Thursday, November 05, 2015

I needed a really bad example for my Computer Security class. Thanks TalkTalk! It's not just bad PR, it's likely to motivate “hacktivists” to teach TalkTalk a lesson.
TalkTalk is really turning out to be the poster child for how not to handle a breach. In today’s installment of “Lollipops are Adequate Mitigation, Right?” Alexander J. Martin reports:
TalkTalk is trying and failing to mend its broken customer relationships following the recent mega breach, in one case offering an individual who had £3,500 stolen from his personal bank account just £30.20 as a “good will gesture [and] final settlement” by way of compensation.
Ian Rimmington, based in Ossett, West Yorkshire, told The Register £3,500 had disappeared from his account on Friday, 23 October. This was two days after the telco had been hacked and hours after it claims it had informed banks that punters’ personal information had been compromised.
Read more on The Register.

New technologies do not always require the invention of new security tools. If they had asked me I could have saved them millions!
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded two grants for the development of technologies that can help defend government and privately owned vehicles from cyberattacks. “Modern vehicles are no longer purely mechanical systems,” said Dr. Dan Massey, S&T Cyber Physical Systems Security (CPSSEC) Program Manager. “Today’s vehicles have interdependent cyber components used for telematics, conveniences, and safety-critical systems. A stealthy adversary could gain access to a vehicle’s cyber components and remain completely hidden until initiating a widespread attack.”
Read more about the grant awards to U. Michigan and HRL Laboratories, LLC on Homeland Security News Wire.
From the article:
S&T awarded $1.2 million to the University of Michigan for a project titled “Secure Software Update Over-the-Air for Ground Vehicles Specification and Prototype.” [Aside from the obvious (don't broadcast the updates) encryption will likely work. Bob]
… S&T also awarded $2.5 million to HRL Laboratories, LLC, of Malibu, California, for a project titled “Side-Channel Causal Analysis for Design of Cyber-Physical Security.” [Use public domain software. Problem solved. Bob]

If law enforcement did find a way to decrypt the device without the owner surrendering a password, would a conviction be overturned?
Fiona Hamilton reports:
Convictions of suspects who refuse to hand over their encrypted passwords have risen sixfold in four years, potentially blocking police from examining their electronic devices.
The sharp increase has led to fears that criminals are opting to plead guilty to encryption offences rather than allow detectives to go through their computers and phones, which could lead to more serious charges and longer sentences.
Read more on The Times (subscription required).

We know this is coming. How will these technologies be used? Can I use them too?
California Cops Are Using These Biometric Gadgets in the Field
Law enforcement agencies around the country are increasingly embracing biometric technology, which uses intrinsic physical or behavioral characteristics—such as fingerprints, facial features, irises, tattoos, or DNA—to identify people, sometimes even instantly. Just as the technology that powers your cell phone has shrunk both in size and cost, mobile biometric technologies are now being deployed more widely and cheaply than ever before—and with less oversight.
… Because of the volume of records we’ve received so far (the documents continue to flow in faster than EFF and MuckRock’s teams can read through them), we’re starting with California. Nine of the agencies have responded to our requests with documents, while many more claimed they didn’t have any records.
Of those that did respond, most employed a digital fingerprinting device. Facial recognition has also been widely embraced among agencies in San Diego County, with Santa Clara County law enforcement agencies close behind. In addition, the Los Angeles Sheriff’s Department’s biometrics system includes tattoo recognition, while the Orange County Sheriff's Department is also investigating iris recognition.

Joe Cadillic writes:
The American Police State has become a monster.
Police across the country are forcing motorists to give them blood, saliva (DNA) and much worse.
The National Highway Safety Administration, the agency that funds “No Refusal” DUI checkpoints and forcible blood draws, is also funding nationwide roadblocks that provide police with “voluntary” DNA samples.
Presently there are 28 states, that force motorists to give police their DNA regardless of whether they’ve been convicted of a crime.
Police claim forcing people to submit their DNA will help reunite families…
According to a DHS article titled “Bringing a New Biometric Capability to Verify Families Separated by Crisis“. Law enforcement claims that forcing people to submit their DNA is a public service and will be used to reunite families trust them…
Read more on MassPrivateI.

New jobs for my students?
How Analytics Has Reshaped Political Campaigning Forever
Barack Obama’s 2008 campaign team reinvented the art of modern campaigning by using data to transform almost every aspect of running for office. It succeeded wildly in turning out infrequent and new voters, and since then its innovations—which included mining individual TV-viewing habits to get more out of advertising dollars—have been hard-wired into both parties’ presidential campaigns. That’s led to the birth of dozens of consulting firms making grandiose promises to disrupt politics with analytics.

Facebook tops 1.5B monthly users
Facebook passed another milestone, reporting Wednesday that its base of monthly active users passed 1.5 billion for the first time.
Facebook crossed the 1 billion monthly user mark in September 2012, so it's taken about three years to add the last half billion. It took just over two years to amass the half billion before that. For comparison, Twitter has about 320 million monthly users.
Facebook announced the figure with its earnings results for the third quarter, which came in better than expected. Revenue was $4.5 billion, up 41 percent from a year earlier, the company said, while net profit was $896 million, up 11 percent.

Facebook revenue, profit beat forecasts; shares hit all-time high
… Facebook now has 8 billion video views per day from 500 million people, compared with 4 billion views in April.
And Facebook's website and Instagram photo-sharing app, which opened up its platform to all advertisers in the third quarter, account for more than 1 in 5 minutes spent on mobile devices in the United States, Chief Operating Officer Sheryl Sandberg said.

Still watching.
… Much had previously been made of apparently incriminating Skype calls Dotcom had placed with his former business partners, but today Mansfield said the U.S. had knowingly translated those from German to suit their cause.
One, in which Dotcom allegedly said: “At some point a judge will be convinced how evil we are and then we are in trouble,” was corrected by Mansfield to state: “Because at some stage a judge will be talked into how bad we allegedly are – and then we will be a mess.”
… Mansfield argued that there are limits on how far a company like Megaupload can be held liable for the actions of its users.
He said that in both New Zealand and the United States laws exist to protect people like Dotcom and the service provider companies they create, and the U.S. is attempting to create criminal liability where non exists.
… “Internet giants like Google, Facebook and Twitter are immune from prosecution and to indict them would result in unprecedented public outrage.”

… Earlier today the U.S. government asked Judge Nevin Dawson to rule that the evidence of the defense is inadmissible, meaning that Dotcom would be left without a defense at all.
TorrentFreak approached Dotcom for comment on this bold move. Fortunately for him the Judge quickly dismissed the U.S. attempt at having a one-sided battle.

Dotcom: Extradition treaty not for copyright infringement
… Ron Mansfield, the lawyer representing Dotcom in the ongoing extradition trial in Auckland District Court, on Tuesday accused the US of wilfully excluding from its case the fact that the US Supreme Court has ruled several times that copyright infringement does not constitute wire fraud, the primary charge on which they hope to extradite Dotcom.

Perhaps something my IT students can tap into?
A Small Business IT Concierge at Your Service
When you hear the word "concierge," you probably think of the service that made dinner reservations for you the last time you stayed in an up-scale hotel. You probably didn't think of a dedicated team of tech experts researching solutions for your next small business IT project. But now you can, thanks to the Spiceworks IT Concierge Service.
If you own or operate—or provide IT services to—a small business and you haven't heard of Spiceworks, do yourself a favor and get acquainted. The company provides free (ad-supported) network management, network inventory, and help desk software. It also operates a very active online community of IT professionals.

A simple picture collection of everything. Perhaps I could use it to gather wild mushrooms?
Encyclopedia of Life – Global access to knowledge about life on Earth
by Sabrina I. Pacifici on Nov 4, 2015
What is EOL? – Information and pictures of all species known to science – “Our knowledge of the many life-forms on Earth – of animals, plants, fungi, protists and bacteria – is scattered around the world in books, journals, databases, websites, specimen collections, and in the minds of people everywhere. Imagine what it would mean if this information could be gathered together and made available to everyone – anywhere – at a moment’s notice.”

Some to share with my students?
27 Fantastic Learning Websites You Might Have Missed

No comments: