Yahoo hit with hack affecting at least 500 million user
accounts, FBI investigating
In what appears to be the biggest data breach in history,
Yahoo has been hit by a massive hack affecting at least 500 million
user accounts, the company said Thursday.
… Yahoo blamed
a “state-sponsored actor” for the huge theft, which it said occurred in 2014
when thieves hacked into the Sunnyvale tech firm’s data centers. [Easy to blame, now that “state sponsored” whoevers
are in the news so often. Bob]
… However, the
company said, stolen passwords were “hashed,” meaning converted into
randomized characters, and that the “vast majority” were heavily encrypted.
“Passwords that have been hashed can’t be converted into
the original plain text password,” Yahoo said. The “bcrypt” heavy encryption on the bulk of
the passwords provides “advanced protection against password cracking,” the
company said.
Another reason why I don’t have one.
Mobile devices are one of the weakest links in corporate
security. Executives are wrestling with
managing a proliferation of devices, protecting data, securing networks, and
training employees to take security seriously. In our Tech Pro Research survey of chief information officers,
technology executives, and IT employees, 45% of respondents saw mobile devices
as the weak spot in their company’s defenses. (Employee data was cited by 37%, followed by
wireless access of networks at 34% and bring-your-own-device efforts at 29%.)
Meanwhile, the potential for mobile attacks continues to
expand. In July comScore reported that half of all digital time was spent
on smartphone apps, and 68% percent of time was spent on a mobile device. If mobile security isn’t a problem for your
company yet, it will be.
Anything is possible, but this would mean that someone did
not follow the checklist and his partner didn’t notice. More likely this was deliberate.
NSA hacking tools were reportedly left unprotected on
remote computer
A U.S. investigation into a leak of hacking tools used by
the National Security Agency is focusing on a theory that one of its operatives
carelessly left them available on a remote computer and Russian hackers found
them, four people with direct knowledge of the probe told Reuters.
Useful for my Forensics students.
EFF Warns Police, Courts About Unreliability of IP Addresses
A report published this week
by the Electronic Frontier Foundation (EFF) warns about the misuse of IP
addresses by police and courts, and makes recommendations on how such
information can be used efficiently.
An increasing number of incidents shows that law
enforcement often considers IP addresses a clear indicator of a person’s
location or identity. For instance,
several privacy activists maintaining Tor exit nodes in their homes have been raided
by law enforcement investigating child pornography and other crimes. Internet mapping services that provide a
default location when only limited information is available has also caused
problems for innocent individuals.
Another issue is that police often overstate the
reliability of IP address information when trying to obtain a warrant or
subpoena. According to the EFF, law
enforcement also often uses inaccurate metaphors to explain IP addresses, such
as comparing them to physical mailing addresses and license plates.
Some judges have begun to realize that an IP address is
not enough to determine someone’s guilt. In one such case, a federal court in Oregon dismissed
a direct copyright infringement complaint against an individual who allegedly
pirated a movie.
However, there is more work to be done and the report
published by the EFF aims to teach law enforcement and courts on how to
reliably use IP information when investigating crimes.
Interesting. Likely
to become a hacking target.
New Data Tool Aims for Transparency in Police Use of Force
… Bayes Impact, a
nonprofit startup that aims to apply data analysis to societal problems,
launched a web-based platform Thursday that all California police departments must use to record whenever
an officer is involved in a “use of force” incident, which the state defines as
a shooting or assault that results in death or serious injuries.
Starting next year, the public will be able to access the
information on the Open Justice Portal, which publishes criminal-justice data
collected by the California Department of Justice.
… There is no
national database for recording use-of-force data, and no standard definition
for “use of force.” The Federal
Bureau of Investigation’s records have omitted hundreds of homicides by police
officers. There hasn't been a widely
used tool to collect data on violence involving law enforcement.
Why kill the source of campaign contributions?
How the Maker of the EpiPen Made Government Its Ally
In most respects, Wednesday’s congressional hearing into
Mylan Corp.’s steep price increases on the EpiPen followed an all-too-familiar
script. Mylan’s C.E.O., Heather Bresch,
was berated by legislators for the price hikes, and for her
$18.9-million pay package. Bresch tried,
feebly, to explain that Mylan doesn’t actually make that much money
from the EpiPen, and was careful never to offer the only real explanation for
why the product costs six times as much as it did in 2007, namely that the
company kept raising prices because it could. The politicians got their soundbites. Bresch got to state her case. And, at day’s
end, nothing meaningful had changed.
For what I didn’t teach my students?
LinkedIn reveals what it’s doing with Lynda.com:
LinkedIn Learning
LinkedIn has released
a product geared to the professional social network that it hopes will
expedite its vision to create “economic opportunity for every member of
the global workforce, which is north of 3 billion people.” The company on Thursday launched LinkedIn
Learning, the integration of its economic graph with its Lynda.com
acquisition.
… What LinkedIn is
doing is simply copying the education service and meshing it with its data so
while you’re on the professional social network, you can learn new skills based on the context of jobs you want or are
interested in. [Think that will work?
Bob]
… LinkedIn
Learning costs $29.99 per month, but those that have a premium subscription
with LinkedIn will get the service automatically. [Still free
at your local library! Bob]
No comments:
Post a Comment