing, nearly 640,000 people around the world have died from COVID-19. Many millions more have lost their jobs due to the pandemic. A good percentage of those jobs are gone for good. Scientists are scrambling for a vaccine as “second waves” of the virus sweep across the globe. The overall damage caused by the pandemic is incalculable and much of it is irreversible.

In other news, Amazon founder Jeff Bezos made $13 billion in one day this week. That’s not $13 billion for his company—it’s $13 billion for Bezos himself. His net worth now stands at a modest $186 billion.

As Business Insider reports, Bezos is now worth more than some of the largest corporations in the world, including Nike, Costco, McDonald’s, and IBM. The article continues: “His wealth is more than double the market caps of Starbucks ($88 billion) and Goldman Sachs ($73 billion), and more than triple the market caps of General Electric ($62 billion) and Target ($60 billion).”

I think it is safe to say that Bezos has achieved Marie Antionette status. Unless you’re a technocrat, working for Amazon is a living hell. Go ahead and read some of the stories out of Amazon’s sweat shops—or “fulfillment centers” in corporate-speak. Last year the Atlantic published an article detailing how often Amazon workers are injured on the job.

“Taken together, the rate of serious injuries for [23 Amazon warehouse] facilities was more than double the national average for the warehousing industry: 9.6 serious injuries per 100 full-time workers in 2018, compared with an industry average that year of 4.”

In other words, if you’re an Amazon “fulfillment worker,” you have a 10 percent chance of getting seriously injured when you’re at work.

The Atlantic piece goes on to list some of the other ways in which Amazon abuses and exploits its workforce. For example, mandatory 12-hour shifts and impossible packaging quotas. One worker—a disabled veteran—was fired after performing at a rate of 98.45 percent. (“He had to pick 385 small items or 350 medium items each hour.”)

There’s also the well-known fact that Amazon traces the movements of its warehouse workers—right down to the positioning of their hands—by making them wear bracelets, and uses a heat map to show which of its locations are most at risk of unionizing. That includes its pretentious Whole Foods locations.

Last month demonstrators put a mock guillotine outside of Bezos’ DC mansion. The sentiment is understandable. Where is Robespierre when you need him?

Tick-tock, tick-tock: time is running out for TikTok in the US

Asia, Australia, Big Data, Business, China, Communications, Countries, Data Management & Networks, Digital Systems Technology

Here is a syllogism: TikTok is owned by a company called ByteDance. ByteDance is based in Beijing. Therefore, Washington is moving to ban TikTok in the United States.

Just this week the US House of Representatives voted to prohibit federal employees, including senators and reps, from using TikTok on government devices. Politico reports that the amendment (it’s part of a $741 billion “defense” budget bill) passed comfortably—336-71.

Why any federal employee would want to use TikTok in the first place is beyond me. Last I checked it was an app for preteens. But I suppose that is neither here nor there.

The point, according to Washington, is that TikTok represents a unique national security threat. Asked whether Americans ought to use TikTok, America’s top diplomat—the fleshy Mike Pompeo—said:

“Only if you want your private information in the hands of the Chinese Communist Party.”

The argument being that TikTok collects its users’ data and then shares said data with the sordid Politburo. It’s not a frivolous concern, and TikTok’s insistence that it would never ever do such a wicked thing is not impressive. It’s just really hard to agree with Mike Pompeo, who went on to say that banishing TikTok, along with other Chinese apps, is “something we’re looking at.”

Well, this has reportedly engendered a frenzy in the American business world. A group of investors is considering purchasing a majority stake in the app with a view to saving it. TikTok hasn’t commented on this development yet, simply stating that “We are very confident in the long-term success of TikTok and will make our plans public when we have something to announce.”

But even if such a change in majority ownership were to occur, Washington probably wouldn’t be mollified. Paul Triolo, head of global tech policy at Eurasia Group, put it this way to CNN:

“It does not seem likely that US investors alone buying a majority ownership stake would satisfy CFIUS or broader US government concerns about the Chinese ownership piece and the potential for US personal data to find its way back to Beijing.”

TikTok is under fire elsewhere too. India has already banned it and other Chinese apps following a deadly skirmish between Indian and Chinese soldiers along their mutual border in the Himalayas.

Facebook admits it collects users’ audio data and has it reviewed

Data Management & Networks, General, Mobile Security, Networking, Social Media

Facebook pays hundreds of contractors to transcribe bits of audio taken from its users, according to a report in Bloomberg.

Disturbing enough, but get this: the people contracted by Facebook to do this … shady work have no idea what the purpose of such work is. These contractors, who spoke to Bloomberg on condition of anonymity lest they face some kind of disciplinary action, have no information about where the recordings come from, how they were collected, nor why Facebook wants them transcribed. They are simply given audio of Facebook users’ conversations and told to write it down.

After hearing of the practice, the Irish Data Protection Commission announced that it would be performing an investigation to see whether Facebook is in violation of the European Union’s privacy laws.

Caught red-handed (like Apple was in recent weeks), Facebook said it has already stopped the activity. Surprise, surprise. “Much like Apple and Google, we paused human review of audio more than a week ago,” the tech giant said, the operative word being “human.” In another surprise (not), Facebook claims its users consented to having their audio recorded and transcribed. I’m sure they did so freely, voluntarily and knowingly, and not because they didn’t understand the implications of such a policy.

Founder Mark Zuckerberg was grilled about this, and many other things, during his testimony to the US Congress in 2018. He didn’t have answers of the lawmakers then, but his company submitted a few after the fact. With regard to the audio collection, Facebook said it “only accesses users’ microphone if the user have given our app permission and if they are actively using a specific feature that requires audio.”

Here’s a question for Facebook: if this is such an innocuous thing, to which users are voluntarily submitting, why discontinue it? Maybe because, as Bloomberg reports, “Facebook hasn’t disclosed to users that third parties may review their audio.”

It’s high time people initiated a mass boycott of Facebook. The company needs us far more than we need it.

MoviePass left thousands of user card numbers exposed in unprotected database

Data Management & Networks, Digital Systems Technology, General, Mobile Security

MoviePass, a subscription-only move ticket service, exposed tens of thousands of its users’ credit card information due to insufficient security of a server, TechCrunch reports. The exposed database, discovered by cybersecurity company SpiderSilk, reportedly contained 161 million records, many of which included credit card numbers and other private information. TechCrunch explains:

“These MoviePass customer cards are like normal debit cards: they’re issued by Mastercard and store a cash balance, which users who sign up to the subscription service can use to pay to watch a catalog of movies. For a monthly subscription fee, MoviePass uses the debit card to load the full cost of the movie, which the customer then uses to pay for the movie at the cinema.”

The tech publication examined a sample of 1,000 of the aforementioned records and found that more than half showed MoviePass debit card numbers, expiration dates, account balances and the time of activation. Also contained in the records were personal credit card numbers, including expiration date and billing information (names and addresses).

MoviePass has since closed the database, which was accessible for months. TechCruch says it reached out to MoviePass with a number of specific questions but that the company’s only response was the following generic statement:

“MoviePass recently discovered a security vulnerability that may have exposed customer records. After discovering the vulnerability, we immediately secured our systems to prevent further exposure and to mitigate the potential impact of this incident. MoviePass takes this incident seriously and is dedicated to protecting our customers’ information. We are working diligently to investigate the scope of this incident and its potential impact on our customers. Once we gain a full understanding of the incident, we will promptly notify any affected subscribers and the appropriate regulators or law enforcement.”

SpiderSilk’s Mossab Hussein, the researcher who first discovered the vulnerable database, told TechCrunch that there is no excuse for MoviePass’ negligence in this scenario, which is one we keep seeing played out over and over again across the digital world.

“We keep on seeing companies of all sizes using dangerous methods to maintain and process private user data,” he said. “In the case of MoviePass, we are questioning the reason why would internal technical teams ever be allowed to see such critical data in plaintext—let alone the fact that the data set was exposed for public access by anyone.”

StockX hacked, millions of users affected

Data Management & Networks, Start Ups

Last week StockX, a website in which users buy and sell sneakers and fashion accessories according to a stock market-like structure, issued a bewildering statement indicating that it had been forced to reset customers’ passwords due to unspecified “system updates.”

“We recently completed system updates on the StockX platform,” a user notification announced. “To access your account, reset your password by clicking below.”

StockX was lying. Edging closer to the truth, a company representative later admitted that “StockX was recently alerted to suspicious activity potentially involving our platform. Out of an abundance of caution, we implemented a security update and proactively asked our community to update their account passwords.”

But as TechCrunch reports, that was a half-truth at best:

“An unnamed data breached seller contacted TechCrunch claiming more than 6.8 million records were stolen from the site in May by a hacker. The seller declined to say how they obtained the data.

“In a dark web listing, the seller put the data for sale for $300. One person at the time of writing already bought the data.”

As proof, this anonymous person gave TechCrunch 1,000 of the stolen customer records. After directly contacting the customers, the website was able to confirm that the records were genuine.

“The stolen data contained names, email addresses, scrambled password (believed to be hashed with the MD5 algorithm and salted), and other profile information — such as shoe size and trading currency,” TechCrunch reports. “The data also included the user’s device type, such as Android or iPhone, and the software version.”

Before publishing its story, TechCrunch reached out to StockX personnel, who declined to comment. “A non-attributable statement published late on Saturday confirmed our reporting, but the company did not answer our specific questions, including why it failed to inform customers when it first learned of the data breach and why it misled customers prior to our reporting.”

Founded in 2015, StockX is now valued at more than $1 billion. If it wishes to stay there, it should perhaps consider apprising customers of security breaches that put them at risk. Opacity and lack of accountability appear to be something of a principle among tech companies. How much longer will people put up with it?

Cloudflare drops 8chan following El Paso mass shooting

Data Management & Networks, Networking

Cloudflare, a leading internet infrastructure and security website, has announced that it’s kicking 8chan off its service after the mass shooting in El Paso, Texas which killed 20 people and wounded many others. According to media reports, the alleged shooter posted a racist “manifesto” on 8chan just minutes before opening fire inside a Walmart.

8chan is a forum where ultra-right-wing cranks can share their psychopathic views about race, religion, immigration and gender relations, among other things. Prior to El Paso, 8chan was serviced and protected by Cloudflare, which ensured the site wouldn’t be taken down as a result of distributed denial of service (DDoS) attacks.

In a blog post, Cloudflare CEO Matthew Prince explained the reasoning behind the company’s decision to pull the plug on 8chan, which Prince described as a “cesspool of hate.”

“Unfortunately, this is not an isolated incident,” he wrote. “Nearly the same thing happened on 8chan before the terror attack in Christchurch, New Zealand. The El Paso shooter specifically referenced the Christchurch incident and appears to have been inspired by the largely unmoderated discussions on 8chan which glorified the previous massacre. In a separate tragedy, the suspected killer in the Poway, California synagogue shooting also posted a hate-filled ‘open letter’ on 8chan.”

He continued:

“They [8chan] have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit.”

Prince also emphasized that booting websites off Cloudflare’s platform is not an easy decision to make, given the free speech implications involved. However, he stated that while his company puts up with plenty of questionable content, “we draw the line at platforms that have demonstrated they directly inspire tragic events and are lawless by design. 8chan has crossed that line. It will therefore no longer be allowed to use our services.”

None of which is to say that 8chan will suddenly vanish from the internet. Indeed, Prince points out that the site will almost certainly be picked up by another provider, just as the neo-Nazi Daily Stormer was upon being dropped by Cloudflare.

“They are no longer Cloudflare’s problem,” Prince said of the Daily Stormer, “but they remain the Internet’s problem.” Ditto for 8chan.