Oh, now you get serious about
security... (Rutgers is actually better than that.)
Speaking
of universities getting
hacked, Kelly Heyboer reports that multiple attacks on Rutgers
University that have resulted in the university investing
seriously in preventing the next attack.
Heyboer reports, in part:
It is unclear if one cyber attacker was responsible for the series of disruptions that knocked Rutgers’ vast computer network offline four times during the 2014-2015 school year. But, school officials said the attacks appeared to be related.
An alleged hacker who goes by the name Exfocus claimed responsibility for the attacks, boasting he or she was paid $500 an hour in Bitcoin by a client with a grudge against Rutgers to disrupt the university’s computer systems.
Exfocus taunted Rutgers officials and students on Reddit, Twitter and other social media sites last spring.
“Honestly, I am sitting here dumbfounded at the amount of incompetence displayed once again by the Rutgers IT department. I’m fairly certain I could run circles around all of you with my eyes closed, and one leg amputated,” Exfocus said in an April 29 post on the website Pastebin.
The hacker also allegedly gave a brief interview to a local tech blogger, who released a transcript of their conversation.
Read more on NJ.com,
Most schools do not have someone allegedly
arranging to DDoS them because of some grudge, but at any point in
time, any university may be fighting off numerous attacks as well as
phishing attempts. Given the wealth of data universities collect and
retain on students, investing in data security and training is not
only reasonable, but downright necessary.
Are these low-hanging fruit or is this hacker
better than average?
Well, they
can’t say they weren’t warned. The hacker who uses the nick
“JM511” has been busy hacking more universities and has dumped
some data from the University
of California at Los Angeles.
In a tweet last night, @JM511 noted that they had
been warned twice:
JM511 Hacker☠
@JM511
You've bEEn #warned #2times
@UCLA
2:37 AM - 23 Aug 2015
According to JM511, he warned them via email more
than one week before the attack. Minutes ago, he tweeted a link to
the data dump.
In the paste, JM511 included sample data from UCLA
tables that include userids, usernames, and passwords. Other tables
include university email addresses, first and last names, usernames,
and passwords. Most of the
passwords dumped were not plain-text, although one table
does appear to have plain-text passwords.
As he has done in other cases, JM511 posted
information about the system:
web application technology: Apache 2.2.2, PHP 5.2.5
back-end DBMS: MySQL 5.0.12
banner: ‘5.0.22-log’
[04:42:18] [INFO] fetching current user
current user: ‘celf@localhost’
[04:42:18] [INFO] fetching current database
current database: ‘celf’
UCLA is not the only university JM511 reports
attacking via SQLinjection and XSS, however. In other tweets
overnight, he also notified Western
Governor’s University in Utah, the University
of Minnesota, DePaul
University, and Northern
Illinois University that he had hacked them.
His tweets provide links showing the vulnerable urls that he used.
JM511 does not appear to have dumped any personal
data from those additional universities, but of concern, in another
tweet, he suggests that he may soon be dumping data from Southern
Illinois University, a university whose infosecurity
was found concerning in a 2014 audit.
Whether the universities’ social media teams
will understand his tweets to them and contact their university’s
IT security immediately remains to be seen.
A human perspective.
Here’s
what Ashley Madison members have told me
This would explain why politicians listen to
Google.
Researcher
claims Google can manipulate election results
by Sabrina
I. Pacifici on Aug 23, 2015
Politico.com,Robert
Epstein: “America’s next president could be eased into office
not just by TV ads or speeches, but by Google’s secret decisions,
and no one—except for me and perhaps a few other obscure
researchers—would know how this was accomplished. Research I have
been directing in recent years suggests that Google, Inc., has
amassed far more power to control elections—indeed, to control a
wide variety of opinions and beliefs—than any company in history
has ever had. Google’s
search algorithm can easily shift the voting preferences of undecided
voters by 20 percent or more—up to 80 percent in some demographic
groups—with virtually no one knowing they are being manipulated,
according to experiments
I conducted recently with Ronald E. Robertson. Given that many
elections are won by small margins, this
gives Google the power, right now, to flip upwards of 25 percent of
the national elections worldwide. In the United States,
half of our presidential elections have been won by margins under 7.6
percent, and the 2012 election was won by a margin of only 3.9
percent—well within Google’s control…”
Holding data is not a privacy violation. It's all
about how you use that data.
Katitza Rodriguez writes:
In March 2015, the United Nations Human Rights Council endorsed the creation of a special rapporteur on privacy. The landmark resolution, spearheaded by Brazil and Germany and cosponsored by 46 states, including 10 other Latin American countries, gives the right to privacy the international recognition and protection it deserves.
For Latin America, this resolution couldn’t have come at a better time. An alarming legislative trend is unfolding in several countries in the region, aimed at passing data retention laws that compel telecommunications companies to retain the details of customers’ activities for future review by government agencies. Such details include whom they communicate with, for how long and from where. No one is exempt from this data collection, which is kept available for law enforcement (and other government bodies) to examine in the future.
Read more on Americas
Quarterly.
Gee, it would be nice if the U.S. recognized a
right to privacy as a human right not to be trampled by government
agencies…
What world do school administrators live in?
Huh?
Schools Think Kids Don’t Want to Learn Computer Science
Times have never been better for computer science
workers. Jobs in computing are growing
at twice the national rate of other types of jobs. By 2020,
according
to the Bureau of Labor Statistics, there will be 1 million more
computer science-related jobs than graduating students qualified to
fill them.
If any company has a vested interest in
cultivating a strong talent pool of computer scientists, it’s
Google. So the search giant set out to learn why students in the US
aren’t being prepared to bridge the talent deficit. In a big
survey
conducted with Gallup and released today, Google found a range of
dysfunctional reasons more K-12 students aren’t learning computer
science skills. Perhaps the most surprising: schools
don’t think the demand from parents and students is there.
… A full nine in ten parents surveyed viewed
computer science education as a good use of school resources. It’s
the gap between actual and perceived demand that appears to be the
problem.
Hey! I like those Chrome extensions, let me copy
them to Firefox!
Mozilla
Bringing Chrome Extensions To Firefox: Here's The Good And The Bad
In a major announcement, Mozilla has announced
that Firefox will be implementing a new extension API that will be
compatible with the one used by Chrome and Opera. Basically, many
Chrome extensions could soon be coming to Firefox.
The API, called WebExtensions API, will mean that
developers will only need to make a few small changes to their code
in order to bring their extensions to Firefox. So, while users won't
be able to install Chrome extensions themselves to Firefox, many
developers will likely make the small alterations in order to cater
to Firefox users.
For the next time I teach statistics. (My
students need to look outside the US)
Eurostat –
Your key to European statistics
by Sabrina
I. Pacifici on Aug 23, 2015
“Eurostat’s
mission: to be the leading provider of high quality statistics on
Europe. Eurostat
is the statistical office of the European Union situated in
Luxembourg. Its task is to provide the European Union with
statistics at European level that enable comparisons between
countries and regions. This is a key task. Democratic societies do
not function properly without a solid basis of reliable and objective
statistics. On one hand, decision-makers at EU level, in Member
States, in local government and in business need statistics to make
those decisions. On the other hand, the public and media need
statistics for an accurate picture of contemporary society and to
evaluate the performance of politicians and others. Of course,
national statistics are still important for national purposes in
Member States whereas EU statistics are essential for decisions and
evaluation at European level. Statistics can answer many questions.
Is society heading in the direction promised by politicians? Is
unemployment up or down? Are there more CO2 emissions compared to
ten years ago? How many women go to work? How is your country’s
economy performing compared to other EU Member States? International
statistics are a way of getting to know your neighbours in Member
States and countries outside the EU. They are an important,
objective and down-to-earth way of measuring how we all live.”
For my science fiction reading students.
2015 Hugo
Award Winners Announced
Dilbert predicts future technology law?
No comments:
Post a Comment