Hello, welcome to the Friday, May 5th, 2017 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Just a quick wrap up on yesterday's Google Oath spam.

Google released a brief statement stating that they essentially took care of it by disabling

the related accounts. The entire episode did last about an hour that matches pretty much

what we have seen, sort of a flash spam attack really that happened there. Now a Twitter user

kind of admitted of actually launching this attack. He claims to

be a student and he did it as an experiment for a class and lost control of it. Of course, there is

no way at this point to validate this statement. But given that there was no malicious payload and the only thing the attack

really did was gather these access tokens that as we saw yesterday are easily revoked, I tend

to believe this statement that it was really more some kind of experiment that went a little

beyond the scope of the original planning.

Of course, we had this happen in the past, probably most famously, one of the first worms.

The Morris worm is often being attributed to an research experiment that went a little bit

beyond its original bounds.

And researchers at New York University came up with a pretty neat attack against some

biometric fingerprint sensors.

Now of course it's long known that these fingerprint sensors aren't foolproof that depending

on the quality of the sensors, it's more or less difficult

to actually create an artificial mold of a fingerprint and then use that to authenticate a user.

What these researchers did is they essentially played on the fact that the resolution of these

sensors is limited.

...