Thursday, March 26, 2015

The downside of looking for live on the Internet? The Bad guys are looking for loot.
Sextortion Schemes Using Mobile Malware in Asia: Trend Micro
Cybercriminals in Asia are taking advantage of smartphones and mobile malware to rake in significant profits through sextortion schemes, a report from Trend Micro has found.
In sextortion cases, a victim is lured into performing explicit acts that are secretly recorded and then blackmailed with the video. In a new report, researchers at Trend Micro detailed how these sextortion gangs are operating. In one case, police in Japan arrested two men suspected of being part of a gang that stole at least Ɏ3.5 million (US$29,204.88) from 22 victims between December 2013 and January 2014.

Might be fun to see if this is related to population (if so, why is India not number one) or
China Named Top Originator of Attack Traffic in Q4 2014: Akamai
A new report from Akamai Technologies names China as the top source of attack traffic on the Web.
In its 'Fourth Quarter, 2014 State of the Internet Report', Akamai cited China as the originator of 41 percent of observed attack traffic. According to the report, during the fourth quarter of last year Akamai observed attack traffic originating from 199 unique countries and regions. Out of the 199, China was the clear leader of the pack, accounting for more than triple the amount originating from the U.S.
"The overall concentration of observed attack traffic decreased in the fourth quarter, with the top 10 countries/regions originating 75% of observed attacks, down from 84% and 82% in the second and third quarters, respectively," according to the report. [Everyone is getting into the act. Bob]

For my Computer Security students. Remember, it's your job to fix each of these! (Assuming you work 50 weeks each year, you need to fix roughly 62 vulnerabilities every day.)
Over 15,000 Vulnerabilities Detected in 2014: Secunia
IT security solutions provider Secunia today published its annual vulnerability review. The report provides facts and details on the security flaws uncovered in 2014.
According to the security firm, a total of 15,435 vulnerabilities were identified in 2014 in 3,870 applications from 500 vendors. This represents an 18 percent increase compared to the previous year, and a 55 percent increase over five years.
The complete Secunia Vulnerability Review 2015 is available online.

Knowing is not as effective as nagging? Good News/Bad News: Here is a good way to get educate users about privacy and the discontinue the App. Sounds like a business opportunity I should run by may students.
Byron Spice writes:
Many smartphone users know that free apps sometimes share private information with third parties, but few, if any, are aware of how frequently this occurs. An experiment at Carnegie Mellon University shows that when people learn exactly how many times these apps share that information they rapidly act to limit further sharing.
In one phase of a study that evaluated the benefits of app permission managers – software that gives people control over what sensitive information their apps can access – 23 smartphone users received a daily message, or “privacy nudge,” telling them how many times information such as location, contact lists or phone call logs had been shared.
Some nudges were alarming. One notable example: “Your location has been shared 5,398 times with Facebook, Groupon, GO Launcher EX and seven other apps in the last 14 days.”
In interviews, the research subjects repeatedly said the frequency of access to their personal information caught them by surprise.
… “The vast majority of people have no clue about what’s going on,” said Norman Sadeh, a professor in the School of Computer Science’s Institute for Software Research. Most smartphone users, in fact, have no way of obtaining this data about app behavior. But the study shows that when they do, they tend to act rapidly to change their privacy settings.
… An app permission manager allows smartphone users to decide which apps have access to personal information and sensitive functionality. The study used a permission manager for Android 4.3 called AppOps.
… When the participants were given access to AppOps, they collectively reviewed their app permissions 51 times and restricted 272 permissions on 76 distinct apps. Only one participant failed to review permissions.
But once the participants had set their preferences over the first few days, they stopped making changes. When they began getting the privacy nudges, however, they went back to their privacy settings and further restricted many of them.
… Sadeh said when people download an Android app, they are told what information the app is permitted to access, but few pay much attention, and fewer understand the implications of those permissions.
“The fact that users respond to privacy nudges indicate that they really care about privacy, but were just unaware of how much information was being collected about them,” Sadeh said.
The AppOps software was discontinued on later versions of Android. While iPhones do have a privacy manager, it does not tell users how often their information is used or for what purpose and does not nudge users to regularly review their settings.
SOURCE: Carnegie Mellon University News

All employees are trustworthy up until the moment they're not.
Dune Lawrence reports:
Whether you call Edward Snowden a traitor or a whistle-blower, he earned one label about which there’s no debate: insider threat.
Guarding against such risks is an expanding niche in the security industry, with at least 20 companies marketing software tools for tracking and analyzing employee behavior. “The bad guys helped us,” says Idan Tendler, the founder and chief executive officer of Fortscale Security in San Francisco. “It started with Snowden, and people said, ‘Wow, if that happened in the NSA, it could happen to us.’ ”
Companies are also realizing that tracking insiders may improve their odds of catching outside hackers.
Read more on BloombergBusiness.

Interesting, but will it change their practices going forward?
Elizabeth Warmerdam reports:
The FBI can no longer withhold thousands of pages of surveillance files of Muslim communities by claiming the “law enforcement” exemption of the Freedom of Information Act, a federal judge ruled Monday.
U.S. District Judge Richard Seeborg found that the exemption “is not the appropriate umbrella under which to shield these documents from public view.”
The American Civil Liberties Union, the Asian Law Caucus and the San Francisco Bay Guardian in 2010 requested records concerning the FBI’s investigation and surveillance of Muslim communities in Northern California.
Read more on Courthouse News.
[From the article:
Although the FBI submitted a lengthy declaration describing how the type of documents it withheld advance law enforcement interests, it did not sufficiently "establish a rational nexus between the enforcement of a federal law and the documents for which it claims Exemption 7 applies," Seeborg wrote in a 7-page ruling.
… "The FBI's refrain at oral argument that many of the withheld documents do not relate to particular investigations, and thus cannot be linked to any particular provision of law, only serves to emphasize the point that Exemption 7 is not the appropriate umbrella under which to shield these documents from public view," Seeborg wrote.

The concern, Dear Feds, is that the pass was not free.
Feds: We didn't give Google a free pass
Federal regulators are pushing back against suggestions that they gave Google a free pass under antitrust law, potentially out of deference to the Obama administration.
After stories in the Wall Street Journal showing that Federal Trade Commission (FTC) staff urged the agency to take action against the Web giant — which it ultimately did not — and detailing Google’s close ties to the White House, members of the FTC are pushing back.

My students may not know it yet, but they need social media.
How To Kickstart Your New Social Media Accounts
… Before we start, I just need to point something out. Obviously there are numerous social media sites out there — too many to count. So to make things easy, in this article, I am just going to go with Twitter. However, the principles below apply to any social media site. Twitter not your gig? Then take the advice below and apply it/adapt it to that site.

Why would this be funny? It is exactly the techno-babble Economists speak!

No comments: