Thursday, June 27, 2013
Will someone please swat this gnat! North Korea does this because we let them get away with it. At some point, their anoying little jabs will hit a real nerve and we'll wind up shooting at each other again.
Edward Smith reports:
Cyber-attacks were staged on Tuesday, 25 June, marking the anniversary of the start of the Korean War in 1950. The hackers compromised the websites of South Korea’s presidential office and several local newspapers.
The unidentified hackers claimed to have obtained personal data belonging to two million South Korean workers and 40,000 US military troops, including that of some 28,000 troops currently stationed in the country.
Read more on International Business Times. Other coverage on Information Age. Both outlets cite a Reuters story. I note that there is no official confirmation of the authenticity of the claim or leaked data as of the time of this posting.
Another example of failed management. It's hard for my Computer Security students to believe that this is a common failure.
Iowa DHS discloses that backup tape with PHI of former patients at Mental Health Institute and state employees is missing
Rod Boshart reports:
Iowa Department of Human Services officials issued an alert Wednesday to former patients at the Mental Health Institute in Independence and hundreds of state employees there and at other state facilities concerning a possible breach of their confidential information.
Officials say the information was stored on a backup computer tape that went missing April 30 cannot be located. A search for the tape continues at the Independence facility, DHS spokesman Roger Munns said in a news release, and officials believe it is likely that the tape was inadvertently destroyed or discarded. Access to information on the tape requires specialized and outdated equipment.
Read more on WCF Courier. This breach represents a useful example of what happens if you fail to purge old, historical data:
The historical data had not been purged from the computer system and continued to be backed up on a monthly basis, Dave said. He noted that the computer system requires the use of specialized equipment that is no longer serviced by the manufacturer, [but no one reviewed the process to see if it was impacted by the change? Bob] and that the backup system has been changed to eliminate the unnecessary retention of personally identifiable information.
So… wasn’t any of this considered or discussed when the agency conducted its risk assessment?
(Related) Another procedure that suggests management isn't in control. Shouldn't someone in the DA's office sign off on any evidence destruction?
Aurora Police Say DNA Evidence In 48 Alleged Sex Cases Destroyed In Error
… The problem came to light after a detective who found a DNA match in a 2009 case found that other evidence was gone, the police department said.
A subsequent investigation found that in 30 cases, an injured officer assigned to light duty apparently destroyed evidence in error, Oates said. In 18 other cases, after a lead detective determined evidence could be destroyed, a technician in the property and evidence unit didn’t follow department protocol and review that recommendation to see whether it was allowed under the law.
Another “You won't like what we're doing” system?
As the FBI is rushing to build a “bigger, faster and better” biometrics database, it’s also dragging its feet in releasing information related to the program’s impact on the American public. In response, the Electronic Frontier Foundation (EFF) today filed a lawsuit to compel the FBI to produce records to satisfy three outstanding Freedom of Information Act requests that EFF submitted one year ago to shine light on the program and its face-recognition components.
Read more on EFF.
Today, encrypted phone calls, tomorrow fingerprint checking at every traffic stop?
FingerQ adds fingerprint sensor to Android phones
FingerQ, a company based in Hong Kong, has made a series of Android cases that come with biometric fingerprint sensors for added security. The sensors don't replace the built-in security features of your Android phone (unlocking your smartphone still uses the passcode or pattern unlock), but adds another layer of protection for chats and applications.
The FingerQ system will be available as an accessory called the PrivacQ case and caters to phones such as the Samsung Galaxy S3, S4, and Note 2, as well as the HTC One. The fingerprint sensor is just one part of the equation, as the company's software also needs to be installed on the handset for the system to work.
The primary use of the case is through the FingerQ Chat application. The app lets you communicate with another FingerQ user securely by encrypting the messages sent. To read an encrypted message, you have to first swipe a finger that has been initially linked to your case. [Will boarder security require access to your finger? Bob] It lets you send a photo the same way.
Because the PrivacQ case is bound to a phone, you lose access to the encrypted messages and photos if the case is removed or lost. This also means if your phone gets stolen, the thief cannot simply remove the case to read your FingerQ Chat messages or photos.
Will there be lawsuits? Probably not. The average consumer would be bored and befuddled.
Pandora calls artist royalties flap an orchestrated 'lie'
Pandora struck back against critics Wednesday, calling accusations that the streaming radio service is trying to shortchange musicians "a lie."
In a blog post Wednesday, Pandora co-founder Tim Westergren accused the Recording Industry Association of America, the organization charged with defending the interests of musicians, of orchestrating and funding a "misinformation campaign" involving well-known artists.
For my Computer Security students. New devices, same old problems.
How Zombie Phones Could Create a Gigantic, Mobile Botnet
You've heard of the "botnet"—a collection of enslaved, malware-infested computers that act together to pump out spam and DDoS attacks, often unbeknownst to their owners. For the past decade, botnets have mostly been a problem for the PC world. But, according to a new report on mobile malware, it may not be long before we start seeing botnets built out of an increasingly sophisticated type of device: cell phones.
"It's only a matter of time before that's pervasive," said Karim Toubba, a vice president at Juniper Networks, the publisher of the study.
Google's Android operating system is by far the most vulnerable to outside attackers. Unlike Apple, which forces its iPhone apps through an infamously strict approval process before storing them in a single app store, Android phones are capable of downloading and installing apps from third-party websites.
… More than a third of all Android devices haven't been updated since February 2011. More than a quarter of Android devices haven't been updated since Dec. 2011.
How long before this site gets sued?
… Youzeek. It is a web app that lets you easily find and listen to popular songs of any artist from its catalog featuring over 700,000 artists and 30 million songs. To listen to a song, simply find it and click play to start streaming it. You don’t even have to register or sign in. You will have to sign in with Facebook, though, if you want to create playlists or do social sharing. It is truly free music streaming service with no limitations or interruptions.
Another nice part is that once you found the artist, it displays the most played songs by that artist instead of simply displaying the full catalog of songs. Songs are ordered by popularity based on the total number of plays a song received. Most of the songs are available in video format, usually from YouTube or Vevo.
For all my students. (Be sure to look up the “ohnosecond”)
The Computer Desktop Encyclopedia
The Computer Desktop Encyclopedia: “The Computer Language Company was founded in 1978 by husband-wife team Alan Freedman and Irma Morrison. When Freedman couldn’t find a computer dictionary that would meaningfully augment the computer literacy classes he taught to Fortune 500 companies, he set out on a quest to purchase his first computer and write this “glaringly missing” reference. The year 1980 was explosive for personal computers, and buzzwords were everywhere. The self-published 300-term, 60-page The Computer Glossary was a huge success in hundreds of seminars. Within a few years, writing the dictionary became a full-time job, and after 30 years, 300 terms grew to more than 25,000.”
Infographic. May be true, but no source cited... Support for my “students should create their own textbook” idea?
[Also available at: http://visual.ly/how-students-learn-today