Tuesday, February 17, 2015

For my Ethical Hackers. Grab a copy and let's see how good it is. Because you know copies will leak.
Anthony Cuthbertson reports:
A search engine more powerful than Google has been developed by the US Defence Advanced Research Projects Agency (DARPA), capable of finding results within dark web networks such as Tor.
The Memex project was ostensibly developed for uncovering sex-trafficking rings, however the platform can be used by law enforcement agencies to uncover all kinds of illegal activity taking place on the dark web, leading to concerns surrounding internet privacy.
Read more on IBT.
[From DARPA:
The Broad Agency Announcement (BAA) for Memex is available at http://go.usa.gov/BBc5. To familiarize potential participants with the technical objectives of Memex, DARPA has scheduled a Proposers' Day on Tuesday, February 18, 2014, in Arlington, Va. For details, visit http://www.sa-meetings.com/memex. Registration closes on February 13, 2014, at 5 p.m. ET. There will be no on-site registration.

Imagine that, a spy agency that actually does its job! (On the other hand, the FBI can prove it was North Korea.)
Kaspersky fingers NSA-style Equation Group for hard drive backdoor epidemic
Russian security firm Kaspersky has exposed what looks like evidence of backdoor surveillance by the US National Security Agency (NSA)
Kaspersky researchers claim to have uncovered one of the biggest, if not the biggest, threat actor that it has seen in two decades.
The security firm has dubbed this outfit the Equation Group, and its toolbox 'the Death Star of the Malware Galaxy', and explained that the tools of its trade have hallmarks and themes similar to those of Stuxnet.
… Two of these trojans, or modules, can be found deeply inserted in as many as a dozen different makes of hard drive that are sold and shipped to international waters.
The malware is so deeply inserted into the firmware that it can survive wipes, and "resurrect" itself indefinitely. Additional 'implants' add to the mix and can grab and store encrypted passwords, for example.

I love easy to remember slogans.
Shamoil T. Shipchandler of Bracewell & Giuliani LLP has a great commentary about how our country is doing on cybersecurity and privacy. It begins:
When it comes right down to it, we are about as bad at cybersecurity as Twitter’s CFO is at Twitter or North Korea is at coming up with new political slogans to commemorate its 70th anniversary.
… The whole column is worth reading on The National Law Review. I think he’s really hit on a great metaphor for us:
As a prosecutor in a securities fraud case, I once had a witness testify that the bad guy treated him and his fellow investors like “mushrooms,” i.e., he “kept them in the dark and fed them manure.” Okay, he didn’t actually say “manure,” but this is a family blog (if only for kids with insomnia). But we are all mushrooms when it comes to data privacy. Think about it. Do you think about how your information is protected when you swipe your credit card? Do you know how your doctor’s office secures your personal health history? Or are you in the dark?
So maybe “a country of mushrooms” isn’t the worst slogan in the world, if it helps us pay attention to the privacy that we cede and the cyber threats that we ignore.

(Related) For my Security Management students. I hope they come out with more than a 6 page PDF.
Embedding a ‘Culture of Security’ Is the Best Defense
Increased connectivity and data use have greatly heightened the risk of a major security breach. But on top of the requisite technological protections, one of the best security defenses organizations can have is a “culture of security,” says Robert Coles, chief information security officer at GlaxoSmithKline.

Get the young ones used to being spied on, it make things easier when they become adults.
Quadcopter Malware Proves Connected Toys Are A Security Risk
Like a subgroup of the Internet of Things, connected toys are the new generation of children’s toys – often using Wi-Fi and an iOS or Android-based remote control to manage and manipulate a car, quadcopter, or Lego robot.
We’ve recently learned that malware has been introduced to a quadcopter toy, a revelation that has left security-conscious parents concerned. If it can happen with one toy, what’s to say it couldn’t happen with another?
And if this was to be repeated with one or more toys, what might the results be?
… Rahul Sasi has created a demonstration of his drone malware, Maldrone, a proof-of-concept that highlights just how poor security in this area actually is.

The future of “In Home” security risks.
“Hello! This is Siri calling. Your home is being robbed. Would you like to watch via your home security cameras? Oops, too late. They just went in the bag.”
Future Proofing Your Smart Home for Apple HomeKit Compatibility
As the smart home scene has geared up, everyone has been waiting to see what Apple’s HomeKit will bring to the table—and we finally got a look at it during this year’s Consumer Electronics Show. Here are some of the most exciting products that we’ve seen, and some advice on making sure you can use HomeKit with as many devices as possible.

Marketing has finally realized that their customers value their privacy? “Then we can make them pay for it!”
AT&T Brings 1Gbps Internet To Kansas City, Charges $29 Extra If You Don’t Want To Be Tracked
Google Fiber launched in Kansas City, Missouri in September 2012, and now AT&T is looking to creep in and compete toe-to-toe with its own ultra high-speed fiber network.
The $70 price that AT&T’s quotes for standalone Internet service is comes with an added “bonus” — user tracking. That’s right; AT&T will track all of your Internet activity so that it can deliver targeted ads to your devices. The fine print in AT&T’s documentation on GigaPower Internet Preferences states:
When you select AT&T Internet Preferences, we can offer you our best pricing on GigaPower because you let us use your individual Web browsing information, like the search terms you enter and the web pages you visit, to tailor ads and offers to your interests.

Tell 'em what they want to hear and they will go home and declare victory!”
Ukraine crisis: Battle rages for Debaltseve despite truce
Rebels say they have taken most of Debaltseve, a transport hub, but the government says it is still in control.
International observers tasked with monitoring the ceasefire have been unable to enter the town.
Earlier, both sides failed to begin withdrawing heavy weapons, despite a Monday deadline agreed in the truce.

For my students. Could be useful.
Edit the Text and Images of your PDF file in the Browser
If you need to make changes in an existing PDF file, you need to get hold of the original document that was used to create the PDF, make the edits in the source document and export it as a PDF again. This is the best option since the document’s layout and formatting will be preserved in the new PDF file and you don’t even need an external PDF editor like Adobe Acrobat.
However, if you do not have access to the source document, you can still edit your PDF files in the browser using the free Word app. It may not be able to handle PDF files with complex layouts, or PDFs that are mostly comprised of charts and images but for text based PDF, Word is a probably a good options for fixing typos or manipulating text and images in PDFs.

(Related) More tools for students.
9 Must Have Modern Apps For Viewing, Editing & Managing Documents

What will we lose? No one will be able to read the Declaration of Independence in the original? Will we really trade Cursive for a “more useful” skill or will we just teach less over all?
Cursive Writing Is Obsolete; Schools Should Teach Programming Instead [Opinion]
Cursive writing is an anachronism. Spending any classroom time on it is comparable to teaching how to use an abacus: it’s interesting as a history lesson, and probably offers some side benefits, but it is not at all practical as a day-to-day skill in the modern, connected world.

For my wino friends. I should have thought of this one. If nothing else, talking about crowdsourcing while tasting their wine would have made for an interesting day.
Entrepreneur Creates Crowdsourcing Model for Wine
… Gormley launched NakedWines.com in 2008 after losing his job. With the tough economy, he and his partners created a much needed service for one struggling industry. They came up with a unique crowdsourcing model for wines.
… Here’s how it works. Wine buyers can sign up on the site as “Angels.” Angels invest $40 a month. That money goes into their “piggy banks” so that they can use it on future wine orders. But by paying that money up front each month, it allows NakedWines.com to invest in local wineries.
Then those local wineries can offer their wines on the site at a discounted price, usually about 40 to 60 percent of normal retail prices.

For my new students. It's amazing how many don't know most of these commands.
Windows Shortcuts 101 – The Ultimate Keyboard Shortcut Guide

Dilbert on North Korea? Or perhaps on the President's reliance on the FBI?

No comments: