This may have happened in earlier Presidential
election years, but back then they probably used 3X5 cards and quill
pens. (Read the whole thing!)
First
someone left our voter registration details exposed to the world, but
those were “just public records,” some argued. Now a second
misconfigured database has been uncovered by Chris Vickery. This
one, however, not only includes some states’ voter lists, but it
also includes 19 million profiles with private information on
religion, household values, gun ownership and more. Are you outraged
now?
So Much for a Quiet Christmas
Five days after finding a misconfigured database
with 191
million voters’ records, and only hours after he woke
up the owner of Three Lock Box in the middle of the night to ask
him why their database still wasn’t secured, Chris Vickery
emailed DataBreaches.net and Salted Hash. He had found yet another
misconfigured database with voters’ information. It was 7:30 am on
Christmas morning.
Oh, the horror! Is nothing sacred? (Thanks for
the list of sites!)
Payal Patak reports a malvertising attack on
hundreds of porn sites left millions of people’s devices infected,
beginning in November. In this case, the ads were hosted and served
by AdExpansion, an adult ad network:
US-based security firm Malwarebytes detected popular websites such as xHamster, RedTube, PornHub and the likes to have been seriously attacked, which caused their data being compromised. These websites are moderately popular and attract several million visitors each day.
Other porn-sites recordely hit by malware were DrTuber, Nuvid, Eroprofile, IcePorn and Xbabe.
Read more on Korea
Portal.
Malwarebytes had reported
the problem at the beginning of December. AdExpansion had
confirmed it, noting that although they had disabled the ads within
hours of notification, they had been unable to prevent the
malvertiser from creating new accounts.
So malvertising on porn sites and ElSurveillance
hacking escort services and porn sites. And Ashley Madison data
getting dumped.
How safe do you feel engaging in online pursuits
of these kinds? By now, you should be prepared that any account you
use may wind up compromised and that you may wind up exposed.
Surely someone can make a more thoughtful
argument?
Congressman Mike Pompeo and constitutional lawyer
David B. Rivkin, Jr., have an OpEd in the Wall
Street Journal today. Let me cut to their point:
Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database. Legal and bureaucratic impediments to surveillance should be removed. That includes Presidential Policy Directive-28, which bestows privacy rights on foreigners and imposes burdensome requirements to justify data collection.
I’m kind of wishing that was The Onion and not
the WSJ.
[From
the OpEd:
… Forcing terrorists into encrypted channels,
however, impedes their operational effectiveness by constraining
the amount of data they can send [Absolute
nonsense. Bob] and complicating transmission protocols, a
phenomenon known in military parlance as virtual attrition.
Moreover, the use of strong
encryption in personal communications may itself be a red flag.
Still, the U.S. must recognize that encryption
is bringing the golden age of technology-driven surveillance to a
close, which necessitates robust human intelligence
For my Computer Security and Forensics students.
The Rise
and Fall of Silk Road
by Sabrina
I. Pacifici on Jan 3, 2016
Via Wired – “In October 2013, a young
entrepreneur named Ross Ulbricht was arrested at the Glen Park branch
of the San Francisco Public library. It was the culmination of a
two-year investigation into a vast online drug market called Silk
Road. The authorities charged that Ulbricht, an idealistic
29-year-old Eagle Scout from Austin, Texas, was the kingpin of the
operation. They said he’d reaped millions from the site, all
transacted anonymously with Bitcoin. They said he’d devolved into
a cold-blooded criminal, hiring hit men to take out those who crossed
him. The story of how Ulbricht founded Silk Road, how it grew into a
$1.2 billion operation, and how federal law enforcement shut it down
is complicated, dark, and utterly fascinating. This two-part series
tells that story.”
Once you get on Putin's Enemies List, you can
expect continuous harassment.
BlackEnergy
Malware Used in Ukraine Power Grid Attacks
The
BlackEnergy malware has been around since at least 2007 and it has
been used in numerous targeted attacks, including ones aimed at
Ukrainian government
organizations and critical
infrastructure companies in the United States.
Security
firm ESET has been monitoring attacks involving the threat and
recently discovered that the Trojan had been used to target news
media and electrical power companies in Ukraine.
The
news comes just days after Ukraine’s security service, the SBU,
accused
Russian special services of planting malware on the networks of
several regional power companies. The agency also said attackers
flooded the targeted firms’ technical support phone lines.
Will disparaging terms keep people from joining?
Could this be done to ISIS recruiters?
People are
mocking the Oregon 'militia' on social media by calling them
'YallQaeda' and 'VanillaISIS'
A tense
standoff at an Oregon wildlife center led by armed, primarily
white, antigovernment protesters captivated social media on Sunday as
users alternately debated their motives and ridiculed them.
… While #YallQaeda has been used
intermittently since at least 2011 to refer to various right-wing,
Tea Party, or other antigovernment groups, it caught fire with users
commenting on the Oregon standoff. It is currently trending with
over 35,000 tweets so far.
After that, the terrorism-related puns really took
off. The next biggest was #VanillaISIS, which some users have been
using over the last month to refer to Donald Trump and his
supporters, following "Daily Show" host Trevor Noah's
dubbing of Trump as "White ISIS" or "WHISIS."
Perspective. The year of the bear?
China
Stocks: Trading Halted for the Day as Circuit Breaker Kicks In
Asian markets tumbled on the first day of trading
in 2016, with declines so steep in China that authorities halted all
mainland trading before the end of the day.
Analysts cited a number of reasons for the
selling, including China’s disappointing
manufacturing data, reported earlier Monday, and the coming
removal of a ban
on major shareholders from selling stakes, put in place during
the summer stock crash.
The Shanghai Composite Index fell 6.9%, its
biggest decline on record for the first trading day of the year,
before trading was halted. The smaller Shenzhen Composite fell 8.2%.
Perspective. The year the auto industry died and
was reborn as “Transportation As A Service”
… General Motors, which announced late last
year that it expects to have a fleet of autonomous Chevy Volts on the
road by the end of 2016, has invested $500 million in Lyft as part of
a $1 billion round of funding at a $5.5 billion post-money valuation.
As part of that investment, GM is partnering with Lyft to provide a
fleet of on-demand autonomous vehicles that can be hailed exclusively
on the Lyft platform.
The very definition of “over sharing.”
New on LLRX
– Deep Web Research and Discovery Resources 2016
by Sabrina
I. Pacifici on Jan 3, 2016
Via LLRX.com
– Deep
Web Research and Discovery Resources 2016 – Marcus
Zillman has a longstanding and comprehensive expertise pertaining
to the Deep Web. The Deep Web or Dark Web covers trillions of pages
of information held in dynamically generated repositories throughout
the global web that remain inaccessible through popular applications
and search engines. Searching for this information using deeper
search techniques and the latest algorithms allows researchers to
obtain a vast amount of information that was previously unavailable
or inaccessible, in fields that include the sciences and maths,
corporate and financial data, and data only surfaced using file
sharing applications. Zillman’s new guide documents a wide range
of sources to improve your research results, including articles and
paper, cross database search services and tools, peer to peer and
file sharing engines, and semantic web resources.
Always looking for sources to add to my RSS feed.
Don’t
Like Podcasts? Read 17 Alternatives to the Most Popular Shows
For my students. (Also editorial cartoons)
How to Read
Newspaper Comics Online Now for Free
… Once you’ve had your fill of reading
comics, find out how
you can make your own comic strips.
No comments:
Post a Comment