Saturday, December 27, 2014
The theory du jour.
New theory emerges in Sony hacking suggesting Russian hackers
… Writing samples from hackers claiming responsibility for leaking finance reports and emails by Sony employees suggest the native language was Russian, according to Taia Global, a cyber security consulting group.
“Our preliminary results show that Sony's attackers were most likely Russian, possibly but not likely Korean and definitely not Mandarin Chinese or German,” the Seattle-based company wrote in a Christmas Eve blog post.
… The emails and other online posts were compared to four major languages used by hackers and learned that the majority of the phrasing originated from a Russian speaker.
The New York Time reports 15 out of 20 phrasings translated to English in the emails matched the Russian language. Only nine matched Korean and none matched Mandarin or German.
(Related) Probably many more than would have seen it under normal conditions.
'The Interview' Illegally Downloaded 750,000 Times on Christmas
Pakistan has hackers, perhaps we should turn off everyone's TV?
Pakistani officials upset with 'Homeland'
Pakistani officials are not happy with how the Showtime TV Series “Homeland” portrays the country.
Pakistani diplomats reportedly watched all 12 episodes of season four, which is set in Islamabad showing Claire Danes’ new role in the Central Intelligence Agency after a tumultuous three previous seasons.
… Mostly, officials were upset with how the show shows Pakistani government protecting terrorists.
“Repeated insinuations that an intelligence agency of Pakistan is complicit in protecting the terrorists at the expense of innocent Pakistani civilians is not only absurd but also an insult to the ultimate sacrifices of the thousands of Pakistani security personnel in the war against terrorism,” a source told the paper.
(Related) Denial if everything related to WWII is very common in Japan.
Angelina Jolie's 'Unbroken' stirs resentment in Japan
Nationalists in Japan are denouncing Hollywood filmmaker Angelina Jolie's new movie about an American airman brutalized in Japanese prison camps during World War II as anti-Japanese propaganda and are calling for a boycott of the film and its star director.
Perspective and an interesting infographic. Clearly this will impact data analysis.
2014 Bot Traffic Report
“As Incapsula’s prior annual reports have shown, bots are the Internet’s silent majority. Behind the scenes, billions of these software agents shape our web experience by influencing the way we learn, trade, work, let loose, and interact with each other online. Bots are also often designed for mischief, however. In fact, many of them are used for some kind of malicious activity—including mass-scale hack attacks, DDoS floods, spam schemes, and click-fraud campaigns. For the third year running, Incapsula is publishing our annual Bot Traffic Report—a statistical study examining the typically-transparent flow of bot traffic on the Web. This year we build upon our previous findings to report year-to-year bot traffic trends. We also dig deeper into Incapsula’s database to reveal an even more substantial data sample, providing new insights into bot activity… In 2013, bots accounted for over 60 percent of all traffic flowing through Incapsula-protected domains. This year bot traffic volumes decreased to slightly 56 percent of all web visits—a reversal of the upward trend we’ve observed the past two years, but still the majority of website visitors.” [emphasis added]
I find it interesting that the bank accepted these transactions without question. Apparently their software does not question unusual transactions.
School error takes money from staff bank accounts
Instead of receiving their paychecks via direct deposit on the day after Christmas, Plymouth Public Schools workers awoke Friday to find that the amount they were to be paid had instead been withdrawn from their bank accounts. About 1,300 workers were affected.
Boston.com reports (http://bit.ly/1wsUBhe) Superintendent Dr. Gary E. Maestas sent an email to employees saying the issue was caused by human error.
Pick a slow news day (Christmas eve) and redact everything that looks like a word.
U.S. Spy Agency Reports Improper Surveillance of Americans
The National Security Agency today released reports on intelligence collection that may have violated the law or U.S. policy over more than a decade, including unauthorized surveillance of Americans’ overseas communications.
The NSA, responding to a Freedom of Information Act lawsuit from the American Civil Liberties Union, released a series of required quarterly and annual reports to the President’s Intelligence Oversight Board that cover the period from the fourth quarter of 2001 to the second quarter of 2013.
Every week, free humor.
Hack Education Weekly News
… The US Fifth Circuit Court of Appeals has ruled that a Mississippi school district violated a student’s First Amendment rights when it punished him for a video he posted to Facebook and YouTube (from off-campus).
… Via BoingBoing: “The Appoquinimink, DE school board is contemplating requiring parental permission slips for students who want to check YA novels out of their school library.” [Helping students to gain a love of reading? Bob]
… Massachusetts’ Hopkinton High School principal has banned school dances for fear of “twerking” and “dirty dancing.” [Let them find some place where they can do this unsupervised! Bob]
… Via the Cleveland Scene: “Nearly 500,000 Fewer Americans Will Pass the GED in 2014 After a Major Overhaul to the Test.” The new test, now administered by Pearson and “Common Core-aligned,” costs more (and there are no more free retakes). It must be taken on a computer. You must have a credit card in order to sign up for it. “The numbers are shocking: In the United States, according to the GED Testing Service, 401,388 people earned a GED in 2012, and about 540,000 in 2013. This year, according to the latest numbers obtained by Scene, only about 55,000 have passed nationally. That is a 90-percent drop off from last year.”
I love lists, even year-end lists. I really like lists I can use.
2014 Top 100 Tools for Learning
The 2014 List is shown in the left hand column, follow the links to find our more about each of the tools. The slideset appears below. You can view some of the individual contributions here.
… The annual lists have also become a useful longitudinal study into how the way we learn is changing. Take a look at this year’s analysis or if you are still surprised at the results, read The Web is 25 years old – so how has it changed the way we learn?
Would you market this as sure-fire weight loss technology?
Friday, December 26, 2014
An excellent article. It's a shame no one in the US writes like this any more...
NKorea outage a case study in online uncertainties
North Korea's microscopic corner of the internet has had a rough couple of days, suffering seven outages in 48 hours, according to one web traffic monitor.
… "A large city block in London or New York would have more IP (Internet Protocol) addresses than North Korea,'' said Ofer Gayer, a security researcher at Redwood Shores, California-based Incapsula Inc.
Even on a good day, web watchers see less internet traffic from North Korea than from the Falkland Islands, a North Atlantic archipelago of fewer than 3,000 people, said Gayer. Media companies like Sony easily dwarf the communist country's web presence.
He said that if the network was targeted by a kind of distributed denial-of-service — or DDoS — attack, the list of suspects is endless.
"Any kid that knows how to run a small-sized DDoS amplification attack can do it from his home."
… "This whole incident is a perfect illustration of how technology is equalizing capability,'' Bruce Schneier, a respected security expert, said in a blog post. "In both the original attack against Sony, and this attack against North Korea, we can't tell the difference between a couple of hackers and a government."
You don't have to live in North Korea to hate Sony.
Alleged hackers tweeted smack talk as PlayStation, Xbox users forced offline
A tool for Big Data? (The opposite of those itsy-bitsy smartphone thingies)
Survey of Mainframe Users
BMC Mainframe Survey points to continued reliance on IBM System z – “In October, BMC released their ninth annual mainframe survey, “2014 Annual Mainframe Research Results: Bringing IT to Life Through Digital Transformation”. The survey is widely regarded as a useful insight into today’s IBM mainframe world. Let’s explore some of the findings from the BMC study, by looking at the key talking points.
Future strategy – The study was pretty clear: the mainframe remains part of the long-term business strategy and continues to shape the future of IT, according to 91% of respondents. A growing need for access on the go, 24/7 – for example internet banking – will increase reliance on the mainframe, and raise the demand for Millions of Instructions per Second (MIPS). Usage is expected to continue growing – with 61% of all shops expecting MIPS growth in the next two years, a clear indication of the faith in the mainframe longer-term. This is no surprise. Whether making a credit card payment, getting an insurance quote or booking a holiday, the mainframe provides today, and will continue to provide, ‘mission critical’ processing. The ongoing evolution of the mainframe continues to play an increasingly important role in today’s enterprise IT environments. Most respondents said they take advantage of the mainframe to benefit from updated technology such as mobile and cloud.
A conversation with one of my favorite high school students reminded me that not everyone is aware of Apps like these. Why not?
Math Hero Photo Calculator
Dilbert on “fully immersive” technology.
Thursday, December 25, 2014
Have a Merry and a Happy!
As often seems to happen, there is little news reported when all the reporters are on holiday. Fortunately, I find there is still plenty happening in the fields I monitor.
“We've been hacked!” (No mention of “The Interview”)
Sony says, “Maybe it has something to do with “The Interview”
Hackers say, “It has something to do with The Interview.”
“We're going to pull The Interview.”
“We pulled The Interview because all the theater chains backed out.”
“We'll never release The Interview.”
“We may release The Interview someday”
“We may let Disk Network release The Interview”
“Disk won't release The Interview, we will release it to a few theaters.”
“The Interview available online for free.”
Theater Owner Breaks Silence on Sony's Wild Week: "I Was Irritated"
… Having said on Dec. 17 that it had "no further release plans" for the hot potato of a movie starring Seth Rogen and James Franco, it has now lined up about 300 independent theaters that are opening the movie Christmas Day and has engineered an unprecedented VOD release for a major studio with the help of YouTube, Google Play and Xbox, all of which began offering the movie today. But in doing so, it also has alienated most of the larger chains and even annoyed some of owners of the smaller theaters that, from the first, sprang to the movie's defense.
… The larger theater chains, however, aren't ready to give Sony a pass so quickly. Accusing the studio of "throwing its major exhibition partners under the bus," an executive at one of the nation's major chains said today that the studio "continues to speak out of both sides of their mouth."
North Korea: No ‘physical reaction’ to new film
North Korea says it likely will have no “physical reaction,” just condemnation, to the release of the comedy film “The Interview,” which depicts the assassination of leader Kim Jong Un.
It may be good politically to point the finger at North Korea. (Would this fall under “acts of war” on their insurance?) Could be very embarrassing if a group of high school kids turn out to be responsible. There are doubters...
New Study Adds to Skepticism Among Security Experts That North Korea Was Behind Sony Hack
(Related) ...and some outright non-believers.
No, North Korea Didn’t Hack Sony
Please, let's not start blaming the FBI for failing to contact every Security Manager in the US and ensuring they were doing their job.
Jana Winter reports:
Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm’s reputation, or even spell the end of the company entirely. The FBI also detailed specific guidance for U.S companies to follow to prepare and plan for such an attack.
But the FBI never sent Sony the report.
Read more on The Intercept.
[Here is the report:
For your Security Manager.
Nearly 50 Percent of Organizations Hit With DNS Attack in Last 12 Months: Survey
New research from Vanson Bourne found that more than three quarters of organizations in the United States and U.K. have suffered a domain name system (DNS) attack.
Just less than half (49 percent) of the organizations surveyed said they had experienced such an attack in the past 12 months. The most common DNS threats reported were DDoS (74 percent), DNS exfiltration (46 percent), DNS tunneling (45 percent) and DNS hijacking (33 percent) by those who had suffered an attack.
The research surveyed 300 U.S. and U.K. key IT decision makers in organizations with 1,000+ employees. It covered a variety of verticals including financial services, retail, distribution and transport, IT and manufacturing and production. The study was commissioned by Cloudmark.
A third of the respondents confirmed they had lost confidential customer information. Despite this however, 44 percent of those who found it difficult to justify DNS security investment to their company felt it was because their senior management does not see DNS security as an issue. More than half of the IT decision makers polled (55 percent) cited the theft of private or confidential data as a major concern to their organization.
If I had this at the University, it would really change how I taught my classes! (So, why don't I have it?) Looks like a very small ISP can do it, why not the big boys?
Minneapolis residents to get 10-gigabit fiber, for $400 per month
While most parts of the US have to make do with Internet speeds of less than 100Mbps—in many cases much less than 100Mbps—some residents of Minneapolis will soon have access to a ludicrously fast fiber-to-the-home speed tier: 10 gigabits per second.
The service is offered by US Internet, the company that already provides "a couple thousand" Minneapolis residents with 1Gbps service for $65 per month. The 10Gbps service will be available immediately to existing customers willing to pay the $400-per-month fee, though US Internet expects the number of customers who take them up on the deal to be relatively small. All together, US Internet has "a little over 10,000" fiber-to-the-home customers at different speed tiers, all located on the west side of Interstate 35W.
Wednesday, December 24, 2014
Sony continues their tradition of “screwing up by the numbers.”
‘The Interview’ Release to Deepen Rift Between Sony, Major Exhibitors
It looks like a bitter Christmas for owners of major theatrical chains in the U.S., thanks to Sony Pictures Entertainment’s decision Tuesday for a limited release of “The Interview” in a few hundred independent cinemas — with a VOD release coming soon.
Exhibitors were already angry over last week’s move by Sony to make them the scapegoat for the Dec. 17 cancellation. Several executives told Variety that they only wanted the film’s premiere to be delayed or modified.
… After the movie was pulled from theaters, the major chains expected not to show “The Interview” due to the plans for an imminent VOD release — violating the longstanding policy that major studios wait several months after a movie opens before distributing it on other platforms.
Now that Sony has officially put the movie back in theaters outside the major chains and coupled those plans with what could be a day-and-date VOD release, tensions have been aggravated further.
(Related) Before you rush out to see this movie, read the entire review.
Film Review: ‘The Interview’
North Korea can rest easy: America comes off looking at least as bad as the DPRK in “The Interview,” an alleged satire that’s about as funny as a communist food shortage, and just as protracted. For all its pre-release hullabaloo — including two big thumbs down from Sony hackers the Guardians of Peace — this half-baked burlesque about a couple of cable-news bottom-feeders tasked with assassinating Korean dictator Kim Jong-un won’t bring global diplomacy to its knees, but should feel like a kind of terror attack to any audience with a limited tolerance for anal penetration jokes. Extreme devotees of stars James Franco and Seth Rogen (who also co-directed with Evan Goldberg) may give this Christmas offering a pass, but all others be advised: An evening of cinematic waterboarding awaits.
In contrast to Bruce Schneier's article from yesterday.
The Case for N. Korea’s Role in Sony Hack
There are still many unanswered questions about the recent attack on Sony Pictures Entertainment, such as how the attackers broke in, how long they were inside Sony’s network, whether they had inside help, and how the attackers managed to steal terabytes of data without notice. To date, a sizable number of readers remain unconvinced about the one conclusion that many security experts and the U.S. government now agree upon: That North Korea was to blame. This post examines some compelling evidence from past such attacks that has helped inform that conclusion.
Perhaps some interesting legal questions? How much control over leaked data can a company exercise? (Is there a clear line, beyond which they have no control?) Probably can't ask to have it removed without claiming to own the copyright. Is it a good thing to claim embarrassing emails? Can/should you disavow (embarrassing/racist/petty/stupid/etc.) emails that claim to have been sent from corporate officers?
Sony Pictures is warning Twitter to crack down on people who share documents and emails stolen in the massive hack on the Hollywood studio or else risk legal action.
In a letter on Monday, a lawyer for the beleaguered film studio demanded that Twitter suspend the accounts of people sharing documents stolen in the cyberattack.
“If Twitter does not reply with this request... [Sony Pictures Entertainment] will have no choice but to hold Twitter responsible for any damage or loss arising from such use of dissemination by Twitter,” lawyer David Boies wrote in the letter, which was obtained by The Motherboard and other outlets.
… Twitter’s rules prohibit users from publishing private information such as someone else’s Social Security number or address as well as copyrighted information. It is unclear if images from the hacked emails would qualify under that policy or if Twitter has any legal responsibility to prevent the dissemination of the stolen documents.
Monday's letter is similar to an effort in recent days to prevent major news outlets from reporting on the contents of the studio’s hacked emails and other documents, which was also spearheaded by Boies.
Something for my Computer Security classes. Elegant data visualization.
Ooh, pretty. Look what the folks at Information is Beautiful did with data from DataBreaches.net and the Identity Theft Resource Center: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Internet Monitor 2014: Reflections on the Digital World
“Internet Monitor is delighted to announce the publication of Internet Monitor 2014: Reflections on the Digital World, the project’s second annual report. The report is a collection of roughly three dozen short contributions that highlight and discuss some of the most compelling events and trends in the digitally networked environment over the past year. The publication, intended for a general interest audience, covers a broad range of issues and regions, including an examination of Europe’s “right to be forgotten,” a review of the current state of mobile security, an exploration of a new wave of movements attempting to counter hate speech online, and a speculative fiction story exploring what our increasingly data-driven world might bring. The report focuses on the interplay between technological platforms and policy; growing tensions between protecting personal privacy and using big data for social good; the implications of digital communications tools for public discourse and collective action; and current debates around the future of Internet governance. This year we are especially excited to share our “Year in Review” interactive timeline, which highlights the year’s most fascinating Internet-related news stories, from censorship to Heartbleed to the Pirate Bay raid just last week. We’ve also included a “By the Numbers” section that is slightly tongue-in-cheek and offers a look at the year’s important digital statistics such as the number of tweets per minute in 2014 (up 155,000 from last year) and the number of the top 100 accounts on Twitter that belong to Bollywood stars. The full report, individual chapters, and interactive timeline are available at the Internet Monitor website.”
If Russia tanks, are we looking at a world-wide recession? How does Putin remain popular after leading Russia to the brink of bankruptcy?
Russia Begins A $100 Billion Debt Bailout As Its Bonds Face 'Junk' Rating
Russia has begun bailing out the debt of its private and state-run companies and banks, which is denominated in dollars, according to Reuters.
Banks and companies owe a total of $600 billion in foreign debt, of which $100 billion is due next year.
Standard & Poor’s said there was at least a 50% chance it would cut Russia's status to lower than BBB or "junk" status.The bailout will not help Russia's bond rating, which suffered a blow yesterday when the credit rating agency
I like putting a countdown timer up in the classroom. It helps to create that sense of doom during exams.
Three Handy Timer Tools for Teachers
One tool that can help to prevent the students and me from stretching the "break times" is to use a countdown timer like the three featured below.
You can simply type into Google search "set timer" followed by an amount of time and a countdown timer is displayed. An alarm beeps when time is up. You can make the timer appear full screen without advertisements by clicking a little box icon to the right of the timer. You can see this feature in action in the video below.
Russel Tarr's Classtools Countdown Timer has two slick features. You can create and set multiple timers on the same page. The second feature of note is the option to add music to your timers. You can have your countdown timers set to music. Mission Impossible, The Apprentice, and Countdown are the standard music options. You can add other music by using the YouTube search tool built into the timer . [I use the theme from Jaws Bob]
Online Egg Timer is a simple website offering three countdown timers on one screen. You can set just one timer or run all three at the same time with different settings. No registration is required in order to use Online Egg Timer. Just go to the site, set the countdown timer(s) using the up and down arrows, then click "start timers."
Perhaps I should get a smartphone? I have no idea what these Apps are...
The Most Popular New Ed Tech Service of 2014 According to Readers
Last week I posted a survey asking you to select your favorite new app or website of 2014. After five days of collecting responses I've closed the survey. Kahoot is the most popular new ed tech service amongst the 216 of you that voted.
Kahoot is a slick service for creating and delivering quizzes to your students' tablets, iPads, and laptops. On Kahoot you create a quiz or survey that your students respond to through any device that has a web browser (iPad, Android device, Chromebook). Your Kahoot questions can include pictures and videos. As the teacher you can control the pace of the Kahoot quiz or survey by imposing a time limit for each question. As students answer questions they are awarded points for correct answers and the timeliness of their answers. A scoreboard is displayed on the teacher's screen.
Check this chart to see how Kahoot compares to eight other student response systems.
Definitely worth the time to look through this list and select a few to try.
The Best Windows Software
Tuesday, December 23, 2014
This is clearly not US cyber-retaliation. (My Ethical Hackers say, “Oops!” Because we don't know how to pronounce, “아차.”)
Cyberattack suspected as North Korea experiences complete Internet outage
The Internet in North Korea has gone completely dark.
"We can confirm that a large number of connections have been withdrawn and that North Korea does not currently have access to the web," a spokeswoman for CloudFlare, a California-based Internet company that oversees a global network, told Mashable. But, she said, the company "cannot confirm the source of the North Korean Internet outage."
Connectivity between North Korea and the outside world has been "spotty" for at least the last 24 hours, according to the website North Korea Tech. But The New York Times reports that it has been unstable for days.
A peek into North Korea's Internet
So, North Korea's Internet went down. What is it like anyway?
For most North Koreans, it's nonexistent. There are only 1,024 known IP addresses in the entire country. The Internet is typically reserved for government officials, a few foreign ambassadors and outside assistance groups, according to a North Korean defector-turned-journalist.
By comparison, the United States has 1.5 billion IP addresses.
… Either the North Korean government pulled the plug (like Syria did in 2012). Or its main Chinese telecom provider turned it off. [My bet. Bob] Or a few computer-savvy misfits overloaded North Korea's tiny Internet "tube" with garbage traffic, a relatively simple tactic known as a Distributed Denial of Service attack.
Ditto. Bruce makes many of the points I wish I was able to articulate. As always, it is worth reading what Bruce has to say.
Did North Korea Really Attack Sony?
I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials didn’t believe it.
Clues in the hackers’ attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the “evidence” to suit the narrative they already have worked out in their heads.
In reality, there are several possibilities to consider:
[My personal favorite:
This is the work of hackers who had no idea that there was a North Korean connection to Sony until they read about it in the media. Sony, after all, is a company that hackers have loved to hate for a decade. The most compelling evidence for this scenario is that the explicit North Korean connection—threats about the movie The Interview—were only made by the hackers after the media picked up on the possible links between the film release and the cyberattack. There is still the very real possibility that the hackers are in it just for the lulz, and that this international geopolitical angle simply makes the whole thing funnier.
… Tellingly, the FBI’s press release says that the bureau’s conclusion is only based “in part” on these clues. This leaves open the possibility that the government has classified evidence that North Korea is behind the attack. The NSA has been trying to eavesdrop on North Korea’s government communications since the Korean War, and it’s reasonable to assume that its analysts are in pretty deep. The agency might have intelligence on the planning process for the hack. It might, say, have phone calls discussing the project, weekly PowerPoint status reports, or even Kim Jong Un’s sign-off on the plan.
… Sony also has a vested interest in the hack being the work of North Korea. The company is going to be on the receiving end of a dozen or more lawsuits—from employees, ex-employees, investors, partners, and so on. Harvard Law professor Jonathan Zittrain opined that having this attack characterized as an act of terrorism or war, or the work of a foreign power, might earn the company some degree of immunity from these lawsuits.
Question: It seems “everyone” is suggesting that Sony is the tipping point for “reasonable security” in every organization. Will the next large hacking “victim” be judged like the T J Hooper?
The Sony Hack: A ‘Question of When’ for Other Companies
Listen to the podcast: https://itunes.apple.com/us/podcast/knowledge-wharton/id120724941
The cyberattacks on Sony Pictures in response to a movie that depicts a plot to kill North Korean leader Kim Jong-un should serve as a wake-up call in the digital age for companies that have hitherto been lax on information security.
“That is the major takeaway for companies who are watching this train wreck and breathing a sigh of relief that it wasn’t them,” according to Andrea Matwyshyn, a law professor at Princeton University. The hacking has been a “public relations nightmare,” for Sony, adds Wharton marketing professor Pinar Yildirim, as leaks of internal communications have fractured relationships and cast major Hollywood players in an unflattering light.
Pressure from many players in Hollywood and Washington.
Sources close to the matter tell FBN the potential partnership was derailed Monday, after weekend conversations between the two companies about a possible release. Had the movie run on Dish, tens of millions of Americans could have watched "The Interview" as early as Christmas Day.
… Sources say top Sony executives have been working 24/7 to find a way to release the movie, and that Sony Entertainment CEO Michael Lynton is adamant that the movie air somewhere, somehow.
Sony stands to lose up to $200 million by out-right cancelling "The Interview." The company also faces harsh long-term damage to its reputation if the movie is never released.
For my Computer Security students. Suspicions confirmed! Yet another breach was due to the ability of hackers to search for and identify holes in security faster and more reliably than security managers can. Errors happen. Not confirming that all servers were updated is not an error, it is a management failure.
Morning Agenda: How Hackers Got Into JPMorgan
The giant computer breach at JPMorgan Chase this summer might have been prevented if the bank had installed a simple security fix to an overlooked server in its network, Matthew Goldstein, Nicole Perlroth and Michael Corkery report in DealBook. While JPMorgan spends $250 million a year on computer security, the weak spot in this case was very basic, according to people who have been briefed on internal and outside investigations into the attack.
JPMorgan’s security team had apparently neglected to upgrade one of its network servers with a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. That left the bank vulnerable last spring, after hackers stole the login credentials for a JPMorgan employee. Had the dual password scheme been put in place, the attack could have been stopped when it started.
From the University of Arkansas on Newswise:
Information systems researchers at the University of Arkansas, who studied the effect of two compensation strategies used by Target in reaction to a large-scale data breach that affected more than 70 million customers, have found that overcompensation of affected customers may only raise suspicions rather than satisfy customers’ sense of justice.
The researchers have developed a model that organizations can use to address and respond to large-scale data breaches and manage customer outcomes.
Read more on Newswise.
Okay, this might heat up again. If Russia can afford to keep playing...
Ukraine votes to drop non-aligned status
Ukraine's parliament has voted to drop the country's non-aligned status and work towards Nato membership.
Russian Foreign Minister Sergei Lavrov called the move "counterproductive" and said it would boost tensions.
The BBC's David Stern in Kiev says it is not clear when Ukraine will apply for Nato membership and many officials see it as a distant prospect.
Ukrainian President Petro Poroshenko pledged to seek Nato membership over Russian support for rebels in the east.
Putin has one weapon to protect the rouble — he must use it wisely
On top of his Ukrainian tribulations Vladimir Putin now has to manage a war of attrition with currency speculators. Lack of confidence in the Russian economy has prompted a flight in capital as some investors seek to limit their losses on rouble assets while others actively bet on a continued depreciation of the currency. The president’s battlefield options range from strategic retreat (allowing depreciation) to raising interest rates and selling foreign exchange to imposing controls on capital outflows.
The first three options are close to being exhausted. The rouble has already depreciated by more than seems warranted even by a pessimistic view of Russia’s economic fundamentals. Last week the Central Bank of Russia increased interest rates to 17 per cent, a level where further increases are likely to be self-defeating because of the economic costs they would impose. Finally, Mr Putin indicated in his press conference on Thursday that the country’s international reserves, while still at a comfortable level, should no longer be wasted in market interventions to prop up the national currency.
This leaves capital controls. Would they work for Russia? What can we learn from international experience of the use of capital controls in currency crises?
This is cute!
The Year in Management, Told in 20 Charts
… What smart products do people actually want? Do employees like negative feedback? And what’s the strangest educational background for a member of the Fed (this is my favorite)?
For all my students
The Desmos iPad App Is Here!
Starting today, students, teachers, and math enthusiasts can explore math through Desmos without the need for an internet connection – or an expensive hand-held graphing calculator. The app features many of the familiar elements of desmos.com, but with dozens of built-in examples, an enhanced design, and offline support.
Download the free iPhone app here: https://itunes.apple.com/us/app/desmos-graphing-calculator/id653517540?mt=8
… our Android app works offline and includes all of the features you've come to love: sliders, implicit equations, even regressions.
Download the Android App here: https://play.google.com/store/apps/details?id=com.desmos.calculator&hl=en
This one is for me – so my students aren't singing “La la la, something something”
Google is making the process of singing along to your favorite songs easier. The search engine will now provide users in North America with full lyrics for songs above their search results — assuming the lyrics are recorded in the Google Play store. Append "lyrics" onto the song name of your choice and Google will present a chunk of the words to your selection, directing you to see the full lyrics on the tune's Google Play store page.
Monday, December 22, 2014
Ah! It is possible to exasperate China.
When a retired Chinese general with impeccable Communist Party credentials recently wrote a scathing account of North Korea as a recalcitrant ally headed for collapse and unworthy of support, he exposed a roiling debate in China about how to deal with the country’s young leader, Kim Jong-un.
… “China has cleaned up the D.P.R.K.'s mess too many times,” General Wang wrote in The Global Times, using the initials of North Korea’s formal name, the Democratic People’s Republic of Korea. “But it doesn’t have to do that in the future.”
Of the government in North Korea, he said: “If an administration isn’t supported by the people, ‘collapse’ is just a matter of time.” Moreover, North Korea had violated the spirit of the mutual defense treaty with China, he said, by failing to consult China on its nuclear weapons program, which has created instability in Northeast Asia.
(Related) They probably would have skipped this anyway.
North Korea skipping UN Security Council meeting
… Instead of a showdown, North Korea says it will not attend Monday's meeting. It accuses the United States and its allies of using the human rights issue as a weapon to overthrow the leadership of the impoverished but nuclear-armed nation. It also calls the dozens of people who fled the North and aided the commission of inquiry "human scum."
(Related) Inevitable, as long as the public (voters) remain interested.
… “Congress should to schedule hearings for the American people to learn if other countries assisted North Korea in this attack, see what series of events led theater owners to self-censor, and to know the full threat of cyber warfare that is facing us,” Kirk said in a statement.
The perfect stocking stuffer?
Kim Jong Un game spoof 'Glorious Leader!' moving forward
The creator of a satirical video game that depicts Kim Jong Un as a gun-toting, unicorn-riding hero has no plans to cancel his zany creation following a cyberattack and threats of violence against Sony Pictures that the FBI has attributed to North Korea.
In fact, "Glorious Leader!" creator Jeff Miller is now more motivated than ever to finish his game.
… The retro-style, run-and-gun game comically puts players in the shoes of a super-powered Kim Jong Un as he battles waves of American drones and soldiers with weapons like a machine gun and bazooka. Miller is planning levels set in such locations as the streets of Pyongyang and atop Paektu Mountain. He's now planning another on the Sony Pictures backlot.
"We want the game to be a topical as possible," said Miller, adding he hasn't received any threats from North Korea or hackers and isn't afraid of any backlash because the game makes Kim Jong Un "look totally awesome."
It looks like the reaction to the Sony breach is mutating. Has the government ever “moved” against hackers, other than issuing arrest warrants?
President Obama should move have moved swiftly against North Korea following a cyberattack on Sony Pictures that has cost the company tens of millions of dollars and caused it to pull its controversial comedy, “The Interview,” House Intelligence Committee Chairman Mike Rogers (R-Mich.) said Sunday.
(Related) What do they know that we don't know? Is this reality or rhetoric?
Sen. John McCain (R-Ariz.) on Sunday rejected President Obama’s description of North Korea’s hacking of Sony Pictures Entertainment as “cyber vandalism,” saying the attack was “a new form of warfare.”
“I think, again, the president does not understand this is a manifestation of a new form of warfare,” McCain told CNN’s “State of the Union.” “When you destroy economies, [Huh? Bob] when you are able to impose censorship on the world — and especially the United States of America — it’s more than vandalism, it’s a new form of warfare that we’re involved in, and we need to react and react vigorously.”
These are most likely people who made their money before or in spite of Putin. If they stay, they risk having their wealth confiscated to plug holes in the Russian economy. (If they are Putin's pals, then Russia is closer to collapse than I thought.)
Super-Rich Russians Are Fleeing To The UK In Record Numbers
According to Home Office statistics, the number of Russians granted fast-track visas — given to those who will invest at least £2 million ($3.1 million) in the UK — jumped by 69% in 2014, compared with the previous year, The Sunday Times first reported.
… The Times notes a dramatic uptick in visa applications after March, when the first round of western sanctions were placed on Russia over its military action in Ukraine. The ruble's slide and falling oil prices are also to blame for the flight out of Russia.
Under the terms of Britain's Tier 1 Investor visa, recipients can stay for a maximum of 3 years and 4 months with an investment of £2 million or more in UK government bonds or UK-registered companies.
(Related) How bad is it?
Russian ruble's fall: A classic 'currency collapse'
… The fall of the ruble has been swift and devastating. Carl Weinberg, chief economist at High Frequency Economics, referred to the currency’s plummet as “an unrecoverable spiral” in a note to clients on Tuesday. He argues that what we are seeing now is a classic “currency collapse,” brought on by both economic factors like sanctions and falling oil prices as well as financial factors like the Russian central bank printing money to help state-owned oil company Rosneft cover its debt denominated in foreign currencies.
What makes the situation in Russia that much worse is that the nation’s companies, both private and state-owned, hold $670 billion in debt denominated in foreign currencies. This debt is about one-third the size of the entire Russian economy, and it will become impossible for Russian companies to service it if the ruble continues to fall.
… The question now is whether the economic pain will convince Russia to back down, or double down, in Eastern Europe. Weinberg, for one, worries that Putin will instruct Russian companies to renege on their foreign obligations. This could spell bad news for banks and investors across Europe and the U.S. that have loaned money to Russian companies, and it could allow Russia’s financial instability to infect other emerging markets and the already shaky E.U. economy.
For all my students. Take the time to look at these tools!
The Best Firefox Addons
Contrary to your expectations, I do read these articles, especially the ones written by actual bloggers. I just don't follow any of the suggestions.
How to Write a Successful Blog
In 2004, I left the corporate world and started this tech and how-to blog called Digital Inspiration. I have been blogging for more than 10 years now and lot of things have changed in these years.