Wednesday, October 17, 2012

See? Plenty of time.
"Maybe instead of zero-day vulnerabilities, we should call them -312-day vulnerabilities. That's how long it takes, on average, for software vendors to become aware of new vulnerabilities in their software after hackers begin to exploit them, according to a study presented by Symantec at an Association of Computing Machinery conference in Raleigh, NC this week. The researchers used data collected from 11 million PCs to correlate a catalogue of zero-day attacks with malware signatures taken from those machines. Using that retrospective analysis, they found 18 attacks that represented zero-day exploits between February 2008 and March of 2010, seven of which weren't previously known to have been zero-days. And most disturbingly, they found that those attacks continued more than 10 months on average – up to 2.5 years in some cases – before the security community became aware of them. 'In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought — perhaps more than twice as many,' the researchers write."

For my Disaster Recovery students... How would you protect data and operations that you were certain were being targeted?
"The Pirate Bay has made an important change to its infrastructure. The world's most famous BitTorrent site has switched its entire operation to the cloud. From now on The Pirate Bay will serve its users from several cloud hosting providers scattered around the world. The move will cut costs, ensure better uptime, and make the site virtually invulnerable to police raids — all while keeping user data secure."
They are still running their own dedicated load balancers that forward encrypted traffic to one of their "cloud" providers, rather than dealing with physical colocation. Seems like a sensible decision any IT manager would make.

Now this is a sanction that hurts! (But weren't we concerned that Iran was counterfeiting US $100 bills?)
"In an interesting problem with physical currency, Iran is now running out of hard currency, due to a combination of inflation, and 'Koenig & Bauer AG of W├╝rzburg, Germany, also says it has not responded to an Iranian request for bids to make the presses to print new rials.' Perhaps they should switch to BitCoin."
In addition to not printing money for them, the European currency presses won't sell Iran the equipment needed to print their currency domestically (not unexpected with the embargo). pigrabbitbear adds: "Eutelsat Communications, one of the largest satellite providers in Europe, has just nixed its contract with IRIB, the Iranian state broadcasting company. While IRIB's programming is still mostly up and running in Iran, the decision means that 19 IRIB TV and radio channels have now been axed from Europe and much of the Middle East."

An interesting question or two. With Pineta claiming a Cyber-Pearl Harbor is near and DHS “concerned” about infrastructure, would you trust a Russian operating system? Why isn't there an American version? (Would Kaspersky's at least serve as a model?) Perhaps Russia will be the only secure nation...
Russian Anti-Virus Firm Plans Secure Operating System to Combat Stuxnet
Russian anti-virus firm Kaspersky Lab announced Tuesday that it plans to develop a secure operating system to protect critical infrastructure systems from online attacks.
Kaspersky hopes to develop a pared-down operating system that would be less vulnerable to attack from malicious programs like Stuxnet – a cyberweapon discovered in 2010 that was designed to target industrial systems that control Iran’s nuclear program.
“Today there exists neither operating systems nor software that could be applied in industrial/infrastructural environments whose produced data on processes could be fully trusted,” wrote company founder Eugene Kaspersky in a blog post. “And this left us with no other option than to begin developing something new ourselves.”

I am an Academic. All those “Hacking for fun and profit” books are purely for research purposes...
Amazon’s Next Big Business Is Selling You
Facebook knows who your friends are. Google knows what you’re interested in finding on the internet. Amazon knows what you’ve bought, and has a pretty good idea of what you might want to buy next.
If you were an advertiser, which company’s data sounds most valuable to you? If you had a product you wanted to sell, which of those things would you most want to know?

(Related) If Amazon can do it, so can Mastercard... The question becomes, “Who can't do it?”
MasterCard Is Selling Your Data Just in Time for the Holidays
Credit card companies make money by taking a cut every time you swipe your plastic at the checkout counter. Now MasterCard has found a way to make those swipes pay over and over again.
As the Financial Times first reported, MasterCard is packaging its transaction data — your transaction data — and selling it to advertisers. The story was based on an apparently confidential pitch MasterCard made to potential clients. Not too confidential, because we found a copy by googling it. [A simple illustration of “Open Source” intelligence... Bob]

(Related) Gosh and golly, maybe everyone is doing it!
Verizon Wireless is facing criticism and possibly even a lawsuit for selling customers’ phone activity to marketers. Such activity consists of geographical location, browsing habits, and app usage. The company began offering this information to marketers just recently, and it shows what Verizon subscribers are doing on their phones, including both iOS and Android devices.

I like it! Do you think we could make “failure to encrypt” a lot more costly too?
"The Information Commissioner's Office has filed a suit for £120,000 against the Greater Manchester Police because officers regularly used memory sticks without passwords to copy data from police computers and work on it away from the department. In July 2011, thousands of peoples' information was stolen from a officer's home on an unencrypted memory stick. A similar event happened at the same department in September 2010. 'This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine,' said ICO deputy commissioner David Smith."

Can you say, “Overreaction?”
"A row over a web article posted five years ago has led to 1.5 million educational blogs going offline. The Edublogs site went dark for about an hour after its hosting company, ServerBeach, pulled the plug. The hosting firm was responding to a copyright claim from publisher Pearson, which said one blog had been illegally sharing information it owned. ... The offending article was first published in November 2007 and made available a copy of a questionnaire, known as the Beck Hopelessness Scale, to a group of students. The copyright for the questionnaire is owned by Pearson, which asked ServerBeach to remove the content in late September."

For my Ethical Hackers... “It's not a bug, it's a feature!” Remember, some day you may be a target...
"Pacemakers seem to be hackable now too, if researcher Barnaby Jack is to be believed. And the consequences of that are deadly. Anonymous assassinations within 30 feet of the pacemaker seem to be possible. From the article: 'In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop. The pacemakers contained a "secret function" which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity. ... In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server. That data could be used to load rogue firmware which could spread between pacemakers with the "potential to commit mass murder."'"

For my Geeky Gawkers... Some photos plus a tour via “Street View”
Google Throws Open Doors to Its Top-Secret Data Center

A way to “Push” information to the troops. (Employees, students, whatever...)
Amazon’s New Whispercast Service Provides Organization-Wide Kindle Content Deployment
Amazon today unveiled its new its new Whispercast for Kindle service, which provides businesses and other organizations like schools a way to easily deploy Kindle content to members, students and employees across not only Amazon hardware, but also Kindle apps for iOS and Android devices. Right now, it allows administrators to buy Kindle books and documents and spread them around, and in the future, Amazon plans to add the ability to push out Kindle Fire apps to the company’s Android-powered tablets as well.
The initiative is clearly designed to give Kindle a greater foothold in the education market, where Amazon is saying that Whispernet allows not only widespread distribution of content, including free classic titles whose copyrights have expired, but also remote device management for Kindles owned by educational organizations. Already, there are programs that have seen Kindles deployed in school systems, including via Amazon’s own community outreach programs. Whispercast provides an easy way for organizations to more effectively deploy those programs, and also support students who may be bringing their own devices from home.

Free is good, but be sure to backup!
… And now if you’re a college student anywhere in world, you qualify as part of Dropbox’s Space Race Program for an extra 3 GB of Dropbox space for two years, plus up to 25 GB of space for your school for two years.
Of course, while Dropbox offers all this free, it does want some of its freeloading customers to make a premium upgrade, but as one of the leading cloud services on the Internet, Dropbox is being pretty generous. Note also, the 3 GB of storage is in addition to the 2 GB of free space given to everyone who signs up for Dropbox.
To be eligible for the Space Race Program, you must meet the following the criteria:
  • You must be an actively enrolled in a college or university or the equivalent of a university.
  • You need to sign up with active email address from the school you attend (note: you also qualify if you already have existing Dropbox account).
  • Your higher education institution must also have at least 25 participants sign up for the program (so announce it in one of your classes).
The program runs from October 15 to December 10, 2012. You sign up by visiting Any additional storage space earned through the program will expire on January 15, 2015, and thus accounts will downgrade to the users’ original, initial free space.

For those of us who can't type worth a darn...
Two Handy Speech to Text Tools
Speech recognition software can be very pricey, but adding a speech recognition option to your computer doesn't have to be expensive. Here are two free speech to text tools to try.
In Google Chrome you can use the Speech Recognizer app available for free through the Chrome Web Store. To use the Chrome Speech Recognizer just install it from the Chrome Web Store, launch it, then click the microphone to start taking and recording your voice. The Speech Recognizer will type out your text when you finish recording. You can then copy and paste your text to the paragraph box below the Speech Recognizer or to a document you have open in Google Docs.
Online Dictation is a free site that will transcribe your speech for you. To use the site just visit it, click on the microphone icon, and start talking. If the transcription inserts the wrong word (for example it inserted "number" instead of "mumble" when I tried it) just click on that word to replace it. You can copy the transcript and paste it anywhere you like.

(Related) Handy for all those new math words students run into in my classes...
Word Talk - A Free Text to Speech Plugin for Microsoft Word
… One podcast that I still consider a must-listen is Tom Grissom's Tech Talk 4 Teachers. During the most recent episode Tom shared Word Talk.
Word Talk is a free text to speech plugin for Microsoft Word. Word Talk highlights text as it is narrated for you. An audio dictionary is also included in Word Talk.
Applications for Education
For students that need to hear a word pronounced or need sentences read to them for clarification, Word Talk could be a handy plugin to have installed in Microsoft Word.

(Related) It can't hurt!
… Road To Grammar offers a multitude of games and quizzes to help you practice your grammar skills in a way that is fun. The quizzes are broken down by category, so you can work on exactly the part of grammar you need to practice. In all, there are 365 quizzes available, so you can do one a day for a year, and greatly improve your writing skills.

No comments: