Arun Devnath and Michael Riley report:
Investigators examining the theft
of $104 million from Bangladesh’s central bank have uncovered evidence of three
hacking groups — including two nation states — inside the bank’s network but
say it was the third, unidentified group that pulled off the heist, according
to two people briefed on the progress of the bank’s internal investigation.
FireEye Inc., the company hired by
the bank to conduct the forensics investigation, identified digital
fingerprints of hacking groups from Pakistan
and North Korea, the two people said. It hasn’t found enough data to determine
whether the third group, the actual culprit, was a criminal network or the
agent of another nation.
Read more on Bloomberg.
So all these hackers were in there and the Bank never
detected any of them?
Somehow, I doubt this will happen. Everything we want would be an aid to
terrorists. Only the FBI can secure the
country.
Mozilla wants U.S. to disclose to it first any vulnerability
found in Tor
Mozilla has asked a court that it should be provided
information on a vulnerability in the Tor browser ahead of it being provided to
a defendant in a lawsuit, as the browser is based in part on Firefox browser
code.
Mozilla is asking the U.S. District Court for the Western
District of Washington, in the interest of Firefox users, to ensure that the government disclose the vulnerability to it
before it is revealed to any other party. The rationale behind the request, according to
Mozilla: Any disclosure without advance notice to Mozilla will increase the
likelihood that the exploit will become public before Mozilla can fix any
associated vulnerability in Firefox.
… The government
has so far refused to tell Mozilla whether the vulnerability at issue in the
case involves a Mozilla product. But
Mozilla said in the filing that it has reason to believe that the exploit used
by the government “is an active vulnerability in its Firefox code base that
could be used to compromise users and systems running the browser.”
The government has also refused to tell Mozilla if the
exploit went through the Vulnerabilities Equities Process (“VEP”), which is a
government process for deciding whether to share or not information on security
vulnerabilities, according to Mozilla.
If Mozilla is not allowed to intervene in the case to
protect its interests, the court should certainly allow Mozilla to appear as a
friend of the court or amicus curiae, according to the filing.
If GPS points to your front door…
Christin McMeley and John D. Seiver of Davis Wright
Tremaine write:
On April 29, 2016, the U.S. Court
of Appeals for the First Circuit handed down its widely anticipated opinion
in Yershov v. Gannett Satellite Information Network, Inc.,
in which it expanded the reach of the Video Privacy Protection Act(“VPPA” or “Act”) by endorsing
a considerably expanded view of how the statute applies in the digital media
context. In its decision, the
court held that
(1) “personally identifiable
information” (“PII”) includes
the GPS coordinates of a device; and
(2) a user of a mobile
application – even one who does not pay or
otherwise register to use the app – qualifies as a “consumer”
entitled to the protections of the Act.
Although the information Gannett
transferred to a third party also included unique device identifiers (i.e.,
an Android ID), the court noted that its holding “need not be quite as broad as
[its] reasoning suggests,” leaving unanswered the question of whether device
identifiers alone would constitute PII.
With this condition set out in
the holding, the decision may not be as far out of step with a slew of prior
federal district court decisions holding that a consumer’s personal data, when
disclosed, must identify a particular individual, without more,
to qualify as PII. The court found that GPS coordinates are more like a traditional street
address than numeric device IDs such that their disclosure
“effectively reveal[ed] the name of the video viewer.”
Read more on Davis
Wright Tremaine.
“It’s no big deal until it is.” I don’t know who said that, but they were
correct.
Josh Kerns reports:
State workers are raising deep
concern after learning a prominent anti-union group is seeking their personal
information, including their birth dates, worrying it could lead to widespread privacy
violations and identity theft.
Complaints began pouring into
various unions representing state workers over the last month after the
Olympia-based Freedom Foundation filed public records requests for information
about thousands of workers.
Read more on MyNorthwest.com.
[From the
article:
State law says specifically that birth dates of state
workers are disclosable and not exempt from privacy statutes.
For my Computer Security students: See, your tuition was
well spent!
High-demand cybersecurity skill sets
… According to a
survey of 299 IT and cybersecurity professionals:
·
33% of organizations say they have a shortage of
cloud security specialists.
·
28% of organizations say they have a shortage of
network security specialists
·
27% of organizations say they have a shortage of
security analysts
·
26% of organizations say they have a shortage of
data security specialists.
For the Computer Security club hacking team.
Facebook Open Sources CTF Platform
Facebook announced today that the source code of its capture the flag
(CTF) platform has been made available on GitHub.
The social media giant says its goal is to help those who
want to learn about hacking and allow them to put their skills to the test. The company wants to make security education
more accessible to schools, students and non-profit organizations. The platform has been released under a
Creative Commons license for use by non-commercial entities for educational
purposes.
Facebook’s CTF platform includes everything one needs to
run a hacking competition, including a game map, team registration and a
scoring system. Some challenges can also
be provided upon request, including for reverse engineering, web application
security, forensics, binary exploitation, and cryptography. Users can also utilize the Facebook CTF
platform to build custom challenges.
For my Architecture students. I learned this, many moons ago, as “disintermediation.”
What Platforms Do Differently than Traditional Businesses
One of the oldest business models in the world is using
new technology to trample traditional businesses, drive innovation, and create
new and immense sources of value. Matchmakers, the subject of our new book, make it easy for two or more
groups of customers, like drivers and riders in the case of Uber, to get
together and do business. They operate
platforms that make it easy and efficient for participants to connect and
exchange value.
Someone might find a use for this.
LitCharts Offers Guides to Popular & Classic Literature
LitCharts
is a relatively new service that provides teachers and students with guides and
summaries of classic and popular literature. The service currently offers more than 300
titles.
LitCharts
guides can be viewed online or you can download the guides as PDFs. To download a PDF you do have to enter your
email address. The online version of the
guides available on LitCharts feature background information on a book's
author, a color-coded list of themes in the book, a plot summary, a character
list and summary, and an interactive chart board of themes in the book.
The interactive chart boards on LitCharts offer a way to
explore the entire guide from one place. The chart board is a wheel of chapters of a
book. The wheel is color-coded with
themes from the book. When you click on
a chapter and color in the chart board you will be shown a short summary of
that section of the book followed by a link to read more. Color-coding makes it fairly easy to follow a
theme through the book.
Makes me want to geek.
How to Set the ISS’s Earth Live Feed as Your Screensaver
No comments:
Post a Comment