Wednesday, August 10, 2016
Hackers only do this because they find it so easy.
Australia Online Census Shutdown After Cyber Attacks
… as thousands of people headed to the official website Tuesday evening, a series of denial-of-service attacks -- attempts to overwhelm an online system to prevent people accessing it -- prompted authorities to take the site offline.
"It was an attack, and we believe from overseas," said David Kalisch from the Australian Bureau of Statistics, which organises the census.
"The scale of the attack, it was quite clear it was malicious," he told the Australian Broadcasting Corporation.
The census website was not back online Wednesday.
There must be more here than I’m seeing. If I was a conspiracy buff, I might see some serious hackers behind this. What might North Korea want in exchange for not shutting down all airline systems?
Complexity makes airline computer systems vulnerable
… Why do these kinds of meltdowns keep happening?
The answer is that airlines depend on huge, overlapping and complex IT systems to do just about everything, from operating flights to handling ticketing, boarding, websites and mobile-phone apps. And after years of rapid consolidation in the airline business, these computer systems may be a hodgepodge of parts of varying ages and from different merger partners.
These systems are also being worked harder, with new fees and options for passengers, and more transactions — Delta’s traffic has nearly doubled in the past decade.
… It is unclear exactly what went wrong at Delta. The airline said it suffered a power outage at an Atlanta installation around 2:30 a.m. EDT that caused many of its computer systems to fail. But the local electric company, Georgia Power, said that it was not to blame and that the equipment failure was on Delta’s end.
IT experts questioned whether Delta’s network was adequately prepared for the inevitable breakdown.
“One piece of equipment going out shouldn’t cause this,” said Bill Curtis, chief scientist at software-analysis firm Cast. “It’s a bit shocking.”
Curtis said IT systems should be designed so that when a part fails, its functions automatically switch over to a backup, preferably in a different location. “And if I had a multibillion-dollar business running on this, I would certainly want to have some kind of backup power,” he added.
(Related) I wonder if one of the vulnerabilities was, “turn off the power?”
Joshua Philipp reports:
Computer systems of Delta Airlines have suffered a “glitch” that is causing flight delays on the airline globally. While the cause of the delays is still unclear, a group of cyber criminals was recently selling vulnerabilities to major airlines on the black market.
On Jan. 3, cybercriminals on a darknet black market run by Chinese state hackers published an advertisement for information and vulnerabilities in a long list of major airlines that included Delta Airlines, United Airlines, Japan Airlines, FedEx, and others.
Read more on Epoch Times.
(Related) How to backup an entire country?
Estonia's "Data Embassy" Could be UK's First Brexit Cyber Casualty
The government of Estonia is one of the most cyber-aware governments in the world. Recent reports have suggested that the country has been in discussion with the UK for the establishment of an overseas data embassy. Those same reports suggest that Britain's decision to leave the European Union is making Estonia reconsider the UK, and perhaps favor Luxembourg. If this is true, it could make the loss of business with Estonia the first major cyber casualty of the Brexit.
… Although the Ministry here describes the project as simply a data center, it has elsewhere used the term 'virtual data embassy'. This is to differentiate the concept from simple backups that have been stored in overseas embassies for the last ten years. Estonia is facing an issue now that will be faced by more and more nations as electronic government increases: secure mirrors will be required to ensure that the country itself doesn't face downtime in a catastrophe. Estonia, of course faces the additional concern of physical incursion from its neighbor and one-time overlord, Russia.
Taavi Kotka, the Government CIO, wrote, "As part of this research project, we have evaluated methods to ensure that the data and services of and for our citizens, e-residents, and institutions are kept safe, secure, and continuously available. Privacy, security, data protection, and data integrity are central to our government services."
A new (to me) resource!
What kind of month was July for breaches involving health information. I counted 39 incidents reported during the month. Read Protenus’s blog for an analysis of the incidents.
Update: Tom Sullivan of HealthcareITNews has a great write-up on the blog post.
I see a project for my Ethical Hacking students.
75 Percent of Bluetooth Smart Locks Can Be Hacked
Many Bluetooth Low Energy smart locks can be hacked and opened by unauthorized users, but their manufacturers seem to want to do nothing about it, a security researcher said yesterday (Aug. 6) at the DEF CON hacker conference here.
Something to amuse my Computer Security students.
25 Awesome “Bug Bounty” Programs for Earning Pocket Money
A bug bounty is a monetary payout for finding and reporting security holes in software. If you have expertise in security protocols, you could make some extra pocket money hunting for bugs in popular apps and websites.
It’s also a great way to sharpen your skills and build your reputation as a security expert — to the point where you could be recruited by companies (or even the American government). Here are the best bug bounty programs available in 2016.
Because the FBI has jurisdiction over all riots?
Kristen V. Brown reports:
When the FBI sent secret spy planes to capture surveillance footage of the Baltimore protests of Freddie Gray’s death in 2015, the agency justified the aerial monitoring as necessary. “Large scale demonstrations and protests” meant there was “potential for large scale violence and riots,” the agency wrote in an internal memo at the time.
Last week, the FBI released more than 18 hours of this footage in response to a FOIA request from the American Civil Liberties Union. Captured by a thermal-imaging system with infrared cameras mounted to the plane’s wing, the footage was taken over five days during at least 10 surveillance flights. The footage shows major Black Lives Matter marches, quiet neighborhood gatherings and near-empty streets. It’s unclear if law enforcement acted on this footage in policing the protests.
Read more on Fusion.
(Related) Did the FIOA request ask about facial recognition?
Andrada Fiscutean reports:
Romania’s intelligence service is about to build a system to identify people taking part in street protests or talking on Facebook or Skype, according to four local human-rights groups.
In an open letter published on Monday, the groups said the system would be capable of running facial recognition on three million people. It could also intercept online traffic without the consent of the users and will have unrestricted access to all public databases containing information about citizens.
Read more on ZDNet.
You know this is not going to die. Ever. (Translation: When a politician says, “as far as I know” what he or she means is, “I’m staying deliberately ignorant, but I don’t want to admit that.”
(Washington DC) – Judicial Watch today released 296 pages of State Department records, of which 44 email exchanges were not previously turned over to the State Department, bringing the known total to date to 171 of new Clinton emails (not part of the 55,000 pages of emails that Clinton turned over to the State Department). These records further appear to contradict statements by Clinton that, “as far as she knew,” all of her government emails were turned over to the State Department
Is ad blocking the cyber-equivalent of muting the TV during commercials?
Facebook Will Force Advertising on Ad-Blocking Users
Facebook is going to start forcing ads to appear for all users of its desktop website, even if they use ad-blocking software.
The social network said on Tuesday that it will change the way advertising is loaded into its desktop website to make its ad units considerably more difficult for ad blockers to detect. [Stealth ads? Bob]
Interesting. IT Architecture impacts brick and mortar architecture. Surprising that delivery would be so different?
E-Commerce Forces Shift in Warehouse Building
The rise of online shopping is forcing warehouse builders to redraw the map of logistics hubs on the East Coast.
Politicians always feel virtuous when they can create a new “Sin Tax.” Bet on it!
State governments eye cash from fantasy sports
… More than half of the nation’s state legislatures are set to debate measures to codify the existence of daily and weekly fantasy sports sites, which could provide a lucrative new revenue stream for cash-strapped governments.
CU offering certificate in ‘Applied Shakespeare'
BOULDER - Valorous news! Thee can anon receiveth a c'rtificate f'r studying the fine w'rks of the greatest playwright the w'rld hast ev'r seen.
The above sentence is an example of “Applied Shakespeare,” which, coincidentally, is also the name of the latest graduate certificate offered by the University of Colorado – Boulder.
You know this headline caught my eye. (Beer! There’s an App for that!)
This smart glass earns you free beer
For the toolkit. Not necessarily for my Ethical Hacking students.
How to Take Remote Control of Someone Else’s PC
Also for the toolkit. Organize your projects!
11 Trello Tips and Workflow Features for Programmers
Trello is one of the best productivity tools to hit the scene in the past decade, mainly due to the power of visual organization. It’s more than just a to-do list alternative. It’s an entirely different paradigm, especially for programmers.
For my students. I wonder if there is an index of these fairs?
Virtual Career Fairs: An Effective Recruiting Tool For The IC
… One of the most popular questions I hear is, “Do these things [VCFs] work? Do people really get hired from these events?” The answer is, unequivocally, YES. I have worked with numerous students who have attended American Military University and American Public University’s National Security VCF in the past and have been hired due to the connections they made during the event. While exact numbers can be hard to come by in the IC (for obvious reasons), the recruiters are returning again and again.
… The IC hosts an annual VCF; the last one was in March 2016. If the recruiters weren’t finding high-quality talent at VCFs then flat-out, they would not attend or host them.
I think I will re-arrange my priorities like Wally’s.