Saturday, July 30, 2011

Hackers have a process for a light-speed attack. Do banks (any organizations) have people and a process for immediate response?

http://www.databreaches.net/?p=19914

Bank recovers some of $28K stolen from Eliot account – but was this crime preventable?

OK, now this is somewhat disturbing: it appears that even when a bank was warned that accounts were about to be raided, they failed to prevent it.

David Ramsay reports:

TD Bank has notified the town it has recovered a portion of the $28,000 stolen on July 12 from the town’s direct deposit bank account.

We have received some of it back. I can’t tell you the exact amount; I don’t have that information,” Town Administrator Dan Blanchette told the Board of Selectmen on Thursday night. “I suspect it’ll take two weeks before we know much more.”

A former Washington Post staffer Brian Krebs, who now blogs on security issues, had alerted the town’s controller and TD Bank on July 11, prior to the theft, that town accounts likely were being raided by computer crooks overseas.

TD Bank was unable to detect any unusual activity and later missed the withdrawals by the thieves.

Read more on Seacoastonline.com

Did the town change the passwords on its accounts as soon as they were warned? Did the bank put an additional lawyer [Layer? But a lawyer would be a good idea too Bob] of security on the town’s accounts after they warned? What happened here? It’s not usual to have a reporter call you with a warning (and thumbs up to Brian for taking the time and effort to try to prevent the crime). So why wasn’t this crime prevented?



How seriously should we take these hacks? That depends on how secure the systems were in the first place. If the hackers are getting in by trying simple/common passwords, like “password” then the system was never intended to be secure in the first place.

http://news.cnet.com/8301-27080_3-20085723-245/hackers-strike-government-cybersecurity-contractor/

Hackers strike government cybersecurity contractor

Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners.

"Today is Friday and we will be following the tradition of humiliating our friends from the FBI once again. This time we hit one of their biggest contractors for cyber security: Mantech International Corporation," the hackers said in a statement on PirateBay.

"What ManTech has to do with the FBI? Well, quite simple: In Summer 2010 the FBI had the glorious idea to outsource their Cybersecurity to ManTech. Value of the contract: 100 Million US-Dollar," the statement said. The batch of documents mostly involves NATO, another ManTech client, along with the Department of Homeland Security (DHS), U.S. military branches, and the State and Justice departments, according to the hackers. There was a rumor on Twitter that one of the files in the data release contains a Trojan horse, but another Twitter post said that was a false positive.



We respect our users' privacy... At least, we respect how much money it makes us.”

http://www.wired.com/epicenter/2011/07/undeletable-cookie/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged

Researchers at U.C. Berkeley have discovered that some of the net’s most popular sites are using a tracking service that can’t be evaded — even when users block cookies, turn off storage in Flash, or use browsers’ “incognito” functions.

The service, called KISSmetrics, is used by sites to track the number of visitors, what the visitors do on the site, and where they come to the site from — and the company says it does a more comprehensive job than its competitors such as Google Analytics.

But the researchers say the site is using sneaky techniques to prevent users from opting out of being tracked on popular sites, including the TV streaming site Hulu.com.

KISSmetrics is a 17-person start-up founded in 2008 and based in the San Francisco Bay Area. Founder Hitten Shah confirmed that the research was correct, but told Wired.com Friday morning that there was nothing illegal about the techniques it was using.

We don’t do it for malicious reasons. We don’t do it for tracking people across the web,” Shah said. “I would be having lawyers talk to you if we were doing anything malicious.”

Shah says KISSmetrics is used by thousands of sites to track incoming users, and it does not sell or buy data about those visitors, according to Shah. After this story was published, the company tweeted a link that explains how its tracking works

The research was published Friday by a team UC Berkeley privacy researchers that includes veteran privacy lawyer Chris Hoofnagle and noted privacy researcher Ashkan Soltani.

The stuff works even if you have all cookies blocked and private-browsing mode enabled,” Soltani said. “The code itself is pretty damning.”

The researchers dug into Hulu.com’s tracking code and discovered the KISSmetrics code. Using it, Hulu was able to track users regardless of which browser they used or whether they deleted their cookies. KISSmetrics used a number of methods to recreate cookies, and the persistent tracking can only be avoided by erasing the browser cache between visits.

They also say that Shah’s defense that the system is not used to track people around the web doesn’t hold up.

Both the Hulu and KISSmetrics code is pretty enlightening,” Soltani told Wired.com in an e-mail. “These services are using practically every known method to circumvent user attempts to protect their privacy (Cookies, Flash Cookies, HTML5, CSS, Cache Cookies/Etags…) creating a perpetual game of privacy ‘whack-a-mole’.”

Berkeley researcher Soltani, who consulted for the Wall Street Journal’s reporting on privacy, notes that the code includes function names like “cram cookie.”

One of the techniques used involves using something called ETags in the browser cache, a once-theoretical technique that’s never before been seen in the wild on a major site, according to the researchers.

The research also found that many top websites have adopted new ways to track users using HTML5 and that Google tracking cookies are present on 97 of the top sites, including government sites such as IRS.gov.

The full report from the Berkeley researchers



This works only if you can identify encryption, which looks a lot like random noise or sensor data.

Pakistan Tries To Ban Encryption

"Pakistan has a new Telecoms Law going into effect, which requires widespread monitoring of internet usage. In response, new reports are saying that the country is banning encryption, including VPNs, because it would interfere with the ability of ISPs to monitor internet usage."



Without context, we still don't know what constitutes a “heavy user” Related articles put the number at 2.5 GB per month, but the AT&T Press Release makes it look like a dynamic (constantly changing) 5% of users will be impacted. In other words, if you move a lot of data early in the billing period, they slow your connection, which allows other users to leapfrog into the “top 5%” which may or may not mean your speeds go back to normal.

AT&T To Start Data Throttling Heaviest Users

"AT&T has announced that starting on Oct. 1 it will throttle the data speeds of users with unlimited data plans who exceed bandwidth thresholds on its 3G network. AT&T is following in the tracks Verizon and Virgin Mobile in reducing data throughput speeds of its heaviest mobile data users."

[The AT&T Press Release:

One new measure is a step that may reduce the data throughput speed experienced by a very small minority of smartphone customers who are on unlimited plans - those whose extraordinary level of data usage puts them in the top 5 percent of our heaviest data users in a billing period. In fact, these customers on average use 12 times more data than the average of all other smartphone data customers. This step will not apply to … the vast majority of smartphone customers who still have unlimited data plans.



Now avoiding cliches is as easy as pie!

http://www.makeuseof.com/tag/5-websites-english-writer-search-clichs/

5 Websites For The English Writer That Help In The Search For Clichés

Clichesite

Cliché Finder

Sports Clichés

Cliché Web

101 Clichés


No comments: