Sunday, November 01, 2015

This is the opposite of what normally happens. I hope they're right.
From TalkTalk, yesterday:
Since the cyber attack on our website on Wednesday 21st October 2015, we have been working to establish what happened and, importantly, understand the extent of any individual customer data stolen during this attack. In light of the potential scale of attack, our responsibility last week was to inform all customers as quickly as possible. Our investigation continues, but we now know the extent of the data accessed is significantly less than originally suspected and can confirm that the following personal data was accessed:
  • Less than 21,000 unique bank account numbers and sort codes
  • Less than 28,000 obscured credit and debit card details (as previously stated, the middle 6 digits had been removed)
  • Less than 15,000 customer dates of birth
  • Less than 1.2 million customer email addresses, names and phone numbers
Starting today, we are writing to all customers who have been affected by this to let them know what information has been accessed.
As we have previously confirmed, the credit and debit card details cannot be used for financial transactions. In addition, we have shared the affected bank details with the major UK banks so they can take their usual actions to protect customers’ accounts in the highly unlikely event that a criminal attempts to defraud them. [See below Bob]

(Related) Another young hacker. Are they a 'criminal gang' that met online? Should be interesting if any details emerge.
Levi Winchester and Nick Gutteridge report that a 20-year old man from Staffordshire has become the third person arrested in connection to the TalkTalk breach. It’s not clear from the reporting whether either or both of the two teens previously arrested provided information to the Metropolitan Police that led to this arrest. Read more on The Express.
The BBC, in its coverage, notes:
Police confirmed that officers have also carried out a search at a residential property in Liverpool in connection with the “significant and sustained” attack on its website on 21 October.

(Related) Softening their language if not their position. Probably too late to help repair their image.
Talk Talk will waive cancellation fees, IF you can prove you were a victim of fraud

(Somewhat related) Mentions that some TalkTalk customers have already had money stolen from their bank accounts.
Ben Ellery and Jaber Mohamed report:
Criminals are selling the private details of thousands of British consumers online as a result of the TalkTalk hacking scandal – and dozens more major companies are affected, The Mail on Sunday can reveal.
Confidential information including names, addresses, mobile phone numbers and bank details of TalkTalk customers are being bought and sold by fraudsters in illegal trading markets on the internet.
And customer details of 14 other big-name brands, including Vodafone, Visa, Sky TV, Amazon and Ticketmaster, are also being sold for as little as 10p, leaving consumers vulnerable to a huge range of scams.
Read more on Daily Mail.

A nice summary of everything OPM had to ignore to set the stage for their massive breach? Notice that they seem to think that 2009 marks the start of the computer age.
White House – Cybersecurity Strategy and Implementation Plan
by Sabrina I. Pacifici on Oct 31, 2015
Tony Scott – Federal CIO – Modernizing Federal Sybersecurity – [October 30, 2015] “the Administration directed a series of actions to continue strengthening Federal cybersecurity & modernizing the government’s technology infrastructure. Strengthening the cybersecurity of Federal networks, systems, and data is one of the most important challenges we face as a Nation. Every day, public and private sector leaders – my team included – are directing significant resources to address this ever-growing problem. Yet as cyber threats increase in severity, so does the pace of this Administration’s efforts. Since 2009, the U.S. Government has implemented a wide range of policies, both domestic and international, to improve our cyber defenses, enhance our response capabilities, and upgrade our incident management tools by:
  • Directing a comprehensive Cyberspace Policy Review in order to assess U.S. policies and structures for cybersecurity;
  • Making cybersecurity one of the Administration’s first cross-agency priority management goals;
  • Spurring information sharing through the President’s executive order to encourage the development of Information Sharing and Analysis Organizations (ISAOs) to serve as the hubs for sharing critical cybersecurity information and promoting collaboration for analyzing this information both within and across industry sectors;
  • Leveraging cutting edge tools like the Department of Homeland Security’s (DHS) EINSTEIN and Continuous Diagnostics & Mitigation (CDM) program; and,
  • Proposing targeted investments across a range of Federal departments and agencies that improve cybersecurity and protect government networks from cyber-threats.”

I'm hoping one of my lawyer friends will translate this for me. What benefit would the government get here other than a precedent? Is there any way they might find the defendant more guilty?
After guilty plea, judge confused as to why prosecutors still want iPhone unlocked
Federal prosecutors have said that they are moving forward in their attempt to compel Apple to unlock a seized iPhone 5S running iOS 7, even after the defendant in a felony drug case has now pleaded guilty.
… As the judge wrote Friday:
In light of the fact that the defendant against whom evidence from the subject telephone was to be used has pleaded guilty, I respectfully direct the government to explain why the application is not moot.

(Related) Some people see a market for decryption. (But no benefit to hiring anyone who can write English.)
Hacking Team, the infamous Italy-based spyware company that had more than 400 GB of its confidential information stolen earlier this year, has resumed its operations and started pitching new hacking tools to help US law enforcement gets around their encryption issues.
… The announcement came in an email pitch sent to existing and potential new customers on October 19 when Hacking Team CEO David Vincenzetti confirmed that Hacking Team is now "finalizing [its] brand new and totally unprecedented cyber investigation solutions."
The e-mail is not made public, but Motherboard has been able to obtain a copy of it that states:
"Most [government agencies] in the United States and abroad will become 'blind,' they will 'go dark,' they will simply be unable to fight vicious phenomena such as terrorism," wrote Vincenzetti. "Only the private companies can help here; we are one of them."
"It is crystal clear that the present American administration does not have the stomach to oppose the American IT conglomerates and to approve unpopularly, yet totally necessary, regulations," He added.

Should you tell Facebook that you're in the Witness Protection Program? That you are hiding from an abusive spouse? How sensitive is an explaination?
Facebook Will Soon Allow Users To Explain Why They Don’t Use Their Real Names On Facebook

Collecting police video. Does Microsoft see a big market here?
Microsoft And Taser Announce Partnership To Boost Technology For Law Enforcement
On Monday, TASER International, a developer, manufacturer and supplier of smart weapons, body-worn cameras and evidence data storage for law enforcement, announced a partnership with Microsoft to bolster its technology. According to Microsoft, the partnership will combine the Microsoft Azure cloud and Windows 10 devices with TASER's Axon Platform and solutions.
Each party expects the collaborative effort will bolster the way law-enforcement officials manage evidence including aspects like "ingesting, retrieving, sharing, analyzing and archiving video," according to Microsoft. The tech giant also claims that the partnership will give law-enforcement agencies the peace of mind to entrust the companies' combined technologies with the most critical evidence and data.

Clear enough that I will share it with my Computer Security students without worrying about spending half the class explaining the “big words.”
Snapchat posts new privacy policy
by Sabrina I. Pacifici on Oct 31, 2015
Last Modified: October 28, 2015 – “Snapchat is a fast and fun way to share experiences with your friends and the world around you. You can send a photo or video Snap to friends, chronicle your day through My Story, touch base using Chat, immerse yourself in global events through Live, and enjoy handcrafted stories from the world’s top publishers on Discover. When you use these services—and any others we roll out—you’ll inevitably share some information with us. We get that that can affect your privacy. So we want to be upfront about the information we collect, how we use it, whom we share it with, and the choices we give you to control, access, and update your information. That’s why we’ve written this privacy policy. And it’s why we’ve tried to write it in a way that’s blissfully free of the legalese that often clouds these documents. Of course, if you still have questions about anything in our privacy policy, just ping us…”

I'd like to see the arguments on both sides. Do we really want non-lethal weapons? What if this did not look like a gun?
SALT Alternative Gun That Shoots Pepper Pellets Instead Of Bullets Pulled From Indiegogo
In light of the heated debates on the controversial issue of gun control, and with anything that barely resembles a weapon causing unnecessary attention from the police, is it even safe to put out alternative weapons masquerading as a handgun?
SALT, a weapon that looks like a gun but works more like a pepper spray, was pulled off Indiegogo precisely because of this.
… Unlike traditional handguns, which fire bullets by way of an explosive, SALT uses carbon dioxide cartridges similar to those used in airsoft guns to expel .70-caliber pepper pellets that can temporarily disable an intruder for around half an hour. The pellets contain a mixture of powdered chemicals, including oleoresin capsicum derived from ghost pepper, which is also found in traditional pepper sprays. The founders say their mixture is more potent than the one used in a similar device used by the Department of Homeland Security.
Users do not have to hit the target for SALT to take full effect. Because the pepper pellets explode upon contact, users simply have to fire at anywhere near the target to create a peppery cloud of protection that envelopes and disables the target. As a result, the target experiences lung constriction, temporary blindness and severe itching on the parts of the skin exposed to the chemicals, giving users enough time to run to safety and contact the authorities.

Perhaps a not-so-simple question. Are self-driving cars automotive technology or information technology? Who can do it better?
Can Detroit Beat Google to the Self-Driving Car?

For the next time I face Math students.
Writing Mathematics Online

Global Warming! Global Warming!
Gains Of Antarctic Ice Sheet Greater Than Losses: NASA Study
… The new data offers previously unrecorded gains in Antarctica, scientists say, but it challenges the conclusions of other reports such as the 2013 Intergovernmental Panel on Climate Change (IPCC) study. The IPCC's earlier report said that the continent is continuously losing land ice.
According to the new NASA research published in the Journal of Glaciology, the Antarctic ice sheet accumulated a net gain of 112 billion tons of ice per year in the period covering 1992 to 2001, but it decelerated to 82 billion tons of ice per year in the 2003 to 2008 period.

No comments: