Thursday, July 28, 2016

Probably not wise.  You know this will inspire hackers to go after Trump.  Perhaps it will incent a hacker who actually has all of Hillary’s emails to send them to various news outlets. 
Trump Calls For Russian Cyber-Espionage To Recover Clinton’s 30,000 Deleted Personal Emails

Correction.  This was not flagged as a North Korean hack when it was first announced.  We should have known better.  I guess Kim Jong-un wants to send a bunch of Secret Shoppers south to buy the latest video games.  (Maybe there are no Pokémon in the North?  Now that would be a real sanction!) 
Well, it was only a matter of time before we saw this, right?
South Korean police said Thursday that North Korea was behind the latest hacking of a leading online shopping mall, which led to the leak of personal information of some 10 million customers.
The remark came after police conducted a detailed probe into the server of Interpark Corp., after an unidentified entity broke into it and stole customer-related information in May.
Read more on The Korea Times.

For my Computer Security students.
Could Your Devices Cause a Massive Security Breach at Work?
Many companies let their employers access important services with their own devices.  Most of the time, this doesn’t cause any problems, but it does remove a bit of control.  If a big mistake is made, it could end up causing a huge breach!

Computer Security students.  How would you prevent this?  (It is actually quite easy.) 
Graham Cluley writes:
It was just after 6pm on December 23, 2013, and Lennon Ray Brown, a computer engineer at the Citibank Regents Campus in Irving, Texas, was out for revenge.
Earlier in the day, Brown – who was responsible for the bank’s IT systems – had attended a work performance review with his supervisor.
It hadn’t gone well.
Brown was now a ticking time bomb inside the organisation, waiting for his opportunity to strike.  And with the insider privileges given to him by the company, he had more of an opportunity to wreak havoc than any external hacker.
Prosecutors described what happened next, just before Brown left the Citibank offices that evening:
Read more on Tripwire.

Think anyone will notice?  The real question is, was this data actually useful? 
This story needs to get a lot more media coverage in the U.K. and discussion.  Will the British people just shrug, though, because of currently elevated terrorism threats, or will they be outraged and insist on reform?
Graeme Burton reports:
The hearing into Privacy International’s challenge to the UK security services’ collection of bulk communications and personal data opened in London on Monday, and previously secret documents revealed for the first time the extent of government surveillance into ordinary citizens’ communications.
This follows a ‘dirt dump’ in April which showed that successive home secretaries have allowed this to carry on since at least 2005.
The documents provide evidence that MI5, MI6 and GCHQ collected data on every citizen in the UK, including location information, telephone numbers dialled and calls received, as well as metadata regarding time, date and duration of calls.
In addition, the security services are accused by Privacy International of collecting data in bulk via the internet, including browsing history, IP addresses visited, instant messaging data and operating systems.  The bulk collection of personal information even includes physical post data.
Read more on The Inquirer.

Are you trying to identify owners or users?  It may not tie 100% to one person, but would 99% be enough for you?
Wendy Davis reports:
The advocacy group Electronic Privacy Information Center is asking a federal appellate court to revive iPhone user Ryan Perry’s battle with CNN.
The dispute largely centers on whether the 12 random numbers and letters that make up an iPhone’s Media Access Control address should be considered “anonymous.”  EPIC argues in new court papers that the MAC address actually serves as a better way to identify iPhones’ owners than their names.
The dispute dates to 2013, when Perry alleged in a potential class-action lawsuit that CNN disclosed information about video clips watched by himself and other iPhone users, along with their 12-digit Media Access Control addresses, to the analytics company Bango.
Read more on MediaPost.

Every organization should have incident response plans that include cyber.  (Why does the government think it should have colors for the level of severity, and then call them by number?) 
New Presidential Policy Directive Details U.S. Cyber Incident Response
The U.S. Government finally has its own incident response plan.  In reality it is more like the framework for the development of an incident response plan (IRP); but it is a good high level start.  IRP for a nation is more complex than IRP for an organization; but Obama's new Presidential Policy Directive on Cyber Incident Coordination (PPD-41), approved on Tuesday, begins to define what constitutes a cyber incident, and who is responsible for responding to that incident.
The first problem is to define whether an incident requires a national response.  Here the PPD describes a cyber incident severity schema specifying six color-coded levels from zero to five. [I propose color 48, fuchsia!  Bob]

For my Ethical Hacking students.  Disable this or find evidence that it “harms” me in some way so I can sue Microsoft.  (A good mid-term project) 
Cortana can’t be disabled in the Windows 10 Anniversary Update
Microsoft has decided that Cortana, its personal digital assistant, is so useful that you’ll never be able to disable it going forward.  While Cortana has received a variety of upgrades in the Anniversary Update, and now supports multiple languages, deeper integration with calendars and applications, and can remember random facts about you, it can’t be flatly shut off any longer.

Perspective.  I wonder if my students know what SaaS is? 
85 Percent of Small Businesses Set to Invest More in SaaS (Infographic)
Just a couple of years ago, businesses looked at Software as a Service (SaaS) with some apprehension primarily because of security risks.  A lot has changed since then.  Today more than 85 percent of small business executives are willing to invest more in SaaS solutions over the next five years, according to research by Intuit.
   The data has been compiled and analyzed by software company Better Buys in its 2016 Report on the State of SaaS.
·  About 64 percent of small and medium-sized businesses rely on cloud-based technology to drive growth and boost workflow efficiency, finds cloud computing services company BCSG.
·  SaaS is expected to grow to $12 billion in 2016, and jump to $16 billion in 2017, and continue to grow year over year to an estimated $55 billion by 2026.
·  About 90 percent of mobile data traffic will be generated by cloud solutions by 2019.
·  Nearly half (43 percent) of small business owners use mobile as the primary devices for running their operations

I really hope this works out okay, but I note that even though he is harmless, he can be harmless only among the second class citizens, not anywhere near members of Congress or the president.
John Hinckley, Who Tried To Kill A President, Wins His Freedom
A federal judge in Washington, D.C., has granted a request for Hinckley to leave the mental hospital where he's resided for decades, to go live full-time with his elderly mother in Williamsburg, Va.
The release could happen as early as next week, the judge ruled. Under the terms of the order, Hinckley is not allowed to contact his victims, their relatives or actress Jodie Foster, with whom he was obsessed.  Hinckley also will not be permitted to "knowingly travel" to areas where the current president or members of Congress are present.

Remember this?  Think we should try to do it in Denver?  (Or wait for Big Brother to do it for us?)
New Yorkers Greet the Arrival of Wi-Fi Kiosks With Panic, Skepticism and Relief
When it comes to acceptance of New York City’s rapidly growing network of sidewalk kiosks offering “free super fast Wi-Fi,” some people are Nekeya Browns and some are Alex Padillas.
As soon as the LinkNYC booths were activated in their Washington Heights neighborhood this month, Ms. Brown celebrated by plugging in her headphones and swaying to some Marvin Gaye tunes; Mr. Padilla, in his Yankees jersey, stood a few feet back, reluctant even to touch the keyboard for fear of having his pocket of personal data picked.
   “Whoever thought of this was a great person,” she said, listing all of the benefits of the kiosks.  “I told a homeless lady that whenever you need to call your family, you can use this.”
And so it goes in the first stage of the citywide rollout of these curbside machines that promise swift connections to the internet, phone service and ports for charging cellphones and other devices, all at no cost to the users.
   Along Eighth Avenue in Midtown, some homeless people are camping around the kiosks.
   City officials … admit they did not know what to expect
   Last weekend, experts on digital data and online privacy were wondering what CityBridge planned to do with all of the personal information made available.  
   The civil liberties organization has asked city officials to revise LinkNYC’s privacy policy, arguing that it allows the system’s operators to collect all sorts of data about users and sell it to other companies.
   “What Google’s doing here is taking the business model that they’ve perfected in the online world and bringing it into the real world,” Mr. Dean said in an interview.

Uber drivers drive to you when you call them.  What will self-driving cars do? 
How Ford and MIT's Electric Shuttle Experiment Could Improve Ride-Hailing
Ford Motor is unleashing electric vehicles onto the Massachusetts Institute of Technology campus.  Students and faculty will be able hail these cars via mobile app in order to shuttle them to and from class.  It sounds a lot like Uber and Lyft. But that’s not exactly what Ford is aiming for—at least not initially.
The electric shuttles, which will be small enough to navigate sidewalks [Who has right-of-way?  Bob] within the campus, will be outfitted with cameras and LIDAR sensors, or light-sensitive radar.  The technology emits short pulses of laser light so that the vehicle’s software can produce high-definition 3D images in real-time of what is around the cars.  All of the data captured by the cameras and LIDAR combined with weather information as well as class schedules will be used to understand pedestrian traffic patterns.
In the near term, Ford and MIT researchers hope to use all that data to predict demand for the shuttles, then routing those vehicles to areas where they’re needed most at the corresponding times.
   But Ford posits the research project at MIT could also enhance the concept of ride-hailing as a whole because it’s focused on developing predictive algorithms that will direct vehicles to where people are most likely to need them and, hopefully, reduce wait times.  In other words, this research could eventually be used for a commercialized, on-demand shuttle service well beyond the borders of Ford’s company campus.

I would not have expected Microsoft to help Apple.  Silly me.  On the other hand, I don’t think I would have ever thought of their solution. 
Microsoft thinks it can do a better iPhone camera app than Apple
Don’t look now, but Microsoft is becoming a serious player in the world of iPhone apps.
It has already brought over Office and subsumed well-regarded email app Acompli and calendar app Sunrise into a revamped Outlook for iPhone.  Now, Microsoft is looking to offer up a rival to the built-in camera app.
Microsoft Pix, a free app from Microsoft Research, focuses first and foremost on delivering better pictures of people.  It does this by continuously taking pictures when the app is open and using an algorithm to choose the best shot or shots from among 10 images (seven just before the camera button is pressed and three after).

No comments: