Potential jobs for my Computer Security students!
(And my Ethical hacking students?)
Employees of the St. Louis Cardinals are under
federal investigation for hacking databases belonging to the Houston
Astros, the New York Times reported
on Tuesday.
The employees, who have not been named, are
alleged to have hacked into a database used by the Astros to track
player development.
The database was developed by a former Cardinals
executive who had left to join the Houston team. Cardinals employees
alleged used a list of master passwords belonging to the executive
from his time with the team to access the system, according to the
Times.
Beware of passengers playing Flight Simulator
games? I think each of these problems have already been addressed
and there is a “Best Practice” solution for them. The question
as always is; “Have developers of these new technologies designed
in security?”
The
Ever-evolving Cyber Threat to Planes
Hackers and cyber-terrorists present an
ever-evolving threat to airlines, with experts constantly testing for
new vulnerabilities -- including the fear that drones could be used
to throw a plane off course.
Most agree hacking a plane would be a
near-impossible feat, but some professional hackers have claimed
airline computer systems are riddled with weaknesses that could allow
someone to break in, perhaps even through the in-flight entertainment
system.
US
computer security expert Chris Roberts recently
claimed to have hacked into a plane's controls through the
entertainment console and to have issued a "climb" command.
But
speaking at the Paris Air Show this week, Alain Robic of Deloitte
Consulting, an expert on cybersecurity, said the claims were not
credible.
Robic
was working for Airbus in 2005 when a hacker showed them how he could
penetrate the flight controls from a passenger seat while they were
designing the new A380.
"The
bosses were shocked. It was a revolutionary moment. They
re-engineered everything to separate the systems so it could never
happen again," said Robic.
… David
Stupples, a professor of electronic and radio systems at City
University in London who advises Airbus, said the latest threat he
was exploring was whether a drone could be used to send radio signals
to an aircraft and confuse its systems.
"If
I could get a signal to the aircraft that caused it to become
confused while it's on its final approach, could I cause an incident?
My view is yes," said Stupples, adding that flying
near to the plane could allow the drone to overpower signals from the
ground.
Stopping
this kind of activity means preventing drones from flying near
airports -- something which has only recently become possible with
new forms of radar capable of spotting tiny aircraft.
… Stupples
said there was a greater threat of an employee with access to the
computer data hubs uploading malware to an aircraft's systems.
(Related)
Making the right promises, but not moving with any sense of urgency?
(I'm sure the photograph that accompanies the article is just a
coincidence.)
First
responder network will be secure, chief assures lawmakers
Strong
cybersecurity will be built in to a nascent network for
emergency first responders, its director said at a Tuesday hearing.
“We have a unique opportunity as we develop a
network that’s going to be deployed that we can start from the
beginning and bake in security from day one,” said TJ Kennedy, the
acting executive director of FirstNet.
… “We’re not reinventing the wheel,” he
told lawmakers. “We’re
leveraging a lot of best practices that are in place both
in the private sector and in government today.”
… FirstNet was conceived after the September
11 attacks, when many first responders had incompatible communication
systems. It was authorized
by Congress in 2012.
On Monday I posted an article about Google
providing search for the Patent Office, because the government
couldn't do it. Here's some more evidence that (for whatever reason)
lots of government departments and agencies can't do IT.
Feds
leveraging data from egov site
by Sabrina
I. Pacifici on Jun 16, 2015
Via Government
Executive: “It’s
surprising how many agencies now use USASpending.gov
to “access their own data,” said David Lebryk, the
fiscal assistant Treasury secretary who on Monday delivered an upbeat
assessment of governmentwide progress in implementing the 2014
Digital Accountability and Transparency Act. “We’re off to a
great start on tough challenges, but outsiders
don’t really appreciate how complex government is,” he
said at a breakfast sponsored by the Johns Hopkins University
Government Analytics program and REI Systems. “We’re not a small
business,” Lebryk said, referring to the federal government.
“We’re the biggest entity in the world. And at a time of budget
constraints, there is more scrutiny of spending, of which the DATA
Act is a part.” Lebryk and Comptroller David Mader are leading the
team charged with implementing the DATA Act, which is designed to
standardize spending information in machine-readable formats to make
it accessible to the public. “With no new funding,” Lebryk said,
“we’ve tried to think it through creatively, to use technology as
our friend. We’re not doing massive system changes, and it’s
important that the data be owned by the agencies.”
Not all new features are welcome.
How to turn
off Twitter's annoying new autoplay feature
Twitter has introduced a new autoplay feature,
meaning all videos, Vines and gifs in your timeline will
automatically start playing as you scroll down.
While the sound is muted until you actively click
on it, some users are already complaining about autoplay. Twitter
said that during testing the feature generated more views and
engagements for advertisers,
so you're likely to see a whole lot more brand clips cropping up in
your feed. Not happy about being bombarded by ever more adverts?
Here's how to turn it off.
I suppose this could be social networking too.
Amazon’s
Next Delivery Drone: You
In its ceaseless quest to speed delivery,
Amazon.com
Inc. wants
to turn the U.S. into a nation of couriers.
The Seattle retailer is developing a mobile
application that would, in some cases, pay ordinary people, rather
than carriers such as United
Parcel Service Inc.,
to drop off packages en route to other destinations, according to
people familiar with the matter.
… But the concept faces many hurdles, from how
Amazon will vet deliverers to whether physical retailers will
cooperate with a key rival. Major shippers are efficient; it costs
UPS an average of about $8 to deliver a package in the U.S.
Amazon ships an average 3.5 million packages a
day, according to SJ Consulting Group, so it would need a lot of
couriers to make a meaningful impact.
Do you think my students know about this? I've
been surprised to learn how many don't know social networking. I try
to learn what they do, but have to try much harder to see why I would
use them. Perhaps I'm just anti-social?
What is
Snapchat? App's founder explains social media phenomenon
Ever wondered what Snapchat
is but been too embarrassed to ask? You're probably not the only one.
Evan Spiegel, the photo messaging app's co-founder
and chief executive, has provided the parent's guide to the
phenomenon in a four-minute YouTube
video.
Perspective. What they do is interesting. Too
tired/lazy to go to a restaurant? Food delivered to your home seems
hot. (The service, not necessarily the food.)
The 13
European tech startups that are most likely to be worth $1 billion
next
Roughly three European tech companies a year have
been sold or floated on the stock exchange, or otherwise valued by
investors, at $1 billion or more since 2000, according to data
from British investment bank GP Bullhound.
But since April 2014, Europe has added
13 companies to its list of "unicorns."
A smart addition? I think so. It supports the
businesses they rely on. (Digest Item #2)
Etsy Now
Offers Crowdfunding
Etsy has launched its
own crowdfunding platform designed to help Etsy sellers expand
their businesses. Fund on Etsy is essentially Kickstarter for
handmade products. It exists within the Etsy ecosystem, which means
most of the buyers and sellers involved will already have some sort
of relationship.
Right now, Etsy only exists as a marketplace
for handmade products, but Fund on Etsy means small businesses
can seek funding in order to launch a new product. They can then use
the profits to add employees, purchase new tools, or expand their
studio space. Which means that, potentially at least, everyone’s a
winner.
Fund
on Etsy is starting life as a U.S.-only pilot program for
selected sellers. This will run from now until August 16th, at which
point Etsy will decide whether it was successful enough to roll out
on a larger scale. In the meantime, just remember that crowdfunding
can be a bit of a gamble, as there are no guarantees that sellers
will deliver on their promises.
Something for my techie
students.
How
to build a Twitter "Hello World" web app in Python
As the documenters of
the API economy, ProgrammableWeb is producing a series of tutorials –
the “Hello World of APIs” – that demonstrates how to integrate
an application with the most significant API providers in the
industry, using a variety of the programming languages to achieve it.
Each tutorial will walk through the steps a developer will undertake
in understanding the API in question and ultimately an example of an
application to call the API.
… By the end of the
tutorial a developer familiar with Python should have sufficient
knowledge to be able to build an application of his or her own that
integrates with the Twitter REST API.
A good article for my IT
Governance and Risk Management class. This could have come directly
from the textbook. (Students, you have been warned!)
Security
Leaders - Welcome to the Spotlight
In
my previous
column, I discussed how many security leaders today are being
thrust into the lime light and the resulting pressures on both
careers and security needs. As I previously stated – being in the
spotlight and suddenly accountable to the company for enterprise
security is a double-edged sword.
Let
me talk through some of the things successful security executives
have shared with me from their accomplishments and challenges. I
believe sharing struggles and failures is just as important as
sharing successes, because
I’d rather learn from someone else’s mistakes.
1.
Learn and understand your business goals.
2.
Leave your comfort zone.
3.
Define your desired level of security
4.
Fail fast, recover faster.
A resource for Big Data,
and all my student researchers. I post a couple of my favorites, but
scan the entire list.
15 Massive
Online Databases You Should Know About
An invaluable
tool for students and academics alike, CiteSeerX is a
public search engine and digital library of academic and scientific
papers. Often considered the first automated citation indexing
system, it was the inspiration for Google Scholar and
Microsoft Academic Search. Though the latter has since been
integrated into the Bing search engine.
CiteSeerX focuses on indexing public
scholarly documents.
The reference site documents the collections of
over 72,000 libraries around the world, covering 170
countries and territories.
For ALL my students.
Learn how to communicate in the digital age! (...and again,
proofread!)
Before You
Send an Email, Run it Through This Checklist
Are you getting ready to send
an email to a friend or colleague? Wait! Don’t
click the send button just yet! Take your email and run it
through this email etiquette checklist! It will allow you make sure
you don’t do anything you’ll regret!
Via Outbox
Documents
[Also
at:
http://cdn.makeuseof.com/wp-content/uploads/2015/06/Outbox-Email-Etiquette-Infographic.jpg?5c03f7
At least learn what
Poison Ivy looks like. Not quite a Leaf Recognition App, but headed
that way. (If Face Recognition is called Facial Recognition, is this
App a Leafal Recognition App?)
Try
LeafSnap for Help Identifying Plants
LeafSnap
is a free iPad app
designed by Columbia University, Smithsonian, and the University of
Maryland for the purpose of helping people identify plants by taking
pictures of them on their iPads. With LeafSnap installed on your
iPad or iPhone you can take a picture of a leaf, upload it to the
app, and then the app’s visual recognition technology will help you
identify the name of the plant. It doesn’t work for all leaves and
you do need to isolate the leaf be before you take a picture of it.
In other words, you can’t just snap a picture of a big tree and ask
LeafSnap to identify it.
If taking pictures of
leaves is not a practical option for you and your students, LeafSnap
still has valuable content for you. LeafSnap offers a large gallery
of pictures of leaves. The gallery is organized alphabetically. Tap
on any picture in the gallery to see more pictures of the same leaf,
descriptions of the tree that it grows on, and where those trees
grow.
… Earlier this week
I shared the Merlin
Bird ID app that helps students identify birds.
Dilbert explains privacy
in the age of drones.
No comments:
Post a Comment