- SQL Injection: TalkTalk
- Session Hijacking: Valve
- Evading IDS, Firewalls, and Honeypots: Ashley Madison and Sony Pictures
- Hacking Web Servers: Drupal
- Distributed Denial of Services (DDoS): Nissan
Thursday, September 29, 2016
So don’t be surprised when I get elected!
Well, Chris Vickery and I tried to warn everyone about making these lists public and not securing them better. Now we see this, by Nicole Rojas:
During a House Judiciary Committee hearing on Wednesday (28 September), FBI Director James Comey revealed hackers have attempted to hack into voter registration sites in more than a dozen states and on several occasions. Investigators believe Russia is behind the attempted hacks, officials said.
“There have been a variety of scanning activities which is a preamble for potential intrusion activities as well as some attempted intrusions at voter database registrations beyond those we knew about in July and August,” Comey said.
Read more on IBT.
[From the article:
Homeland Security Secretary Jeh Johnson on Tuesday (27 Septmeber) said that 18 states had requested cyber assistance from the DHS regarding voting systems. [Which ones? Bob]
We’ve been telling lawyers this for years. (Of course, we need to read the email to see if it’s an email we shouldn’t read…)
Clark D. Cunningham writes:
Fear of hackers reading private e-mails in cloud-based systems like Microsoft Outlook, Gmail, or Yahoo has recently sent regular people and public officials scrambling to delete entire accounts full of messages dating back years. What we don’t expect is our own government to hack our e-mail — but it’s happening. Federal court cases going on right now are revealing that federal officials can read all your e-mail without your knowledge. For example, in the case of U.S. v. Ravelo, pending in Newark, New Jersey, the government used a search warrant to download the entire contents of a lawyer’s personal cellphone – more than 90,000 items including text messages, e-mails, contact lists, and photos. When the phone’s owner complained to a judge, the government argued it could look at everything (except for privileged lawyer-client communications) before the court even issued a ruling. The judge in Ravelo is expected to issue a preliminary ruling on the feds’ arguments sometime in October. All Americans should be watching carefully to what happens next in these cases – the government may be already watching you without your knowledge.
Read more on Homeland Security Wire.
For my Computer Security students.
New Pluralsight Course: Deconstructing the Hack
… I'm now really happy to be able to share Play by Play: Ethical Hacking - Deconstructing the Hack:
The theme of the course was to take a number of security events that illustrated various attacks I'd covered in the ethical hacking series and talk through some of the mechanics. Deconstruct them, if you like. These are real world security events so this is far from hypothetical, it's things that have actually happened. Here's what we cover:
When re-identification is outlawed only outlaws will have re-identified data? How about we just point out what a crappy job they did in the first place?
Corinne Reichert reports:
Australian Attorney-General George Brandis has said the government will introduce legislation to amend the Privacy Act for the purposes of protecting anonymised datasets that are collected and published by the Commonwealth.
Claiming that the “privacy of citizens is of paramount importance” to the government, Brandis said the amendment, which will be introduced in the coming months during the spring sittings of Parliament, will criminalise the re-identification of de-identified data.
Read more on ZDNet.
Something my Ethical Hacking students will do for free! (And you don’t even need to ask!!)
HackerOne CEO: 'We’re building the world’s biggest security talent agency'
HackerOne helps you find vulnerabilities in your internet-facing systems. We do it through a unique model where we have a community of researchers and hackers around the world who will hack you on your request and they will send you a report outlining what they found. You send them money as a thank you if the report was useful. [Or, we could help ourselves… Bob] If it wasn’t, you pay nothing.
My Software Architecture students will be looking for Research Projects. I thought I’d list a few potential areas here.
American Airlines Faces Next IT Hurdle
American Airlines Group Inc., nearly three years after merging with US Airways, faces a major information-technology challenge this weekend (Sept. 30-Oct.1), when it transitions all pilots and planes to one “flight operating system.”
The Algorithms That Tell Bosses How Employees Are Feeling
Every day, humans type out more than 200 billion emails, hundreds of millions of tweets, and innumerable texts, chats, and private messages. No one person could pick through even a tiny sliver of this information and stitch together themes and trends—but computers are starting to be able to. For more than a decade, researchers have been developing computer programs that can ingest enormous amounts of writing to try and understand the emotions stirred up by an idea or a product.
Citigroup Teams Up With Rival Banks to Fight Venmo
Citigroup Inc. is set to join its fellow big banks in building a peer-to-peer payments app in the hope of fending off fintech upstarts like Venmo.
A bit of an update.
Tech Giants Team Up To Tackle The Ethics Of Artificial Intelligence
… Called the Partnership on Artificial Intelligence to Benefit People and Society, the group consists of Amazon, Facebook, Google, Microsoft and IBM. Apple is also in talks to join.
… The group's goal is to create the first industry-led consortium that would also include academic and nonprofit researchers, leading the effort to essentially ensure AI's trustworthiness: driving research toward technologies that are ethical, secure and reliable — that help rather than hurt — while also helping to diffuse fears and misperceptions about it.
"We plan to discuss, we plan to publish, we plan to also potentially sponsor some research projects that dive into specific issues," Banavar says, "but foremost, this is a platform for open discussion across industry."
Cord-Cutting Could Cost Pay TV Industry $1 Billion in a Year, Study Says
… The results, which are based on an online survey of 1,119 U.S. customers, estimates that pay-TV providers could lose about $1,248 per cord-cutter annually. That’s because the average cord-cutter saves $104 a month—about 56% of their bill—from dropping cable TV.
Something to amuse my students.
Take a look inside Facebook’s massive data center in Sweden
Data centers are generally massive, but can be very beautiful. Google does them pretty well, but as it turns out, Facebook does too.
The company’s CEO Mark Zuckerberg recently shared a few pictures of its Luleå, Sweden-based data center on his account.
The main data hall is so big that engineers move around on scooters.
“The biggest challenge working here? Getting to the data center by car when it is -30 degrees C outside!”
Something else to worry about.
Deutsche Bank can only be saved by the German government, strategist says
Only a substantial intervention by the German government can stop the collapse of the country's largest lender, Deutsche Bank, according to Stefan Müller, the CEO of Frankfurt-based boutique research company DGAW.
"Deutsche Bank doesn't realize that something serious needs to happen," he told CNBC via telephone on Thursday morning. "(CEO John) Cryan clearly showed that he has no idea how to survive."
If not immediately useful at least it gets me thinking.
Practical Ed Tech Handbook - Updated for 2016-17
Last year I published a 30 page document that I called The Practical Ed Tech Handbook. This week I spent some time revising that document and updating it the 2016-17 school year. The Practical Ed Tech Handbook isn't just a list of my favorite resources. I've included ideas for using these resources and in many cases I've included links to video tutorials about my favorite resources.
In The Practical Ed Tech Handbook you will find resources arranged in seven categories; communication with students & parents, web search strategies, digital citizenship, video creation, audio production, backchannels & informal assessment, and digital portfolios.
You can also grab a copy of it here.