A private message to DataBreaches.net on Saturday evening
was the prelude to a young hacker downloading tremendous amounts of data from
states.
Over the next few hours, a teenage hacker known to
DataBreaches.net from his past hacking activities would remind us once again just
how insecure everything was, showing this blogger samples of files that he
obtained in a hack that not only gave him access to every state with a domain
on .us, but also to some .gov domains such as the U.S. Department of Education.
When asked how he obtained access, he replied:
I gained access to an ftp server,
that listed access to all the ftp’s on .us domains, and those .us domains were
hosted along with .gov , so I was able to access everything they hosted, such
as, public data, private data, source codes etc…
He declined to reveal what .gov sites, other than USED, he
was able to access, but did expand a bit on his previous answer, telling
DataBreaches.net:
It was very simple to gain access
to the 1st box that listed all the .us domains, and their ftp server logins. I went through each and every one, it was
legit. I am pretty sure about every
person who does security researching can do this, yes, it may have took me
about 3 hours or 4 hours or looking around, but it is still possible.
Encryption
was no obstacle for him, he said, because he saw no evidence that encryption
was used at all: “I was able to read all of it in plain text form.”
As he acquired files, the teenager commented in a private
chat on what he was obtaining: Social Security numbers in one file, credit card
numbers in another, postal and email addresses and phone number of Minnesota
school board candidates in another, web-banking transactions from the First
Bank of Ohio, and more, he claimed.
… Web-banking
transactions, First Bank of Ohio
According
to the teen, he was able to get customer credit card records from the bank
because the state had access to the bank and he then went through several SQL
tables:
… The hacker seems to have paid
particular attention to Florida. Just
one file alone from Florida had 267 million records, another had 76 million, he
told DataBreaches.net.
… When asked,
the teenager, who prefers to be called “Fear,” claimed that he was
also able to acquire voter registration databases. Although such databases are publicly available
in many states, there has been growing concern about their too-easy accessibility
and the risk that a hacker could tamper with the lists to corrupt the election
process. Ironically, on Thursday,
US-CERT issued an advisory on
securing voter registration data in the wake of some highly publicized hacks.
… Fear (also known
as @hackinyolife on Twitter) claims that he was also able to access
Florida’s pharmacy prescription monitoring program that is
used for law enforcement purposes, telling DataBreaches.net in chat:
they had monthly reports on every
citizen in Florida, and it included phone, address, name, SSN.
On inquiry, he noted that those records also contained the
medication names and corresponding prescription numbers, but declined to
provide any screenshots as proof.
(Related) Apparently, no one considers security or
privacy. No lawyers or auditors involved
in the development of these systems?
Ohio State Rep.
Many are often shocked to hear,
as was I, that the addresses and personal information of domestic violence and
stalking victims in Ohio is public record. This means that anyone, including the victim’s
perpetrator, can easily use public documents, such as Ohio’s voting rolls, to
locate an individual. That is, until
now.
At the beginning of this month,
House Bill 359 went into effect across Ohio, which allows domestic violence and
stalking victims to shield their address and other personal information from
public records. Not only will this help
these victims to feel safe at home, but it will also give them the ability and
peace-of-mind to register to vote, obtain an Ohio driver’s license or even get
a library card.
Read more on TimesReporter.com,
and kudos to Ohio for enacting this law. Ohio is not the only state to have an address
confidentiality law, but I don’t
know that those who are eligible to avail themselves of the protection always
know that they can. And of
course, if a database from 2014 had what is their still-current information and
that database was hacked/sold on the underground, they may still be at risk. But these laws are generally a Good Thing, I
think, and I hope that more domestic abuse victims avail themselves of the
added measure of protection.
Perspective. Can
you afford not to encrypt?
Why HTTPS Adoption has Doubled this Year
HTTPS adoption among the world’s top half million sites
doubled this year, achieving in one year what hadn’t been managed in 20 years’
since HTTPS’ introduction, writes Guy Podjarny over at SYNK.
Adoption among the top half million sites went from 5.5%
in August last year to 12.4% by the end of July, according to data from HTTP
Archive. If BuiltWith, who provided the
statistics, can be believed, adoption among the world’s top one million sites
was even more impressive: a year ago only 2.9% of sites were HTTPS by default
now it’s 9.6%. That’s 3X growth.
The question is what’s driving this dramatic growth in
adoption. For Guy, the answer is:
because it’s cheaper, easier and more important than ever before to use
HTTPS.
It used to be that you had to buy your SSL certificates
and pay extra costs for hosting and for a CDN to deliver the certificate. But now
certificates can be had for free at places like Let’s Encrypt, hosting
companies don’t demand an extra fee for HTTPS and many of the major platforms
like WordPress and Heroku offer it as standard.
Perspective.
When Information Storage Gets Under Your Skin
… The implants can
be activated and scanned by readers that use radio frequency identification technology,
or RFID. Those include ordinary
smartphones and readers already installed in office buildings to allow entrance
with a common ID card.
… There is no
comprehensive data on how many people have RFID implants in their bodies, but
retailers estimate the total is 30,000 to 50,000 people globally.
The fact that the tags can’t be lost is one attraction. Another, users say, is that the tags don’t
operate under their own power but rather are activated when they’re read by a
scanner. That means they can never be
rendered useless by a dead battery like smartphones.
Isn’t this the natural outcome of a “long tail” content
provider? If they don’t want Netflix to
use their content, don’t accept their money!
Start your own version of Netflix and compete!
The Netflix Backlash: Why Hollywood Fears a Content Monopoly
… at a time when
business is tough all over in the entertainment industry, there is a lot of
gratitude for a deep-pocketed buyer that is snapping up an array of material,
much of which might not find a home elsewhere. Netflix and its chief content officer Ted
Sarandos are at once a savior, offering a giant gush of money to license shows
that in some cases were past their prime or even out of production, and a
terrifying competitor to studios.
… The backlash is
real but muted — mostly because few are willing to risk the wrath of a company
that is spending $6 billion a year on programming and scored 54 Emmy
nominations this year.
The age of instant Accounting? A friend of mine, Norm Schultz, predicted that
20 years ago.
5 Ways Inventory Tracking Technology Is Evolving For 2017
Inventory tracking isn’t a “sexy” industry, but it’s a
necessary one for almost any business involved in manufacturing or shipping
tangible goods. You need some way to track how much you’re producing, how many raw
materials you’re consuming, where those products are going, and how much money
you’re making.
Old-school tracking systems relied on unreliable,
time-consuming manual processes to make counts and organize data, but advanced
modern-day systems are starting to reshape how quickly and efficiently we can
track our inventory. According
to SystemID, “advancements in [the Internet of Things (IoT), big data,
smart manufacturing, and mobile device management (MDM)] are literally changing how companies operate.”
1.
Real-time is becoming the new normal.
2.
Retail and fulfillment are blurring.
3.
Big data is leading to more advanced insights
4.
Companies are demanding more information.
5.
Solutions are becoming diversified.
Perhaps there is a market for a simple (i.e. cheap)
smartphone? Certainly there is a market
for a “Hey! You gotta try this App!” App.
Half of U.S. smartphone users download zero apps per month
Specifically, some 49 percent of U.S. smartphone users
download zero apps in a typical month, according to comScore, reflecting a
three-month average period ending this past June.
Of the 51 percent of smartphone owners who do
download apps during the course of a month, “the average number downloaded per
person is 3.5,” comScore’s report says. “However, the total number of app downloads is
highly concentrated at the top, with 13 percent of smartphone owners accounting
for more than half of all download activity in a given month.”
I have had a paperless classroom for years. What’s the big deal?
Why the Paperless Office Is Finally on Its Way
Every year, America’s office workers print out or
photocopy approximately one trillion pieces of paper. If you add in all the other paper businesses
produce, the utility bills and invoices and bank statements and the like, the
figure rises to 1.6 trillion. If you
stacked all that paper up, it would be 18,000 times as high as Mount Everest. It would reach nearly halfway to the moon.
No comments:
Post a Comment