Thursday, July 02, 2015

Interesting that a judge had to explain attorney-client privilege to lawyers in his courtroom. If this turns out to be widespread, I think even Warren Buffet will be impressed with the cost. (I would never recommend this type of hacking to my Ethical Hacking students.)
Mike Heuer reports:
Major worker’s compensation insurers, including a Berkshire Hathaway company, hacked into thousands of confidential legal files to save money on judgments and settlements, an Angeleno claims in a federal class action.
Hector Casillas claims the insurers “hacked into privileged and confidential litigation files of thousands of individuals litigating worker’s compensation cases against them. The defendants stole these files from servers used by law firms representing the individual litigants and used the illegally obtained information to obtain a litigation advantage.”
Casillas claims the insurers hacked into tens of thousands legal files, including about 5,000 from Reyes & Barsoum, a prominent worker’s compensation law firm in California.
Read more on Courthouse News.
Courthouse News was unable to reach counsel for the parties to obtain any statements about this lawsuit, but it’s certainly one to watch.
[From the article:
He claims that attorneys for Reyes & Barsoum first suspected the hacking during an April 20, 2014 hearing when attorneys Ching and Mendoza revealed they had Casillas' "attorney-privileged intake packet" that bore Rony M. Barsoum's name at the top of the first page and contained the retainer agreement Casillas had signed.
When the judge asked how Ching and Mendoza had obtained the confidential file, they gave several explanations before saying they didn't know, Casillas says.
The judge declared the documents to be protected by attorney-client privilege and ordered Ching and Mendoza to turn them over to Reyes & Barsoum, along with any others that might turn up after a "diligent search," the complaint states.

Does Harvard teach Computer Security?
Melanie Y. Fu reports:
Harvard is investigating a security breach to its Faculty of Arts and Sciences and central administration information technology networks that administrators say may have compromised email login information.
The breach was discovered on June 19, according to a joint statement from Provost Alan M. Garber ’76 and Executive Vice President Katie N. Lapp released Wednesday, and the University is working with federal law enforcement officials and security experts on an investigation.
Garber and Lapp’s statement maintained that officials currently “have no indication that personal data or research data have been exposed,” [Translation: “We asked the security guys to keep us in the dark.” Bob] but administrators are urging affiliates of several University schools to change their Harvard email passwords in response to the incident. 
Read more on Harvard Crimson.
The breach had previously been noted on Vulnerable Disclosures on June 24:

Probably not related to “Trump the Presidential candidate.”
Donald Trump's hotel chain is likely victim of credit card data breach
Donald Trump’s hotel chain appears to be the latest victim of a credit card data breach, according to cybersecurity blog Krebs on Security.
Sources at major banks say they’ve traced patterns of fraudulent debit and credit card charges to accounts that have been used at Trump Hotel Collection resorts since at least February. Affected locations include Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York.

Something for my Computer Security students to play with in the Security lab.
Deutsche Telekom, Intel Partner to Develop IoT Honey Pots
German telecom giant Deutsche Telekom has teamed up with Intel Security on a joint research project to develop and deploy honey pots that can be embedded in any device, including smartphones and other connected (IoT) devices.
Deutsche Telekom's honeypot project was started in 2010, and currently runs about 180 honeypot sensors as part of its early warning system, which identifies upwards of 600,000 attacks per day.
Under the alliance, the network will be expanded by adding new sensors, which will “attract criminals looking for open ports or systems that do not have the latest security software.”
For those interested in deploying their own honey pot, Deutsche Telekom's Community Honey Pot Project offers a number of different honey pot options, along with resources, including ISO Images for Ubuntu, Scripts, and documentation.

A good article for my Risk management students. Best Practices?
Defending Against the Insider - Strategies From the Field
… The threat from insiders is very real, and in many cases an insider has significantly greater potential to harm an organization than an external attacker does.
Role-Based Access – It may sound like advice from 1997, but role-based access is one of the most overlooked and under-developed pieces of many enterprise IT strategies. As companies grow, expand and add employees, roles and responsibilities tend to shift. Coupled with the cumbersome processes of provisioning and de-provisioning access which takes time and resources, many companies simply opt for an “all-access” strategy. This generally means that the administrator who is watching the front desk has access to the same human resources files containing salary information as the vice president of the human resources department.
Privileged Access Management (PAM) – Every enterprise needs administrators and those with ‘root’ access to critical resources. These people are the watchers, and a higher level of trust is placed in them to do what is right and be good corporate stewards. But whether unintentionally or otherwise, those with privileged access can make mistakes. ... They should not use built-in ‘administrator’ or ‘root’ accounts in lieu of personal accounts tied to a specific person. In the event something goes wrong, the organization has a way of determining who is doing something questionable, rather than trying to understand who was using the root account.
Privileged-Role Separation – One organization not only has user and privileged accounts for each of their system administrator users, but they also have separate physical computers (now moving to virtual machines) for administrative and non-administrative activity.
Honeypots – Where allowed by local and corporate laws, honeypots can be a valuable indicator of malicious activity.

I think it's more likely to be “Social Media Attention Deficit Disorder.”
Snapchat Debuts Tap To View And Nearby Friends Tool, Boosts Security Features
A few months ago, Snapchat’s CEO Evan Spiegel hinted that the app’s hold-to-watch feature was on its way out. As of Wednesday, users no longer need to keep a finger on their screens to view a snap or story. Users can now tap to view content instead.
The new feature is one of several product updates Snapchat announced on Wednesday in a post. ‘Tap to view’ could dismay some advertisers who liked that users needed to actively touch their screens to view an ad on the service. However, the feature should please avid users with restless fingers and could encourage them to watch even longer videos, including ads.
This means no more tired thumbs while watching a several-hundred-second Story… and a little getting used to for anyone who has been Snapchatting for a while,” the company said.

Perspective. Who is in the “four comma” club? If the limit is roughly $2.2 Trillion, how many possible mergers would be “forbidden?”
Federal Reserve Board releases first determination of aggregate consolidated liabilities of all financial companies
by Sabrina I. Pacifici on Jul 1, 2015
“The Federal Reserve Board on [July 1, 2015] released its first determination of the aggregate consolidated liabilities of all financial companies in accordance with section 622 of the Dodd-Frank Act, which prohibits any financial company from combining with another company if the resulting company’s liabilities exceed 10 percent of the aggregate consolidated liabilities of all financial companies. As of December 31, 2014, aggregate financial sector liabilities was equal to $21,632,232,035,000. This number will be the measure of aggregate consolidated liabilities for the purposes of section 622 of the Dodd-Frank Act from July 1, 2015 through June 30, 2016. Aggregate financial sector liabilities generally equal the sum of the financial sector liabilities of all financial companies.

IE falls below 55% market share as Chrome and Firefox gain
In June 2015, we saw Microsoft Edge branding finally show up in Windows 10, as well as the first full month of Chrome 43 and Firefox 38 availability. Now we’re learning that Microsoft’s current browser, Internet Explorer, has finally fallen below the 55 percent market share mark.
The news is a stark reminder that for many months to come, we’ll be watching Edge slowly but surely steal share from IE. It will take years before IE becomes completely irrelevant on the Web.

Suggests an area of specialization my students might want to explore.
5 facets of the coming Internet of Things boom
Predictions that the Internet of Things (IoT) will usher in a new era of prosperity get some backing in a new study by consulting firm McKinsey & Company.
The study estimates that the annual value of IoT applications may be equivalent – in the best case – to about 11% of the world's economy in 2025. That's based on a number of assumptions, including the willingness of governments and vendors to enable interoperability through policies and technologies.
[From the study:
Currently, most IoT data are not used. For example, on an oil rig that has 30,000 sensors, only 1 percent of the data are examined. That’s because this information is used mostly to detect and control anomalies—not for optimization and prediction, which provide the greatest value.

Perspective. Is this because we talk (and text) only with “Friends” as defined by Facebook.
Pew – Americans, Politics and Science Issues
by Sabrina I. Pacifici on Jul 1, 2015
“One of the key trends in public opinion over the past few decades has been a growing divide among Republicans and Democrats into ideologically uniform “silos. A larger share of the American public expresses issue positions that are either consistently liberal or conservative today than did so two decades ago, and there is more alignment between ideological orientation and party leanings. Against this broader backdrop, some have come to worry that many – if not all – the issues connected to science are viewed by the public through a political lens. However, the Pew Research Center finds in a new analysis of public opinion on a broad set of science-related topics that the role of party and ideological differences is not uniform. Americans’ political leanings are a strong factor in their views about issues such as climate change and energy policy, but much less of a factor when it comes to issues such as food safety, space travel and biomedicine. At the same time, there are factors other than political party and ideology that shape the public’s often-complex views on science matters. For instance there are notable issues on which racial and generational differences are pronounced, separate and apart from politics.

Will “in my Smartphone” replace “under my mattress” as the world-wide bank of choice? (Digest Item #3)
PayPal Transfers Money to Xoom
PayPal has acquired Xoom for around $900 million (or $25 per share). The two companies are a natural fit, with money transfer service Xoom allowing people to send money to themselves or others online or on mobile devices.
This acquisition augments PayPal’s payments service. However, the real reason PayPal is buying Xoom is to gain a foothold in countries such as Mexico, India, the Philippines, China, and Brazil, where Xoom has a significant presence.

(Related) Upgrade your distracted driving from texting to video phone calls.
Best Smartphone Apps for Free Cross-Platform Video Calls
… As the leader in this area, Microsoft’s Skype is the app by which we compare all others. With versions for all three major desktop platforms, and for the main three mobile platforms, Skype is the big player. It’s easy to pickup your mobile and make a video call to a friend on their PC, smartphone or tablet. The Xbox One, PlayStation Vita, and various Smart TVs also have Skype apps.

I'm guessing that Facebook has noticed that their users have ears and they want to pull money out of them.
Facebook is in talks with major music labels — but nobody knows why
Apple Music has only just launched, but the music streaming business could be about to get even more crowded: Facebook is apparently in talks with multiple major labels.
The Verge's Micah Singleton reports that the social network is talks with Sony Music Entertainment, Universal Music Group, and Warner Music Group about "getting into music," according to "multiple sources." It plans to do something "unique," that may tie into video — but it's all still early days.

(Related) See what I mean?
Facebook tests a new way to show video - and make money from it

No comments: