DutchNews.nl reports:
Hackers have stolen 22 gigabytes
of data from municipal servers in Almelo, reports NU.nl. It says that although it is unclear what data have been leaked, people’s personal
data have almost certainly been affected. Hackers reportedly gained access to systems
for Werkplein Twente,
a partnership between the UWV benefit agency and areas in Twente that help find
work for people with a disability or who are on the unemployment benefits. It is
apparently unclear how long the system has been compromised as the hack was
discovered by chance.
Read more on DutchNews.nl
A trivial group? We’re
just used to seeing billion dollar companies.
Brian Krebs reports:
vDOS — a
“booter” service that has earned in excess of $600,000 over the past two
years helping customers coordinate more than 150,000 so-called distributed
denial-of-service (DDoS) attacks designed to knock Web sites offline — has been
massively hacked, spilling secrets about tens of thousands of paying customers
and their targets.
The vDOS database, obtained by
KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel
as the principal owners and masterminds of the attack service, with support
services coming from several young hackers in the United States.
Read more on KrebsOnSecurity.com.
[From Brian’s
article:
… in just four
months between April and July 2016, vDOS was responsible for launching more
than 277 million seconds of attack time, or approximately 8.81 years worth of
attack traffic.
Allow me to introduce Bob’s First Rule of Techno-Politics:
Politicians should never be allowed to
use technology. (Based on the philosophy
of Forrest Gump: “Stupid is as stupid does.”)
Slack Alice writes:
File under “major situational
awareness issues”: A picture tweeted out by Labour’s leadership contender Owen
Smith’s team inadvertently showed 16,000 people how to log into the Pontypridd
MP’s phone bank system.
The pic showed the candidate at a phone canvassing session—along with a
sign in the background showing the web address, ID, username, and password
required to log in.
Read more on InfoSecurity
Magazine.
(Related) This too could be very interesting. Will they be allowed to describe the security
failures that allowed them to hack all these people? Or is the government claiming that these kids
got through the best security the CIA could provide?
Two Men Arrested in U.S. for Hacking Emails of Top Officials
Two men suspected of belonging to a network that hacked
the emails of top American officials including CIA chief John Brennan were
arrested Thursday in North Carolina, the authorities announced.
… Police
in Britain investigating the matter, in February arrested a 16-year-old
student suspected of involvement.
CNN and the technology website Motherboard reported at the
time that the targets of "Crackas With Attitude" included top CIA
officials like Brennan, as well as senior figures in the FBI, the Homeland
Security Department, the White House and other federal agencies.
In January, the US director of national intelligence James
Clapper said that he, too, had been the victim of cyber pirates who had gained
access to the personal account he used for internet and telephone service,
managing even to intercept phone calls from his home, Motherboard
reported.
Who said, “The difficult we do
immediately.
The impossible takes a little longer.”?
DHS chief: 'Very difficult' for hackers to skew vote
Department of Homeland Security (DHS)
Secretary Jeh Johnson on Thursday downplayed concerns about malicious hackers
influencing U.S. elections amid rising fears about foreign actors trying to
wreak havoc on Election Day.
… Despite
Johnson’s claims, however, hackers would not necessarily need to alter a
particular vote count in order to inject chaos into the U.S. electoral system.
Merely tainting the integrity of the voting system might
be enough to sow discord in the U.S on Election Day. In other words, even if hackers do nothing,
simply claiming to have altered the results could cause the public to doubt the
results.
And hackers might be able to alter ballot counts in swing
districts where the outcome might have oversized importance.
Interesting.
A paper by James Scott, Sr. Fellow, Institute for Critical
Infrastructure Technology, and Drew Spaniel, Researcher, Institute for Critical
Infrastructure Technology provides an overview of what’s going on on the dark web when it comes to patient-related
information. You can access it here.
Better late than never?
This is so late it might as well be never.
Meet the U.S.'s First Ever Cyber Chief
Retired Air Force Brigadier Gen. Gregory Touhill just got
a promotion.
The White House has named Touhill as the first ever
federal chief information security officer, a role that is focused on
bolstering the U.S. government’s digital defenses. The Obama administration first announced the
creation of the position in February
… Touhill will be
responsible for “helping to ensure the right set of policies, strategies, and
practices are adopted across agencies,” they said.
… You can read
more about his bio on the U.S. Air Force website here.
… The Obama
administration also appointed Grant Schneider, cybersecurity policy director on
the White House’s National Security Council, as Tuohill’s acting deputy
information security chief—a career role, in contrast to Touhill’s.
Should any communication be governed by a single set of
rules? If not, why not? IT Governance? This is what happens when you disrupt an
industry.
EU looking at extending some telecom security rules to
WhatsApp and Skype
The European Union is set to extend some security rules
currently only applicable to telecom operators to web services such as
WhatsApp, Skype and Apple Inc’s FaceTime, according to a draft proposal
seen by Reuters.
… Telecom
companies such as Vodafone, Orange, and Deutsche Telekom have
long complained that web groups including Alphabet Inc’s Google, Microsoft and
Facebook are more lightly regulated despite offering similar services and have
called for the EU’s telecoms-specific rules to be repealed.
… Under the draft
directive, over the top services will have to ensure the security and integrity
of their services, including reporting breaches to authorities and having
contingency plans and service continuity strategies.
… However the
proposal does allow for some of the security obligations to be lighter for
services which like, for example, WhatsApp, do not exercise control over the
transmission of their services over telecom networks.
As I read this, I could post the links and not be
infringing. Could commercial sites link
to me?
EU court backs Playboy in Dutch hyperlinks copyright case
The European Court of Justice has ruled in favour of
Playboy in a long-running case over hyperlinks to copyrighted content.
The Dutch website Geenstijl, operated by GS Media, had
posted links to an Australian site that was hosting photographs from Playboy.
But the
court ruled GS Media had broken copyright rules, in part because it was
motivated by profit.
… now the court
has ruled that GS Media's posting of the links was a "communication to the
public" - making it subject to the stated checks and balances regarding
copyright.
… "[W]hen
hyperlinks are posted for profit, it may be expected that the person who posted such a link should carry out the checks necessary
to ensure that the work concerned is not illegally published,"
it said.
For my IT Governance class. What could you do to detect this?
Wells Fargo boots 5,300 employees for creating accounts its
customers didn’t ask for
Wells Fargo agreed to pay the largest fine ever collected
by the federal government’s new consumer protection agency after an
investigation found its staff opened more than 2 million fake checking, credit
card and other accounts for customers in order to meet sales targets and earn
bonuses. The bank, one of the largest in
the country, said it has fired 5,300 over the last five years for the conduct.
… the Wells Fargo
scheme is striking because those accused included thousands of ordinary
workers inside one of the country’s largest banks.
… CFPB Director
Richard Cordray blamed Wells Fargo’s company
culture for allowing the “reckless, unsafe or unsound practices.”
(Related?) You didn’t
have to use this service?
Mastercard faces £14bn card fee claim
In 2014, the European Court of Justice ruled that
regulators were right to condemn the cost of its interchange fees - the fees
retailers pay banks to process card payments.
Mastercard lowered its fees but now faces a claim for
damages for 16 years of charging from 1992 to 2008.
… Speaking to
Radio 5 Live, Mark Barnett of Mastercard said that using card payments had
reduced costs for consumers overall because it was cheaper than using cash, as there was no need to print
notes and transport them across the country.
This might be worth a read.
This article is published via the Passcode – Modern field
guide to security and privacy from The Christian Science Monitor”: The cypherpunk revolution-How the tech vanguard turned
public-key cryptography into one of the most potent political ideas of the 21st
century, by Thomas Rid, July 20, 2016.
“…But amid the hype [in the 1990s with the fast growing
impact of personal computers and the internet ]and a slowly but steadily
growing economic bubble, it dawned on a number of users that something was
missing: privacy and secure communications. History, thankfully, was gracious. Even more than that: nature itself was
generous to humans in front of plastic keyboards. Unrelated to either PCs or the internet,
cryptographers had made a third and no less far-reaching discovery in the
1970s. They didn’t just invent a
technology; more like explorers than innovators, they discovered an algorithm
based on a beautiful mathematical truth. That truly revolutionary technology was
finally unleashed for widespread public use in June 1991: asymmetric
encryption, also known as public-key cryptography…”
Perspective. Can
you name 9 ride sharing companies?
Today, we’re adding two more partners in the U.S., Lyft
and Gett. Now Google Maps will display options from 9 ride-sharing partners in
over 60 countries, allowing you to compare the fastest, most affordable ride
near you, without having to download and open multiple apps.
It’s bad enough that the week before Finals is Free Pizza
Week. I’m not going to duck drones too.
Google's Project Wing to deliver burritos to hungry students
Technology has been responsible for some truly
life-changing advancements. Electricity.
The internal combustion engine. The internet.
Virginia Tech student, she might say that all those pale
in comparison to what will be happening on that campus in the coming weeks:
drone-delivered burritos. That's right
-- Google is teaming up with Chipotle to deliver piping hot burritos by drone. It doesn't get much better than this, folks.
No comments:
Post a Comment