I needed a really bad example for my Computer
Security class. Thanks TalkTalk! It's not just bad PR, it's likely
to motivate “hacktivists” to teach TalkTalk a lesson.
TalkTalk is really turning out to be the poster
child for how not to handle a breach. In today’s installment of
“Lollipops are Adequate Mitigation, Right?” Alexander J. Martin
reports:
TalkTalk is trying and failing to mend its broken customer relationships following the recent mega breach, in one case offering an individual who had £3,500 stolen from his personal bank account just £30.20 as a “good will gesture [and] final settlement” by way of compensation.
Ian Rimmington, based in Ossett, West Yorkshire, told The Register £3,500 had disappeared from his account on Friday, 23 October. This was two days after the telco had been hacked and hours after it claims it had informed banks that punters’ personal information had been compromised.
Read more on The
Register.
New technologies do not always require the
invention of new security tools. If they had asked me I could have
saved them millions!
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded two grants for the development of technologies that can help defend government and privately owned vehicles from cyberattacks. “Modern vehicles are no longer purely mechanical systems,” said Dr. Dan Massey, S&T Cyber Physical Systems Security (CPSSEC) Program Manager. “Today’s vehicles have interdependent cyber components used for telematics, conveniences, and safety-critical systems. A stealthy adversary could gain access to a vehicle’s cyber components and remain completely hidden until initiating a widespread attack.”
Read more about the grant awards to U. Michigan
and HRL Laboratories, LLC on Homeland
Security News Wire.
From the
article:
S&T awarded
$1.2 million to the University of Michigan for a project titled
“Secure Software Update Over-the-Air for Ground Vehicles
Specification and Prototype.” [Aside
from the obvious (don't broadcast the updates) encryption will likely
work. Bob]
… S&T also awarded
$2.5 million to HRL Laboratories, LLC,
of Malibu, California, for a project titled “Side-Channel Causal
Analysis for Design of Cyber-Physical Security.” [Use
public domain software. Problem solved. Bob]
If law enforcement did find a way to decrypt the
device without the owner surrendering a password, would a conviction
be overturned?
Fiona Hamilton reports:
Convictions of suspects who refuse to hand over their encrypted passwords have risen sixfold in four years, potentially blocking police from examining their electronic devices.
The sharp increase has led to fears that criminals are opting to plead guilty to encryption offences rather than allow detectives to go through their computers and phones, which could lead to more serious charges and longer sentences.
Read more on The
Times (subscription required).
We know this is coming. How will these
technologies be used? Can I use them too?
California
Cops Are Using These Biometric Gadgets in the Field
Law enforcement agencies around the country are
increasingly embracing biometric technology, which uses intrinsic
physical or behavioral characteristics—such as fingerprints, facial
features, irises, tattoos, or DNA—to identify people, sometimes
even instantly. Just as the technology that powers your cell phone
has shrunk both in size and cost, mobile biometric technologies are
now being deployed more widely and cheaply than ever before—and
with less oversight.
… Because of the volume of records we’ve
received so far (the documents continue to flow in faster than EFF
and MuckRock’s teams can read through them), we’re starting with
California. Nine of the agencies have responded to our requests with
documents, while many more claimed they didn’t have any records.
Of those that did respond, most employed a digital
fingerprinting device. Facial recognition has also been widely
embraced among agencies in San Diego County, with Santa Clara County
law enforcement agencies close behind. In addition, the Los Angeles
Sheriff’s Department’s biometrics system includes tattoo
recognition, while the Orange County Sheriff's Department is also
investigating iris recognition.
(Related)
Joe Cadillic writes:
The American Police State has become a monster.
Police across the country are forcing motorists to give them blood, saliva (DNA) and much worse.
The National Highway Safety Administration, the agency that funds “No Refusal” DUI checkpoints and forcible blood draws, is also funding nationwide roadblocks that provide police with “voluntary” DNA samples.
Presently there are 28 states, that force motorists to give police their DNA regardless of whether they’ve been convicted of a crime.
Police claim forcing people to submit their DNA will help reunite families…
According to a DHS article titled “Bringing a New Biometric Capability to Verify Families Separated by Crisis“. Law enforcement claims that forcing people to submit their DNA is a public service and will be used to reunite families trust them…
Read more on MassPrivateI.
New jobs for my students?
How
Analytics Has Reshaped Political Campaigning Forever
Barack Obama’s 2008 campaign team reinvented the
art of modern campaigning by using data to transform almost every
aspect of running for office. It
succeeded wildly in turning out infrequent and new voters,
and since then its innovations—which included mining individual
TV-viewing habits to get more out of advertising dollars—have been
hard-wired into both parties’ presidential campaigns. That’s led
to the birth of dozens of consulting firms making grandiose promises
to disrupt politics with analytics.
Perspective..
Facebook
tops 1.5B monthly users
Facebook passed another milestone, reporting
Wednesday that its base of monthly active users passed 1.5 billion
for the first time.
Facebook crossed the 1 billion monthly user mark
in September 2012, so it's taken about three years to add the last
half billion. It took just over two years to amass the half billion
before that. For comparison, Twitter has about 320 million monthly
users.
Facebook announced the figure with its earnings
results for the third quarter, which came in better than
expected. Revenue was $4.5 billion, up 41 percent from a year
earlier, the company said, while net profit was $896 million, up 11
percent.
(Related)
Facebook
revenue, profit beat forecasts; shares hit all-time high
… Facebook now has 8 billion video views per
day from 500 million people, compared with 4 billion views in April.
And Facebook's website
and Instagram photo-sharing app, which opened up its platform to all
advertisers in the third quarter, account for more than 1
in 5 minutes spent on mobile devices in the United States,
Chief Operating Officer Sheryl Sandberg said.
Still watching.
… Much had previously been made of apparently
incriminating
Skype calls Dotcom had placed with his former business partners,
but today Mansfield said the U.S. had knowingly translated those from
German to suit their cause.
One, in which Dotcom allegedly said: “At some
point a judge will be convinced how evil we are and then we are in
trouble,” was corrected
by Mansfield to state: “Because at some stage a judge will be
talked into how bad we allegedly are – and then we will be a mess.”
… Mansfield argued that there are limits on
how far a company like Megaupload can be held liable for the actions
of its users.
He said that in both New Zealand and the United
States laws exist to protect people like Dotcom and the service
provider companies they create, and the U.S. is attempting to create
criminal liability where non exists.
… “Internet giants like Google, Facebook and
Twitter are immune from prosecution and to indict them would result
in unprecedented public outrage.”
(Related)
… Earlier today the U.S. government asked
Judge Nevin Dawson to rule that the evidence of the defense is
inadmissible, meaning that Dotcom would be left without a defense at
all.
TorrentFreak approached Dotcom for comment on this
bold move. Fortunately for him the Judge quickly dismissed the U.S.
attempt at having a one-sided battle.
(Related)
Dotcom:
Extradition treaty not for copyright infringement
… Ron Mansfield, the lawyer representing
Dotcom in the ongoing extradition trial in Auckland District Court,
on Tuesday accused the US of wilfully excluding from its case the
fact that the US Supreme Court has ruled several times that copyright
infringement does not constitute wire fraud, the primary charge on
which they hope to extradite Dotcom.
Perhaps something my IT students can tap into?
A Small
Business IT Concierge at Your Service
When you hear the word "concierge," you
probably think of the service that made dinner reservations for you
the last time you stayed in an up-scale hotel. You probably didn't
think of a dedicated team of tech experts researching solutions for
your next small business IT project. But now you can, thanks to the
Spiceworks
IT Concierge Service.
If you own or operate—or provide IT services
to—a small business and you haven't heard of Spiceworks, do
yourself a favor and get acquainted. The company provides free
(ad-supported) network management, network inventory, and help desk
software. It also operates a very active online community of IT
professionals.
A simple picture collection of everything.
Perhaps I could use it to gather wild mushrooms?
Encyclopedia
of Life – Global access to knowledge about life on Earth
by Sabrina
I. Pacifici on Nov 4, 2015
What
is EOL? – Information and pictures of all species known to science
– “Our knowledge of the many life-forms on Earth – of animals,
plants, fungi, protists and bacteria – is scattered around the
world in books, journals, databases, websites, specimen collections,
and in the minds of people everywhere. Imagine what it would mean if
this information could be gathered together and made available to
everyone – anywhere – at a moment’s notice.”
Some to share with my students?
27
Fantastic Learning Websites You Might Have Missed
No comments:
Post a Comment