Tuesday, September 29, 2015

If you don't have the skills to attack the ones you hate, you can always hire a hacker to attack them for you. This sounds like the hacker may have some inside help – pre-installed software or human.
Jeff Stone reports:
Someone is tormenting Rutgers University. The New Jersey school announced on Monday it was fending off a distributed denial of service attack that crippled its Internet and Wi-Fi access. It’s just the latest cyberattack on a major U.S. research institution, and comes after a number of similar hacks against Rutgers, a school of approximately 65,000 undergraduate students.

Is this response Trump-esque? “I'll apologize if I'm ever wrong?” Probably small as breaches go, but it might come up in the campaign.
Norton Rose Fulbright, a law firm representing The Trump Hotel Collection, is sending out notifications to customers who used a payment card at Trump International Hotel & Tower Las Vegas between May 19, 2014, and June 2, 2015.
They write:
Although an independent forensic investigation has not conclusively determined that any particular customer’s payment card information was taken from the Hotel’s payment card system or misused as a result of the incident, we are providing this notice out of an abundance of caution to inform potentially affected customers of the incident and to call their attention to some steps they may choose to take to help protect themselves.
While the independent forensic investigator did not find evidence that information was taken from the Hotel’s systems, it appears that there may have been unauthorized malware access to payment card information as it was inputted into the payment card systems. Payment card data (including payment card account number, card expiration date, security code, and cardholder name) of individuals who used a payment card at the Hotel between May 19, 2014, and June 2, 2015, may have been affected.
Those notified are being offer credit protection monitoring if they are U.S. residents.
The notification letter does not indicate how Trump Hotel Collection first became aware of the malware, nor how many customers are being notified.
Note: As a reminder, Brian Krebs broke the story in July about how the hotel collection might be impacted, but it was not just one hotel that was suggested as impacted, and the breach was thought to have begun in February, perhaps. So here we are in September, and the hotel is still claiming that there’s no evidence of data exfiltration or misuse, months after banks suspected them as the common point of compromise? Hmmm….

This is going to take some research. Are they going to replace the software so it accurately shows a defective engine (emissions too high) or will they replace (some or all of ) the engines? Sounds like the latter!
Volkswagen to refit cars affected by emissions scandal
Volkswagen announced plans on Tuesday to refit up to 11 million vehicles and overhaul its namesake brand to try to move on from the scandal over its cheating on diesel emissions tests.
New Chief Executive Matthias Mueller said the German carmaker would ask customers "in the next few days" to have diesel vehicles that contained illegal software refitted, a move which some analysts have said could cost more than $6.5 billion.
… Volkswagen's Belgian importer, D'Ieteren, said it would offer engine upgrades to 800 customers who had ordered a vehicle with a diesel engine that was likely to have been fitted with illegal software. The importer said it would pay for the expected 2 million euros cost.

It might not be worth it to guarantee zero downtime, but three times in one month is probably costing more than an upgrading.
Mayday, Slackers! Facebook Is Down.
Sorry, friends, “something went wrong.” For the third time this month and the second time this week alone, Facebook is down. The struggle is real.
The tech titan appears to be in a love-hate relationship with its servers. Team Zuckerberg hasn’t issued an official statement about what’s causing the frustrating blackout.
… Apparently it’s complicated, so much so that this latest meltdown is going on 60-plus excruciating minutes. That’s thousands of empty seconds of forever lost social snooping and gluttonous oversharing for possibly billions of people the world over. We might have to, like, actually talk to each other.

My Ethical Hacking students have a new “best target!” Nothing gets you in to .gov sites like a security certificate from the people tasked with protecting them.
Raytheon Gets $1 Billion Contract to Protect .Gov Networks
Waltham, Mass.-based Raytheon said it would be the prime contractor and systems integrator for the agency's Network Security Deployment (NSD) Division, which is responsible for the National Cybersecurity Protection System (NCPS). NCPS provides the infrastructure that assists more than 100 federal civilian government agencies with the security of their networks against cyber attacks.
Under the contract, Raytheon said that it would lead a team “providing full lifecycle development and sustainment” support. Specifically, the company said that scope of work would involve providing NPPD with design, development, and operations/maintenance services in support of the NCPS, and “support government efforts to develop, deploy and sustain systems that monitor, analyze and mitigate cyber threats to .gov networks.”

U.S. Gov Makes 5,221 Requests for Yahoo! User Data in First Half of 2015
In its most recent transparency report, Yahoo said that that these requests were made for data on a total of 8,424 accounts and that most of them had only non-content data (NCD) shared, or basic information such as alternate e-mail address, name, IP address, login details, billing information and other transactional information.
In addition to the requests for which only NCD was disclosed, which totaled 3,174 between January 1 and June 30, Yahoo! received 1,258 requests for content disclosure (24 percent of requests), rejected 304 requests (6 percent), and could not find data for 485 of them (9 percent). [Now that is interesting. Bob]
The company also revealed that it received between 0 and 999 National Security Letters (NSLs) in the six months period, and that 0 to 999 accounts were specified in those NSLs.

Is New Jersey leading or diverging?
NBC reports:
The state Supreme Court has reversed itself and put back into place an older standard for warrant-less searches by police during car stops.
Police can now search a vehicle without a warrant if they have probable cause to believe there is contraband or evidence of a crime as long as the circumstances that led to the probable cause are unforeseeable and spontaneous.
Read more on NBC.
h/t, @CarolOnAdvLaw
Update: Steve Bellovin points out that WSJ has additional details, here.

My blog is backed up. If nothing else, it might make an interesting database to search for various security incidents. If your company does not make backups, will you accept the versions the people suing you have?
Make Backups of Your Online & Social Media Accounts to Windows
They say that if something is on the Internet, it stays there, in some form, forever. However, that is not strictly true. If a company such as Google shuts down one of their services, the data contained within will be gone forever. Regular backups are essential, even for data located in the cloud.
… Let’s look at different social media sites and see how to download your history, for when you build your Presidential Library.

Probably takes a bit more effort than the average reader is willing to expend, but my students might try these if their grade depended on it.
5 Tools to Learn About and Protect Your Privacy

Coming soon? Perhaps I should grab one of these and start planning a class. OR I could encourage my students to create a cheap but sturdy VR holder so you can keep your hands free for fighting dragons.
Microsoft Has A Google Cardboard Competitor Called VR Kit
… Spotted on a website to promote a hackathon in Russia, Microsoft is trying to attract developers to an upcoming hackathon that will use the company’s VR-Kits. As you can see in the image at the top of this post, the kit works by inserting your Lumia into a cardboard box and then holding it to your face.

(Related) Or maybe we could build some VR classes.
… Starting today, we’re bringing this experience to thousands of schools around the world with the new Expeditions Pioneer Program. During the 2015/2016 school year, we’ll be bringing “kits” containing everything a teacher needs to run a virtual trip for their class: ASUS smartphones, a tablet for the teacher to direct the tour, a router that allows Expeditions to run without an Internet connection, and Google Cardboard viewers or Mattel View-Masters that turn phones into virtual reality headsets.

Perspective. This is how dashboard creation should work, inside the organization or on a website.
Berkman Center Launches New Internet Data Dashboard
by Sabrina I. Pacifici on Sep 28, 2015
“The Berkman Center for Internet & Society at Harvard University is pleased to announce the launch of the Internet Monitor dashboard, a freely accessible tool that aims to improve information for policymakers, researchers, advocates, and user communities working to shape the future of the Internet by helping them understand trends in Internet health and activity through data analysis and visualization.

(Related) This is how the government does it.
Unlocking Federal Talent
by Sabrina I. Pacifici on Sep 28, 2015
UnlockTalent.gov is a comprehensive [??? Bob] data visualization dashboard created by the US Office of Personnel Management to help Government leaders make data driven decisions and design initiatives to increase employee engagement and satisfaction.

For my students.
5 Research Tools Students Often Overlook
When they're given a research assignment most students immediately turn to Google to start their research. Unfortunately, many students don't recognize that they are limiting their research efforts by not going beyond Google.com to search. Here are five research tools that I introduce to students to get them to go beyond using Google.com.
1. School librarian and library resources.
2. Wolfram Alpha.
3. Google Books.
4. Google Scholar.
5. Duck Duck Go.

I want a fitness tracker just like Wally's!

No comments: