DPA reports:
Denmark will pay an anonymous
source for information about hundreds of Danish nationals mentioned in a data
leak from a Panama-based law firm linked to tax-dodging schemes, the Danish
minister of taxation said Wednesday.
Karsten Lauritzen welcomed the fact
that parliament’s tax committee broadly supported the scheme, but noted “there
is a risk when doing deals with an anonymous seller.”
Read more on About
Croatia.
[From the
article:
Jim Sorensen, a division head at the authority, told
broadcaster DR that a sample
received earlier this year proved to be credible.
"We feel the data is good and we can use it for tax
cases and to get an overview of tax evasion in general," he said.
There’s hacking and then there’s counter-hacking. You might even say it’s Ethical Hacking.
Hacker takes down CEO wire transfer scammers, sends their Win
10 creds to the cops
… The director of
SEC Consult's Singapore office has made a name striking back at so-called
"whaling" scammers by sending malicious Word documents that breach
their Windows 10 boxes and pass on identity information to police.
Whaling is a well-oiled social engineering scam that sees
criminals dupe financial controllers at large lucrative organisations. Whalers'
main method is to send emails that appear to originate from chief executive
officers, bearing instructions to wire cash into nominated bank
accounts.
It works. The FBI
estimates some $2.2bn (£1.7bn, A$2.9bn) in losses have arisen from nearly
14,000 whaling cases in the seven months to May this year. Some $800m (£601m, A$1bn) in losses occurred
in the 10 months to August 2015.
… "Someone
impersonated the CEO of an international company requesting urgent wire
transfers and a couple of hours later they realise it was a scam … we worked
together with law enforcement to trick the fraudsters," Lukavsky says.
"We sent them a prepared PDF document pretending to
be transaction confirmation and they opened it which led to Twitter handles,
usernames, and identity information."
"We were able to get the Windows 10 usernames and
hashes which are tied by default to Outlook."
Those Windows 10 password hashes only last a few hours
when subjected to tools like John the Ripper.
The information Lukavsky passed on to police from that
attack late last year lead to the arrest of the scammers located in Africa.
I agree with Dissent.
Also, this is a very rare mention of Change Control as a security
tool. Knowing that a someone has
modified your software might give you clue that you have been hacked!
I occasionally come across breach notifications that
impress me quite favorably.
This
notification by Nourse Farms is a good example of a strong incident
response described in a strong letter that will be more likely to reassure
customers than infuriate them.
Wasn’t this already obvious?
Dustin Volz reports:
The U.S. Office of Personnel
Management (OPM) did not follow rudimentary
cyber security recommendations that could have mitigated or even
prevented major attacks that compromised sensitive data belonging to more than
22 million people, a congressional investigation being released on Wednesday
has found.
Two breaches at the federal
agency detected in 2014 and 2015 were made worse by lax security culture and ineffective leadership, which failed
to harness available tools that could have stopped or limited the intrusions,
according to the report from the Republicans on the U.S. House of
Representatives’ Committee on Oversight and Government Reform, a copy of which
was seen by Reuters.
Read more on Reuters,
keeping in mind that this was not a panel of our most respected security
experts but a politically charged process. Not surprisingly, the Democrats did not concur
with the Republicans. As Volz reports:
Representative Elijah Cummings,
the top Democrat on the oversight panel, rejected the report’s findings in a
memo to other Democrats. He claimed the report had factual deficiencies and did
not account for mistakes made by federal contractors.
Infosecurity is hard enough without politicians who can’t
even manage to fund urgently needed public health initiatives trying to score
political points after a data breach.
All that said, do read Brian
Krebs’ coverage of the report, as he pulls out the kind of findings that
you may find interesting about what went amiss.
[It’s here: The OPM Data Breach: How the Government
Jeopardized Our National Security for More than a Generation
(Related) Learn from
the failure of others, what a concept!
The Denver Channel reports
that Noodles & Company has been sued by financial
institutions who allege that they suffered injury as a result of a databreach first
reported in May – a breach they claim could have been avoided had Noodles & Company learned from all the
hacks of other major retailers and deployed adequate security.
What should Congress know?
Classifieds website asks Supreme Court to block congressional
subpoena
The classified advertising website Backpage.com is asking
the Supreme Court to block a congressional subpoena for documents into the
website’s process of screening for sex trafficking ads.
Backpage.com claims the court order violates CEO Carl
Ferrer’s First Amendment rights.
“This case highlights a disturbing — and growing — trend
of government actors issuing blunderbuss demands for documents to online
publishers of content created by third parties (such as classified ads) in a
manner that chills First Amendment rights,” the company claims in its petition
to chief Justice John Roberts for immediate stay on Tuesday.
… The October 2015
subpoena seeks any documents concerning the website's editing of ads, relating
to its policies, manuals, memoranda, and guidelines, as well as any material
involving “reviewing, blocking, deleting or modifying” ads, according to court
documents.
“The record suggests Backpage would not have been the
target of PSI’s fishing expedition if did not host ads that some find distasteful.
The Balkanization of data? Take that, government subpoena!
Azure, Office 365: Microsoft's two new cloud regions tackle
data privacy issues
Microsoft has officially opened two new cloud regions,
offering Azure and Office 365 from multiple datacenter locations in the UK for
the first time.
The new UK regions take to 28 the number of Microsoft
generally-available regions for its cloud infrastructure and platform services.
For UK enterprise customers, the regional services are
also designed to provide a better option for meeting requirements to store
certain data locally.
… However,
Microsoft is also taking a different approach to providing its services in
Europe. Two of Microsoft's six new
regions include two new datacenters in Germany slated for launch by the end
of the year.
These two German regions be operated by 'data trustee' Deutsche Telekom subsidiary
T-Systems. Under this arrangement,
Microsoft won't have access to customer data and any government request for
such data will need to go through T-Systems.
Would you call the ACLU “activists?”
Activists to FBI: Show Us Your Warrant for Mass Hack of
TorMail Users
Mass hacking is now one of the FBI's established tactics
for fighting crime on the dark web. In
February 2015, the agency hit at least 4,000 computers all over the world in
an attempt to identify visitors of a child pornography site.
But questions remain about another FBI operation from
2013, in which the agency may have hacked users of a dark web email service called TorMail
even if they weren’t suspects of a crime. Now, the American Civil Liberties Union (ACLU)
is trying to unseal the court docket sheet containing the search warrant used
to deploy malware against users of the service. If the ACLU were then to get access to the
warrant itself, it may reveal the true scale of the FBI’s controversial hacking
campaign.
(Related) King
George didn’t need no stinking warrant!
Lindsay Whitehurst reports:
The Drug Enforcement
Administration wants to block the American Civil Liberties Union of Utah from
stepping into a court case over whether investigators can do warrantless
searches of a database of all prescription drug records in the state.
More than 40 states keep similar
databases, but Utah recently passed a law requiring investigators to get a
warrant before they search it.
DEA lawyers argue they’re exempt from that law because they’re a federal
agency, but state officials contend they have to follow it like
other investigators.
Read more of AP’s report on the Salt
Lake Tribune.
Some teens hide their text, parents of some of them find
ways to hack into their texts. Are we
talking a significant number?
So kids take steps to protect their privacy, and rather
than respect that, some parents take countermeasures to invade their privacy in
the name of protecting them?
CBS reports:
Parents are using spyware in an
effort to monitor their children’s social media interactions.
CBS2’s Emily Smith reported
different types of spyware can combat against free apps that hide texts and
phone calls children don’t want their parents to see. One app looks like a calculator with a
percentage sign next to it.
[…]
Marlowe said once a child starts
paying for their cellphone it’s time for parents to take a step back, but until
that day, parenting experts said it’s all fair game.
Experts added that at the very
least parents should have their children’s passwords and know what to look for
in the ever-changing digital world.
Read more on CBS.
“At the very least, parents should have the passwords?” I never once asked my kids for their
passwords. What a terrible parent I was…
A model for selling used textbooks? Garage sales R us?
Japan’s Mercari Brings Its Bazaar App to the U.S.
TOKYO—In an increasingly competitive global e-commerce
market, it is rare for an Asian startup to challenge American giants such as Amazon.com
Inc. and eBay Inc. on their own turf.
That is what Tokyo-based Mercari Inc. is trying to do with
its app for people buying and selling used goods like $35 purses and $15
videogames—and it is making some inroads.
Downloads of Mercari’s flea-market app reached 19 million in
the U.S. at the end of August, up from 12 million a month earlier, the company
said Tuesday. Downloads in Japan have
climbed to 35 million. At one point
recently, Mercari’s app rose as high as No. 3 in rankings for U.S. downloads,
according to analytics firm App Annie.
… Significantly, Mercari focuses almost exclusively on smartphone users—a
big difference from other used-goods sites like eBay and Craigslist that date
back to the desktop computer era. The
app is designed so sellers can upload photos quickly and buyers can make
one-click purchases. It also handles the
payment process.
Once a buyer purchases a listed item, the money goes first
to Mercari, which informs the seller that payment has been received,
greenlighting shipment. The seller is
paid only after the buyer confirms receipt—preventing instances where sellers
pocket payments without shipping anything.
It is certainly making my grading of papers a real pain in
the butt.
Bad Writing Is Destroying Your Company’s Productivity
… I surveyed 547
businesspeople in the first three months of this year. I looked specifically at people who write at
least two hours per week in addition to email. They told me that they spend an average of
25.5 hours per week reading for work. (About
a third of that is email.)
And 81% of them agree that poorly written material wastes
a lot of their time. A majority say
that what they read is frequently ineffective because it’s too long, poorly
organized, unclear, filled with jargon, and imprecise.
Entry-level employees get little training in how to write
in a brief, clear, and incisive way. Instead,
they’re immersed in first-draft emails from their managers, poorly edited
reports, and jargon-filled employee manuals. Their own flabby writing habits fit right in. And the whole organization drowns in
productivity-draining blather.
Just because…
No comments:
Post a Comment