Saturday, August 22, 2015

Worth reading. (Stop smirking.)
Why The Ashley Madison Hack Is More Scary Than Funny
After almost two years of unending data breaches, everyone knows cybercrime is bad, damaging and dangerous. And yet the Ashley Madison hack made us smile
At the time of the breach, the group claiming credit, the Impact Team, made the breach known by posting a small amount of a supposedly larger cache of stolen (and identifying) user data and made Ashley Madison’s owner, Avid Life Media, an offer: take down the site, or see all the data go up for public consumption.
And then … nothing. For about a month the issue didn’t progress – Ashley Madison stayed up, and the data remained under wraps.
Until this week.
That’s when the whole breach went up on the Web in the form of a giant data dump. And this time around, smirks certainly abound.
The Ashley Madison hack in terms of the sheer amount of data was massive — 10 GB of data (and that was compressed) from over 33 million accounts
The Ashley Madison hack in terms of the sheer amount of data was massive — 10 GB of data (and that was compressed) from over 33 million accounts — or the equivalent of four motion pictures worth of data. And within those accounts is a virtual buffet of personal information.
Home addresses, 36 million email addresses, phone numbers, partial payment data, first and last names and hashed passwords — and financial transactions.
Paid extra for the premium “guaranteed affair within three months” service? That’s in the records. Paid the company to delete your account and forget they ever saw you? That’s there too. All in, records documenting 9.6 million transactions were included in the full data dump – all of which appeared on an Onion (Tor) website.
TrustedSec researcher Dave Kennedy wrote in a blog post. “This is much more problematic as it’s not just a database dump, this is a full scale compromise of the entire company’s infrastructure including Windows domain and more.”

(Related) An interview of the hackers. Apparently, there was no security.
Ashley Madison Hackers Speak Out: 'Nobody Was Watching'

(Related) Now this is curious. I wonder whose name they are trying to hide?
Now the UK’s Information Commissioner’s Office has posted something about the legalities concerning the Ashley Madison data leak. Simon Rice writes, in part:
Wherever your sympathies might lie in relation to the people identified in the published data set, the fact remains that such details are personal information, with certain protections in law.
Like many online attacks, the data protection response is international. In this case, we’re liaising with our counterparts in Canada, where the company is based.
But with cases like this, there is still a domestic aspect to consider.
Anyone in the UK who might download, collect or otherwise process the leaked data needs to be aware they could be taking on data protection responsibilities defined in the UK’s Data Protection Act.
Similarly, seeking to identify an individual from a leaked dataset will be an intrusion into their private life and could also lead to a breach of the DPA.
It’s worth noting too that any individual or organisation seeking to rely on the journalism exemption should be reminded that this is not a blanket exemption to the DPA and be encouraged to read our detailed guide on how the DPA applies to journalism.
Read more on the ICO’s blog.

How does a company screw up so spectacularly? What did they do wrong?
Peter Kafka reports:
No, Spotify doesn’t want to root around your phone’s address book, or your photos.
That’s the message the music service is sending out today — after clumsily suggesting otherwise earlier this week.
“We should have done a better job in communicating what these policies mean and how any information you choose to share will — and will not — be used,” the company says in a post attributed to CEO Daniel Ek. “We understand people’s concerns about their personal information and are 100 percent committed to protecting our users’ privacy and ensuring that you have control over the information you share.”
Read more on Re/Code.

This may come up in other elections this year. (There is still the possibility the comments were factual.)
Comcast releases username that suggested U.S. politician molested children
Comcast Cable Communications has given a northern Illinois politician the identity of an Internet service subscriber whose account was used to post an anonymous comment online suggesting the politician molests children.
Comcast turned over the name of the subscriber on Aug. 14, attorney Andrew Smith said Thursday, almost two months after the Illinois Supreme Court upheld lower court rulings that Internet service providers have no obligation to withhold the identity of a commenter if their comments could be considered defamatory.

This should raise “sexting” to interesting heights. Perhaps I can connect my dash-cam directly to my lawyer…
Comcast releases its livestreaming app to all subscribers
Comcast says its livestreaming app did very well during its limited release, so the company's now making it available to all Xfinity customers. The app, called Xfinity Share, gives you a way to broadcast video streams, photos and even previously recorded videos not just on your own TVs, but on other subscribers' TVs. It also lets you share from mobile to mobile, though, if that's more convenient. Xfinity Share used to be exclusive to Triple Play package customers, but now it can be accessed by every voice, video, home and internet subscriber. However, the recipient still needs to have an X1 DVR-ready set-top box to see what you're trying to send them on a bigger screen.
Say, you want to livestream your kids' next game to their grandparents' TV: just grab the app from iTunes or Google Play, then follow these instructions:
To stream to the TV, users just need to follow these simple steps: open the Xfinity Share app, select "Stream Live," select "Stream to other contacts," enter the home phone number or email address for the person you want to see the video, and click "Stream." A notification will pop up on that person's TV, and all that person needs to do to watch the live streaming is click the "Info" button on the X1 TV remote.

For my Website students.
Learn HTML and CSS with These Step by Step Tutorials

For all my students.
Turn Your iPhone Into A Personal Security Device for Emergencies

I must have a couple of students who are Dr Who fans…
How to Make Your Own Doctor Who Adventure for the BBC

I smile when I see this post. Evil ain't I?
Hack Education Weekly News
Via Education Week: “The Department of Education is asking for bids to design a prototype system to quickly evaluate ed-tech in K–12 schools, in hopes of making it easier for educators to figure out what works in products they purchase with federal funding.” [This will never happen. Bob]
… A US District Court judge has begun hearing a lawsuit brought against Compton Unified School District, claiming “trauma is a disability and that schools are required – by federal law – to make accommodations for traumatized students, not expel them.
… The ACT makes the case for multiple choice tests – they “can and do efficiently assess students’ higher-order thinking skills and reflect their real-world problem solving skills.”
Inside Higher Ed reports that there are 74,468 unique email addresses from .edu domains released as part of the hack of the Ashley Madison website.
… Gallup has released the results of a poll about the availability of computer science in schools. Among the findings, “just 7% of principals and 6% of superintendents surveyed report that demand for it is high among parents in their school or district.”

No comments: