Tuesday, September 02, 2014
This will continue in the news until everyone has copies of the pictures.
Apple Patches Vulnerability Possibly Linked to Celebrity Picture Leaks
Apple has patched a flaw that may be linked to the leak of salacious celebrity photos on the Web.
The flaw existed in the 'Find My iPhone' service. In order to use it, hackers would need to know the username of the account they are targeting. The vulnerability allowed attackers to guess passwords repeatedly without being locked out and without notifying the account owner. If the password was successfully guessed, the attacker could then access the iCloud account.
A tool for brute forcing the accounts was posted on GitHub.
… "There have been claims that iCloud may be involved, but it’s tricky to confirm even if all of the celebrities affected use Apple devices," blogged security researcher Graham Cluley. "Many folks are blissfully unaware about iPhone photos being automatically sent to an Apple iCloud internet server after it is taken.
… The tool posted to GitHub was developed by HackApp, which also posted slides and a presentation about iCloud security online. [Just like someone was teaching Ethical Hacking... Bob]
Completely unrelated to the article above, but you have to consider how secure your lawyer's data will be in the cloud.
New on LLRX – How to choose Web-based legal software
by Sabrina I. Pacifici on Sep 1, 2014
Via LLRX.com - How to choose Web-based legal software: More and more lawyers are moving to Web-based legal software because it’s convenient, provides 24/7 on-the-go-access to case-related information, and is affordable. Lawyer and legal tech expert Nicole Black says the good news is now that cloud computing is becoming more familiar and accepted, new platforms are being introduced into the legal marketplace at record speed. She explains how to make effective business choices when determining how and what cloud based applications to use.
For my Computer Security students and for my Ethical Hacker's “How to” guide. (Apparently, this reporter thinks Seoul is the capital of North Korea or perhaps he can't spell Pyongyang.)
North Korea's Cyber Warfare Capabilities Detailed in New Report
... the fact that the Web is strictly controlled by the regime means that independent hacker groups can't operate, so all cyber activity originating in the country can be assumed to be sponsored by the government. North Korea is well aware that any cyber activity traced back to its territory is automatically associated with the government so many attacks sponsored by the regime are launched from cells in China, the United States, South Asia, Europe and even South Korea.
… "While North Korea’s cyber warfare capabilities pale in comparison to those of wealthier nations, the regime has made significant progress in developing its infrastructure and in establishing cyber operations. The rate of this progress warrants a closer look at North Korea’s motivations, TTPs, and capabilities," HP said.
… The complete report on North Korea's cyber threat landscape is available online.
Not a very strong argument.
The Brattleboro Reformer posted this editorial that appeared in The Kennebec Journal of Augusta (Maine) on Aug. 28:
If the federal government can’t get states to sign on to the Real ID law, it has only itself to blame.
All the darkest nightmares of privacy advocates who warned in the early 2000s of an Orwellian state in which everyone is under surveillance all the time have turned out to be true.
Read more on Brattleboro Reformer.
Apparently, there is money to be made in the “privacy lawsuit bidness”
Catherine Baksi writes:
The number of privacy cases fought in UK courts has doubled in the last five years, amid an explosion in the amount of personal data held and shared by government agencies, and retained by businesses.
In the year to 31 May 2014, there were 56 cases in the High Court, up from 28 five years ago, according to figures from legal information provider Thomson Reuters.
Thomson Reuters said a high proportion of the cases this year involve claims against public institutions, particularly the police. These have included stop and search complaints. In one high-profile example of the police’s invasion of privacy, it was revealed that undercover police officers secretly gathered intelligence over two decades on Doreen Laurence and 18 families fighting to get justice from the police over deaths in custody and other matters.
Read more on Law Society Gazette.
Meanwhile, Canada is also seeing a rise in privacy cases, as Arshy Mann reports:
With the certification of Evans v. The Bank of Nova Scotia, the newly introduced tort of intrusion upon seclusion has become another weapon in the arsenal for the class action plaintiffs’ bar.
But while Evans has gotten the lion’s share of attention, other developments in privacy law are also portending an increase in privacy class actions. The tort of intrusion upon seclusion emerged in Ontario in Jones v. Tsige, a 2012 case involving a bank employee who accessed a colleague’s personal information for her own purposes.
Read more on Law Times.
“DARPA's like a box of chocolates. You never know what you're gonna get.” F. Gump
DARPA Open Catalog
by Sabrina I. Pacifici on Sep 1, 2014
“Welcome to the DARPA Open Catalog, which contains a curated list of DARPA-sponsored software and peer-reviewed publications. DARPA sponsors fundamental and applied research in a variety of areas including data science, cyber, anomaly detection, etc., that may lead to experimental results and reusable technology designed to benefit multiple government domains. The DARPA Open Catalog organizes publicly releasable material from DARPA programs. DARPA has an open strategy to help increase the impact of government investments. DARPA is interested in building communities around government-funded research. DARPA plans to continue to make available information generated by DARPA programs, including software, publications, data, and experimental results. The table on this page lists the programs currently participating in the catalog.”