See? It's not just Hillary. Computer security is
not a consideration in highly political environments. Good computer
security won't get you re-elected or re-appointed. (and apparently
bad computer security won't keep you from being re-elected or
re-appointed.)
Ken Dilanian of AP reports:
The State Department was among the worst agencies in the federal government at protecting its computer networks while Hillary Rodham Clinton was secretary from 2009 to 2013, a situation that continued to deteriorate as John Kerry took office and Russian hackers breached the department’s email system, according to independent audits and interviews.
Read more on Newser.
Not clear what they did beyond the link to porn.
Should the school have said more?
Stuff reports:
Student emails have been suspended at Mt Albert Grammar after a security breach led to porn being sent to every student.
An official message was sent to parents on Monday night apologising for any offence caused.
Principal Dale Burden said they believed the culprit was most likely to be a student at the school and if so that amounted to serious misconduct.
The school was first alerted by a parent who saw the email which contained a link to a pornographic image.
Read more on Stuff.
Okay, but how did the student hack/gain access to
the system? And what else could the student have accessed via that
login or method?
I've got a Computer Security grad class coming up
soon. This might be a useful model for their paper.
From the good folks at CitizenLab:
This
post describes the results of Internet scanning we recently conducted
to identify the users of FinFisher, a sophisticated and user-friendly
spyware suite sold exclusively to governments. We devise a method
for querying FinFisher’s “anonymizing proxies” to unmask the
true location of the spyware’s master servers. Since the master
servers are installed on the premises of FinFisher customers, tracing
the servers allows us to identify which governments are likely using
FinFisher. In some cases, we can trace the servers to specific
entities inside a government by correlating our scan results with
publicly available sources. Our results indicate 32 countries where
at least one government entity is likely using the spyware suite, and
we are further able to identify 10 entities by name. Despite the
2014 FinFisher breach, and subsequent disclosure of sensitive
customer data, our scanning has detected more servers in more
countries than ever before.
Read the full report on CitizenLab.
Not sure this is doable except in certain rare
circumstances. Might be fun for my Ethical Hacking students to try.
Vijay Prabhu reports:
If you thought biometrics was the ultimate weapon of authentication, you may be proved wrong by Starbug. German researcher Jan Krissler, aka Starbug is a hacker whose claim to fame is breaching Apple’s TouchID and recreating the German defense minister’s thumbprint from a high-res image.
Starbug has revealed that he can now decode anyone’s smartphone PIN code from any selfie “image” of the owner.
Starbug and his colleagues have extracted the reflection of smartphone screens in the eye whites of “selfie” subjects, then they used an ultra-high resolution image techniques to extract the user’s PIN code. Starbug presented his discovery at the Biometrics 2015 conference in London.
Read more on TechWorm.
Perspective. You have to store all that “Big
Data” somewhere. Just think how much information could be
compromised by losing just one of these cartridges.
Data
Storage: Does High Capacity Create Big Problems?
… HP, IBM and
Quantum, the companies behind LTO, have confirmed
that next gen cartridges will offer up to 15TB of compressed data
storage, and published the specifications for third part
manufacturers.
And it's not just LTO tape technology that is
seeing an explosion in capacity: last year Sony announced
tape technology that could result in tape cartridges with a capacity
of 185TB, while in April IBM and Fujifilm demonstrated
new technologies that cram 123 billion bits in a square inch of tape,
equivalent to an LTO tape cartridge holding 220TB.
(Related)
How Do You
Store A Zettabyte?
Storage capacity is
growing at unprecedented
rates. So Aaron Ogus, Partner Development Manager at Microsoft
Azure, posed an interesting question at this month’s 7th
annual Global IT
Executive Summit hosted by Fujifilm in Los Angeles: how do you
store a zettabyte (ZB) of data?
This is more than an academic exercise for his
company. He deals with cloud storage and currently stores exabytes
(EB) of data on millions of hard disk drives (HDDs) for his cloud
storage. When he began in 2007, the company used four 750 GB HDDs
inside 1u servers.
Just a quick update on a slow process.
It started off at a decent pace a
month ago with regular newsworthy statements and events making
the headlines, but his week the extradition hearing of Kim Dotcom
appeared to drop into a much lower gear.
The hearing, which will determine whether Kim
Dotcom, Mathias Ortmann, Finn Batato and Bram van der Kolk are
extradited to the United States, got underway in September. However,
legal argument has persistently bogged the hearing down, with
repeated
claims by the defendants that the U.S. government is doing
everything possible to prevent them from engaging in a fair fight.
… After claiming that the U.S. seizure of the
defendants’ funds made it impossible to hire expert witnesses in
the United States, Dotcom’s lawyer Ron Mansfield asked the court to
consider
submissions as to why the case should be paused or even thrown
out altogether.
While those have been underway for some days now,
according to 3News
lawyers for Dotcom and his former associates are now expected to make
further submissions on additional points. Allowing for a response
from the Crown, that process could take several more weeks to
complete.
… lawyer Grant Illingworth, who represents
Mathias Ortmann and Bram van der Kolk, was present today. He warned
the court that the U.S. interpretation of extradition law threatened
to make Judge Nevin’s considerations almost irrelevant.
“[The U.S. is seeking to] reduce your honor’s
role to a mere rubber-stamping exercise. The US [approach] would
render the extradition process largely meaningless,” he told
the Judge.
No comments:
Post a Comment