The
Adobe eBook reader. This will likely go well beyond kerfuffle.
Fortunately, I use DE2 – downloaded from my local library.
Nate
Hoffelder reports:
Adobe has just given us a graphic demonstration of how not to handle
security and privacy issues.
A hacker acquaintance of mine has tipped me to a huge security and
privacy violation on the part of Adobe. That anonymous acquaintance
was examining Adobe’s DRm for educational purposes when they
noticed that Digital Editions 4, the newest version of Adobe’s Epub
app, seemed to be sending an awful lot of data to Adobe’s servers.
My source told me, and I can confirm, that Adobe is tracking users in
the app and uploading the data to their servers. (Adobe was
contacted in advance of publication, but declined to respond.)
Read
more on The
Digital Reader.
Update:
The Register now reports
that they have also confirmed the allegations, and that Adobe is
“looking
into the matter.” Because such slurping seems to violate
Adobe’s representations to customers, I hope the FTC is “looking
into the matter” too.
[From
the article:
But
wait, there’s more.
Adobe
isn’t just tracking what users are doing in DE4; this app was also
scanning my computer, gathering the metadata from all of the ebooks
sitting on my hard disk, and uploading that data to Adobe’s
servers.
In.
Plain. Text.
And
just to be clear, this includes not just ebooks I opened in DE4, but
also ebooks I store in Calibre and every Epub ebook I happen to have
sitting on my hard disk.
As
April showers bring May flowers... Hacks that grab customer
information invite spear phishing. (Perhaps this will be Russia's
way of giving their hackers a “Bonus.”)
JPMorgan
Bracing For 'Spear Phishing' Campaign: Sources
JPMorgan
Chase (NYSE: JPM) officials are bracing for a massive spear phishing
campaign launched by cyber thieves who broke into the bank’s
servers in the biggest cyber-attack on a U.S. bank to date. Cyber
criminals thought to be emanating from Russia or former Soviet
satellite states hacked into numerous JPMorgan computer servers and
accessed contact information like names and email addresses for 76
million customers and seven million small businesses.
For
my Ethical Hackers. I see a business opportunity here.
Your
USB Devices Aren’t Safe Anymore, Thanks To BadUSB
…
The earth-shattering
revelations that USB isn’t as secure as first thought was first
disclosed by security researchers Karsten Nohl and Jakob Lell in
July, 2014. The malware they created – dubbed
BadUSB – exploits a critical vulnerability in the design of USB
devices which allowed them to hijack a user’s Internet traffic,
install additional malware and even surreptitiously gain control of a
user’s keyboard and mouse.
The
BadUSB malware isn’t stored on the user-accessible storage
partition, but rather on the firmware of a USB device – including
Keyboards, phones and flash drives. This means that it’s
virtually undetectable to conventional anti-virus packages, and can
survive the drive
being formatted.
Fortunately,
would-be attackers have been unable to take advantage of BadUSB, due
to Nohl and Lell not publishing the code in order to give the
industry an opportunity to ready a fix. Until recently, that is.
In a
talk given at DerbyCon – a computer security conference held in
Louisville, Kentucky – Adam Caudill and Brandon Wilson demonstrated
their successful reverse-engineering of BadBSD, and published
their exploit code on code-sharing
platform GitHub.
There
is always more to learn.
Data
Breaches in Europe: Reported Breaches of Compromised Personal Records
in Europe, 2005‐2014
Philip
N. Howard
…
You can download the full report here
(pdf)
Pledges
don't protect anything. Will their actions match their words?
http://www.geekwire.com/2014/microsoft-pledges-keep-students-data-private/?google_editors_picks=true
Microsoft
pledges to keep students’ data private
Microsoft
announced
today that it is one of the first companies to sign a new pledge
designed to protect students’ privacy at a time when more
technology is flooding into the classroom.
The
“K-12
School Service Provider Pledge to Safeguard Student Privacy,”
which was organized by the Future of Privacy Forum and the Software &
Information Industry Association, is designed to identify companies
that will keep data from students safe.
…
Today’s announcement comes a week after California Governor Jerry
Brown signed
a law that restricts what companies can do with student data.
For
my Data Mining students.
WSJ:
Microsoft has signed letter of intent to acquire Israeli text
analysis firm Equivio
According
to a Wall Street Journal (WSJ) report, US software giant Microsoft
has signed a letter of intent to purchase Israeli text analysis firm
Equivio.
…
The company's clients include the US Department of Justice, the
Federal Trade Commission, KPMG and Deloitte.
The
text analysis software developed by Equivio can, with the help of
machine learning algorithms, group together relevant texts from
massive amounts of documents, including emails as well as other
organizational social and collaboration networks.
The
list of the users of Equivio's text analysis software clearly
indicates that the company's technology is currently being
used by organizations that provide litigation support services to law
firms and corporate legal departments trying to dig out
relevant data - like legal contracts - from large amounts of
documents.
“I
keep finding all these new continents that people are adding to the
world.” C. Columbus
The
Quiet Rise of the Satellite Spy Agency
As
far as intelligence agencies go, the National Geospatial-Intelligence
Agency has remained relatively low profile—attracting neither the
intrigue of, say, the CIA nor the umbrage directed toward the
National Security Agency.
For
my students.
GitHub
Gives Away Free Developer Tools
GitHub
has launched the GitHub Student Developer Pack, a set of
developer tools aimed exclusively at students. The GitHub Student
Developer Pack, released as part of GitHub
Education, includes hackable text editor Atom, cloud applications
manager Bitnami, crowdsourcing enrichment platform Crowdflower, and
database portfolio Orchestrate, as well as a host of other tools.
To
be eligible for the GitHub
Student Developer Pack, you need to be “a student aged 13+
and enrolled in degree or diploma granting course of study,”
and provide a “school-issued email address, valid student
identification card, or other official proof of enrollment.”
Which seems fairly generous to us.
Interested
parties should be aware that while some of the tools are being given
away for free, others are being offered by platform credits which may
quickly run out. But even with that caveat, it’s still a great
initiative.
No comments:
Post a Comment