Monday, June 22, 2015

Another article for my IT Governance and Risk management class.
Hackers force Polish airline to cancel flights
Poland's LOT airline was forced to cancel around 10 foreign and domestic flights after hackers attacked its computers on Sunday.
Airline spokesman Adrian Kubicki said the attack temporarily paralyzed LOT's computers at Warsaw's Frederic Chopin airport, disrupting the processing of passengers for the flights.
… LOT Airlines said no airborne planes were affected.
A representative at LOT told CBS News on Monday morning that the hackers attacked the airline's internet network, affecting email and web access in their offices. It was not a targeted attack to their flight plan computers.
The biggest effect, the airline official said, was that they could not issue flight plans during the outage.

Do they have photos in these files? If not, I guess I could get them from a Facebook page. Any Intelligence service would be happy to have full dossiers on everyone who works for a target.
Report – hacker had access to U.S. security clearance data for one year
by Sabrina I. Pacifici on Jun 21, 2015
Follow up to previous posting, Massive hack of federal personnel files included security-clearance database, again via Washington Post: “The recently disclosed breach of the Office of Personnel Management’s security-clearance computer system took place a year ago, giving Chinese government intruders access to sensitive data for a year, according to new information. The considerable lag time between breach and discovery means that the adversary had more time to pull off a cyber-heist of consequence, said Stewart Baker, a former National Security Agency general counsel. “The longer you have to exfiltrate the data, the more you can take,” he said. “If you’ve got a year to map the network, to look at the file structures, to consult with experts and then go in and pack up stuff, you’re not going to miss the most valuable files.”

Why would my Ethical Hacking students (for example) be free to reverse engineer software when a government agency, doing exactly the same thing, have to jump through hoops? Have we lost perspective or does someone want to sell consulting services to GCHQ? Perhaps they just want to deflect the kind of lawsuits that the FBI seems to attract. See the next couple of articles.
Andrew Fishman and Glenn Greenwald report:
British spies have received government permission to intensively study software programs for ways to infiltrate and take control of computers. The GCHQ spy agency was vulnerable to legal action for the hacking efforts, known as “reverse engineering,” since such activity could have violated copyright law. But GCHQ sought and obtained a legally questionable warrant from the Foreign Secretary in an attempt to immunize itself from legal liability.
GCHQ’s reverse engineering targeted a wide range of popular software products for compromise, including online bulletin board systems, commercial encryption software and anti-virus programs. Reverse engineering “is essential in order to be able to exploit such software and prevent detection of our activities,” the electronic spy agency said in a warrant renewal application.
Read more on The Intercept.

“We don't have to explain why we put people on the no-fly list and we don't have to explain why we take people off the no-fly list. We're the US government and we do whatever we damn well want to do!”
From Papers, Please!
Four days before a Federal judge was scheduled to hear arguments in a lawsuit brought by four Muslim US citizens who were placed on the US government’s “no-fly” list to try to pressure them into becoming informants for the FBI, the government has notified the plaintiffs in the case that all of them have been removed from the no-fly list.
The plaintiffs in Tanvir v. Lynch are continuing to press their claims, as are other US citizens challenging their placement on the no-fly list in retaliation for declining to inform on their friends, families, communities, and fellow worshippers. But we expect that, as has been its pattern, the government defendants will now try to get the case dismissed as “moot“.
Read more on Papers, Please!

(Related) “We don't want anyone to know what we do because we might have to stop it.”
DOJ Prevailed Over Google on Email Privacy Case
by Sabrina I. Pacifici on Jun 21, 2015
Ryan Gallagher – The Intercept:The Obama administration fought a legal battle against Google to secretly obtain the email records of a security researcher and journalist associated with WikiLeaks. Newly unsealed court documents obtained by The Intercept reveal the Justice Department won an order forcing Google to turn over more than one year’s worth of data from the Gmail account of Jacob Appelbaum (pictured above), a developer for the Tor online anonymity project who has worked with WikiLeaks as a volunteer. The order also gagged Google, preventing it from notifying Appelbaum that his records had been provided to the government. The surveillance of Appelbaum’s Gmail account was tied to the Justice Department’s long-running criminal investigation of WikiLeaks, which began in 2010 following the transparency group’s publication of a large cache of U.S. government diplomatic cables….”
[From the article:
The Justice Department argued in the case that Appelbaum had “no reasonable expectation of privacy” over his email records under the Fourth Amendment, which protects against unreasonable searches and seizures. Rather than seeking a search warrant that would require it to show probable cause that he had committed a crime, the government instead sought and received an order to obtain the data under a lesser standard, requiring only “reasonable grounds” to believe that the records were “relevant and material” to an ongoing criminal investigation.

Sounds like a tool for cults to ensure their mind control is working.
Joe Cadillic writes:
Soon every churchgoer will be identified by facial recognition software! You read that right, churches will soon be using facial recognition software to identify you and your family.
The company website brags: “First of its kind, Churchix provides you with accurate data on members attendance in your events and services. The software also allows you to sort and manage your videos and photos.”
Churchix was originally developed by us for a chain of international churches, which wanted to follow up with membership attendance at its events. Today it’s being used at a number of other churches in the US and in Indonesia” Moshe Greenshpan, the company’s CEO said.
Read more on MassPrivateI

“Hey guys! Look what I just noticed.” But if you are dead, you forfeit your privacy rights?
Emily Nitcher reports:
Citing a federal law that has been on the books for 21 years, the Arkansas State Police began earlier this month withholding nearly all personal information from vehicle crash reports available to the public.
The agency contends the 1994 Drivers Privacy Protection Act, which prohibits personal information from motor vehicle reports from being made public, also covers police crash reports.
Read more on Arkansas Online.
[From the article:
The new policy means the only personal information available on state police crash reports are the names and hometowns of fatalities. All other information, including the names of other drivers and passengers, is withheld.
Critics of the new practice, which has already been included in a lawsuit against the state police over its records disclosures, are skeptical about the application of the federal law and the 21-year delay in enforcing it.

Don't mess with Taylor! Some smart entrepreneur will ask Taylor what the ideal music payment model (or models) should be and thereby own the market. (I'm assuming she has some really smart lawyers.)
Apple will pay artists during three-month trial after Taylor Swift open letter
No more bad blood: Apple senior executive Eddy Cue announced on Twitter that Apple Music will pay artists during the service’s free, three-month trial period. The reversal of policy comes one day after Taylor Swift wrote an indictment of Apple Music on Tumblr titled “Dear Apple, Love Taylor.”
… In an interview with Billboard, Cue said it was Swift’s letter that spurred the company to make its decision. “When I woke up this morning and saw what Taylor had written, it really solidified that we needed a change,” Cue said. “And so that’s why we decide we will now pay artists during the trial period.”

Wally sounds like my students. They wait until class starts to ask me if it is Okay to submit their papers late. (It is not) I find it frustrating, they find it hurts their grades.

No comments: