Monday, August 08, 2016
For my Computer Security students. This does not read like a power outage. Contrast this with the three levels of backup power sources that United Airlines reservation system uses. Do you believe it was a simple “power outage?”
Delta Air Lines passengers stranded after computer crash grounds flights
Delta Air Lines' computer systems crashed on Monday, leaving passengers of one of the world's largest carriers stranded at airports around the globe as flights were grounded.
The U.S. airline said the problems were down to a power outage in Atlanta overnight and that its information technology team was working to resolve the problem.… "Our systems are down everywhere. Hopefully it won't be much longer," the airline said on Twitter earlier on Monday.
… The glitch follows several high-profile computer problems faced by U.S. airlines in the past year.
They included budget carrier Southwest Airlines Co (LUV.N), which had to halt departures last month after a technical outage, while American Airlines (AAL.O) had to suspend flights from three of its hubs last September after technical problems.
Industry consultants say airlines face an increasing risk from computer disruptions as they automate more of their operations, distribute boarding passes on smartphones and fit their planes with Wifi.
An interesting group of “targets.” Who do we know that would be interested in all of these?
New spyware detected targeting firms in Russia, China: Symantec
A previously unknown group called "Strider" has been conducting cyber-espionage attacks against selected targets in Russia, China, Sweden, and Belgium, U.S.-based computer security firm Symantec Corp said on Monday.
The group, which has been active since at least October 2011 and could have links to a national intelligence agency, has been using an advanced piece of hidden malware identified by Symantec as Remsec (Backdoor.Remsec), the company said in a blog post.
Remsec spyware lives within an organization's network rather than being installed on individual computers, giving attackers complete control over infected machines, researchers said. It enables keystroke logging and the theft of files and other data.
… Remsec shares certain unusual coding similarities with another older piece of "nation state-grade" malware known as Flamer, or Flame, according to Symantec.
Flamer malware has been linked to Stuxnet, a military-grade computer virus alleged by security experts to have been used by the United States and Israel to attack Iran’s nuclear program late in the last decade (reut.rs/2b2FA8z).
A question for my Computer Security students. It costs a lot to actively protect your users. Is it worth it?
Password Hacking Forces Big Tech Companies to Act
In the past few months, hackers have taken over the social-media accounts of Facebook Inc. Chief Executive Mark Zuckerberg, Google CEO Sundar Pichai and Twitter Inc. ’s CEO, Jack Dorsey.
Behind the scenes, security teams at every major technology company—and many smaller firms, too—are scrambling to protect others from the same fate.
… Some of the executives apparently reused passwords that had been stolen in earlier hacks of LinkedIn, Myspace and other sites; others may have fallen victim to software that uses the old passwords to guess new ones.
Nearly two billion old passwords can be viewed for as little as $2 at a database called LeakedSource, run by anonymous operators. Investigators estimate that maybe up to 8% of the LinkedIn usernames and passwords will work on other services, giving hackers a way to take over accounts elsewhere.
… Hacking creates a dilemma for operators of other popular consumer web services. They can require all users to change their passwords, and risk losing some users. If they don’t force password changes, users’ accounts could be hacked.
… Twitter, Facebook, Yahoo Inc. and others chose a different course. Instead of resetting all passwords, they analyzed the stolen credentials and then urged or forced affected users to reset their passwords.
… Combing through the data is time-consuming. Yahoo has one billion users. Its security team began examining the LinkedIn database on May 18. Some of the account names and passwords were encrypted. Yahoo staffers had to decode the names and passwords and look for matches with Yahoo’s users. Eight days later, on May 26, Yahoo emailed notes out to an undisclosed number of affected users, telling them to reset their passwords.
If she had not named names, would tweeting about what she saw still be grounds for a lawsuit? If the cleaning crew had posted pictures, would they (or the hospital) be liable?
Allegations that a nurse at a major Chicago hospital tweeted about a shooting victim’s death and blood-soaked hospital room are a stunning cautionary tale that health care providers can use to hammer home how workers may be held liable for privacy lapses, attorneys say.
A Chicago nurse allegedly tweeted this image of a patient’s room, prompting a lawsuit. The allegations surfaced in a new lawsuit accusing Karrie Anne Runtz, a trauma nurse at Mount Sinai Hospital, of “recklessly and outrageously” tweeting about the April 2015 death…
Read more on Law360 (subscription required).
Dean Wormer’s “Double Secret Probation” bleeds into Big Brother’s world?
Paper – Coming to Terms with Secret Law
by Sabrina I. Pacifici on Aug 7, 2016
Rudesill, Dakota S., Coming to Terms with Secret Law (November 01, 2015). 7 Harvard National Security Journal 241 (2015); Ohio State Public Law Working Paper No. 321. Available for download at SSRN: http://ssrn.com/abstract=2687223
“The allegation that the U.S. government is producing secret law has become increasingly common. This article evaluates this claim, examining the available evidence in all three federal branches. In particular, Congress’s governance of national security programs via classified addenda to legislative reports is here given the first focused scholarly treatment, including empirical analysis that shows references in Public Law to these classified documents spiking in recent years. Having determined that the secret law allegation is well founded in all three branches, the article argues that secret law is importantly different from secrecy generally: the constitutional norm against secret law is stronger than the constitutional norm against secret fact. Three normative options are constructed and compared: live with secret law as it exists, abolish it, or reform it. The article concludes by proposing rules of the road for governing secret law, starting with the cardinal rule of public law’s supremacy over secret law. Other principles and proposals posited here include an Anti-Kafka Principle (no criminal secret law), public notification of secret law’s creation, presumptive sunset and publication dates, and plurality of review within the government (including internal Executive Branch review, availability of all secret law to Congress, and presumptive access by a cadre of senior non-partisan lawyers in all three branches).”
Sounds like a poor choice to me. Why not call an Ambulance? If he had passed out, pulling to the side of the road would not have improved his odds of survival. A new meme for this blog, “Technology helps those who help themselves!”
A Missouri man might owe his life to his Tesla Model X's Autopilot
… In late July, Joshua Neally left work and began to drive home in his week-old Tesla Model X, activating the Autopilot feature when he entered the highway. Miles down the road, he felt "the most excruciating pain [he’s] ever had," in his chest, and after calling his wife, decided to go to the nearest emergency room. Neally allowed the car to continue driving on the highway for the next twenty miles, before taking over and guiding the vehicle the remaining couple of miles to the hospital, where he checked himself into the emergency room.
Neally noted that he probably should have simply called an ambulance, and potentially could have put other drivers at risk by continuing to drive.
… For his part, Neally noted that he trusted the car to help, saying that if he had fallen unconscious, it would have steered to the side of the road.
‘Pokémon Go’ has eclipsed $200 million in total revenue one month after launching
… App analytics platform Sensor Tower released the worldwide revenue data on Friday, citing its latest “Store Intelligence” information. The company also published a chart comparing Pokémon Go’s financial success to that of other previous top earners, including Candy Crush Soda Saga and Clash Royale.
… As seen above, Pokémon Go was only slightly outperforming Clash Royale for the first 18 days following its launch, but that was before Niantic Inc. released the app in Japan, Nintendo’s home country, where the biggest Pokéfans likely reside. Revenue exploded from there, spiking from around $75 million to $200 million in just under 14 days.
A geezer’s perspective? I have not noticed a big difference in my students.
Survey upends concept that older workers averse and stressed by using technology
by Sabrina I. Pacifici on Aug 7, 2016
Via CIO: “Cloud storage provider Dropbox and Ipsos Mori, a London-based market research firm, surveyed more than 4,000 information workers in the U.S. and Europe about their use of technology in the workplace and found that people 55 and up use 4.9 forms of technology per week, on average — a smidge above the overall average of 4.7 per week. More importantly, the survey also revealed that older workers are less likely than their younger colleagues to find using technology in the workplace stressful. Just one-quarter of the respondents who are 55 or older said that they find tech in the workplace stressful. Meanwhile, 36 percent of the respondents who are 18 to 34 years old — the ones who supposedly grew up with technology — said they find tech in the workplace stressful.”
World's First Public Website Went Online 25 Years Ago
… Believe it or not, the first webpage ever put online is still online, and at the exact same address: http://info.cern.ch/hypertext/WWW/TheProject.html.
Ah Hulkster, you’ve got them down. Now hit them with the chair! On the other hand, you have to try to get something!
Gawker and Hulk Hogan Said to Be in Settlement Talks Over Privacy Case
According to a Wall Street Journal report.
Gawker Media Group is engaged in preliminary talks with the former professional wrestler Hulk Hogan to reach a settlement over a $140 million court judgment that led the company to file for bankruptcy protection, the Wall Street Journal reported on Sunday.
The settlement talks come a week ahead of a court-administered auction that will see Gawker Chief Executive Nick Denton lose control of the company, the Journal said.
For my students.
Why my fellow students aren’t interested in doing data science for you
… The statistics (perhaps ironically) are pretty convincing. Summarized in an article at Datanami, McKinsey says that by 2018, the demand for data scientists will outpace supply by 60%. Accenture noted that 90% of its clients were looking for data talent, and 40% cited a lack of it as a major problem. And to top it off, Glassdoor found that the median starting salary for a data scientist can be almost double that of a programmer. Everybody’s looking to hire and pay (well) for data people, but they can’t seem to find them.