Saturday, December 13, 2014
When I see the word “glitch” with no details, I tend to think “Hack.”
Britain's Heathrow Airport recovers after flight chaos
Heathrow Airport cancelled 38 flights on Saturday as it recovered from a computer glitch that wreaked havoc with the London airport system, the world's busiest hub.
… Computer failure the state-of-the-art £700-million ($1-billion, 880-million-euro) Swanwick control centre near Portsmouth on the southern English coast briefly shut down Britain's skies on Friday.
… British media reported that there had been a "radar display issue".[UK papers said there was no problem with radar. Bob] Hundreds of flights in Britain and Ireland were delayed or cancelled last year due to a similar problem.
For my Ethical Hackers. See? Just like you learn in class! Definitely worth a read.
Ryan Gallagher reports:
When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies.
It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data.
Read more on The Intercept.
[From the article:
And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.” [Why do serious hacking with trivial tools? Bob]
Lawyers were looking to sue everyone when Y2K caused computers to die. Perhaps they should dig out those plans and point them to vendors who can't read a calendar?
‘Security by Antiquity’ Bricks Payment Terminals
Last week, several thousand credit card payment terminals at various retailers across the country suddenly stopped working, their LCD displays showing blank screens instead of numbers and letters. Puzzled merchants began to worry that this was perhaps part of some sophisticated hacker attack on their cash registers. It turns out that the incident was indeed security-related, but for once it had nothing to do with cyber thieves.
On Dec. 7, 2014, certain older model payment terminals made by Hypercom stopped working due to the expiration of a cryptographic certificate used in the devices, according to Scottsdale, Ariz.-based Equinox Payments, the company that owns the Hypercom brand.
“The security mechanism was triggered by the rollover of the date and not by any attack on or breach of the terminal,” said Stuart Taylor, vice president of payment solutions at Equinox. “The certificate was created in 2004 with a 10 year expiry date.”
Taylor said Equinox is now working with customers, distributors and channel partners to replace the certificate to return terminals to an operational state. The company is pointing affected customers who still need assistance to this certificate expiry help page. [Not really a help page. More like a “We have no idea which customers we screwed” page. Bob]
Interesting. Too bad we can't apply this principle elsewhere.
The ultimate revenge on a bank
A couple who got more than 700 collection calls from Bank of America over four years will now do a little collecting of their own — to the tune of more than $1.2 million.
… The Coniglios said the bank badgered them after they had fallen behind on their house payments, local station WTSP reported.
The calls didn’t stop even after the Coniglios told the bank that they had hired a lawyer.
The Coniglios sued under the Telephone Consumer Protection Act. A federal judge in Tampa awarded them just over $1.2 million, the report said. The bank’s expense was $606 per call, but the damages were tripled.
“The borrowers, the people who own those phones, you do have a right to privacy. And when they say to stop, you have to stop,” said the Coniglios’ lawyer, David Mitchell.
When marketing the phone, mention the encryption, don't mention the backdoor.
Joshua Brustein reports:
Verizon is the latest big company to enter the post-Snowden market for secure communication, and it’s doing so with an encryption standard that comes with a way for law enforcement to access ostensibly secure phone conversations.
Verizon Voice Cypher, the product introduced on Thursday with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app.
Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so.
Read more on Bloomberg Businessweek.
So it’s not really secure. Okay, thanks for the warning and I suspect most readers of PogoWasRight.org won’t use Voice Cypher.
Of course they did. They're lawyers! (You mean HIPAA doesn't protect medical records from police/government data gathering?)
Jonathan Mayer writes:
Earlier this week, the Ninth Circuit heard oral arguments in a challenge to the NSA’s phone metadata program. While watching, I noticed some quite misleading legal claims by the government’s counsel. I then reviewed last month’s oral arguments in the D.C. Circuit, and I spotted a similar assertion.
In both cases, the government attorney waved away constitutional concerns about medical and financial records. Congress, he suggested, has already stepped in to protect those files.
With respect to ordinary law enforcement investigations, that’s only slightly true. And with respect to national security investigations, that’s really not right.
Read more on TechDirt.
Because lawyers never have to face questions like this in the real world?
UCLA law professor learns Ferguson-related exam question taboo
… Professor Robert Goldstein said the exam question was designed to test students’ ability to analyze the line between free speech and inciting violence. It cited a report about how Michael Brown’s stepfather, Louis Head, shouted, “Burn this bitch down!” after a grand jury decided not to indict Ferguson Police Officer Darren Wilson in the death of Michael Brown.
The question then asked students to imagine that they are lawyers in the St. Louis County Attorney’s office and had been asked to advise the prosecutor “whether to seek an indictment against Head” for inciting violence. The exam reads:
“[As] a recent hire in the office, you are asked to write a memo discussing the relevant First Amendment issues in such a prosecution. Write the memo.”
Because it ain't over yet.
A Look Back At How The Ukraine Crisis Erupted And What To Expect In 2015
… To date, over 5000 people have been killed in the conflict in Eastern Ukraine, with many more wounded and more than half a million displaced. The Russian economy is in shambles, crippled by western sanctions and a precipitous drop in the price of oil, its main source of hard currency. The ruble has lost nearly half its value, more than at any time since the 1998 crisis.
Yet still Putin remains defiant, giving jingoistic speeches, launching clandestine political operations in Europe and unleashing an army of Internet trolls on western media outlets. His approval ratings among the Russian public hover over 80%.
1. Putin will not be deterred: There is little indication that Putin is a rational actor. If anything, he seems to be motivated by a bizarre Eurasian philosophy, which is part revisionist history, part nationalism and part cultural mysticism.
2. Everyday, old Soviets die and new Ukrainians are born: During the Orange Revolution in 2004, people in their twenties had no memory of, nor nostalgia for, the Soviet Union. Now, it’s people in their 30’s. The trend is clear. As time passes Ukraine becomes more European and less Russian.
3. Energy prices are likely to go down, not up: The speed of the fall in the price of oil took nearly everyone by surprise, but the direction has been clear for some time. Even when I wrote the original article this past spring and the price of oil was over $100, Citigroup was predicting $90 oil and Barron’s thought it could go to $75.
Now the price for Russian oil has dropped to the low $60 range, more than a 40% decline since the summer.
YouTube lets users create animated GIFs
… A new tool quietly added by YouTube allows viewers to select an excerpt of up to six seconds from a video to turn it into an animated GIF, which can then be shared through a direct download link or embedded on any website through code.
For the time being, the feature is available only on a limited selection of videos, including all of the ones published by PBS Idea Channel. Users simply select the Share menu under the title and then click GIF.
Amazing stuff happens every week!
… LAUSD is lawyering up in response to the federal grand jury investigation into the procurement process for all those iPads. Meanwhile, the district might not be ready for assessments due to a “lag” in distributing new devices. And the district says it needs $11 million more to fix its broken student information system. [The cover story for this month's “Incompetent Management Magazine?” Bob]
… Video games as college sports. [No stadium, no scholarships, sounds cheap to me. Bob]
… Congratulations Maggie Simpson and Edna Krabappel for having your research papers accepted into two scientific journals.
… “The Cost of Juvenile Incarceration” – New York State spends $352,663 a year per offender. By comparison, the state spends $19,552 a year per student.
A very useful collection of software you can run from a thumb drive.
The Best Portable Apps
A portable app is a “lite” version of a software, which can be run without being installed on the host computer, and which doesn’t modify the computer’s configuration information. In other words, you can run it, and use it, and no-one will ever know you were there.
Apart from being more flexible and secure when working on public computers, another good use for portable apps is to keep your number of installed apps to an absolute minimum. Installed programs take up space and can cause a computer to run slower, so the less you have installed the better. My personal policy is that I never install something if there is a portable version available.
(Related) Points to the collection above and four more...
5 Websites For Every Portable Application On The Web
How to mess with your boss...