Friday, September 18, 2015

The electronic equivalent of marked cards?
Poker players targeted by card-watching malware
The sneaky malware has been found lurking in software designed to help poker fans play better, said the security firm that found it.
… The malware targets players of the Pokerstars and Full Tilt Poker sites, said Robert Lipovsky, a security researcher at Eset, in a blogpost.
When it infects a machine, the software monitors the PC's activity and springs to life when a victim has logged in to either one of the two poker sites. It then starts taking screenshots of their activity and the cards they are dealt. Screenshots are then sent to the attacker.
The images show the hand the player has been dealt as well as their player ID. This, said Eset, allows the attacker to search the sites for that player and join their game. Using information about a victim's hand gives the attacker a significant advantage.
"We are unsure whether the perpetrator plays the games manually or in some automated way," wrote Mr Lipovsky.

The insurance perspective.
A Guide to Cyber Risk
by Sabrina I. Pacifici on Sep 17, 2015
“Cyber risk is now a major threat to clients’ businesses. Companies increasingly face new exposures including first-and third-party damage, business interruption (BI) and regulatory consequences. A Guide to Cyber Risk examines global trends and developments in cyber, while also identifying the emerging risks that will significantly impact the industry in the near future.
> Download the full report here
> Download the Executive Summary here
> Download the cyber risk exposure infographic here

Never doubt the doggedness of football fans. They will force you to answer.
Daniel Chang reports:
More than two months after the chief executive of Jackson Health System promised an “aggressive internal investigation” into the unauthorized release of the medical chart for New York Giants pass rusher Jason Pierre-Paul — a possible violation of federal privacy laws — hospital officials have yet to explain how the breach occurred, who was responsible for the leak or what they are doing to prevent such incidents in the future.
Read more on Miami Herald.

I doubt any country is more interested in spying now than say 50 years ago. It's just that there are many tools to automate the process and many hackers who notice those tools and make the information public.
A new report ties the Russian government to a seven-year malware campaign
A new report from F-Secure has found evidence that the Russian government is behind the widespread Duke malware strain, orchestrating a seven-year campaign that has targeted Chechnya, NATO and possibly as far as the State Department and White House. Titled The Dukes: Seven Years of Russian Cyberespionage, the report details the results of research dating back to 2008, connecting the dots between more than a dozen different incidents. The team behind the Duke malware waged their campaign with nine different variants, each tailored to specific systems and situations. The variants have been the subject of a number of security reports over the years, but this is the most definitive evidence yet that the Russian government has been sponsoring the attacks.

For my Computer Security students.
Cultivate a Talent Pipeline While Bridging the Cybersecurity Resource Gap
A new labor market report by Burning Glass, Job Market Intelligence: Cybersecurity Jobs, 2015, finds that job postings for cybersecurity openings have grown three times as fast as openings for IT jobs overall and take longer to fill. The professional services, finance, and manufacturing/defense sectors have the greatest number of openings. Finding qualified candidates for positions that require a security clearance or a combination of IT security skills and industry knowledge, for example in finance or healthcare, takes even longer.

A clear indication that even TSA recognizes that they are security theater. “Because it is better to look secure than to feel secure.”
Jenna McLaughlin reports:
In a spectacular failure of a “back door” designed to give law enforcement exclusive access to private places, hackers have made the “master keys” for Transportation Security Administration-recognized luggage locks available to anyone with a 3D printer.
The TSA-recognized luggage locks were a much-vaunted solution to a post-9/11 conundrum: how to let people lock their luggage, on the one hand, but let the TSA inspect it without resorting to bolt cutters, on the other.
When the locks were first introduced in 2003, TSA official Ken Lauterstein described them as part of the agency’s efforts to develop “practical solutions that contribute toward our goal of providing world-class security and world-class customer service.”
Now that they’ve been hacked, however, TSA says it doesn’t really care one way or another.
Read more on The Intercept.
[From the article:
“The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security,” wrote TSA spokesperson Mike England in an email to The Intercept.
“These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime,” England wrote.

Is Japan walling itself off like the EU in a world where everything is global?
Joe Jones of Squire Patton Boggs writes:
The Japanese Diet passed amendments to the Personal Information Protection Act on September 3, 2015, which will become effective within the next two years. While further details will be revealed in upcoming implementing regulations, several major changes, which are summarized below, are clear from the text of the statute. Companies doing business in Japan should take a close look at their privacy policies and personal data procedures in preparation for these changes.
More leeway to disclose anonymous data
“Anonymized” personal data – stripped of personal identifiers such as names and dates of birth – may now be transferred to third parties, including companies who would use the data for marketing purposes, without the subject’s consent. The disclosure must still be reported to the “Personal Information Protection Committee” (discussed further below), and must also be publicly announced. This is one of the few “pro-business” changes in the amendment, and will allow companies to use and sell “big data” about their customers, which was previously a gray area in Japanese data privacy law.
Read more on Lexology.

Google Is 2 Billion Lines of Code—And It’s All in One Place
… Google’s Rachel Potvin … estimates that the software needed to run all of Google’s Internet services—from Google Search to Gmail to Google Maps—spans some 2 billion lines of code. By comparison, Microsoft’s Windows operating system—one of the most complex software tools ever built for a single computer, a project under development since the 1980s—is likely in the realm of 50 million lines.

Pinterest Crosses User Milestone of 100 Million
Pinterest said on Wednesday that it had surpassed 100 million monthly active members, in a milestone for the digital scrapbooking start-up, which has faced scrutiny over whether the size of its user base and business growth can justify its huge valuation.

This article has a most unbelievable chart.
Ed-Tech Might Make Things Worse... So Now What?
The OECD released a “first-of-its-kind” report earlier this week on computers and education, eliciting – as all of its PISA-related reports tend to do – precisely the responses you’d suspect: a lot of “schools are doing it wrong.”

I need to survey my students. What do they prefer?
Cut the Cord With 4 VoIP Phone Plans That Are Cheaper Than Skype

An easy way to extend our website creation class?
DWNLD, The Easy-Bake Oven For Apps, Picks Up $12M In Series A
The DWNLD App Maker gives users the ability to finely customize their apps with various colors, layouts, fonts, etc. so that each DWNLD-created app has its own unique look and feel.
Of course, DWNLD has a paid product that gives users analytics on their app performance, ways to generate revenue through in-app purchases, advertising and paid downloads, as well as the ability to send more (or unlimited) push notifications, with prices starting at $15/month.
But DWNLD also offers a free tier that gives the Average Joe the ability to publish their own app, complete with social media integrations, blog content, etc.
… If you want to learn more about DWNLD, head over to the website right here.

No comments: