For my Computer Security researchers?
Tuesday, January 31, 2017
Any valuable data source is an obvious target. I can’t believe Russia is the only country clumsy enough to be caught.
For my Computer Security researchers?
Hackers Target Czech Foreign Ministry's Email System
The Czech foreign minister said Tuesday his office had fallen prey to hackers who worked their way into the email accounts of dozens of employees including himself.
"Since early January we have known one of the attacks was partly successful as the hackers managed to penetrate the email system of the ministry," Lubomir Zaoralek told reporters.
He added however that no classified information was compromised as hackers failed to get into the ministry's inner system.
"The data leak was considerable. The attack was very sophisticated," Zaoralek said.
"It must have been carried out from the outside, by another country. The way it was done bears a very strong resemblance to the attacks on the US Democratic Party's internet system," said the foreign minister, citing experts.
… In neighboring Poland, the Rzeczpospolita daily reported Monday that a group of Russian hackers called APT28 had tried to attack local foreign ministry servers in December through emails pretending to be sent by the NATO secretary general.
It’s not always the Russians. Sometimes it’s industrial espionage! (Yes, baseball is an industry.) How do you know what your employees are doing?
Brian Feldt reports:
Major League Baseball on Monday afternoon ordered the St. Louis Cardinals to pay $2 million and turn over two 2017 draft selections to the Houston Astros as a result of a former Cardinals employee hacking the Astros’ computer system.
The league’s decision also permanently banned Chris Correa, who was fired by the Cardinals in July 2015 for the incident, effective immediately.
Read more on St. Louis Business Journal.
Has no one in the industry secured their computers? Are these attacks that we are not being told about?
Computer outage grounds Delta flights in U.S.… The airline's website and mobile apps also went down, adding to customers' frustrations.
… Delta's computer problems came about a week after United Airlines temporarily grounded domestic mainline flights due to an IT issue.
For my Computer Security researchers?
Jack Danahy of Barkly writes, in part:
In a very short time, ransomware has grown from a known but infrequent cyber attack to a profitable and widespread epidemic. Attacks are increasing in frequency and severity. On average, a new business is attacked every 40 seconds, and a disproportionately high number of victims are healthcare providers. In fact, research shows that healthcare providers were 4.5X more likely to be hit by Cryptowall ransomware than operators in other industries.
He then goes on to review the observations of ransomware that threatens to reveal patients’ sensitive information, such as Jigsaw.
For healthcare providers, adding doxxing to the extortion equation transforms ransomware from a critical service issue to a costly matter of HIPAA notification compliance and a case of public data breach, raising the stakes considerably. Organizations are required to report this kind of exposure of unsecured protected health information to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). In addition to potentially issuing a fine — the largest issued to date totaled $4.8 million — the OCR also publicly exposes all organizations experiencing breaches totaling 500 records or more.
This public exposure also puts patients at risk. Stolen medical records released publicly can quickly become fodder for a wide variety of fraudulent activity, from buying and reselling medical equipment or prescription drugs to filing false claims with insurers. Medical identity theft can be a painful and damaging logistical nightmare for patients, potentially ruining their credit and even endangering their lives. Victims experience the consequences of unpaid deductibles, corrupted medical histories, and even prosecution for fraud.
Of course, it’s not only ransomware that can create the risks he describes above. Theft of data with ransom demands – even those attacks that do not involve ransomware – can create the same risks, as I’ve noted previously.
But where are there are any data showing that any of these potential horribles have actually happened as a result of either doxxing ransomware or the sale of patients’ sensitive information? Do we have any actual reports or proof that people have been injured in ways other than the time/stress of having to deal with perhaps changing card numbers, etc.?
I need data.
I find it difficult to believe that the Executive Branch didn’t want control over what its appointees were saying. ‘No plans’ translates to ‘No management skills’ in my world.
With Trump, Twitter transition stirs confusion
The handoff of federal agencies' social media accounts to the Trump administration is sparking controversy and complicating the transition.
Trump's is the first administration to take power in the Twitter age. That’s led to confusion about the rules for handing off government accounts and oversight.
Twitter laid out plans for seamlessly transferring the @POTUS account from former President Obama to President Trump — and other social media platforms, including Instagram and Facebook, did the same.
But for many other government agencies, there were no plans in place for how to manage communications on social media as a new president took power.
Obama administration officials say that's because they largely left agencies to handle their own accounts free of political influence from the White House. They say they didn't anticipate that the next administration would want tighter controls on social media.
For my Computer Security students, this is the enemy.
The Internet Is Mostly Bots
… Overall, bots—good and bad—are responsible for 52 percent of web traffic, according to a new report by the security firm Imperva, which issues an annual assessment of bot activity online. The 52-percent stat is significant because it represents a tip of the scales since last year’s report, which found human traffic had overtaken bot traffic for the first time since at least 2012, when Imperva began tracking bot activity online. Now, the latest survey, which is based on an analysis of nearly 17 billion website visits from across 100,000 domains, shows bots are back on top. Not only that, but harmful bots have the edge over helper bots, which were responsible for 29 percent and 23 percent of all web traffic, respectively.
… “For the past five years, every third website visitor was an attack bot.”
Put another way: More than 94 percent of the 100,000 domains included in the report experienced at least one bot attack over the 90-day period in Imperva’s study.
… the most active helper-bot online is what’s known as a “feed fetcher,” and it’s the kind of bot that helps refresh a person’s Facebook feed on the site’s mobile app. Facebook’s feed fetcher, by itself, accounted for 4.4 percent of all website traffic, according to the report—which is perhaps stunning, but not altogether surprising. Facebook is a behemoth, and its bot traffic illustrates as much.
The survey can be yours for a mere $15,000.
Privacy worries are on the rise, new poll of U.S. consumers shows
IDC advises businesses to advertise the steps they take to protect personal information
A recent IDC survey found 84% of U.S. consumers are concerned about the privacy of their personal information, with 70% saying their concern is greater today than it was a few years ago.
… Younger consumers, aged 18 to 35, were more concerned for their privacy than older consumers, aged 36 to 50, the survey found. The younger age group also had a 56% likelihood of switching business providers based on an impending hacker threat, compared to 53% for the older group. Meanwhile, women were more likely to switch than men, by a difference of 8 percentage points, for an impending hacker threat.
If a breach affected them directly, 78% of all consumers said they would switch to another business from the one where the breach occurred.
The article says this is recent, but I don’t see a recent survey on the PwC website.
PwC: 81% of consumers are aware of smart homes, but only 26% want one
PwC interviewed more than 1,000 consumers via an online survey to find out their views on smart homes. It did so because just about every tech company is busy making products for the Internet of Things, or smart and connected everyday objects. And smart home devices are part of that grand plan.
While awareness of the technology is broad, adoption has been slow, PwC said. Consumers with a household income of $100,000 or more are the group most likely to interact with smart home devices (43 percent), followed by men (32 percent).
Conversely, consumers above the age of 50 are the least likely to interact with such devices (13 percent).
PwC said that among users, satisfaction is high, in the 90th percentile. Those current users of smart devices are pleased not only with the device itself, but also with the supporting apps.
There is a strong correlation between smart home device use and connectivity with an app. Seventy-four percent of respondents said they use their home device more frequently because it connects to their mobile device.
For my Spring spreadsheet class.
Why we're so bad at statistics
None of my students predicted this! We need to work on our strategic thinking.
Wal-Mart to offer free 2-day shipping to all customers
Wal-Mart is opening free two-day shipping to all customers, dropping a paid membership program.
Starting Tuesday morning, the Bentonville, Ark.-based retailer will ship eligible orders of $35 or more to customers' homes in two days or less
For my geeks. What say we try applying this to online poker? Purely as an academic exercise of course.
A Computer Just Clobbered Four Pros At Poker
Zillman’s lists are always extensive. Pulling out what might be useful is still a huge job.
New on LLRX – Academic and Scholar Search Engines and Sources 2017
by Sabrina I. Pacifici on Jan 30, 2017
Academic and Scholar Search Engines and Sources 2017 – From arenas that encompass government, research, academic, international, health and medicine, science and technology, economics and finance, libraries and open source collections around the world, Marcus Zillman has compiled a benchmark resource on search engines from which researchers may choose to support a wide range of projects, programs and publications.
Perspective. For every ‘disruption’ that creates new business models, there are ‘downsides.’
Taxi Medallion Prices Are Plummeting, Endangering Loans
… According to a recent presentation prepared for Capital One Financial Corp. investors, some 81 percent of its $690 million in loans for taxi medallions are at risk of default.
Medallions, the small metal shields affixed to the hoods of taxi cabs, are issued by the local taxi authority and effectively allow the cabs to operate legally. Owning one used to be akin to owning a gas-guzzling, money-printing machine. Medallions in New York City traded at more than $1 million in 2014, but today's prices are about half of that.
Terrorists and techies. Can President Trump tell the difference? Is all of this just a way to say, “I kept all my campaign promises. Then Congress undid it!”
IT stocks drop 4% on H1-B visa fears, Rs 33,000 crore market valuation lost
IT stocks plunged over 4% on Tuesday, knocking off more than Rs 33,000 crore [$4.8 billion Bob] in market valuation of top five firms, after a new H-1B Bill in the US set off concerns that it will adversely impact hiring plans of Indian technology firms.
Dilbert illustrates the future of lawyering?