"The Windows version of the
Crisis Trojan is able to sneak onto VMware implementations,
making it possibly the first malware to target
such virtual machines. It also has found a way
to spread to Windows Mobile devices.
Samples of Crisis, also called Morcut, were first discovered about a
month ago targeting Mac machines
running various versions of OS X. The Trojan spies on users by
intercepting e-mail and instant messenger exchanges and eavesdropping
on webcam conversations. Launching as a Java archive (JAR) file made
to look like an Adobe Flash Installer, Crisis scans an infected
machine and drops an OS-specific executable to open a backdoor and
monitor activity. This week, researchers also discovered W32.Crisis
was capable of infecting VMware virtual machines and Windows Mobile
devices."
“Just because all you hackers think
it's not secure doesn't mean we won't go ahead as planned!” After
all, they have a long tradition of bureaucratic incompetence to live
up to.
"The FAA's NextGen Air Traffic
Control (ATC) modernization plan is at risk
of serious security breaches, according to Brad Haines (aka
RenderMan). Haines outlined
his concerns during a presentation
(PDF) he gave at the recent DefCon 20 hacker conference in Las Vegas,
explaining that ADS-B signals are unauthenticated and unencrypted,
and 'spoofing'
(video) or inserting a fake aircraft into the ADS-B system is easy.
The FAA isn't worried because the system has been certified and
accredited."
For my Computer Security students.
Reminds me of a neighbor who used to leave a note on his door that
said, “Your damn rattlesnake has escaped again. Call me when you
find it. Call 911 if it finds you first.”
"Softpedia reports that Global
Link Security Solutions are offering a product that doesn't
actually do anything to alert an owner of a break-in to their
home or business, but it displays "one hell of a laser show in
an attempt to scare potential crooks into thinking that they have no
chance of breaking in without triggering the alarm." According
to the security firm, LaserScan has four lines of protection: a
number of lasers
that move along the walls and floors (video), an LED which
indicates that there's a "link" to a satellite, a beeping
alert, and a sticker placed on the front door. Although the company
claims that none of their current customers has reported break-ins
since the system has been installed, security guru Bruce Schneier
highlights that the product only
works if the product isn't very widely known."
Local. Just because you have a cop in
your class?
http://www.9news.com/news/article/284591/339/CU-tells-faculty-no-class-cancellations-over-guns?odyssey=tab|topnews|bc|large
University
of Colorado-Boulder tells faculty no class cancellations over guns
University of Colorado
Chancellor Phil DiStefano is telling faculty members they have no
right to cancel classes if one of their students is lawfully carrying
a gun.
The warning comes a day
after Professor Jerry Peterson said he plans to cancel class if he
ever learns any of his students are carrying firearms.
According
to the Boulder Daily Camera, DiStefano warned Tuesday
that any faculty members who do so will be in violation of their
contracts and could face disciplinary action.
The Colorado Supreme Court has ruled
that students with conceal-carry permits are allowed to bring guns
into classrooms and labs.
Peterson said Tuesday he still stands
by his classroom policy because a student with a gun would be a
classroom distraction.
I'm sure this list covers every
conceivable point... Perhaps we could write up a list of things
your privacy policy (and practices) should address?
7
reasons the FTC could audit your privacy program
… What did I find out? A shortlist
of seven practices that will put a bull's eye on your company.
1. Secretly
tracking people
2. Not regularly
assessing and improving data security
3. Not honoring
opt-outs
4. Not collecting
parental consent
5. Not providing
complete and accurate privacy policies
6. Disclosing
consumer data without consent
7. Not assessing
vendor and client security
Are the state laws cutting edge? If
so, what parts should be adopted by the Feds?
State
Privacy Laws Evolve While Congress Remains Stalemated
August 22, 2012 by admin
New legislation governing data
breaches and privacy issues is popping up in states across the
country. Most recently, Connecticut, Vermont, and Illinois have
enacted new laws in these areas.
You can find a nice summary of the
three new laws on CyberInquirer.
Does AT&T no longer have a legal
department or is this just a strategy I can't understand? (Or, “We
can screw with it until we are force to stop. Maybe that will be
enough to allow our inferior products to catch up.”)
AT&T’s
App-Blocking Defense Is Weak and Anti-Consumer
Amid a wave of backlash about its plans
to block FaceTime over mobile, AT&T Senior Vice President for
Regulatory Affairs Bob Quinn took to the company’s policy blog on
Wednesday to defend
its plans to block the popular app on its network unless users pony
up extra cash for its new, expensive “Mobile Share” plans.
AT&T’s defense? The
carrier asserts that it can block FaceTime all it wants, because the
app comes preloaded on the iPhone and is not downloaded by the user.
But the rules
adopted by the Federal Communications Commission to prevent carriers
from blocking access to applications and websites over mobile
connections are crystal clear: Mobile broadband
providers cannot “block applications that compete with the
provider’s voice or video telephony services.”
Are they using this because many evil
doers won't fight back? Where does that leave the innocent sites?
Feds
Expand Domain Seizures to Mobile-App Pirate Sites
The U.S. government for the first time
has seized internet domains of online sites accused
of selling pirated mobile applications, in this instance, Android
apps.
Seizing domains is nothing new under
the President Barack Obama administration. Usually, however, sites
are shuttered for offering gambling, hawking counterfeit goods, or
providing links to or streaming unauthorized movies and sporting
events, or selling unauthorized copies of software. The government
has seized more than 750 domains in the past two years under a
program called “Operation
in Our Sites.” (.pdf)
“We're moving as fast as we want
to...”
Oops!
Venture Capital Rebirth Delayed by Third Blown Deadline
The Securities and Exchange Commission
now
says it needs at least another week before it can detail its
proposal to rescind longstanding prohibitions against startups
advertising that they are seeking investors.
The SEC had been scheduled
to consider the changes at its open meeting today following a delay
last week. Prior to missing this week’s deadline and last week’s
deadline, both self imposed, the commission missed
a July 4 deadline spelled out in the JOBS Act, a recently approved
piece of legislation that, among various other securities rules,
loosens restrictions on how startups can raise money from venture
capital funds and other wealthy “accredited investors.” The
commission is now slated to discuss the so-called general
solicitation rules at a meeting Aug. 29.
Jobs for my Ethical Hackers?
Darpa
Looks to Make Cyberwar Routine With Secret ‘Plan X’
The Pentagon’s top research arm is
unveiling a new, classified cyberwarfare project. But it’s not
about building the next Stuxnet, Darpa swears. Instead, the
just-introduced “Plan X” is designed to make online strikes a
more routine part of U.S. military operations. That will make the
son of Stuxnet easier to pull off — to, as Darpa puts it, “dominate
the cyber battlespace.”
Darpa spent years backing research that
could shore up the nation’s cyberdefenses. “Plan X” is part of
a growing and fairly recent push into offensive
online operations by the Pentagon agency largely responsible for
the internet’s creation. In recent months, everyone from the
director
of Darpa on down has pushed the need to improve — and normalize
— America’s ability to unleash cyberattacks against its foes.
(Related) More jobs?
"Google, which has come under
fire for years for its privacy practices and recently settled a
privacy related case with the Federal Trade Commission that resulted
in a
$22.5 million fine, is building out a privacy 'red team,' a group
of people charged with finding
and resolving privacy risks in the company's products. The
concept of a red team is one that's been used in security for
decades, with small teams of experts trying to break a given software
application, get into a network or circumvent a security system as
part of a penetration test or a similar engagement. The idea is
sometimes applied in the real world as well, in the form of people
attempting to gain entry to a secure facility or other restricted
area."
Something to amuse my Statistics class?
(If this was reliable, we're looking at a landslide.)
Amazon’s
Political Heat Map Colors Book-Buying Preferences
Amazon has introduced a heat
map of the political books sold in the U.S. An overwhelming lean
toward red hues suggests that conservative-themed books are
outselling left leaning ones coast to coast.
Amazon is quick to point out that the
system isn’t scientific. The map presents a rolling 30-day average
of book-buying data and classifies them as red or blue depending on
promotional materials and customer classifications. And there’s no
sliding scale. A book is either red or blue, so there’s no nuance
for centrists. “Just remember, books aren’t votes,” Amazon
says on the heat map site. “ So a map of book purchases may reflect
curiosity as much as commitment.”
Perspective
Something for my Data Miners?
Google’s
Mind-Blowing Big-Data Tool Grows Open Source Twin
Cheap is good, if you can't find free
A
nifty online resource for my Excel students...
30
Excel Functions in 30 Days
No comments:
Post a Comment