For
my Ethical Hackers. I repeat, technically sophisticated hacks are
fun, but the real money is in the huge volume of simple, low skill
hacks that are available. (Note that management should be a bit
concerned with their Security manager if they hear things like this.)
Byron
Acohido reports;
Ethical hacker Bryan Seely of Seattle-based Seely Security showed how
MBIA has long been exposing details of municipal bond and investment
management accounts in a way that made it easy for criminals to
transfer funds from existing accounts into newly created ones they
control. There’s no evidence any theft took place, only because
the bad guys appear to have
overlooked this freebie.
[...]
Seely says he has identified more than 8,000 other servers that are
similarly misconfigured and likewise exposing sensitive accounts on
the open Internet. These are accounts that should be kept under lock
and key.
Seely has been on a one-man campaign to notify organizations, and a
few have listened to him.
Read
more on Credit.com
[From
the article:
“In
the case of MBIA, it was not at risk because of a flaw in Oracle,”
Seely says. “This was simply because the
customer did not configure the server correctly when they deployed
it, and it caused private banking records to be exposed to
the Internet.”
(Related)
Not hearing about security weaknesses is even worse. (Not to
mention, pretending to not hear)
A
former Maricopa County Community College District employee alleges
executive leadership closed their eyes to a report on their database
security conducted after their massive data breach in 2013 so they
would have plausible deniability in any litigation. As a result, the
employee alleges, the findings were never shared with those tasked
with securing MCCCD’s data assets.
In
November 2013, Maricopa County
Community College District (MCCCD) disclosed that they had
been informed by the FBI that 14 databases with personal information
had been found up for sale on the Internet. The potential compromise
of 2.5 million students’, employees’ and vendors’ personal and
financial information currently stands as the
largest breach ever in the education sector.
As
part of its continuing investigation into that breach,
DataBreaches.net recently disclosed parts of a report
issued by Stach & Liu in 2011 after an earlier hacking
incident. Failure to properly remediate that breach had been cited
as a factor in the 2013 breach. Of special relevance now, MCCCD’s
external counsel had asserted
that MCCCD administration at the highest levels never even knew of
the report’s existence until after the 2013 breach. [Apparently
they don't read the local newspaper or watch local TV news. Bob]
Their claim was disputed by former employee Earl Monsour, who stated
he had delivered the report to the Vice Chancellor for ITS.
[I suggest you read the
full article! Bob]
Is
this because they have crazy people just across the boarder?
Cho
Mu-hyun reports:
The shocking figure of over 106 million privacy breaches was unveiled
by a report of data leaks between 2010 to 2014 filed by the Korea
Communication Commission (KCC) to the National Assembly during the
yearly government audit of ministries.
The figure means that each
person has, on average, had his or her personal information leaked
2.1 times during the past four years in a country with a
population of 50 million.
Read
more on ZDNet.
For
my Computer Security students. Should I add this to my “Stalker's
Toolbox?”
How
Anyone Can Find Your Personal Details Via Twitter With Tinfoleak
…
There’s a free script called Tinfoleak
which can pull an alarming amount of information about any
Twitter user based simply on their profile and their tweets.
Let me show you how it works.
Take
that, Steve Jobs! (Could I follow this business model here in the
US?)
…
Xiaomi, the four-year-old Chinese smartphone manufacturer, has found
just such a sweet spot, and as a result is taking
the smartphone industry by a storm. Pundits claim that Xiaomi is
just a Chinese copycat of Apple, and not without some reason. Some
point to Xiaomi’s
product introductions, which are eerily just like Apple’s.
Others point out the strong similarities between Xiaomi’s operating
system (named MIUI) and Apple’s iOS. What’s more, Xiaomi’s
products rank among the best in the industry in terms of performance.
All these cues might lead us to believe that it is competing head to
head with the leading smartphone manufacturers.
However,
looking at the full extent of Xiaomi’s business model reveals just
how different – and how disruptive — it is. For starters, unlike
Apple, Xiaomi is not targeting premium customers; it’s mostly teens
buying those high-quality phones, and hardly at a premium, since
Xiaomi’s prices are at least 60% lower. A neat trick. How does
Xiaomi pull that off?
For
my Ethical Hackers. Think of the fun possible by driving through a
neighborhood, unlocking doors as you go!
August
Smart Lock Gets Key Exposure in Apple Stores
The
August Smart Lock will become available for purchase at Apple retail
stores in the United States starting this week, the company announced
on Tuesday.
Priced
at US$249.99, the smart device uses Bluetooth and a mobile app to
create a virtual key.
The
August Smart Lock replaces the interior portion of users' existing
deadbolt locks but does not require users to change their exterior
door hardware; their physical, metal keys will work with the deadbolt
as well.
The
device is powered by four
AA batteries [Why
you need to keep the key Bob] and can be installed in
about 10 minutes, August said.
Once
in place, the smart lock allows users to control access to their home
via smartphone. They can provide temporary or ongoing access to
select others at will, including creating invited guest lists from
their contacts for a party or event, for example.
Log
records show who has entered and exited.
It's
sad to think we need to buy hardware, install special software, or go
to any extra effort at all to secure our communications. The amount
of “over-subscription” ($7,500 asked, $500,000+ pledged) suggests
we do want security and recognize the need to pay for it.
Cassandra
Khaw reports:
On the internet, everyone is susceptible to invasions of privacy.
But, a group of developers is hoping to change this by kickstarting
a one-stop solution for anyone looking to peruse the internet
without having their personal information harvested.
Anonabox hinges on open source software known as Tor, which encrypts
user activities on the World Wide Web. While some amount of
technical knowledge is usually needed to implement Tor, Anonabox will
purportedly offer plug-and-play usability.
Read
more on The
Verge.
Clearly
I'm pleased to see that Harvard clearly wants to clearly clarify the
clutter surrounding the Internet
of Things. Definitely worth a read!
The
Internet of Things is definitely becoming a Thing, in the same way
that big data’s a Thing or the sharing economy’s a Thing. And
the thing about a thing that becomes a Thing is, it’s easy to lose
sight of the things that made it a thing before everyone declared it
the Next Big Thing that will change everything.
Got
it? Good. We’ll start there. With the hype over the Internet of
Things behind us. Because whether or not it’s a Thing, the
internet of things is already a lot of things.
…
But before you read anything else, I suggest you check
out Michael
Porter’s new opus of an article on the Internet of Things and
strategy.
It’s
quite a thing.
(Related)
Also mentioned in the previous article.
Search
engine for the Internet of Things
“Thingful®
is a search engine for the Internet of Things, providing a unique
geographical index of connected objects around the world, including
energy, radiation, weather, and air quality devices as well as
seismographs, iBeacons, ships, aircraft and even animal trackers.
Thingful’s
powerful search capabilities enable people to find devices, datasets
and realtime data sources by geolocation across many popular Internet
of Things networks, and presents them using a proprietary
patent-pending geospatial device data search ranking methodology,
ThingRank®. If you are concerned about asthma, find out about any
air quality monitors in your neighbourhood; somebody working with a
Raspberry Pi can find others round the corner using the same
computing platform; if you notice a ship moored nearby, discover more
about it by tracking it on Thingful, or get notified of its
movements; a citizen concerned about flooding in a new neighbourhood
can look up nearby flood monitors or find others that have been
measuring radiation. You might even watch the weekly movements of a
shark as it explores the oceans. The possibilities are unbounded!
Thingful
also enables people and companies to claim and verify ownership of
their things using a provenance mechanism, thereby giving them a
single web page that aggregates information from all their connected
devices no matter what network they’re on, in categories that
include health,
environment,
home,
transport,
energy
and flora
& fauna. Users can also add objects to a Watchlist in
order to keep track of them, monitor their realtime status and get
notifications when they change.”
They
talk statistics, I'm looking for immediate (hardware or software)
feedback.
Training
Students to Extract Value from Big Data
“As
the availability of high-throughput data-collection technologies,
such as information-sensing mobile devices, remote sensing, internet
log records, and wireless sensor networks has grown, science,
engineering, and business have rapidly transitioned from striving to
develop information from scant data to a situation in which the
challenge is now that the amount of information exceeds a human’s
ability to examine, let alone absorb, it. Data sets are increasingly
complex, and this potentially increases the problems associated with
such concerns as missing information and other quality concerns, data
heterogeneity, and differing data formats. The nation’s ability to
make use of data depends heavily on the availability of a workforce
that is properly trained and ready to tackle high-need areas.
Training students to be capable in exploiting big data requires
experience with statistical analysis, machine learning, and
computational infrastructure that permits the real problems
associated with massive data to be revealed and, ultimately,
[I'm gunning for
“immediately” Bob]
addressed. Analysis of big data requires
cross-disciplinary skills, including the ability to make
modeling decisions while balancing trade-offs between optimization
and approximation, all while being attentive to useful metrics and
system robustness. To develop those skills in students, it is
important to identify whom to teach, that is, the educational
background, experience, and characteristics of a prospective
data-science student; what to teach, that is, the technical and
practical content that should be taught to the student; and how to
teach, that is, the structure and organization of a data-science
program. Training
Students to Extract Value from Big Data summarizes a
workshop convened in April 2014 by the National Research Council’s
Committee on Applied and Theoretical Statistics to explore how best
to train students to use big data. The workshop explored the need
for training and curricula and coursework that should be included.
One impetus for the workshop was the current fragmented view of what
is meant by analysis of big data, data analytics, or data science.
New graduate programs are introduced regularly, and they have their
own notions of what is meant by those terms and, most important, of
what students need to know to be proficient in data-intensive work.
This report provides a variety of perspectives about those elements
and about their integration into courses and curricula.”
Demographics
and Big Data. Summarizing by Zip Code.
Big
Data Can Guess Who You Are Based on Your Zip Code
In
the era of Big Data, your zip code is a window into what you can
afford to buy, but it also reveals how you spend time—and, in
essence, who you are.
That's
according to software company Esri, which mapped zip codes across the
United States and linked them to one of 67 profiles of American
market segments.
…
The level of detail is striking and—from what I could tell based
on cross-referencing some of my own last several zip codes of
residence—pretty accurate, too. Anyone
can plug a zip code into Esri's database, which makes for an
addicting game of "guess my identity."
…
In the United States, where there are virtually no regulations on
data collection, someone trying to profile you can fairly easily
learn how much money you make, your education level, whether you own
a home, who you voted for, how many kids you have, how much credit
card debt you're carrying, even what
you thought of the series finale of How I Met Your Mother.
Dilbert
nails it again. This is exactly what happens when I assign Group
Projects.
No comments:
Post a Comment