Wednesday, July 08, 2015

I probably won't recommend that my Ethical Hacking students follow this business model. Probably.
Hacking Team Adobe Flash Zero-Day Exploited By Money-Hungry Criminals
In recent years, crypto luminary Bruce Schneier has noted that today’s surveillance tools are tomorrow’s cybercriminal playthings. Hacking Team has offered proof of that, as one of its zero-days – unpatched and previously-unknown software vulnerabilities – is being exploited by crooks.
The Adobe Flash zero-day uncovered in the trove of 415GB data leaked by the Hacking Team hacker has been packaged into “exploit kits”. Such kits sold for as much as $15,000 and used to launch attack code on web users’ PCs or phones as they peruse the internet. Two of the most popular kits, Angler and Neutrino, have adopted the Flash flaw. Anyone who visits a site or opens a file in which the exploit kits are hidden risks being infected with malware and having their data stolen, as Adobe has not yet provided a patch.
… Unlike many other vulnerability hunters, Hacking Team doesn’t disclose its findings to the vendors, leaving it open to criticism that it is failing to help protect users of popular software, even though it has the knowledge and the power to help.

Attackers Can Take Over Your PC Using Flash Player, Here's How to Stay Safe

Consider this today’s “must-read” report on surveillance. Cora Currier and Morgan Marquis-Boire report:
Documents obtained by hackers from the Italian spyware manufacturer Hacking Team confirm that the company sells its powerful surveillance technology to countries with dubious human rights records.
Internal emails and financial records show that in the past five years, Hacking Team’s Remote Control System software — which can infect a target’s computer or phone from afar and steal files, read emails, take photos, and record conversations — has been sold to government agencies in Ethiopia, Bahrain, Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, South Sudan, Azerbaijan, and Turkey. An in-depth analysis of those documents by The Intercept shows Hacking Team’s leadership was, at turns, dismissive of concerns over human rights and privacy; exasperated at the bumbling and technical deficiency of some of its more controversial clients; and explicitly concerned about losing revenue if cut off from such clients.
Read more on The Intercept.

A new website for my Computer Security students.
Cybersecurity Nexus
ISACA’s Cybersecurity Nexus™ (CSX) is the premier cyber security resource, offering everything you need to go beyond what’s expected and stay ahead of the curve in the ever-changing cyber landscape.
We are currently the only organization in the cyber security field that provides a single, comprehensive source for performance-based certification, networking, professional membership, training, and education. Whether you want to grow, learn, or connect with thought leaders in the industry, CSX will elevate your career today and tomorrow.

I doubt this is the end of it. Politicians are not interested in logic or truth when they want something. They certainly will ignore anyone they believe is less well known or “popular” than they are. Perhaps we could get Taylor Swift to endorse encryption?
Iain Thomson reports:
With congressional hearings due on Wednesday to discuss US government plans to force tech companies to install backdoors in their encryption systems, some of the leading minds in the security world have published a paper on how, and if, such a system would work.
The authors of the 34-page paper [PDF] read like a who’s who of computer security: they are Whitfield Diffie (who along with Martin Hellman invented public key encryption); crypto guru Bruce Schneier; Ronald Rivest (the R in RSA), Matt Blazer, the killer of the Clipper Chip; Professor Ross Anderson from Cambridge University; and 11 other senior figures in the field.
Read more on The Register.
@EFFLive will be live-tweeting tomorrow morning’s hearing where FBI Director Comey will testify about “going dark.” Read their comments here

So it's not just that guy from the Subway ads.
Nate Raymond reports:
A Federal Bureau of Investigation search warrant has provided a rare glimpse into the increasingly complex efforts of U.S. law enforcement to combat child pornography online, leading to the seizure this year of a website with nearly 215,000 users.
The search warrant, unsealed on Monday in federal court in Brooklyn, New York, showed that the FBI seized the website’s North Carolina server on Feb. 20 but allowed it to remain operating for about two weeks while authorities investigated its users.
Interestingly, they not only had a warrant, but permission to use some offensive hacking, it seems:
Before shutting down “Website A,” as court documents call it, on March 4, the FBI obtained a search warrant from a judge in Virginia that authorized it to use a technique that would cause a computer to send it data anytime a user logged on.
Read more on Reuters.

How common is this?
FBI seeks help in identifying 250 victims of 'sextortion' scheme
The FBI on Tuesday asked for the public's help in identifying some 250 victims of a Florida man who it says extorted teenage girls to send him explicit photos of themselves or engage in sexual behavior.
… According to court testimony, Chansler targeted about 350 girls in 26 U.S. states, three Canadian provinces and the United Kingdom in the "sextortion" scheme in which he typically posed as a 15-year-old boy who liked to skateboard.
… The agency said forensic analysis of Chansler's computer found hundreds of folders, each with a victim's name and personal information, containing chat logs, images and videos, some showing the girls crying or pleading with him not to expose them.
The FBI said it found in total some 80,000 images and videos in Chansler's possession.

I'm surprised this hasn't become a major Presidential campaign issue. After all, it combines current technology, millions of potential voters, health and narcissism, all dear to the heart of every politician. (Digest Item #2)
Russia Releases a Guide to Selfies
Selfies are now such an accepted part of everyday life that the Russian government has produced a guide to staying safe while taking selfies. The informational pamphlet suggests taking selfies may be much more dangerous than any of us previously realized, with a number of Russian teenagers having reportedly died doing this seemingly innocuous activity.
Thus, the Ministry of Internal Affairs (MVD) warns against taking selfies while driving, standing in the road, crossing railroads, driving a speedboat, standing on a roof, and many other rather obvious examples. The most obvious piece of advice included in the pamphlet is not to take a selfie while holding a gun. Because Charles Darwin knew what he was talking about.
The general theme here is be aware of your surroundings when taking a selfie. If you’re walking down some stairs or near a cliff-edge, doing so may not be such a good idea. Equally, if there are cars driving at you, or a dog snarling in your ear, now may not be the best time to whip out your phone and smile for your Facebook friends. Whatever happened to common sense? [It was never truly common. Bob]

(Related) Now that you're sober you want to hide the 'selfies' you took when you weren't.
Consumer Watchdog files FTC complaint on Right to be Forgotten
by Sabrina I. Pacifici on Jul 7, 2015
Consumer Watchdog news release: “Google’s failure to offer U.S. users the ability to request the removal of search engine links from their name to information that is inadequate, irrelevant, no longer relevant, or excessive is an “unfair and deceptive” practice, Consumer Watchdog said in a complaint today to the Federal Trade Commission. In Europe where the Internet giant has removed 41.3 percent of such links when requested, this is known as the “Right To Be Forgotten.” More accurately this ability is the “Right To Relevancy” or “Privacy By Obscurity” for the digital age, said Consumer Watchdog. “Google’s refusal to consider such requests in the United States is both unfair and deceptive, violating Section 5 of the Federal Trade Commission Act,” wrote John M. Simpson, Consumer Watchdog’s Privacy Project director. “We urge the Commission to investigate and act.” Google’s recent announcement that it would honor requests to remove links from its search results to so-called “revenge porn” – nude or explicit photos posted without the subject’s consent – shows that Google could easily honor Right To Be Forgotten requests in the U.S., Simpson said. “The Internet giant aggressively and repeatedly holds itself out to users as being deeply committed to privacy. Without a doubt requesting the removal of a search engine link from one’s name to irrelevant data under the Right To Be Forgotten (or Right to Relevancy) is an important privacy option,” Consumer Watchdog’s complaint said. “Though Google claims it is concerned about users’ privacy, it does not offer U.S. users the ability to make such a basic request. Describing yourself as championing users’ privacy and not offering a key privacy tool – indeed one offered all across Europe – is deceptive behavior.”

(Related) How to search for everything Google won't show you? Avoid any bias in your search? Something for the Big Data toolkit?
Gigablast plans to power search for Internet Archive
by Sabrina I. Pacifici on Jul 7, 2015
News release: “Shortly after releasing its web search engine as open source and available for free download, Gigablast, Inc. has inked a deal with the Internet Archive. Gigablast has agreed to provide search for the archive’s 400+ billion web documents. After conducting tests, the Internet Archive found that its users prefer the quality of Gigablast’s search results over the leading open source search engine solutions. “We’re proud to work with the archive to help unleash its true potential. Right now you can’t effectively search their hundreds of billions of documents. That’s going to change,” says Matt Wells, CEO of Gigablast. “We are providing them with the technical support to get Gigablast up and running. When we are done, they could be the biggest search engine ever created. They’ve tried the other search solutions out there and they can’t scale anywhere close to Gigablast’s levels. Gigablast is a proven, free solution that makes information discovery easy, and saves you time and money. It’s a considerable alternative to SOLR or elasticsearch.” Wells continues, “On a further note, there has been some confusion that Gigablast was recently acquired by a company called Yippy. This is untrue. Gigablast is still a thriving independent entity [emphasis added] and has no affiliation with Yippy, Inc.”

The new economics? A global virtual currency.
Citigroup Is Testing Its Own Bitcoin: 'Citicoin'
The day has come: Banks can’t ignore Bitcoin anymore. Not even the biggest of the big.
First up is Citigroup, the New York City-based global banking giant recently revealed to the International Business Times that it is developing its own version of Bitcoin. Predictably branded ‘Citicoin,’ the virtual currency was coded by Citigroup’s research and design arm, Citi Innovation. Still in the early testing phase, a patent has not been filed for the mainly open-source cryptocurrency, which is based off of Bitcoin and its core blockchain ledger technology, a chronological public ledger of all Bitcoin transactions that have ever taken place. This approach will allow for less complicated and less costly cross-border payments and other transactions.

Do you think they ask: “What would capitalists do?”
China Unveils New Steps to Prop Up Stocks, but Market Dives
China announced a flurry of new moves Wednesday to halt a stock market slide. The result? Another big dive in share prices.
The government told state companies and executives to buy shares, raised the amount of equities insurance companies can hold and promised more credit to finance trading.

For my IT Governance students.
Banking on Chief Data Officers
Gartner has predicted that 25 percent of organizations will employ chief data officers (CDOs) by 2017. The figure will be higher, 50 percent, in heavily regulated industries like banking and insurance, the research firm believes.
The financial services industry has a head start on many other industry sectors when it comes to appointing CDOs, found Capgemini. According to its report titled "Stewarding Data: Why Financial Services Firms Need a Chief Data Officer," nearly 16 percent of financial services companies have CDOs, vs. 11 percent in health care and 9 percent in the public sector, for example.

There might be something here for my older students too. Worth a quick look.
Join Me for a Morning and Afternoon of Free Webinars
On July 22nd Simple K12 is hosting a morning and afternoon of free webinars about Google tools for teachers. The webinars will start at 10:00am Eastern Time and run until 1:30pm Eastern Time.
… These free webinars are designed for folks who are new to using Google tools. Teachers who would like to pick up some tips for teaching others how to take advantage of the great things that Google has to offer will also enjoy the content of these webinars. Click here to register. will make the recordings available for 2 weeks following the event. But be sure to register so you will be notified.

(Related) We're no longer in a Microsoft controlled environment.
Google Docs vs. Microsoft Word: The Death Match for Research Writing
… now we are entering the era of the Cloud, and online solutions are gradually becoming the norm. The main player in this area is Google Docs which resides in Google Drive
… First off, Google Docs has got a few things going for it — it’s online, it’s free and it syncs across devices. That alone is probably enough for most people to abandon even the notion of going for Office, which has to be installed, probably on only one computer, and you have to continually copy your files over to a USB stick or email them to yourself.
… in Google Docs’ favor is the Research tool.
… as you write your paper, you can search for whatever you are looking for. It will also display information based on what you are working on. Drag and drop text from the Research toolbar into your paper. A click on the link adds it to your document, and a Cite button will helpfully add the selected page as a source in the footnotes for you.

“Stupid is as stupid does.” F. Gump
Cops hate this gun-shaped iPhone case

I think Wally has been coaching my students!

No comments: