Tuesday, November 25, 2014
Interesting. I look forward to seeing what failed. Unless Sony is really, really bad at security, this could have serious and widespread implications. Note: A lot of the Ethical Hacking community seems to find this “suspicious.” Could anyone be this bad at securing their systems?
Sony Comes To A Screeching Halt Targeted By Massive Ransomware Hack
It appears that Sony has become the victim of a massive ransomware hack which has resulted in the company shutting down. An unnamed source spoke to Business 2 Community claiming that the company shut down after its computers in New York and around the nation were infiltrated.
The source, according to the website, is an ex-employee of Sony Pictures who has a friend that still works for the company. According to the source’s friend, allegedly, every computer in Sony’s New York Office, and every Sony Pictures’ office across the nation, bears an image from the hacker with the headline “Hacked By #GOP” which is then followed by a warning.
… [Update] Another unnamed source has surfaced and, speaking to Variety, claims that Sony's IT department told employees to disable the WiFi on their mobile devices and turn off their computers. That same source went on to say that the company has told its workers that the situation will take anywhere from one day to three weeks to be resolved.
(Related) On the other hand.
Ransom is the new black – the increasing trend of online extortion
… Brian Krebs reported on this a few months ago and it’s about as brazen as you’d expect online criminals to get; give us money or we’ll mess up your stuff. It’s the mob protection racket of the digital era only more random with less chance of getting caught and not as many gold necklaces (I assume). That one bitcoin is about $400 American dollars today so enough for a tidy little return but not enough that it makes for an unachievable ransom for most small businesses.
The worrying thing is though, this is just part of a larger trend that’s drawing online criminals into the very lucrative world of extortion and we’re seeing many new precedents in all sorts of different areas of the online world. Let me show you what I mean.
For my Computer Security and Risk management classes.
Why Vendor Risk Management is Critical to Your Business
You’ve heard the trite expression “A chain is only as strong as its weakest link.” Well, it’s true, and when it comes to enterprise security, the weakest link might be outside your own organization.
Every since it came to light that the Target data breach originated through compromised credentials belonging to a third party vendor, there has been a renewed focus on vendor risk management (VRM), and especially on computer security risks.
There's money in Privacy!
Investors are dumping money into a nascent anonymous messaging app that allows users to post comments to people within a 1.5 mile-radius of their phone.
The app, Yik Yak, revealed Monday it had received $62 million in venture funding, just months after it raised $11.5 million.
In just one year, Yik Yak has quickly gained popularity on high school and college campuses, but has yet to get a significant foothold in the adult market.
… WhatsApp, which rose to prominence as a privacy-focused text messaging service, now has more than 600 million users worldwide.
But privacy groups were appalled when Facebook purchased the app for $22 billion earlier this year, worried the social networking giant would misuse WhatsApp's user data.
Last week, WhatsApp announced it would be rolling out end-to-end encryption for its users, meaning only the sender and receiver can read the message.
Snapchat also rapidly gained a massive following in 2013, promising a way to send self-erasing messages. The company later settled Federal Trade Commission charges that those messages were not necessarily deleted permanently.
Still, Snapchat has been valued at $10 billion, according to multiple media reports.
The Wall Street Journal reported Yik Yak is now valued in the low nine figures.
Other anonymous messaging apps like Secret and Whisper have attracted more limited, yet passionate, audiences.
“We think you were wrong (and perhaps evil) to capture that data, but don't destroy it because it might be useful.”
Aliya Sternstein reports:
The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called Einstein that are at least three years old, but not for security reasons.
DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance.
But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn’t collected at all, say destroying it could eliminate evidence that the governmentwide surveillance system does not perform as intended.
Read more on NextGov.
Also has implications for the Kim Dotcoms around the world?
Law Enforcement Without Borders
CDT – “A critical case is now working its way through the US courts—one that raises important questions for users and providers of cloud services in both the US and Europe. As part of a US criminal investigation, a US federal court has ordered Microsoft to hand over a customer’s files that the company holds in its Ireland data centre. Microsoft has refused to comply with this order, arguing among other things that a warrant issued by a US court is not sufficient to reach content stored outside US territory, and that the US government must obtain the assistance of the Irish authorities. The crucial question here is: what rules apply when one country demands that a service provider with a physical presence on its territory give its authorities access to communications stored in another country? Because larger policy questions are at stake, CDT and other public interest groups are filing briefs in the case on 15 December. And recently, Dara Murphy, the Irish Minister for European Affairs and Data Protection, asked the European Commission to file its observations. The Commission is now considering adding its voice to the conversation. CDT believes that the European Commission’s views would be helpful in shaping the outcome.”
Free is good.
Law Review Commons
“Over 200 open-access law reviews · Over 150,000 articles · Free current issues & archives from 1852.”
For my iPhone using students.
The 5 Most Frequently Used Free Apps on My iPad
A couple of weeks ago I published a list of my most frequently used browser and desktop apps. I created a similar list on iPadApps4School.com. That list is now included below.
When I am reading a blog post that I want to save for later, I share it to my Evernote account.
Skitch is the tool that I use on my iPad when I want to create an annotated screenshot.
Penultimate provides a place for you to hand-write notes on your iPad. The app allows you to create multiple notebooks with multiple pages in each.
I check this app at 12pm Eastern Time for new apps that are free for a limited time.
I use Drive for reviewing Documents that have been shared with me. I also use Drive for storing videos that I have created on my iPad.
I'm thinking about changing the final exam in my Spreadsheet class...
How to Create a Jeopardy-style Game in Google Spreadsheets
Around this time last year I shared a neat Google Spreadsheets script called Flippity. Flippity was originally designed to help you create flashcards through Google Spreadsheets. This morning Steve Fortna informed me that you can now use Flippity to create Jeopardy-style gameboards through Google Spreadsheets. In the video embedded I demonstrate how to use Flippity to create a Jeopardy-style gameboard.