Thursday, August 20, 2015
Something my Computer Security students should be talking about.
Ashley Madison data breach Q&A
This was always going to be a huge incident given not just the scale of the number of accounts impacted by the Ashley Madison breach (well over 30M), but the sensitivity of the data within it. However the interest has surprised even me – I loaded the breached data into Have I been pwned? (HIBP) about 8 hours ago and I’m presently seeing about 30k visitors an hour to the site. I’ve had a commensurate number of media and support queries such that I just can’t respond to them all individually so I’m putting together this Q&A instead.
(Related) Do you think they will be treated as fairly as any other company that suffered a breach?
… The apparent release last night of personal information for 32 million registered users of AshleyMadison.com, a website for connecting people who want to have affairs, is likely to have much more profound consequences. Impact Team, the group of anonymous hackers who are taking credit for the breach, sought to have Ashley Madison’s website taken down in protest of the company’s business practices and its encouragement of adultery. But the practical impact of the breach is likely to be much broader. There are a lot of threads here, and it’s worth sorting them out.
The consequences for Ashley Madison are likely to be catastrophic. A CEO who routinely bragged about the company’s privacy features now seems likely to face a barrage of lawsuits from members who have found their information exposed. And a site that depends on privacy and security to earn members’ trust may find it impossible to win it back.
You should try hard to learn from bad management so you don't need to make the same mistake.
How Victims Can Regain Control Mitigate Threats in Wake of OPM Breach
by Sabrina I. Pacifici on Aug 19, 2015
“In June 2015, the Nation learned that the personnel records of 21.5 million United States citizens had been exfiltrated by an unknown adversary from the Office of Personnel Management, one of the largest known breaches in the history of the U.S. Government. The immediate public outcry included congressional hearings attributing the breach to OPM administrators and nation states and a nationwide media frenzy consumed with criticizing the government’s cybersecurity posture. Noticeably absent from the response however has been sustained and meaningful support for the victims of the breach. In ICIT’s most recent legislative brief entitled “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach“, the Institute for Critical Infrastructure Technology (ICIT) Fellows discuss the short-term (6-12 months), medium-term (1-5 years) and long-term (5-10+ years) threats faced by federal agencies and victims of the OPM breach. The brief also provides recommendations on how agencies and victims can mitigate these risks through a combination of vigilance, governance, and technology. This brief will be distributed and presented to members of the House and Senate, federal agency technology leaders and members of the critical infrastructure community.”
For my IT Governance students who might have thought really big companies never made mistakes.
Google lost data after lightning hit Belgian data center
Despite the popular saying, lightning does strike twice, or even four times — as it did at a Google data center in Belgium last Thursday, causing problems for the next several days and leading to permanent data loss for a small percentage of unlucky users.
The problem began when the facility lost power briefly during one of the late-summer thunderstorms common in the area. That caused problems with reading or writing data for about five percent of disks in the data center. Most were fixed but data on .000001% of the center’s total disk space was lost. “In these cases, full recovery is not possible,” the company said in a statement.
Google accepts full responsibility for the incident and says it is making upgrades to prevent something like this from happening again.
In retaliation, detect the Ad Blockers and require a Captcha to prove the user is human? Add a very obvious watermark?
The great philosopher Homer Simpson once memorably described alcohol as “the cause of and solution to all of life’s problems.” Internet advertising is a bit like that — the funder of and terrible nuisance baked into everything you do online.
… Now, more and more web users are escaping the daily bombardment of online advertising by installing an ad blocker. This simple, free software lets you roam the web without encountering any ads that shunt themselves between you and the content you want to read or watch. With an ad blocker, your web browser will generally run faster, you’ll waste less bandwidth downloading ads, and you’ll suffer fewer annoyances when navigating the Internet.
Ad blocking has been around for years, but adoption is now rising steeply, at a pace that some in the ad industry say could prove catastrophic for the economic structure underlying the web. That has spurred a debate about the ethic of ad blocking. Some publishers and advertisers say ad blocking violates the implicit contract that girds the Internet — the idea that in return for free content, we all tolerate a constant barrage of ads.
An interesting application of the Internet of Things and some wise advice.
Meet Ring, the connected door bell company that just scored Richard Branson as an investor
… The doorbell attaches to the side of the house and can connect to existing wiring or work off a battery. When someone rings the doorbell it opens an app that runs on the user’s mobile phone. The user can see and communicate with the person at the door through the app, which comes in handy for home security, or if you’d simply like to tell the FedEx carrier where to drop a package.
That last use case is how Branson found the company. A visitor to his island spoke with a delivery person who rang his doorbell, all while thousands of miles away. Branson was intrigued enough to ask questions—immediately—of Siminoff over email. Later Branson offered to invest. “When Richard Branson asks if he can invest in your company, I think there’s only one answer you can give,” Siminoff says.
The “gig economy” keeps expanding.
Popular ride-hailing company Uber is expanding its food delivery service, UberEats, to San Francisco.
… Uber has touted its food service as an "ultrafast" alternative to traditional delivery and online competitors such as GrubHub and TakeoutTaxi.
… It’s same cashless payment as an Uber ride. So just tap the app, meet your driver outside, and enjoy."
Mobile Messaging and Social Media 2015
… 2015 marks the first time Pew Research Center has asked specifically about mobile messaging apps as a separate kind of mobile activity apart from cell phone texting. And already, according to a new survey, 36% of smartphone owners report using messaging apps such as WhatsApp, Kik or iMessage, and 17% use apps that automatically delete sent messages such as Snapchat or Wickr.
… The results in this report reflect the noteworthy and rapid emergence of different kinds of communications tools serving different social needs.
… Overall, this survey found that 85% of adults are internet users and 67% are smartphone users.
Interesting. Is Australia the cheapest place to sell bonds?
Apple launches iBonds in Australia
US technology giant Apple has formally launched a "benchmark"-sized Australian dollar corporate bond issue, its first ever sale in the currency, with order books swelling to $1.2 billion within two hours.
… The company said the intended use of proceeds are for 'general corporate purposes' including share buy-backs, dividend payments and to fund working capital, capital expenditure, acquisitions and debt repayments.
Apple which has so far raised $US50 billion ($68 billion) of debt since May 2013 has a cash balance of over $US200 billion, but since most of the funds are in offshore jurisdictions it borrows money to return funds to shareholders to avoid paying a large tax bill.
Yep, the Democrats are distancing themselves because they think she's going to tank. Small players so far, but I expect it will grow.
Clinton comes under friendly fire
… Martin O’Malley (D), the former governor of Maryland who remains mired in low single digits in most polls, said during an appearance on CBS’s “Face the Nation” on Sunday that Clinton faced “a legitimate question” over her use of the server.
O’Malley also pointedly asserted that such a question could be answered by “Secretary Clinton and her lawyers,” a clear reference to the choppy legal waters into which Clinton appears to be sailing.
On Monday, Eugene Robinson, the Pulitzer Prize-winning liberal opinion-writer for the Washington Post, published a column excoriating the Democratic frontrunner, under the headline, “Hillary Clinton is her own worst enemy.”
… Before her latest comments, Dan Pfeiffer, a former senior adviser to President Obama, offered a backhanded compliment in an interview with the Washington Post while seeking to defend Clinton.
“She isn’t as natural a politician as Barack Obama or Bill Clinton, but that’s like saying Scottie Pippen isn’t as talented as Michael Jordan or Magic Johnson,” Pfeiffer said.
Given the comparison, and Clinton’s new stumbles on Tuesday, Pfeiffer’s comments only seemed to underline Hillary Clinton’s perceived political deficiencies to both her husband and Obama.
… Julie Roginsky, a former aide to Sen. Frank Lautenberg (D-N.J.), told Fox News’s “Media Buzz” over the weekend that the criticism Clinton had received was “deserved and it is entirely self-inflicted by Hillary Clinton…
You don't need to actually meet anyone, just use your App to find the skills you need, then email them.
LinkedIn's New Employee Directory App 'Lookup' Could Boost Daily Activity On Its Network
On Wednesday, the Mountain View, Calif.-based professional social network launched Lookup, an employee directory app aimed at letting users easily find, learn about and contact their coworkers, through in-app messaging or by email. Lookup is available on Apple iOS and will reach Android soon, the company said.
… LinkedIn also says the app doesn’t compete with office chatroom services like Slack or Hipchat. Instead, it’s intended to spark just enough dialogue to lead to a phone call, meeting or email exchange. The standalone app is free and currently isn’t monetized.
… Lookup is part of a larger plan by LinkedIn to make more products that satisfy companies’ internal needs.
The next Big Thing? Probably not, but definitely a trend.
5 Best Practices for Fast Data
As vendors and users testified at last month's In-Memory Computing Summit, the relatively low cost of flash memory is driving databases and apps toward leveraging Fast Data – mobile and sensor cloud data – using systems whose storage is predominantly or even entirely composed of main and flash memory. One use case cited by a presenter employed one terabyte of main memory and one petabyte of flash.
What is driving this shift in databases and the applications that use them?
Increasingly, enterprises are realizing that "almost-real-time" handling of massive streams of data from cars, cell phones, GPS and the like is the new frontier -- not only of analytics but also of operational systems that handle the Internet of Things (IoT). As one participant noted, this kind of real-time data-chewing not only allows your car to warn of traffic ahead, but also to detect another car parked around the corner in a dangerous position.
(Related) How to make fast, faster.
… Today, at the ACM SIGCOMM conference, we are presenting a paper with the technical details on five generations of our in-house data center network architecture. This paper presents the technical details behind a talk we presented at Open Network Summit a few months ago.
From relatively humble beginnings, and after a misstep or two, we’ve built and deployed five generations of datacenter network infrastructure. Our latest-generation Jupiter network has improved capacity by more than 100x relative to our first generation network, delivering more than 1 petabit/sec of total bisection bandwidth. This means that each of 100,000 servers can communicate with one another in an arbitrary pattern at 10Gb/s.
For my Python programming students (and my Math students). Download the free ebook!
This company is using insanely complicated math to save its customers tons of cash
Analysts estimate that the market for data analytics — the industry term for sifting through mountains of data until you actually learn something useful from it — will hit $125 billion this year.
… To get all of your data nice and tidy for analysis, it has to go through a process called "ETL," which stands for "extract, transform, load." It can be a costly, time-consuming, and error-prone process.
ETL software can cost big enterprises hundreds of thousands of dollars in licensing; hiring consultants to put it all into place can drive the price tag into the millions.
Enter Algebraix Data, a California-based data analytics startup that's changing the equation with what it calls "data algebra."
… For the first five years of the company's existence, Algebraix played its cards close to the chest and kept data algebra as a company secret.
But just recently, the company has started to open the door a little bit: It's published a book by two of its in-house mathematicians called "The Algebra of Data," and it's made the core data algebra algorithms available for any programmer anywhere to download.
The gist is that Algebraix is hoping to force data algebra into the spotlight, placing itself into the center of what it hopes becomes the next wave of analytics. Other programmers can use Algebraix's technology, but as the inventors, and the holders of the patents, the company stands to profit most.
More arrows in Cable's back?
Cut the Cord Forever With These 15 TV Streaming Channels
Tools for students. Make following easier.
How to Turn Any Website into an RSS Feed