Lorenzo Franceschi-Bicchierai, writing for Motherboard: One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars. This has been a scenario that security experts have touted as one of the theoretical dangers of the rise of the Internet of Things, internet-connected devices that are often insecure. On Saturday, what sounds like a Mr. Robot plot line came one step closer to being reality, when two white hat hackers showed off the first-ever ransomware that works against a “smart” device, in this case, a thermostat. Luckily, Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger. “We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it, ” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.” Tierney and Munro, who both work UK-based security firm Pen Test Partners, demonstrated their thermostat ransomware proof-of-concept at the hacking conference Def Con on Saturday, fulfilling the pessimistic predictions of some people in security world. Read more of this story at Slashdot.
Original post:
Hackers Make the First-Ever Ransomware For Smart Thermostats
Kristen V. Brown, reporting for Fusion:It is well-trod territory at this point that biases against women’s technological abilities hold women in technology back. Study after study has shown bias persists at every point of the employment process. So the start-up interviewing.io decided to try and do something about it. It masked women’s voices to sound like men’s and vice versa during online interviews to see if interviewers would like them better. It was inspired to do the experiment because it was seeing some alarming data. Interviewing.io is a platform that allows people to practice technical interviewing anonymously and, hopefully, get a job in the process. After amassing data from thousands of technical interviews, the company noticed a troubling trend, writes founder Aline Lerner in a blog post: “Men were getting advanced to the next round 1.4 times more often than women. Interviewee technical score wasn’t faring that well either — men on the platform had an average technical score of 3 out of 4, as compared to a 2.5 out of 4 for women.” Read more of this story at Slashdot. 
mi writes from a report via news9.com KWTV: KWTV writes, “You may have heard of civil asset forfeiture. That’s where police can seize your property and cash without first proving you committed a crime; without a warrant and without arresting you, as long as they suspect that your property is somehow tied to a crime. Now, the Oklahoma Highway Patrol has a device that also allows them to seize money in your bank account or on prepaid cards. If a trooper suspects you may have money tied to some type of crime, the highway patrol can scan any cards you have and seize the money.” But do not worry: “If you can prove that you have a legitimate reason to have that money it will be given back to you. And we’ve done that in the past, ” said Oklahoma Highway Patrol Lt. John Vincent. Read more of this story at Slashdot. 
An anonymous reader writes:Certified ethical hackers at Offensi.com identified a bug allowing remote code execution on one of United Airlines’ sites, and submitted their findings to the airline’s “bug bounty” program. After a fix was placed into production, their team was awarded 1, 000, 000 Mileage Plus air miles, which they say was accompanied by an email informing them that the IRS would consider their award as $20, 000 of taxable income. “If after evaluating the taxable amount you choose not to accept your award, you are also able to donate your award to charity, ” the e-mail explained. The hackers ultimately chose to distribute their air miles among three charities — the Ronald McDonald house, the Muscular Dystrophy Association, and the Casa de Esperanza de los Ninos Organization. Another security researcher complained in November that United failed to close a serious vulnerability he’d identified for almost six months. Read more of this story at Slashdot. 
