Wednesday, May 20, 2015

This sounds ominous. I would be looking for a few heads to roll.
David Ramli reports:
Australia’s leading cyber-spies have joined the hunt for hackers who broke into Telstra’s Asian subsidiary Pacnet in an attack affecting thousands of customers including The Australian Federal Police, Department of Foreign Affairs and Trade and other government agencies.
Telstra on Wednesday revealed that an unknown third-party had gained complete access to Pacnet’s corporate network including emails and other administrative systems in early April 2015.
Read more on The Canberra Times.
[From the Times:
Telstra bought Pacnet for $US697 million earlier this year and said the attack occurred two weeks before the deal was finalised. It added Telstra was not told until after the deal's completion on April 16, after which more action was taken to close the breach.
"We have not been able to tell from forensic information or system logs what has been taken from the network," Telstra chief information security officer Mike Burgess said, adding that Telstra's own network had not been compromised. "But it is clear they [the attackers] had complete access to the corporate network and that's why we're telling customers."
… Pacnet is one of the few Western telecommunications providers to have its own data centres in mainland China. But Mr Riley said there was no evidence that the attackers were Chinese or even backed by a government and said he remained positive about the acquisition.
"It would've been good to know about it a little earlier but Pacnet felt they were dealing with the incident," he said. "I don't think it changes the deal for us and I still think it's a very, very exciting acquisition that we've made."

Consumers probably forget in a few months. How long term is the impact with creditors, insurers, etc.?
PYMNTS reports:
Like Target, Home Depot knows all too well that the true cost of a payments data breach won’t be known until long after the dust from the cyberattack settles.
While Home Depot’s earnings are on the mend, as the retailer posted a better than expected first quarter earnings, the lingering expenses from the breach will likely be a sore spot for the retailer. In Q1 alone, Home Depot shelled out $7 million in breach-related expenses, the company said during a Tuesday (May 19) first- quarter earnings call. That figure, however, is just a sliver of the breach bucket figure so far, as Home Depot announced in the company’s fourth-quarter 2014 earnings that it had spent roughly $33 million for data breach costs. But that was just 2014 figures, and 2015 should bring more breach-related expenses as more suits get filed against the retailer.

If you can send money from your credit card, my Ethical Hacking students can too! (Digest Item #5)
MasterCard Send Lets You Transfer Funds
MasterCard Send is a new service which allows customers to digitally transfer funds to other people quickly and securely. Senders need to hold a MasterCard, but recipients don’t need a card or even a bank account, as funds can be sent via wire services such as Western Union.
Send has already gone live in the U.S., and is likely to be rolled out to other territories soon. The company claims that, “By digitizing personal payments that are typically handled via cash or check, MasterCard is providing greater convenience, choice and security to both payment senders and receivers in developed and developing markets.”

Something for all my students. Add these to your computer security toolkit and impress your friends.
How To Test Your Home Network Security With Free Hacking Tools
… While you can never be 100 percent certain of preventing a robbery, some basic precautions can significantly reduce your chances, as would-be thieves move on to easier targets.
The same principles apply to home network security. Sadly, almost no systems are entirely “hack proof” – but browser security tests, server safety measures, and network safeguards can make your set-up much more robust.

Another resource for my Ethical Hacking students. (Note that when you are tweaking your blog, sometimes you lose articles. Thank God for Google's webcache.)
It’s ethical hacking with SQL injection on Pluralsight!
I’ve long been a proponent of “hacking yourself first”, that is the idea of building up some offensive skills such that you can actually take a good shot at ethically breaking apps for the betterment of society. Whether they’re you’re own apps that you’ve built or ones you’re testing part of a dev team doesn’t really matter, it’s the same skills and the same end result – you find bad stuff before bad people do.
What I can now share with everyone is that over the last few months, I’ve been working hard with the folks at Pluralsight and another fellow author to take this a step further and start building out an ethical hacking series.
You can go and watch the course on Pluralsight right now or read on. Let me share the background on this, what’s in the first course of this series on SQL injection and what you can expect to see come next.

There's stupid, then there's spectacularly stupid. This is a significant downside of tech convergence.
  1. Drivers are making video chats, taking selfies behind the wheel

It's a known fact that drivers shouldn't text while behind the wheel, but a new study suggests people are doing a whole lot more than sending messages.
New research conducted by AT&T and Braun Research suggests 70% of drivers engage in some sort of smartphone activity. While texting (63%) and emailing (33%) are the two biggest offenders, four in 10 people are checking social media sites — 27% of those users cite Facebook as their main distractor, followed by Twitter at 14%. Another 28% of drivers said they surf the web while the car is in motion.

Back in “Ye Olde Days” employees were given training before they were allowed to use the corporate telephones on their desks. I suspect there is even more need for that today, but even less training.
How to Use Your Smartphone Like a Professional
It’s a safe to assume that everyone in your office has a smartphone. Many jobs require employees to use a smartphone. For those that don’t, everyone probably has a personal device that they bring to work with them. What’s my point? Just because everyone uses a smartphone, it doesn’t mean they can’t remain professional.
Some of this might seem like common sense, but there are professional ways to use a smartphone. When in a place of business, you don’t want to use your phone the same way you would when out with your friends.

For my Data Management students.
JPMorgan’s global think-tank uses big data to read US economy
For decades policy makers and economists have sought data that would allow them to better understand how changes in financial behaviour affect the economy. Now they are getting a boost from a new and unexpected research partner — JPMorgan Chase.
The bank launched a global think-tank this week — the JPMorgan Chase Institute — aiming to combine the power of big-data analytics with information culled from 30m of its own customers to build a more granular snapshot of the US economy.

No comments: