Rick Richardson's Views On Technology
  • Home
  • Blog

Your Car May Be Recording More Data Than You Know

2/28/2021

0 Comments

 
Picture
When we think about privacy and who can access our location data, we’re often focusing on our phones and not on the machine that actually takes us places: our car. A recent report from NBC News goes into just how much data is collected by our vehicles and how it can be used by police and criminals alike.

Your car, depending on how new it is and what capabilities it has, could be collecting all sorts of data without your knowledge – including location data, when its doors were opened, and even recordings of your voice. The NBC article uses the example of Joshua Wessel, a man charged with murder because the victim’s truck has a recording of his voice at the time of the killing. The report also looks at a company called Berla Corp., which has built a business out of extracting that data on behalf of the police.

In broad strokes, it’s hard to guarantee any kind of data protection, simply because cars collect so much sensitive data. Berla’s software boasts the ability to read the unique IDs of Bluetooth and Wi-Fi devices that have connected to a car’s infotainment system, as well as call logs, contacts, and text messages. But infotainment data isn’t all it can read – it can also look at the logs kept by the car’s internal computer, revealing when specific doors were opened, as well as providing a location log from its built-in GPS.

It’s not just the police that can get at this information. NBC mentions an Australian man who used an app to access live data from his ex-girlfriend’s Land Rover. Not only was he able to access live information about the car, but he was also able to control it, remotely turning it on and off and opening windows.
​
The heart of the problem is that we’re sharing our private data with more and more devices, and the systems we rely on to keep that data safe are getting more complicated. If we really want to deal with the issue, we may have to take a hard look at our cars and start thinking about how much data they need.

0 Comments

FireEye Releases Network Audit Tool for SolarWinds Hackers

2/21/2021

0 Comments

 
Picture
Cybersecurity firm FireEye has recently released a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached.

With the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any of these techniques inside their networks.

Today's FireEye report comes as the security firm has spearheaded investigations into the SolarWinds supply chain compromise, together with Microsoft and CrowdStrike.

The SolarWinds hack came to light on December 13, 2020, when FireEye and Microsoft confirmed that a threat actor broke into the network of IT software provider SolarWinds and poisoned updates for the Orion app with malware.

The malware, known as Sunburst (or Solorigate), was used to gather info on infected companies. Most of the 18,000 SolarWinds customers who installed a trojanized version of the Orion app were ignored. Still, for some selected targets, the hackers deployed a second strain of malware known as Teardrop. They then used several techniques to escalate access inside the local network and the company's cloud resources, focusing on breaching Microsoft 365 infrastructure.

In its 35-page report, FireEye has detailed these post initial compromise techniques, along with detection, remediation, and hardening strategies that companies can apply.

Summarized, they are as follows:
  1. Steal the Active Directory Federation Services (AD FS) token-signing certificate and use it to forge tokens for arbitrary users (sometimes described as Golden SAML). This would allow the attacker to authenticate into a federated resource provider (such as Microsoft 365) as any user, without the need for that user's password or their corresponding multi-factor authentication (MFA) mechanism.
  2. Modify or add trusted domains in Azure AD to add a new federated Identity Provider (IdP) that the attacker controls. This would allow the attacker to forge tokens for arbitrary users and has been described as an Azure AD backdoor.
  3. Compromise the credentials of on-premises user accounts synchronized to Microsoft 365 that have high privileged directory roles, such as Global Administrator or Application Administrator.
  4. Highjack an existing Microsoft 365 application by adding a rogue credential to it to use the legitimate permissions assigned to the application, such as the ability to read email, send email as an arbitrary user, access user calendars, etc., while bypassing MFA.

"While UNC2452 has demonstrated a level of sophistication and evasiveness, the observed techniques are both detectable and defensible," FireEye said.

FireEye's ability to detect these techniques inside its network led to the company investigating an internal breach and then discovering the broader SolarWinds incident.
​
Similar tools to the one FireEye released today have also been released by the US Cybersecurity and Infrastructure Security Agency (called Sparrow) and CrowdStrike (called CRT).
0 Comments

DARPA Launches New Program to Develop Manufacturing in Space

2/14/2021

0 Comments

 
Picture
The Defense Advanced Research Projects Agency (DARPA) wants to invest in new materials and processes that could enable manufacturing in space and on the moon’s surface.

To that end, the agency is launching the Novel Orbital and Moon Manufacturing, Materials and Mass-efficient Design program, or NOM4D.

“NOM4D’s vision is to develop foundational materials, processes, and designs needed to realize in-space manufacturing of large, precise, and resilient Defense Department systems,” said Bill Carter, program manager in DARPA’s Defense Sciences Office.

DARPA said it is launching the program in response to the natural limitations of rocket launches in placing larger structures and systems in orbit. While the launch industry has expanded significantly in recent years, with dozens of new launch providers entering the fray, rocket launches are inherently limited – even the largest rockets have weight and volume restrictions. The solution? Place smaller pieces of a structure on-orbit with multiple launches, and then assemble them in space. Or better yet, collect materials from the moon to build with.

“We will explore the unique advantages afforded by on-orbit manufacturing using advanced materials ferried from Earth,” Carter said. “Large structures such as antennas and solar panels can be substantially more weight-efficient and potentially much more precise. We will also explore the unique features of in-situ resources obtained from the moon’s surface as they apply to future defense missions.”

Manufacturing in space could also enable more flexibility in designing space systems. Today, most satellites are designed to be as compact as possible to be integrated with and launched on rockets. But by assembling systems in space, systems can be designed without some of those volume restrictions, allowing them to be more mass efficient.

“We’re looking for proposers to come up with system designs that are so mass efficient that they can only be built off-earth, and with features that enable them to withstand maneuvers, eclipses, damage, and thermal cycles typical of space and lunar environments” Carter said. “Given the constraints of ground test, launch, and deployment, the traditional approach to designing space structures is not likely to result in dramatic improvements in mass efficiency. To take the next step, we’ve got to go about materials, manufacturing, and design in a completely new way.”

The idea of assembling systems and structures in space isn’t exactly new. Famously, the International Space System was assembled in space using several components individually launched into space.

“People have been thinking about on-orbit manufacturing for some time, so we expect to demonstrate new materials and manufacturing technologies by the program’s end,” Carter added.

With NOM4D, DARPA will work with participants over three 18-month phases to develop precise, mass efficient structures that could be used for on-orbit construction. Each phase will focus on one of three applications: Large solar arrays, large radio frequency reflector antennas, and segmented infrared reflective optics.
​
The agency is hosting a proposers day webinar on Feb. 26 and expects to release a Broad Agency Announcement (BAA) solicitation later in the month.

0 Comments

The Digital Era Drives a Brick-and-Mortar Boom in Data Centers

2/7/2021

0 Comments

 
Picture
The shift to digital work and play from home, hastened by the pandemic, has wreaked havoc on commercial real estate. But experts say it has also generated one surprising bright spot for the industry: data centers.

The growing reliance on cloud-based technology – and the huge, blocky buildings that house its hardware – has created greater opportunities for developers and investors as businesses and consumers gobble up more data in a world that has become increasingly connected.

“Our houses are connected, our cars are connected, our streetlights and parking meters are connected, and every single one of those connections is passing data back and forth,” said Sean O’Hara, president of the exchange-traded funds’ division at Pacer Financial, an investment advisory firm in Malvern, PA.

Companies that provide data storage are preparing for even greater demand as new technologies like 5G, and artificial intelligence become more widely used.

“Our business has continued to grow through the pandemic,” said Nelson Fonseca, chief executive of Cyxtera. This company owns 62 data centers across the United States and five markets in Europe and Asia. “It actually accelerated all the drivers that were growing the industry in the first place.”

Mr. Fonseca said Cyxtera, which typically leases space in its centers for three-year contracts, was on the hunt for new markets. “We’re seeing demand across the board,” he said. “Our pipeline going into 2021 is even larger.”

The acceleration of existing consumer behaviors and workforce trends has driven companies to demand more space for their data, said Patrick Lynch, senior managing director of the data center solutions group at the real estate services and investment firm CBRE.

“Things like working from home and online shopping and distributed workforces all just layered into the momentum the industry had,” he said.

And investors have taken note. “Over the past 90 days, we’re seeing a massive shift in capital toward this industry by big investment funds,” said Andy Cvengros, senior vice president and a member of the technology solutions practice at JLL, a real estate services, and investing company.

In October, Goldman Sachs announced an investment of up to $500 million in data center infrastructure, and the private equity firms Blackstone and KKR have recently announced data center investments.

Real estate investment trusts focused on data centers delivered returns of 19% in the first half of 2020 – one of only two real estate investment trust (REIT) sectors that showed growth, according to a recent report by JLL. (The other sector, industrials, yielded a modest 2% return.) By comparison, returns for hotel and resort REITs plunged 49%, those for retail fell 37%, and office space dropped 25%.

“It’s an acknowledgment that this is not a niche real estate market anymore,” Mr. Lynch said.
​
Data centers have emerged as a critical part of the digital infrastructure that connects people and businesses to one another and the rest of the world, said Jon Lin, president for the Americas region at Equinix, one of the largest global data center companies.
0 Comments

    Author

    Rick Richardson, CPA, CITP, CGMA

    Rick is the editor of the weekly newsletter, Technology This Week. You can subscribe to it by visiting the website.

    Rick is also the Managing Partner of Richardson Media & Technologies, LLC. Prior to forming his current company, he had a 28-year career in technology with Ernst & Young, the last twelve years of which he served as National Director of Technology.

    Mr. Richardson has been named to the "Technology 100"- the annual honors list of the 100 key achievers in technology in America. He has also been honored by the American Institute of CPAs with two Lifetime Achievement awards and a Special Career Recognition Award for his contributions to the profession in the field of technology.

    In 2012, Rick was inducted into the Accounting Hall of Fame by CPA Practice Advisor Magazine. He has also been named to the 100 most influential individuals in the accounting profession in America by Accounting Today magazine.

    In 2017, Rick was inducted as a Marquis Who’s Who Lifetime Achiever, a registry of professionals who have excelled in their fields for many years and achieved greatness in their industry.

    He is a sought after speaker around the world, providing his annual forecast of future technology trends to thousands of business executives, professionals, community leaders, educators and students.

    Picture
    Picture
    Picture
    Picture
    Picture

    Archives

    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015

    Categories

    All
    Artificial Intelligence
    Audit
    Back Up
    Back-Up
    Blockchain
    Climate
    Cloud
    Collaboration
    Communication
    Coronavirus
    COVID 19
    COVID-19
    Digital Assistant
    Display
    Drone
    Edge Computing
    Education
    Enterprise
    Hardware
    Home Automation
    Internet Of Things
    Law
    Medicine
    Metaverse
    Mobile
    Mobile Payments
    Open Source
    Personalization
    Power
    Privacy
    Quantum Computing
    Remote Work
    Retail
    Robotics
    Security
    Software
    Taxes
    Transportation
    Wearables
    Wi Fi
    Wi-Fi

    RSS Feed

    View my profile on LinkedIn
Powered by Create your own unique website with customizable templates.