Thursday, November 21, 2013
Mid-sized breach, but would they use the same password on other systems?
Brian Krebs reports:
An intrusion at online dating service Cupid Media earlier this year exposed more than 42 million consumer records, including names, email addresses, unencrypted passwords and birthdays, according to information obtained by KrebsOnSecurity.
The data stolen from Southport, Australia-based niche dating service Cupid Media was found on the same server where hackers had amassed tens of millions of records stolen from Adobe,PR Newswire and the National White Collar Crime Center (NW3C), among others.
The purloined database contains more than 42 million entries in the format shown in the redacted image below. I reached out to Cupid Media on Nov. 8. Six days later, I heard back from Andrew Bolton, the company’s managing director. Bolton said the information appears to be related to a breach that occurred in January 2013.
Read more on KrebsonSecurity.com. This apparently wasn’t news to Cupid Media, who claim to have notified affected consumers at the time of discovery in January. It’s hard to believe that such a big breach flew under all the media radar – including this site. I wonder how many consumers they actually notified at the time and wonder why nothing about the breach came to the attention of those of us who generally try to keep on top of hacks and breach reports.
I'll have have my Ethical Hackers find some articles on “The strategic uses of Cyber War weapons.” Specifically, what causes you to “force” your target to realize they are under attack? Politics?
Three years after it was discovered, Stuxnet, the first publicly disclosed cyberweapon, continues to baffle military strategists, computer security experts, political decision-makers, and the general public. A comfortable narrative has formed around the weapon: how it attacked the Iranian nuclear facility at Natanz, how it was designed to be undiscoverable, how it escaped from Natanz against its creators' wishes. Major elements of that story are either incorrect or incomplete.
That's because Stuxnet is not really one weapon, but two. The vast majority of the attention has been paid to Stuxnet's smaller and simpler attack routine -- the one that changes the speeds of the rotors in a centrifuge, which is used to enrich uranium. But the second and "forgotten" routine is about an order of magnitude more complex and stealthy. It qualifies as a nightmare for those who understand industrial control system security. And strangely, this more sophisticated attack came first. The simpler, more familiar routine followed only years later -- and was discovered in comparatively short order.
Imagine free hardware (e.g. a 65 inch TV) that comes with surveillance tools.
Earlier this month I discovered that my new LG Smart TV was displaying ads on the Smart landing screen.
After some investigation, I found a rather creepy corporate video advertising their data collection practices to potential advertisers. It’s quite long but a sample of their claims are as follows:
LG Smart Ad analyses users favourite programs, online behaviour, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women.
Furthermore, LG Smart Ad offers useful and various advertising performance reports. That live broadcasting ads cannot. To accurately identify actual advertising effectiveness.
Read more on DoctorBeet.
LG is investigating.
For my Ethical Hackers
– gives you the ability to create a message that automatically self-destructs after reading. You can share by email, SMS, or get a link to send to someone by other means. You can never be too careful these days with online security, so instead of an email which can last forever on someone’s server, consider using this service instead
For my Statistics students: Sometimes you feel like a nut, sometimes you die. Calculate the probability of each option.
Association of Nut Consumption with Total and Cause-Specific Mortality
by Sabrina I. Pacifici on November 20, 2013
Association of Nut Consumption with Total and Cause-Specific Mortality. Ying Bao, M.D., Sc.D., Jiali Han, Ph.D., Frank B. Hu, M.D., Ph.D., Edward L. Giovannucci, M.D., Sc.D., Meir J. Stampfer, M.D., Dr.P.H., Walter C. Willett, M.D., Dr.P.H., and Charles S. Fuchs, M.D., M.P.H. N Engl J Med 2013; 369:2001-2011 November 21, 2013 DOI: 10.1056/NEJMoa1307352
“In two large prospective U.S. cohorts, we found a significant, dose-dependent inverse association between nut consumption and total mortality, after adjusting for potential confounders. As compared with participants who did not eat nuts, those who consumed nuts seven or more times per week had a 20% lower death rate. Inverse associations were observed for most major causes of death, including heart disease, cancer, and respiratory diseases. Results were similar for peanuts and tree nuts, and the inverse association persisted across all subgroups… our data are consistent with a wealth of existing observational and clinical-trial data in supporting the health benefits of nut consumption for many chronic diseases.
Moreover, recent findings from the PREDIMED trial have shown a protective effect of a Mediterranean diet against cardiovascular disease, and one component of the diet was the availability of an average of 30 g of nuts per day. In conclusion, our analysis of samples from these two prospective cohort studies showed significant inverse associations of nut consumption with total and cause-specific mortality. Nonetheless, epidemiologic observations establish associations, not causality, and not all findings from observational studies have been confirmed in controlled, randomized clinical trials.”
Exactly the kind of thing you find at a “Technical” University.
Presentation.io - Use Your Phone to Control Presentations and Share With Your Audience
Presentation.io is a service that helps your audience follow along with your presentations. Presentation.io does this by allowing the members of your audience to see your slides on their laptops, iPads, and Android tablets and watch them change when you advance your slides. This ensures that everyone is on the same slide at the same time. This week Presentation.io added a new option that allows you to use your cell phone as a remote to control your slides.
To start using Presentation.io upload a PPT or PDF to your free Presentation.io account. Presentation.io then gives you a URL to distribute to your audience. When the members of your audience open that URL they will be able to see and follow along with your presentation. When you're done with your presentation just click "stop presenting" and the synchronization stops. To use your phone as a remote just start your presentation and Presentation.io will send you a text with a link to make your phone a remote. Simply upload your presentation, click "Settings" and then "Use mobile phone as controller."
The free version of Presentation.io keeps your presentation on file for four hours before it expires. This is adequate for most classroom presentation situations.