Thursday, May 12, 2016

Update:  Not sure where the $104 million figure comes from.  The article says $81 million which is what has been reported elsewhere.
Arun Devnath and Michael Riley report:
Investigators examining the theft of $104 million from Bangladesh’s central bank have uncovered evidence of three hacking groups — including two nation states — inside the bank’s network but say it was the third, unidentified group that pulled off the heist, according to two people briefed on the progress of the bank’s internal investigation.
FireEye Inc., the company hired by the bank to conduct the forensics investigation, identified digital fingerprints of hacking groups from Pakistan and North Korea, the two people said.  It hasn’t found enough data to determine whether the third group, the actual culprit, was a criminal network or the agent of another nation.
Read more on Bloomberg.
So all these hackers were in there and the Bank never detected any of them? 

Somehow, I doubt this will happen.  Everything we want would be an aid to terrorists.  Only the FBI can secure the country.
Mozilla wants U.S. to disclose to it first any vulnerability found in Tor
Mozilla has asked a court that it should be provided information on a vulnerability in the Tor browser ahead of it being provided to a defendant in a lawsuit, as the browser is based in part on Firefox browser code.

“At this point, no one (including us) outside the government knows what vulnerability was exploited and whether it resides in any of our code base,” wrote Denelle Dixon-Thayer, chief legal and business officer at Mozilla, in a blog post Wednesday.
Mozilla is asking the U.S. District Court for the Western District of Washington, in the interest of Firefox users, to ensure that the government disclose the vulnerability to it before it is revealed to any other party.  The rationale behind the request, according to Mozilla: Any disclosure without advance notice to Mozilla will increase the likelihood that the exploit will become public before Mozilla can fix any associated vulnerability in Firefox.
   The government has so far refused to tell Mozilla whether the vulnerability at issue in the case involves a Mozilla product.  But Mozilla said in the filing that it has reason to believe that the exploit used by the government “is an active vulnerability in its Firefox code base that could be used to compromise users and systems running the browser.”
The government has also refused to tell Mozilla if the exploit went through the Vulnerabilities Equities Process (“VEP”), which is a government process for deciding whether to share or not information on security vulnerabilities, according to Mozilla.
If Mozilla is not allowed to intervene in the case to protect its interests, the court should certainly allow Mozilla to appear as a friend of the court or amicus curiae, according to the filing.

If GPS points to your front door…
Christin McMeley and John D. Seiver of Davis Wright Tremaine write:
On April 29, 2016, the U.S. Court of Appeals for the First Circuit handed down its widely anticipated opinion in Yershov v. Gannett Satellite Information Network, Inc., in which it expanded the reach of the Video Privacy Protection Act(“VPPA” or “Act”) by endorsing a considerably expanded view of how the statute applies in the digital media context.   In its decision, the court held that
(1) “personally identifiable information” (“PII”) includes the GPS coordinates of a device; and
(2) a user of a mobile application – even one who does not pay or otherwise register to use the app – qualifies as a “consumer” entitled to the protections of the Act.
Although the information Gannett transferred to a third party also included unique device identifiers (i.e., an Android ID), the court noted that its holding “need not be quite as broad as [its] reasoning suggests,” leaving unanswered the question of whether device identifiers alone would constitute PII.
With this condition set out in the holding, the decision may not be as far out of step with a slew of prior federal district court decisions holding that a consumer’s personal data, when disclosed, must identify a particular individual, without more, to qualify as PII.  The court found that GPS coordinates are more like a traditional street address than numeric device IDs such that their disclosure “effectively reveal[ed] the name of the video viewer.”
Read more on Davis Wright Tremaine.

“It’s no big deal until it is.”  I don’t know who said that, but they were correct.
Josh Kerns reports:
State workers are raising deep concern after learning a prominent anti-union group is seeking their personal information, including their birth dates, worrying it could lead to widespread privacy violations and identity theft.
Complaints began pouring into various unions representing state workers over the last month after the Olympia-based Freedom Foundation filed public records requests for information about thousands of workers.
[From the article: 
State law says specifically that birth dates of state workers are disclosable and not exempt from privacy statutes.

For my Computer Security students: See, your tuition was well spent!
High-demand cybersecurity skill sets
   According to a survey of 299 IT and cybersecurity professionals:
·         33% of organizations say they have a shortage of cloud security specialists.
·         28% of organizations say they have a shortage of network security specialists
·         27% of organizations say they have a shortage of security analysts
·         26% of organizations say they have a shortage of data security specialists. 

For the Computer Security club hacking team.
Facebook Open Sources CTF Platform
Facebook announced today that the source code of its capture the flag (CTF) platform has been made available on GitHub.
The social media giant says its goal is to help those who want to learn about hacking and allow them to put their skills to the test.  The company wants to make security education more accessible to schools, students and non-profit organizations.  The platform has been released under a Creative Commons license for use by non-commercial entities for educational purposes.
Facebook’s CTF platform includes everything one needs to run a hacking competition, including a game map, team registration and a scoring system.  Some challenges can also be provided upon request, including for reverse engineering, web application security, forensics, binary exploitation, and cryptography.  Users can also utilize the Facebook CTF platform to build custom challenges.

For my Architecture students.  I learned this, many moons ago, as “disintermediation.”
What Platforms Do Differently than Traditional Businesses
One of the oldest business models in the world is using new technology to trample traditional businesses, drive innovation, and create new and immense sources of value.  Matchmakers, the subject of our new book, make it easy for two or more groups of customers, like drivers and riders in the case of Uber, to get together and do business.  They operate platforms that make it easy and efficient for participants to connect and exchange value.

Someone might find a use for this.
LitCharts Offers Guides to Popular & Classic Literature
LitCharts is a relatively new service that provides teachers and students with guides and summaries of classic and popular literature.  The service currently offers more than 300 titles.
LitCharts guides can be viewed online or you can download the guides as PDFs.  To download a PDF you do have to enter your email address.  The online version of the guides available on LitCharts feature background information on a book's author, a color-coded list of themes in the book, a plot summary, a character list and summary, and an interactive chart board of themes in the book.
The interactive chart boards on LitCharts offer a way to explore the entire guide from one place.  The chart board is a wheel of chapters of a book.  The wheel is color-coded with themes from the book.  When you click on a chapter and color in the chart board you will be shown a short summary of that section of the book followed by a link to read more.  Color-coding makes it fairly easy to follow a theme through the book.

Makes me want to geek.
How to Set the ISS’s Earth Live Feed as Your Screensaver

No comments: