Saturday, March 14, 2015
The government seems to have difficulty following Best Practices. No doubt hackers everywhere revel in their incompetence.
The State Department said Friday it was “implementing improvements” to its unclassified email systems, months after a breach in its networks.
… Last November, the department confirmed that it had detected “activity of concern” in its systems, but ensured the public that its classified systems had not been breached. Psaki’s statement on Friday said the breach had also not touched its “core financial, consular, and human resource systems.”
… A U.S. official last fall told CNN that the State Department hack was tied to the breach of White House computers in October. Russian hackers were the primary suspects in that hack, a charge that Russia has denied. As of February, the Wall Street Journal reported, the State Department still had not fully removed the malware planted.
For my Computer Security students.
Cisco 2015 Annual Security Report
New Threat Intelligence and Trend Analysis – “Despite advances by the security industry, criminals continue to evolve their approaches to break through security defenses. Attackers are realizing that bigger and bolder is not always better. The Cisco 2015 Annual Security Report reveals shifts in attack techniques, emerging vulnerabilities, and the state of enterprise security preparedness.
Of course your risk increases if you hold sensitive data. Hackers can encrypt your data on your computers and demand payment for the encryption key OR they can download your data and threaten to release it. Which would cost your organization more?
Kaspersky Lab writes:
Computer users in many countries are increasingly falling victim to so-called encryption malware – programs that encrypt important data on infected computers and then demand a ransom to decrypt it. In 2014, over 7 million attempts to carry out such attacks were made against Kaspersky Lab users alone. Kaspersky Lab experts have prepared an overview of the evolution of encryption malware, as well as advice on how to avoid being affected by this threat.
Cybercriminals prefer to be paid in the Bitcoin cryptocurrency, which offers them a sufficiently high level of anonymity. At the same time, it is common for attackers to specify their rates in real-world currencies, such as US dollars, euros or rubles. The cost of decrypting data for home users starts at 1000 rubles (about $15) but can be as high as several hundred dollars. If a corporate computer is infected, the attackers’ demands increase five-fold. Cybercriminals are known to have demanded ransoms as high as 5000 euros to decrypt files. Sadly, companies that have lost their data often prefer to pay up rather than lose important information. It comes as no surprise, therefore, that businesses are a prime target for cybercriminals who use encryption malware to make money.
Read more on Kaspersky Lab.
Rex Mundi is back again. After hacking Synergie and dumping data from Temporis in January, the hackers, who have made a business of hacking for profit, have announced that they have now hacked a diagnostic laboratory in France, Labio. And once again, they announced the hack on Twitter:
… In response to a tweeted question from DataBreaches.net, Rex Mundi indicated that they had demanded €20,000 from Labio not to release the data.
Because they have followed through on their threats in the past when organizations have not paid the extortion demands, we’ll have to see what happens on Tuesday.
Other entities hacked by Rex Mundi include Swiss bank Banque Cantonale de Geneve, French loan company Credipret, Swiss web hosting company Hoststar, Tobasco.be, Z-Staffing.org, Easypay Group payroll company in Belgium, Webassur, Thomas Cook Belgium, Finalease Car Credit, Mensura, Drake International, Accord.nl, ECAAssurances, Mutuelle La Frontaliere, and Domino’s Pizza, among their targets.
...but you can't fool all of the people all of the time.
Debbie Kelley reports:
Are parents just being paranoid or are their concerns about the privacy of student data that’s collected during computerized testing and on surveys valid?
Perhaps some of both.
During a public hearing, the Colorado State Board of Education hosted Thursday, officials from the Colorado Department of Education and Pearson State Assessment Services tried to assuage fears and address rumors about what data is being collected and why.
But State Board members and parents who attended say the responses were not good enough. Some questions were not answered.
Read more on The Gazette.
I hope they aren't teaching their students to do it this way...
With Absolutely No Legal Basis To Do So, University Counsel Demands Yik Yak Take Down Posts, Turn Over User Info
Maybe we should expect stupid behavior in response to apps with stupid names?
Tim Cushing writes:
Universities are still freaking out over the fact that some of their students are racists and assholes. But rather than deal with the inevitability that any decent-sized grouping of people will contain a percentage of both, they’ve opted to shoot the messenger: Yik Yak. Yik Yak provides a platform for anonymous postings that can only be seen by others within the same general location (1.5-10 miles). It also provides a voting system. With enough downvotes, a post is removed.
Despite these key ingredients, students and administrators are finding the app is to blame, rather than a portion of the people using it. So, they do ridiculous things like call for a ban of the app on campus — something almost completely unenforceable and ultimately futile.
In some cases, they opt for other unenforceable and futile efforts. The University of Rochester (NY) has discovered that local posts on Yik Yak contain a number of unsavory statements, including possible threats towards a student and racially-motivated activity. This has prompted a completely ridiculous response from the university’s legal team, which has “demanded” that Yik Yak do a number of things, including turn over a ton of information on users of the service.
Read more on TechDirt.
This is called, “Having a firm grasp of the obvious.”
Daily Report: New Rules for Net Neutrality May Set Stage for Legal Battles
… Opponents of the rules, including many of the leading Internet providers, spent Thursday poring over the document. It was not known who would file the first legal challenges, or exactly what legal arguments would be made. Many experts, though, said the document included plenty of opportunity for different interpretations.
(Related) The FCC saying, “Trust us?”
FCC Open Internet Order – Separating Fact From Fiction
“The Open Internet Order: Preserving and Protecting the Internet for All Americans – The Commission has released the full and final text of the Open Internet Order, which will preserve and protect the Internet as a platform for innovation, expression and economic growth. An Open Internet means consumers can go where they want, when they want. It means innovators can develop products and services without asking for permission. It means consumers will demand more and better broadband as they enjoy new Internet services, applications and content.
Separating Fact from Fiction
The Order uses every tool in the Commission’s toolbox to make sure the Internet stays fair, fast and open for all Americans, while ensuring investment and innovation can flourish. We encourage the public to read the Order, which reflects the input of millions of Americans and allows everyone to separate myths from fact, such as:
Myth: This is utility-style regulation.
Fact: The Order takes a modernized approach to Title II, tailored for the 21st Century.
Of course I'll still respect you in the morning!
“We frequently spend large amounts of money for no reason.”
Kashmir Hill writes:
This week I got an angry email from a friend who had just rented a car from Hertz: “Did you know Hertz is putting cameras in rental cars!? This is bullsh*t. I wonder if it says they can tape me in my Hertz contract.” He sent along this photo of a camera peeping at him from out of his “NeverLost,” a navigational device that the company has started putting in many of its cars:
Read more on Fusion
Reasonable, but very un-geek-like.
SXSW Declared a Drone-Free Zone
… In a press statement this week, the organizers behind the Austin, Texas-based conference set out a no-drones policy, citing a city ordinance. The group stressed concerns for safety should “airwaves and/or frequency spectrums generally used in the remote control of drones are too congested during the SXSW event to ensure operation safe from interference.”
Suggests a business opportunity: highly localized crime reporting.
Study finds racial, ethnic divide in attention to crime news
“Crime consistently ranks as one of the most followed and discussed topics by the public, and it receives more attention in local news media than almost any other subject. A recent Pew Research Center report reinforces these findings but also suggests that certain groups of residents pay closer attention to local crime than others in the three cities studied. A difference that particularly stands out is between racial and ethnic groups. A deep analysis of local news in Denver, Macon, Ga., and Sioux City, Iowa, finds that in each city at least three-in-ten people follow crime very closely and more than half of residents often discuss crime with others.”
For my Data Management and Business Intelligence students. Colorado isn't in their top 10. Clearly they screwed up.
The majority of jobs that require the use of large amounts of data are relegated to about 10 states, according to a report released by the Commerce Department.
The report describing the importance of “data occupations” on the economy highlights the huge growth in these high-paying jobs over the past decade. The study defined the “somewhat amorphous” term to mean jobs where the use of data is very important.
For my students with kids in high school.
PrepFactory Offers SAT & ACT Practice Exercises and Tutorials
Last month PrepFactory launched a free service for high school students to use to prepare for the SAT and ACT. PrepFactory offers students a series of tutorial videos and written tips to help them prepare for both tests. After completing a tutorial students can test themselves in a series of practice questions. Each question set is timed and limited to chunks of ten questions at a time. Students can earn badges for completing tutorials or question sets. In the video embedded below I provide an overview of PrepFactory's features.
For my geeky students.
Pi Overdose? Here’s 5 Raspberry Pi Alternatives
… Put simply, you feel as though you have mastered the Raspberry Pi, that there is nowhere else left to go.
You’re wrong: take a look at these five alternatives, each of which can open a whole new world of DIY technology to you.
Every Saturday, education laughs!
Hack Education Weekly News
… Florida’s problems with its online testing last week were partly caused by “cyber attacks,” which is definitely the new “dog ate my homework” excuse.
… Colorado also faced technical problems administering its PARCC assessments.
… Via The Register: “Toymaker Mattel has unveiled a high-tech Barbie that will listen to your child, record its words, send them over the internet for processing, and talk back to your kid. It will email you, as a parent, highlights of your youngster’s conversations with the toy.” What could go wrong?
… The Gates Foundation has a new higher ed agenda, according to Inside Higher Ed, including to “create a national data infrastructure that enables consistent collection and reporting of key performance metrics for all students in all institutions that are essential for promoting the change needed to reform the higher education system to produce more career-relevant credential” – which hopefully isn’t too inBloom-y, eh? [If at first you don't succeed, rename and try again. Bob]
… McGraw-Hill has surveyed college students about their technology usage. 81% said they studied via a mobile device; 66% said it was important to be able to do so.
Perspective. ...and I touched my first computer in 1965. Wow, am I old or what?
Exactly 30 years ago, on Sunday, March 15, 1985, a computer company in Massachusetts registered the world’s first dot-com domain: Symbolics.com. And with that, the dot-com era officially began.