Thursday, November 12, 2015

Who is next?
Although the DDoS attack and extortion demand made on ProtonMail was the first to draw a lot of media attention – possibly because ProtonMail paid the demand – Hushmail, Runbox, Zoho, and VFEMail were also hit with DDoS attacks, seemingly by the hackers who call themselves the Armada Collective. Neomailbox was also hit, and now Iain Thompson reports that FastMail was hit, too:
FastMail has become the latest web services company to get taken down by distributed denial of service (DDoS) raiders who are trying to extort Bitcoins in exchange for internet access.
The company reports that its servers were down briefly on DDoS attack Sunday 8 November, after the people responsible contacted the company with a ransom demand, asking for 20 Bitcoin (worth around $7,500) to make the assaults go away. Another attack occurred on Monday.
“First of all, we would like to make one thing clear. We do not respond to extortion attempts, and we will not pay these criminals under any circumstances,” the firm said in a blog post.
Read more on The Register.
Graham Cluley had posted a copy of the extortion demand being made.

A challenge for my Computer Security students.
Most Enterprises Prone to Privileged Account Hacks: Report
Most Windows-based network devices that hold sufficiently privileged credentials to enable attackers compromise other machines and accounts have been found to be susceptible to compromise, a recent report from CyberArk Labs reveals.
According to the report (PDF), dubbed “Analyzing Real-World Exposure to Windows Credential Theft Attacks,” 88 percent of the analyzed Windows-based workstations and servers could be compromised through privileged account credential theft or abuse.

Once information (in this case photographs) hit the Internet, they are there for anyone to use.
Richard Chirgwin reports:
Police are now saying that yesterday’s Melbourne train-heist-and-wreck was possible because miscreants bought stolen keys online.
The vandalism, the cost of which is now estimated at AU$3 million rather than the original $2 million, involved people getting into an idle train at Hurstbridge station, starting it, and taking it on a 50-metre trip through the railyard.
The train halted by a “derail block” which then tipped it into another train.
However, in reporting the issue of stolen keys, Melbourne newspaper The Age compounded the problem: it showed a photograph of “universal keys” in sufficient detail for them to be reproduced.
Read more on The Register.

Perhaps we could build one for the US? (Use Google Translate.)
Telecompaper reports:
The Danish Business Authority said it has launched the Privacy Compass at a conference attended by more than 150 organisations. The online tool aims to help businesses monitor their use of personal data and follow the law.
Read more on Telecompaper.

Can I track your phone?
Cell Phone Location Tracking Laws By State
by Sabrina I. Pacifici on Nov 11, 2015
ACLU: “Location records can reveal an enormous of information about a person, especially with the proliferation of smartphones that constantly track our whereabouts. Because privacy laws haven’t kept up with advances in technology, police have long claimed the authority to access this information from cell phone companies without warrants. That’s changing. While Congress and the Supreme Court haven’t yet weighed in on whether a warrant should be required for location information, little by little, state legislatures and lower courts are expanding privacy protections for more and more Americans. That does mean, however, that the status of your privacy protections depends on where you are. For example, your location information is protected in Montana, but not in Georgia. In Illinois, police need a warrant to know where you are right now, but not where you were last week. In California, your location information is protected against warrantless search by state and local police, but not by federal authorities. In other states, we’re still waiting for rulings, and in Florida, state and federal courts are at odds on the matter. The map below details the status of cell phone location tracking laws by state. Click on any highlighted state for more information…”

Can I track you?
If you’re interested in how retailers are using facial recognition in their stores – without even notifying you – do read Joe Cadillic’s post on MassPrivateI. Here’s a snippet:
FaceFirst’s website describes in greater detail how they can send descriptive alerts to security when pre-identified shoplifters walk through any door at any store. They also claim to have the ability to identify litigious individuals.
“Just load existing photos of your known shoplifters, members of organized retail crime syndicates, persons of interest, and your best customers into FaceFirst. Instantly, when a person in your FaceFirst database steps into one of your stores, you are sent an email, text, or SMS alert that includes their picture and all biographical information of the known individual so you can take immediate and appropriate action.”

Phoney security? Can we determine who, beside the hacker, had access to these calls?
Not So Securus
AN ENORMOUS CACHE of phone records obtained by The Intercept reveals a major breach of security at Securus Technologies, a leading provider of phone services inside the nation’s prisons and jails. The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. The calls span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014.
Particularly notable within the vast trove of phone records are what appear to be at least 14,000 recorded conversations between inmates and attorneys, a strong indication that at least some of the recordings are likely confidential and privileged legal communications — calls that never should have been recorded in the first place.

Just another cutting-edge consultant – why the fuss? Oh yeah, they didn't bother to tell anyone. If the university trained the FBI forensics guys, would that be an non-issue? What did the FBI's lawyers know about this and could they have easily avoided the hassle?
Court Docs Show a University Helped FBI Bust Silk Road 2, Child Porn Suspects
An academic institution has been providing information to the FBI that led to the identification of criminal suspects on the dark web, according to court documents reviewed by Motherboard. Those suspects include a staff member of the now-defunct Silk Road 2.0 drug marketplace, and a man charged with possession of child pornography.
It raises questions about the role that academics are playing in the continued crackdown on dark web crime, as well as the fairness of the trials of each suspect, as crucial discovery evidence has allegedly been withheld from both defendants.

More excitement than a journalist can stand! Perhaps we'll find this one got away from the operator like the one that landed on the White House lawn.
The Seattle Great Wheel has been damaged by drone
Seattle’s Great Wheel was struck by a drone Wednesday night, shutting down the waterfront attraction briefly but causing no injuries. The incident happened just after 4.45 p.m. Employees say they heard a loud “thud” and saw a drone had crashed onto a plastic table on an outdoor patio area.
… Jamieson said drone strikes are fairly uncommon, recalling only one other incident when a drone crashed into a downtown Seattle building and then struck a 25-year-old woman in the head at the Pride Parade this summer.
… Great Wheel operators briefly stopped the ferris wheel, unloaded passengers, then inspected the ride and did not find any damage.

The new “on demand” businesses.
DoorDash Wants to Own the Last Mile
… One in three Silicon Valley households uses DoorDash. Nationwide, there are “tens of thousands” of Dashers.
… Though typically fueled by a feel-good mission (in DoorDash’s case it’s a desire to see local merchants thrive; Uber cites lofty ideals of a more evolved transportation policy), these enterprises see themselves not in terms of the prosaic tasks they perform for customers but more like utilities — human/machine infrastructure. The business, they claim, is not delivery but “logistics.” DoorDash, typical of this genre, believes that its real advantage lies in its software.

(Related) Innovative business, innovative lawsuits?
In-N-Out Files Lawsuit Against Food Delivery Startup DoorDash
Fast food restaurant In-N-Out, known for its delicious burgers and secret sauce, is suing food delivery startup DoorDash, TMZ reported earlier today. In-N-Out, which filed the lawsuit on Nov. 6, 2015, claims trademark infringement and unfair competition. Basically, In-N-Out wants DoorDash to stop delivering their delicious food because of concerns around quality, food handling and safety.
Here’s a key piece of the filing:
Defendant’s use of Plaintiff’s famous trademarks implies that Defendant not only delivers In-N-Out products to its customers, but that the quality and services offered by Defendant is the same as if consumers had made purchases directly from Plaintiff.

Perspective, and an illustration of Big Data?
Alibaba made $1 billion in 8 minutes
… By midday, that amount had crossed US$9 billion, equalling Alibaba's take for the whole day last year. China's second largest e-commerce company,, has recorded 14 million orders thus far.
Single's Day is the biggest online shopping day in the world, with several billion dollars worth of e-commerce transactions taking place. The International Data Corporation (IDC) told CNET that this year's sales will surpass $14 billion, which equates to over AU$20 billion or £9 billion. To put that into perspective, last year Thanksgiving and Black Friday sales in the US amounted to a relatively paltry US$2.5 billion.

Just because...
Navy Releases Definitive History of Naval Aviation Online
by Sabrina I. Pacifici on Nov 11, 2015
Navy Releases Definitive History of Naval Aviation Online By Jim Caiella, Naval History and Heritage Command, Communication and Outreach Division – “The Navy released online Nov. 4 its recently-published, two-volume history of U.S. naval aviation. United States Naval Aviation 1910–2010 by Mark L. Evans and Roy A. Grossnick (2015, ISBN 978-0-945274-87-2, hardback, two volumes) is the Naval History and Heritage Command’s fourth update to the original history which was initiated in 1960. That first issue celebrated the first 50 years of United States naval aviation and this two-volume set commemorates the centenary… This and other free Naval History and Heritage Command publications can be found at:”

For my spreadsheet students.
Microsoft Excel + Power BI = Data Analysis Bliss

For my students who grab the first item from a Google search.
Find Open Access Dissertations and Theses
by Sabrina I. Pacifici on Nov 11, 2015
PQDT Open provides the full text of open access dissertations and theses free of charge. You can quickly and easily locate dissertations and theses relevant to your discipline, and view the complete text in PDF format. Open Access Publishing – The authors of these dissertations and theses have opted to publish as open access. Open Access Publishing is a new service offered by ProQuest’s UMI Dissertation Publishing…”

For my App creating students.
10 DIY Application Development Platforms

No comments: