(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Enlarge / Always listening—but can it solve a murder? (credit: Valentina Paladino)

In November of 2015, former Georgia police officer Victor Collins was found dead in a backyard hot tub at the Bentonville, Arkansas, home of acquaintance James Andrew Bates. Bates claimed it was an accidental drowning when he contacted police at 9:30am, claiming he had gone to bed and left Collins and another man behind in the tub. But Bentonville Police investigators determined that Collins had died after a fight, while being strangled and held underwater—and that Bates was the only person at the scene at the time. Now investigators have reportedly served a search warrant to Amazon in hopes of getting testimony from a possible witness: the Amazon Echo that was streaming music near the hot tub when they arrived at the scene.

The police were immediately suspicious when they found that the water of the hot tub was tinted red and that Collins had injuries suggesting a struggle—including cuts on an eyelid, a bloodied nose, and swollen lips. There were signs of blood on the sides of the hot tub and on the patio around it and evidence that the tub and the patio had been hosed down to remove the blood. A water meter record from the city’s utility department showed that 140 gallons of water had been used between 1:00am and 3:00am on the night of the incident.

As investigators continued to gather evidence, as first reported by The Information, the Bentonville Police Department requested a search warrant to obtain records from Amazon for anything the Echo might have recorded that night. Police obtained a search warrant for Bates’ Amazon account information on December 4, 2015 and went back to Amazon again in January of 2016 with an extension of the warrant; according to a warrant return affidavit filed by police, Amazon "eventually complied with the warrants on February 8, 2016, but only supplied a portion of what was requested in both search warrants."

Read 5 remaining paragraphs | Comments

 

(credit: Netflix)

You can hardly throw a stone at a major Internet company these days without that stone's password and personally identifying data being hacked. Data breaches have become the norm, and for average Internet users, that means an increased need for vigilance.

On Wednesday, an unexpected e-mail alert from Netflix made me wonder if the media-streaming giant had become the latest victim of a giant data break-in. That wasn't the case. Instead, I found myself facing rather the opposite scenario: a tech company offering proactive support. But did Netflix's vigilant take on my account's security tip over into scare-tactic territory?

"It is more like a heads up"

I began to prep a dinner on Wednesday evening when I saw an e-mail alert on my phone saying, "Netflix password reset required." It's the kind of notice that might make anybody toss their bottles of cumin and dill aside and rush to a computer.

Read 15 remaining paragraphs | Comments

 
cURL CVE-2016-4802 DLL Loading Local Code Execution Vulnerability
 
Multiple Samsung Devices 'OTP' Service Remote Heap Buffer Overflow Vulnerability
 
libming 'parser.c' Heap Buffer Overflow Vulnerability
 
[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage
 
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
 
QEMU 'hw/net/mcf_fec.c' Denial of Service Vulnerability
 
Internet Storm Center Infocon Status