See? Plenty of time.
"Maybe instead of zero-day
vulnerabilities, we should call them -312-day vulnerabilities.
That's how long it takes, on average, for software vendors to become
aware of new vulnerabilities in their software after hackers begin to
exploit them, according to a study presented by Symantec at an
Association of Computing Machinery conference in Raleigh, NC this
week. The researchers used data collected from 11 million PCs to
correlate a catalogue of zero-day attacks with malware signatures
taken from those machines. Using that retrospective analysis, they
found 18 attacks that represented zero-day exploits between February
2008 and March of 2010, seven of which weren't previously known to
have been zero-days. And most disturbingly, they found that those
attacks continued more than 10 months on average – up to 2.5
years in some cases – before the security community became aware of
them. 'In fact, 60% of the zero-day vulnerabilities we identify in
our study were not known before, which suggests that there are many
more zero-day attacks than previously thought — perhaps more than
twice as many,' the researchers write."
For my Disaster Recovery
students... How would you protect data and operations that you were
certain were being targeted?
"The
Pirate Bay has made an important change to its infrastructure. The
world's most famous BitTorrent site has switched
its entire operation to the cloud. From now on The Pirate Bay
will serve its users from several cloud hosting providers scattered
around the world. The move will cut costs,
ensure better uptime, and make the site virtually invulnerable to
police raids — all while keeping user data secure."
They are still running their own
dedicated load balancers that forward encrypted traffic to one of
their "cloud" providers, rather than dealing with physical
colocation. Seems like a sensible decision any IT manager would
make.
Now this is a sanction that hurts!
(But weren't we concerned that Iran was counterfeiting US $100
bills?)
"In an
interesting problem with physical currency, Iran
is now running out of hard currency, due to a combination of
inflation, and 'Koenig & Bauer AG of Würzburg, Germany, also
says it has not responded to an Iranian request for bids to make the
presses to print new rials.' Perhaps they should switch to BitCoin."
In addition to not printing money for
them, the European currency presses won't sell Iran the equipment
needed to print their currency domestically (not unexpected with the
embargo). pigrabbitbear
adds: "Eutelsat Communications, one of the largest satellite
providers in Europe, has just nixed its contract with IRIB, the
Iranian state broadcasting company. While IRIB's programming is
still mostly up and running in Iran, the decision means that 19
IRIB TV and radio channels have now been axed from Europe and much of
the Middle East."
An interesting question or
two. With Pineta claiming a Cyber-Pearl Harbor is near and DHS
“concerned” about infrastructure, would you trust a Russian
operating system? Why isn't there an American version? (Would
Kaspersky's at least serve as a model?) Perhaps Russia will be the
only secure nation...
Russian
Anti-Virus Firm Plans Secure Operating System to Combat Stuxnet
Russian anti-virus firm Kaspersky Lab
announced Tuesday that it plans to develop a secure operating system
to protect critical infrastructure systems from online attacks.
Kaspersky hopes to develop a pared-down
operating system that would be less vulnerable to attack from
malicious programs like Stuxnet – a cyberweapon discovered in 2010
that was designed to target industrial systems that control Iran’s
nuclear program.
“Today there exists neither operating
systems nor software that could be applied in
industrial/infrastructural environments whose produced data on
processes could be fully trusted,” wrote
company founder Eugene Kaspersky in a blog post. “And this
left us with no other option than to begin developing something new
ourselves.”
I am an Academic. All
those “Hacking for fun and profit” books are purely for research
purposes...
Amazon’s
Next Big Business Is Selling You
Facebook knows who your friends are.
Google knows what you’re interested in finding on the internet.
Amazon knows what you’ve bought, and has a pretty good idea of what
you might want to buy next.
If you were an advertiser, which
company’s data sounds most valuable to you? If you had a product
you wanted to sell, which of those things would you most want to
know?
(Related) If Amazon can do it, so can
Mastercard... The question becomes, “Who can't do it?”
MasterCard
Is Selling Your Data Just in Time for the Holidays
Credit card companies make money by
taking a cut every time you swipe your plastic at the checkout
counter. Now MasterCard has found a way to make those swipes pay
over and over again.
As the Financial Times first
reported, MasterCard is packaging its transaction data — your
transaction data — and selling it to advertisers. The story was
based on an apparently confidential pitch MasterCard made to
potential clients. Not too confidential, because we
found a copy by googling
it. [A simple illustration of “Open Source” intelligence...
Bob]
(Related) Gosh and golly,
maybe everyone is doing it!
Verizon Wireless is facing criticism
and possibly even a lawsuit for selling customers’ phone activity
to marketers. Such activity consists of geographical location,
browsing habits, and app usage. The company began offering this
information to marketers just recently, and it shows what Verizon
subscribers are doing on their phones, including both iOS and Android
devices.
I like it! Do you think
we could make “failure to encrypt” a lot more costly too?
"The Information Commissioner's
Office has filed a suit for £120,000 against the Greater Manchester
Police because officers regularly used memory sticks without
passwords to copy data from police computers and work on it away from
the department. In July 2011, thousands of peoples' information was
stolen
from a officer's home on an unencrypted memory stick. A similar
event happened at the same department in September 2010. 'This was
truly sensitive personal data, left in the hands of a burglar by poor
data security. The consequences of this type of breach really do
send a shiver down the spine,' said ICO deputy commissioner David
Smith."
Can you say,
“Overreaction?”
"A row over a web article
posted five years ago has led to 1.5
million educational blogs going offline. The Edublogs site went
dark for about an hour after its hosting company, ServerBeach, pulled
the plug. The hosting firm was responding to a copyright claim from
publisher Pearson, which said one blog had
been illegally sharing information it owned. ...
The offending article was first published in November 2007 and made
available a copy of a questionnaire, known as the Beck Hopelessness
Scale, to a group of students. The copyright for the questionnaire
is owned by Pearson, which asked ServerBeach to remove the content in
late September."
For my Ethical Hackers... “It's not
a bug, it's a feature!” Remember, some day you may be a target...
"Pacemakers seem to be hackable
now too, if researcher Barnaby Jack is to be believed. And the
consequences of that are deadly. Anonymous
assassinations within 30 feet of the pacemaker seem to be
possible. From the article: 'In a video demonstration, which Jack
declined to release publicly because it may reveal the name of the
manufacturer, he issued a series of 830 volt shocks to the pacemaker
using a laptop. The pacemakers contained a
"secret function" which could be used to activate all
pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30
foot -plus vicinity. ... In reverse-engineering the
terminals – which communicate with the pacemakers – he discovered
no obfuscation efforts and even found usernames and passwords for
what appeared to be the manufacturer’s development server. That
data could be used to load rogue firmware which could spread between
pacemakers with the "potential to commit mass murder."'"
For my Geeky Gawkers... Some photos
plus a tour via “Street View”
Google
Throws Open Doors to Its Top-Secret Data Center
A way to “Push” information to the
troops. (Employees, students, whatever...)
Amazon’s
New Whispercast Service Provides Organization-Wide Kindle Content
Deployment
Amazon today unveiled its new its new
Whispercast
for Kindle service, which provides businesses and other
organizations like schools a way to easily deploy Kindle content to
members, students and employees across not only Amazon hardware, but
also Kindle apps for iOS and Android devices. Right now, it allows
administrators to buy Kindle books and documents and spread them
around, and in the future, Amazon plans to add the ability to push
out Kindle Fire apps to the company’s Android-powered tablets as
well.
The initiative is clearly designed
to give Kindle a greater foothold in the education market,
where Amazon is saying that Whispernet allows not only widespread
distribution of content, including free classic titles whose
copyrights have expired, but also remote device management for
Kindles owned by educational organizations. Already, there are
programs that have seen Kindles deployed in school systems, including
via Amazon’s
own community outreach programs. Whispercast provides an easy
way for organizations to more effectively deploy those programs, and
also support students who may be bringing their own devices from
home.
Free is good, but be sure to backup!
… And now if you’re a college
student anywhere in world, you qualify as part of Dropbox’s Space
Race Program for an extra 3 GB of Dropbox space for two years,
plus up to 25 GB of space for your school for two years.
Of course, while Dropbox offers all
this free, it does want some of its freeloading customers to make a
premium upgrade, but as one of the leading cloud services on the
Internet, Dropbox is being pretty generous. Note also, the 3 GB of
storage is in addition to the 2 GB of free space given to everyone
who signs up for Dropbox.
To be eligible
for the Space Race Program, you must meet the following the criteria:
- You must be an actively enrolled in a college or university or the equivalent of a university.
- You need to sign up with active email address from the school you attend (note: you also qualify if you already have existing Dropbox account).
- Your higher education institution must also have at least 25 participants sign up for the program (so announce it in one of your classes).
The program runs from October 15 to
December 10, 2012. You sign up by visiting www.dropbox.com/spacerace.
Any additional storage space earned through the program will expire
on January 15, 2015, and thus accounts will downgrade to
the users’ original, initial free space.
For those of us who can't
type worth a darn...
Speech recognition software can be very
pricey, but adding a speech recognition option to your computer
doesn't have to be expensive. Here are two free speech to text tools
to try.
In Google Chrome you can use the Speech
Recognizer app available for free through the Chrome Web Store.
To use the Chrome
Speech Recognizer just install it from the Chrome Web Store,
launch it, then click the microphone to start taking and recording
your voice. The Speech Recognizer will type out your text when you
finish recording. You can then copy and paste your text to the
paragraph box below the Speech Recognizer or to a document you have
open in Google Docs.
Online
Dictation is a free site that will transcribe your speech for
you. To use the site just visit it, click on the microphone icon,
and start talking. If the transcription inserts the wrong word (for
example it inserted "number" instead of "mumble"
when I tried it) just click on that word to replace it. You can copy
the transcript and paste it anywhere you like.
(Related) Handy for all those new math
words students run into in my classes...
… One podcast that I still consider
a must-listen is Tom Grissom's Tech
Talk 4 Teachers. During the most
recent episode Tom shared Word Talk.
Word
Talk is a free text to speech plugin for Microsoft Word. Word
Talk highlights text as it is narrated for you. An audio dictionary
is also included in Word Talk.
Applications
for Education
For students that need
to hear a word pronounced or need sentences read to them for
clarification, Word Talk could be a handy plugin to have
installed in Microsoft Word.
(Related) It can't hurt!
… Road To Grammar offers a
multitude of games and quizzes to help you practice your grammar
skills in a way that is fun. The quizzes are broken down by
category, so you can work on exactly the part of grammar you need to
practice. In all, there are 365 quizzes available, so you can do one
a day for a year, and greatly improve your writing skills.
No comments:
Post a Comment