Sony:
perhaps it's worse than they know. It looks like Sony will be the
model for “Big Data” security breaches for a some time to come.
Kevin
Roose reports:
Yesterday, I reported
on a spreadsheet apparently taken from Sony Pictures
Entertainment, one of the largest and most powerful studios in
Hollywood, by a group of hackers calling themselves Guardians of
Peace. The document, which listed the names, titles, and salaries of
more than 6,000 Sony Pictures employees including senior executives
(and may have revealed a gender
pay discrepancy), appears to be part of an enormous data breach
that hit the studio last week, forcing them to shutter computer
systems, move employees to paper
and pencils, and call in the FBI and private security researchers
to investigate the hack.
[…]
Here are just a few of the revelations I found in the leaked archives
– most in normal, unencrypted Excel and Word files, labeled as
plain as day:
A spreadsheet listing the names, birth dates, and social security
numbers of 3,803 Sony Pictures employees, including all of the
company’s top executives. (Happy birthday, Wendy!)
A spreadsheet listing the division-by-division Sony Pictures payroll,
as well as breaking down costs for raises and other pay changes.
(The company’s total salaries, as of May, were listed at
$454,224,070.)
A spreadsheet listing Sony Pictures employees who were fired or laid
off in 2014 as part of the
company’s reorganization, along with the reasons for their
termination. Also on this spreadsheet: estimates of “TOTAL COST TO
SEVER,” or the amount Sony Pictures calculated it had to pay to
terminate each person’s employment, including severance pay, COBRA
health benefits, and outplacement costs.
Read
more on Fusion.
Today,
the Hollywood Reporter reports:
Sony Pictures Entertainment chiefs Michael Lynton and Amy Pascal have
released a memo to staff addressing a recent
hack against the company. The memo, which was sent to all of
Sony’s approximately 6,600 employees, is an
apparent admission that information leaked online this week is
accurate.
Acknowledging that “a large amount of confidential Sony Pictures
Entertainment data has been stolen by the cyber attackers, including
personnel information,” Lynton and Pascal sent a message to the
company’s employees reassuring them that “the privacy and
security of our employees are of real concern to us” and offering
them identity protection services.
Read
more on Yahoo!
Once
again, it seems, Sony is playing catch-up in communications.
Given recent revelations by Brian Krebs and Kevin Roose, it needs to
get its PR team in high gear to issue a press release that confirms
what it already knows.
(Related)
Another peek at the Sony data.
Unprecedented
leak of Sony Pictures internal personal data
“After
sifting through almost 40GB of leaked internal data, one thing is
clear: Sony
Pictures appears to have suffered the most embarrassing and
all-encompassing hack of internal corporate data ever made public.
The data dump, which was reviewed extensively by BuzzFeed News,
includes employee criminal
background checks, salary negotiations, and doctors’
letters explaining the medical rationale for leaves of absence.
…
And there is extensive documentation of the company’s operations,
ranging from the script for an unreleased pilot written by Breaking
Bad creator Vince Gilligan to the results of sales meetings with
local TV executives. The documents made public this weekend,
covering the company’s human resources, sales, and marketing teams,
among others, are just a
fraction of approximately 100TB of data the hackers claim to have
taken from Sony.
(Related)
Are we finally getting facts? This is probably the
malware. More testing required. Neither the article or the very
detailed blog post blames North Korea.
Researchers
Analyze Data-Wiping Malware Used in Sony Attack
Researchers
from Trend Micro say they have identified the piece of malware that
appears to have been used in the recent cyberattack
targeting the corporate network of Sony Pictures.
…
Trend
Micro detects the threat as BKDR_WIPALL.
Researchers have determined that the attack starts with
BKDR_WIPALL.A, which is the main installer and is disguised as an
executable file named "diskpartmg16.exe."
The
threat uses an encrypted set of usernames and passwords to log into
the targeted organization's shared network. The goal is to grant
full access to everyone that accesses the system root, researchers
explained in a blog
post.
Interesting.
I would expect the average customer to agree with the judge.
Missy
Baxter reports:
In a much-anticipated court ruling, a Minnesota federal judge said
Tuesday that Target Corp. had a duty to protect debit and credit card
information from cyberthieves.
U.S. District Judge Paul Magnuson rejected Target’s attempt to
dismiss claims filed by a group of financial institutions seeking
damages related to the retailer’s data breach in late 2013, court
documents said.
The judge ruled that the plaintiffs, which include the $282 million
CSE Federal Credit Union of Lake Charles, La., have a plausible case
for negligence because Target played a key role in allowing
cyberthieves to hack into computer systems and obtain card data and
possibly personal information of card holders, the documents said.
Magnuson agreed to allow three of four claims made by plaintiffs to
move forward, but dismissed one count that claimed negligent
misrepresentation by omission, which was related to Target’s
security system, the documents said.
Read
more on Credit
Union Times.
An
interesting collection of guesses? An easy article to write if you
call you largest advertisers...
Cybersecurity
Threats 2015: More Espionage, More Apple Malware
…
Until now, Russia, China and the United States have dominated the
cyberespionage scene, but their success will start to attract new
players to the practice.
"We
can expect some of the developing economies -- countries forecasted
for high economic growth -- to engage in these activities to protect
their growth status," Carl Leonard, a senior manager at Websense
Security Labs, told TechNewsWorld.
…
Russian cyberattacks on the West, as a form of retaliation for
political actions taken against the Kremlin, will continue, forecast
SentinelOne.
A
lack of accountability within the Beijing regime will allow China's
cyberespionage efforts to continue unabated, the firm also said.
…
Pakistan may be in the forefront of a trend SentinelOne predicted
for 2015: Attacks as a Service.
Instead
of shopping here and there to gather the tools for an attack,
SentinelOne explained, an attacker will be able to go to a website,
choose malware, choose what to steal -- banking credentials,
healthcare records, credit card numbers and such -- request a number
of infections, and pay for the package.
While
most cyberespionage has been directed at computer systems, cyberspies
increasingly will target mobile devices, predicted Michael Shaulov,
CEO of Lacoon Mobile
Security.
…
The Internet of Things also will become an attack surface in 2015.
Printers,
smart TVs, appliances, wearable computers -- a whole host of cloud
connected devices will be a new source of cyberthreats in the coming
year, predicted Willy Leichter, global director of cloud security for
CipherCloud.
Interesting
to see their calculation of the probability of war.
Slovakia
Warns of Danger of Wider Ukraine Conflict
Slovakia’s
prime minister Tuesday said that clashes between Ukrainian government
forces and pro-Russian separatists may still expand into a broader
war involving other nations and that Europe should push forcefully
for peace talks.
“There’s
a 70% probability of a military conflict in Ukraine and
not only there,” Robert Fico told an economic conference in the
Slovak capital.
How
poorly must you manage a program to attract FBI attention?
LA
School District's $1.3B iPad Contract Goes Up In Smoke Following FBI
Raid
The
ambitious, deeply troubled effort by the Los Angeles, Calif. school
district to provide every student with an iPad
ended this week with FBI agents seizing documents under a federal
subpoena. Federal officials are investigating questions regarding
the $1.3 billion contract. Ramon C. Cortines, the superintendent for
L.A. schools, put an end to the contract yesterday citing controversy
surrounding the failed plan. Agents reportedly removed about 20
boxes of documents during the raid.
…
The review’s findings suggested that the deployment of the iPads
focused on delivering the tablets to classrooms, with not enough
resources being dedicated to providing teachers with training. The
report also suggested that some teachers were unhappy with the
curriculum.
Genius!
This App alone could sell millions of iPhones!
Avoid
the coffee line: First look at Starbucks’ order-ahead mobile
feature
Starbucks
launched
a major new initiative today, allowing people to place orders
from their iPhone for pick-up at a nearby store.
…
For now, the pilot program is running only in 152 Starbucks cafes in
Portland...
…
Starbucks will continue the rolling out the service to more cities
in 2015, with the aim of being nationwide by the end of the year.
Free
seems to be the way to go.
Nature
makes all articles free to view
News
release: “All research papers from Nature will be made
free to read in a
proprietary screen-view format that can be annotated but not copied,
printed or downloaded, the journal’s publisher Macmillan
announced
on 2 December. The content-sharing policy, which also applies to 48
other journals in Macmillan’s Nature Publishing Group (NPG)
division, including Nature Genetics, Nature Medicine and
Nature Physics, marks an attempt to let scientists freely read
and share articles while preserving NPG’s primary source of income
— the subscription fees libraries and individuals pay to gain
access to articles. ReadCube,
a software platform similar to Apple’s iTunes, will be used to host
and display read-only versions of the articles’ PDFs. If the
initiative becomes popular, it may also boost the prospects of the
ReadCube platform, in which Macmillan has a majority investment.
Annette Thomas, chief executive of Macmillan Science and Education,
says that under the policy, subscribers can share any paper they have
access to through a link to a read-only version of the paper’s PDF
that can be viewed through a web browser. For institutional
subscribers, that means every paper dating back to the journal’s
foundation in 1869, while personal subscribers get access from 1997
on. Anyone can subsequently repost and share this link. Around 100
media outlets and blogs will also be able to share links to read-only
PDFs. Although the screen-view PDF cannot be printed, it can be
annotated — which the publisher says will provide a way for
scientists to collaborate by sharing their comments on manuscripts.
PDF articles can also be
saved to a free desktop version of ReadCube, similarly to how music
files can be saved in iTunes.”
It
might be fun to tell my students they can't use PowerPoint, but I
want slides! This is for younger students.
Many
Ways to Create and Share Digital Stories
Earlier
today I read Alan Levine's blog post Always
Be Attributing. In that post he referenced a resource that anyone
with an interest in digital storytelling should bookmark. 50
Web Ways to Tell a Story is a wiki of tools for creating digital
stories. On the wiki you will find pages of tools arranged by output
type (slides, audio, collage, video) and a page of tools that offer
features for teachers (student account management).
Applications
for Education
50
Web Ways to Tell a Story is more than just a list of tools. The
wiki includes a page about developing story ideas. The Story
Ideas page offers excellent story starter suggestions that can be
used in almost any classroom setting.
No comments:
Post a Comment