Doesn't sound so good now, does it?
Lorenzo Franceshi-Bicchierai has a follow-up to
his early report on VTECH:
Over the weekend, the hacker, who asked to remain anonymous, told me that VTech left other sensitive data exposed on its servers, including kids’ photos and chat logs between children and parents. This data is from the company’s Kid Connect, a service that allows parents using a smartphone app to chat with their kids using a VTech tablet. In online tutorials, the company encourages parents and kids to take headshots and use them in their apps.
Read more on Motherboard.
The VTech hack is getting a lot of mainstream
media attention, and understandably so, as it’s a cautionary tale.
But keep in mind that so far, it doesn’t sound like this hacker
has any intention of misusing the data. If s/he did, it would have
been put up for sale and not helpfully disclosed to Motherboard. It
sounds like the hacker wants to make a point about security. Yes,
it’s still a crime, and everyone – company and parents – need
to be more cautious going forward, but it’s not clear what the real
and imminent risk is from this particular hack.
Yet another follow-up. How can you manage what
you don't know exists?
OPM Just
Now Figured Out How Much Data It Owns
... According to its inspector general, at the
time of the breaches, OPM did not have a complete inventory of the
servers, databases, and network devices that it owns, maintains, and
operates. Not having the inventory “drastically diminishe[d] the
effectiveness of its security controls,” wrote Michael Esser, the
agency’s assistant inspector general for audits, in an
oversight report published this month.
“Failure to maintain an accurate IT inventory
undermines all attempts at securing OPM’s information systems,”
the report read.
… The high-profile data breaches have kept OPM
in the news, but it’s far from the only government agency that has
fallen short of basic IT standards.
A recent report compiled by the House Oversight
Committee graded
federal agencies on their implementation of a key federal IT law.
The majority of
agencies—including OPM—received a D grade. Three agencies
received an F: the Department of Education, the Department
of Energy, and NASA. No
agency received an A.
This week, my Computer Security students are
discussing encryption.
BlackBerry
Exits Pakistan Over Backdoor Request
The
Canadian smartphone maker revealed that the Pakistani government was
looking for means to monitor all BlackBerry Enterprise Service
traffic in the country. However, as BlackBerry refused to comply
with this demand, the government decided to prohibit BlackBerry’s
BES servers from operating in Pakistan starting in December.
Definitely one for my Computer Security students
to discuss.
Target
Website’s Near Cyber Monday Crash: In Ironic Twist, Customers
Forced To Wait On Line
The website for Target, one of the largest
retailers in the U.S., almost crashed on Cyber Monday, due to a huge
number of bargain hunters attempting to access the site
simultaneously. To manage the deluge, the store set up a queue
reminiscent of in-store Black Friday lines, in which Web customers
were required to wait behind others who were already shopping.
… By just midday, according to the company,
traffic on the site had already doubled that of the formerly most
busy day in Target website history.
Another article for my Computer Security students.
The attack
that broke the Dark Web—and how Tor plans to fix it
Backup. Backup. Backup.
British Man
Blames Apple For Erasing His iPhone’s Data, Wins $3,000 In Lawsuit
… it appears that at least one British man
didn’t use enough caution when he took his malfunctioning iPhone
in to be serviced at a local Apple
Store. Deric White claims the Apple
Geniuses never asked him if he had backed up his iPhone 5, and took
it upon themselves to reset the iPhone, wiping out all of its data in
the process, in order to solve his issues.
“It was only after staff fiddled around they
asked if I’d backed my things up,” said White, who was obviously
distraught over the fact that he lost 15 years worth of contacts and
countless photos with sentimental value.
… The judge said that Apple had acted
negligently in erasing the data from Mr. White’s phone while
performing a reset.
… If Mr. White had an iCloud account, he would
have been able to easily restore his data (including contact
information and photos). But in this case, he didn’t even setup an
iCloud account, stating that he “[didn’t] like the databank in
the sky.” Likewise, an iTunes backup would have made for an even
quicker way to restore his iPhone 5 to its previous state before he
visited the Apple Store. This method of backing up data also eluded
Mr. White.
The overreaction to 9/11 continues.
Revealed:
FBI can demand web history, phone location data without a warrant
The FBI can compel companies and individuals to
turn over vast sums of personal data without a warrant, it has been
revealed for the first time.
In a
case that's lasted more than a decade, a court
filing released Monday showed how the FBI used secret
interpretations to determine the scope of national security letters
(NSLs).
Nicholas Merrill, founder of internet provider
Calyx Internet Access, who brought the 11-year-old case to court
after his company was served a national security letter, won the case
earlier this year.
National security letters are almost always
bundled with a gag order, preventing Merrill from speaking freely
about the letter he received.
… In a statement on Monday, Merrill revealed
the FBI has used its authority to force companies and individuals to
turn over complete web browsing history; the IP addresses of everyone
a person has corresponded with; online purchase information, and also
cell-site location information, which he said can be used to turn a
person's phone into a "location tracking device."
According to
a release, the FBI can also force a company to release postal
addresses, email addresses, and "any other information which
[is] considered to be an electronic communication transactional
record."
Merrill said in remarks: "The FBI has
interpreted its NSL authority to encompass the websites we read, the
web searches we conduct, the people we contact, and the places we go.
This kind of data reveals the most intimate details of our lives,
including our political activities, religious affiliations, private
relationships, and even our private thoughts and beliefs."
… Merrill
is the first person who has succeeded in completely lifting a
national security letter gag order.
Yes, it's a big deal. Now all they need do is get
others to use the yuan.
China needs
more users for 'freely usable' yuan after IMF nod
The International
Monetary Fund's decision to add China's yuan to its reserves basket
is a triumph for Beijing, but the fund's verdict that the currency
met its "freely usable" test will have little financial
impact unless Beijing recruits more users.
The desire of Chinese
reformers to internationalize the currency has a clear economic
rationale; a yuan in wide circulation overseas would reduce China's
dependence on the dollar system and on policy set in Washington.
It would also make it
easier for Chinese firms to invoice and borrow offshore in yuan,
reducing the risk of exchange rate fluctuations and prompting China's
inefficient state-owned banks to improve their performance or lose
business.
Those concerned about a
potential global liquidity crisis caused by overdependence on the
United States might also welcome the yuan as an alternative to the
dollar, as would countries locked out of dollar capital markets by
sanctions.
Perspective.
ITU: 3.2B
People Now Online Globally, Mobile Broadband Overtakes Home Internet
Use
… according to International Telecommunication
Union, which today published its annual
global survey
Perspective. “Out, out damned driver! Out, I
say!” (If Lady MacBeth was a programmer)
The
High-Stakes Race to Rid the World of Human Drivers
Perspective. Remember, this is not an Internet
First company, like Amazon.
Walmart:
Nearly Half Of Orders Since Thanksgiving Placed On Mobile Device
… Mobile is making up more than 70 percent of
traffic to Walmart.com, and now, nearly half of our orders since
Thanksgiving have been placed on a mobile device - that's double
compared to last year."
Hummm.
Want to
Obtain FBI Records a Little Quicker? Try New eFOIA System
by Sabrina
I. Pacifici on Nov 30, 2015
“The
FBI recently began open beta testing of eFOIA, a system that puts
Freedom of Information Act (FOIA) requests into a
medium more familiar to an ever-increasing segment of the population.
This new system allows the public to make online FOIA requests for
FBI records and receive the results from a website where they have
immediate access to view and download the released information.
Previously, FOIA requests have only been made through regular mail,
fax, or e-mail, and all responsive material was sent to the requester
through regular mail either in paper or disc format. “The eFOIA
system,” says David Hardy, chief of the FBI’s Record/Information
Dissemination Section, “is for a new generation that’s not
paper-based.” Hardy also notes that the new process should
increase FBI efficiency and decrease administrative costs. The eFOIA
system continues in an open beta format to optimize the process for
requesters. The Bureau encourages requesters to try eFOIA and to
e-mail foipaquestions@ic.fbi.gov
with any questions or difficulties encountered while using it. In
several months, the FBI plans to move eFOIA into full production
mode.”
An article to leave on my wife's chair… Hint,
hint babe.
A New
Delivery Service Gives Beer Geeks Their Monthly Fix
… Customers reply to the daily e-mails if they
want the beers on offer, and Tavour stockpiles the orders for a
monthly delivery. Recent prices range from $2.50 to $20 a beer.
Regardless of how many it’s sending you, the company charges $15
shipping to any of the seven states it covers so far: Arizona,
California, Colorado, New
Mexico, Ohio, Oregon, and Washington.
Storage, for my Math students.
Storage
Enters the Age of Erasure Coding
Its appeals are obvious:
it's a data protection system that's more space efficient than
straight replication, and one which tolerates more faults and allows
you to recover lost data far more quickly than is possible with
traditional RAID
systems.
Here are just a few examples of storage offerings
that are getting serious about the technology: Intel and Cloudera
are developing erasure
coding in HDFS for release in Hadoop 3.0, and Nutanix
has begun showing off its own proprietary
erasure coding called EC-X in the current versions of its Nutanix
OS in preparation for its launch in NOS 5. Ceph,
the open source software storage platform, introduced erasure coding
last year with the Firefly
(v0.80) release, and erasure coding is at the heart of Cleversafe's
dispersed storage systems. (Earlier this month IBM
announced that it had acquired Cleversafe for an undisclosed
sum.)
Erasure coding works by splitting a file in to a
number of equally sized pieces, and then doing some fancy
mathematics [Not
so fancy… Bob] encoding to produce a larger number of
pieces. For example, you could start with a single file, split it in
to 6 pieces, and then do the encoding to produce 10 pieces.
What's clever about the encoding is that you would
only need 6 of the 10 encoded pieces to get back to the original file
– you can lose any four and without resulting in any data loss.
To get an idea of how EC works, let's look at a
very simple example where you split a file into 2 pieces, and then
encode those in to 4 encoded pieces.
So we start with a single file, split it into 2
pieces which we'll call P1 and P2, and then encode those into 4
encoded pieces EP1, EP2, EP3 and EP4
We are left with EP1 and EP3, and we know that EP1
is identical to P1, and EP3
is simply P1 +P2. So with a little mathematical equation
solving it is possible to get the original file back from just these
two encoded pieces.
That's the principal. In fact erasure coding is
more complex than that. A common form of erasure coding is called
Reed-Solomon
(RS) erasure coding, invented in 1960 at MIT Lincoln Laboratory by
Irving S. Reed and Gustave Solomon. It uses linear algebra
operations to generate extra encoded pieces, and can be configured in
different ways so that a file is split in to k pieces, and
then encoded to produce an extra m encoded pieces which are
effectively parity pieces.
My students will be writing Apps next Quarter.
Microsoft
takes wraps off PowerApps mobile-app creation service
… Microsoft's goal in developing PowerApps is
to allow business users to harness the power of data scattered
throughout their organizations in both software-as-a-service and
on-premises apps without having to know how to write a single line of
code.
May 'splain y my students don't right gud.
OMG! In
Text Messages, Punctuation Conveys Meaning
… A Binghamton University research team has
apparently identified one
such indicator: Whether or not you put a period at the end of a
reply.
In the journal Computers in Human Behavior,
researchers led by psychologist Celia
Klin report that college students perceive text messages that end
with a period to be less sincere than ones that do not.
No comments:
Post a Comment