Friday, September 23, 2016
Yesterday, this was a mere 200 million. What will we see tomorrow?
Yahoo hit with hack affecting at least 500 million user accounts, FBI investigating
In what appears to be the biggest data breach in history, Yahoo has been hit by a massive hack affecting at least 500 million user accounts, the company said Thursday.
… Yahoo blamed a “state-sponsored actor” for the huge theft, which it said occurred in 2014 when thieves hacked into the Sunnyvale tech firm’s data centers. [Easy to blame, now that “state sponsored” whoevers are in the news so often. Bob]
… However, the company said, stolen passwords were “hashed,” meaning converted into randomized characters, and that the “vast majority” were heavily encrypted.
“Passwords that have been hashed can’t be converted into the original plain text password,” Yahoo said. The “bcrypt” heavy encryption on the bulk of the passwords provides “advanced protection against password cracking,” the company said.
Another reason why I don’t have one.
Mobile devices are one of the weakest links in corporate security. Executives are wrestling with managing a proliferation of devices, protecting data, securing networks, and training employees to take security seriously. In our Tech Pro Research survey of chief information officers, technology executives, and IT employees, 45% of respondents saw mobile devices as the weak spot in their company’s defenses. (Employee data was cited by 37%, followed by wireless access of networks at 34% and bring-your-own-device efforts at 29%.)
Meanwhile, the potential for mobile attacks continues to expand. In July comScore reported that half of all digital time was spent on smartphone apps, and 68% percent of time was spent on a mobile device. If mobile security isn’t a problem for your company yet, it will be.
Anything is possible, but this would mean that someone did not follow the checklist and his partner didn’t notice. More likely this was deliberate.
NSA hacking tools were reportedly left unprotected on remote computer
A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters.
Useful for my Forensics students.
EFF Warns Police, Courts About Unreliability of IP Addresses
A report published this week by the Electronic Frontier Foundation (EFF) warns about the misuse of IP addresses by police and courts, and makes recommendations on how such information can be used efficiently.
An increasing number of incidents shows that law enforcement often considers IP addresses a clear indicator of a person’s location or identity. For instance, several privacy activists maintaining Tor exit nodes in their homes have been raided by law enforcement investigating child pornography and other crimes. Internet mapping services that provide a default location when only limited information is available has also caused problems for innocent individuals.
Another issue is that police often overstate the reliability of IP address information when trying to obtain a warrant or subpoena. According to the EFF, law enforcement also often uses inaccurate metaphors to explain IP addresses, such as comparing them to physical mailing addresses and license plates.
Some judges have begun to realize that an IP address is not enough to determine someone’s guilt. In one such case, a federal court in Oregon dismissed a direct copyright infringement complaint against an individual who allegedly pirated a movie.
However, there is more work to be done and the report published by the EFF aims to teach law enforcement and courts on how to reliably use IP information when investigating crimes.
Interesting. Likely to become a hacking target.
New Data Tool Aims for Transparency in Police Use of Force
… Bayes Impact, a nonprofit startup that aims to apply data analysis to societal problems, launched a web-based platform Thursday that all California police departments must use to record whenever an officer is involved in a “use of force” incident, which the state defines as a shooting or assault that results in death or serious injuries.
Starting next year, the public will be able to access the information on the Open Justice Portal, which publishes criminal-justice data collected by the California Department of Justice.
… There is no national database for recording use-of-force data, and no standard definition for “use of force.” The Federal Bureau of Investigation’s records have omitted hundreds of homicides by police officers. There hasn't been a widely used tool to collect data on violence involving law enforcement.
Why kill the source of campaign contributions?
How the Maker of the EpiPen Made Government Its Ally
In most respects, Wednesday’s congressional hearing into Mylan Corp.’s steep price increases on the EpiPen followed an all-too-familiar script. Mylan’s C.E.O., Heather Bresch, was berated by legislators for the price hikes, and for her $18.9-million pay package. Bresch tried, feebly, to explain that Mylan doesn’t actually make that much money from the EpiPen, and was careful never to offer the only real explanation for why the product costs six times as much as it did in 2007, namely that the company kept raising prices because it could. The politicians got their soundbites. Bresch got to state her case. And, at day’s end, nothing meaningful had changed.
For what I didn’t teach my students?
LinkedIn reveals what it’s doing with Lynda.com: LinkedIn Learning
LinkedIn has released a product geared to the professional social network that it hopes will expedite its vision to create “economic opportunity for every member of the global workforce, which is north of 3 billion people.” The company on Thursday launched LinkedIn Learning, the integration of its economic graph with its Lynda.com acquisition.
… What LinkedIn is doing is simply copying the education service and meshing it with its data so while you’re on the professional social network, you can learn new skills based on the context of jobs you want or are interested in. [Think that will work? Bob]
… LinkedIn Learning costs $29.99 per month, but those that have a premium subscription with LinkedIn will get the service automatically. [Still free at your local library! Bob]