Wednesday, June 15, 2016

Interesting (if slightly misleading) headline.  Should we be sharing this information with foreign governments?  Didn’t President Obama tell Asian leaders that, “Yes Trump is crazy, but he is unlikely to be elected?”
A Watergate Break-In For the 21st Century
Two groups of hackers sponsored by the Russian government broke into the computer systems of the Democratic National Committee and accessed emails, chat logs, and a trove of detailed opposition research on Donald Trump assembled by the party’s researchers.
The hackers were removed from the system over the weekend, officials told The Washington Post, but not before they were able to comb through staff members’ day-to-day communications and their research on the presumptive Republican nominee.
One hacking group entered the system last year, and been monitoring DNC communications since then, the Post’s Ellen Nakashima reported.  This April, the other group gained access to the Trump files.

Yep, a record year for sure. and all of their domains were hacked in February of 2016.  LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data.
This data set contains nearly 45 million records from over 1100 websites and communities.  Some of the larger domains include and  Each record may contain an email address, a username, an IP address, one password and in some cases a second password.  We added this data set to LeakedSource on April 27th 2016 but only analyzed it now.
Given the massive scale of this breach, it is also likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale.  ZDNET reporter Zack Whittaker contacted VerticalScope on our behalf and they confirmed the breach in addition to our verification from May.
Passwords were stored in various encryption methods but less than 10% of the domains which account for a very small amount of leaked records used difficult to break encryption (less than a couple million).  Most of the records (over 40 million) were just MD5 with salting and this is insufficient.

For my Computer Security students.  Remember this when it comes time to ask for a bigger budget.
Cost of a data breach: $4M: Benefits of responding quickly: Priceless.
The bad news is that data breaches are becoming ever more common.  The worse news is that the cost they represent for companies is going through the roof.
Those are two conclusions from a study released Wednesday by IBM Security and the Ponemon Institute, which found that the average cost of a data breach has grown to $4 million.  That's a hefty jump compared with last year's $3.79 million, and it represents an increase of almost 30 percent since 2013.

"Data breaches are now a consistent 'cost of doing business' in the cybercrime era," said Larry Ponemon, chairman and founder of the Ponemon Institute, a research firm focused on security.  "The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”
The annual Cost of a Data Breach study examines both direct and indirect costs to companies in dealing with a single data breach incident.
   This year's data uncovered a 64 percent increase in reported security incidents between 2014 and 2015.  Meanwhile, the study found that companies now lose some $158 per compromised record.  In highly regulated industries like healthcare, the damage is even worse, reaching $355 per record.

(Related)  Another “must do” for Security managers?
CISOs Risk Getting Fired Over Poor Reporting
Board members are paying attention to the cyber risk information reported to them and many say that cybersecurity executives could lose their jobs if they fail to provide useful, actionable information, a recent survey from Bay Dynamics reveals.
According to the study, 89% of board members surveyed said they are very involved in making cyber risk decisions, while 74% of them said the cyber risk information is provided to them weekly.  However, they also say that IT and security executives should be held accountable for presenting quality reports, with 59% of respondents saying security executives will lose their jobs as a result of failing to provide useful, actionable information.
   Dubbed “How Boards of Directors Really Feel about Cyber Security Reports,” the study (PDF) complements a February report from Bay Dynamics, titled “Reporting to the Board: Where CISOs and the Board are Missing the Mark” and meant to discover how IT and security executives feel about their information reports presented to the board.

IoT Devices Not Properly Secured on Enterprise Networks: Survey
According to the research, nearly three quarters of enterprises either don’t have efficient protection methods for their IoT devices, or are not aware of what is being used.  At the other end, only 19% of organizations have a specialized agent that monitors the network, while 7% say they use a different approach to securing IoT devices, the report says.
   Produced by Webtorials and sponsored by ForeScout, the new research shows not only that many organizations lack the proper security policies for IoT devices in their networks, but also that a large number of professionals working within these organizations lack the necessary awareness regarding these devices.

(Related)  Automating attacks is cheap.
Massive DDoS attacks reach record levels as botnets make them cheaper to launch
There were 19 distributed denial-of-service (DDoS) attacks that exceeded 100 Gbps during the first three months of the year, almost four times more than in the previous quarter.

For my IT Architecture class.
How Wells Fargo is Reaching the Digital Customer
Banks today are seeing their businesses disrupted by fintech – startups offering mobile payments, loans, virtual currencies and the like.  To compete with digital startups and meet the heightened expectations of customers who want 24/7 access, engagement and security, Wells Fargo is actively bridging the gap between its cyber and physical operations.  Jamie Moldafsky, the bank’s chief marketing officer, spoke about the company’s digital efforts on the Knowledge@Wharton show on Wharton Business Radio, which aired on SiriusXM channel 111.
She said the bank is changing to meet the needs of the digital customer, such as rethinking its marketing approach from straight-out selling to customer engagement.  Wells Fargo also is interested in using biometrics tools like retina scanning to boost the security of customer information.
An edited transcript of the conversation appears below.

What Marketers Need to Know About Chat Apps
The rise of social media changed marketing. Now, before some marketers have even fully adapted to that world, the social web is transforming again.  The rise of private social networks and messaging apps will challenge the strategies that marketers developed for public social networks.
If your company is still trying to figure out how to make the most of Facebook and Twitter, consider:
·         WhatsApp has rapidly become the biggest messaging service in the world with more than a billion users.
·         Snapchat is a juggernaut with the 18-24 age group, now earning more daily check-ins than Facebook.  The company founder insists it is “not a social network.”
·         Facebook is the social network for most of the world, yet their major investment is in the development of private Facebook Messenger, including bots that would help companies scale “human” interaction through the service.  More than 900 million people use Messenger now.  Other private messaging services like Viber and Kik have attracted millions of users.
·         Of the Fortune 100 companies, 77 use Slack.  The average Slack user keeps the app running 10 hours a day, and is actively using it for over 2 hours a day.
·         Instagram started private DM in 2014 that focuses on the sharing of content with up to 15 people in a threaded approach.
·         Twitter has experimented with Snapchat-style doodles and photo editing and in 2015 expanded the character limit via private direct messaging.

I would have expected the opposite when Democrats rule.  Where have they spent their fury?
Government Regulatory Prosecutions Fall to Record Low
by Sabrina I. Pacifici on
“The latest case-by-case data from the Justice Department show that in April 2016 there were 76 new prosecutions for government regulatory matters.  This is the lowest count in this program category for a single month since October 1998, the start of TRAC’s monthly time series.  Government regulatory prosecutions have fallen 17 percent from the same period in the previous year, and are down 30.5 percent from levels reported five years ago in 2011.  The data were collected from federal prosecutors by the Executive Office for United States Attorneys and obtained by the Transactional Records Access Clearinghouse under the Freedom of Information Act.  For more details, including a timeline of prosecutions and top district rankings, see the report at:

Think this will be enough?  Now we go after those content sources that don’t count against you “data limits?”  
‘Net neutrality’ rules for fair internet access win in court
A federal appeals court on Tuesday upheld the government’s “net neutrality” rules, preserving regulations that force internet providers such as Comcast and AT&T to treat all online traffic — everything from Netflix and cat videos to games and downloads — equally.
The 2-1 ruling is a sweeping victory for the Obama administration and the consumer groups and internet companies that have pushed net neutrality for years.  The Federal Communications Commission’s rules block internet service providers from favoring their own services and disadvantaging others; blocking other sites and apps; and creating “fast lanes” for video and other data services that pay for the privilege.
   That sets the stage for what Ammori and several analysts see as the next big battle.  That will likely involve “zero rating” — the practice of exempting preferred video services from customer data caps.
Comcast, for example, lets you can watch video at home with its Stream service with no danger of bumping against your data cap (if you have one).  T-Mobile’s Binge On program lets you watch any video you want from Netflix and many other providers without counting it as data use.

Just because it amuses me.
55 Awesome Facts You Never Knew About Google

Something my students should play with.
Chef’s new Habitat project wants to make applications infrastructure-independent
Chef today launched Habitat, a new open source project that allows developers to package their applications and run them on a wide variety of infrastructures.
Habitat essentially wraps applications into their own lightweight runtime environments and then allows you to run them in any environment, ranging from bare metal servers to virtual machines, Docker containers (and their respective container management services), and PaaS systems like Cloud Foundry.
   If you’re interested in giving Habitat a try, Chef offers a set of tutorials, as well as an interactive demo.

Free online university?  Is it worth the cost?
Go Beyond the Basics of Big Data Analytics With Upskill U
Today at 1 p.m. ET, Sachin Katti, Assistant Professor of Electrical Engineering and Computer Science at Stanford University , will kick off a new learning module at Upskill U on Big Data Analytics.  In Analytics & Virtualization 101, Katti will examine the fundamental questions as to the role of big data and advanced analytics and explain what service providers need to be doing as they prepare for virtualized networks.  Future courses in this series will deep-dive into big data analytics through the lens of security, customer experience management and IoT.

I’ve always wanted my students to write their own textbook.  On the other hand, there could be an opportunity here for a rating system linked to the open source texts. 
College courses without textbooks? These schools are giving it a shot.
A community college reform group has selected a handful of schools in Virginia and Maryland to develop degree programs using open-source materials in place of textbooks
   Achieving the Dream, an education advocacy groups based in Silver Spring, Md., aims to change that by offering $9.8 million in grants to support the development of open-source degree programs at 38 colleges in 13 states.
   Officials at Achieving the Dream say there are enough open-source materials to replace textbooks in all required courses for degrees in business administration, general education, computer science and social science.
   One of the largest providers of open-source materials is OpenStax College, a nonprofit tied to Rice University in Houston.

No comments: