Hackers Are Trading Hundreds of Thousands of xHamster Porn
Account Details
… Although
xHamster is a free porn site, users can sign up to create personal
favorite collections, post comments, or upload their own videos. According to the xHamster site, over 12
million people have signed up for an account.
… Update:
After the publication of this article, Alex Hawkins, xHamster spokesperson,
told Motherboard in an email, "The only way to respond to this news is to
coin a new term: 'Fhack.' A fhack is best defined as a fake hack. There was a failed attempt to hack our
database which occurred 4 years ago. The
integrity of our user data is secure. Passwords are encrypted and impossible to
hack. In short, this was a successful fhack; and a failed hack."
When pressed on how did data traders then obtain a
list of xHamster user email addresses, the company said, "We cannot
validate that the emails are real and we don't believe that this is a genuine
database." This is despite
Motherboard's independent verification of the email addresses and usernames.
For my Ethical Hacking students.
How Machine Learning Will Help Attackers
Inside McAfee Labs' predictions (PDF) for 2017 is this: criminals will use machine learning to analyze
massive quantities of stolen records to identify potential victims and build
contextually detailed emails that very effectively target these individuals. In short, just as defenders use machine
learning to detect attacks, attackers will use machine learning to automate
attacks and evade detection.
(Related) From the same report.
'Dronejacking' May be the Next Big Cyber Threat
A report by Intel's McAfee Labs said hackers are expected
to start targeting drones used for deliveries, law enforcement or camera crews,
in addition to hobbyists.
"Drones are well on the way to becoming a major tool
for shippers, law enforcement agencies, photographers, farmers, the news media,
and more," said Intel Security's Bruce Snell, in the company's annual
threat report.
I didn’t know the Hillary Clinton worked for Europol.
Toby Sterling reports:
Information on numerous
international investigations into terrorism groups compiled by Europol
was accidentally left online, unguarded by any password, a Dutch television
program reported on Wednesday.
Europol, which helps European
Union national police organizations cooperate, could not immediately be reached
for comment. The television program
Zembla cited the Europol’s adjunct director Wil van Gemert as acknowledging the
incident.
According the program, the leak
was caused by a former employee
who took dossiers home, against Europol policy, and put them on a hard drive
connected to the Internet without realizing it was accessible to anyone.
Read more on Reuters.
Gathering stuff for my Computer Security class. Might also work this into my Statistics
class.
Measuring what matters in cybersecurity
The cybersecurity risk metrics market has exploded, and at
least half a dozen companies are offering real time risk metrics for
enterprises. Insurance carriers will
collect upwards of $3 billion in premiums this year. In my recent analysis of this $20 billion market, it was
evident that the rise of adversaries, boardroom pressures and financial losses
are driving a whole new world of underwriters, brokers and consultants. CISOs are now supposed to answer to the C
level and the boardroom, somewhat challenging questions like:
- Are we secure? If so, just how secure are we?
- Could what happened to company xyz happen to us? Are we getting better over time?
- JP Morgan Chase just announced they will deploy $250 million in security. Are we spending enough? Should we spend more?
… Richard
Seiersen, vice president of Trust and CISO at Twilio, wants to simplify this debate. A soft spoken classically trained guitarist
and co-author of the recently published book - “How to measure anything in Cybersecurity”, Selersen
advocates risk management using probabilistic thinking and probabilistic
programming.
Is this the kind of backlash we should expect whenever
robots start “taking the jobs of the common man?”
New York Bars Scalpers From Using Bots To Snap Up Tickets
Before Everyone Else
… New York’s
Governor Andrew Cuomo signed a
law that makes using so-called “ticket bots” — software designed to
manipulate systems that are designed to limit the numbers of tickets sold to an
individual — illegal.
Previously, NY law barred the use of ticket bots, but only
imposed civil sanctions for brokers who violate that law. Now, using ticket bots, maintaining an
interest in or control of bots, and reselling tickets knowingly obtained with
bots constitutes a class A misdemeanor. As
such, violators could face substantial fines and imprisonment.
(Related) Perspective.
Would this be possible without automation?
… This week
TorrentFreak crunched the numbers in Google’s Transparency
Report and found that over the past 12 months Google has been asked to
remove over a billion links to allegedly infringing pages, 1,007,741,143 to be
precise.
More than 90 percent of the links, 908,237,861 were in
fact removed. The rest of the reported
links were rejected because they were invalid, not infringing, or duplicates of
earlier requests.
Now this is automation to be worried about. I wonder who can override the score?
China Turns Big Data into Big Brother
… The Wall Street Journal reports that the Chinese
government is now testing systems that will be used to create digital records
of citizens’ social and financial behavior. In turn, these will be used to create a
so-called social credit score, which will determine whether individuals have
access to services, from travel and education to loans and insurance cover. Some citizens—such as lawyers and
journalists—will be more closely monitored.
The French still think the world revolves around them.
We Won’t Let You Forget It: Why We Oppose French Attempts to
Export the Right To Be Forgotten Worldwide
… The brief,
filed Nov. 23, 2016, argues that extending European delisting requirements to
the global Internet inherently clashes with other countries’ laws and
fundamental rights, including the First Amendment in the U.S.
… For an in depth
analysis, read our legal
background document.
Last chance before Trump trumps their urge?
Ed Pilkington reports:
The campaign to persuade Barack
Obama to allow the NSA whistleblower Edward Snowden to return home to the US
without facing prolonged prison time has received powerful new backing from
some of the most experienced intelligence experts in the country.
Fifteen former staff members of
the Church committee, the 1970s congressional investigation into illegal
activity by the CIA and other intelligence agencies, have written jointly to
Obama calling on him to end Snowden’s “untenable exile in Russia, which
benefits nobody”. Over eight pages of
tightly worded argument, they remind the president of the positive debate that
Snowden’s disclosures sparked – prompting one of the few examples of truly
bipartisan legislative change in recent years.
Read more on The
Guardian.
For my Governance and Architecture classes. Politicians don’t seem to get the concept of
global companies.
Sanders launches new attack on offshore outsourcing
Former presidential candidate and U.S. Sen. Bernie Sanders
will introduce legislation to discourage companies from relocating jobs
offshore. The legislation would punish
offshore decisions with loss of tax breaks and government contracts and impose
an "outsourcing tax" on firms that proceed nonetheless.
Something to play with?
UK's GCHQ Spy Agency Launches Open Source Data Analysis Tool
The U.K. Government
Communications Headquarters (GCHQ) on Monday announced the launch of a new open
source web tool designed for analyzing and decoding data.
Named CyberChef, the tool is advertised by the
intelligence agency as a “Cyber Swiss Army Knife.” It uses a simple interface with a
drag-and-drop feature to allow both technical and non-technical people to
analyze encryption, compression and decompression, and data formats.
… Users can, for
example, convert data from a hexdump, display timestamps as a full date, decode
Base64 strings, parse Teredo IPv6 addresses, and manipulate different types of
data.
… The source code and a
demo have been
made available on GitHub. The agency
pointed out that the tool is not complete and has encouraged developers to
contribute as much as possible.
What we could do if we chose to…
Altice Plans Fiber Upgrade That Could Leave Rivals in the
Dust
Altice USA, the fourth largest U.S. cable operator, said
it plans to convert its entire network into an ultrafast fiber-to-the-home
network capable of 10
gigabits-per-second speeds within the next five years, a bold plan
that takes aim at the company’s fierce rival, Verizon
Communications Inc.’s Fios.
Is this really how my students react to my research
projects?
No comments:
Post a Comment