Did these guys learn nothing from the
movie Clueless?
The
Consumerist resets passwords following breach
July 18, 2012 by admin
The
Consumerist seems to have had a security breach. Their blog posts
are light on details, though:
On July
15, they wrote:
As some
Consumerist readers have noted, the site has been down twice in the
past week and we promised an explanation, which follows.
We first took the
site down late Wednesday afternoon, when we were
alerted to a security concern. [Translation: “Our system didn't
detect it.” Bob] The site was then cleaned and cleared
by our security experts, and put back online within about two hours.
Last night, we
detected a new problem and took the site down for another five hours
in order to address that issue.
To limit security
concerns, the Consumerist is now operating in a mode that does not
permit commenting. We apologize for the inconvenience this may cause.
As both a
precaution and as a best practice, we strongly advise that you change
your password at any site where you use the same password as
Consumerist. You cannot change your password at Consumerist yet due
to the no-comment mode, but we will alert you when that changes.
On July 16, they provided an update:
Because of the
nature of the investigation, we cannot – at this time – share
further details of the specific changes. But we do want you to know
of two actions we will be taking in the next few days that may affect
your experience on the site:
***First, we plan
to reset all existing passwords. This means that those of you who use
log-in access at the Consumerist will need to choose a new password
when you log into the site. We will be sending you an email
summarizing the same actions described in this post.
***Second, we plan
to re-open the Consumerist to comments. As noted yesterday, we turned
off commenting as part of our initial response to the latest security
incident.
It could take a
day or two for these actions to take place but we will post another
update when they do occur. In the meantime, here are some answers to
questions you may have about the situation:
Q: You said in
your post yesterday that I should change my password. Does this mean
that my user name or password has been compromised?
A: We
don’t yet know for sure, and are investigating that
carefully. The password files were encrypted,
but as a matter of prudence and good practice we are recommending
that you change your password at any site where you use the same
password as the one you use at Consumerist. We also plan to reset all
existing Consumerist passwords, which will require you to choose a
new password when you try to log into the site.
[,,,]
Q: Does this mean
that if I visited Consumerist, my computer might have been infected?
A: We
don’t know for sure, but if you are worried about a
possible infection, you should use your anti-virus software to run a
complete scan of your machine. If you don’t already have
anti-virus protection on your computer, we strongly suggest you get
some. And for additional suggestions on how to cleanse your machine,
you can consult the StopBadware.org site.
Did it or didn't it? You credibility
is at risk.
Hacker
claims breach of 50,000 accounts from Wall Street IT recruiting firm
July 18, 2012 by admin
Jaikumar Vijayan reports:
A hacker today
claimed to have broken into ITWallStreet.com, a website for IT
professionals seeking jobs or working with Wall Street firms, and
exposed highly detailed data belonging to tens of thousands of job
applicants.
As many as 12 data
files containing detailed information on job applicants were publicly
posted today after apparently being accessed from an ITWallStreet
database by a hacker belonging to a group called TeamGhostShell.
A Computerworld
inspection of the published data showed the first and last names,
mailing addresses, email addresses, usernames, hashed passwords and
phone numbers of what appear to be thousands of people who have
applied for IT jobs with Wall Street firms. Many of the thousands of
hashed passwords appear to have already been decrypted into their
clear text form.
Read more on Computerworld.
As of the time of his article, Andiamo Partners, the firm that
operates the web site, had neither confirmed nor denied the breach.
At the time of this blog post, there is no notice or
alert on their web site, either. [At least an “It has been
claimed...” statement might be useful Bob]
In a world that has evolved from “He
said, She said” to one where everyone can video Rodney King, it may
be best to investigate before making an absolute denial...
Wearable
Computer Pioneer, Dr. Steve Mann, Releases New Photo Supporting His
Assault Claim Against McDonald’s
Isn't it a felony to fail to report a
felony?
Legal,
regulatory risks keep firms from sharing cyber threat data
A U.S. policy report to be released
today says Congress should preempt certain state and federal
regulations in order to allow companies the freedom to share with the
government information about cyber security threats and attacks
without fear of breaking data breach and other laws.
More information sharing is needed
between companies and government agencies in order to help fend off
attacks from hacktivists, criminals, and nation-states that target
computer networks in the United States, according to the Cyber
Security Task Force: Public-Private Information Sharing report
written by the Homeland
Security Project at the non-profit Bipartisan Policy Center.
… "From October 2011 through
February 2012, over 50,000 cyber attacks on private and government
networks were reported to the Department of Homeland Security (DHS),
with 86 of those attacks taking place on critical infrastructure
networks," the report says, citing a New
York Times article. Only a small number of the incidents are
reported to the Department of Homeland Security, mostly because
companies are concerned about legal consequences, the report says
Read
the full report (6.56MB PDF)
This should be interesting...
Justice
Department Sues Telecom for Challenging National Security Letter
Last year, when a telecommunications
company received an ultra-secret demand letter from the FBI seeking
information about a customer or customers, the telecom took an
extraordinary step — it challenged the underlying authority of the
FBI’s National Security Letter, as well as the legitimacy of the
gag order that came with it.
Both challenges are allowed under a
federal law that governs NSLs, a power greatly expanded under the
Patriot Act that allows the government to get detailed information on
Americans’ finances and communications without oversight from a
judge. The FBI has issued hundreds of thousands of NSLs and been
reprimanded for abusing them — though almost none of the requests
have been challenged by the recipients.
After the telecom challenged its NSL
last year, the Justice Department took its own extraordinary measure:
It sued the company, arguing in court documents that
the company was violating the law by challenging its authority.
… It’s only the second time that
such a serious and fundamental challenge to NSLs has arisen. The
first occurred in 2004 in the case of a small ISP owner named
Nicholas Merrill, who challenged an NSL seeking info on an
organization that was using his network. He asserted that customer
records were constitutionally protected information.
But that issue never got a chance to
play out in court before the government dropped its demand for
documents.
This could be handy for me, since I
have a hard time remembering names.
July 18, 2012
FTC
Testifies on Commercial Uses of Facial Recognition Technologies
News
release: "The Federal Trade Commission today told a Senate
Judiciary subcommittee that the FTC is examining the benefits to
consumers, as well as privacy and security concerns regarding current
and possible future
commercial uses of facial recognition technologies and will make
recommendations later this year on best practices for companies that
use these new technologies. The recommendations will build on
comments from a recent FTC workshop on facial recognition technology,
and on the three core principles from the agency's March 2012 Privacy
Report – privacy by design, simplified
consumer choice, and transparency."
A new form of 'news by search?”
Watch stories on your topics of interest no matter where they are
reported? Watch the story from the closest news source? Watch the
news as reported by sock puppets?
July 17, 2012
Pew
- YouTube & News: A New Kind of Visual News
"News is becoming a major part of
what Americans watch on YouTube. In the last 15 months, a third of
the most searched terms on the video sharing site were news related.
A new study by
the Project for Excellence in Journalism explores the character of
news on YouTube—what kinds of stories people access, who produced
them, who posted them and what it means for the future of visual
journalism. See a visual
discussion of the findings."
Perspective
July 18, 2012
Information
and Communications for Development 2012: Maximizing Mobile
"Around
three-quarters of the world’s inhabitants now have access to a
mobile phone and the mobile communications story is moving
to a new level, which is not so much about the phone but how it is
used, says a new report by the World Bank and infoDev, its technology
entrepreneurship and innovation program. The number of mobile
subscriptions in use worldwide, both pre-paid and post-paid, has
grown from fewer than 1 billion in 2000 to over 6 billion now, of
which nearly 5 billion are in developing countries. Ownership
of multiple subscriptions is becoming increasingly common, suggesting
that their number will soon exceed that of the human population.
"The report, Information
and Communications for Development 2012: Maximizing Mobile, says
more than 30 billion mobile applications, or “apps,” were
downloaded in 2011 – software that extends the capabilities of
phones, for instance to become mobile wallets, navigational aids or
price comparison tools. This trend is also benefiting developing
countries where people are increasingly using mobile phones to create
new livelihoods and enhance their lifestyles, while governments are
using them to improve service delivery and citizen feedback
mechanisms."
My geeks are happy!
"Hardly a day goes by without a
top-level research group announcing some kind
of graphene-related breakthrough, but this one's a biggy: Researchers
at the University of Erlangen-Nuremberg, Germany have created
high-performance
monolithic graphene transistors using a simple lithographic
etching process. This could be the missing step that finally paves
the way to post-silicon electronics. In theory,
according to early demos from the likes of IBM and UCLA, graphene
transistors should be capable of switching at speeds between 100GHz
and a few terahertz. The problem is, graphene
doesn't have a bandgap — it isn't a natural semiconductor, like
silicon — and so it is proving very hard to build transistors out
of the stuff. Until now! The researchers say that current
performance "corresponds well with textbook predictions for the
cutoff frequency of a metal-semiconductor field-effect transistor,"
but they also point out that very simple
changes could increase performance 'by a factor of ~30.'"
Here's a challenge: try to think of a
more expensive way to do this... Hint: Don't ask students.
"The White House has unveiled a
proposal to create
a national elite teachers corps to reward the nation's best
educators in science, technology, engineering and math. In the first
year, as many as 2,500 teachers in those subjects would get $20,000
stipends on top of their base salaries in exchange for a multiyear
commitment to the STEM
Master Teacher Corps. The Obama administration plans to expand
the corps to 10,000 nationwide over the next four years, with the
ultimate goal that the elite group of teachers will pass their
knowledge and skills on to their colleagues to help bolster the
quality of teaching nationwide."
The future or just another bandwagon?
Still, the qustion of “certification”
The online education platform Coursera
announced today that 12 more universities had signed on as partners,
joining the 4 that were part of the startup’s launch
in April. Joining the University of Pennsylvania, Princeton,
University of Michigan and Stanford are Georgia Tech, Duke
University, University of Washington, Caltech, Rice University,
University of Edinburgh, University of Toronto, EPFL - Lausanne
(Switzerland), Johns Hopkins University (School of Public Health),
UCSF, University of Illinois Urbana-Champaign, and the University of
Virginia.
(Related)
What
It’s Like to Teach a MOOC
No comments:
Post a Comment