If you don't have the skills to attack the ones
you hate, you can always hire a hacker to attack them for you. This
sounds like the hacker may have some inside help – pre-installed
software or human.
Jeff Stone reports:
Someone is tormenting Rutgers University. The New Jersey school announced on Monday it was fending off a distributed denial of service attack that crippled its Internet and Wi-Fi access. It’s just the latest cyberattack on a major U.S. research institution, and comes after a number of similar hacks against Rutgers, a school of approximately 65,000 undergraduate students.
Read more on International
Business Times.
Is this response Trump-esque? “I'll apologize
if I'm ever wrong?” Probably small as breaches go, but it might
come up in the campaign.
Norton Rose Fulbright, a law firm representing The
Trump Hotel Collection, is sending out notifications to customers who
used a payment card at Trump
International Hotel & Tower Las Vegas between May
19, 2014, and June 2, 2015.
They write:
Although an independent forensic investigation has not conclusively determined that any particular customer’s payment card information was taken from the Hotel’s payment card system or misused as a result of the incident, we are providing this notice out of an abundance of caution to inform potentially affected customers of the incident and to call their attention to some steps they may choose to take to help protect themselves.
While the independent forensic investigator did not find evidence that information was taken from the Hotel’s systems, it appears that there may have been unauthorized malware access to payment card information as it was inputted into the payment card systems. Payment card data (including payment card account number, card expiration date, security code, and cardholder name) of individuals who used a payment card at the Hotel between May 19, 2014, and June 2, 2015, may have been affected.
Those notified are being offer credit protection
monitoring if they are U.S. residents.
The notification
letter does not indicate how Trump Hotel Collection first became
aware of the malware, nor how many customers are being notified.
Note: As a reminder, Brian
Krebs broke the story in July about how the hotel collection
might be impacted, but it was not just one hotel that was suggested
as impacted, and the breach was thought to have begun in February,
perhaps. So here we are in September, and the hotel is still
claiming that there’s no evidence of data exfiltration or misuse,
months after banks suspected them as the common point of compromise?
Hmmm….
This is going to take some research. Are they
going to replace the software so it accurately shows a defective
engine (emissions too high) or will they replace (some or all of )
the engines? Sounds like the latter!
Volkswagen
to refit cars affected by emissions scandal
Volkswagen announced
plans on Tuesday to refit
up to 11 million vehicles and overhaul its namesake brand to try to
move on from the scandal over its cheating on diesel emissions tests.
New Chief Executive
Matthias Mueller said the German carmaker would ask customers "in
the next few days" to have diesel vehicles that contained
illegal software refitted, a move which some analysts have said could
cost more than $6.5 billion.
… Volkswagen's
Belgian importer, D'Ieteren, said it would offer engine upgrades to
800 customers who had ordered a vehicle with a diesel engine that was
likely to have been fitted with illegal software. The importer said
it would pay for the expected 2 million euros cost.
It might not be worth it to guarantee zero
downtime, but three times in one month is probably costing more than
an upgrading.
Mayday,
Slackers! Facebook Is Down.
Sorry, friends, “something went wrong.” For
the third time this month and the second time this week alone,
Facebook is down. The struggle is real.
The tech titan appears to be in a love-hate
relationship with its servers. Team Zuckerberg hasn’t issued an
official statement about what’s causing the frustrating blackout.
… Apparently it’s complicated, so much so
that this latest meltdown is going on 60-plus excruciating minutes.
That’s thousands of empty seconds of forever lost social snooping
and gluttonous oversharing for possibly billions of people the world
over. We might have to,
like, actually talk to each other.
My Ethical Hacking students have a new “best
target!” Nothing gets you in to .gov sites like a security
certificate from the people tasked with protecting them.
Raytheon
Gets $1 Billion Contract to Protect .Gov Networks
Waltham,
Mass.-based Raytheon said it would be the prime contractor and
systems integrator for the agency's Network Security Deployment (NSD)
Division, which is responsible for the National Cybersecurity
Protection System (NCPS). NCPS provides the infrastructure that
assists more than 100 federal civilian government agencies with the
security of their networks against cyber attacks.
Under
the contract, Raytheon said that it would lead a team “providing
full lifecycle development and sustainment” support. Specifically,
the company said that scope of work would involve providing NPPD with
design, development, and operations/maintenance services in support
of the NCPS, and “support government efforts to develop, deploy and
sustain systems that monitor, analyze and mitigate cyber threats to
.gov networks.”
Perspective.
U.S. Gov
Makes 5,221 Requests for Yahoo! User Data in First Half of 2015
In
its most recent transparency report,
Yahoo said that that these requests were made for data on a total of
8,424 accounts and that most of them had only non-content data (NCD)
shared, or basic information such as alternate e-mail address, name,
IP address, login details, billing information and other
transactional information.
In
addition to the requests for which only NCD was disclosed, which
totaled 3,174 between January 1 and June 30, Yahoo! received 1,258
requests for content disclosure (24 percent of requests), rejected
304 requests (6 percent), and could
not find data for 485 of them (9 percent). [Now
that is interesting. Bob]
The
company also revealed that it received between 0 and 999 National
Security Letters (NSLs) in the six months period, and that 0 to 999
accounts were specified in those NSLs.
Is
New Jersey leading or diverging?
NBC reports:
The state Supreme Court has reversed itself and put back into place an older standard for warrant-less searches by police during car stops.
Police can now search a vehicle without a warrant if they have probable cause to believe there is contraband or evidence of a crime as long as the circumstances that led to the probable cause are unforeseeable and spontaneous.
Read more on NBC.
h/t, @CarolOnAdvLaw
Update: Steve Bellovin points out
that WSJ has additional details, here.
My
blog is backed up. If nothing else, it might make an interesting
database to search for various security incidents. If your company
does not make backups, will you accept the versions the people suing
you have?
Make
Backups of Your Online & Social Media Accounts to Windows
They say that if something is on the Internet, it
stays there, in some form, forever. However, that is not strictly
true. If a company such as Google shuts
down one of their services, the data contained within will be
gone forever. Regular backups are essential, even for data located
in the cloud.
… Let’s look at different social media sites
and see how to download your history, for when you build your
Presidential Library.
Probably takes a bit more effort than the average
reader is willing to expend, but my students might try these if their
grade depended on it.
5 Tools to
Learn About and Protect Your Privacy
Coming soon? Perhaps I should grab one of these
and start planning a class. OR I could encourage my students to
create a cheap but sturdy VR holder so you can keep your hands free
for fighting dragons.
Microsoft
Has A Google Cardboard Competitor Called VR Kit
… Spotted on a website to promote a hackathon
in Russia, Microsoft is trying to attract developers to an upcoming
hackathon that will use the company’s VR-Kits. As you can see in
the image at the top of this post, the kit works by inserting your
Lumia into a cardboard box and then holding it to your face.
(Related) Or maybe we could build some VR
classes.
… Starting today, we’re bringing this
experience to thousands of schools around the world with the new
Expeditions Pioneer
Program. During the 2015/2016 school year, we’ll be bringing
“kits” containing everything a teacher needs to run a virtual
trip for their class: ASUS
smartphones, a tablet for the teacher to direct the tour, a
router that allows Expeditions to run without an Internet connection,
and Google Cardboard
viewers or Mattel View-Masters
that turn phones into virtual reality headsets.
Perspective. This is how dashboard creation
should work, inside the organization or on a website.
Berkman
Center Launches New Internet Data Dashboard
by Sabrina
I. Pacifici on Sep 28, 2015
“The Berkman Center for Internet & Society
at Harvard University is pleased
to announce the launch of the Internet
Monitor dashboard, a freely accessible tool that aims to improve
information for policymakers, researchers, advocates, and user
communities working to shape the future of the Internet by helping
them understand trends in Internet health and activity through data
analysis and visualization.
(Related) This is how the government does it.
Unlocking
Federal Talent
by Sabrina
I. Pacifici on Sep 28, 2015
“UnlockTalent.gov
is a comprehensive [???
Bob] data visualization dashboard created by the US Office
of Personnel Management to help Government leaders make data driven
decisions and design initiatives to increase employee engagement and
satisfaction.
For my students.
5 Research
Tools Students Often Overlook
When they're given a research assignment most
students immediately turn to Google to start their research.
Unfortunately, many students don't recognize that they are limiting
their research efforts by not going beyond Google.com to search.
Here are five research tools that I introduce to students to get them
to go beyond using Google.com.
1. School librarian and library resources.
2. Wolfram Alpha.
3. Google Books.
4. Google Scholar.
5. Duck Duck Go.
I want a fitness tracker just like Wally's!
No comments:
Post a Comment