Security breach damage keeps on occurring long
after the incident.
Dominic Patten reports:
Thousands of dollars in unauthorized credit card charges, attempts to open accounts under their names, and personal data showing up all over the Internet are just a few of the claims that Michael Corona, Christina Mathis and others are making in court documents filed last week. The former Sony Pictures staff members are saying that some of the things they were most afraid of happening as a result of the massive hack that savaged the company late last year have already happened. The lawsuit comes less than a month after Sony failed in its attempt to get the consolidated case tossed.
Read more on Deadline
Hollywood.
For my wino/geek friends.
Sarah Stierch has some additional stats on the
Missing
Link Network eCellar breach that affected so many wineries:
According to the California Department of Justice and Napa Valley Register, over 70 Napa Valley, Sonoma County and Santa Cruz County wineries were victims of an April cybercrime attack. The attack was recognized in late May.
Mysterious hackers acquired credit card information for upwards of 250,000 customers through eCellar, a customer management program used by wineries throughout the region.
They stole credit card information, names and birth dates of customers.
Read more on Sonoma
Valley Sun.
Things (from the Internet of Things) win their
court case. Would this extend to Apps?
Dan Churney reports:
The installation of smart electric meters by a city-owned utility does not amount to a violation of a homeowner’s constitutional rights against warrantless search, no matter how much data the meters might collect or transmit about a homeowner’s electrical use, a federal judge has ruled.
In federal court in Chicago, U.S. District Judge John Z. Lee rejected the argument brought by a grassroots group opposed to the installation of smart electrical meters in west suburban Naperville that the meters pose risks to privacy and health.
Read more on Cook
County Record.
(Related) They are called “Hydra Apps.” Cut
off the head and two more grow back.
If you’ve tried
Google Photos and didn’t like it, you probably deleted the app.
But you may not realize that, if you use Android, it’s potentially
still collecting and storing all of your photographs. Here’s how
to stop it.
David A. Arnott noticed this was the case when
hundreds of his images appeared on Google Photos even
though he’d deleted the app. The software, you see, uses the
central Google Settings menu to dictate whether photographs are
backed up to Google’s cloud—so if you don’t change those
settings, the uploads will continue to occur.
Would you expect anything less?
Hacking
Team Preparing to Launch New Surveillance Solution
As
many of the company’s tools and methods have become public
knowledge, Hacking Team is preparing to release a completely new
surveillance system.
Hackers
leaked last week 400GB of emails, documents, software, source
code, and exploits stolen from the systems of Italy-based
surveillance software maker Hacking Team. In a statement published
shortly after the incident came to light, the company stated that the
leaked source code allows anyone to deploy its software, including
terrorists and extortionists.
… Some
parts of the company’s flagship product, Remote Control System,
have been leaked, forcing the company to instruct customers to
suspend the use of its solutions. However, Hacking Team says the
attackers have not gained access to “important elements” of its
source code.
Furthermore,
Vincenzetti has pointed out that the exposed systems are “obsolete”
by now “because of universal ability to detect these system
elements.”
… Hacking
Team says it has isolated its internal systems to prevent additional
data exfiltration. [Strange
they didn't think of that before the hack. Bob]
You are respectable at home, everywhere else in
the world you're a scumbag – just ask Google.
Niemela v. Malamas, 2015 BCSC 2014
Roberto Ghignone writes:
The issue in this case was whether Google Inc. was required to remove links to defamatory posts from worldwide search results, rather than just Canadian search results.
The Plaintiff, Glenn Niemela, is lawyer based in the Vancouver area who has been the victim of online harassment and bullying. He alleges that the posts originate from one of his former clients who may be in biker gang. In the posts, Mr. Niemela is described as a scam artist and as dishonest. The posts first appeared in 2012 on various internet sites, including ripoffreport.com and reviewstalk.com. Mr. Niemela reported this to the police who spoke with a suspect. Subsequently, no further posts appeared.
Read more on Carswell The
Law of Privacy in Canada.
(Related) Was it an accident?
Interesting data leak.
Sylvia Tippman and Julia Powles report:
Less than 5% of nearly 220,000 individual requests made to Google to selectively remove links to online information concern criminals, politicians and high-profile public figures, the Guardian has learned, with more than 95% of requests coming from everyday members of the public.
The Guardian has discovered new data hidden in source code on Google’s own transparency report that indicates the scale and flavour of the types of requests being dealt with by Google – information it has always refused to make public. The data covers more than three-quarters of all requests to date.
Read more on The
Guardian.
For my Computer Security and Ethical Hacking
students. A “How to” guide for the other guys.
How to tell
if the person you're talking to on a dating app is trying to steal
your money
… Dating sites are, thankfully, getting better
at spotting who is using their service to send thousands of spam
messages. It's pretty easy to tell: They send the same message over
and over, often with the same link.
But there's a type of dating site scam that's far
trickier to spot, and the people who operate it claim to be making
thousands of dollars every month fooling vulnerable men.
Business Insider obtained a PDF guide that details
how scammers operate fake dating site profiles in order to con men
out of money. The guide isn't available for free, in fact, it was
being sold for Bitcoins on a deep web marketplace.
… The document, titled Adhrann's Updated
Dating Scam 2014, lays out a method for creating fake dating site
profiles, ensnaring men in conversation, and then pressuring them to
send money. The author claims that someone who operates the scam can
earn up to $15,000 (£9,700) every month if they operate the dating
scam full-time.
Interesting. If the folks who make the common
add-ons can't secure their software, the browser developers will!
(“Planning to fix” translates to “It's still broken”)
Mozilla
blocks Flash by default on Firefox browser
Adobe's Flash software is now blocked by default
on all versions of the Firefox web browser.
Mozilla, which develops Firefox, imposed the block
because recently unearthed bugs in Flash were being actively used by
cyber-thieves.
The bugs were detailed in a cache of documents
stolen from security firm Hacking Team that was hit by attackers last
week.
Adobe said it took Flash's security "seriously"
and was planning
bug fixes.
For the Ethical Hacking toolbox.
How to Get
the Password of WiFi Network You Are Connected To
Let the conspiracy theories begin! Also, watch
for dozens of clever amateurs to reverse engineer this technology
without talking about it on the Internet. It's far too valuable to
fade away.
Launch of
$200 device to access Wi-Fi anonymously mysteriously stopped in its
tracks
… At the
beginning of this month, security researcher Benjamin Caudill
from Rhino Security Labs unveiled Proxyham, a device small enough to
be slotted into a book and squirrelled away in a separate location
from the user in order to confuse Internet traffic tracking systems.
Proxyham is a $200 device made up of a Raspberry
Pi PC and antennas. The product uses low-frequency radio channels to
connect to public Wi-Fi hotspots up to 2.5 miles away, and if a
user's signature is traced, the only IP address which appears is from
the Proxyham box which can be planted far away from the user.
… Through
Twitter, Rhino Labs said "Effective immediately, we are
halting further dev on Proxyham and will not be releasing any further
details or source for the device."
However, it's not just development by the security
firm which has been stopped. Defcon attendees will no doubt be
disappointed, but units originally intended for distribution at the
security event will now no longer be available:
… In addition, Caudill will no longer be
hosting a talk at Defcon on the device, whistleblowers and the
challenge of being anonymous online.
… A link retweeted by Rhino Labs points
to a CSO article picking apart the situation for clues. As noted
by the publication, FFC licenses for the use of radio waves are
not an issue, neither are patent disputes at the heart of the matter.
As Proxyham has not been sold on, another
possibility is that of a National Security Letter. When
asked whether an NSL had been issued, Caudill only said "no
comment." [Translation:
“Absolutely, positively, and without a doubt.” Bob]
Be careful who you harass? Not everyone is
looking for bad things to write about you. Just don't delete all the
emails like the IRS did.
Filmmaker
Laura Poitras suing to shine light on travel detainment
by Sabrina
I. Pacifici on Jul 13, 2015
Via The
Intercept: “Over six years, filmmaker Laura Poitras was
searched, interrogated and detained more than 50 times at U.S. and
foreign airports. When she asked why, U.S. agencies wouldn’t say.
Now, after receiving no response to her Freedom of Information Act
requests for documents pertaining to her systemic targeting, Poitras
is suing
the U.S. government. In a complaint filed on Monday afternoon,
Poitras demanded that the Department of Justice, the Department of
Homeland Security, and the Office of the Director of National
Security release any and all documentation pertaining to her
tracking, targeting and questioning while traveling between 2006 and
2012. “I’m filing this lawsuit because
the government uses the U.S. border to bypass the rule of law,”
Poitras said in a statement. Poitras co-founded The Intercept
with Glenn Greenwald and Jeremy Scahill.”
Are prices like this enough to kick start
municipal fiber networks?
Comcast’s
2Gbps Fiber Service Costs Gut-Wrenching $300 Per Month, Adds $1K In
Startup Fees
Most is already available using an antenna and
individual subscriptions. Perhaps Comcast want to keep the “bundle”
going?
Comcast
reveals Stream, a $15 online TV package for Internet-only subscribers
Data for my students to play with...
Cities
leverage open data to share wealth of info with citizens
by Sabrina
I. Pacifici on Jul 13, 2015
Bianca
Spinosa, July 10, 2015: “Government agencies have no shortage
of shareable data. Data.gov,
the open-data clearinghouse that launched in May 2009, had more than
147,331 datasets as of mid-July, and state and local governments are
joining federal agencies in releasing ever-broader arrays of
information. The challenge, however, remains making all that data
usable. Obama administration officials like to talk about how the
government’s weather data supports forecasting and analysis that
support businesses and help Americans every day. But
relatively few datasets do more than just sit there, and
fewer still are truly accessible for the average person. At the
federal level, that’s often because agency missions do not directly
affect citizens the way that local governments do. Nevertheless,
every agency has customers and communities of interest, and there are
lessons feds can learn from how cities are sharing their data with
the public. One such model is Citygram.
The app links to a city’s open-data platform and sends subscribers
a weekly text or email message about selected activities in their
neighborhoods. Charlotte officials worked closely with Code for
America fellows to develop the software, and the app launched in
December 2014 in that city and in Lexington, Ky. Three other cities
– New York, Seattle, and San Francisco – have since joined, and
Orlando, Fla.; Honolulu; the Research Triangle area of North
Carolina; and Montgomery County, Md., are considering doing so…”
I could use it to control the computers we project
or feed to large screen TVs. The question is, could my students grab
control when my back is turned?
How to Turn
Your Android Phone or Tablet Into a Mouse and Keyboard for Windows
If you own an Android
phone and a Windows
PC with an Intel chipset, you can now control one with the other
using Intel’s Remote Keyboard app.
… In fact, this is a great way to repurpose an
old phone into a nifty trackpad for your PC! [Can
we buy a bunch of old Android phones cheap? Bob]
Please don't tell my wife, the Power Shopper.
Christmas
in July: Walmart, Amazon Throw Down in Epic Discount Battle
Walmart just crashed Amazon’s 20th
birthday party.
Last Week, Amazon announced
Prime Day, a massive, Black Friday-like sale to coincide with the
company’s 20th anniversary. This Wednesday, new deals
for Prime members are slated to appear on the site as often as every
ten minutes, Amazon said, across dozens of shopping categories.
But the world’s largest retailer is now seeking
to amp up its digital presence with an online sale of its own.
Beginning this Thursday, the day after Prime Day, Walmart is rolling
out “thousands of special deals” and “some special atomic
deals,” as well as adjusting its free shipping minimum from $50 to
$35 -- which is the same rate as Amazon.
As opposed to Amazon’s one-day event, Walmart’s
sale will last for 90 days, according
to USA Today.
(Related) and just because.
On Its 20th
Birthday, 20 Fascinating Facts About Amazon That You Didn't Already
Know
Coming this fall to a computer near you! Some
neat new stuff in Excel!
A Microsoft
Office 2016 Preview: Smart & Subtle Changes
… Office 2016 has been built from the
ground-up with mobile and cloud users in mind, slotting in with the
ever expanding
fleet of Microsoft productivity applications. Office is, in
general, a different set of tools from days gone by. We aren’t
confined to the five-or-so core products, and we can expand the
functionality of the Office ecosystem using a
massive range of add-ins and templates.
Microsoft has somehow boosted Excel even further
into
the data analytics stratosphere with a raft of new features:
- Inbuilt Business Intelligence: Microsoft hasn’t quite brought it all under one roof, but there are more export options to PowerBI. Power Query, an Office 2013 add-in, has made it into Office 2016 as standard. Power Query used a built-in JSON parser, which has also made its way into Excel to help build visualizations.
- Power Pivot: Essential data analysis tool Power Pivot has received a power boost and is now able to calculate and analyze millions upon millions of rows of data. Automating data grouping will provide a deeper analysis experience, along with updates for PivotTable and PivotChart.
- One-Click Forecasting: Excel automatically scans your worksheets, searching for data trends, and extrapolating into charts and tables.
- New Charts: Microsoft has moved a number of add-in charts to the standard build, including TreeMap, Sunburst, Waterfall, Histogram, and Pareto. Expect to see more charts appear as add-ins following the fall release.
No comments:
Post a Comment