Wednesday, November 02, 2016
See Hillary? Sometimes it takes a nation-state. So, is it clear or unclear?
Jay Greene and Robert McMillan report:
The hackers believed responsible for breaking into computers at the Democratic National Committee have exploited previously undisclosed flaws in Microsoft Corp.’s Windows operating system and Adobe Systems Inc.’s Flash software, Microsoft said Tuesday.
It is unclear if those hackers, reportedly tied to Russia, used the newly disclosed vulnerabilities to hack into the DNC.
Microsoft Tuesday criticized Alphabet Inc’s Google for publicly identifying the Windows flaw on Monday, before Microsoft had had a chance to issue a patch.
Read more on Wall Street Journal.
Over on ThreatPost, Michael Mimoso explains:
Microsoft has singled out Sofacy, an APT group long thought to have ties to Russia’s military intelligence arm GRU, as the entity behind targeted attacks leveraging Windows kernel and Adobe Flash zero days in targeted attacks.
The group, which Microsoft calls Strontium, is also known as APT28, Tsar Team and Sednit among other identifiers.
Microsoft said the zero day vulnerability, the existence of which along with limited details were disclosed on Monday by Google, will be patched Nov. 8. Google said yesterday it privately disclosed both zero days, which were used in tandem in these targeted attacks against unknown victims, to Microsoft and Adobe on Oct. 21. Adobe rushed an emergency patch for Flash Player on Oct. 26, while Microsoft had yet to acknowledge the vulnerability until Google’s disclosure.
Something to mention to my Computer Security students.
Enterprises continue to struggle to find cybersecurity talent, survey finds
According to the Global State of Information Security Survey (GSISS) 2017 -- a worldwide study conducted by PwC, CIO and CSO released this month - skilled cybersecurity professionals are hard to come by — and continue to make enterprise IT security all the more challenging. Many enterprises are attempting to close their skills gap by turning to managed security services. According to the survey, 62 percent of respondents use security service providers to operate and enhance their IT security programs.
For my Ethical Hackers: Now show me what you’ve been doing in secret! (Establish “projects” now, fill in the results later.)
You can now legally hack your own car or smart TV
Researchers can now probe connected devices, computers and cars for security vulnerabilities without risking a lawsuit. Last Friday, the FTC authorized changes to the Digital Millennium Copyright Act (DMCA) that will allow Americans to do hack their own electronic devices. Researchers can lawfully reverse engineer products and consumers can repair their vehicle's electronics, but the FTC is only allowing the exemptions for a two-year trial run.
If security was so bad even OPM (the government poster child for bad security) could identify it? Anthem would be doomed.
Dark Reading reports:
Victims of a data breach at health insurer Anthem in February 2015 have filed a class-action lawsuit against the company and are seeking details of an audit by the U.S. Office of Personnel Management (OPM) on Anthem’s network security, Modern Healthcare reports. In the cyberattack, hackers compromised personal details of around 80 million Anthem, Blue Cross and Blue Shield members, many of whom have since reported payment card account misuse.
As per the court filing, OPM, which manages the Federal Employees Health Benefit Program, had first carried out a security audit at Anthem in 2013 and pointed out vulnerabilities in its system. It wanted to conduct tests, but this was reportedly turned down by Anthem citing “corporate policy” issues. Shortly after the 2015 cyberattack, OPM conducted a second audit, but its findings were not made public.
Read more on Dark Reading.
Easier to sue?
Michelle de Leon writes:
A panel of judges at the U.S. Court of Appeals for the Sixth Circuit has declared the victims of a data breach suffered by Nationwide Insurance no longer need to establish their standing to prove that they are in danger.
The victims of the 2012 data breach committed against the Nationwide Mutual Insurance Co. were declared to successfully establish the risks that could stem from the incident.
The Sixth Circuit decided the plaintiffs are eligible to claim their rights under the Fair Credit Reporting Act (FCRA) against the defendant. With the reversal of the trial court’s ruling, the panel sided with the victims’ claims that they are exposed to “a substantial risk of harm” and have “incurred mitigation costs.”
Read more on Legal Newsline.
(On the other hand) Not exactly a Sword of Damocles, but you get the idea. It’s not a “harm” until that hair snaps…
Karen Kidd writes:
Plaintiffs in a data breach class action lawsuit against Barnes & Noble fixed their standing problem but still couldn’t adequately allege damages, a Pittsburgh attorney says.
“Upon analyzing the facts, this was not a particularly surprising ruling,” Brian Willett, an associate with Reed Smith, said.
“However, it was significant in the data privacy space given that standing has been a common stumbling block in similar suits and while Plaintiffs here cleared that hurdle, their claim ultimately failed because Plaintiffs did not establish sufficient damages.”
Plaintiffs in the case, R. Clutts et al v. Barnes & Noble, claimed the book seller had breached implied contract, violated the Illinois Consumer Fraud and Deceptive Business Practices Act, invaded their privacy, and violated the California Security Breach Notification Act and California’s Unfair Competition Act.
Read more on PennRecord.
When do we hit the tipping point where we should expect all police officers to have cameras?
Joe Cadillic writes:
Soon, cops across America will be wearing body cameras equipped with ‘Christian’ facial recognition software.
Watchguard Video (WGV) claims their new “Redactive” software will enable law enforcement to identify anyone. (WGV is really, Enforcement Video LLC)
Redactive quickly scans the entire video clip first, automatically recognizing faces, so the user [officer] spends much less time manually performing the task.
According to WGV’s company profile, God wants to give cops facial recognition cameras:
WGV is a God-guided company founded on Christian principles.
WGV is a God-guided company that is committed to serving our employees and customers through servant leadership.
Are they listening to God or the cops?
Read more on MassPrivateI.
My students have been talking about changes due to self-driving and ride sharing, but this was not on our radar. The ultimate geek-mobile?
Volvo’s China Bet: Eject the Passenger Seat, Install a Fridge
… “Only by being distinctive can it be competitive in the market,” said Li Shufu, the billionaire founder and chairman of Zhejiang Geely Holding Group, which bought Volvo in 2010 for $1.8 billion. Volvo unveiled its new China-built S90 and a top-of-the-line luxury version, which is aimed at the market for chauffeur-driven Chinese executives, on Wednesday.
Volvo’s new China-built S90 features a longer wheelbase than its European-built counterparts to meet Chinese demand for greater legroom. Its luxury S90 Excellence model takes things further by featuring a small refrigerator, while the front passenger seat has been removed and replaced with what the company calls the “Lounge Console,” a foldout workstation that incorporates a desk, a touch-screen “infotainment” system and a heated foot rest.
Mobile and tablet internet usage exceeds desktop for first time worldwide
… Its research arm, StatCounter Global Stats finds that mobile and tablet devices accounted for 51.3% of internet usage worldwide in October compared to 48.7% by desktop.
Business opportunity? Create phony Facebook pages to turn this back on the intruding companies?
Admiral to price car insurance based on Facebook posts
… Admiral Insurance will analyse the Facebook accounts of first-time car owners to look for personality traits that are linked to safe driving. For example, individuals who are identified as conscientious and well-organised will score well.
The insurer will examine posts and likes by the Facebook user, although not photos, looking for habits that research shows are linked to these traits. These include writing in short concrete sentences, using lists, and arranging to meet friends at a set time and place, rather than just “tonight”.
In contrast, evidence that the Facebook user might be overconfident – such as the use of exclamation marks and the frequent use of “always” or “never” rather than “maybe” – will count against them.
(Related) Can Facebook selectively deny companies access to my public pages?
Facebook blocks insurer exploiting user data to find 'conscientious' drivers
All prices eventually fall to zero. Maybe.
Pinterest makes Instapaper’s premium features free for all
Starting today, the online bookmarking service has discontinued its premium offering and opened up the paid features to everyone.
Users will now have access to features such as full-text search for all articles, unlimited notes and speed reading, text-to-speech playlists, an ad-free Instapaper website, Kindle Digests of up to 50 articles, and the ability to send articles to Kindle through a bookmarklet or mobile app. These were previously only available if you paid $3 per month or $30 per year.
Skynet may be here already.
How Twitter Bots Are Shaping the Election
Another election prediction.
Tinder data suggests 53% of U.S. users will vote Clinton, 71% of Russians would vote for Trump if they could
… While the numbers vary from poll to poll, broadly speaking, Hillary Clinton remains ahead of Trump and by most assertions should emerge victorious come November 8, though some reports suggest that momentum favors Trump.
You may also remember that perennially popular dating app Tinder last week launched its Swipe the Vote campaign in the U.S. and 15 other countries. This initiative is designed to match users to their most appropriate presidential candidate based on their opinions on a range of political and economic issues, including gun control, immigration, taxes, and education. Well, the results from the massive global swiping poll are now in.
Maybe, this is why Trump (or anyone) wants to be President?
CRS – Conflicts of Interest and the Presidency
by Sabrina I. Pacifici on Nov 1, 2016
CRS Reports & Analysis Legal Sidebar Conflicts of Interest and the Presidency, 10/14/2016 – “Does federal law require the President to relinquish control of his or her business interests? Federal regulation of financial conflicts of interest is aimed at preventing opportunities for officials to personally benefit from influence they may have in their official capacity. As a general rule, public officials in the executive branch are subject to criminal penalties if they personally and substantially participate in matters in which they (or their immediate families, business partners or associated organizations) hold financial interests. However, because of concerns regarding interference with the exercise of constitutional duties, Congress has not applied these restrictions to the President. Consequently, there is no current legal requirement that would compel the President to relinquish financial interests because of a conflict of interest…”
Just in case anyone still has this old stuff.
Microsoft has stopped selling Windows 7 Professional, Windows 8.1