Wednesday, September 11, 2013

A couple of things to consider. Anyone – military units or teenage hackers – can attack you at any time. Successful military penetrations could be compromised by amateurs tripping alarms and bringing attention to the holes exploited.
Ilan Gattegno reports:
A pro-Syrian hacking group breached Israeli and American websites and released the personal information of over 165,000 Israelis.
The biggest breach, part of an organized cyberattack on numerous websites over the past few days, was in a website that offered web hosting services. The breached site provided all information on its users, including names, phone numbers, email addresses, home addresses and passwords.
More than 40,000 of the compromised records were reviewed and verified as real by Internet security firm Maglan. Some of those whose information was released, however, told Israel Hayom that the passwords leaked were not up to date and had been changed a long time ago. [Suggests this hack was done a long time ago? Bob]
Read more on Israel Hayom.
[From the article:
Maglan's cyber intelligence systems intercepted dozens of encrypted communiques between the hackers. According to Maglan CEO Shai Blitzblau, the messages intercepted included attack details and methods, some of which he said were quite advanced. [Were they decrypted or is this speculation? Bob]

Someone changed (inserted malware into) their programs and no one noticed for six months?
Outdoor Network LLC in Hollywood, Florida is notifying customers who engaged in credit card transactions between December 2012 and July 2013 that their personal information may have been exfiltrated [Sounds better than “Stolen?” Bob] to unauthorized third parties.
In a letter dated September 11, Martin Polo, the firm’s CEO, writes that they recently learned of a breach affecting their and web sites. Malware was reportedly inserted into the sites’ shopping carts.
The malware may have collected customers’ names, addresses, credit card numbers, card expiration dates and card security codes (CVV or CVC code).
The firm hired, Inc., ”to provide certain notification and call center related services.” provides free credit reports and credit monitoring services.
The notice to consumers, a copy of which was posted on the California Attorney General’s web site, does not provide any information as to what steps ODN is taking to prevent a recurrence of a similar breach. Nor does it indicate whether they are aware of any reports that the customer data may have been misused or how they discovered the breach.
This might be a good time to remind you that you see all these nifty-looking seals on a web site and still have your data stolen:

(Related) If there are several claims that you have been breached, what can you do? I doubt “We don't think so” or “Trust us” will work. Perhaps an immediate third-party security audit?
Resorthoppa and A2B Transfers have insisted their websites are secure following complaints posted online from customers claiming to have been victims of fraud.
The customer claimed their credit cards were used to make fraudulent transactions after booking with the sister transfer companies.
Clients writing on internet forums said hundreds of pounds worth of unauthorised payments, mostly to mobile phone companies, had been made in the months after they booked a transfer.
Read more on Travel Weekly.
We’ll have to wait and see what their investigation reveals. For now, they could be right that there might be some other explanation for the reports of fraud.

For my Ethical Hackers. See what you have to look forward to...
In its 2013 Data Breach Investigations Report, Verizon said that it had analysed more than 47,000 reported security incidents last year and found 621 “confirmed data disclosures” where at least 44 million records had been “compromised”. More than half of the 621 data disclosures involved hacking, it said.
“52% of breaches affecting all organisations involved hacking,” the report said. “That figure changes to 72% of small organizations and 40% of large organisations.”
Read more on You can access the full DBIR here (pdf).

Business models for my head-bobbing students.
Locker, Library, Stream: The 5 Big Digital Music Models of 2013
Apple’s long-awaited streaming music service was announced today. Called iTunes Radio, it’s a familiar model: Choose an artist, album or genre and it plays an unending stream of related music. You can tell it that you like one song in particular or that you never want to hear a certain song again. It promises exclusive access to new releases, and it’ll be available on desktops, iPhones and iPads.
It is, in short, Pandora for iTunes.
… So, on the occasion of Apple’s iTunes Radio, it’s worth taking a moment to taxonomize the models which have sprouted up around digital tunes:
The Store Now, the classic model for online music distribution. You search for the song on iTunes or Amazon; you hit the “buy” button; and some amount of money near $1.00 is transferred from your bank account to Apple’s coffers. In return, you get an MP3 of the song forever -- and, since 2009, that song has come without any restrictions on its use.
The Locker For some yearly fee, Apple (or, again, Amazon) will store all the music you own on its servers. It is one of the more recent entrants to the field and relatively simple to understand: All the music you have already purchased, just online.
The Stream The prototypical example here is Pandora. You tell a company a song or artist or genre you like, and its algorithm selects music you also might like. Notice the severe restrictions on use (you can’t make a movie and use Pandora music as your soundtrack!) and the lack of choice (the service limits you from playing too many songs from the same artist or album!). Often, these services are ad-supported, although, last month, Rdio tacked this feature onto its subscription service.
The Library A service maintains a large library of recorded music on its servers, and you can listen to whatever you want from that library however much you want. (If you want fifteen straight hours of Genesis, you can play fifteen straight hours of Genesis!) The two big Library companies are Spotify, which is owned by Facebook and which allows free users to listen to music intermixed with ads; and Rdio, which has no ads but is only available to paid subscribers. Though it gives the user more choice, The Library shares many economics with The Stream: there are restrictions on what you do with the music (you still can’t set it to a montage!), and its payments for the musicians tend to be pretty paltry.
The YouTube The website, owned by Google and ostensibly for sharing video, is without peer in the world of music services. According to a 2012 Nielsen study, “nearly two-thirds” of American teenagers listen to music on the site, “more than any other any other medium.” And it’s not hard to see why: With its ubiquity, large library, recommendation engine, and cost (free!), it combines some of the most attractive aspects of The Library, The Stream, and The Locker. And, thanks to pre-roll and display ads, listening to music on the service also supports musicians and record labels, though at Library-like levels.

For my Data Mining and Data Analysis students. Looks like more jobs for everyone! Free download with registration ($46 printed and delivered)
Frontiers in Massive Data Analysis
“Data mining of massive data sets is transforming the way we think about crisis response, marketing, entertainment, cybersecurity and national intelligence. Collections of documents, images, videos, and networks are being thought of not merely as bit strings to be stored, indexed, and retrieved, but as potential sources of discovery and knowledge, requiring sophisticated analysis techniques that go far beyond classical indexing and keyword counting, aiming to find relational and semantic interpretations of the phenomena underlying the data. Frontiers in Massive Data Analysis examines the frontier of analyzing massive amounts of data, whether in a static database or streaming through a system. Data at that scale–terabytes and petabytes–is increasingly common in science (e.g., particle physics, remote sensing, genomics), Internet commerce, business analytics, national security, communications, and elsewhere. The tools that work to infer knowledge from data at smaller scales do not necessarily work, or work well, at such massive scale. New tools, skills, and approaches are necessary, and this report identifies many of them, plus promising research directions to explore. Frontiers in Massive Data Analysis discusses pitfalls in trying to infer knowledge from massive data, and it characterizes seven major classes of computation that are common in the analysis of massive data. Overall, this report illustrates the cross-disciplinary knowledge–from computer science, statistics, machine learning, and application disciplines–that must be brought to bear to make useful inferences from massive data.”

For my Ethical Hackers' toolkit
3 Ways To Remove EXIF MetaData From Photos (And Why You Might Want To)

For all my students: Learn how I fry the smartphones that are watching TV in my classrooms.
How I Watch TV On My Smartphone
The tide is turning against the traditional TV model of schedules and weekly serials. You can now easily watch television on your smartphone thanks to a handful of apps and a data connection – this is how I do it.

(Related) I will also cause your drone to fly out the window!
8 Cool Smartphone-Controlled Toys You Secretly Desire!

Good on them!
Microsoft offers free versions of Office 365 to nonprofits
… Microsoft announced Tuesday that it will be giving nonprofits Office 365 licenses to use in their workplace -- free of charge. Any organization that qualifies can get the cloud-based service, which comes with Office applications, e-mail, calendar, HD video conferencing, and more.
… If organizations want to upgrade from the cloud-only version of the service to desktop versions, they will be charged a reduced monthly rate of $4.50 per organization from the usual $20.

No comments: