Saturday, February 08, 2014
Strange. It “does not” remote monitor, except it does for Target.
Target HVAC Contractor Says It Was Breached By Hackers
… Ross Fazio, President and Owner of Fazio Mechanical Services, said in a statement that it does maintain a data connection with Target that was used exclusively for electronic billing, contract submission and project management.
… Fazio said his firm does not perform remote monitoring of or control of heating, cooling and refrigeration systems for Target. He also said that Target is the only customer that it provides such management for on a remote basis, and that no other customers have been affected by the breach.
… "The recent discovery that the credentials stolen in the Target breach were from an HVAC contractor shows how much we live in a connected world and how insider threats are the hardest to detect since outside attackers look just like employees when they are on the network,” Eric Chiu, president & co-founder of HyTrust, told SecurityWeek. “In this new 'Internet-of-Things' world, heating are connected to the same corporate networks that run other systems such as point-of-sale applications and customer databases. [They do not need to be. Only lazy or ignorant IT would do it that way. Bob]
… “One thing that isn't known about this attack: were the same credentials for the HVAC system used on other devices in the network? If so, that is what I would call a rookie mistake," Melancon said.
… Qualys researchers Billy Rios and Terry McCorkle say they have found 55,000 HVAC systems connected to the Internet, most with basic security vulnerabilities that put them at risk and provide links to numerous other unwitting corporate networks.
Target previously said that it has taken extra precautions such as limiting or updating access to some of its platforms while the investigation continues. [Again illustrating how easy it is to apply the “fix” that would have prevented the breach, once it is pointed out by the bad guys. It's anticipating how attacks might come at you that is hard. Learn from the mistakes of others! That's what Best Practices are for! Bob]
You need to know where and how you can attack, with what weapons, and what the probably effect will be. You do not need to know how to write the code. Think of it as “Point and click warfare.”
Raytheon Gets $9.8 Million Under DARPA's 'Plan X' Cyberwarfare Program
Defense contractor Raytheon announced this week that it has been awarded a $9.8 million contract by the Defense Advanced Research Projects Agency (DARPA) as part of its 'Plan X' program.
Plan X is a five-year $110 million foundational cyberwarfare program to develop platforms for the Department of Defense (DoD) to plan for, conduct and assess cyberwarfare in a manner similar to kinetic warfare. As a DARPA research program, Plan X has a goal of creating an advanced map that details the billions of devices connected to the Internet so that military commanders can identify, and if necessary, disable targets.
… Raytheon also announced on Dec. 16 that its BBN Technologies subsidiary is working on a program under Plan X designed to help U.S. government agencies “plan, execute and assess cyber network operations”.
… "Plan X is an entirely new approach for planning and executing cyber operations," Dr. Jack Marin, vice president for cyber security at Raytheon BBN said in December. "It is a comprehensive program designed to provide easy-to-use cyber operations planning tools to users who may not have a deep background in cyber."
Perspective And one of those little statistical oddities that catch my attention.
Along with a bunch of other, more headline-grabbing numbers, the Bureau of Labor Statistics reported this morning that 14.4 million Americans were self-employed in January. Of those, 9.2 million were unincorporated self-employed workers and another 5.2 million were incorporated.
That’s interesting, given that back in January 2000 (which is as far as the BLS tally of the incorporated self-employed goes), the number of self-employed was … 14.4 million. Since then there have been some modest ups and downs, but overall no change.
A very amusing (to me at least) summary of “education related stuff”
… A proposal by Tennessee Governor Bill Haslam would make two years of community college and technical school in the state tuition-free. [I like it! Bob]
… Meanwhile in Kansas, the legislature was looking to block Google Fiber and stop cities from investing in broadband. ’Til the Internet caught wind of the plan, that is. [Good to see that someone is watching the idiots in the legislature. Bob]
… And speaking of the dismal state of science education: A fifth of Americans do not think (or aren’t sure) that the Earth revolves around the Sun.
… The NMC Horizon Report for Higher Education is out. On the horizon: learning analytics and the flipped classroom.