Wednesday, February 04, 2015
This can't be true. The FBI concluded that North Korea was the culprit (it made sense from a movie promotion point of view) and the President claimed “secret intelligence” that confirmed it. Don't bother us with facts to the contrary!
Russian Hackers Breached Sony's Network: Report
A group of Russian hackers had — and possibly still has — unauthorized access to the network of Sony Pictures Entertainment, according to a report published on Wednesday by Taia Global.
The Russian team allegedly breached the entertainment company’s network by sending spear phishing emails containing a remote access Trojan (RAT) to Sony employees in India, Russia and other Asian countries. Once they had access to the computers of these employees, the attackers leveraged advanced pivoting techniques to make their way to Sony’s network in Culver City, California, the report said.
… Yama Tough claims to have been in contact with a member of a Russian group that has had access to Sony’s network since last fall and until at least late January 2015. The unnamed Russian blackhat, who is said to have worked occasionally with Russia’s Federal Security Service (FSB), provided Yama Tough with a large number of files allegedly stolen from Sony, the report said.
Yama Tough sent some of the files to Taia Global, including seven Microsoft Excel spreadsheets, five of which are dated from November 30 through December 10, and six emails, two of which are dated January 14 and January 23. Taia Global says the information is not included in the previously dumped Sony files, and the company has received confirmation regarding the authenticity of one of the documents from its author.
… North Korea denied any involvement in the attack and many experts questioned the findings of US authorities, especially since they haven’t provided any concrete evidence to back their claims.
In late December, Taia Global conducted a linguistic analysis of the messages written by GOP and concluded that the hackers were most likely Russian, not Korean.
If Taia Global’s reports are accurate, it’s possible that Sony was breached not by North Koreans, but by a Russian group. Another possibility, according to the company, is that Sony’s network was penetrated simultaneously by both Russian and North Korean threat actors.
… The attack launched against Sony by a Russian group will be discussed today by Taia Global President Jeffrey Carr in a 25 minute talk at the Suits and Spooks security conference in Washington, DC.
Not untypical, I'm afraid. Note that this has moved from a small breach hardly worth posting to my blog, to a Very Significant “Go away boy, stop bothering us.” The longer it takes them to take some visible action, the worse they will look when their victims start the lawsuits. Can't they see that?
On January 24, this blog reported that Carbonic had claimed to have hacked the University of Chicago. The U. of Chicago never responded to a notification and inquiry this blog sent via e-mail on January 22nd.
Yesterday, SLC Security reported that the university is still leaking information and is still vulnerable:
During a recent receive (sic) of some incidents being covered by databreaches.net I was able to do some additional research and confirm that even as recent as an hour ago that information is still being offered in the underground community. In addition server IP addresses owned by the organization are attacking other colleges and universities in the US and elsewhere.
Well, that’s not good. DataBreaches.net will send a second notification to U. of Chicago and hope that this time, they respond and take action to address any compromises they may have been – or may still be – experiencing. If I get a response from them, I will update this post.
SLC Security also notes that both the Illinois Institute of Technology and Northwestern University are also compromised, although I haven’t found anything through routine searches about their situations, other than Northwestern being reportedly hacked on January 20 by @AnonGhost (mirror of defacement here).
Update: I received the following email from the U. of Chicago’s Associate Vice President for Safety, Security and Civic Affairs & Chief of Police:
Both of your messages have been received and shared with our information technology services staff. Thank you for your concern.
Well, that doesn’t answer my question about what they’re actually doing and why the site is reportedly still leaking information, but at least we now know that they got my notifications.
(Related) Too common.
SLC Security reports that they are
seeing indicators that this entity has been breached for over a month and does not realize it. It appears as though their infrastructure is being used to launch farther attacks on other educational institutions.
They also appear on Emerging Threats for malicious activity since at lease the 11th of December, 2014. You would think these large organizations would do something to get themselves off the blacklist but as of today we are still detecting malicious activity.
Food for thought.
Web-Borne Malware Breaches Cost $3.2M to Remediate: Survey
A new survey from the Ponemon Institute calls web-borne malware not only a growing threat to enterprise data security, but a costly one.
According to the report, which surveyed 645 IT pros and IT security practitioners and was sponsored by security firm Spike Security, web-borne malware attacks cost the organizations in the survey an average of $3.2 million to remediate. The organizations surveyed had an average of 14,000 employees.
… While all of the companies surveyed utilized a multilayered, defense-in-depth approach, they still dealt with an average of 51 security breaches during the past year tied to the failure of malware detection technology. According to the findings, the cost to respond to and remediate a single breach resulting from these detection failures was roughly $62,000 per incident.
… "What many organizations forget is that the browser is the only application that is permitted to download and execute code from a 3rd party location -- any external web site. Every time you allow unknown code into your network, you put yourself and your business at risk. This is why browser isolation outside the network is so important. It is the only way to prevent this problem."
I get the impression that even the Kim Dotcom haters are shocked by this ruling. They seem to think New Zealand just did whatever the US asked without bothering to consider the consequences.
Our Supreme Court has handed down a chilling ruling about the state's right to invade individual privacy - particularly when it's contained, as it is so often these days, on computers or mobile phones.
… The case was at the heart of our Supreme Court ruling which found, four to one, that the authority to ransack Kim Dotcom's Coatesville home on 20 January 2012 was perfectly legal. It was a ruling that excused shoddy police work and shoddy court work - a ruling that said warrants sanctioned by the court can be scant and meaningless and they are still OK. It established everyone's home is not their castle, even if your home looks more like a castle than others.
… In other words that they can't be general in nature and worded to allow police to freely rummage about and seize whatever they like. Yet that's exactly what happened in the Coatesville raid when police took away a staggering 150 terabytes of data, accessed through more than 135 computers and electronic devices.
They even took away the system that opened and closed the mansion's doors. "It is now acknowledged that a substantial amount of this data, perhaps as much as 40 per cent, was irrelevant to the offences charged. Some of it was personal and private," says Elias in her judgement.
The deeply concerning issue here is that while elsewhere in the world Supreme Courts are recognising computers and mobile phones are containers of individual lives and souls, our Supreme Court seems oblivious to the fact. It found that the warrant allowing holus-bolus searching of Dotcom's vast collection of computers and other devices with no provision for sorting out what was irrelevant or private was perfectly OK.
The court saw no miscarriage of justice despite Dotcom being unable to get access his seized information for more than two years. Not to mention that if Dotcom's legal team hadn't initiated a judicial review, all of this material would have been whisked away to the United States never to be seen again.
… Elias was alone in saying a warrant should be right when it's issued and it was wrong to treat a fundamentally flawed warrant as valid on the basis of what happened after the event.
For my Ethical Hackers.
Nearly half of young people say they would be more likely to vote in the 2016 presidential election if they could cast their ballot online, according to poll released Tuesday.
The Fusion poll, which surveyed 18-to-34 year olds, found that 49 percent said an online system could encourage them to vote. A large portion, 42 percent, said voting online would make no real difference. Another 8 percent said they would be less likely to vote if it was made available online.
Thirty-eight percent said they would be more likely to vote if they could do it over their mobile phone.
Background for my Business Intelligence students.
Demographics of Key Social Networking Platforms
Pew Report – “Fully 71% of online adults use Facebook, a proportion unchanged from August 2013. Usage among seniors continues to increase. Some 56% of internet users ages 65 and older now use Facebook, up from 45% who did so in late 2013 and 35% who did so in late 2012. Women are also particularly likely to use Facebook compared with men, a trend that continues from prior years. Facebook users were asked additional questions about their friend networks. Among Facebook users, the median number of Facebook friends is 155. When asked to approximate how many of their Facebook friends they consider “actual” friends, the median number reported was 50…
Some 23% of online adults currently use Twitter, a statistically significant increase compared with the 18% who did so in August 2013. Twitter is particularly popular among those under 50 and the college-educated. Compared with late 2013, the service has seen significant increases among a number of demographic groups: men, whites, those ages 65 and older, those who live in households with an annual household income of $50,000 or more, college graduates, and urbanites…
Some 26% of online adults use Instagram, up from 17% in late 2013. Almost every demographic group saw a significant increase in the proportion of users. Most notably, 53% of young adults ages 18-29 now use the service, compared with 37% who did so in 2013. Besides young adults, women are particularly likely to be on Instagram, along with Hispanics and African-Americans, and those who live in urban or suburban environments…
Some 28% of online adults use Pinterest, up from the 21% who did so in August 2013. Women continue to dominate the site, as they did in 2013: fully 42% of online women are Pinterest users, compared with just 13% of men (although men did see a significant increase in usership from 8% in 2013). While Pinterest remains popular among younger users, there was an 11-point increase between 2013 and 2014 in the proportion of those 50 and older who use the site. Other demographic groups that saw a notable increase in usership include whites, those living in the lowest- and highest-income households, those with at least some college experience, and suburban and rural residents.”
Business tool or buzzword? Analysis of Big Data is being talked about, but not in as much depth as my students see.
Using Data to Call the Shots
Daryl Morey loves good data, and lots of it. As general manager of the Houston Rockets, he has made a name for himself with his devotion to using data analytics to make team decision—on everything shot selection to whom to acquire in a mid-season trade. Morey talks with Kellogg Insight about the importance of assembling a staff that understands analytics, how to ensure you are using the data wisely, and the need to always keep your eye on the prize when crunching the numbers.
See? I'm not the only one!
Morgan Stanley thinks Russia’s doomed
And now Morgan Stanley is out with a pretty scary forecast, too.
“We downgrade 2015 growth from -1.7%Y to -5.6%Y and revise our 2016 growth from a mild (0.8%Y) recovery to a 2.5%Y recession,” writes Morgan Stanley’s Alina Slyusarchuk.
I think we have some students who do this...
123D Circuits - Design and Test Electric Circuits Online
123D Circuits is a free tool from Autodesk for collaboratively designing electronic circuits online. On 123D Circuits you can design your circuits and test them on the simulator in your browser. You can create circuits from scratch or use and modify templates and other publicly shared projects.
Autodesk recently published a short playlist of videos containing demonstrations of how to use 123D Circuits for various tasks. Short engineering lessons are included in the second half of the videos.
… Click here for seven other resources you can use to teach students about electricity and circuits.
For my International students. (There are even more in the article)
… learning grammar is easier than ever now — with the right apps, of course.
And they are not just for people learning English; they’re also good for those of us who already speak it.
The free app Practice English Grammar from Cleverlize is among the most polished, and is easy to use for improving your grammar skills. It’s available for both iOS and Android and covers the whole gamut of grammatical details from conjunctions through tenses to using the passive voice.
… Another option is the LearnEnglish Grammar app from the British Council.
… This app is free for both iOS and Android, but you must pay for the complete range of content. Packs cover grammatical topics at different levels, from Beginner Pack 1 to Intermediate Pack 2 for more advanced lessons, and each costs $1.
Interestingly, there’s both a British English edition (free on iOS and Android) and an American English one (free on iOS and Android)
… A free alternative to these apps on Android is English Grammar Ultimate from Maxlogic.
Can't find the book you want to read in electronic format? Could my students divide a textbook and merge the electronic versions? Uses Windows 7 or 8, stores images on Amazon. (Article 3)
Kindle Convert Turns Paper Into E-Ink
Amazon has released Kindle Convert, a Windows program which lets you turn printed book into digital books. Currently priced at $19 (but with a list price of $49), Kindle Convert requires you to scan each page of the book you want to convert into the Kindle format. Which will require a lot of time and patience.
While this is likely to put most people off, it’s still good to have this option, especially for those who want to digitize rare or out-of-print books. Unfortunately, Kindle Convert is only available in the U.S. for the time being, though that’s likely to change in the future.
Global Warming! Global Warming! Another prediction they got wrong?
Accelerated Ice Melt Causing Iceland to Rise