Monday, January 05, 2015

Bruce (once again) raises some interesting questions. I doubt politicians care about the answers.
We Still Don't Know Who Hacked Sony
Welcome to a world where it's impossible to tell the difference between random hackers and national governments.
If anything should disturb you about the Sony hacking incidents and subsequent denial-of-service attack against North Korea, it’s that we still don’t know who’s behind any of it. The FBI said in December that North Korea attacked Sony. I and others have serious doubts. There’s countervailing evidence to suggest that the culprit may have been a Sony insider or perhaps Russian nationals.
No one has admitted taking down North Korea’s Internet. It could have been an act of retaliation by the U.S. government, but it could just as well have been an ordinary DDoS attack. The follow-on attack against Sony PlayStation definitely seems to be the work of hackers unaffiliated with a government.
… When it’s possible to identify the origins of cyberattacks—like forensic experts were able to do with many of the Chinese attacks against U.S. networks—it’s as a result of months of detailed analysis and investigation. That kind of time frame doesn’t help at the moment of attack, when you have to decide within milliseconds how your network is going to react and within days how your country is going to react. This, in part, explains the relative disarray within the Obama administration over what to do about North Korea. Officials in the U.S. government and international institutions simply don’t have the legal or even the conceptual framework to deal with these types of scenarios.
… It’s a strange future we live in when we can’t tell the difference between random hackers and major governments, or when those same random hackers can credibly threaten international military organizations.

Do they all have lousy security?
There’s someone else I need to follow, as he/they seems to be hacking a number of universities and colleges.
In a post on Pastebin yesterday, @MarxistAttorney (web site) claimed a number of hacks, including, California State University, University of Kentucky, University of Connecticut, University of Maryland, Coastal Carolina University, and Abertay University.
For each entity, there is a data dump for proof of claim; other data dumps are linked from his web site. is not linking to the individual data dumps, but has reached out to each of the universities mentioned above to ask them if they will confirm or deny that they have been hacked and that those are their data. The University of Kentucky has already acknowledged our inquiry and states that they are investigating the claimed hack.
This post will be updated as more information or responses become available, but in a quick attempt to verify the claims, found that one of the data dumps that had been labeled California State University had originally been posted elsewhere as a hack of the San Diego Zoo with attribution to “Paw Security(@PawSecReturns) #Op4Pawz.”
Google searches of strings in some other dumps did not locate any duplicates or previous postings.
Does “Attorney” have a gripe against U. of Maryland that contributed to it being targeted? Perhaps, as this tweet suggests:
You should've accepted me into your university #Carbonic @UofMaryland
Update: In response to this site’s inquiry, “Attorney” emailed the following statement and posted a copy of it on Pastebin:
Greetz to @TeamCarbonic.
I targeted universities for the sole pleasure of the “lulz” that came out of this. It is true, I have thousands upon thousands of logins, employee ids, and various other sensitive information regarding the universities. What I intend to do with this data is publicize it to undermine the idiots at the IT Team.
Apart from an initial response from U. of Kentucky saying that they were looking into things, has received no responses yet to the inquiries it sent to the universities asking them to confirm or deny they were hacked.
This might be a good time to remind everyone that no federal agency has really taken any point or serious interest in investigating data breaches in the education sector. The FTC claims it does not have authority over non-profits under Section 5 of the FTC Act. They have not responded substantively to this blogger’s analysis and EPIC’s analysis that the FTC does have authority under the Safeguards Rule if financial information is involved.

The “Internet of Things” facilitates yet another surveillance tool that car owners might like? As “Things” get “smarter” you will find your life “guided” by software.
GM uses OnStar 4G LTE – not a crystal ball – to predict breakdowns before they happen
… Here’s how GM describes the system: “Data is sent to OnStar’s secure servers and proprietary algorithms are applied to assess whether certain conditions could impact vehicle performance. When indicated, notifications are sent to the customer via email, text message, in-vehicle alerts or through the OnStar RemoteLink smartphone app.”
… Essentially, this means GM has figured out what symptoms various components demonstrate before they fail and has its servers watching out for them. When they’re detected, you’re notified before the battery, starter, or fuel pump kick the bucket.
Though the system will only work on those three components and on those specific vehicles at first, GM will be rolling the prognostic capabilities into its full 2016 line throughout the year.

(Related) We're becoming more “thingie” (thingy?)
International CES: The Internet of Things Takes Center Stage
… The new devices at the event, which opens to the news media on Monday and to the public on Tuesday, will include a Wi-Fi-connected ceiling fan controlled by a Nest Learning Thermostat, and automated door locks, light switches and LED bulbs. Under Armour, the sports apparel company that has experimented with smart sports clothing, will exhibit at CES, as will the Girl Scouts of America, which is introducing a new digital app.
… In some cases, companies have joined in head-scratching collaborations, building devices that do not show an obvious need for an Internet connection, but that may find consumer interest anyway. For example, two separate wristbands on display — the Reemo and the Myo — will let their wearers control video games, phones and connected devices in the home using arm waves and gestures.
Other devices are targeting a niche consumer base. Tagg’s GPS-enabled pet trackers can report your pet’s location and the temperature there. Connected workout clothing from Hexoskin will let trainers monitor athletes from afar — even from different countries.

The new Madison Avenue? Do you have at least X followers on social media? Is it possible you like/use/need our product? Let us pay you ridiculous amounts of money to keep doing what you are doing but with our ads pasted on top.
Lady Gaga Has Turned Her Instagram Selfies Into Ads For A Japanese Beauty Brand
Lady Gaga has taken 50 selfies that will act as the centerpiece for the Japanese beauty brand Shiseido's ad campaign during one of Japan's busiest shopping periods.
The pop star, infamous for her Instagram selfies, has become the face — and the photographer — of Shiseido’s 2015 New Year’s campaign, according to WWD.
A Lady Gaga Shiseido ad appeared in numerous Japanese national and regional newspapers over the New Year's period. Forty-six were published on New Year's Day, with the remaining four pushed out Friday.
… Making the activity all the more interesting is that Gaga has failed to mention the selfies are part of a marketing push, or any affiliation with Shiseido. If anyone were to complain about the lack of signposting, Gaga and Shiseido could incur the wrath of advertising regulators.

Google Was Asked To Delete 345 Million Links In 2014 Over Copyright Infringement
Google is getting asked to remove more and more links over copyright issues, with requests up 75% year-over-year.
Torrent Freak has compiled all of Google's weekly transparency reports into one study that looks at the whole of 2014.
… It's important to note that Google isn't hosting the copyright-infringing material. Rather, publishers are asking Google to remove search links to that material.
Copyright holders contact Google and ask the company to hide links to websites containing content posted illegally. The biggest sites that rights holders complained about in 2014 were 4shared, Rapidgator, and Uploaded, all well-known places to illegally download music and movies.

Where to put your advertising dollars? If you rely on this infographic, you're doing it all wrong!
Want To Buy Some Ads? Should You Go Facebook or Google?
You’ll need to make this decision based on the needs of your business, but we’ve found a handy infographic that breaks down some key differences between the two. It will push you in the right direction and help you make an educated decision.
Via Wishpond

One for the toolkit.
Jing - A free tool to capture Images & Video
I have long been a fan of Jing, TechSmith’s free screen capture software. It’s a fast and easy way to grab a quick screenshot or record a video on the fly. Recently, TechSmith upgraded Jing to include a FREE membership to; you now get 2GB of free storage and 2GB of bandwidth per month. allows you to safely upload and store video as well as images, to control who views your content, to download media in a variety of formats, and to share content in a myriad of ways.
After downloading and installing Jing (available for Mac and PC), create your free account.

No comments: