Tuesday, October 20, 2015

See? It's not just Hillary. Computer security is not a consideration in highly political environments. Good computer security won't get you re-elected or re-appointed. (and apparently bad computer security won't keep you from being re-elected or re-appointed.)
Ken Dilanian of AP reports:
The State Department was among the worst agencies in the federal government at protecting its computer networks while Hillary Rodham Clinton was secretary from 2009 to 2013, a situation that continued to deteriorate as John Kerry took office and Russian hackers breached the department’s email system, according to independent audits and interviews.
Read more on Newser.

Not clear what they did beyond the link to porn. Should the school have said more?
Stuff reports:
Student emails have been suspended at Mt Albert Grammar after a security breach led to porn being sent to every student.
An official message was sent to parents on Monday night apologising for any offence caused.
Principal Dale Burden said they believed the culprit was most likely to be a student at the school and if so that amounted to serious misconduct.
The school was first alerted by a parent who saw the email which contained a link to a pornographic image.
Read more on Stuff.
Okay, but how did the student hack/gain access to the system? And what else could the student have accessed via that login or method?

I've got a Computer Security grad class coming up soon. This might be a useful model for their paper.
From the good folks at CitizenLab:
This post describes the results of Internet scanning we recently conducted to identify the users of FinFisher, a sophisticated and user-friendly spyware suite sold exclusively to governments. We devise a method for querying FinFisher’s “anonymizing proxies” to unmask the true location of the spyware’s master servers. Since the master servers are installed on the premises of FinFisher customers, tracing the servers allows us to identify which governments are likely using FinFisher. In some cases, we can trace the servers to specific entities inside a government by correlating our scan results with publicly available sources. Our results indicate 32 countries where at least one government entity is likely using the spyware suite, and we are further able to identify 10 entities by name. Despite the 2014 FinFisher breach, and subsequent disclosure of sensitive customer data, our scanning has detected more servers in more countries than ever before.
Read the full report on CitizenLab.

Not sure this is doable except in certain rare circumstances. Might be fun for my Ethical Hacking students to try.
Vijay Prabhu reports:
If you thought biometrics was the ultimate weapon of authentication, you may be proved wrong by Starbug. German researcher Jan Krissler, aka Starbug is a hacker whose claim to fame is breaching Apple’s TouchID and recreating the German defense minister’s thumbprint from a high-res image.
Starbug has revealed that he can now decode anyone’s smartphone PIN code from any selfie “image” of the owner.
Starbug and his colleagues have extracted the reflection of smartphone screens in the eye whites of “selfie” subjects, then they used an ultra-high resolution image techniques to extract the user’s PIN code. Starbug presented his discovery at the Biometrics 2015 conference in London.
Read more on TechWorm.

Perspective. You have to store all that “Big Data” somewhere. Just think how much information could be compromised by losing just one of these cartridges.
Data Storage: Does High Capacity Create Big Problems?
… HP, IBM and Quantum, the companies behind LTO, have confirmed that next gen cartridges will offer up to 15TB of compressed data storage, and published the specifications for third part manufacturers.
And it's not just LTO tape technology that is seeing an explosion in capacity: last year Sony announced tape technology that could result in tape cartridges with a capacity of 185TB, while in April IBM and Fujifilm demonstrated new technologies that cram 123 billion bits in a square inch of tape, equivalent to an LTO tape cartridge holding 220TB.

How Do You Store A Zettabyte?
Storage capacity is growing at unprecedented rates. So Aaron Ogus, Partner Development Manager at Microsoft Azure, posed an interesting question at this month’s 7th annual Global IT Executive Summit hosted by Fujifilm in Los Angeles: how do you store a zettabyte (ZB) of data?
This is more than an academic exercise for his company. He deals with cloud storage and currently stores exabytes (EB) of data on millions of hard disk drives (HDDs) for his cloud storage. When he began in 2007, the company used four 750 GB HDDs inside 1u servers.

Just a quick update on a slow process.
It started off at a decent pace a month ago with regular newsworthy statements and events making the headlines, but his week the extradition hearing of Kim Dotcom appeared to drop into a much lower gear.
The hearing, which will determine whether Kim Dotcom, Mathias Ortmann, Finn Batato and Bram van der Kolk are extradited to the United States, got underway in September. However, legal argument has persistently bogged the hearing down, with repeated claims by the defendants that the U.S. government is doing everything possible to prevent them from engaging in a fair fight.
… After claiming that the U.S. seizure of the defendants’ funds made it impossible to hire expert witnesses in the United States, Dotcom’s lawyer Ron Mansfield asked the court to consider submissions as to why the case should be paused or even thrown out altogether.
While those have been underway for some days now, according to 3News lawyers for Dotcom and his former associates are now expected to make further submissions on additional points. Allowing for a response from the Crown, that process could take several more weeks to complete.
… lawyer Grant Illingworth, who represents Mathias Ortmann and Bram van der Kolk, was present today. He warned the court that the U.S. interpretation of extradition law threatened to make Judge Nevin’s considerations almost irrelevant.
“[The U.S. is seeking to] reduce your honor’s role to a mere rubber-stamping exercise. The US [approach] would render the extradition process largely meaningless,” he told the Judge.

No comments: