This is the opposite of what normally happens. I
hope they're right.
From TalkTalk, yesterday:
Since the cyber attack on our website on Wednesday 21st October 2015, we have been working to establish what happened and, importantly, understand the extent of any individual customer data stolen during this attack. In light of the potential scale of attack, our responsibility last week was to inform all customers as quickly as possible. Our investigation continues, but we now know the extent of the data accessed is significantly less than originally suspected and can confirm that the following personal data was accessed:
Less than 21,000 unique bank account numbers and sort codes
Less than 28,000 obscured credit and debit card details (as previously stated, the middle 6 digits had been removed)
Less than 15,000 customer dates of birth
Less than 1.2 million customer email addresses, names and phone numbers
Starting today, we are writing to all customers who have been affected by this to let them know what information has been accessed.
As we have previously confirmed, the credit and debit card details cannot be used for financial transactions. In addition, we have shared the affected bank details with the major UK banks so they can take their usual actions to protect customers’ accounts in the highly unlikely event that a criminal attempts to defraud them. [See below Bob]
(Related) Another young hacker. Are they a
'criminal gang' that met online? Should be interesting if any
details emerge.
Levi Winchester and Nick Gutteridge report that a
20-year old man from Staffordshire has become the third person
arrested in connection to the TalkTalk breach. It’s not clear from
the reporting whether either or both of the two teens previously
arrested provided information to the Metropolitan Police that led to
this arrest. Read more on The
Express.
The BBC, in its
coverage, notes:
Police confirmed that officers have also carried out a search at a residential property in Liverpool in connection with the “significant and sustained” attack on its website on 21 October.
(Related) Softening their language if not their
position. Probably too late to help repair their image.
Talk Talk
will waive cancellation fees, IF you can prove you were a victim of
fraud
(Somewhat related) Mentions that some TalkTalk
customers have already had money stolen from their bank accounts.
Ben Ellery and Jaber Mohamed report:
Criminals
are selling the private details of thousands of British consumers
online as a result of the TalkTalk hacking scandal – and dozens
more major companies are affected, The Mail on Sunday can reveal.
Confidential
information including names, addresses, mobile phone numbers and bank
details of TalkTalk customers are being bought and sold by fraudsters
in illegal trading markets on the internet.
And
customer details of 14 other big-name brands, including Vodafone,
Visa, Sky TV, Amazon and Ticketmaster, are also being sold for as
little as 10p, leaving consumers vulnerable to a huge range of scams.
Read more on Daily
Mail.
A nice summary of everything OPM had to ignore to
set the stage for their massive breach? Notice that they seem to
think that 2009 marks the start of the computer age.
White House
– Cybersecurity Strategy and Implementation Plan
by Sabrina
I. Pacifici on Oct 31, 2015
Tony
Scott – Federal CIO – Modernizing Federal Sybersecurity –
[October 30, 2015] “the Administration directed a series of actions
to continue strengthening Federal cybersecurity & modernizing the
government’s technology infrastructure. Strengthening the
cybersecurity of Federal networks, systems, and data is one of the
most important challenges we face as a Nation. Every day, public and
private sector leaders – my team included – are directing
significant resources to address this ever-growing problem. Yet as
cyber threats increase in severity, so does the pace of this
Administration’s efforts. Since
2009, the U.S. Government has implemented a wide range of
policies, both domestic and international, to improve our cyber
defenses, enhance our response capabilities, and upgrade our incident
management tools by:
- Directing a comprehensive Cyberspace Policy Review in order to assess U.S. policies and structures for cybersecurity;
- Making cybersecurity one of the Administration’s first cross-agency priority management goals;
- Spurring information sharing through the President’s executive order to encourage the development of Information Sharing and Analysis Organizations (ISAOs) to serve as the hubs for sharing critical cybersecurity information and promoting collaboration for analyzing this information both within and across industry sectors;
- Leveraging cutting edge tools like the Department of Homeland Security’s (DHS) EINSTEIN and Continuous Diagnostics & Mitigation (CDM) program; and,
- Proposing targeted investments across a range of Federal departments and agencies that improve cybersecurity and protect government networks from cyber-threats.”
I'm hoping one of my lawyer friends will translate
this for me. What benefit would the government get here other than a
precedent? Is there any way they might find the defendant more
guilty?
After
guilty plea, judge confused as to why prosecutors still want iPhone
unlocked
Federal prosecutors have said that they are moving
forward in their attempt to compel Apple to unlock a seized
iPhone 5S running iOS 7, even after the defendant in a felony drug
case has now pleaded
guilty.
… As the judge wrote Friday:
In light of the fact that the defendant against whom evidence from the subject telephone was to be used has pleaded guilty, I respectfully direct the government to explain why the application is not moot.
(Related) Some people see a market for
decryption. (But no benefit to hiring anyone who can write English.)
Hacking Team, the infamous Italy-based spyware
company that had more than 400
GB of its confidential information stolen earlier this year, has
resumed its operations and started pitching new hacking tools to help
US law enforcement gets around their encryption
issues.
… The announcement came in an email pitch sent
to existing and potential new customers on October 19 when Hacking
Team CEO David Vincenzetti
confirmed that Hacking Team is now "finalizing [its]
brand new and totally unprecedented cyber investigation solutions."
The e-mail is not made public, but Motherboard has
been able to obtain
a copy of it that states:
"Most [government agencies] in the United States and abroad will become 'blind,' they will 'go dark,' they will simply be unable to fight vicious phenomena such as terrorism," wrote Vincenzetti. "Only the private companies can help here; we are one of them."
"It is crystal clear that the present American administration does not have the stomach to oppose the American IT conglomerates and to approve unpopularly, yet totally necessary, regulations," He added.
Should you tell Facebook that you're in the
Witness Protection Program? That you are hiding from an abusive
spouse? How sensitive is an explaination?
Facebook
Will Soon Allow Users To Explain Why They Don’t Use Their Real
Names On Facebook
Collecting police video. Does Microsoft see a big
market here?
Microsoft
And Taser Announce Partnership To Boost Technology For Law
Enforcement
… On
Monday, TASER International, a developer, manufacturer and supplier
of smart weapons, body-worn cameras and evidence data storage for law
enforcement, announced
a partnership with Microsoft to bolster its technology.
According to Microsoft, the partnership will combine the Microsoft
Azure cloud and Windows 10 devices with TASER's Axon Platform and
Evidence.com solutions.
Each party
expects the collaborative effort will bolster the way law-enforcement
officials manage evidence including aspects like "ingesting,
retrieving, sharing, analyzing and archiving video," according
to Microsoft. The tech giant also claims that the partnership will
give law-enforcement agencies the peace of mind to entrust the
companies' combined technologies with the most critical evidence and
data.
Clear enough that I will share it with my Computer
Security students without worrying about spending half the class
explaining the “big words.”
Snapchat
posts new privacy policy
by Sabrina
I. Pacifici on Oct 31, 2015
Last Modified: October 28, 2015 – “Snapchat is
a fast and fun way to share experiences with your friends and the
world around you. You can send a photo or video Snap to friends,
chronicle your day through My Story, touch base using Chat, immerse
yourself in global events through Live, and enjoy handcrafted stories
from the world’s top publishers on Discover. When you use these
services—and any others we roll out—you’ll inevitably share
some information with us. We get that that can affect your privacy.
So we want to be upfront about the information we collect, how we use
it, whom we share it with, and the choices we give you to control,
access, and update your information. That’s why we’ve written
this privacy
policy. And it’s why we’ve tried to write it in a way that’s
blissfully free of the legalese that often clouds these documents.
Of course, if you still have questions about anything in our privacy
policy, just ping
us…”
I'd like to see the arguments on both sides. Do
we really want non-lethal weapons? What if this did not look like a
gun?
SALT
Alternative Gun That Shoots Pepper Pellets Instead Of Bullets Pulled
From Indiegogo
In light of the heated debates on the
controversial issue of gun control, and with anything that barely
resembles a weapon causing unnecessary attention from the police, is
it even safe to put out alternative weapons masquerading as a
handgun?
SALT, a weapon that looks like a gun but works
more like a pepper spray, was pulled off Indiegogo precisely because
of this.
… Unlike traditional handguns, which fire
bullets by way of an explosive, SALT uses carbon dioxide cartridges
similar to those used in airsoft guns to expel .70-caliber pepper
pellets that can temporarily disable an intruder for around half an
hour. The pellets contain a mixture of powdered chemicals, including
oleoresin capsicum derived from ghost pepper, which is also found in
traditional pepper sprays. The founders say their mixture is more
potent than the one used in a similar device used by the Department
of Homeland Security.
Users do not have to hit the target for SALT to
take full effect. Because
the pepper pellets explode upon contact, users simply have
to fire at anywhere near the target to create a peppery cloud of
protection that envelopes and disables the target. As a result, the
target experiences lung constriction, temporary blindness and severe
itching on the parts of the skin exposed to the chemicals, giving
users enough time to run to safety and contact the authorities.
Perhaps a not-so-simple question. Are
self-driving cars automotive technology or information technology?
Who can do it better?
Can Detroit
Beat Google to the Self-Driving Car?
For the next time I face Math students.
Writing
Mathematics Online
Global Warming! Global Warming!
Gains Of
Antarctic Ice Sheet Greater Than Losses: NASA Study
… The new data offers previously unrecorded
gains in Antarctica, scientists say, but it challenges the
conclusions of other reports such as the 2013 Intergovernmental Panel
on Climate Change (IPCC) study. The IPCC's earlier report said that
the continent is continuously losing land ice.
According to the new NASA research published
in the Journal of Glaciology, the Antarctic ice sheet
accumulated a net gain of 112 billion tons of ice per year in the
period covering 1992 to 2001, but it decelerated to 82 billion tons
of ice per year in the 2003 to 2008 period.
No comments:
Post a Comment