Archive for June 11, 2021

Hackers Explain How They Pwned EA

Posted in Commentary with tags on June 11, 2021 by itnerd

The group of hackers that stole a wealth of data from game publishing giant Electronic Arts broke into the company in part by tricking an employee over Slack to provide a login token. Proving that social engineering is very much a thing:

The group stole the source code for FIFA 21 and related matchmaking tools, as well as the source code for the Frostbite engine that powers games like Battlefield and other internal game development tools. In all, the hackers claim they have 780GB of data, and are advertising it for sale on various underground forums. EA previously confirmed the data impacted in the breach to Motherboard. 

A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10, and using those to gain access to a Slack channel used by EA. In this case, the hackers were able to get into EA’s Slack using the stolen cookie. “Once inside the chat we messaged a IT Support members we explain to them we lost our phone at a party last night,” the representative said.

This is a prime reason why you need to include training for ALL your employees if you’re a company. Because while companies are weak at IT security, humans are still a factor in these hacks. My recommendation is that companies look at both infrastructure and training to address their cybersecurity needs.

#Fail: Volkswagen Says a Vendor’s Security Lapse Leaked 3.3 Million Drivers’ Details In The US & Canada

Posted in Commentary with tags on June 11, 2021 by itnerd

Volkswagen says more than 3.3 million customers had their information exposed after one of its vendors left a cache of customer data unsecured on the internet:

The car maker said in a letter that the vendor, used by Volkswagen, its subsidiary Audi, and authorized dealers in the U.S. and Canada, left the customer data spanning 2014 to 2019 unprotected over a two-year window between August 2019 and May 2021. The data, which Volkswagen said was gathered for sales and marketing, contained personal information about customers and prospective buyers, including their name, postal and email addresses, and phone number. But more than 90,000 customers across the U.S. and Canada also had more sensitive data exposed, including information relating to loan eligibility. The letter said most of the sensitive data was driver’s license numbers, but that a “small” number of records also included a customer’s date of birth and Social Security numbers.

Well, if you own a VW or Audi product, you might have a problem. And if you’re like me who is on a VW mailing list, you might also have a problem. I wonder why the company thought they deserved to have that information to begin with. This idea that every business you interact with needs to know all about you is absurd. Sell me your product, don’t try to make me your product.

In any case, I hope VW gets slapped pretty hard for this screw up as this is not acceptable.

McDonald’s Has Been Pwned. And Hacker’s Are Loving It!

Posted in Commentary with tags on June 11, 2021 by itnerd

McDonald’s said hackers stole some data from its systems in markets including the U.S., South Korea and Taiwan, in another example of cybercriminals infiltrating high-profile global companies:

The burger chain said Friday that it recently hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified, McDonald’s said. The investigators discovered that company data had been breached in markets including the U.S., South Korea and Taiwan, the company said. In a message to U.S. employees, McDonald’s said the breach disclosed some business contact information for U.S. employees and franchisees, along with some information about restaurants such as seating capacity and the square footage of play areas. 

The company said no customer data was breached in the U.S., and that the employee data exposed wasn’t sensitive or personal. The company advised employees and franchisees to watch for phishing emails and to use discretion when asked for information. McDonald’s said attackers stole customer emails, phone numbers and addresses for delivery customers in South Korea and Taiwan. In Taiwan, hackers also stole employee information including names and contact information, McDonald’s said. The company said the number of files exposed was small without disclosing the number of people affected. The breach didn’t include customer payment information, McDonald’s said.

I suspect the Hamburger.

In all seriousness, the only thing that is good about this hack is that customer info hasn’t been exposed. The bad news is that clearly a company the size of McDonald’s did not have their act together when it comes to cybersecurity. It really underscores that companies big and small need to up their cybersecurity game.

US Government Introduces Legislation To Take On Big Tech

Posted in Commentary with tags on June 11, 2021 by itnerd

US House representatives have unveiled the Ending Platform Monopolies Act today with Rep. David Cicilline (D-RI) sharing a statement that I found in The Verge that aims to take big tech down a peg or two:

“Right now, unregulated tech monopolies have too much power over our economy. They are in a unique position to pick winners and losers, destroy small businesses, raise prices on consumers, and put folks out of work,” Rep. David Cicilline (D-RI) said in a statement Friday. “Our agenda will level the playing field and ensure the wealthiest, most powerful tech monopolies play by the same rules as the rest of us.”

If eventually passed in the House and Senate, that could usher in the regulation of Apple, Amazon, Facebook, and Google to ensure that they don’t have too much power. I am not sure that this is a great thing to do. But I guess we will see how this plays out.

Procore Enhances Its Preconstruction Solution For Better Cost & Risk Management

Posted in Commentary with tags on June 11, 2021 by itnerd

Procore Technologies, Inc., a leading provider of construction management software, announced an enhanced Preconstruction solution at its Procore Innovation Summit. This solution connects people, designs, and data across preconstruction and the course of construction on Procore’s platform, with analytics tools to support the entire process. 

According to a 2018 study conducted by FMI, correcting work that was incorrectly done, or rework, cost over US$500 billion in 2018. On average, 52 per cent of that rework was caused by poor project data and communication. Procore Preconstruction is tailored for owners, general contractors and specialty contractors looking to win and build more profitable projects, while reducing risk and rework. Every project stakeholder can now be connected to a project’s design, estimates, bidding and budgets within the Procore platform. 

Improving Estimates by Connecting Estimating to Financials

Procore Preconstruction starts with estimating and takeoff, and the data flows into bidding and financials tools. This allows users to better manage project costs through all phases of construction, by connecting the preconstruction teams with the field.

 
Procore acquired construction estimating and takeoff company Esticom in October 2020. Esticom’s technology is now integrated into the Procore platform and its user interface, enabling users to:

Automatically create their budget and prime contracts directly from an estimate with a single click, preventing important information from being lost in the transition from preconstruction to operations.

Streamline change management and ensure their total estimated profit is not lost between systems or teams — made possible by connecting drawing markups to estimating via the Drawings tool. 

Build more accurate takeoffs faster with Auto-Count, an artificial intelligence feature that assists in symbol recognition.

Use Procore’s new benchmark data, available within Procore Analytics, to compare the past performance of initial estimates to the final budget at project delivery. The performance of specific specialty contractors across projects of similar size and type can also be compared.

Better Design Coordination to Ensure Constructability

If the first half of reducing cost risk is to make better estimates, the second half is better design coordination to ensure constructability. Constructability review is an all-hands-on-deck process with the design team and the project team collaborating to flag issues and ultimately ensure that the plans put into action can be delivered as designed. 

Procore Preconstruction has tools for effectively managing design collaboration, including:

  • Coordination issues: This new tool allows teams to track and manage all 2D and 3D design issues in one location, and to perform collaborative design reviews on drawings. 
  • “Follow Me” feature in Procore BIM: Users can see all active users reviewing the model and navigate directly to their location with a single click, making design reviews more efficient and effective. 
  • Dynamic 2D Views from Procore BIM: Users can create 2D drawing views of the design from the BIM model. Now teams can see all building systems consolidated in a single view to make sure everything is coordinated and properly located prior to construction. 


Learn more about Procore Preconstruction in this blog post and at https://www.procore.com/preconstruction

US Senate Mulls Laws To Fight Cyberattacks

Posted in Commentary with tags on June 11, 2021 by itnerd

U.S. Senate Majority Leader Chuck Schumer on Thursday said he is initiating a review of recent high-profile cyber attacks on governments and businesses to find out whether a legislative response is needed:

“Today I am asking Chairman Gary Peters of our Homeland Security Committee and our other relevant committee chairs to begin a government-wide review of these attacks and determine what legislation may be needed to counter the threat of cyber crime and bring the fight to the cyber criminals.” Schumer noted that the New York City subway system was the victim of a computer hack in early June. This came on the heels of Colonial Pipeline having to shut down some operations, resulting in disrupted fuel supplies in the U.S. Southeast, as a result of a cyber attack.

In case you were wondering about the cyberattack on the New York subway system, The New York Times has a story about it that you can read.

In any case. I for one would be in favor of laws to address cyberattacks. The thing is that it has to cover a number of areas:

  • It has to force companies to employ defenses against cyberattacks. And face punishments if they fail to do so. Along with worse punishments if they get pwned and those defenses were not in place.
  • It has to require companies who get pwned to report that they got pwned.
  • It has to make paying the ransom illegal to make it less profitable for the scumbags behind these crimes.
  • It has to go after the scumbags behind these crimes and target the cash. Because if its not profitable to do these crimes, they won’t do it.
  • It has to go after the nation states who shield these scumbags. That way the scumbags in question have no place to hide.

The fact is that this cannot be some token measure. It has to have teeth. Otherwise we’re going to be talking about this day after day.