I'm thinking of writing a book titled: “Chinese
Hackers's Best Practices.” Nothing new or innovative, just
pointing out all the existing security holes every hacker knows. The
ones we teach our Ethical Hacking students.
Government
Credentials on the Open Web
by Sabrina
I. Pacifici on Jun 24, 2015
Follow up to Massive
hack of federal personnel files included security-clearance database
– related news – “Recorded
Future identified the possible exposures of login credentials for 47
United States government agencies across 89 unique domains. As
of early 2015, 12 of these agencies allowed some of their users
access to computer networks with no form of two-factor
authentication. This scenario heightens the risk of cyber espionage,
crime, or attack for these agencies. This data was identified
through open source intelligence (OSINT) collection and analysis of
17 paste sites including Pastebin.com over a one year period ending
in November 2014. Recorded Future shared this information with the
majority of affected agencies in late 2014 and early 2015. At the
time of our analysis, the Department of Energy had the widest
exposure, with email/password combinations for nine different domains
identified on the open Web. The Department of Commerce was the
second hardest hit with seven domains suffering exposures.”
For my Computer Security students.
UK:
Information Security Breaches Survey 2015
by Sabrina
I. Pacifici on Jun 24, 2015
PWC:
“We have been commissioned by the Department for Business,
Innovation and Skills (BIS) to survey companies across the UK on
cyber security incidents and emerging trends… The key observations
from the 2015 survey were:
- The number of security breaches has increased, the scale and cost has nearly doubled. Eleven percent of respondents changed the nature of their business as a result of their worst breach.
- Nearly 9 out of 10 large organisations surveyed now suffer some form of security breach – suggesting that these incidents are now a near certainty. Businesses should ensure they are managing the risk accordingly.
Fortunately, they can learn from the IRS. (See
next article)
Michael Hardy reports:
The government stores personal information on millions of Americans who have used the Healthcare.gov system, a situation which is raising privacy concerns as the recent successful attack that compromised Office of Personnel Management data makes plain the damage that hackers can do.
Called the Multidimensional Insurance Data Analytics System, or MIDAS, the system stories names, Social Security numbers, financial accounts and other sensitive personal information. But according to an Associated Press report, there is no plan in place to destroy old records, raising eyebrows among cybersecurity experts.
Read more on Federal
Times.
Yet another article for my IT Governance class.
We will discuss “legal holds” and Best Practice procedures that
ensure that data is retained as long as needed and deleted when no
longer required. In this case it is very unlikely that the
“employees” made a mistake. They deleted the emails as required
by their data retention policy.
Watchdog:
IRS erased backups after loss of tea party emails
IRS employees erased computer backup tapes a month
after officials discovered that thousands of emails related to the
tax agency's tea party scandal had been lost, according to government
investigators.
The
investigators, however, concluded that employees erased the tapes by
mistake, not as part of an attempt to destroy evidence.
As many as 24,000 emails were lost because 422
backup tapes were erased, according to J. Russell George, the
Treasury inspector general for tax administration.
The revelation is likely to fuel conspiracy
theories among conservatives who say the IRS has obstructed
congressional investigations into the scandal.
… George
says the workers were unaware of a 2013 directive from the agency's
chief technology officer to halt the destruction of email backup
tapes.
This seems high to me, even after seeing all those
subpoena reports from Google, Facebook, etc.
Justin Davenport reports:
Scotland Yard is making more than 120 requests a day to access private phone calls, texts and emails, new figures reveal.
Statistics revealed to the Evening Standard show that last year the Met made 45,249 requests to obtain communications data under the Regulation of Investigatory Powers Act, or Ripa.
The legislation allows officers to access people’s phone use, emails and web searches — provided they do not view the content.
Read more on the London
Evening Standard.
Keeping up...
Dan Cooper writes:
On June 18, 2015, the Canadian Parliament passed the Digital Privacy Act (DPA), Senate Bill S-4, into law. The DPA amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA) in important respects, including introducing a new data breach notification requirement (which is not yet in force) and making other material changes to PIPEDA. This post summarizes key changes to PIPEDA brought about by the DPA.
Read more on Covington & Burling Inside
Privacy.
Free texting?
Messaging
will be Facebook's 'next major wave of innovation and financial
windfall'
When Facebook
purchased WhatsApp last year for $19 billion, many were shocked
by the astronomical price paid for a little-known
company with only 55 employees.
… In a note to clients on Tuesday, Deutsche
Bank estimated that WhatsApp, along with Facebook’s Messenger app,
will have more than 2 billion active users and generate between $9
and $10 billion in revenues in 2020.
…
Deutsche Bank is predicting an enormous
monetization of Messenger and WhatsApp, which currently provide $0
and $49 million in revenues, respectively. By 2020, they expect
those numbers to jump to $4.224 billion and $4.827 billion,
representing about 17% of Facebook’s total ad revenues.
Messaging apps are becoming immensely popular
around the world, with mobile-first apps like WhatsApp being "always
on" replacements for SMS.
"The value of sending fast,
reliable and free messaging vs. the previous onerous SMS
fees charged by carriers (especially for international SMS), is clear
as day and a big reason why these services took off initially on a
global scale," the report said.
Facebook’s two apps have grown globally too,
especially in emerging markets. WhatsApp has 800 million users, with
80% from emerging markets while Messenger has 700 million users, with
75% from these markets.
WhatsApp has penetrated an impressive 88% of the
mobile market in Brazil and 81% of the mobile market in Argentina.
Perspective.
(And perhaps to inspire a new business model?)
Apple
Music will pay labels just $0.002 per stream during its free trial —
before tax
… Spotify says it pays labels and publishers
between
$0.006 and $0.0084 per stream. A
Guardian report suggests that the average payment a signed artist
gets after their label takes its share is a mere $0.001128.
… Apple will pay music owners 71.5% of Apple
Music's revenue in the US. Outside the US this could fluctuate, but
will average out at around 73%.
… Apple's revenue split is only a few
percentage points more than the industry average of 70%, which
Spotify also says it pays.
Interesting. Is this enabled by any technology
beyond the connection?
Ford takes
on Uber with car-sharing program
Ford is launching a pilot car-sharing program,
according to multiple reports.
Under the program, people who have financed their
vehicles through Ford’s credit arm will be able to rent it out for
short periods of time, according to the Associated
Press. U.S. based owners will do so through a program created by
Getaround, a California-based startup that allows people to rent out
their cars.
… It’s a sign that the car manufacturer is
looking to confront the way that short-term car sharing services like
Zipcar and ridesharing platforms like Uber have changed the American
public's relationships with cars.
"We are seeing a lot of folks that don't want
to own a vehicle, and we as a company want to make sure we are
listening to customers and see if we can help in that regard,"
Ford CEO Mark Fields told
CNBC. "Customers,
particularly in urban areas want access versus ownership."
Another technology I'll probably never use. BUT,
it might increase the number of students who “read” the
textbook...
The Rise of
‘Speed-Listening’
… speed-listening represents yet another step
away from the curled-in-bed ideal. It suggests that a book exists
not primarily for pleasure, but rather for being sucked of its
precious information as efficiently as possible. It suggests that
digital advances can help make an extremely old
activity—reading—newly transactional.
… personalized, sped-up audio playback, for
its part, has been around since 2004, Brian
Feldman notes, when Apple introduced variable playback speeds
into its iPod software. In 2007, the “Getting Things Done” blog
recommended
“adjusting the playback speed of your audiobook or video to a
maximum of 150 percent” to complete the book more quickly. In
2010, the tech blog GigaOm suggested “speed-listening to
podcasts” as an overall time-saving technique. Software titled,
straightforwardly, FasterAudio promises
to “cut
your audio learning time in half.”
This is just showing off, but I'll add it to my
next Excel class.
How to See
All Your PC Information Using a Simple Excel VBA Script
Have you ever needed to know your computer’s CPU
or memory details, serial or model number, or installed software
versions, but weren’t sure where to look? With just a bit of
simple code in Excel, you can extract a whole library of your Windows
PC information.
I may have a use for this too.
Create
Interactive Videos on Wideo
Wideo
is a nice tool for creating Common
Craft-style videos. You can create animated videos on Wideo by
dragging and dropping clipart and text in storyboard frames. You set
the position and animation sequence for each element in each
storyboard frame. When you have completed your storyboards Wideo
generates a video for you.
This week Wideo
added a new feature that allows you to build interactive buttons
into each frame of your video. The buttons can be hyperlinked to any
webpage that you like. When people are watching your video they can
click the buttons to be taken to the webpage you want them to land
on.
… The free version of Wideo limits video
length to 45 seconds. 45 seconds is long enough for a lot of video
projects. Discounts are given to educators who want to purchase the
capability to produce longer videos.
How to Tweet better than your students.
Send Tweets
with Rich-Text Formatting using TallTweets
A new release of TallTweets has just been rolled
out and it includes several new features and enhancements. The
interesting additions are:
- TallTweets now supports rich-text formatting so you can use bold text, write in italics or even mark words with the yellow highlighter. See image tweet.
- You can compose Tweetstorms (numbered tweets, sent sequentially) and TallTweets will offer a live preview as you type so you know exactly how the tweets will look like in your timeline. See Tweetstorm
- TallTweets has gone international and now supports all languages including Hindi, Arabic, Malay, Chinese and more. In fact, if you use the “tweet as image” option, you can even send tweets in languages that are not officially supported by Twitter yet.
According to this, I'm writing my Blog all wrong.
But perhaps it will help my students...
How to
Write a Piece of Content From Conception to Publication
Are you trying to write
something, either for work or just for your own enjoyment?
Sitting down in front of a computer and delivering a piece of content
can be a stressful
experience.
You need a roadmap that will guide you through the
process, and that’s just what the infographic below provides you
with. It breaks everything down into small steps that anyone can
accomplish. By the time you’re done, you’ll have created a
finished piece of written work that you can be proud of!
No comments:
Post a Comment