Tuesday, September 15, 2015

You only need a few minutes (seconds?) advanced notice.
Defendants in Newswire Hacking Case Agree to Pay $30 Million
The SEC revealed in August that a cybercriminal group led by Ukrainian nationals Ivan Turchynov and Oleksandr Ieremenko hacked into the systems of newswire services Marketwired, PR Newswire and Business Wire in an effort to steal unreleased corporate earnings announcements that would be highly valuable for making profitable financial trades. The stolen data was transmitted via a website to traders in the U.S., Russia, Ukraine, Malta, France, and Cyprus.
The scheme is believed to have generated more than $100 million in illegal profits based on roughly 150,000 press releases stolen between 2010 and 2015. The hackers reportedly gained access to the valuable information after stealing the login credentials of newswire employees and planting malware on the targeted systems.
In one example provided by SEC, the hackers and traders managed to make over half a million dollars after getting their hands on a negative earnings report 36 minutes before it was released to the public.




This is a rather big deal. Intercept the plain text before it goes into the encryption software and you don't need to worry about breaking encrypted communications.
TLS Communications Exposed to KCI Attacks: Researchers
A flaw in the Transport Layer Security (TLS) protocol can allow man-in-the-middle attackers to access apparently encrypted communications, researchers have warned.
The new method, dubbed “Key Compromise Impersonation (KCI) attack,” leverages a vulnerability in the protocol specification of TLS. The technique allows an MitM attacker to gain complete control over the client-side code running in the victim’s browser. Malicious actors can eavesdrop on communications, replace legitimate elements on a website with arbitrary content, and even perform actions on the victim’s behalf.




Ignorance is not bliss, it's just ignorance.
Bob McGovern reports:
Gov. Charlie Baker — responding to a Herald report on potential hacking and civil liberties problems with the E-ZPass system — said he has asked transportation officials to study the issue.
“Obviously every time there is a story that suggests there’s an issue with something like this we ask folks, whatever it is, to look into it and hopefully we’ll have an answer on that in a day or two,” Baker said yesterday.
Read more on Boston Herald.
[From the article:
Universal electronic tolling on the Pike is due by the end of next year, and experts told the Herald that E-ZPass technology — which is linked to users’ bank accounts — could be susceptible to hacking. Meanwhile, the movements of New York drivers with E-ZPass transponders have been monitored by state officials even when they were far away from the toll, according to a report by the New York Civil Liberties Union.
Baker, who has a transponder, said he isn’t worried about someone stealing his information. [See my comment, above. Bob]




Interesting twist, but unlikely to operate long before irate customers notify (scream at?) their bank.
New ATM Malware Allows Attackers to Physically Steal Cards
According to the security firm, Suceful is capable of reading data from the payment card’s magnetic stripe and chip, and disabling ATM sensors. The malware, which attackers can control from the ATM’s PIN pad, also includes a feature that hasn’t been seen at other such threats: it can retain and eject inserted cards to allow fraudsters to physically steal them.




For my Computer Security students – looks like your career success is guaranteed.
DNI Testimony on Worldwide Cyber Threats
by Sabrina I. Pacifici on Sep 14, 2015
“Worldwide Cyber Threats – Overview – Cyber threats to US national and economic security are increasing in frequency, scale, sophistication, and severity of impact. The ranges of cyber threat actors, methods of attack, targeted systems, and victims are also expanding. Overall, the unclassified information and communication technology (ICT) networks that support US Government, military, commercial, and social activities remain vulnerable to espionage and/or disruption. However, the likelihood of a catastrophic attack from any particular actoris remote at this time. Rather than a “Cyber Armageddon” scenario that debilitates the entire US infrastructure, we envision something different. We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security.”




“We're here to help you!” Sound familiar?
Mark Bergen reports:
Edith Ramirez wants Silicon Valley to see her agency as something more than a wrist slapper.
Last Wednesday, the Chairwoman of the Federal Trade Commission came to San Francisco to host the agency’s first “Start with Security” conference, an initiative to institute broad guidelines for consumer privacy protection — and convince tech companies to turn to the FTC for guidance.
Read more on Re/code.




There is Privacy, then there is what? Hiding? Being “on the lam?”
AP reports:
Federal prosecutors say registering at a hotel under a false name cost real estate heir Robert Durst his right to privacy there.
That opens their 65-page response to defense lawyers’ contentions that all evidence found in Durst’s New Orleans hotel room should be thrown out.
Read more on Fox News.




Interesting.
Law Times reports:
A recent Ontario Superior Court of Justice ruling appears to open the way to adding invasion of privacy claims to defamation lawsuits against journalists, says a defamation lawyer.
“It’s a development that I think is of concern to the media that invasion of privacy torts that one would have thought are subsumed in defamation may now be treated differently and separately from defamation, as the judge seemed to accept,” says Paul Schabas, a partner at Blake Cassels & Graydon LLP and an adjunct media law professor at the University of Toronto.
On Aug. 31, Justice Graeme Mew released the reasons for his July 17 decision on a motion in Chandra v. CBC. The motion, brought by the CBC, sought to have the court decide that it shouldn’t put an invasion of privacy claim to the jury that the plaintiff had added to his original defamation case.
Read more on Law Times.




A peak at your data should not mean potential insurers get to keep it forever.
Over on I’ve Been Mugged, George Jenkins describes what he learned when he and his wife really pursued the question of how Medical Informatics Engineering had wound up with his wife’s personal information caught up in their breach.
It’s a long – but important – read, as it highlights routine business practices that may come back to bite consumers who have no interest in – or knowledge that – their employer may have shared their identity information with prospective health insurers.
You can read his article here.
Should your employer be able to share your identity information with prospective health insurers without your knowledge or consent? Should the prospective insurers be able to retain that information forever – again without your knowledge or consent?
If you answer “no” to either of the above questions, then what law prohibits this from occurring? Should this be considered an “unfair” business practice under the FTC Act?
There’s lots to think about from George’s article. I encourage you all to read it.




Content and semantics will make this difficult and error prone. Can you tell if I'm pointing out the error of someone's rant or ranting myself?
Facebook will work with Germany to combat anti-refugee hate speech
Facebook this week said it will work with the German government to crack down on hate speech and xenophobia online, following calls from the country's justice minister to do more to combat hateful speech about refugees. As The Wall Street Journal reports, Facebook will work with Germany's ministry of justice, internet service providers, and other social networks to form a task force aimed at flagging and removing hateful content more quickly. Facebook also pledged to help finance organizations that track online hate speech, though the company did not say it would change its policy on what types of content are considered offensive.


(Related) Political correctness carried to the ridiculous?
On August 28, 2015 the British Library publicly stated that it would not acquire or give access to the digital archive of materials collected by the Taliban Sources Project (TSP). This decision, coming from “one of the world’s greatest research libraries” and “a place of knowledge and inspiration, encouragement and engagement” has been criticized by academics/researchers as madness” and “completely, completely ridiculous.” But, from a legal perspective, the British Library’s self-censorship is a predictable consequence of the UK’s broad terrorism laws and so if that self-censorship is to be criticized then it is important not to lose sight of the root cause of such decisions — the underlying law. It is only then that progress is likely: the effectiveness of the law can be practically assessed, its content re-appraised and, who knows, lessons may even be learned and applied to future counter-terrorism proposals engaging academic freedom.




Is “Free” also “Secure?” What constitutes a “third party” in a client/attorney conversation? http://www.bespacific.com/2015-legal-technology-survey-report-online-research/
2015 Legal Technology Survey Report – Online Research
by Sabrina I. Pacifici on Sep 14, 2015
Via Bob Ambrogi [he refers to a fee based set of reports from ABA]: In referencing the 2015 Legal Technology Survey Report, Vol. V: Online Research – Ambrogi highlights that younger lawyers who replied to the survey indicated they choose to use free sources for legal research over fee based services more often than older counterparts.




How fast will this spread? I bet takedowns will continue to be a problem.
Overnight Tech: Copyright ruling could spill over to campaign trail
The Ninth Circuit Court of Appeals ruled that copyright holders — such as movie and music publishers — must consider fair use before demanding companies such as YouTube remove potentially infringing content. The court allowed Stephanie Lenz’s lawsuit against Universal to go forward after the company improperly demanded her video, in which her child dances to a Prince song, be taken offline because of infringement concerns.
“Today’s ruling in the Lenz case comes at a critical time,” according to the Electronic Frontier Foundation, which argued the case. “Heated political campaigns — like the current presidential primaries—have historically led to a rash of copyright takedown abuse. Criticism of politicians often includes short clips of campaign appearances in order to make arguments to viewers, and broadcast networks, candidates, and other copyright holders have sometimes misused copyright law in order to remove the criticism from the Internet.”




Interesting. Something for my Enterprise Data Management students to consider.
GE To Take On IBM In The Race For IOT Dominance
General Electric announced yesterday the creation of a new unit with the aim to become the leader in the Industrial Internet of Things race. GE Digital will integrate GE’s Software Center, the expertise of GE’s global IT and commercial software teams, and the industrial security strength of Wurldtech. This new business model will be led by Bill Ruh, formerly GE’s Vice President and Global Technology Director and now newly appointed as Chief Digital Officer.
… This is a direct aim at the announcement from IBM, also timed yesterday, with the creation of two new business units that will apply Big Blue’s portfolio in Big Data, analytics and cognitive computing (aka Watson) to the Internet of Things (IOT) and Educations markets, respectively.
… In a typical industrial example, an electric turbine generates power but also 500Gb of data a day. That data is extremely useful if used in the right way but the machine itself is not considered ‘smart’. Now imagine how that turbine that can communicate in advance when it could potentially have a critical failure. In industrial situations a machine can advise other systems when it’s likely to fail due to being monitored against performance and tolerance levels. GE’s platforms such as Predix caters for these types of scenarios. The process can schedule maintenance in advance before the event occurs through the data it’s receiving, but not only this it can tell other turbines to take a spread of the load during the maintenance and then switch back again once the repairs are completed. To the outside world nothing has happened because it was all seamless and taken care of by the platform.


(Related) Doh!
Richard Chirgwin reports:
The FBI has decided that your Things are too risky to be allowed anywhere on the Internet.
Curiously, given that the Internet of Things is backed by some of the largest tech vendors in the world, the Bureau has also decided that responsibility for security – and for understanding the capability of hardware and software – should rest with the technological equivalent of Homer Simpson. [I've got to start using that phrase! Bob]
The FBI’s public service announcement, published on September 10 here, puts nearly all of the consumer protection responsibility on consumers.
Read more on The Register.




An IT Governance victory? Only out for one hour! Someone has their act together!
Twitter for Web is down: ‘Something is technically wrong’ (Update: It’s back)
… Twitter’s last minor outage was in August when it went down for 40 minutes. Unlike last month’s blip, today’s outage appears to affect all users.
Twitter Support says the website went down from 11:22 a.m. to 12:16 p.m. PST, but the issue has since been resolved.
… We’ve reached out to Twitter for more information. We’ll be live-tweeting updates. [Cute Bob] Check back here for updates.


(Related) Also an IT Governance and Data Management issue.
NY regulator reaches agreement with four banks on Symphony messaging
New York State's Department of Financial Services said it has reached an agreement with Goldman Sachs, Deutsche Bank, Credit Suisse and Bank of New York Mellon on record-keeping for the Symphony messaging system.
The banks, part of a consortium of 14 financial institutions that have set up the Symphony service, have agreed to retain a copy of their chat messages for seven years.
They will also store duplicate copies of the decryption keys for their messages with independent custodians.
… Under New York law, banks are obligated to retain records of their operations.
Many on Wall Street view Symphony Communications LLC as a rival to message systems provided by Bloomberg LP [and Thomson Reuters Corp, whose clients include bankers, traders and investors.
Symphony's technology, which was originally developed by Goldman Sachs, will become available to all potential customers from Tuesday.
The regulator had earlier expressed concerns over some of Symphony's features, such as its promise of "guaranteed data deletion" that could hinder regulatory investigations.




Russia acts like a Capitalist when they choose to.
Google Found Guilty of ‘Abusing Dominant Market Position’ in Russia
MOSCOW— Google Inc. has been found guilty in a rapid Russian antitrust probe, a spokesperson for the country’s antitrust regulator told The Wall Street Journal.
In February, Russia’s Federal Antimonopoly Service opened a probe into Google for alleged anticompetitive practices related to how the company bundles apps with its Android mobile operating system.
The company was found guilty of “abusing its dominant market position,” but not of “unfair competition practices,” the regulator told The Wall Street Journal.




To be expected.
Chicago’s ‘Netflix’ tax challenged in court
As was to be expected, the 9 percent “amusement tax” being levied on all kinds of streaming services and gaming platforms in Chicago has provoked a lawsuit. The complaint was filed last week by a legal non-profit on behalf of six Chicago residents, each of whom is a subscriber to one or more of such services: Amazon Prime, Hulu, Netflix, Spotify, Xbox Live, and what have you.
The amusement tax itself is not the problem, though. At issue here is the imposition of the said tax on streaming music, streaming video, and online gaming platforms, all of which were not on the city’s list of taxable “amusements” until June 9, 2015. That’s when Chicago’s Comptroller Dan Widawsky ruled that the charges paid for accessing the above services within its limits would attract a 9-percent amusement tax from September 1, 2015.




Perspective. Is this because of a serious flaw in the Taxi business model? It seems to me they could match this kind of service easily.
Indian Cab-Hailing Firm Ola Is Raising Over $500M At A Valuation Of Around $5B




Another Thing on the Internet of Things and a lot of hackable data?
Unmanned Aircraft Systems (UAS): Commercial Outlook for a New Industry
by Sabrina I. Pacifici on Sep 14, 2015
CRS – Unmanned Aircraft Systems (UAS): Commercial Outlook for a New Industry. Bill Canis, Specialist in Industrial Organization and Business, September 9, 2015.
“Unmanned aircraft systems (UAS) — commonly referred to as drones — have become a staple of U.S. military reconnaissance and weapons delivery in overseas war zones such as Afghanistan. … However, the Federal Aviation Administration (FAA) currently prohibits the use of UAS for commercial purposes, except where it has granted an exemption permitting specific activities. FAA has granted such exemptions since May 2014, primarily to firms wishing to use UAS for agricultural, real estate, film and broadcasting, oil and gas, and construction activities. As of September 2, 2015, it had granted more than 1,400 such exemptions. … Around 89 companies in the United States now produce UAS, which can range from hobbyist planes that fly on a single charge for about 10 minutes and cost under $200 to commercial-level craft that can stay aloft much longer but can cost as much as $10,000. Manufacture of the aircraft, known as unmanned aerial vehicles ( UAVs), is relatively simple. The aircraft’s basic elements include a frame, propellers, a small motor and battery, electronic sensors, Global Positioning System (GPS),and a camera. Some UAVs are operated by controllers, but others can be guided by the operator’ s smart phone or tablet. The widespread availability of electronic sensors, GPS devices, wifi receivers, and smartphones has reduced their cost, enabling manufacturers to enter the market without worrying about the supply of components. It has been estimated that, over the next 10 years, worldwide production of UAS for all types of applications could rise from $4 billion annually to $14 billion. However, the lack of a regulatory framework, which has delayed commercial deployment, may slow development of a domestic UAS manufacturing industry..”




Perspective.
Apple is on pace to sell 10M+ iPhones on opening weekend, beating last year’s record




You can't tell the players without a scorecard!
USA.gov resources on voting, political candidates and parties
by Sabrina I. Pacifici on Sep 14, 2015
“With the 2016 Presidential Election a little over a year away, do you know how to research presidential candidates and their political parties? On The Issues [Every Political Leader on Every Issue] has a complete list of all the current presidential candidates and includes their views on issues important to constituents across the United States. For more information visit our Researching Candidates page on USA.gov.” Links and sources are public, non-partisan, current, and useful for educators, citizens and researchers.




Remember students, 1% to your favorite professor.
15 Great Online Business Ideas




This may explain my sleepy students.
The Habits of Super Successful Sleepers (Infographic)




I should print this for my Spreadsheet students.
Quick Excel Tips Every Office Worker Needs to Know


No comments: