Thursday, December 18, 2014

Sorry for the Sony rant that follows, but too much is unexplained or incredible. Even my Intro to Computer Security students think something smells here.
The only quote attributed to a real person in the FBI (as opposed to “sources” or “officials”) denied North Korea's involvement. The word from “federal officials” or “American officials” is that a compromised computer, once used by North Korea was used in this hack. Thank God they didn't tie my Ethical Hackers to the same computer. A compromised computer is a compromised computer, not one owned by North Korea.
Did Sony (or the US or Japanese governments) know something they did not release? Almost certainly. (It could be that the movie is such a stinker that it is cheaper to pull it than to sink more millions into promoting it.)
U.S. Said to Find North Korea Ordered Cyberattack on Sony
American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the release of a far-fetched comedy about the assassination of the North’s leader that is believed to have led to the cyberattack.
Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was debating whether to publicly accuse North Korea of what amounts to a cyberterrorism attack. Sony capitulated after the hackers threatened additional attacks, perhaps on theaters themselves, if the movie, “The Interview,” was released.

Sony Cancels December 25 Theatrical Release of ‘The Interview’, Set For Huge Loss
The terrorists win!

(Related) Why?
Exclusive: Sony Emails Say State Department Blessed Kim Jong-Un Assassination in ‘The Interview’

(Related) Remember, they are writing off a $40 million picture for starters...
Breach insurance might not cover losses at Sony Pictures
Documents leaked by the group claiming responsibility for the attack on Sony Pictures show that the company has upwards of $60 million in cyber insurance coverage after consolidating coverage with Sony Corporation of America. But will that be enough?

Sony shuts down filming in the wake of hacking attack that has ruined its financial software as well as leaking thousands of embarrassing emails
Sony Pictures has reportedly suspended all filming in the wake of a devastating hacker attack that has crippled the company's ability to make payments.
The entertainment giant is allegedly unable to make transactions, or make any use of a huge number of computers, after a hacking cell linked to North Korea disabled its security measures and stole valuable information.
A source told the Times of London that the company can't process any payments, [Still? Bob] which has in turn led third parties to cancel shoots. The scale of the suspension was not immediately clear.

(Related) The lawyers will have no trouble making “Case Studies” out of the Sony breach, even if Sony remains mute.
It took Reddit one day to pull down Sony hack data — and a week to remove nude celebrity photos
Sony has more resources — and more legal precedent — to challenge hacked materials when they leak into the public domain.
… Reddit executives, most likely, removed Sony's information because it reeked of legal troubles for the company that they didn't want to deal with. By quickly removing the Sony files, Reddit is preaching that words matter. Ethics matter. Trust matters. That is, so long as those ethics and words and trust protect large corporations and their interests.

(Related) ...and just for the lawyers...

(Related) Very nice summary.
The Evidence That North Korea Hacked Sony Is Flimsy

Just another lawsuit or one of the first “T J Hooper” style suits?
Jack Bouboushian reports:
Kmart’s failure to protect customer information with “elementary” security measures left banks liable for the resulting fraud, a federal class action claims.
First NBC Bank filed the class action Tuesday against Kmart Corp. and parent company Sears Holding Corp, regarding an announcement that hackers had breached Kmart’s payment-data systems in early September.
Kmart warned that customers who had used a credit card there for the past five weeks may have had their financial information stolen.
First NBC Bank says the infiltration occurred because Kmart’s outdated anti-virus system had not been updated to detect the malware that the hackers used.
Read more on Courthouse News.

“We've got all your data already, so we should be able to do anything we want with it, right?”
Consumer Watchdog today urged consumers to opt out of the new electronic health information exchange, Cal INDEX, that is being set up by Blue Cross and Blue Shield until key questions about patient privacy are answered.
… Consumers’ medical information is already being collected by Cal INDEX from Blue Cross and Blue Shield, but the organization has not yet made its privacy policy public, or clearly disclosed to the public how their medical information will be used.
… “If the exchange will do so much to benefit our health care, Cal INDEX should make that case and ask us to opt in,” said John M. Simpson, Consumer Watchdog’s Privacy Project Director. “Instead, Blue Cross and Blue Shield are telling enrollees they can opt out during the busy holiday season when we are all distracted. Worse, Cal INDEX fails to clearly explain its privacy protections and how it will operate. Consumers can’t make an informed decision based on what they’ve said so far.”
Visit our website at

...and it's all on video!
I wanted to make sure Just Security readers were aware of the inaugural Cato Institute Surveillance Conference held last week
… If you missed it live, I will suggest, with towering immodesty, that the whole thing’s worth watching—and hopefully we’ll see you at the Second Annual Cato Surveillance Conference.

“We can't tell you that.”
“Why can't you tell me that?”
“We can't tell you why we can't tell you?”
Sounds very much like “doublethink”
JPatBrown writes:
Last year, in response to a FOIA request from the ACLU regarding the Obama Administration’s policy regarding intercepting cell phone text messages, the Justice Department released 15 pages of documents – all of which had been completely redacted by b(7) and b(5) exemptions.
In response, MuckRock’s Michael Morisy requested the processing files for the case, which just came in earlier this week. Unsurprisingly, the documents are themselves heavily redacted, but the notes that were left in tell the fascinating story of FOIA officers who seem to be genuinely struggling with what – if anything – they could actually release.
Read more on and view the redacted responses.

Who writes the new definition?
By 2025, the Definition of 'Privacy' Will Have Changed
When living a public life becomes the new default, what does privacy even mean?
That's one of the central questions in a new report about the future of privacy from Pew Research Center, which collected the opinions of more than 2,500 experts in computer programming, engineering, publishing, data science, and related fields.

Maybe it just sounds delusional...
HIGHLIGHTS-Putin says economy to rebound, wants end to Ukraine crisis
Below are some of his comments.
"We think the crisis should be solved, the sooner the better."
"Clearly the current situation is caused mainly by external factors."
"It's certain that the budget will have a surplus."
"I believe that the central bank and the government are taking adequate measures."

(Related) What the non-delusional think is happening.
10 things you need to know about Russia

(Related) Of course he does.
Putin blames the West for Russia's misery

On the other end of the economic curve...
Swiss central bank introduces negative interest rates
Switzerland’s central bank on Thursday said it would introduce negative interest rates next year, a measure designed to cool the strength of the Swiss franc and ward off deflation.
Beginning Jan. 22, the Swiss National Bank will charge banks 0.25% to deposit overnight funds with it, the central bank said in a statement. The move will push the three-month Swiss franc Libor rate, currently in a range between 0.0% and 0.25%, into negative territory.

This will have to do until we all have 3D printers capable of printing anything instantly.
Amazon Confirms Rollout of One-Hour Delivery Service

(Related) Could Jeff Bezos be planning to “take over” the postal service? Think about it.
Postal workers overwhelmed by flood of Amazon Sunday deliveries
The U.S. Postal Service is straining to keep up with the volume of packages being delivered on Sundays, with some carriers complaining of 12-hour days and weeks without a single day off. The flood of packages can be traced back to Amazon, which kicked off a partnership with the USPS more than a year ago to deliver parcels seven days a week.

Interesting, as I read this as a way to “back into” Big Data analysis. How else would you find the relevant data?
Forget Big Data; Focus on Relevant Data

So more than 60% have to deal with monopolies? There is no logical reason to continue this policy as far as I can see.
Study: Most Americans lack choice in high-speed Internet providers
Less than 4 in 10 Americans have multiple options when choosing a broadband Internet provider offering higher than average speeds, according to a report Tuesday from the Commerce Department.
The report from the department's Economic and Statistics Administration highlights a point Federal Communications Commission Chairman Tom Wheeler has been making for months — there are few options for consumers looking for higher Web speeds.

For my students in the Geek Club.
So You Want To Make iPhone Apps? 6 Projects For Beginners
When you’re trying to pick a programming language to learn, it’s easy to gravitate toward the big ones that developers use to create masterpieces of digital content — things like Java, C++, Ruby, and Python. But there are a lot of programming languages out there (including some very weird ones), and they each excel at different things. Why not try learning Swift, the language that will let you create iPhone and iPad apps? These six projects will walk you through it.
… To get started, you’ll need a Mac with OS X Yosemite or Mavericks, and the latest version of Xcode 6. Beyond that, all you need is some patience and a willingness to learn!

I may use this for some Math handouts next year.
CK-12 Announces the Top Flexbooks of the Year
The CK-12 Foundation's FlexBook tool allows teachers to develop their own multimedia textbooks. Those books can be shared publicly with the CK-12 community.
… If you would like to try developing your own FlexBooks, the tutorials embedded below will help you get started.

No comments: