Unfortunately, a common story. Something for my
Computer Security students to consider: Security didn't prevent the
breach – it even failed to detect it.
13 Million
Passwords Leaked From Free Hosting Service
Hackers
have stolen more than 13 million user records from the systems of
free web hosting service 000webhost, a security expert reported on
Wednesday.
Troy
Hunt, the owner of the Have
I Been Pwned service, which allows users to learn if and where
their personal data has been compromised, was contacted by someone
claiming that names, email addresses, and plaintext passwords
associated with 13 million 000webhost accounts had been leaked online
several months ago. The expert later learned that the
breach might have occurred as early as March.
After
analyzing the data and speaking to several 000webhost.com account
owners, Hunt
determined that the leak is most likely genuine. The expert also
analyzed the website and identified poor security practices,
including the storing of passwords in plain text, and the lack of a
secure connection when logging in to accounts.
Hunt
attempted to contact the breached company many times over a period of
several days, but he didn’t manage to get his message through.
The owners of 000webhost only admitted being hacked after Hunt
published a blog post describing his experience and the story was
picked up by the media.
Strange.
Nice to see they found this themselves. Strange that they deny it
is from their systems even though you can logon to their systems
using the passwords. Aren't they even a bit suspicious?
Barry
Cooper reports:
More than two thousand British Gas customers have had their personal details posted online after a security breach.
The energy firm has moved to reassure the 2,200 customers affected that despite email addresses and account passwords being placed online, their bank account information has not been put at risk.
While no credit card information was visible, anybody choosing to log in would have been able to see previous statements, user addresses and other information relating to the customer’s energy account.
The data was made available on file sharing website Pastebin, but was removed and only impacted upon a relatively small number of British Gas’ 17 million customers.
To their
credit, British Gas discovered
the paste themselves through routine checks. But as
significantly, they report that the data posted online does not
appear to come from their databases. BBC
reports:
It says, however, that it does not think its own systems were breached.
[…]
An email sent to affected customers states: “I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk.
“As you’d expect, we encrypt and store this information securely.
“From our investigations, we are confident that the information which appeared online did not come from British Gas.”
Note
that this does not mean they are transparent about the data they
collect.
ODNI –
The Principles of Intelligence Transparency
by Sabrina
I. Pacifici on Oct 28, 2015
“The Principles of Intelligence Transparency –
In February 2015, the Director of National Intelligence (DNI)
published the Principles of Intelligence Transparency for the
Intelligence Community (Principles). These Principles are intended
to facilitate Intelligence Community (IC) decisions on making
information publicly available in a manner that enhances public
understanding of intelligence activities, while continuing to protect
information when disclosure would harm national security.
Are
we narrowing in on a definition of Privacy?
Regulating
Real-World Surveillance
by Sabrina
I. Pacifici on Oct 28, 2015
Kaminski, Margot E., Regulating Real-World
Surveillance (October 27, 2015). Washington Law Review, Vol. 9, No.
113, 2015; Ohio State Public Law Working Paper No. 316. Available
for download at SSRN: http://ssrn.com/abstract=2681128
“A number of laws govern information gathering,
or surveillance, by private parties in the physical world. But
we lack a compelling theory of privacy harm that accounts for
the state’s interest in enacting these laws. Without a theory of
privacy harm, these laws will be enacted piecemeal. Legislators will
have a difficult time justifying the laws to constituents; the laws
will not be adequately tailored to legislative interest; and courts
will find it challenging to weigh privacy harms against other strong
values, such as freedom of expression. This Article identifies the
government interest in enacting laws governing surveillance by
private parties. Using social psychologist Irwin Altman’s
framework of “boundary management” as a jumping-off point, I
conceptualize privacy harm as interference in an individual’s
ability to dynamically manage disclosure and social boundaries.
Stemming from this understanding of privacy, the government has two
related interests in enacting laws prohibiting surveillance: an
interest in providing notice so that an individual can adjust her
behavior; and an interest in prohibiting surveillance to prevent
undesirable behavioral shifts. Framing the government interest, or
interests, this way has several advantages. First, it descriptively
maps on to existing laws: These laws either help individuals manage
their desired level of disclosure by requiring notice, or prevent
individuals from resorting to undesirable behavioral shifts by
banning surveillance. Second, the framework helps us assess the
strength and legitimacy of the legislative interest in these laws.
Third, it allows courts to understand how First Amendment interests
are in fact internalized in privacy laws. And fourth, it provides
guidance to legislators for the enactment of new laws governing a
range of new surveillance technologies — from automated license
plate readers (ALPRs) to robots to drones.”
Research the RIAA and MPAA will simply ignore.
(Begs the question: Are pirates 1 out of 47 users?)
With the option to stream millions of tracks
supported by an occasional ad, or free of ads for a small
subscription fee, Spotify appeared to be a serious competitor to
unauthorized downloading.
While there has been plenty of anecdotal support
for this claim, actual research on the topic has been lacking. A new
study published by the European Commission’s Joint
Research Centre aims to fill this gap.
In the study researchers Luis Aguiar (IPTS) and
Joel Waldfogel (NBER) compare Spotify streaming data to download
numbers from the 8,000 pirated artists on torrent sites, as well as
legal digital track sales.
… “According to these results, an additional
47 streams reduces by one the number of tracks obtained without
payment,” the paper reads (pdf).
Breaking away from the hype?
How People
Are Actually Using the Internet of Things
… We did an open-source analysis of IoT user
behavior, looking at 1,000 IoT technology platforms and services and
more than 279,000 early adopter interactions with IoT devices. We
found that consumers want an IoT that provides personalized services
that can be adapted to different contexts. As with the Industrial
IoT, the human IoT promises to be transformative.
Useful?
Screenr is
Closing - Try Screencast-o-Matic
Earlier today I wrote a post about screencasting
tools. In that post I included Screenr. A couple of hours later I
received an email from Screenr announcing that they are shutting down
on November 11th. Screencast-o-matic is my recommendation for a
Screenr replacement.
Screencast-O-Matic
is available in a free version and a pro version. The free version
allows you to record for up to fifteen minutes at a time (that is
plenty of time for most screencasts), publish to YouTube in HD, and
save videos to your computer as MP4, AVI, and FLV files. The pro
version ($15/year) includes video editing tools, unlimited recording
lengths, a script tool, and removal of the Screencast-O-Matic
watermark. Both versions of Screencast-O-Matic include a highlighted
circle around your cursor so that viewers can easily follow your
movements on the screen. A webcam recording option is included in
the free and pro versions of Screencast-O-Matic.
Screencast-O-Matic
can be used for creating how-to videos or simple flipped lesson
videos in which you record yourself talking over a set of slides.
All my students should be using something like
this (for the duration of my classes at least).
How to
Create RSS Feeds for Google Search Results
Google Alerts, you probably know this, offer an
easy way for you to create RSS feeds from the Google search results
of any query. This is a good option if you are looking to
monitor when new web pages are indexed by Google that match your
search query.
Not during class, please.
8 Awesome
Paid Mobile Games You Can Download for Free
… All of the games here work on both Android
and iOS, and are now free for life—not for a limited period.
“Free” still means some sacrifices sometimes, like ads or limited
plays, but you still get a full game without having to pay a dime for
it.
(Related)
6 Classic
Board Games You Can Play on Your Phone
What a relief! I thought my students hated me.
12 Reasons
Why People Are STILL Ignoring Your Emails
No comments:
Post a Comment