Posts Tagged ‘cyber attack’

It’s not just WannaCry: Thieves are opportunists

Posted: May 19, 2017 by IntentionalPrivacy in Financial vulnerabilities, Personal safety, Ransomeware, Vulnerabilities, WannaCry
Tags: , , , ,

WannaCry has effectively died down according to Wikipedia < https://en.wikipedia.org/wiki/WannaCry_ransomware_attack&gt;. However, if you do not WannaCry about some other malware, take some preventive actions now to make your systems less vulnerable to future attacks. If it is not easy to attack you or your computer systems, in most cases a thief will look for an easier target.

Organizations

  • Keep system and application versions up to date and patched, especially critical patches
    • If the organization still has to run computers running XP (or older operating systems), get them off the network
  • Keep antivirus software current and scan daily
  • Make regular, consistent backups (and test them to ensure files are recoverable)
  • Create network zones
  • Place public-facing web servers in DMZs
  • Restrict administrator rights
  • Change default passwords and enforce password rules on users
  • Train users in security awareness, especially how to avoid clicking harmful links
  • Take infected machines off the network and clean them up as soon as possible, so that the infection does not spread to other machines on the network

These actions alone will stop a considerable amount of malware and other attacks. They do not require expensive equipment or software, just the time to set them up. And these practices will help any organization better comply with regulatory requirements.

For instance, Microsoft came out with a critically rated security patch for Microsoft Windows SMB Server on March 14, 2017. This patch would have made Windows systems resistant to WannaCry. The WannaCry attack started on Friday, May 12, 2017, almost two months later. While I understand the need to test patches to ensure they will work in an environment, testing for a couple of weeks should be adequate, especially for critical updates.

Individual systems

Many of the same actions will keep your systems safe:

  • Keep system and application versions up to date and patched; in fact, set updates to run automatically and schedule them for  a convenient time frame
    • If you are running an older operating system such as XP, take it off the Internet
    • Uninstall applications that you no longer use from both your phones and computers
  • Keep antivirus software current and scan daily
  • Make regular, consistent backups (and test them to make sure files are recoverable)
  • Do not run with administrator rights
  • Change default passwords on routers and modems, and choose long, strong passwords for all your accounts
  • Do not click harmful links in email, on Facebook, or other websites

Prevention is the key for physical theft also.

Our neighborhood has been experiencing a recent rash of car break-ins and theft of items on porches. Many of these thefts happened when someone forgot to lock their car.

Be a little paranoid! Assume that someone is always watching you. For instance, you might not realize the dog walker walking by your house was watching you put a computer case in the trunk or that the 16 year old who lives next to you tries car doors at one am because he is bored or has a drug problem. Leaving a laptop in the car is not ever a good idea, but if you have to leave valuables in your car, put them in your trunk before you get to your destination. Lock your house and car as soon as you shut the door. Do not leave extra keys on your property or stashed on the car. Do not leave the garage door opener in the car. When you are working on that report in a coffeehouse, take your laptop, phone, keys, and wallet with you when you go to the restroom. Do not leave your purse or phone in a grocery cart when you turn around to pick out items for dinner.

Samsung Galaxy phones, LastPass, and purging online databases

Posted: June 17, 2015 by IntentionalPrivacy in Cell phone, Password need-to-knows, Security Breach, Tips
Tags: , , , , , , ,

As I do almost every day, I was looking through security news this morning. An article by Graham Cluley about a security issue—CERT CVE-2015-2865 —with the SwiftKey keyboard on Samsung Galaxy phones caught my eye. The security issue with the keyboard is because it updates itself automatically over an unencrypted HTTP connection instead of over HTTPS and does not verify the downloaded update. It cannot be uninstalled or disabled or replaced with a safer version from the Google Play store. Even if it is not the default keyboard on your phone, successful exploitation of this issue could allow a remote attacker to access your camera, microphone, GPS, install malware, or spy on you.

Samsung provided a firmware patch early this year to affected cell phone service providers.

What to do: Check with your cell phone service provider to see if the patch has been applied to your phone. I talked to Verizon this morning, and my phone does have the patch. Do not attach your phone an insecure Wi-Fi connection until you are sure you have the patch—which is not a good idea anyway.

~

An interesting article in Atlantic Monthly discusses purging data in online government and corporate (think insurance or Google) databases when it is two years old, since they cannot keep these online databases secure. I can see their point, but some of that information may actually be useful or even needed after two years. For instance, I would prefer that background checks were kept for longer than two years, although I would certainly like the information they contain to be secured.

Maybe archiving is a better idea instead of purging. It is interesting option, and it certainly deserves more thought.

~

Lastly, LastPass: I highly recommend password managers. I tried LastPass and it was not for me. I do not like the idea of storing my sensitive information in the cloud (for “cloud” think “someone else’s computer”), but it is very convenient. Most of the time, you achieve convenience by giving up some part of security.

LastPass announced a breach on Monday –not their first. They said that “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”

For mitigation: They have told their user community that they will require verification when a user logs in from a new device or IP address. In addition,

  1. You should change your master password, particularly if you have a weak password. If you used your master password on other sites, you should change those passwords as well.
  2. To make a strong password, make it long and strong. It should be at least 15 characters—longer is better—contain upper- and lowercase letters, digits, and symbols. It should not contain family, pet, or friend names, hobby or sports references,  birthdates, wedding anniversaries, or topics you blog about. Passphrases are a good idea, and you can make them even more secure by taking the first letter of each word of a long phrase that you will remember. For example:

    I love the Wizard of Oz! It was my favorite movie when I was a child.

    becomes

    IltWoO! IwmfmwIwac$

    Everywhere a letter is used a second time, substitute a numeral or symbol, and it will be difficult to crack:

    IltWo0! 1>mf3wi<@c$

  3. When you create a LastPass master password, it will ask you to create a reminder. Let’s say you took your childhood dog’s name, added the number “42,” and the color “blue” because he had a blue collar to make your new master password: osC@R-forty2-Blew! If your reminder is “dog 42 blue,” your password could be much easier to crack. Maybe you even talked about Oscar in a Facebook post. So again, do not use a pet’s name in your password. Then put something in for the reminder that has no relation to your password: “Blank” or “Poughkeepsie” for instance.
  4. Keep your master password someplace safe. Do not leave a copy in clear text on your phone or your computer or taped to your monitor. Put it in a locked drawer or better—your safe deposit box.
  5. Back up your password database periodically to a device you store offline, and printing the list and storing both the printout and the backup in a sealed envelope in your safe deposit box is a good idea as well.
  6. Use two-factor authentication. If you don’t know anything about it, this Google account article will explain it.

Protect Your Personal Information Cheat Sheet

Posted: January 2, 2015 by IntentionalPrivacy in Security or Privacy Initiatives, Tips
Tags: , , , , , ,

The amount of information collected on each of us is growing astronomically every day. What can you do to help protect your—as well as your family’s—information?

Note: This information is meant to be a starting place.Technology is constantly changing, so you must consider whether the information provided is timely and applicable to your situation. In order to adequately protect yourself and your family, you also might need to consult with your attorney or accountant or obtain other professional advice.

What information do you want to protect? Here are some categories you might want to consider:

Ad/cookie tracking Identity information Reputation
Digital identity Intellectual property Social media
Electronic devices Location Trash
E-mail Mailbox Travel
Family Medical information Voting
Financial information Personal safety Work information

Where are the threats to your information? Here are some common threats:

Data loss or theft

  • Backup media
  • Mail/trash
  • Organization w/ your info goes bankrupt
  • Paper
  • Website
 Types of Malware

  • DNS Changer
  • Drive-by downloads
  • Keyloggers
  • Phishing email
  • Rootkits
  • Search engine poisoning
  • Social media malware
  • Torrents
  • Spyware, Trojan horse, virus, worms
  • Zombies/botnets
  • Etc.
Device loss or theft

  • Computer
  • DVD/CD
  • Backup media
  • USB drives
  • Portable electronic devices
  • Laptop, iPad, smart phones, tablets
Natural or man-made disasters

  • Fires
  • Floods
  • Tornadoes
  • Earthquakes
 Personal safety

  • Craig’s List
  • Data leakage
  • Identity theft
  • Social media
ID theft Social engineering / Pretexting

Who do you trust with your information? Here are some organizations that you probably trust:

Accountant, lawyer, other professionals Religious & charity organizations
Employers Schools & Libraries
Financial institutions—banks, credit unions, loans & credit cards, brokerages Retailers & e-commerce sites
Government agencies Social sites
Health care—doctor, dentist, hospital, labs Websites
Insurance companies And …?

Why do you trust people or organizations?

  • Do they have a legitimate need for your information?
  • Do they have policies and procedures to tell you what they do with your confidential information?

When do you trust people or organizations?

  • Do you give confidential information on the phone, in email, texting, or in person?
  • Did you initiate the information exchange?
  • If you don’t feel comfortable, don’t do it.

How do you give people or organizations your confidential information? Think about advantages and disadvantages to giving out your information in person, over the phone, in email or in text messages, on a secure website. If you’re uncomfortable giving out information in a particular situation: don’t do it! Find another way to give the information.

General Tips

  • Don’t leave your electronic devices—cell phones, laptops, tablets, iPads, etc.—unattended in public, including hotel rooms.
  • Don’t ask strangers to watch your things while you go to the restroom or load up on more coffee.
  • Don’t leave your purse or briefcase unattended in public: including shopping carts, restaurants, and coffee shops.
  • Don’t use easy-to-guess passwords: http://www.dailymail.co.uk/sciencetech/article-2063203/This-years-easiest-guess-passwords–discovered-hackers-worked-out.html
  • Don’t post private information on social websites. Remember you have no expectation of privacy on social websites.
  • Data leakage:
    • Be careful about the information you throw in your trash.
    • Collect your mail as soon as possible.
    • Use vacation holds or have a friend collect your mail if you will be gone for more than a couple of days.
    • Do not announce on Facebook or other social media that you are going on vacation. Wait until you get back to share those fabulous pictures!
    • Keep your electronic devices and other valuables out of sight in your vehicle.
    • Read software and services licenses.
    • Use a password or a pin to protect your smart phone.

Christmas Present update: The Interview movie release

Posted: December 24, 2014 by IntentionalPrivacy in free speech
Tags: , , , ,

The number of independent theaters showing The Interview has been updated at Variety. Although not in the main list, Michael Moore’s theater, The Bijou, in Traverse City, Michigan, and George RR Martin’s theater, Jean Cocteau Cinema in Santa Fe, New Mexico, will also be showing the film.

You can also stream the video in HD on Google Play, YouTube Movies, Microsoft’s Xbox Video and  Sony’s own website, http://www.seetheinterview.com. A forty-eight hour rental is $5.99, while buying the movie costs $14.99.

David Drummond, SVP Corporate Development and Chief Legal Officer, posted today on the official Google blog, “Last Wednesday Sony began contacting a number of companies, including Google, to ask if we’d be able to make their movie, “The Interview,” available online. We’d had a similar thought and were eager to help—though given everything that’s happened, the security implications were very much at the front of our minds…. [W]e could not sit on the sidelines and allow a handful of people to determine the limits of free speech in another country (however silly the content might be).”

Christmas Present: The Interview

Posted: December 23, 2014 by IntentionalPrivacy in free speech, Security Breach
Tags: , , ,

The Art House Convergence  offered Sony a way to distribute The Interview, so there will be limited showings of the movie starting on Christmas Day. Here is a list of theaters currently showing the movie according to Variety, which they will continue to update.

In a statement released on Tuesday, 12/23/2014, President Obama praised Sony’s decision to release the movie.

In other news, North Korea experienced massive Internet outages for much of Monday, but Internet access was restored on Tuesday according to Reuters.

I still think this story would make a great plot.

Happy holidays!

 

Someone Could Control Your Car from the Outside

Posted: October 18, 2014 by uszik11 in Historical and future use of technology, Personal safety, Security Breach
Tags: , , , ,

If you have a late model car, someone could disable the brakes, command the steering wheel, set the speed, open the doors, disable the airbags, or explode them, all from a Wi-Fi hotspot.

Perhaps the modern icon is the General Motors OnStar system. Everyone knows it; it shows up in movies and TV as commonly as orange juice or dogs. OnStar was launched in 1995 and went from analog to completely digital in 2006. (Wikipedia here.)  Now, such radio systems are a standard feature on common makes and models. The radios are called “transceivers” for “transmitter and receiver”, that is, a “walkie-talkie” or two-way radio, in other words, a cell phone that is always on. With that link someone can take control of your car.

Computers in cars go back to the 1978 Cadillac Seville. The chip was a Motorola 6800, used also in early personal computers. It ran the car’s onboard display that provided eleven outputs such as fuel economy, estimated time of arrival, and engine speed. By the turn of the Millennium, upscale BMWs and Mercedes boasted 100 processors. Even the low-tech Volvo now has 50. (Automotive Mileposts website here and Embedded website here. Note that “embedded” systems are computer controllers that built into other machines for control or diagnostics. Embedded systems is a branch of computing.)

However, the older your car, the safer you are. A vehicle from the 1980s or 1990s will have electronic controls, but they will be less open to attack from the outside.  Without a radio link such as OnStar, there is no way to control the car from the outside. Also, the older processors were more often dedicated to reporting things such as gas mileage or fuel economy. Electronic fuel ignition replaced carburetors, but, again, was a simple, stand-alone controller that could not be compromised from the outside.

Over the past few years, two different security projects have been reported in which “white hat hackers” (good guys) investigated ways to take control of different models of automobile.

models-panelbg-001

The little antenna on the Prius is not just for the FM radio.

 In 2011, Car and Driver told about the work of the Center for Automotive Embedded Systems Security, a collaboration between academics from the University of Washington and California State University at San Diego. First, they plugged their own device under the dashboard to compromise the on-board diagnostic computer. (Anyone who can get to your car could do that the next time you take in for an oil change or other routine service.) In the second phase, they figured out how to do that remotely.

According to Car and Driver: “Such breaches are possible because the dozens of  independently operating computers on modern vehicles are all connected through an in-car communications network known as a controller-area-network bus, or CAN bus.  Even though vital systems such as the throttle, brakes, and steering are on a separate part of the network that’s not directly connected to less secure infotainment and diagnostic systems, the two networks are so entwined that an entire car can be hacked if any single component is breached.”  (“Hack to the Future” Car and Driver July 2011 by Keith Barry here.)  The original research from the academics is posted online as PDFs.  (See below).

In the words of the researchers:  “We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input—including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”  (Published as “Experimental Security Analysis of a Modern Automobile” by

Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage.
 IEEE Symposium on Security andPrivacy, Oakland, CA, May 16–19, 2010. Available as a PDF from the authors here.)

Then, having figured out how to install their own controller into a car under the dashboard, they turned to the problem of remote control.

“Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model—requiring prior physical access—has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.”  (Published as “Comprehensive Experimental Analyses of Automotive Attack Surfaces” by Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage (University of California, San Diego) and Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno (University of Washington). Available as a PDF from the authors here.)

Two years later, Andy Greenberg, who reports on technology for Forbes, filed a story about Charlie Miller and Chris Valasek who carried out their own car hacking research with a government grant.

“Miller, a 40-year-old security engineer at Twitter, and Valasek, the 31-year-old director of security intelligence at the Seattle consultancy IOActive, received an $80,000-plus grant last fall from the mad-scientist research arm of the Pentagon known as the Defense Advanced Research Projects Agency to root out security vulnerabilities in automobiles.” (Forbes, August 12, 2013 here. This story includes a video of the event. They took Greenberg for a ride that ended in a crash despite everything he could do to fight for control of the car. The 5 mph roll out finally stopped in some high grass. )

 

 

Gnu Bash Shellshock … what is it … and does it affect me?

Posted: September 28, 2014 by IntentionalPrivacy in Browser Vulnerabilities, Vulnerabilities, Worms
Tags: , , , , , , , ,

Shellshock (CVE-2014-6271 and CVE-2014-7169) is the name of a bug affecting the Gnu Bash (Bourne-again shell) command-line shell, which can be used on many Linux and UNIX operating systems, as well as Mac OS X. It does not affect Windows computers unless you’ve installed Bash with something like Cygwin. While it’s unlikely that most consumer computers will be targeted, it’s a good idea to watch for updates for operating systems, firewalls, routers, switches, modems, printers, and household items that can be assessed over the Internet–TVs, thermostats, IP cameras, and other items.

It is already being exploited by worms and other malware.

Cisco, Red Hat, Debian, and Ubuntu have already issued updates. The first patch issued did not completely fix the problem, so make sure you update to the version that addresses CVE-2014-7169 as well as CVE-2014-6271. Apple has not issued any updates as of September 28, 2014.

This bug has been around for a very long time; the latest (safe) Bash version is 3.2.53.  Brian J. Fox wrote Bash in 1987 and supported it for five years, and then Chet Ramey took over support–his unpaid hobby. Mr. Ramey thinks Shellshock was accidentally added in 1992.

We have a Macbook that was running a vulnerable version of Bash. I manually updated Bash per this article.

According to Qualys, here’s how to test for the vulnerabilities; at the command line, paste the following line (make sure this line is exact):

env var='() { ignore this;}; echo vulnerable’ bash -c /bin/true

If you have a vulnerable version of bash, the screen will display “vulnerable.” Just to be safe after updating, check the bash version by typing:

bash –version

Vulnerable versions will be before 3.2.53.

If you applied a patch before Friday, you might have a less-serious version of the error, which you can check by typing the following:

env X='(){(a)=>\’ bash -c “echo date”; cat echo; rm -f echo

This line will display the date if bash has not been completely patched.  After patching, you will get an error when running this command.

More on the Target breach …

Posted: December 29, 2013 by IntentionalPrivacy in Security Breach
Tags: , , , ,

According to the NY Times, Target is partnering with a Verizon forensic team to investigate the breach, as well as the Secret Service and the Justice Department.

If you would like to learn more about PIN number analysis, read this article http://www.datagenetics.com/blog/september32012/. Nick Berry, the president of Datagenics, also gave a speech on July 23, 2013, on Ted Talks about how to use passwords and be safer on the Internet.

 

What to know about the Target breach …

Posted: December 27, 2013 by IntentionalPrivacy in Financial vulnerabilities, Identity theft, Security Breach, Tips, Vulnerabilities
Tags: , , , , , , ,

I shop at Target about once a week. Last Saturday, I was dismayed to discover that an estimated 40 million debit and credit cards used at Target had been stolen. This isn’t the first time my card number has been stolen, and it probably won’t be the last, unfortunately.

Many of those cards will be duplicate numbers, so the total number of cards stolen will probably be fewer than 40 million. Still, it is a very large breach, the second largest to date. The biggest breach—90 million credit/debit account numbers!—in the US occurred at TJX over a period of 18 months and was discovered on December 18, 2006 (TJX data theft).

First, let’s look at what happened:

  • On December 15, 2013, malware was discovered on Target’s point-of-sale systems at US stores. Target eliminated the malware, and notified card processors and payment card networks.
  • According to some sources (a Reuters story posted on Yahoo!), Target did not find the breach; it was discovered by a security researcher. That is worrisome.
  • According to Target, the issue only affected US stores; purchases made online at Target.com or in Canada were not part of the breach.
  • In their statement, Target explains the breach occurred between 11/27/2013 and 12/15/2013.
  • PIN data was stolen (Reuters – Target says PINs stolen, but confident data secure), but not the key, which according to Target’s statement, resides at the external card processing center. They are not giving out the name of their processing center. The PIN data is encrypted with Triple DES encryption.  To decrypt the PIN data, the thieves need the key.
  • There are 2 types of security codes used with credit/debit cards. Each card issuer calls the security codes by different names.
    • The first code is embedded in the magnetic stripe of the card and is used when you present the card to a merchant; it’s often called the CVV code. This one was included in the stolen data.
    • The second number, often called the CVV2 code, is not included in the magnetic stripe data and therefore was not stolen. This is the number used when you make card-not-present transactions, such as online or over the phone. American Express prints the four-digit number they use on the front side of the card, while most other issuers use a three-digit code printed on the back of the card next to the signature area.
  • The US Secret Service is investigating, as well as an unnamed outside investigator.
  • Stay tuned for more details. I don’t think investigators have a good handle on this theft yet, so the details are likely to change.

Note: PINs are not the safest way to protect your financial information; there are only 10,000 combinations (0000 to 9999). Europe uses electronic chips in their cards; another method is a dynamic pin generated through a text message or some other media, such as an RSA token. The problem with dynamic pins is that they’re slow and expensive.

According to Krebs on Security, stolen Target credit/debit card numbers are already being sold in underground black markets in batches of one million cards.

What to do?

  1. Monitor any account(s) used at Target at least daily for evidence of tampering.
  2. Check out the Target breach details.
  3. Get a copy of your credit report. You get 1 free credit report from each credit agency per year. https://www.annualcreditreport.com/index.action
  4. Target says they will pay for credit reporting; they will have more details later.
  5. Replace your card:
    • If you use a Target REDcard, contact Target for a replacement card.
    • Ask your bank or credit union to replace each card used at Target during the dates the breach occurred.
  6. If you choose not to replace your card, at least change your PIN number.
  7. When you choose a PIN, do not use your birth date or consecutive digits, such as “1234.”
  8. Some cards allow you to add an alert when it’s used; check with your card issuer to find out if they have this feature. The Target REDcard does give you this ability.
  9. Do not respond to any scam emails, texts, or phone calls asking for your PIN or your social security number or your credit card number.
  10. Some people suggest buying a prepaid credit card or using cash instead of using credit/debit cards. I’ve never used one, so I don’t know anything about costs, but I’m going to look into it.

If you notice fraudulent activity in your account:

  1. Notify your card issuer immediately at the number on the back of your card and cancel your card. This greatly limits the payment portion of fraud you’re responsible for.
  2. Put a block on your credit report at one of the three credit reporting agencies:
  3. Read the FTC’s tips for “Lost or Stolen Credit, ATM, and Debit Cards.”

Who pays the costs?

While it’s true that the banks and the merchant eat the losses initially; ultimately, we all pay the price of such theft through higher costs.

Code 2600

Posted: March 27, 2013 by mikemarotta in Historical and future use of technology, Issues, Privacy, Vulnerabilities
Tags: , , ,

B-Sides Austin March 21-22, 2013, kicked off the night before with Jeremy Zerechak’s 82-minute documentary about the origins and present reality of computer privacy issues.

Code 2600 introduces modern cyber security via Sputnik and the Cold War which brought about the Defense Advanced Research Projects and the first computer network. The film also weaves in the threads of telephone systems and phone phreaking, and the transmutation of the computer from the behemoths of corporations and governments to the homebrew hacks that birthed the Apple computer. The result was an assault on your privacy which is magnified today by government agencies and private companies that compete for the control of the information that you create about yourself.
Code2600
More subtly, in the Cold War, we could see our attackers. We would know who launched the missiles. Today, the clues left by a cyber-attack are harder to trace. The war is going on right now with the governments of the USA and China hacking each other, as well as Britain hacking Norway. And corporations are really the leading edge players: everyone – civilian or military, government or corporation – uses the same operating systems and applications programs. The military is no longer the leading edge of technology: they buy it from the same places that you do.

The success of AOL was a milestone. When the computer information service bought Time-Warner it heralded the blossoming of the information age. But we are still in the middle of the story. We will not know for 50 years how this plays out.

“What should we be teaching young people about computers?” is the wrong question. Young people should be teaching us about how they use their devices, apps, and media, because that is the future.

Official Movie Trailer on YouTube here.