Saturday, March 12, 2016

All you have to do is ask and all secrets will be revealed!
Another day, another successful phish compromising employee data.
Add Endologix to any list you’re compiling. You’ve probably already added Seagate, right? DataXu may also have been a victim of this type of attack; it’s not totally clear from their notification.
And did I remember to tell you about Information Innovators? Or that York Hospital might have been hit the same way (it’s hard to be sure from their notification)? And maybe Turner Construction? I’m pretty sure I already told you about Central Concrete, but at this point, my head is spinning from all the reports, so maybe I forgot.
And if your business has escaped so far, be sure to use this opportunity to warn all your employees about this type of attack.

My Computer Security class was trying to figure out how to steal a Billion yesterday. None of my students thought that detailed instructions and codes would be available online. We were convinced they had to have inside help.
Serajul Quadir reports:
Investigators suspect unknown hackers installed malware in the Bangladesh central bank’s computer systems and watched, probably for weeks, for how to go about withdrawing money from its U.S. account, two bank officials briefed on the matter said on Friday.
More than a month after hackers breached Bangladesh Bank’s systems and attempted to steal nearly $1 billion from its account at the Federal Reserve Bank of New York, cyber security experts are trying to find out how the hackers got in.
The hackers appeared to have stolen Bangladesh Bank’s credentials for the SWIFT messaging system, which banks around the world use for secure financial communication.
Read more on Reuters.

No doubt we will laugh at this later, and Apple will offer FBI Special Agents huge discounts on the next generation iPhone.
Apple Legal Chief Eviscerates ’Cheap Shot Brief’ As FBI Threatens To Demand iOS Source Code
The battle between Apple and the FBI over unlocking the iPhone 5c belonging to one of the San Bernardino mass shooters is getting nasty — really nasty. Although Apple and the U.S. Government are set to see each other in court on March 22nd, the two have been playing up their respective sides of the story to the public for weeks.
… But perhaps the most troubling part of the document [to Apple] is the government’s statements that it could simply force Apple to hand over its source code if it doesn’t comply with the unlocking demands. “The FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature.
“The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.”
… "It seems like disagreeing with the Department of Justice means you must be evil and anti-American." said Sewell during a conference call with reporters yesterday afternoon. “The tone of the brief reads like an indictment. We’ve all heard director Comey and Attorney General Lynch thank Apple for its consistent help in working with law enforcement. Director Comey’s own statement… that there are no demons here? We certainly wouldn’t conclude it from this brief.

(Related) The Bully Pulpit should not be used to spread Bull@#$%! Just saying.
Michael D. Shear reports:
President Obama said Friday that law enforcement must be legally able to collect information from smartphones and other electronic devices, making clear, despite divisions in his administration, that he opposes the stance on encryption taken by technology companies like Apple.
Speaking to an audience of about 2,100 technology executives and enthusiasts at the South by Southwest festival here, Mr. Obama delivered his most extensive declarations on an issue that has split the technology community and pitted law enforcement against other national security departments. Mr. Obama declined to comment specifically on the efforts by the F.B.I. to require Apple’s help in gaining data from an iPhone used by one of the terrorists in the December attack in San Bernardino, Calif.
But the president said that America had already accepted that law enforcement can “rifle through your underwear” in searches for those suspected of preying on children, and he said there was no reason that a person’s digital information should be treated differently.
Well, he just lost my vote. Oh, wait…
Read more on the New York Times.
[From the article:
“If, technologically, it is possible to make an impenetrable device or system, where the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?” Mr. Obama said. “How do we disrupt a terrorist plot?” [Perhaps the President is deliberately forgetting that we found Osama bin Laden without even seeing his messages, let alone breaking encryption. Bob]

(Related) Here is a company that says they CAN do it. Why doesn't the FBI ever ask them?
Microsoft: We Store Disk Encryption Keys, But We’ve Never Given Them to Cops

(Related) Wharton talks about Apple v FBI. No conclusions.
Apple vs. the FBI: What It Means for Privacy and Security
The subject of corporate constitutional rights is of great interest to professors Eric Orts and Amy Sepinwall from Wharton’s legal studies and business ethics department. Perhaps presciently, they recently penned the article, “Privacy and Organizational Persons,” in the Minnesota Law Review that foreshadowed this debate.

This is not a bad idea (giving credit where due) A better idea would be to publish the code and pay a bounty to anyone who identifies a bug.
Leveraging American Ingenuity through Reusable and Open Source Software
Today, we’re releasing for public comment a draft policy to support improved access to custom software code developed for the Federal Government.
… And if you want to see how these projects are doing, the General Services Administration’s government analytics platform—which gives users a peek into how people are interacting with the government online—released its code to the public, which has already been used by local governments.

Old technologies are scrambling to learn how new technologies can keep them in business.
Here's why GM is buying an autonomous driving software firm
General Motors announced Friday that it's acquiring Cruise Automation for Cruise's deep software talent and rapid development capability -- a move designed to further accelerate GM's development of autonomous vehicle technology.
Over the past two months, GM has entered into a $500 million alliance with ride-sharing company Lyft; formed Maven – its personal mobility brand for car-sharing fleets in many U.S. cities – and established a separate unit for autonomous vehicle development.
"This acquisition announcement clearly shows that GM is serious about developing the technology and controlling its own path to self-driving and driverless vehicles," said Egil Juliussen, research director for IHS Automotive.

Ford Creates New Business Unit Chaired by Ex-Steelcase CEO
Ford is creating a new unit tasked with investing in and building out the automaker’s transportation services, a business segment that includes car-sharing and ride-hailing.
The private subsidiary, called Ford Smart Mobility, will be based in Palo Alto, Calif. with offices in Dearborn, Mich., and will be chaired by Jim Hackett, former chief exec at Mich.-based office furniture company Steelcase, the company said.

So, all I have to do is link Amazon to my bank account? What could possibly go wrong?
Capital One to let users pay bills via Amazon’s Echo
Capital One has teamed with Amazon to let owners of Amazon’s Echo smart speaker system pay their bills and get other account information through voice commands.
Amazon’s Echo speakers use a voice-command service called Alexa to help users perform various tasks, such as turning on smart lights, playing music or setting a kitchen timer. The number of so-called “skills” Alexa can perform has been growing since the Echo became widely available last year and now numbers more than 100.
The Capital One service will be the first time a credit-card company has been involved, however. Capital One will let users check their credit card balance, review recent transactions, pay their credit card bill and perform other tasks simply by talking to the device.
Users can sign up for the service via the Amazon Echo setup app. There they can set up a checking account link if they want to pay their credit card balance via the Echo.

Because governments throw money at anything that promises to educate children?
Amazon eyes up education, plans a free platform for learning materials
Back in 2013, Amazon acquired (and continued to operate) online math instruction company TenMarks to gain a foothold in the online education space. Now it looks like Amazon is taking those learnings to the next level. The e-commerce giant plans to launch a free platform for schools and other educators to upload, manage and share educational materials. Signs indicate that the platform will be based around open educational resources (OER) and will come with a ratings system and interface that will resemble the commercial many of us already know and use.
Earlier this month, Amazon Education quietly opened an “Amazon Education Wait List,” where educators could sign up to get an alert for when a new, free platform opens for business.
… The development comes at an interesting time, with companies like Apple and Google also sizing up how their own platforms and hardware can play a bigger role in education services (and where they might not). Amazon has made a point of noting that its OER platform will be free and unlimited, but it comes amid a wider education play that is more revenue focused.
… Whether this is free or not, the wider e-learning market is massive, and something that Amazon, a bookseller at its heart that already has students and teachers as customers, cannot ignore. One researcher estimates that by 2022, it will be worth $244 billion globally, up from $165 billion in 2014.

Another week closer to being educated.
Hack Education Weekly News
… The state of California is weighing outlawing classes that “without educational content.”
Via the San Jose Mercury News: “Responding to overwhelming public protest, a federal judge has backtracked on the potential release of records for 10 million California students – and decided that they won’t be provided to attorneys in a special-education lawsuit.”
… “Universities Are Becoming Billion-Dollar Hedge Funds With Schools Attached,” writes Astra Taylor in The Nation.
… McGraw-Hill issued a press release, touting that “in 2015 unit sales of digital platforms and programs exceeded those of print in its U.S. Higher Education Group for the first time.”
… Elsewhere in e-book-related news: “B&N Ed Retires Its Digital Textbook Platform, Replaces It With VitalSource.” And a nice reminder, as the NOOK pulls out of the UK, meaning customers might lose access to the digital materials they’ve purchased: “You Don’t Own Your Ebooks.”
… Volley has raised $2.3 million in seed funding from Zuckerberg Education Ventures and Reach Capital. Via Techcrunch: “‘This is so fast it feels like cheating’ students tell Volley. The education startup’s app lets students point their phone’s camera at a textbook page or piece of homework, and instantly see resources about key facts and tricky parts, prerequisites, and links to snippets of online classes or study guides that could help.” The startup plans to build “learning algorithms,” according to Edsurge.

No comments: