Sunday, August 09, 2015

I read this as, “only 90,000 out of 2.4 million were encrypted.” Why not use the tool you have to protect everything?
Data watchdog investigates Carphone Warehouse hacking
The UK’s data watchdog is investigating a security breach at Carphone Warehouse, after the mobile phone retailer revealed that up to 2.4m customers may have had their personal information and bank details stollen by hackers.
… As many as 90,000 customers may also have had their encrypted credit card details accessed by the hackers.
… For Carphone Warehouse, the hack is embarrassing given the company’s ambition to become a leader in the so-called “internet of things”, or market for connected devices.

Another OPM update. My IT Governance students should find there is always more to discover.
Fox News reports:
The Office of Personnel Management’s inspector general is accusing a senior agency official of hindering their investigation into the massive breach of security clearance and personal information for millions of federal employees.
Inspector General Patrick McFarland claimed that OPM Chief Information Officer Donna Seymour slowed his investigation into the breach, and that while he has had a positive relationship with the OCIO in the past, recent events made him “question whether the OCIO is acting in good faith.”
Read the IG’s memo and more on Fox News.
[I particularly liked:

It appears that this breach will be amusing for quite a while. Grab some popcorn, sit back and enjoy the fireworks!
Joseph F. Welborn III discusses possible theories of liability for lawsuits against Ashley Madison in the wake of its massive databreach. He writes, in part:
One interesting theory of liability comes from an old common law tort that has been phased out legislatively in all but seven states – alienation of affections. In fact, this theory had been used against Ashley Madison on at least one occasion even before the data beach. In 2012, a man from North Carolina sued Ashley Madison after his wife used the website to meet another man, ultimately resulting in a divorce. While similar claims could exist even without the data breach, a release of the confidential information allegedly taken would very likely bring the website into the crosshairs of individuals who previously had no idea where their former spouse had connected with a paramour. The good news for Ashley Madison is that proximate causation and intent to alienate affections as to any one scorned husband or wife could present proof problems for potential plaintiffs. Plus, the fact that only seven states recognize such a claim will likely limit any perceived risk.
The more troubling issue of potential liability is based on a contractual or quasi-contractual theory that may be asserted by individuals who decided to delete their Ashley Madison account in the past.
Read more on Butler Snow.

When you really want to mess with someone... Kill them! Claim your inheritance/the insurance early?
Rush to Put Death Records Online Lets Anyone be 'Killed'
The process of having someone officially stamped dead by getting a death certificate issued typically involves a doctor filling out one form and a funeral home filling out another, according to Rock's research.
Once forms are submitted online, certificates declaring the listed person legally dead are generated.
A fatal flaw in the system is that people can easily pose as real doctors and funeral directors, Rock demonstrated to a rapt audience.
Doctors practising general medicine often don't bother setting up accounts at online portals for filling out information for death certificates.
An aspiring online assassin can step into that void, and borrow the identity of a doctor.
Setting up accounts requires a doctor's name, address, and medical license number. A basic Internet search will turn up that information, which is publicly available for the well-intended purpose of letting people check that physicians are legitimate before seeking care.
Drop down boxes containing illness categories and online guides are available for filling in "doctor speak" on forms and avoiding medical causes or circumstances that might trigger needs for autopsies or investigations, Rock's demonstration showed.

For my Ethical Hacking students. What would you pay to secure your $100,000+ Tesla?
This Hacker’s Tiny Device Unlocks Cars And Opens Garages
The next time you press your wireless key fob to unlock your car, if you find that it doesn’t beep until the second try, the issue may not be a technical glitch. Instead, a hacker like Samy Kamkar may be using a clever radio hack to intercept and record your wireless key’s command. And when that hacker walks up to your vehicle a few minutes, hours, or days later, it won’t even take those two button presses to get inside.
At the hacker conference DefCon in Las Vegas tomorrow, Kamkar plans to present the details of a gadget he’s developed called “RollJam.” The $32 radio device, smaller than a cell phone, is designed to defeat the “rolling codes” security used in not only most modern cars and trucks’ keyless entry systems, but also in their alarm systems and in modern garage door openers.

(Related) Amuse yourself by dumping those annoying neighbor kids.
Hackers Can Seize Control of Electric Skateboards and Toss Riders
… Healey, who works on security for payments company Stripe, teamed up with fellow researcher Mike Ryan, who works on security for eBay, to examine his and other electric skateboards to see if they could be hacked. The result is an exploit they developed called FacePlant [Very descriptive Bob] that can give them complete control of someone’s digital board.
“[The attack] is basically a synthetic version of the same RF noise [at that intersection in Melbourne],” he says, and allows them to cold stop a board or send it flying in reverse, tossing the rider in either case.

Interesting. Do Psychiatrists have the same prohibition? Ethics or PR?
By an overwhelming vote of 156-1 (with seven abstentions and one recusal)–so lopsided that it stunned even its proponents–the American Psychological Association’s Council of Representatives yesterday approved a resolution that the APA describes as “prohibit[ing] psychologists from participating in national security interrogations.”

Anything you do today can become a headline tomorrow. (And even criminals can read)
Leicestershire police 'ignore' attempted burglaries at odd-numbered houses
Attempted break-ins at odd-numbered houses were not fully investigated by one police force as part of an experiment to save money.
Leicestershire Police said the pilot scheme had had no adverse effect on public satisfaction or crime rates.
Results of the three-month trial are being evaluated and could see it rolled out throughout the East Midlands.
… He said: "This pilot suggests that we may need to reconsider how best to deploy crime scene investigators, especially if we are currently sending them automatically to scenes where, despite their professionalism and expertise, there is no evidence for them to retrieve."
… But Sir Clive Loader said he was not aware of the trial and "should have been informed" before it was put in place.
"Had I been consulted, I would have advised against it, particularly in light of the controls chosen which, to me at least, are unlikely to inspire much public confidence.
… Eric Tindall of Melton Mowbray Neighbourhood Watch said: "If you live on one side of the street you're going to get the 100% support and services from our police force, and on the other side you're going to get what's left over.
"It does announce to the criminal element, that they can go down one side of the street not being so cautious as to what they get up to, but on the other side they are going to be more cautious."

Competition is good. (This one is designed to work with MS Office)
Microsoft challenges Google with its own translator app
Watch out, Google. Microsoft now has its own translator app available for a variety of devices.
Released Thursday, Microsoft Translator is a new app designed by the software giant for iOS and Android users. The app supports phones and tablets as well as the Apple Watch and smartwatches that run Android Wear, Google's adaptation of its mobile software for wearables.
You can type or speak the word or phrase you want translated. In response, the app shows you the translated text on the screen and then speaks it for you. You can also and copy and paste text from and to other apps for translation

No comments: