Wednesday, August 03, 2016
One of the problems with “virtual” currencies – virtual criminals.
120,000 Bitcoin Stolen in Bitfinex Breach
Hong Kong-based Bitfinex, one of the world’s largest digital currency exchanges, suspended deposits and withdrawals on Tuesday after discovering a security breach that resulted in a large amount of Bitcoin getting stolen. The incident led to a significant drop in the value of Bitcoin.
Bitfinex launched an investigation and reported the breach to law enforcement. The investigation so far revealed that 119,756 Bitcoin have been stolen from customers’ wallets. The exchange platform believes other currencies are not impacted.
The stolen Bitcoin units were worth roughly $72 million before the breach was discovered, but the value of the cryptocurrency dropped by more than 20 percent following the incident.
… No information has been provided on how the security breach occurred. Bitfinex uses the services of BitGo, which specializes in Bitcoin and blockchain security, but BitGo says there is no evidence of a breach on its own servers.
Bitfinex representative Zane Tackett explained on Reddit that the platform uses several security mechanisms, but the attackers somehow managed to bypass them. The company also has limits in place to prevent hackers from draining wallets, but those limits were circumvented as well.
Targeting phone numbers because they can’t read the text?
Telegram explains what really happened from its ‘massive’ hacker attack
Telegram today responded to reports that it was the victim of a “massive hacker attack” that originated in Iran. The messaging app company said that while 15 million accounts were implicated, the hack was not as severe as one might think and only publicly available data was collected.
… Cyber researchers shared with Reuters that Iranian hackers were able to access more than a dozen accounts on Telegram and ultimately identify phone numbers of 15 million users in the country. It’s been claimed that Rocket Kitten was behind the attack, carrying out “a common pattern of spearphishing campaigns reflecting the interests and activities of the Iranian security apparatus.”
In response to the news, Telegram clarified that while publicly available data was collected from among 15 million users, individual accounts were not directly accessed. “Such mass checks are no longer possible since we introduced some limitations into our API this year,” the company explained in a blog post. That said, the company did acknowledge that since its app is based around phone contacts, anyone could “potentially” check to see if a particular phone number is registered in the system — something Telegram said was possible with WhatsApp, Facebook Messenger, and other similar apps.
Too common. Why spend money securing something you are trying to sell?
200 Million Yahoo Accounts Allegedly Held Ransom For 3 Bitcoins, Roughly $1,800 US
Surprise, surprise, Yahoo has been hacked AGAIN. This time, 200 million Yahoo accounts are supposedly being shopped around for 3 bitcoins, or roughly $1,800 USD.
A hacker known as Peace has listed the alleged credentials of Yahoo users on The Real Deal marketplace. He had been trading the data privately, but decided to go public on the dark web. Peace is also supposedly responsible for selling recent dumps of MySpace and LinkedIn accounts.
For my Computer Security students.
How to Know If Someone Has Hacked Your Social Media
Gmail has long had a feature that allows you to see if your account is logged in at several locations. The feature also allows you to securely log those locations out if you detect any suspicious activity.
If you want to protect your social media presence, there are similar methods to make sure no one is accessing your Facebook or Twitter accounts.
The Ultimate Ransomware Website You Should Know About
Being hit by any kind of malware is nasty, but ransomware packs an extra-tough punch because it locks you out of your own data. We’ve shown ways to protect yourself from ransomware, and it’s important to stay vigilant in the fight against these terrible attacks.
Now, there’s a site that everyone should visit to learn about ransomware, and it’s called NoMoreRansom.org. Sponsored by Kaspersky and Intel Security, the site aims to be a resource for anyone to learn about ransomware, as well as to help people affected by the infection get their stuff back if possible.
Something to amuse my Ethical Hacking students, but not really much of a threat, yet.
The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse
Finding tools for Big Brother?
New initiative from Privacy International tracks the global surveillance industry
by Sabrina I. Pacifici on Aug 2, 2016
“A new initiative launched today by Privacy International aims to track the growth and scale of the global surveillance industry, a shadowy sector consisting of companies selling a wide range of electronic surveillance technology to government agencies across the world. Made available today is the world’s largest publicly available educational resource of data and documents on surveillance, the Surveillance Industry Index (SII), which is based on data collected by journalists, activists, and researchers across the world and is the product of months of collaboration between Transparency Toolkit and Privacy International. Accompanying the index is a landmark report charting the industry’s development and its current reach. The SII, which is completely searchable, features over 1500 brochures and data on over 520 surveillance companies as well as over 600 reported individual exports of specific surveillance technologies taken from open source records, including investigative and technical reports, as well as government export licensing data. The resource will help the public, activists, journalists and policy makers better understand the modern surveillance industry and technologies.”
Unfortunately, terrorist can easily schedule attacks just before the “emergency” expires, to keep any country in crisis mode.
… France’s parliament on July 22 did not simply extend the state of emergency that President Francois Hollande declared in the wake of the horrific Paris attacks last November. Propelled by the despicable Bastille Day attack a week earlier in Nice, lawmakers significantly expanded emergency powers of police search, seizure and detention. They also used the emergency powers act to slip more than a dozen new draconian counterterrorism provisions into French criminal law. In contrast to the emergency measures, which lapse in six months, these changes to France’s criminal codes are permanent.
Interesting. I wonder if I could use this technique here in the US?
Why ‘Missed Call’ Marketing Has Taken Hold in India
… In India, however, recent census data shows that 75% of the population earns less than Rs. 5,000 ($75) a month. So how many people can afford their monthly mobile bill?
Surprisingly, the number is very high. There are two reasons for this. Handset prices are plummeting.
… The second reason is that a missed call (miskol in the Philippines; beep in Africa; memancing in Indonesia; and flashcall in Pakistan) costs nothing. Drivers and maids call their employers and disconnect. The employer calls back, thus effectively transferring charges.
… “Missed call marketing (MCM) is the simple concept of engaging via a free call,” says Anurag Banerjee, chief growth officer of Ozonetel Systems, a provider of cloud communication services that enables businesses to run missed call campaigns on its platform. A consumer calls a number and hangs up and receives a call back or an SMS sharing the cricket score or whatever. Most missed call activation campaigns are simple one-or-two-step processes.
… Want to hear Prime Minister Narendra Modi’s latest Mann ki Baat (Words from the heart) speech? Give a missed call. One million people did so after a new phone number was released.
… The Employees Provident Fund Organization has started a missed-call service for its 35 million contributing members which enables them to track their account balance.
… “It needs a smaller infrastructure set-up to receive missed calls and, therefore, it offers huge capacity to receive user requests,” he says. “Then, using outbound dialing lines, a return call can be made as and when capacity for calling back is available. Toll-free numbers also allow users to access information at zero cost. When a user calls toll-free, he gets connected to the brand using inbound dialing lines. If a large number of callers is expected to access the number, the company has to put in more infrastructure for receiving calls. Also, at peak load, users get a busy signal.
This can’t be correct, can it? We don’t negotiate with terrorist and we don’t pay ransoms. Doing so would make travel to any country short on hard currency a much greater risk. Are we that dumb?
Report: U.S. sent $400M cash to Iran as American detainees freed
… The Obama administration strongly denied paying any ransom to Iran, Brennan says, but according to details first reported by the Wall Street Journal, currency worth $400 million was flown into Tehran on a cargo plane around the same time that the Americans were released.
The plane was loaded with cash: Euros, Swiss Francs and other currencies, since any transaction with Iran in dollars is illegal under United States law.
Senior U.S. officials, Brennan reports, claimed the timing was coincidental: President Obama had planned to pay Tehran nearly 2 billion dollars to settle an outstanding legal dispute from before the 1979 Islamic Revolution.
"With the nuclear deal done, prisoners released, the time was right to resolve this dispute as well," Obama said.
But the administration never consulted congress, according to Republican Congressman Ed Royce, who accused the White House of paying ransom to a state sponsor of terrorism, and as details of the cash became public Tuesday, there were instant reverberations on the campaign trail.
Too cool! I’ll remember this next time I teach statistics.
Credit Suisse is using cheesecake to forecast sales at Nordstrom
When Nordstrom stopped reporting monthly same-store sales, a very important number for investors, an alternative had to be found.
The answer was cheesecake, or The Cheesecake Factory to be exact.
The Cheesecake Factory still reports monthly same-store sales in its quarterly report, often a few weeks ahead of Nordstrom.
"As we have generally considered Nordstrom's customer to be similar to The Cheesecake Factory's (CAKE) customer, we took a deeper look at just how profound the overlap actually is," Michael Exstein, a Credit Suisse analyst, said in a note to clients.
"We found from our analysis that the historical [comparable same-store] sales are in fact very closely correlated, as the companies' store locations are for the most part in very close proximity to one another."
… It seems ridiculous, but it actually seems to work.
A regression analysis comparing historical same-store sales data between the companies shows an R-value of 0.93 — the closer to 1, the closer the two match each other. When comparing total sales, the R-value drops slightly to 0.89. (Those values were calculated by Credit Suisse based on historical data through 2013, and just because they were related in the past doesn't mean they will continue to be.)
Better than Notepad++?
11 Sublime Text Tips for Productivity and a Faster Workflow
If you’re a programmer, you’re either more comfortable using a text editor or a full-blown IDE, and your choice will likely depend on the programming languages you use. But if you go the text editor route, Sublime Text is the king.