Thursday, August 06, 2015

I can't find any details that confirm this as “sophisticated,” but every computer security manager would like to believe they did not fall victim to a well known and easily countered threat. If this was a simple spearfishing attack, the real effort might be to find everyone who clicked on the malware link and clean their computers to keep from re-infecting.
On July 28, CNN reported:
The unclassified email network used by Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, and hundreds of military and civilian personnel was taken offline over the weekend after suspicious activity was detected, the Pentagon confirmed to CNN on Tuesday.
Yesterday, The Daily Beast reported that the attack was much worse than we might have thought from initial reports:
The hacking of the Joint Chiefs of Staff email network on July 27 marked the “most sophisticated” cyberbreach in U.S. military history, Department of Defense officials concede. Various government officials are working to revamp parts of their network in response. In the meantime, officials have spent the last 10 days scrubbing the system and creating mock hacking scenarios before giving military personnel access to it again.
The attack on the Joint Staff network involved “new and unseen approaches into the network,” one of the defense officials told The Daily Beast. After scrubbing it, putting in new protections and red teaming potential attacks, “we are sharing the lessons learned with the rest of government.” According to a second defense official, the attack was a spear phishing attack targeting the personal information of scores of users. The attack was so sophisticated officials are investigating whether a “state entity” was involved, the official said.
So… is there any connection between the disclosed attack and a recently claimed Department of Defense hack by “Remember EMAD,” a group that has been described as a “joint Lebanese and Iranian effort – high likely state-backed” (Network Security Report). Since August 1, when Remember EMAD said they would be dumping data, they’ve not posted anything that I’ve found so far, but I’m wondering whether the types of files they describe would be found on the unclassified Joint Chiefs of Staff network:
– deals with contractors
– products being discussed to send overseas to various geos
– id and social security of the dod personnel involved
Just a coincidence? Maybe (probably?), but if anyone has additional details, please contact

(Related) Maybe not so sophisticated.
Pentagon shuts down Joint Chiefs' email network
… The Pentagon refused to release many details about the attack, even what the "suspicious activity" was; instead downplaying the hack as a run-of-the-mill cyber attack that caused minimal damage.

On those rare occasions when I venture into a Target will they find the fact that I do not have a smartphone threatening? Will they ask security to keep an eye on me, because their automated systems can't?
Target Rolls Out New Pilot Program To Track Customers In Stores
The company is testing a network of beacons in 50 of its stores that will be able to tell where customers are in the store and use that information to send targeted deals to their smartphones.
… Following successes at SXSW and NBA games, and with companies like Apple and Facebook pushing the technology, beacons seem poised to become the next big thing in location technology. Retailers have been especially interested in them. Corporations’ longstanding dreams of Starbucks having your Frappuccino ready as soon as you’re in the door or the Gap sending you a coupon as you walk by the storefront are finally being made real. Or that’s what retailers are hoping, at least.
Beacons can provide much more accurate location information than GPS or Wi-Fi. Using GPS, a phone can tell where you are on a street. Using Bluetooth, a phone can tell where you are in a room — close to a stereo that’s on sale, for example.
… It also likely means targeting customers based on their previous shopping habits. It’s not surprising that Target is an early adopter of beacons. It has already been so adept at mining customer data that it could, notoriously, predict when a customer was pregnant in order to mail them coupons. Target is attempting to bring that kind of data to its physical spaces and use this burgeoning technology to optimize the shopping experience to save its customers money and time. And of course, it’s going to learn a lot about them in the process.

Read and consider.
Dream of Free and Open Internet Dying, Lawyer Says
… The annual Black Hat computer security conference in Las Vegas kicked off Wednesday with a keynote address from Jennifer Granick, director of Civil Liberties at the Stanford Center for Internet and Society. Granick said that while the Internet needs to be reasonably safe in order to be functional, it's no longer the revolutionary place it was 20 years ago.
No one is murdering the dream of an open Internet, she said, but it's withering away because no one is prioritizing its protection. On top of that, new Internet users are coming from countries whose citizens aren't protected by a Bill of Rights or a First Amendment.
"Should we be worrying about another terrorist attack in New York, or about journalists and human rights advocates being able to do their jobs?" she asked.
Granick also railed against the federal Computer Fraud and Abuse Act, which carries sentences of up to 10 years in prison for a first-time offense. It does nothing to prosecute countries like China that launch state-sponsored attacks against the U.S. government and major companies, along with other dangerous hackers based overseas, she said. But, she added, it often hits small-time American hackers with unfairly harsh prison sentences.

I'm so confused. Different and differing rulings every day.
Court: Cops need warrants for cellphone location data
A federal court ruled on Wednesday that the government cannot obtain information about a cellphone's location without a warrant.
The split decision from the 4th Circuit Court of Appeals concluded that warrantless searches of cellphone data are unconstitutional, a victory for privacy advocates who have sought new protections for people’s information.
“We conclude that the government’s warrantless procurement of the [cell site location information] was an unreasonable search in violation of appellants’ Fourth Amendment rights,” Judge Andre Davis wrote on behalf of the majority of the three-judge panel.
“Examination of a person’s historical [cell site location information] can enable the government to trace the movements of the cellphone and its user across public and private spaces and thereby discover the private activities and personal habits of the user,” he added. “Cellphone users have an objectively reasonable expectation of privacy in this information."

For my Forensics students.
Obstructions Vanish From Images Treated With New Software From MIT, Google
In a mesmerizing video, a researcher explains the math behind what seems like magic — photographs in which the view is obscured by things like chain-link fences and reflections become free of clutter with just a few clicks.
Researchers at MIT and Google have created an algorithm that uses multiple images taken from different angles to separate foreground obstacles from the subject that's in the background — anything from your favorite view or a sign in a window on a bright day.

Europay, MasterCard, and Visa developed the standard, and apparently used it to shift liability.
Many small businesses not ready for EMV chip cards - Wells Fargo
In the quarterly small business survey, less than half (49 percent) of small business owners who accept point-of-sale card payments today report being aware of the October 1 liability shift, the date when a card issuer or merchant that does not support EMV chip card technology will assume liability for any fraudulent point-of-sale card transactions.

Tools & Techniques.
What is Periscope and How Do I Use It?
Periscope, the live streaming video mobile app purchased by Twitter in February of 2015, has been the talk of the town since its official launch on March 26.
… Simply put, Periscope enables you to “go live” via your mobile device anytime and anywhere. The app enables you to become your own “on the go” broadcasting station, streaming video and audio to any viewers who join your broadcast.
… Once a broadcast is over, others can watch a replay, and even provide feedback, within Periscope for up to 24 hours. After that, the broadcast is removed from the app.
Never fear however, each of your broadcasts can be saved to your mobile device and, once you’ve got it there, it can be published and shared online just like any other video.

Could be useful.
Microsoft launches Sway out of preview along with new Windows 10 app, revamps for sharing Office files
Microsoft today announced its content aggregation and presentation application Sway has hit general availability. That means the digital storytelling tool is launching out of preview for consumers and releasing to all eligible Office 365 for business and education customers worldwide. Microsoft is also introducing a Sway app for Windows 10 and revamping for sharing not only Sway files, but all Office documents.
… Sway launched as a preview in October 2014, becoming the first new app to join the Office product family in years. The premise is simple: Let users create presentations for the Web using text, pictures, and videos, regardless of what device they’re using (phones, tablets, laptops, PCs, and so on).

Students might use this to create Study Groups! Naah.
Tinder’s First Non-Dating Feature Is Speed Networking For Forbes’ 30 Under 30
Forbes is building a social networking app exclusively for these millennial leaders, which will launch at its 30 Under 30 Summit in Philadelphia on October 4. The goal is to stoke this community into somewhat of an alumni network that attracts more powerful youngsters to the Forbes empire. It will offer a directory of members, a feed where they can post social media stories or polls, and the option to message each other.
But to break the ice, Forbes worked with Tinder and its co-founder Sean Rad who made the 30 list in 2014 to build a speed-networking feature. Members can swipe through profiles of fellow prodigies of both sexes, see their industry and description, and if both people swipe right, they’ll be invited to chat.

Think supplemental if your school isn't using these.
Open Textbook Library

Community College Consortium for Open Educational Resources

My IT Governance students are giving presentations on Saturday, I've got to remember this one! Thanks Dilbert.

No comments: