Wednesday, December 12, 2012

Doesn't anyone read these cautionary tales?
By Dissent, December 12, 2012 7:56 am
Danny Garcia reports on some good news for Miami Family Medical Centre in Australia. As I previously noted, their patient records had been encrypted by an overseas hacker who was demanding ransom to give them the encryption key:
Garcia reports that Essential IT Services, a Gold Coast based reseller, was able to get them back into their data.
One of the take-home messages from this incident was that you should not leave your backups on the same server and connected to the Internet. The medical center had backups, but they, too, had been locked.
“The backup system in place was pretty good but the recovery of the data and getting them up and running has been a bit of a job”, said Jason Fillmore, who is the managing director at the reseller firm.
Fillmore said hackers have not left a single stone unturned to make the case complicated. But, it was great to know that their client has recorded their backups on DAT as well. [I suspect this means Digital Audio Tape, but that makes me wonder why it wasn't mentioned in earlier articles. (Perhaps management didn't know?) Bob] Work is going to repair the system, said Fillmore, who affirmed that the centre system will be fully operational by next week. It means that the centre will be back after one week, which is after two weeks of attack.

Are we fighting “virtual crime syndicates?” A multi-jurisdiction investigation must take some serious coordination, or do we wait until the arreats to tell other countries?
Facebook helps FBI take down $850M botnet crime ring
Facebook helped the FBI take down an international crime ring that used a botnet to infect 11 million computers and steal more than $850 million, one of the largest cybercrime hauls in history.
… The FBI said the arrests occurred in Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru, the United Kingdom, and the United States.
… The FBI did not elaborate on how it arrived at its $850 million theft figure, but that haul easily dwarfs the Eurograbber, which was revealed last week to have stolen about $47 million from European banking customers in the past year. The Yahos spoils also surpass the take by the Zeus botnet crime ring, which infected an estimated 13 million computers with malware to steal more than $100 million.

“This way to the egress!” (The victory of curiosity over common sense?)
"QR codes are very handy for directing users to specific sites by simply scanning them with their smartphones. But the ease with which this technology works has also made it a favorite of malware peddlers and online crooks, who have taken to including QR codes that lead to malicious sites in spam emails. They have also begun using the same tactic in the physical world, by printing out the malicious QR codes on stickers and affixing them on prominent places in locations where there is a lot of foot traffic. According to Symantec Hosted Services director Warren Sealey, these locations include airports and city centers, where the crooks stick them over genuine QR codes included in advertisements and notices, and most likely anywhere a person might look and be tempted to scan them."

For my Ethical Hackers...
"Darren Nix works for 42Floors, a business that uses its website to help people find office space. He recently received a marketing email for a service that offered to identify visitors to his website. After squeezing some information out of the marketer and playing around with a demo account, he now explains exactly how sketchy companies track your presence across multiple websites. The marketer offered to provide Nix with 'tracking code that would sit in your web site' which would 'grab a few key pieces of data from each visitor.' This includes IP addresses and search engine data. The marketer's company would then automatically analyze the data to try to identify the user and send back whatever personal information they've collected on that user from different websites. Thus, it's entirely possible for a site to know your name, email address, and company on your very first visit, and without any interaction on your part. Nix writes, 'A real-world analogue would be this scenario: You drive to Home Depot and walk in. Closed-circuit cameras match your face against a database of every shopper that has used a credit card at Walmart or Target and identifies you by name, address, and phone. If you happen to walk out the front door without buying anything your phone buzzes with a text message from Home Depot offering you a 10% discount good for the next hour. Farfetched? I don't think so. ... All the necessary pieces already exist, they just haven't been combined yet.'"

What should we adopt, what should we be wary of?
December 11, 2012
Privacy International - A New Dawn: Privacy in Asia
"Privacy has truly become an issue of global resonance. A quick glance at policy agendas in countries around the world shows that privacy and surveillance issues are increasingly important. The challenge, however, is improving the ability of governments and policy stakeholders to engage in a policy debate that is informed about the dangers of surveillance and the importance of protecting privacy. This is the primary objective of our Privacy in the Developing World programme. In this report, A New Dawn: Privacy in Asia, we summarise our partner’s research into privacy in developing countries across Asia. The experiences of privacy in these countries are illustrative of the many opportunities for and challenges to the advancement of privacy, not only the developing world but across the world. Click here for individual country reports for India, Pakistan, Bangladesh, Indonesia, Nepal, Malaysia, Thailand, Hong Kong, China and the Philippines."

Always was a fan of Science Fiction. Fortunately, I speak enough Japanese to order beer...
"Yesterday the National Intelligence Council (NIC), which is made up of 17 U.S. government intelligence agencies, released the 140-page report Global Trends 2030 Alternate Worlds. In all four of the alternative visions of the future, U.S. influence declines and it may be regarded more as a 'first among equals.' By 2030, the West will be in decline and Asia will wield more overall global power than the U.S. and Europe combined. 'China alone will probably have the largest economy, surpassing that of the United States a few years before 2030,' the report states. 'Megatrends' include an overall reduction of poverty and the 'growth of a global middle class.' NIC also sees a potential world of scarcities as the demand for food and water increase as the world's population swells from 7.1 billion to 8.3 billion people. Advances in health technologies will help people live longer, but 60% of the world's population is expected to live in an urban environment. The report also addresses technological augmentation: 'Successful prosthetics probably will be directly integrated with the user’s body. Brain-machine interfaces could provide “superhuman” abilities,enhancing strength and speed, as well as providing functions not previously available.'"

Another “Asian power” rising? “Oh look, the maniac has a gun and has shown us he can use it.”
virtualXTC writes with news that North Korea, in defiance of international pressure to halt development and testing of long-range weaponry, launched a multi-stage rocket which successfully followed its intended trajectory. The North Korean government claims a weather satellite was placed into orbit. [They also claimed that the Onion article naming Kim Jong Un the sexest man alive was fact. Bob]
"South Korea has confirmed the launch time, and Japan has confirmed that the rocket went over Okinawa. Two stages of the rocket have successfully avoided other countries and fallen into the sea. While it is still unconfirmed as to whether or not North Korea actually put a satellite into orbit, it seems clean that sanctions have failed to curb North Korea's quest for more powerful weaponry."

Stupid law. “There is a 0.0000001 chance that you will use this to pirate copyrighted material, so you should pay us the same fee we collect on a sale.” Perhaps I should calculate the odds of me winning a lawsuit against the RIAA and asking them to pay me the full amount now...
"Depending on where you are in the world, blank media may have a secondary tax applied to it. It seems ludicrous that such a tax even be considered, let alone be imposed, and yet an Austrian rights group called IG Autoren isn't happy with such a tax covering just physical media; it wants cloud storage included, too. At the moment, consumers in Austria only pay this tax on blank CDs and DVDs. IG Autoren wants to expand that to include the same range of media as Germany, but also feels that services like Dropbox, SkyDrive, Google Drive etc. all fall under the blank media banner because they offer storage, and therefore should carry the tax — a tax consumers would have to pay on top of the existing price of each service."

(Related) Useless law. Note that this doesn't actually provide any protection from lawsuits, at least in Canada.
"Ars Technica reports that Voltage Pictures, the studio behind the infamous Hurt Locker debacle, has requested subscriber information for thousands of TekSavvy customers in relation to alleged copyright infringements. In their official blog, TekSavvy clarifies the situation and provides further reassurance that they will not release any private customer information without a court order. They have also posted the legal documents containing both the official notice and list of films that are the subjects of the alleged infringements. However, several questions remain to be answered: will Canadian courts be amicable to these tactics after changes to copyright law were made specifically to prevent the predatory legal entanglement of Canadian citizens? Will the studio actually attempt to pursue the situation beyond the proliferation of threatening extortion letters? How would the already-clogged courts react to what amounts to denial-of-service attack on the judicial system?"

It's annoying, but it's not yelling “Fire!” In a crowded theater. If they loose, will I be able to use the ruling to block those annoying political ads?
"ccAdvertising, a company purported to have 'a long, long, long history of pumping spam out of every telecommunications orifice, and even boasting of voter suppression' has asked the FCC to declare spam filters illegal. Citing Free Speech rights, the company claims wireless carriers should be prohibited from employing spam filters that might block ccAdvertising's political spam. Without stating it explicitly, the filing implies that network neutrality must apply to spam, so the FCC must therefore prohibit spam filters (unless political spam is whitelisted). In an earlier filing, the company suggests it is proper that recipients 'bear some cost' of unsolicited political speech sent to their cell phones. The public can file comments with the FCC on ccAdvertising's filing online."

Perspective Any bets on how many providers will use this in their advertising?
"Netflix will start releasing monthly ISP speed reports for the U.S. Google Fiber ranks at the top. They say, 'Broadly, cable shows better than DSL. AT&T U-verse, which is a hybrid fiber-DSL service, shows quite poorly compared to Verizon Fios, which is pure fiber. Charter moved down two positions since October. Verizon mobile has 40% higher performance than AT&T mobile.' Hopefully this will give consumers a better overall picture on how their ISP performs compared to others."

December 11, 2012
Pew - The Demographics of Mobile News
The Demographics of Mobile News Habits Men, College Grads and the Young are more Engaged, December 11, 2012: - Younger Americans demonstrate much stronger news habits in the mobile realm than on other news platforms, according to a new study by PEJ in collaboration with The Economist Group. Another finding, with potentially significant implications for the news industry, reveals that younger users are more responsive than other age groups to advertisements in the mobile news space... Overall, news consumption ranks high on mobile devices. Over a third report getting news daily on the tablet and the smartphone, putting it on par with other activities such as email and playing games on tablets and behind only email on smartphones. The popularity of news remains strong across all demographic groups studied, but is especially prevalent among men and the college educated. On the smartphone, differences also emerge in age and income."

Dilbert provides counterpoint for my Statistics students.

No comments: