Monday, September 19, 2016
Imagine what a dedicated, nation sponsored hacking team could access…
A private message to DataBreaches.net on Saturday evening was the prelude to a young hacker downloading tremendous amounts of data from states.
Over the next few hours, a teenage hacker known to DataBreaches.net from his past hacking activities would remind us once again just how insecure everything was, showing this blogger samples of files that he obtained in a hack that not only gave him access to every state with a domain on .us, but also to some .gov domains such as the U.S. Department of Education.
When asked how he obtained access, he replied:
I gained access to an ftp server, that listed access to all the ftp’s on .us domains, and those .us domains were hosted along with .gov , so I was able to access everything they hosted, such as, public data, private data, source codes etc…
He declined to reveal what .gov sites, other than USED, he was able to access, but did expand a bit on his previous answer, telling DataBreaches.net:
It was very simple to gain access to the 1st box that listed all the .us domains, and their ftp server logins. I went through each and every one, it was legit. I am pretty sure about every person who does security researching can do this, yes, it may have took me about 3 hours or 4 hours or looking around, but it is still possible.
Encryption was no obstacle for him, he said, because he saw no evidence that encryption was used at all: “I was able to read all of it in plain text form.”
As he acquired files, the teenager commented in a private chat on what he was obtaining: Social Security numbers in one file, credit card numbers in another, postal and email addresses and phone number of Minnesota school board candidates in another, web-banking transactions from the First Bank of Ohio, and more, he claimed.
… Web-banking transactions, First Bank of Ohio
According to the teen, he was able to get customer credit card records from the bank because the state had access to the bank and he then went through several SQL tables:
… The hacker seems to have paid particular attention to Florida. Just one file alone from Florida had 267 million records, another had 76 million, he told DataBreaches.net.
… When asked, the teenager, who prefers to be called “Fear,” claimed that he was also able to acquire voter registration databases. Although such databases are publicly available in many states, there has been growing concern about their too-easy accessibility and the risk that a hacker could tamper with the lists to corrupt the election process. Ironically, on Thursday, US-CERT issued an advisory on securing voter registration data in the wake of some highly publicized hacks.
… Fear (also known as @hackinyolife on Twitter) claims that he was also able to access Florida’s pharmacy prescription monitoring program that is used for law enforcement purposes, telling DataBreaches.net in chat:
they had monthly reports on every citizen in Florida, and it included phone, address, name, SSN.
On inquiry, he noted that those records also contained the medication names and corresponding prescription numbers, but declined to provide any screenshots as proof.
(Related) Apparently, no one considers security or privacy. No lawyers or auditors involved in the development of these systems?
Ohio State Rep.
Many are often shocked to hear, as was I, that the addresses and personal information of domestic violence and stalking victims in Ohio is public record. This means that anyone, including the victim’s perpetrator, can easily use public documents, such as Ohio’s voting rolls, to locate an individual. That is, until now.
At the beginning of this month, House Bill 359 went into effect across Ohio, which allows domestic violence and stalking victims to shield their address and other personal information from public records. Not only will this help these victims to feel safe at home, but it will also give them the ability and peace-of-mind to register to vote, obtain an Ohio driver’s license or even get a library card.
Read more on TimesReporter.com, and kudos to Ohio for enacting this law. Ohio is not the only state to have an address confidentiality law, but I don’t know that those who are eligible to avail themselves of the protection always know that they can. And of course, if a database from 2014 had what is their still-current information and that database was hacked/sold on the underground, they may still be at risk. But these laws are generally a Good Thing, I think, and I hope that more domestic abuse victims avail themselves of the added measure of protection.
Perspective. Can you afford not to encrypt?
Why HTTPS Adoption has Doubled this Year
HTTPS adoption among the world’s top half million sites doubled this year, achieving in one year what hadn’t been managed in 20 years’ since HTTPS’ introduction, writes Guy Podjarny over at SYNK.
Adoption among the top half million sites went from 5.5% in August last year to 12.4% by the end of July, according to data from HTTP Archive. If BuiltWith, who provided the statistics, can be believed, adoption among the world’s top one million sites was even more impressive: a year ago only 2.9% of sites were HTTPS by default now it’s 9.6%. That’s 3X growth.
The question is what’s driving this dramatic growth in adoption. For Guy, the answer is: because it’s cheaper, easier and more important than ever before to use HTTPS.
It used to be that you had to buy your SSL certificates and pay extra costs for hosting and for a CDN to deliver the certificate. But now certificates can be had for free at places like Let’s Encrypt, hosting companies don’t demand an extra fee for HTTPS and many of the major platforms like WordPress and Heroku offer it as standard.
When Information Storage Gets Under Your Skin
… The implants can be activated and scanned by readers that use radio frequency identification technology, or RFID. Those include ordinary smartphones and readers already installed in office buildings to allow entrance with a common ID card.
… There is no comprehensive data on how many people have RFID implants in their bodies, but retailers estimate the total is 30,000 to 50,000 people globally.
The fact that the tags can’t be lost is one attraction. Another, users say, is that the tags don’t operate under their own power but rather are activated when they’re read by a scanner. That means they can never be rendered useless by a dead battery like smartphones.
Isn’t this the natural outcome of a “long tail” content provider? If they don’t want Netflix to use their content, don’t accept their money! Start your own version of Netflix and compete!
The Netflix Backlash: Why Hollywood Fears a Content Monopoly
… at a time when business is tough all over in the entertainment industry, there is a lot of gratitude for a deep-pocketed buyer that is snapping up an array of material, much of which might not find a home elsewhere. Netflix and its chief content officer Ted Sarandos are at once a savior, offering a giant gush of money to license shows that in some cases were past their prime or even out of production, and a terrifying competitor to studios.
… The backlash is real but muted — mostly because few are willing to risk the wrath of a company that is spending $6 billion a year on programming and scored 54 Emmy nominations this year.
The age of instant Accounting? A friend of mine, Norm Schultz, predicted that 20 years ago.
5 Ways Inventory Tracking Technology Is Evolving For 2017
Inventory tracking isn’t a “sexy” industry, but it’s a necessary one for almost any business involved in manufacturing or shipping tangible goods. You need some way to track how much you’re producing, how many raw materials you’re consuming, where those products are going, and how much money you’re making.
Old-school tracking systems relied on unreliable, time-consuming manual processes to make counts and organize data, but advanced modern-day systems are starting to reshape how quickly and efficiently we can track our inventory. According to SystemID, “advancements in [the Internet of Things (IoT), big data, smart manufacturing, and mobile device management (MDM)] are literally changing how companies operate.”
1. Real-time is becoming the new normal.
2. Retail and fulfillment are blurring.
3. Big data is leading to more advanced insights
4. Companies are demanding more information.
5. Solutions are becoming diversified.
Perhaps there is a market for a simple (i.e. cheap) smartphone? Certainly there is a market for a “Hey! You gotta try this App!” App.
Half of U.S. smartphone users download zero apps per month
Specifically, some 49 percent of U.S. smartphone users download zero apps in a typical month, according to comScore, reflecting a three-month average period ending this past June.
Of the 51 percent of smartphone owners who do download apps during the course of a month, “the average number downloaded per person is 3.5,” comScore’s report says. “However, the total number of app downloads is highly concentrated at the top, with 13 percent of smartphone owners accounting for more than half of all download activity in a given month.”
I have had a paperless classroom for years. What’s the big deal?
Why the Paperless Office Is Finally on Its Way
Every year, America’s office workers print out or photocopy approximately one trillion pieces of paper. If you add in all the other paper businesses produce, the utility bills and invoices and bank statements and the like, the figure rises to 1.6 trillion. If you stacked all that paper up, it would be 18,000 times as high as Mount Everest. It would reach nearly halfway to the moon.