Tuesday, December 09, 2014
Details from the hackers, still nothing from Sony. This is beginning to smell.
Hackers demanded monetary compensation from Sony before cyber attack
An email sent to Sony Pictures chiefs Michael Lynton and Amy Pascal has emerged in which monetary compensation was demanded days before the studio was crippled in a cyber attack.
"We've got great damage by Sony Pictures," writes "God'sApstls" in the message that was sent Nov. 21, with the subject line: "Notice to Sony Pictures Entertainment Inc."
"The compensation for it, monetary compensation we want," it continues. "Pay the damage, or Sony Pictures will be bombarded as a whole. You know us very well. We never wait long. You'd better behave wisely."
… Mashable was first to publish the email, which was reportedly found in new documents released by hackers on Monday.
A guide for my Ethical Hackers?
Chris Halsne reports:
A just-released audit finds that Colorado state computer systems are vulnerable to a cyber attack.
The report mirrors the results of a year-long FOX31 Denver investigation.
We found gaping holes in security, some of which exposed the Social Security and bank account numbers of state employees and contractors.
Monday, the State Auditor`s Office blamed the Governor`s Office of Information Technology for creating an, “environment ripe for breach by an external attacker or internal employee.”
Read more on Fox.
For my Data Governance class.
From the press release:
Despite a growing number of data breaches occurring under the glare of the public spotlight, 71 percent of employees in a new survey report that they have access to data they should not see, and more than half say that this access is frequent or very frequent.
As attention shifts from sophisticated external attacks to the role that internal vulnerability and negligence often play, a new survey commissioned by Varonis Systems, Inc. and conducted by the Ponemon Institute suggests that most organizations are having difficulty balancing the need for improved security with employee productivity demands. Employees with needlessly excessive data access privileges represent a growing risk for organizations due to both accidental and conscious exposure of sensitive or critical data.
The survey report, “Corporate Data: A Protected Asset or a Ticking Time Bomb?” is derived from interviews conducted in October 2014 with 2,276 employees in the United States, United Kingdom, France, and Germany.
… Both IT practitioners and end users are witnessing a lack of control over employee access and use of company data, and the two groups generally concur that their organizations would overlook security risks before they would sacrifice productivity. Only 22 percent of employees surveyed believe their organizations as a whole place a very high priority on the protection of company data, and less than half of employees believe their organizations strictly enforce security policies related to use of and access to company data. Further, the proliferation of business data is already negatively impacting productivity — making it harder for employees to find data they truly need and should be able to access, and to share appropriate data with customers, vendors and business partners.
… For a full copy of the study, go to http://www.varonis.com/research/why-are-data-breaches-happening.
PDF Attachment Available: http://www.varonis.com/research/why-are-data-breaches-happening/ponemon-infographic.pdf
Tools for my Ethical Hackers. Remember he first tool of Hacking: a good lawyer!
Spider a Website with Wget – 20 Practical Examples
How do I download an entire website for offline viewing? How do I save all the MP3s from a website to a folder on my computer? How do I download files that are behind a login page? How do I build a mini-version of Google?
Wget is a free command line program – available for Mac, Windows and Linux (included) – that can help you accomplish all this and more. What makes it different from most download managers is that wget can follow the HTML links on a web page and recursively download the files. It is the same tool that a US soldier had used to download tons of secret documents from the army’s Intranet that were later published on the Wikileaks website.
… It will help if you can read through the wget manual
… Wget can be used for downloading content from sites that are behind a login screen or ones that check for the HTTP referer and the User Agent strings of the bot to prevent screen scraping.
“Wow! Where can I get one of dese devices that will rat me out to da cops!”
Data from wearable devices could soon land you in jail
… In what's thought to be a first-of-its-kind civil lawsuit, a personal injury lawyer in Canada used data from a Fitbit wristband in an insurance fraud case to support his client's claims.
Previously, insurance civil suits relied on physician examinations and not historical data collected from a wearable.
… Muller's client voluntarily shared several months of Fitbit data with Vivametrica so it could be compared with data from other Fitbit users. His client, a former personal trainer, had been in an accident that affected her ability to work; the data was used to back up her claim.
… Wearables are a perfect fit for litigation, according to Neda Shakoori, an attorney who leads an eDiscovery initiative with the law firm of McManis Faulkner.
Wearables not only track physical activity, but they can transmit geolocation information, and more sophisticated wearables, like Google Glass, can also take photos and videos and perform web searches.
I'll bet that exactly how they said it.
… "Without the ability to test outdoors in the United States soon, we will have no choice but to divert even more of our [drone] research and development resources abroad," said Amazon’s vice president of global public policy Paul Misener in a letter to the FAA seen by the Wall Street Journal. "I fear the FAA may be questioning the fundamental benefits of keeping [drone] technology innovation in the United States," said Misener.
How many people (voters?) need to 'sign' a petition for anyone in government to notice? I would think supplying individual politicians with lots of detail about petitioners would be a minimal requirement.
… Change.org founder and CEO Ben Rattray argues that one of the most basic ironies of the internet is how it has so far failed to open up what is supposed to be the most participatory process of all.
“You’ve democratized all these industries, but you haven’t democratized democracy,” Rattray says.
Timely. I'm giving a short presentation at the next faculty meeting on how I find articles for this blog.
Pew Study: Americans Thankful to Internet for Making Them Better Informed
A survey report by Pew Research Center reveals that most Americans are thankful to the Internet for helping them learn new things, having them stay better informed on topics that are important to them, and increasing their capacity for sharing creations and ideas with others.
The positive views regarding the Internet show that Americans enjoy having massive amounts of information readily available to them, as opposed to being overwhelmed.
… The results of the survey shows that 87 percent of respondents improved how they are able to learn new things, with 53 percent saying that the improvement has been by "a lot." This is more evident for the respondents that are below 50 years old, live in households with higher incomes, and have higher levels of educational attainment.