A new breach of old data?
Ru:
More than 1.6 million Mobile TeleSystems phone subscribers learn
their details leaked online
October 26, 2011 by admin
Nathan Toohey and Alina Lobzina report:
The Vedomosti
newspaper has reported that more than 1 million of mobile provider
MTS’ users have had their personal data published on the
Zhiltsy.net website.
A resident of the
town of Ufa, Fedor Ponomarev, alerted the newspaper to the massive
data leak.
The data
originated from 2006 and after learning about the leak MTS tightened
its data security, Vedomosti reported, adding that a
source at MTS said the leak was “due to the fault of the security
services.” The exact security services branch was not
named.
According to
Vedomosti’s estimates the database on the website contains more
than 1.6 million phones numbers with the prefix codes 917 and 911,
which correspond to the Bashkiria and St. Petersburg regions.
The data base
contains the name, surname and patronymic of private subscribers, as
well as some address and passport details. [Perhaps
you need a passport to call overseas? Bob]
Read more on The
Moscow News.
Lukas I. Alpert also covers the breach
on Moscow
Times.
From available coverage, it sounds like
the leak actually originally occurred in 2006 and that MTS may have
known about a leak that year. But maybe I’m misunderstanding the
news coverage…
Who benefits? Another politician? A
news organization? A “concerned” government? What would the
reaction be if the tap my Ethical Hacking students put on the US
Congress was discovered?
Japanese
Parliament officials and staff monitored by Malware
The recent
revelations centering on Mitsubishi Heavy Industries isn’t the only
cybercrime report coming out of Japan this week. As it turns out,
the Lower House of the Japanese Parliament was attacked around the
same time as Mitsubishi, which led to officials and staffers having
their communications monitored.
Asahi
Shimbun once again breaks the news, as sources tell them that 480
officials and staff in the Lower House were monitored for
a least a month, thanks to Malware discovered on systems in late
August. Investigators discovered that the Malware was installed
sometime in July, after member of the Lower House opened a malicious
email attachment.
The payload served additional Malware
from a source in China, which included the ability to
hijack passwords and other information. The speculation
is that the attack was designed to gather information
on national politics, such as foreign policy and defense policy.
A spokesperson for the Lower House told
Asahi Shimbun: “We are investigating whether computers and servers
are infected with viruses and undoing the damage. We
are not aware of any tangible damage, such as data loss.” [This
directly contradicts what the article reports Bob]
How to deal with a breach. (From Gary
Alexander)
Stepping
Into the Breach
Data breaches are going
to happen, regardless of what an institution does. How
effectively a school responds may be a more telling indicator of its
preparedness.
… The first step,
though, is to come clean. The knee-jerk reaction for many
administrators is to keep news of the breach quiet. That's a mistake.
"If you let the media control the message, it is going to be a
painful experience," says Jeremiah Grossman, chief technology
officer with WhiteHat
Security. "It has to be all about honesty and transparency
to make sure there remains a level of trust in the institution."
I noticed this in a brief Q&A about
Google Plus – the future may include “automated eavesdropping”
Inside
Google Plus
Wired: Have you
thought about how you’re going to make money off this?
Horowitz: It’s not
the highest priority. And it would be premature to come up with that
before we understand how it’s used. But if we do a good job of
serving users, we can stick to the Google philosophy that ads are a
kind of tax on the product. So, for example, if you
and I are talking about where we’re going for dinner on Sunday, and
the system is smart enough to recognize the nature of that discussion
and offer me a 20 percent discount for a local restaurant, that’s
not a nuisance. That’s an incredibly valuable offer.
Perspective
Internet
responsible for 2 per cent of global energy usage
… Justin
Ma and Barath
Raghavan, researchers at the University of California, Berkeley
and the nearby International
Computer Science Institute respectively, estimate that the
internet consumes between 170
and 307 GW. [Remember, it only takes
1.21
gigawatts
to run a Delorian's flux capacitor
Bob]
More perspective
Internet
video consumption rivals basic cable
Sandvine's Global
Internet Phenomena Report: Fall 2011 (PDF) (registration
required) shows that real-time entertainment applications are the
primary drivers of network capacity on fixed access (non-wireless)
networks in North America, accounting for 60 percent of peak
downstream network traffic from 7 p.m.-9 p.m., up from 50 percent in
2010.
The report also reveals that we've
entered a post-PC era where the majority of the traffic is destined
for devices other than a laptop or desktop computer.
Perspective Infographic
In
60 Seconds on the Web is a neat infographic displaying
approximations of how much new stuff appears on the web every sixty
seconds.
For my students. This is why we want
to build the “Forever Wiki” to keep you current.
"Eric Bloom, an IT leadership
coach and former CIO, has answered that eternal question 'does
working on old software hurt your professional marketability' with a
somewhat surprising 'no.' But, Bloom adds, 'a techie's skill set
from a marketability perspective has a two year half-life. That is
to say, that the exact set of skills you have today
will only be half as marketable two years from now.'"
(Related) There is an old “case
study” in the Harvard Business Review that analyzed a failed
two-year applications development project. One of the main
criticisms was that not development project should last more that six
months! You can not see what the technology will be ten years down
the road...
"America's new CIO Steven
VanRoekel wants to revamp the federal government and make it as agile
as a startup. But first he has to get
rid of bugs like the Department of Agriculture's 21 different e-mail
systems. From the article: '“Too often, we have built closed,
monolithic projects that are outdated or no
longer needed by the time they launch,” he said.
As an example, he mentioned the Defense Department’s human
resources management system. Dubbed the “Defense Integrated
Military Human Resource System,” the project was meant to take
seven years to develop. Instead, it took 10, cost $850 million and
had to be scrapped after 10 years of
development in 2010 because it ended up being useless.'"
No comments:
Post a Comment