Tuesday, July 14, 2015

Security breach damage keeps on occurring long after the incident.
Dominic Patten reports:
Thousands of dollars in unauthorized credit card charges, attempts to open accounts under their names, and personal data showing up all over the Internet are just a few of the claims that Michael Corona, Christina Mathis and others are making in court documents filed last week. The former Sony Pictures staff members are saying that some of the things they were most afraid of happening as a result of the massive hack that savaged the company late last year have already happened. The lawsuit comes less than a month after Sony failed in its attempt to get the consolidated case tossed.
Read more on Deadline Hollywood.

For my wino/geek friends.
Sarah Stierch has some additional stats on the Missing Link Network eCellar breach that affected so many wineries:
According to the California Department of Justice and Napa Valley Register, over 70 Napa Valley, Sonoma County and Santa Cruz County wineries were victims of an April cybercrime attack. The attack was recognized in late May.
Mysterious hackers acquired credit card information for upwards of 250,000 customers through eCellar, a customer management program used by wineries throughout the region.
They stole credit card information, names and birth dates of customers.
Read more on Sonoma Valley Sun.

Things (from the Internet of Things) win their court case. Would this extend to Apps?
Dan Churney reports:
The installation of smart electric meters by a city-owned utility does not amount to a violation of a homeowner’s constitutional rights against warrantless search, no matter how much data the meters might collect or transmit about a homeowner’s electrical use, a federal judge has ruled.
In federal court in Chicago, U.S. District Judge John Z. Lee rejected the argument brought by a grassroots group opposed to the installation of smart electrical meters in west suburban Naperville that the meters pose risks to privacy and health.
Read more on Cook County Record.

(Related) They are called “Hydra Apps.” Cut off the head and two more grow back.
If you’ve tried Google Photos and didn’t like it, you probably deleted the app. But you may not realize that, if you use Android, it’s potentially still collecting and storing all of your photographs. Here’s how to stop it.
David A. Arnott noticed this was the case when hundreds of his images appeared on Google Photos even though he’d deleted the app. The software, you see, uses the central Google Settings menu to dictate whether photographs are backed up to Google’s cloud—so if you don’t change those settings, the uploads will continue to occur.

Would you expect anything less?
Hacking Team Preparing to Launch New Surveillance Solution
As many of the company’s tools and methods have become public knowledge, Hacking Team is preparing to release a completely new surveillance system.
Hackers leaked last week 400GB of emails, documents, software, source code, and exploits stolen from the systems of Italy-based surveillance software maker Hacking Team. In a statement published shortly after the incident came to light, the company stated that the leaked source code allows anyone to deploy its software, including terrorists and extortionists.
Some parts of the company’s flagship product, Remote Control System, have been leaked, forcing the company to instruct customers to suspend the use of its solutions. However, Hacking Team says the attackers have not gained access to “important elements” of its source code.
Furthermore, Vincenzetti has pointed out that the exposed systems are “obsolete” by now “because of universal ability to detect these system elements.”
Hacking Team says it has isolated its internal systems to prevent additional data exfiltration. [Strange they didn't think of that before the hack. Bob]

You are respectable at home, everywhere else in the world you're a scumbag – just ask Google.
Niemela v. Malamas, 2015 BCSC 2014
Roberto Ghignone writes:
The issue in this case was whether Google Inc. was required to remove links to defamatory posts from worldwide search results, rather than just Canadian search results.
The Plaintiff, Glenn Niemela, is lawyer based in the Vancouver area who has been the victim of online harassment and bullying. He alleges that the posts originate from one of his former clients who may be in biker gang. In the posts, Mr. Niemela is described as a scam artist and as dishonest. The posts first appeared in 2012 on various internet sites, including ripoffreport.com and reviewstalk.com. Mr. Niemela reported this to the police who spoke with a suspect. Subsequently, no further posts appeared.
Read more on Carswell The Law of Privacy in Canada.

(Related) Was it an accident?
Interesting data leak.
Sylvia Tippman and Julia Powles report:
Less than 5% of nearly 220,000 individual requests made to Google to selectively remove links to online information concern criminals, politicians and high-profile public figures, the Guardian has learned, with more than 95% of requests coming from everyday members of the public.
The Guardian has discovered new data hidden in source code on Google’s own transparency report that indicates the scale and flavour of the types of requests being dealt with by Google – information it has always refused to make public. The data covers more than three-quarters of all requests to date.
Read more on The Guardian.

For my Computer Security and Ethical Hacking students. A “How to” guide for the other guys.
How to tell if the person you're talking to on a dating app is trying to steal your money
… Dating sites are, thankfully, getting better at spotting who is using their service to send thousands of spam messages. It's pretty easy to tell: They send the same message over and over, often with the same link.
But there's a type of dating site scam that's far trickier to spot, and the people who operate it claim to be making thousands of dollars every month fooling vulnerable men.
Business Insider obtained a PDF guide that details how scammers operate fake dating site profiles in order to con men out of money. The guide isn't available for free, in fact, it was being sold for Bitcoins on a deep web marketplace.
… The document, titled Adhrann's Updated Dating Scam 2014, lays out a method for creating fake dating site profiles, ensnaring men in conversation, and then pressuring them to send money. The author claims that someone who operates the scam can earn up to $15,000 (£9,700) every month if they operate the dating scam full-time.

Interesting. If the folks who make the common add-ons can't secure their software, the browser developers will! (“Planning to fix” translates to “It's still broken”)
Mozilla blocks Flash by default on Firefox browser
Adobe's Flash software is now blocked by default on all versions of the Firefox web browser.
Mozilla, which develops Firefox, imposed the block because recently unearthed bugs in Flash were being actively used by cyber-thieves.
The bugs were detailed in a cache of documents stolen from security firm Hacking Team that was hit by attackers last week.
Adobe said it took Flash's security "seriously" and was planning bug fixes.

For the Ethical Hacking toolbox.
How to Get the Password of WiFi Network You Are Connected To

Let the conspiracy theories begin! Also, watch for dozens of clever amateurs to reverse engineer this technology without talking about it on the Internet. It's far too valuable to fade away.
Launch of $200 device to access Wi-Fi anonymously mysteriously stopped in its tracks
… At the beginning of this month, security researcher Benjamin Caudill from Rhino Security Labs unveiled Proxyham, a device small enough to be slotted into a book and squirrelled away in a separate location from the user in order to confuse Internet traffic tracking systems.
Proxyham is a $200 device made up of a Raspberry Pi PC and antennas. The product uses low-frequency radio channels to connect to public Wi-Fi hotspots up to 2.5 miles away, and if a user's signature is traced, the only IP address which appears is from the Proxyham box which can be planted far away from the user.
Through Twitter, Rhino Labs said "Effective immediately, we are halting further dev on Proxyham and will not be releasing any further details or source for the device."
However, it's not just development by the security firm which has been stopped. Defcon attendees will no doubt be disappointed, but units originally intended for distribution at the security event will now no longer be available:
… In addition, Caudill will no longer be hosting a talk at Defcon on the device, whistleblowers and the challenge of being anonymous online.
… A link retweeted by Rhino Labs points to a CSO article picking apart the situation for clues. As noted by the publication, FFC licenses for the use of radio waves are not an issue, neither are patent disputes at the heart of the matter.
As Proxyham has not been sold on, another possibility is that of a National Security Letter. When asked whether an NSL had been issued, Caudill only said "no comment." [Translation: “Absolutely, positively, and without a doubt.” Bob]

Be careful who you harass? Not everyone is looking for bad things to write about you. Just don't delete all the emails like the IRS did.
Filmmaker Laura Poitras suing to shine light on travel detainment
by Sabrina I. Pacifici on Jul 13, 2015
Via The Intercept: “Over six years, filmmaker Laura Poitras was searched, interrogated and detained more than 50 times at U.S. and foreign airports. When she asked why, U.S. agencies wouldn’t say. Now, after receiving no response to her Freedom of Information Act requests for documents pertaining to her systemic targeting, Poitras is suing the U.S. government. In a complaint filed on Monday afternoon, Poitras demanded that the Department of Justice, the Department of Homeland Security, and the Office of the Director of National Security release any and all documentation pertaining to her tracking, targeting and questioning while traveling between 2006 and 2012. “I’m filing this lawsuit because the government uses the U.S. border to bypass the rule of law,” Poitras said in a statement. Poitras co-founded The Intercept with Glenn Greenwald and Jeremy Scahill.”

Are prices like this enough to kick start municipal fiber networks?
Comcast’s 2Gbps Fiber Service Costs Gut-Wrenching $300 Per Month, Adds $1K In Startup Fees

Most is already available using an antenna and individual subscriptions. Perhaps Comcast want to keep the “bundle” going?
Comcast reveals Stream, a $15 online TV package for Internet-only subscribers

Data for my students to play with...
Cities leverage open data to share wealth of info with citizens
by Sabrina I. Pacifici on Jul 13, 2015
Bianca Spinosa, July 10, 2015: “Government agencies have no shortage of shareable data. Data.gov, the open-data clearinghouse that launched in May 2009, had more than 147,331 datasets as of mid-July, and state and local governments are joining federal agencies in releasing ever-broader arrays of information. The challenge, however, remains making all that data usable. Obama administration officials like to talk about how the government’s weather data supports forecasting and analysis that support businesses and help Americans every day. But relatively few datasets do more than just sit there, and fewer still are truly accessible for the average person. At the federal level, that’s often because agency missions do not directly affect citizens the way that local governments do. Nevertheless, every agency has customers and communities of interest, and there are lessons feds can learn from how cities are sharing their data with the public. One such model is Citygram. The app links to a city’s open-data platform and sends subscribers a weekly text or email message about selected activities in their neighborhoods. Charlotte officials worked closely with Code for America fellows to develop the software, and the app launched in December 2014 in that city and in Lexington, Ky. Three other cities – New York, Seattle, and San Francisco – have since joined, and Orlando, Fla.; Honolulu; the Research Triangle area of North Carolina; and Montgomery County, Md., are considering doing so…”

I could use it to control the computers we project or feed to large screen TVs. The question is, could my students grab control when my back is turned?
How to Turn Your Android Phone or Tablet Into a Mouse and Keyboard for Windows
If you own an Android phone and a Windows PC with an Intel chipset, you can now control one with the other using Intel’s Remote Keyboard app.
… In fact, this is a great way to repurpose an old phone into a nifty trackpad for your PC! [Can we buy a bunch of old Android phones cheap? Bob]

Please don't tell my wife, the Power Shopper.
Christmas in July: Walmart, Amazon Throw Down in Epic Discount Battle
Walmart just crashed Amazon’s 20th birthday party.
Last Week, Amazon announced Prime Day, a massive, Black Friday-like sale to coincide with the company’s 20th anniversary. This Wednesday, new deals for Prime members are slated to appear on the site as often as every ten minutes, Amazon said, across dozens of shopping categories.
But the world’s largest retailer is now seeking to amp up its digital presence with an online sale of its own. Beginning this Thursday, the day after Prime Day, Walmart is rolling out “thousands of special deals” and “some special atomic deals,” as well as adjusting its free shipping minimum from $50 to $35 -- which is the same rate as Amazon.
As opposed to Amazon’s one-day event, Walmart’s sale will last for 90 days, according to USA Today.

(Related) and just because.
On Its 20th Birthday, 20 Fascinating Facts About Amazon That You Didn't Already Know

Coming this fall to a computer near you! Some neat new stuff in Excel!
A Microsoft Office 2016 Preview: Smart & Subtle Changes
… Office 2016 has been built from the ground-up with mobile and cloud users in mind, slotting in with the ever expanding fleet of Microsoft productivity applications. Office is, in general, a different set of tools from days gone by. We aren’t confined to the five-or-so core products, and we can expand the functionality of the Office ecosystem using a massive range of add-ins and templates.
Microsoft has somehow boosted Excel even further into the data analytics stratosphere with a raft of new features:
  • Inbuilt Business Intelligence: Microsoft hasn’t quite brought it all under one roof, but there are more export options to PowerBI. Power Query, an Office 2013 add-in, has made it into Office 2016 as standard. Power Query used a built-in JSON parser, which has also made its way into Excel to help build visualizations.
  • Power Pivot: Essential data analysis tool Power Pivot has received a power boost and is now able to calculate and analyze millions upon millions of rows of data. Automating data grouping will provide a deeper analysis experience, along with updates for PivotTable and PivotChart.
  • One-Click Forecasting: Excel automatically scans your worksheets, searching for data trends, and extrapolating into charts and tables.
  • New Charts: Microsoft has moved a number of add-in charts to the standard build, including TreeMap, Sunburst, Waterfall, Histogram, and Pareto. Expect to see more charts appear as add-ins following the fall release.

No comments: