Saturday, June 14, 2014
If this had been done in the US we might have the security tipping point I've been dreaming of... Then again, probably not. (Pay up, or we'll automagically submit 10,000 bogus pizza orders an hour. There's an App for that!)
Jan Willem Aldershoff reports:
Hackers have reportedly stolen data of more than 600,000 Domino’s Pizza customers. A group of hackers demand € 30,000 before next Monday or they will make captured data public. The hacker group goes by the name Rex Mundi and claims to have hacked the websites of Domino’s Pizza in France and Belgium. They’ve announced their hack in a Tweet and disclosed further details in an anonymous text file.
Read more on Myce.
The hack was announced this morning on Twitter:
We hacked the websites of @dominos_pizzafr & Domino’s Belgium, and downloaded 600,000+ customer records. More info: dpaste.de/bXb9
— Rex Mundi (@RexMundi_Anon) June 13, 2014
By now, the dpaste.de file has been removed, but Aldershoff reports:
In the statement they write, “We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That’s over six hundred thousand records, which include the customers’ full names, addresses, phone numbers, email addresses, passwords and delivery instructions. (Oh, and their favorite pizza topping as well, because why not).”
The group demands €30,000 to not disclose the information and to reinforce the threat they already posted samples of the stolen data. According to the hackers they’ve contacted Domino’s Pizza but the company has not responded to their demands so far. A Belgian newspaper reports the company has contacted all affected customers and argues no credit card information has been compromised.
A mandatory action in modern war.
Iraq Blocks Social Media Amid Militant Drive: Technicians
Iraq's communications ministry has ordered Internet and mobile companies to block social media websites and applications as militants drive towards Baghdad, technicians from two major service providers said Friday.
The technicians said video-sharing site YouTube, social network site Facebook, micro-blogging site Twitter and communications applications WhatsApp and Viber were all affected.
Always fun to see how things have been interpreted.
Citing “Intense Public Interest and Concern” Over Mass Surveillance, Judge Orders DOJ to Turn Over Secret Legal Opinions for Court to Review
Dave Maass writes:
A federal judge today ordered the Department of Justice to hand over key opinions by the Foreign Intelligence Surveillance Court (also known as the “FISA court”) so the judge can directly review whether information about mass surveillance was improperly withheld from the public.
The order is another victory in EFF’s Freedom of Information Act lawsuit against the DOJ, which sought to reveal how the government uses Section 215 of the Patriot Act to secretly gather communications records from millions of American citizens. The suit has already forced the government to releasethousands of pages of FISA court opinions, internal executive branch reports, congressional briefings, and other documents concerning Section 215. Documents released as part of the suit have shown the NSA repeatedly misled the FISA court concerning the operation of the bulk call records program, nearly leading the court to terminate the program altogether.
EFF Staff Attorney Mark Rumold argued for further disclosure of records during a June 3 hearing in Oakland. The resulting order, issued today, applies to 66 pages of five still-secret FISA court opinions. While Judge Yvonne Gonzales-Rogers may ultimately decide the documents cannot be released, her order reveals an appreciation of the civil liberties concerns as well as skepticism of the government’s blanket refusal to release any portion of the opinions.
Read more on EFF, and congratulations to Mark Rumold for this great WIN!
Is Google preparing a Doctor App? (Is it harder than self-driving cars?) Once upon a time, long, long ago, only you and your Doctor knew what was happening in your body. Now you have become just another Thing plugged into the Internet of Things. Now everyone everywhere can know everything. (I suppose there are a few crazy people out there who will want to post recordings of their colonoscopy on YouTube for our enjoyment. Please don't.)
Google developing health data service -report
Google Inc is developing a service that will combine information from health apps and personal fitness devices, in another competitive move against Apple Inc and Samsung Electronics Co, Forbes reported.
The new service, to be called Google Fit, will make its debut at the Internet company's developer conference later this month, Forbes said on Thursday, citing anonymous sources.
… Health data could become the next big battleground among tech companies as a new generation of wearable electronic gadgets allow users to measure heart rates, sleep patterns and exercise activities.
Last week Apple announced "Healthkit," which will pull together data such as blood pressure and weight now collected by a growing number of healthcare apps on the iPhone or iPad. In May, Samsung launched a health platform for third-party app developers.
(Related) Does this suggest what Google will do with your health data?
Startup puts your health records onto Google Glass
Drchrono, a Moutain View, California startup has developed an application that let's a doctor register with them and use their Google Glass to record a consultation or surgery with a patient's permission. Videos, photos, and notes are all stored in an electronic medical record (EMR) and stored in the cloud to share with the patient upon request.
Could Apple’s HealthKit initiative come under FDA scrutiny?
Last December Apple met with the FDA to get some clarification about what types of health apps and devices would or would not fall under FDA rules and regulations. It’s an interesting question that a lot of device makers are going to have to consider as more and more health-oriented wearables come to market.
(Related) As long as we're talking about Health Records...
Under Section 13402(i) of HITECH, HHS is required to submit to Congress an annual report containing the number and nature of breaches reported, and the actions taken in response to those breaches. Section 13424(2) of the HITECH Act requires the Secretary to make each report available to the public on the HHS website.
HHS had issued one report for 2009-2010, and has now issued its report for the period January 1, 2011 – December 31, 2012:
I haven’t had time to really read through this yet, but at first glance, it appears that while theft continues to be the single largest category of breaches (with hacking being a second prominent category), loss accounted for the largest percentage of individuals affected in 2011 breaches. Additionally, while breach reports from business associates accounted for approximately one fourth of breach reports in 2011 and 2012, they accounted for 64% and 42% of individuals affected in those years.
I’ll likely have more to say once I’ve had time to really go through the report carefully.
For my Computer Forensics students.
Find the Person Behind an Email Address
You have received an email from a person with whom you have never interacted earlier and thus, before you take the conversation forward, you would like to do a bit of research for that person on the Internet. How do you do this without directly asking the other person?
For my students with the appropriate toys.
Read Or Listen: Amazon Integrates Audible In The Kindle Reader Apps
… With a tap you can now seamlessly go from reading to listening without losing your place in the book. The Audible audiobook service has been integrated in the Kindle apps for iOS and Android by piggybacking on the Whispersync for Voice feature.
The Android and iOS apps can be downloaded from the respective stores.
More and more of my students are dropping cable.
Cord Cutters: Watch Live TV Online With NimbleTV – Even Cable!
Want to watch TV, but don’t like the limitations of cable? Look into NimbleTV, which offers a few free live TV stations and paid plans for cable stations.
Recently I introduced you to FilmOn, which lets you watch a variety of over-the-air TV stations free of charge. That service doesn’t ask for permission from providers: it re-broadcasts signals without permission, and as such is subject to frequent lawsuits.
NimbleTV, in contrast, is trying to do online live television legally. You can connect the service with your existing cable stations, or pay for a direct subscription to watch cable TV online.
… If you’re looked into LiveStation, which lets you watch live TV news online, you’ll find a similar lineup of news channels: Bloomberg, Al Jazeera, RT and CSPAN are a few examples. You’ll also find AntennaTV, which mostly airs reruns of black-and-white sitcoms.
… We’ve told you before: you can watch TV online legally, for free.
Quite a nice collection of tips and apps. Something for everyone, even my students.
Adobe PDF Guide – Everything You Wanted to do with PDFs
I find this hysterical.
… Announcing Unizin: “Unizin is a strategic move by universities to assert greater control and influence over the digital-learning landscape than would otherwise be possible by any single institution." The four founding institutions are Colorado State University, Indiana University, the University of Florida, and the University of Michigan. Why Unizin?:
As professors and members of the academy, we want to support faculty and universities by ensuring that universities and their faculty stay in control of the content, data, relationships, and reputations that we create. As we look at the rapidly emerging infrastructure that enables digital learning, we want to bias things in the direction of open standards, interoperability, and scale. Unizin is about tipping the table in favor of the academy by collectively owning (buying, developing, and connecting) the essential infrastructure that enables digital learning on our campuses and beyond.
The platform for Unizin will be Instructure Canvas, because ”banding together" to resist outsourcing definitely starts with a shared LMS made by a third party vendor. [Is a proprietary infrastructure the best way to go? I think not. Bob]
… “24 Georgia Middle-Schoolers Suspended For Talking About Dress-Code Insubordination on Facebook” – the principal called their plans a “terrorist threat.”