Monday, July 25, 2016
Like my students, someone does not like to read?
Library of Congress fights off massive cyberattack
In a blog post, Bernard Barton, the Library’s Chief Information Officer, explained that the denial of service attack began on Sunday morning and disrupted a number of services and websites, including Congress.gov, the U.S. Copyright Office and the BARD (Braille and Audio Reading Download) service from the National Library Service for the Blind and Physically Handicapped. The attack also impacted Library databases and incoming and outgoing email, according to Barton.
The Library’s networked services are back to normal after the attack, which the CIO described as “a massive and sophisticated DNS assault, employing multiple forms of attack, adapting and changing on the fly.”
Barton’s post did not reveal any information on the attackers, but the noted that the Library has turned over “key evidence to the appropriate authorities who will investigate and hopefully bring the instigators of this assault to justice.”
A hacking group that goes by the name of Turk Hack Team reportedly claimed credit for the attack on an online message board.
Who does this benefit?
Clinton campaign — and some cyber experts — say Russia is behind email release
A top official with Hillary Clinton’s campaign on Sunday accused the Russian government of orchestrating the release of damaging Democratic Party records to help the campaign of Republican Donald Trump — and some cybersecurity experts agree.
The extraordinary charge came as some national security officials have been growing increasingly concerned about possible efforts by Russia to meddle in the election, according to several individuals familiar with the situation.
Late last week, hours before the records were released by the website WikiLeaks, the White House convened a high-level security meeting to discuss reports that Russia had hacked into systems at the Democratic National Committee.
Although other experts remain skeptical of a Russian role, the hacking incident has caused alarm within the Clinton campaign and also in the national security arena. Officials from various intelligence and defense agencies, including the National Security Council, the Department of Defense, the FBI and the Department of Homeland Security, attended the White House meeting Thursday, on the eve of the email release.
If the accusation is true, it would be the first time the Russians have actively tried to influence an election in this manner, analysts said. [That we know of? Bob]
(Related) Interesting, but no details, yet.
Top Republican lawmaker resigns suddenly citing "cyber security issues"
State Rep. Ron Sandack, a Downers Grove Republican and vocal legislative ally of Gov. Bruce Rauner, is resigning from the Illinois House after saying he's had "cyber security issues" in recent days.
Sandack had been facing a re-election race in November and is well known in Illinois politics for his heavy use of Twitter and Facebook, as well as his role as a floor leader for Republicans in the Illinois House.
For my Ethical Hacking students. Would you like to remote control a Ford?
Ford plans to install Apple CarPlay, Android Auto in entire 2017 lineup
Ford Motor Co. said Monday it will offer Apple CarPlay and Android Auto smartphone connectivity on its full lineup of 2017 vehicles, marking the fastest rollout of the technology so far by an automaker in the U.S.
Competitors have been introducing the popular features a few nameplates at a time over several years, but Ford, which offered no 2016 models with Apple or Android integration, is doing it all at once. By the end of this year, all Ford and Lincoln vehicles will have the features built into Sync 3, which is replacing the sometimes-balky MyFord Touch system.
For my Computer Security students.
Peter Carey and Keith M. Gerver of Cadwalader, Wickersham & Taft LLP, write:
When President Obama signed into law the Cybersecurity Act of 2015, which was designed to facilitate information sharing on cybersecurity threats between the public and private sectors, proponents hailed it as “our best chance yet to help address this economic and national security priority in a meaningful way.”1 Others – including some of the biggest players in the technology industry – decried it as “a thinly disguised surveillance provision,” and something to be avoided pending further information on how it would be implemented. Interim guidance issued earlier this year by the Office of the Director of National Intelligence, the Department of Homeland Security, the Department of Defense, and the Department of Justice, lacked many of the details that industry insiders were waiting for.2 Now, with final guidance having been issued (the “Final Guidance”), in-house counsel have more insight into the potential risks and rewards that await companies who opt to participate in the information sharing program, and can advise management and their boards of directors accordingly.3
Read their article on National Law Review.
For both Computer Security and Data Management students.
Report by 3 companies – Cyber resiliency in the Fourth Industrial Revolution
by Sabrina I. Pacifici on Jul 24, 2016
Cyber resiliency in the Fourth Industrial Revolution – A roadmap for global leaders facing emerging cyber threats
“The First Industrial Revolution, in the late 18th century, was driven largely by steam engines. The second, in the late 19th century, introduced mass production and the division of labor. The third, in the late 20th century, involved digital automation and information technology. Only decades later, the world is now on the cusp of a Fourth Industrial Revolution. This new world revolves around cyber-physical systems, the Internet of Things, and the Internet of Services. Our hyper-connectivity in this new digital world has been a boon for productivity— connecting and executing tasks with a speed that was inconceivable even five years ago. With that hyper-connectivity, however, comes the risk of significant disruption through a cyberattack—the potential consequences of which have escalated dramatically. Until recently, cybersecurity largely meant defending against website defacements, denial of service attacks, and data breaches. The threat posed by them, however, is now morphing into the realm of physical assets and critical infrastructure….”
[From the report:
This new approach emphasizes five fundamental steps:
1. Identify your most critical assets—What do you have that is most valuable to others?
2. Gather intelligence on cyber threats—Who are the bad actors?
3. Understand your digital profile—What does your online activity signal to others?
4. Build a resilient system—What are the most critical elements of defense?
5. Plan for a breach—What can you do now to prepare for a crisis?
Today Seattle, tomorrow the world?
Iris and fingerprint scanning coming to Sea-Tac Airport security as new option this week
It may sound like something straight out of Minority Report, but starting this week, travelers will have the option to get through part of security at Seattle-Tacoma International Airport via iris and fingerprint scans.
Biometrics company Clear anticipates launching its screening terminals at Seattle-Tacoma International Airport sometime this week. There will be two terminals at each of the airport’s three security checkpoints. Construction delays pushed back the launch, and Clear was hesitant to give a definitive opening day as a result.
The technology provides an alternative to the part of the check-in process where passengers wait in long, winding lines to have their ID and boarding pass checked by U.S. Transportation Security Administration agents. Instead, passengers can get iris or fingerprint scans while a Clear employee scans their boarding pass, and off they go to the body and carry-on scanners.
Soon the sky will darken with flocks of drones. Can I declare my home a “Drone Free” zone? When they start colliding and dropping onto my roof, can I sue?
7-Eleven Just Used a Drone to Deliver a Chicken Sandwich and Slurpees
A 7-Eleven customer’s order for Slurpees, a chicken sandwich, donuts, hot coffee, and candy will forever go down in history.
What makes it remarkable is that the convenience store chain used a drone to deliver the order to a family in Reno, Nev., 7-Eleven said on Friday. The company partnered with drone startup Flirtey for the delivery, which the companies said was the first time a drone has legally delivered a package to a U.S. resident who placed an order from a retailer.
My Data management students have an assignment this week to design an App. This article will be very helpful, if they can find it.
Inside the Democratic National Convention’s official app, with the Seattle startup that made it
A toy for my students.
Prisma on Android is now available for everyone
After a short, invite-only beta period, the artistic photo-filter app Prisma is now freely available to everyone on Google's Play store.
The app, which lets you choose from a surprisingly large number of filters and turn ordinary photos into mini-artworks, can be found here. You'll want to actually use that link, as searching for the app on Google Play will likely net several dozen (!) knockoffs, none of which you probably want to install on your phone.
Gamers collect these “hacks.” I’d tell my students, but they already have more than I will ever find.
Pokemon GO Cheats: How to Claim Gyms and Win Battles Easily