Who is next?
Although the DDoS attack and extortion demand made
on ProtonMail was the first to draw a lot of media attention –
possibly because ProtonMail paid the demand – Hushmail, Runbox,
Zoho, and VFEMail were also hit with DDoS attacks, seemingly by the
hackers who call themselves the Armada Collective. Neomailbox was
also hit, and now Iain Thompson reports that FastMail was hit, too:
FastMail has become the latest web services company to get taken down by distributed denial of service (DDoS) raiders who are trying to extort Bitcoins in exchange for internet access.
The company reports that its servers were down briefly on DDoS attack Sunday 8 November, after the people responsible contacted the company with a ransom demand, asking for 20 Bitcoin (worth around $7,500) to make the assaults go away. Another attack occurred on Monday.
“First of all, we would like to make one thing clear. We do not respond to extortion attempts, and we will not pay these criminals under any circumstances,” the firm said in a blog post.
Read more on The
Register.
Graham Cluley had posted a copy
of the extortion demand being made.
A challenge for my Computer Security students.
Most
Enterprises Prone to Privileged Account Hacks: Report
Most
Windows-based network devices that hold sufficiently privileged
credentials to enable attackers compromise other machines and
accounts have been found to be susceptible to compromise, a recent
report from CyberArk Labs reveals.
According
to the report
(PDF), dubbed “Analyzing
Real-World Exposure to Windows Credential Theft Attacks,”
88 percent of the analyzed Windows-based workstations and servers
could be compromised through privileged account credential theft or
abuse.
Once information (in this case photographs) hit
the Internet, they are there for anyone to use.
Richard Chirgwin reports:
Police are now saying that yesterday’s Melbourne train-heist-and-wreck was possible because miscreants bought stolen keys online.
The vandalism, the cost of which is now estimated at AU$3 million rather than the original $2 million, involved people getting into an idle train at Hurstbridge station, starting it, and taking it on a 50-metre trip through the railyard.
The train halted by a “derail block” which then tipped it into another train.
However, in reporting the issue of stolen keys, Melbourne newspaper The Age compounded the problem: it showed a photograph of “universal keys” in sufficient detail for them to be reproduced.
Read more on The
Register.
Perhaps we could build one for the US? (Use
Google Translate.)
Telecompaper reports:
The Danish Business Authority said it has launched the Privacy Compass at a conference attended by more than 150 organisations. The online tool aims to help businesses monitor their use of personal data and follow the law.
Read more on Telecompaper.
Can I track your phone?
Cell Phone
Location Tracking Laws By State
by Sabrina
I. Pacifici on Nov 11, 2015
ACLU: “Location records can reveal an enormous
of information about a person, especially with the proliferation of
smartphones that constantly track our whereabouts. Because privacy
laws haven’t kept up with advances in technology, police have long
claimed the authority to access this information from cell phone
companies without warrants. That’s changing. While Congress and
the Supreme Court haven’t yet weighed in on whether a warrant
should be required for location information, little by little, state
legislatures and lower courts are expanding privacy protections for
more and more Americans. That does mean, however, that the status of
your privacy protections depends on where you are. For example, your
location information is protected in Montana, but not in Georgia. In
Illinois, police need a warrant to know where you are right now, but
not where you were last week. In California, your location
information is protected against warrantless search by state and
local police, but not by federal authorities. In other states, we’re
still waiting for rulings, and in Florida, state and federal courts
are at odds on the matter. The map below details the status of cell
phone location tracking laws by state. Click
on any highlighted state for more information…”
Can I track you?
If you’re interested in how retailers are using
facial recognition in their stores – without even notifying you –
do read Joe Cadillic’s post on MassPrivateI.
Here’s a snippet:
FaceFirst’s website describes in greater detail how they can send descriptive alerts to security when pre-identified shoplifters walk through any door at any store. They also claim to have the ability to identify litigious individuals.
“Just load existing photos of your known shoplifters, members of organized retail crime syndicates, persons of interest, and your best customers into FaceFirst. Instantly, when a person in your FaceFirst database steps into one of your stores, you are sent an email, text, or SMS alert that includes their picture and all biographical information of the known individual so you can take immediate and appropriate action.”
Phoney security? Can we determine who, beside the
hacker, had access to these calls?
Not So
Securus
AN ENORMOUS CACHE of phone records obtained
by The Intercept reveals a major breach of security at
Securus Technologies, a leading provider of phone services inside the
nation’s prisons and jails. The materials — leaked via
SecureDrop by an
anonymous hacker who believes that Securus is violating the
constitutional rights of inmates — comprise over 70 million records
of phone calls, placed by prisoners to at least 37 states, in
addition to links to downloadable recordings of the calls. The calls
span a nearly two-and-a-half year period, beginning in December 2011
and ending in the spring of 2014.
Particularly notable
within the vast trove of phone records are what appear to be at least
14,000 recorded conversations between inmates and attorneys, a strong
indication that at least some of the recordings are likely
confidential and privileged legal communications — calls that never
should have been recorded in the first place.
Just another cutting-edge consultant – why the
fuss? Oh yeah, they didn't bother to tell anyone. If the university
trained the FBI forensics guys, would that be an non-issue? What did
the FBI's lawyers know about this and could they have easily avoided
the hassle?
Court Docs
Show a University Helped FBI Bust Silk Road 2, Child Porn Suspects
An academic institution has been providing
information to the FBI that led to the identification of criminal
suspects on the dark web, according to court documents reviewed by
Motherboard. Those suspects include a staff member of the
now-defunct Silk Road 2.0 drug marketplace, and a man charged with
possession of child pornography.
It raises questions about the role that academics
are playing in the continued crackdown on dark web crime, as well as
the fairness of the trials of each suspect, as crucial discovery
evidence has allegedly been withheld from both defendants.
More excitement than a journalist can stand!
Perhaps we'll find this one got away from the operator like the one
that landed on the White House lawn.
The Seattle
Great Wheel has been damaged by drone
Seattle’s Great Wheel was struck by a drone
Wednesday night, shutting down the waterfront attraction briefly but
causing no injuries. The incident happened just after 4.45 p.m.
Employees say they heard a loud “thud” and saw a drone had
crashed onto a plastic table on an outdoor patio area.
… Jamieson said drone strikes are fairly
uncommon, recalling only one other incident when a drone crashed into
a downtown Seattle building and then struck a 25-year-old woman in
the head at the Pride Parade this summer.
… Great Wheel operators briefly stopped the
ferris wheel, unloaded passengers, then inspected the ride and did
not find any damage.
The new “on demand” businesses.
… One in three Silicon Valley households uses
DoorDash. Nationwide, there are “tens of thousands” of Dashers.
… Though typically fueled by a feel-good
mission (in DoorDash’s case it’s a desire to see local merchants
thrive; Uber cites lofty ideals of a more evolved transportation
policy), these enterprises see themselves not in terms of the prosaic
tasks they perform for customers but more like
utilities — human/machine infrastructure. The
business, they claim, is not delivery but “logistics.”
DoorDash, typical of this genre, believes that its real advantage
lies in its software.
(Related) Innovative business, innovative
lawsuits?
In-N-Out
Files Lawsuit Against Food Delivery Startup DoorDash
Fast food restaurant In-N-Out, known for its
delicious burgers and secret sauce, is suing food delivery startup
DoorDash, TMZ
reported earlier today. In-N-Out, which filed the lawsuit on
Nov. 6, 2015, claims trademark infringement and unfair competition.
Basically, In-N-Out wants DoorDash to stop delivering their delicious
food because of concerns around quality, food handling and safety.
Here’s a key piece of the filing:
Defendant’s use of Plaintiff’s famous trademarks implies that Defendant not only delivers In-N-Out products to its customers, but that the quality and services offered by Defendant is the same as if consumers had made purchases directly from Plaintiff.
Perspective, and an illustration of Big Data?
Alibaba
made $1 billion in 8 minutes
… By midday, that amount had crossed US$9
billion, equalling Alibaba's take for the whole day last year.
China's second largest e-commerce company, JD.com, has recorded
14 million orders thus far.
Single's Day is the biggest online shopping day in
the world, with several billion dollars worth of e-commerce
transactions taking place. The International Data Corporation (IDC)
told CNET that this year's sales will surpass $14 billion, which
equates to over AU$20 billion or £9 billion. To put that into
perspective, last year Thanksgiving
and Black Friday sales in the US amounted to a relatively paltry
US$2.5 billion.
Just because...
Navy
Releases Definitive History of Naval Aviation Online
by Sabrina
I. Pacifici on Nov 11, 2015
Navy Releases Definitive History of Naval Aviation
Online By Jim Caiella, Naval
History and Heritage Command, Communication and Outreach Division –
“The Navy released online
Nov. 4 its recently-published, two-volume history of U.S. naval
aviation. United
States Naval Aviation 1910–2010 by Mark L. Evans and Roy
A. Grossnick (2015, ISBN 978-0-945274-87-2, hardback, two volumes) is
the Naval History and Heritage Command’s fourth update to the
original history which was initiated in 1960. That first issue
celebrated the first 50 years of United States naval aviation and
this two-volume set commemorates the centenary… This and other
free Naval History and Heritage Command publications can be found at:
http://www.history.navy.mil/research/publications/recent-publications.html.”
For my spreadsheet students.
Microsoft
Excel + Power BI = Data Analysis Bliss
For my students who grab the first item from a
Google search.
Find Open
Access Dissertations and Theses
by Sabrina
I. Pacifici on Nov 11, 2015
“PQDT
Open provides the full text of open access dissertations and
theses free of charge. You can quickly and easily locate
dissertations and theses relevant to your discipline, and view the
complete text in PDF format. Open Access Publishing – The authors
of these dissertations and theses have opted to publish as open
access. Open
Access Publishing is a new service offered by ProQuest’s UMI
Dissertation Publishing…”
- See also – via EBSCO – Searching: American Doctoral Dissertations, 1933 – 1955
For my App creating students.
10 DIY
Application Development Platforms
No comments:
Post a Comment