Tuesday, June 26, 2012
If not government sponsored, perhaps a tool for corporate espionage?
"Security researchers have come across a worm that is meant specifically to steal blueprints, design documents and other files created with the AutoCAD software. The worm, known as ACAD/Medre.A, is spreading through infected AutoCAD templates and is sending tens of thousands of stolen documents to email addresses in China. However, experts say that the worm's infection rates are dropping at this point and it doesn't seem to be part of a targeted attack campaign. ... [They] discovered that not only was the worm highly customized and well-constructed, it seemed to be targeting mostly machines in Peru [Proof of concept testing? Bob] for some reason. ... They found that ACAD/Medre.A was written in AutoLISP, a specialized version of the LISP scripting language that's used in AutoCAD."
Another “Joy of Computer Security” article... Seems they are developing “Best Criminal Practices” as fast as we are developing Best Computer Security Practices.” ...
Cybercriminals Getting Quicker and Craftier, Google Says
Five years ago, Google started a “Safe Browsing” initiative to track down malicious content across the Web. On Tuesday, the company shared some of the insights it gleaned during the cleanup job.
It said — no surprises here — that cybercriminals are getting faster and more creative.
The Internet has long been plagued by “phishing” schemes in which criminals try to trick users into clicking on malicious links that allow them to scoop up a user’s banking credentials or send spam from their machines.
The difference now, Google says, is that as security mechanisms for blocking sites have gotten more effective, criminals have learned to narrow their focus on their victims and never stay in the same place for long.
To avoid detection, cybercriminals now switch up their location and put up new malicious sites using free Web hosting providers and services that automatically generate new domain names. Google said many phishing sites now only stay online for less than an hour. Some are switched out every 10 minutes. It said it now finds 300,000 new phishing sites a month, triple the number it encountered three years ago.
This is not my Ethical Hackers paying off college loans. (They already did that)
Operation High Roller auto-targets bank funds
A global financial fraud scheme that uses an active and passive automated transfer system to siphon money from high balance accounts in financial institutions has been discovered by McAfee and Guardian Analytics.
According to a joint report released overnight, the online fraud, dubbed "Operation High Roller," attacks banking systems worldwide and has impacted thousands of financial institutions including credit unions, large global banks and regional banks. The criminals have attempted to transfer between 60 million euros (US$75.1 million) and 2 billion euros (US$2.5 billion) to mule business accounts belonging to the "organized crime" syndicate from at least 60 banks so far, the study revealed.
"The advanced methods discovered in Operation High Roller show fraudsters moving toward cloud-based servers with multi-faceted automation in a global fraud campaign," David Marcus, director of security research for McAfee Labs, said in a blog post.
We give you a list of Best Practices so you can implement them. Sure it takes a bit more thought (rarely more work) but it avoids articles like this...
Analysis: eHarmony had several password security fails
An analysis of passwords stolen from eHarmony and leaked to the Web recently reveals several problems with the way the dating site handled password encryption and policies, according to a security expert.
The biggest problem clearly was that the passwords, although encrypted and obscured with a hashing algorithm, were not "salted," which would have increased the amount of work password crackers would need to do, writes Mike Kelly, a security analyst at Trustwave SpiderLabs, in a blog post today.
But there were two other less obvious problems. First, the lowercase characters in passwords were converted to uppercase before hashing, Kelly says
… And secondly, during resets the passwords were changed to a five-character password using only letters and digits
Another reason for lawyers to insist that emails with clients must be encrypted!
Typosquatter Used Misspelled Domains to Intercept Email, Claims $1 Million Lawsuit
A man accused of typosquatting is being sued for $1 million by a law firm that alleges he set up a domain that mimics the law firm’s domain name. The firm says he did so in order to intercept email communications intended for its attorneys and staff.
Arthur Kenzie is being sued by Gioconda Law Group, which says that he set up email accounts under a doppelganger domain, GiocondoLaw.com, that is designed to catch email that is intended for the law firm’s domain, GiocondaLaw.com, if senders mistype the address.
“Welcome to America! Here are a few tips on how to avoid a free trip to Mexico.”
"In the wake of the U.S. Supreme Court ruling Monday on Arizona's immigration enforcement law, H-1B workers are being advised to keep their papers on them. About half of all H-1B visa holders are employed in tech occupations. The court struck down several parts of Arizona's law but nonetheless left in place a core provision allowing police officers to check the immigration status of people in the state at specific times. How complicated this gets may depend on the training of the police officer, his or her knowledge of work visas, and whether an H-1B worker in the state has an Arizona's driver's license. An Arizona state driver's license provides the presumption of legal residency. Nonetheless, H-1B workers could become entangled in this law and suffer delays and even detention while local police, especially those officers and departments unfamiliar with immigration documentation."
“People are ignorant, governments must “care” for them!” Fortunately, the loyalty card I use is in the name of a certain law school professor I know.
UK: Supermarket spies: How the Government plans to use loyalty card data to snoop on the eating habits of 25 million shoppers
June 25, 2012 by Dissent
Martin Robinson reports:
The shopping habits of Britain’s 25 million supermarket loyalty card holders could be grabbed by the Government in an attempt to halt the UK’s dangerous obesity crisis, it was claimed today.
People who buy too much alcohol, fatty foods or sugary drinks would be targeted with ‘tailored’ health advice under plans being considered by the Coalition.
With more children than ever dangerously overweight, parents could also be contacted if their bills show they are not giving their offspring a balanced diet from their weekly shop.
Read more on Daily Mail
I wonder how many customers would be willing to give up loyalty cards if this comes to pass.
(Related) “And parents are more ignorant than their children...” Just because they are doing what they say they're not doesn't mean they aren't doing what they say they are.
DATA DETOUR: Spying? No, we're tracking for a web filter, says Telstra
All those rumours about Telstra spying on your web browsing activity have been put to rest. It turns out Telstra wasn't spying at all - they were simply tracking what sites you visit and then sending that data to an overseas company called Netsweeper, which is working on an internet filtering system for the telco. Phew! Thank goodness for that.
They would have told you, of course, but it wasn't really important. I mean, it's not as if they were capturing customer data, storing it and sharing it with third-party operators, right?
… But Greens Senator Scott Ludlam was troubled by the serious privacy implications.
He told SC: "It is potentially problematic. Anything in the US is subject to the Patriot Act, even if the data is anonymised, or sent as batches.
… "We will shortly launch a cybersafety tool that allows parents to specify the website categories their kids can browse. To prepare for this, we are working with a company called Netsweeper to ensure web content is accurately characterised," Telstra told ZDnet in a statement.
Telstra says Netsweeper has a large database of URLs, but when customers visit new domains not in the database, the URL is sent to Netsweeper by Telstra.
… All customer data is left out of the information being shared with the US company, according to Telstra.
… The service will, ultimately, be opt-in, Telstra said.
(Related) ...and some companies have a long tradition of “Let's try this and see if anyone notices.”
Facebook Hides Your Email Address Leaving Only @Facebook.com Visible. Undo This Poppycock Now
In an attempt to improve email address privacy, Facebook has screwed up big time in what seems like a self-serving attempt to increase usage of @facebook.com email addresses that direct to your Facebook Messages Inbox.
Now everyone’s personal email addresses have been hidden from their profiles, regardless of previously selected privacy settings. Instead, your @facebook.com contact info is the only one visible to people with permission to see your email addresses. This makes it harder for friends to contact you via third-party email unless you reset your controls.
Attention conspiracy theorists! (and Class Action Lawyers?)
By Dissent, June 25, 2012
Jane Yakowitz writes:
Vioxx, the non-steroidal anti-inflammatory drug once prescribed for arthritis, was on the market for over five years before it was withdrawn from the market in 2004. Though a group of small-scale studies had found a correlation between Vioxx and increased risk of heart attack, the FDA did not have convincing evidence until it completed its own analysis of 1.4 million Kaiser Permanente HMO members. By the time Vioxx was pulled, it had caused between 88,000 and 139,000 unnecessary heart attacks, and 27,000-55,000 avoidable deaths.
The Vioxx debacle is a haunting illustration of the importance of large-scale data research. Dr. Richard Platt, one of the FDA’s drug risk researchers, described a series of “what if” scenarios in 2007 FDA testimony. (Barbara Evans describes the studyhere.) If researchers had had access to 7 million longitudinal patient record, a statistically significant relationship between Vioxx and heart attack would have been revealed in under three years. If researchers had had access to 100 million longitudinal patient records, the relationship would have been discovered in just three months. Of course, if public health researchers did post-market studies that looked for everything all the time, many of the results that look significant would be the product of random noise. But even if it took six months or one year to become confident in the results from a nation-wide health research database, tens of thousands of deaths may have been averted.
Read more on Info/Law.
Perhaps we should collect some of these “Bad Technology Laws” and make one of those funny Youtube videos?
"The Canadian House of Commons may have passed the Canadian DMCA, but the constitutional concerns with the copyright bill and its digital lock rules will likely linger for years. Michael Geist has obtained internal government documents that indicate that the Department of Justice issued a legal opinion warning about the potential for constitutional violations. The DOJ legal opinion warned of the need to link circumvention with copyright infringement and of the particular danger of not providing the blind with an exception. The Canadian law misses the mark on both counts with no link to infringement and an exception that blind groups say is 'nullified' by strict conditions."
Towards a “Lawyer Free” world! (Just kidding, please don't sue me...)
Perspective: Everyone is becoming more social...
And the Winner of the Next Social Networking Jackpot Is…
Microsoft Monday said it would spend $1.2 billion cash in a much-anticipated acquisition of Yammer, a sort of Twitter for businesses.
The nearly 4-year-old startup is only the latest acquisition in a string of similar deals. Earlier this month, Salesforce.com spent $689 million to buy Buddy Media, which makes Facebook tools for interacting with customers. Oracle last month bought Virtue, which helps companies coordinate social network posts, for $300 million. And analysts expect acquisitions of “Facebook for business” plays to continue.
So who will be next to score in the social-meets-business lottery? Here’s a shortlist of top contenders:
Perspective: Like all good journalism, I assume this is completely without bias... (Sure I do)
"As newspaper budgets shrink, state-sponsored media outlets like RT, China Daily, and Al Jazeera have grown, hired more writers and offered more (free) coverage. Mark Mackinnon, writing for The Globe and Mail, explains the issue well: 'Throughout the recent crisis in Syria, and before that in Libya and Egypt, Xinhua and RT News have thrown unprecedented money and resources at reporting from the scene, even as Western media scale back on their own efforts. It's not too far-fetched to imagine a near future where it's Xinhua or RT, rather than the Associated Press or BBC, that have the only correspondents on the scene of an international crisis, [But the networks will send six people to cover the local dog show! Bob] meaning the world will only get Beijing or Moscow's version of what's happening.' But quality coverage still requires money, which means finding funding from somewhere. You see the effects of this ever day: If your revenue is based mostly off of pay-per-click banner ads, a lowest-common denominator post, like a cheap roundup of cat pictures, is quite possibly going to pull in way more views for less money than a nuanced, deeply reported, and expensive dispatch from Syria. And, yeah, ads can be a bummer, especially when they're executed poorly, and paywalls aren't great. But when the alternatives are either fluffy, thin reporting; or worse, blatantly biased coverage sponsored by governments, we have to find a palatable way to fund good reporting."
Perspective: The thing about large datasets is they are reallly large. This is 25 times larger that the entire online storage of a multi-billion dollar manufacturing company I consulted for a few years ago.
Bing Maps adds 165TB of new images of Earth
Local As real (kill me a tree) books fade, only book collectors will have them, so why not make the display cuter?
These Book Covers Are Custom Made to Match Your Library
Now Wine isn't a book designer, but he does design with books. It started as a hunt for special volumes at thrift stores and estate sales to resell on eBay. But his efforts soon expanded into an entire outfit. Wine's Boulder-based company, Juniper Books, cleverly fills out shelves using both custom covers created for classic works as well as a curated selection of existing editions. The result brings fresh design thinking to a centuries-old industry.
Isn't it bad enough that new parents make us look at hundreds of baby pictures? Now we must watch hours of baby movies?
If you are away from your computer, you cannot view the videos that are stored on it. But what if you could remotely access those videos and stream them using your handheld device? That is precisely what a tool called Air PlayIt offers.
Tools for the “Speachifying” class
Video Recording Teleprompter: Practice Speeches By Recording With The Front-Facing iPhone Camera [iOS]
Video Recording Teleprompter is an iOS application sized at nearly 7 MB and meant for iOS devices with front-facing cameras running iOS version 5.0 or later. The app lets you record videos with the front-facing camera of your device. Meanwhile, the screen can show you the text that you need to read in your speech thereby serving the function of a teleprompter. You can then watch the videos by saving them or simply uploading them to YouTube.