Friday, October 28, 2016
What scams could hackers run with this data?
Allie Coyne reports:
More than one million personal and medical records of Australian citizens donating blood to the Red Cross Blood Service have been exposed online in the country’s biggest and most damaging data breach to date.
A 1.74 GB file containing 1.28 million donor records going back to 2010, published to a publicly-facing website, was discovered by an anonymous source and sent to security expert and operator of haveibeenpwned.com Troy Hunt early on Tuesday morning.
The database was uncovered through a scan of IP address ranges configured to search for publicly exposed web servers that returned directory listings containing .sql files.
Read more on ITNews.com.au.
See the Red Cross’s statement and FAQ here.
It works. Is it because we have a poor education system? Because people fear the IRS? Because they trust anyone on the phone?
Justice Department charges dozens in massive Indian call center scheme
The callers in India, claiming to be officials with the Internal Revenue Service or immigration services, would present those who answered the phone with an ultimatum. Pay us, or we’ll fine you, deport you or arrest you.
Their network was expansive, and their work lucrative. Justice Department officials announced charges against 61 people and entities Thursday and said the call center scheme had scammed at least 15,000 victims out of more than $250 million.
Be careful what you hack.
Teen Arrested for Cyberattack on 911 Emergency System
An 18-year-old teen from Arizona was arrested this week after one of his iOS exploits caused serious disruption to 911 emergency systems.
According to the Maricopa County Sheriff’s Office, Meetkumar Hiteshbhai Desai was booked on three counts of Computer Tampering, which in this case is a Class 2 felony, considered an extremely serious crime in Arizona and other states, due to the fact that it involved critical infrastructure.
The Maricopa County Sheriff’s Office Cyber Crimes Unit launched an investigation after being notified of disruption to the 911 service in the Phoenix metro area and possibly in other states.
Desai apparently learned of an iOS bug that can be exploited to manipulate devices, including trigger pop-ups, open email, and abuse phone features. The teen created several exploits and published one of them on a website, linking to it from his Twitter account in an effort to prank his followers.
While Desai claimed he wanted to publish a link to an exploit that only displayed pop-ups and caused devices to reboot, he mistakenly tweeted a link to an exploit that caused iPhones and iPads to continually dial 911 and hang up.
For the Computer Security SIG.
How Hackers Play Capture the Flag
Because your face is an open book?
Facebook Inc.’s software knows your face almost as well as your mother does. And like mom, it isn’t asking your permission to do what it wants with old photos.
While millions of internet users embrace the tagging of family and friends in photos, others worried there’s something devious afoot are trying to block Facebook as well as Google from amassing such data.
As advances in facial recognition technology give companies the potential to profit from biometric data, privacy advocates see a pattern in how the world’s largest social network and search engine have sold users’ viewing histories for advertising. The companies insist that gathering data on what you look like isn’t against the law, even without your permission.
Read more on Crain’s.
Laura Sydell reports:
Nearly half of all American adults have been entered into law enforcement facial recognition databases, according to a recent report from Georgetown University’s law school. But there are many problems with the accuracy of the technology that could have an impact on a lot of innocent people.
Read more on NPR.
How does one enforce this law? Police drones? How does one fly a drone if you can’t see where you are going?
Lisa Vaas reports:
Sweden last week banned the use of camera drones without a special permit, infuriating hobby flyers and an industry group but likely pleasing privacy campaigners.
Drone pilots will now have to show that there’s a legitimate benefit that outweighs the public’s right to privacy – and there are no exemptions for journalists, nor any guarantee that a license will be granted.
Read more on Naked Security.
An interesting question.
… As the jobs-based economy gives way to the gig economy, winners and losers are determined by the type of worker you are — or can become.
Workers with specialized skills, deep expertise, or in-demand experience win in the gig economy. They can command attractive compensation, garner challenging and interesting work, and secure the ability to structure their own working lives. Workers who possess strong technical, management, leadership, or creative abilities are best positioned to take advantage of the opportunity to create a working life that incorporates flexibility, autonomy, and meaning.
Entrepreneurial workers also win. The gig economy rewards hustle. Workers entrenched in a passive, complacent employee mindset that relies on their employer to provide a sense of stability, career progression, and financial security will struggle.
This could be interesting.
FCC Derails ISP Customer Data Gravy Train, Requires Explicit Consent For Sharing Sensitive Information
The FCC rule was passed this morning with a 3-2 vote. It requires ISPs, or internet providers, to obtain a customer’s explicit consent before sharing certain information with third parties. FCC Chairman Tom Wheeler remarked, “It's the consumers' information. How it is used should be the consumers' choice. Not the choice of some corporate algorithm.”
Kiss your cash goodbye? This year is set to be a turning point for credit
Is this the beginning of the end for cash?
As consumers have increasingly used credit and debit cards and made purchases online and on apps, they’ve used less and less cash; in 2016, consumers will spend a greater amount on cards than they do with cash for the first time, according to the market-research firm Euromonitor International, which has been tracking consumer payments over the last several decades.
… South Korea’s government, for example, started to promote credit cards around 1997 in an effort to boost consumption in the country and cut down on cash payments, which are harder to track for tax purposes, according to The Economist.
… Although a switch to a digital payment system would potentially save countries a lot of money, since cash is expensive to make and keep in circulation, many citizens have concerns about banks and governments having access to information on what they’re spending, regardless of whether they’re actually involved in any improper or illegal activities.
Perspective. I never would have guessed a number this high.
68 Percent of Millennial Small Business Owners Rely on Social Media for Brand Promotion
… New data (PDF) from Magisto shows that 68 percent of Millennial small business owners and entrepreneurs depend on social media channels for developing awareness of their own brands.
…and Jeff Bezos doesn’t care!
Amazon spending ahead of holidays hurts profits
Amazon.com Inc. disappointed investors with a lower-than-expected third-quarter profit, as the company beefed up its spending on fulfillment centers, shipping costs, video content and product development ahead of the all-important holiday season.
Without Amazon Web Services (AWS), its cloud-based computing service business, Amazon would have lost money. AWS on its own reported revenue of $3.2 billion and operating income of $861 million. Amazon’s total operating income in the quarter was $575 million, with net income of $252 million, or 52 cents a share, while analysts were looking for about 78 cents a share.
Search thousands of historical documents from the Nuremberg trials
by Sabrina I. Pacifici on Oct 26, 2016
“The Harvard Law School Library uniquely owns and manages approximately one million pages of documents relating to the trial of military and political leaders of Nazi Germany before the International Military Tribunal (IMT) and the subsequent twelve trials of other accused Nazi war criminals before the United States Nuremberg Military Tribunals (NMT) during the period 1945-49. Considered by many to be the most significant series of trials in history, these trials were established to prosecute those in authority in the Nazi regime for war crimes and crimes against humanity, to document those atrocities so that a permanent historical record would be created, and to establish a standard of conduct acceptable in time of war. The documents — which include trial transcripts and full trial exhibits and related materials — have been studied by lawyers, scholars and other researchers in the areas of history, ethics, genocide, and war crimes, and are of particular interest to officials and students of current international tribunals involving war crimes and crimes against humanity. To preserve the contents of these documents — which are now too fragile to be handled — and to provide expanded access to this material, the Library has undertaken a multi-stage digitization project, originally conceived in the late 1990s and implemented in stages since then. The Nuremberg Trials Project is an open-access initiative to create, present and make accessible digitized images of the Library’s Nuremberg documents, document descriptions, associated transcripts in both full-text and image formats and general information about the trials.”
· Examine trial transcripts, briefs, document books, evidence files, and other papers from the trials of military and political leaders of Nazi Germany.
Secrecy News reports portions of CIA Records Search Tool will be posted for public access
by Sabrina I. Pacifici on Oct 27, 2016
FAS – Secrecy News – Steven Aftergood: “The Central Intelligence Agency said this week that it will post its database of declassified CIA documents online, making them broadly accessible to all interested users. The database, known as CREST (for CIA Records Search Tool), contains more than 11 million pages of historical Agency records that have already been declassified and approved for public release. Currently, however, CREST can only be accessed through computer terminals at the National Archives in College Park, MD. This geographic restriction on availability has been a source of frustration and bafflement to researchers ever since the digital collection was established in 2000. (See CIA’s CREST Leaves Cavity in Public Domain, Secrecy News, April 6, 2009; Inside the CIA’s (Sort of) Secret Document Stash, Mother Jones, April 3, 2009). But that is finally going to change. The entire contents of the CREST system will be transferred to the CIA website, said CIA spokesperson Ryan Trapani …”