Friday, January 31, 2014

For my Ethical Hackers. “How to Attack, Method 704”
Hackers Hit Yahoo Mail With Mass Account Checker Attack
Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts,” Jay Rossiter, SVP, Platforms and Personalization Products at Yahoo, wrote in a blog post Thursday. “
According to Rossiter, the list of usernames and passwords that was used to execute the attack was likely obtained from hacking another site and stealing the list of login credentials.
… “Hackers will use brute force attacks to test stolen usernames and passwords from one source to gain access to another say, bank accounts, Facebook pages, Gmail, you name it,” Juniper Networks’ Michael Callahan wrote in a recent SecurityWeek column.

For my student veterans.
They served their country but now the card that’s supposed to help veterans may be putting them at risk for identity theft and it’s a problem the Department of Veteran Affairs has known about for at least two years.
When the VA first issued new medical cards in 2004, they claimed the cards protected the vet’s identity. Fast-forward ten years and we found out, that’s not necessarily the case anymore.
WINK News Call for Action found that a crook only needs a smart phone and a free barcode scanner app, and then any vet with one of these so-called protective cards is vulnerable.
It took us all of ten seconds to get veteran Jim Murphy’s social security number.
Read more on WINK News, where they posted a detailed response from the VA on its plans to address the vulnerability with a rollout of new cards using a different system that does not embed Social Security numbers.
[From the article:
In December of 2011 the VA published a report and at the top the VA claimed the I.D. cards protected the veteran's identity because it doesn't publish the social security number. Buried at the bottom of the page, you'll find a warning which admits the bar code can easily be scanned, revealing private information.
Since we discovered that the VA has known about this issue for more than two years, we wanted to know when it would be fixed.
A spokesperson with the VA sent us this statement:
… At time of receiving the card, Veterans have always been advised to safeguard it as they would a Social Security card or a credit card, to protect their identity information.
VA has begun to move to the next generation of identification. The new card, the Veteran Health Identification Card (VHIC), provides a more secure means of identification for Veterans because the Social Security number and birth date will no longer be contained on either the magnetic strip or the bar code.
… Once necessary software changes have been made so applications used in VA health care facilities can read the VHIC bar code and magnetic stripe, VA will begin issuing the VHIC this year and replacing enrolled Veterans' old cards.

Verrrrry interesting. I wonder what the judge is suggesting?
Spencer Ackerman reports:
A representative of a criminal defendant has for the first time been granted permission to view evidence gathered against him under the Foreign Intelligence Surveillance Act, one of the wellsprings of authority for terrorism surveillance.
Judge Sharon Coleman, a federal district judge in Illinois, issued an order on Wednesday permitting a lawyer for Adel Daoud, who is accused of attempting to detonate a car bomb near a Chicago bar, to learn the origins of the information the FBI or other US authorities collected about him under an order from a secret court that permits surveillance on terrorists or “agents of a foreign power”.
Read more on The Guardian.
[From the article:
“While this court is mindful of the fact that no court has ever allowed the disclosure of Fisa materials to the defense, in this case, the court finds that the disclosure may be necessary,” Coleman wrote, in an order first reported by New York Times journalist Charlie Savage on Twitter.
“This finding is not made lightly, and follows a thorough and careful review of the Fisa application and related materials. The court finds however that an accurate determination of the legality of the surveillance is best made in this case as part of an adversarial proceeding.”

(Related) Another legal challenge.
The consensus is clear that spying on innocent Americans section 215 of the Patriot Act is flatly illegal. The Center for Democracy and Technology said it, Christopher Sprigman and I said it, Laura Donohue said it, Judge Richard Leon said it, the Privacy and Civil Liberties Oversight Board (PCLOB) said it, Sprigman and I said it again.
So far, less attention has been paid to the legality—and wisdom—of mass surveillance under section 702 of the FISA Amendments Act (FAA), codified at 50 USC 1881a. Section 702 is the statutory authority for the PRISM program, which involves warrantless collection of communications contents via targeting non-U.S. individuals or entities reasonably believed to be located abroad.
… Meanwhile, a report from the New America Foundation recently took a serious look at the efficacy of 702 in counterterrorism. Researchers concluded that section 702 is less valuable than people may have assumed, finding that section 702 collection played a role in only 4.4 percent of examined terrorism cases.

(Related) Everything is illegal and evil until something happens and we say, “How could you have failed to prevent this?”
… a leading lawyer in the UK has submitted legal advice to a parliamentary group concluding that mass surveillance programs conducted by the British intelligence agency, the GCHQ, are likely illegal (see The Guardian’s report here). The All Party Parliamentary (APPG) on Drones, an informal parliamentary group with members drawn from all parties, asked Jemima Stratford QC to provide expert evidence on the legality of the alleged GCHQ surveillance.

So, how does all that “NSA/GCHQ/CSEC is evil” stuff impact the average citizen? Not at all, apparently.
TRUSTe 2014 US Consumer Confidence Privacy Report
by Sabrina I. Pacifici on January 30, 2014
“Privacy concerns are growing with 74% more concerned about their online privacy than a year ago. Despite the constant media coverage of government surveillance programs such as NSA’s PRISM, this is not the main driver of online privacy concerns. People are far more concerned about businesses sharing personal information with other companies and tracking their online behavior to show targeted ads and content than anything the government is doing. The report reveals:
  • Consumer online privacy concerns remain extremely high with 92% of US internet users worrying about their privacy online compared with 89% in January 2013.
  • Consumers are far more concerned about about companies tracking their activities (58%) than the government (38%).
  • Consumer trust is falling. 54% of consumers (down from 57% in 2013) say they do not trust businesses with their personal information online.
  • Online privacy concerns mean consumers are less likely to click on ads (83%), download apps (80%), enable location tracking (74%)
See also the accompanying Infographic

Interesting that head of the NSA has been downgraded from 4 stars to 3 stars. This must be deliberate, but I don't see a good reason for it.
Vice Admiral Michael Rogers Named New NSA Chief
President Barack Obama has nominated a US Navy officer, Vice Admiral Michael Rogers, to take over as head of the embattled National Security Agency.
If confirmed by lawmakers, Rogers would also take over as head of the military's cyber warfare command.

Are we truly coming to the conclusion that we need to plan for cyber-security?
Report – Risk and Responsibility in a Hyperconnected World
by Sabrina I. Pacifici on January 30, 2014
“Many leaders in business, civil society and government realize that for the world’s economy to fully derive the value inherent in technological innovation, a robust, coordinated system of global cyber resilience is essential to effectively mitigate the risk of cyberattacks. This view is beginning to permeate discussions among senior leaders in the private and public sectors, and across different industries, as concerns related to cyber resilience shift from awareness to action. The critical questions today are: what needs to be done, and how can it be achieved? Risk and Responsibility in a Hyperconnected World, a joint effort between the World Economic Forum and McKinsey & Company, assesses the necessary action areas, and examines the impact of cyberattacks and response readiness. The report sets these against three alternative scenarios in which economic value from technological innovations is realized or lost depending on models of cyber resilience. It draws on knowledge and opinions derived from a series of interviews, workshops and dialogues with global executives and thought leaders to estimate the potential value to be created through 2020 by technological innovations. It examines the value that could be put at risk if the adoption of such innovations is delayed because more frequent, intense cyberattacks are not met with more robust cyber resilience. Finally, the report draws conclusions from the analysis and research, and offers a 14-point roadmap for collaboration.”

“We don't need no stinking parents!” This kind of thinking leads to multi-generational debtors prisons.
Reports: Lunches seized from Utah schoolkids because of unpaid bills
Dozens of children at a Utah school had their lunches seized and thrown away because they did not have enough money in their accounts, prompting an angry response from parents, it was reported.
… Isom's mom Erica Lukes called the move “traumatic and humiliating” and told the Salt Lake Tribune she was all paid up.
"I think it’s despicable," she said. "These are young children that shouldn’t be punished or humiliated for something the parents obviously need to clear up."
Salt Lake City District Spokesperson Jason Olsen told the Tribune that parents had been notified about negative balances on Monday and a child nutrition manager had decided to withhold lunches to deal with the issue. They were thrown away because once food is served to one student it can’t be served to another, he explained.

Act like a brat, get deported? Works for me!
White House Must Address Petition to Deport Justin Bieber
After topping more than 100,000 signatures on "We the People," the White House is now obligated to respond to a petition to "Deport Justin Bieber and revoke his green card."
As of this afternoon, the petition had 104,700 signatures and climbing.

Perspective. A huge and error prone infographic. (To start with, Google should always be written “go ogle”)
Exactly How Big IS Google?

The Canadian Prime Minister (what's his name) on Justin Beiber...

No comments: