Monday, August 03, 2015

Think of it as the difference between knowing my name and compiling a complete dossier on me. China might find that more useful when they need to target me. Crooks need “fullz” (see the next article), intelligence agencies prefer the full dossier.
Group that hacked Anthem shared weaponized 0-days with rival attackers
An attack in early 2014 on Anthem, the No. 2 US health insurer, was by most measuring sticks a historic hack, leading to the biggest healthcare data breach ever. New evidence unearthed by researchers from security firm Symantec, however, shows it was business as usual for the hacking group, which over the past three years has carried out more than a dozen similar attacks.
… The targeting of Anthem appears to reflect more of a secondary interest that was intended to further advance a primary interest in aerospace, energy, and other similar industries rather than to target healthcare information for its own sake.
"If someone just has Vikram's healthcare records, overall there's very little gain," Vikram Thakur, senior security researcher with Symantec, told Ars, as he described the motivations of the Black Vine group hacking Anthem. "But then you get healthcare information about a Vikram working for a government entity or a defense contractor, there is substantial value in that. This is the kind of data that's used in combination with something else to reach an entirely non-healthcare related goal."
… The revelations that Symantec has uncovered about Black Vine are important because they shed light on the way the Anthem and similar wholesale hacks are carried out. What later turned out to be a historic breach to defenders was in many ways a run-of-the-mill attack targeting not a primary but a secondary interest. It's not the first time such a follow-on attack has been observed. The 2011 breach of security firm RSA, which stole data that reduced the effectiveness of the SecurID two-factor product RSA sold, is widely believed to have been carried out to better penetrate defense contractors Lockheed Martin and L-3 Communications. Similarly, the 2013 hack of security firm Bit9 is widely believed to have been carried out to better target some of its customers.

Here’s what your stolen identity goes for on the internet’s black market
The going rate for a stolen identity is about twenty bucks.
Tens of millions of people have lost their private information in data breaches over the past few years. But what happens after that—how the data are leveraged for financial gain—remains murky. Many of those stolen records end up for sale on the anonymous, seedy area of the internet commonly known as the dark web.
Analyzing the sale of those records sheds some light on the vibrant market for stolen identities. On the dark web’s eBay-like marketplaces, the full set of someone’s personal information—identification number, address, birthdate, etc.—are known as “fullz.” We analyzed listings for individual fullz that were put up for sale over the past year, using data collected by Grams, a search engine for the dark web. Our question: How much is a stolen identity worth?
Among tens of thousands of records in the Grams data, we were able to identify more than 600 listings for individual identities—some including credit card information, others without. The listings ranged in price from less than $1 to about $450, converted from bitcoin. The median price for someone’s identity was $21.35.

We're continuing to learn the cost of “Free.”
Windows 10 commandeers users' upload bandwidth
Microsoft will use its customers' upload bandwidth to deliver Windows 10's updates and apps with a peer-to-peer technology resembling BitTorrent, a fact that has caught some by surprise.
Baked into Windows 10 is a new technology Microsoft dubbed "Windows Update Delivery Optimization" (WUDO) that is turned on by default for all editions of Windows 10. However, only some SKUs (stock-keeping units) -- notably Windows 10 Home and Windows 10 Pro -- are set to provide updates and apps to other devices when connected to the public Internet.
Windows 10 Enterprise and Windows 10 Education, volume-licensed SKUs for large companies and organizations, also have WUDO enabled, but default to sharing updates and apps only within a local network.

On the other hand...
Microsoft Edge review: Windows finally has a good browser
For two decades, the default web browsing experience in Windows has been Internet Explorer. Over the years, Microsoft’s home-built browser became bloated, insecure, confusing to use, and just plain hated by many users. A lot of people turned to alternatives, such as Google Chrome, as a result. With Windows 10 (check out our full review here), Microsoft went back to the drawing board and scrapped everything it had done so far with Internet Explorer. It built an entirely new browser from scratch, one that would shed all of the baggage of Internet Explorer and offer a modern, fast web browsing experience for Windows users. That browser is Edge.
Edge comes with Windows 10 out of the box. And I should say up top that Internet Explorer also comes with Windows 10, though it’s buried in the OS, and Microsoft says that’s largely for compatibility with legacy enterprise apps. But Edge is the default, and it will be available across Microsoft’s product line, from PCs to smartphones to Holo Lens and Surface Hub. Microsoft said it built Edge to be clean, tight, and responsive. In my tests, it mostly was. Edge feels really lightweight and fast — and in some cases bare-bones — which is a refreshing change from IE.

Apparently, maps add value to cars. I'd be curious to see how they calculate a price.
German Carmakers Buy Nokia’s Here Mapping Unit for $3 Billion
… Under the terms of the deal, a consortium of German automakers, including Audi, BMW Group and Daimler, will acquire Here. Digital mapping is part of an array of digital technologies on which carmakers are making big investments.
… The members of the German consortium said that they would use Nokia’s digital mapping unit for their own autonomous driving plans, but that they would be willing to license the technology to other companies.
“Our environment is constantly changing,” Rupert Stadler, Audi’s chairman, said in a statement. “That’s why the information in digital maps has to be continually updated so that maximum utility can be offered.”

Would you invest in pre-Civil War technology? Can anyone make money carrying passengers on rail lines?
Indiana, private carrier ink deal for passenger rail
Passenger rail service between Chicago and Indianapolis will be available every day under a two-year contract the Indiana Department of Transportation has signed with Amtrak and a private carrier.

“So many places to shop, so little time,” my wife's mantra. Is this the call investors hear?
To battle Amazon and Flipkart, Snapdeal is raising $500 mn from Alibaba, SoftBank, Foxconn
Online marketplace Snapdeal is set to raise $500 million (Rs 3,206.5 crore) in investment from Alibaba Group Holding Ltd, SoftBank Group Corp and Foxconn, the trading name of Hon Hai Precision Industry Co Ltd, a person familiar with the matter said on Monday.
… The firm competes with Flipkart Online Services Pvt Ltd and the local subsidiary of Inc in the country's online shopping market, which Morgan Stanley estimates will be worth $102 billion by 2020.

Don't just think hardware. Think of it as an App for your App.
Amazon lets anyone put Alexa voice control in their devices
Amazon released the Alexa Appkit last month in hopes that developers will create cool new features for the voice technology that powers the Echo. This time, the e-commerce giant is offering the Alexa Voice Service (AVS) itself as a developer preview, which both hobbyists and legit hardware manufacturers can integrate into their own connected devices. The best part is the company's allowing the use of its technology for free. "By adding Alexa to your device, your users can request and receive information in the same way they would from an Amazon Echo," the company's Getting Started Guide reads.

Always try to learn from somebody else's failures.
Inside the failure of Google+, a very expensive attempt to unseat Facebook
Create a social network or risk everything.
That was the original pitch for Google's Facebook rival, Google+, a refrain hammered over and over by the social network's chief architect, Vic Gundotra, in meetings with the company's top brass.
"Vic was just this constant bug in Larry's ear: 'Facebook is going to kill us. Facebook is going to kill us,'" says a former Google executive. "I am pretty sure Vic managed to frighten Larry into action. And voila: Google+ was born."
… Google launched Plus without a clear plan to differentiate the service from Facebook. It bet on a charismatic leader with a flawed vision, ignored troubling indications about the social network's traction (or lack thereof) with users and continued throwing features at the wall long after many had written Google+ off for dead.
… "It was absolute madness," one former Google+ employee says of the speed and "intensity" of the work during the crucial early months. "The best way to succeed in Vic's ecosystem is to be speedy. He has a bias for action. He may need to do more work on strategy."
… “What people failed to understand was Facebook had network effects," says Adams, the former Google+ user experience employee. "It’s like you have this grungy night club and people are having a good time and you build something next door that’s shiny and new, and technically better in some ways, but who wants to leave? People didn't need another version of Facebook."

An IP framework for Governance of the Internet?
IP JUSTICE JOURNAL: Internet Infrastructure and IP Censorship
by Sabrina I. Pacifici on Aug 2, 2015
By David G. Post – August 1, 2015 Full Article as .PDF
“Many scholars and other observers of developments in Internet governance, law, and policy have commented upon an unusual and important phenomenon that has become more widespread in recent years: using control over access to critical portions of the Internet’s technical infrastructure – the system comprising the underlying protocols for routing, naming, and addressing, along with related technical standards and the agreements, formal and informal, through which they are implemented across the Internet, what Laura DeNardis calls “Critical Internet Resources” (CIRs) – to enforce private and public law. Three examples illustrate the nature of this new phenomenon…”

For my “wanna be geeks.” Perhaps this would work for prototypes?
How to Make Video Games Without Any Programming
You want to build a video game. You’ve worked out a storyline, and various scenarios that can be modified to suit various genres. The problem is, your coding ability is poor.
So where do you go? The answer, of course, is to use a video game construction kit — a tool, or set of tools, intended to help people who don’t have traditional programming skills to build their own games.

The city of brotherly love? (Digest Item #1)
HitchBOT Is No More
HitchBOT, the cute, dustbin-shaped robot who loves hitchhiking, is no more. He was vandalized and decapitated in Philadelphia just a couple of weeks after setting off from Massachusetts, thereby ending his epic journey from one side of the United States to the other.
This hitchhiking robot had already completed journeys across Canada, Germany, and the Netherlands before its creators charged it with doing the same in the US.

Perhaps it is “who you know?” Or perhaps they are missing an opportunity?
New research exposes the 'glass floor' in British society
Less able, better-off kids are 35% more likely to become high earners than bright poor kids.
New research, conducted by Abigail McKnight of the London School of Economics for the Social Mobility and Child Poverty Commission, has exposed the reality of a ‘glass floor’ in British society that protects less able, better-off children from falling down the social ladder as they become adults.

Dilbert illustrates “Work smarter, not harder.”

No comments: