Wednesday, July 29, 2015

For my Computer Security students. Know the enemy!
Symantec has released a paper on a Chinese cyberespionage group that they call “Black Vine.” I’m not sure how the Chinese would feel about that name, but in any event, Symantec writes:
In early 2014, Anthem was a victim of an attack that exposed 80 million patient records. The breach, which came to light in February 2015, is believed to be the work of a well- resourced cyberespionage group which Symantec calls Black Vine.
Anthem wasn’t Black Vine’s only target. Black Vine has been actively conducting its campaigns since 2012 and has been targeting several industries, including aerospace, energy, and healthcare. The group has access to zero-day exploits distributed through the Elderwood framework and has used these exploits as the same time that other advanced attack groups have, such as Hidden Lynx.
Black Vine typically conducts watering-hole attacks against websites that are relevant to its targets’ interests and uses zero-day exploits to compromise computers. If the exploits succeed, then they drop variants of Black Vine’s custom-developed malware: Hurix and Sakurel (both detected as Trojan.Sakurel), and Mivast (detected as Backdoor.Mivast). These threats open a back door on the compromised computers and allow the attackers to steal valuable information.
Based on our own analysis of the campaigns, along with support from open-source data, Symantec believes that some actors of Black Vine may be associated with an IT security organization based in Beijing called Topsec.
You can read their full report here (pdf).

(Related) Remember, we're officially pretending that China did not hack OPM. Be sure to keep our stories straight or Big Brother will be angry.
Michael Riley and Jordan Robertson report:
The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines.
United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.
Read more on Bloomberg.

Russians can hack too. This is quite clever.
Jeremy Kirk reports:
A group of suspected Russian hackers are using Twitter in a clever way to mask their data-stealing malware, according to computer security firm FireEye.
Hackers have long used social networking services for relaying commands to their malware. But FireEye says this group — which it calls APT 29 — has taken it to a new level that makes it very hard for companies to figure out if they’ve been hacked.
FireEye analysts found the malware, nicknamed Hammertoss, on one of its client’s networks earlier this year. APT 29 has taken several steps to try to mask its communication with Hammertoss to avoid detection, according to a new report.
Read more on PC Advisor.
[From the article:
Hammertoss has an algorithm that generates new Twitter handles every day. If APT 29's hackers want to communicate with Hammertoss, they register the Twitter account that the malware will try to contact that day.
The hackers are effectively using Twitter as a command-and-control server. Many companies are unlikely to block outbound connections to Twitter, and successful connections are unlikely to be viewed as malicious.
"When they see Twitter traffic, it's less suspicious," said Steve Ledzian, systems engineering director for FireEye in Asia.
The hackers post instructions for Hammertoss in a tweet. The tweet contains a URL and a hashtag. The URL leads to an image on another server that contains encrypted data using stenography, a method for concealing hidden data in an image or file.

This could be a significant breach, but the victim can't tell how significant.
Alex Boutilier reports:
Canadian government and law enforcement officials are scrambling to figure out how Anonymous got their hands on what the hacker collective calls cabinet-level secrets.
On Monday, individuals associated with (sic) released to the media the first in what they call a series of sensitive government documents.
They will continue to release documents until the RCMP officers who shot dead an Anonymous protester in Dawson’s Creek, B.C., are arrested, they said in a video.
Read more on The Toronto Star.

Now you can be whoever you want to be.
Facebook loses battle over users' fake names in Germany
Facebook has been prevented from stopping users in Germany creating accounts under false names.
The Hamburg data protection authority said the social network could not change people's chosen usernames or ask them to provide any official ID.
The ruling came after Facebook blocked an account set up by a woman using a pseudonym and changed it to her name.
Facebook said it was disappointed with the ruling, which German courts had previously said met European law.
"The use of authentic names on Facebook protects people's privacy and safety by ensuring people know who they're sharing and connecting with," the company said.
The company's real-name policy has been the subject of recent protests outside its headquarters in California from demonstrators, including drag queens, Native Americans and domestic violence victims who believe anonymity is crucial to their personal safety.

Here is how “We gotta do something!” could get you in trouble. Are you assuming responsibility for identifying potential violence by monitoring ALL social media used by your students? Do you know what social media your students prefer? Do you know which students post anonymously? Do you know what you are letting yourself in for?
we need to be able to know if it is credible” I agree. Good luck with that. Better have a few trained forensic psychologists on staff.
Oh, FFS. Seriously.
Amanda Ober reports:
Controversy surrounds the school district’s decision to monitor students’ and teachers’ social media posts.
Orange County Public Schools has started monitoring students’ and teachers’ social media posts with a new software program called “Snaptrends.” It allows the school district to search thousands of posts on sites like Twitter and Instagram to hunt for keywords that might indicate trouble. School officials said the goal is to flag potential dangers, including cyberbullying, suicide and crime.
“If they are sitting in a classroom and they are tweeting because they are mad at their teacher or their girlfriend for whatever reason, and there are some threatening words there, we need to be able to know if it is credible,” said Joie Cadle of the Orange County School Board.
Why are they even tweeting in school? And what rights do they have in the privacy of their own home if they want to vent about a teacher? I hope the kids are smart enough to mark their posts private and not public or protect their Twitter accounts and only allow people they know to follow them.
And how do the employees feel about having their social media posts made from home monitored by their employee?
[The software they use:
[Their Social Media Content Privacy Policy:

Things that your lawyer probably advised you not to do (wink wink) When they have you in the cross-hairs, don't do anything to convince them they are right.
Goodell rips Brady for destroying cellphone, beats Pats star to federal court
NFL Commissioner Roger Goodell escalated his war with league golden boy Tom Brady by taking the fight straight to federal court after upholding the 
Patriots quarterback’s four-game “Deflategate” suspension in a bombshell decision.
Goodell, in his 20-page ruling, also slammed this year’s Super Bowl MVP with new allegations of destroying his cellphone and erasing thousands of text messages.
Brady had been expected to appeal any penalties upheld by the NFL, but Goodell beat him to the punch, asking a New York federal court to back his decision.
… In confirming Brady’s four-game ban, Goodell revealed that the quarterback destroyed his cellphone — and the nearly 10,000 text messages it contained — on or about March 6, the same day he met with Ted Wells, the NFL-hired investigator. Brady’s representatives sent a letter to the league after his appeal hearing stating that his cellphone carrier [clearly Patriot fans Bob] told them “the text messages sent from or received from the destroyed 
cellphone could no longer be 
Brady testified that it is “his practice” to destroy his cellphone and SIM cards when he gets a new one. But Goodell questioned why Brady chose to do it despite knowing 
NFL investigators were looking for that information.

Shucks, that's just out of shotgun range. Maybe armed drones?
Amazon Proposes Drone Highway As It Readies For Flying Package Delivery
… During a conference at NASA’s Ames Research Center in Mountain View, Calif., Gur Kimchi, vice president of Amazon Prime Air, laid out the online retailer’s vision for how unmanned aerial vehicles (UAVs) would be able to fly while avoiding planes, buildings and other obstacles. Kimchi’s first public address as head of Amazon’s drone program introduced a broad operating framework for the developing drone industry, which he compared to the early days of the internet in an interview with FORBES before his speech.
… Because of this, Amazon suggested certain standards, centered on the segregation of airspace below 500 feet where drones would follow set rules for flying. In this space, drones would be connected to online networks and would directly communicate with each other, allowing for the automated control of flights in real time.
… In its proposal, Amazon suggested that drones fly between the ground and 400 feet, with the airspace between 400 and 500 feet of altitude and around airports designated as no-fly zones. Areas below 200 feet would be reserved for so-called “low speed localized traffic” where UAVs could be used to map agriculture fields, scan bridges or shoot videos. Potentially, that could also be the airspace where drones would be completing the final stages of their deliveries, landing near homes to drop off packages.
The areas between 200 and 400 feet would be reserved for a sort of drone highway. UAVs in this 200-foot range would likely be traveling autonomously at high-speeds and out of the line-of-sight of any operator.

For my Smartphone toting students (that's most of them) Some of these are free!
18 Best App Makers
Want to build an app for your business? Creating an app doesn't have to be rocket science. These days, anyone can make a professionally designed, fully functioning app — no tech skills necessary. Hiring an experienced app developer can set you back tens or even hundreds of thousands of dollars, an expense that simply isn't justifiable or feasible for most small companies. Instead, here are some of the best and most cost-effective DIY app makers for small business.

I prefer composing an old fashioned email. If I could tell (some of) my students what I think of their work without some time to cool off, I'd never make teacher of the year.
Google Now allows dictating messages on WhatsApp, Viber, WeChat
… The Google Now will be able to send messages using WhatsApp, Viber, WeChat, Telegram and NextPlus in English at launch, though Google plans to add more support for apps and languages in the future.
The users have to specify which app to use by saying 'OK, Google, send a WhatsApp message to ABC' and it will make and send the message through the proper service.

Why it's right good to write good.
Improve Your Writing to Improve Your Credibility

For all my students. Defend yourself. No one else seems to want to.
In reading news yesterday morning, I stumbled across a question posted on StackExchange:
I found my user details on already old, leaked account information list
I came across an old (>3 years) accounts information list which has been leaked to the web. The list included thousands (>10.000) of account details from a service or services. Apparently the event was a small-scale news item back in the days, so there’s not too much to do now, even if the one page I found would be removed from the web right now.
The query continues, but my immediate reaction was:
Why wasn’t this individual notified of the leak by the entity whose data were leaked?
Yes, we know that there are many leaks like this on a daily basis, and this refers to an incident a while back, it seems, but how many people may still be at risk over old leaks because they were never notified that their email addresses and weakly protected passwords were hacked and dumped? How many of us no longer even remember where we had accounts and where we may have used or re-used certain passwords?
At the very least, people should change their passwords on all current accounts to use stronger passwords or passphrases that are not re-used across sites. Now you, as a savvy reader of this site, know that already, but what about the general public?
And we really need stronger data breach notification laws. Even though we should be diligent in trying to protect ourselves, those who collect and store our information should be obliged to notify us when they have suffered a security failure that exposes our information. It really is as simple as that, and don’t let the business lobby spin it or try to convince you that breach notification fatigue will set in. Yes, maybe people will get tired of getting breach notification letters, but I think we need to let people decide whether to act on a notification or not, and not deprive them of the opportunity to make that decision for themselves.

It's free and probably worth it!

No comments: