Wednesday, January 18, 2017

Interesting.  Obviously, he’s not Russian or he’d be trying to take it down now.
DDoS attack against eyed as a valid protest
When Donald Trump is inaugurated as the U.S. President on Friday, Juan Soberanis intends to protest the event -- digitally.
His San Francisco-based protest platform is calling on Americans to oppose Trump’s presidency by visiting the site and overloading it with too much traffic.  In effect, he’s proposing a distributed denial-of-service attack, an illegal act under federal law.  But Soberanis doesn’t see it that way.  [They never do.  Bob] 

You have to plan for and manage any change. 
I think a study I saw recently said about 69% of entities reported data loss or breaches associated with departing employees.  Vic Ryckaert reminds us what can help if you don’t have control of all administrator credentials before you terminate an employee:
Indianapolis-based American College of Education fired its information technology employee last year, according to court documents, but not before an administrative password was changed.
The online college then asked the man to unlock the Google account that stored email and course material for 2,000 students, according to a lawsuit filed by the college.  The man said he’d be willing to help — if the college paid him $200,000.
Read more on IndyStar.
[From the article:  
In May, returning students could no longer access their email accounts, papers and other course work.  Google suspended access after too many failed login attempts to the administrative account.
School officials asked Google for help.  Google, the college said, refused to grant access to anyone other than Williams, who was listed as the account's sole administrator. [Do you see a simple solution here?  Bob]
When officials called Williams, he directed them to his lawyer.
"In order to amicably settle this dispute, Mr. Williams requires a clean letter of reference and payment of $200,000," attorney Calvita J. Frederick wrote in a letter to the college's attorney.

You see why the ‘Best Practice’ is to avoid reuse of passwords.
Credential Stuffing: a Successful and Growing Attack Methodology
Credential theft occurs when attackers breach a system and steal users' access credentials -- usually ID and password.  The ID is most commonly the user's email address.  Credential spilling is when those credentials are made available to other criminals.  Credential stuffing is the large scale use of automated means to test stolen passwords against other unrelated websites.
It is made possible because of the tendency for users to recycle their passwords for multiple accounts.  This means that if criminals can crack stolen passwords from one account, they have legitimate credentials that have quite likely been used on other accounts.

Something for my Computer Security demonstration team to try?
It’s shockingly easy to hijack a Samsung SmartCam camera
Smart cameras marketed under the Samsung brand name are vulnerable to attacks that allow hackers to gain full control, a status that allows the viewing of what are supposed to be private video feeds, researchers said.
The remote code-execution vulnerability has been confirmed in the Samsung SmartCam SNH-1011, but the researchers said they suspect other models in the same product line are also susceptible.
   It stems from the failure to properly filter malicious input included in the name of uploaded files.  As a result, attackers who know the IP address of a vulnerable camera can exploit the vulnerability to inject commands that are executed with unfettered root privileges.
   The researchers provided more technical details here and also included the following video demonstration:

So, what should the Best Practice be?
Police Body-Worn Camera Legislation Tracker
by Sabrina I. Pacifici on Jan 17, 2017
Via Urban Institute: “Laws governing how and when police body-worn cameras can be used and whether the footage is released vary considerably across the country.  Use our legislation tracker, which we will update periodically, to find out more about passed and pending legislation in your state.  For the latest commentary, click here.”

A ‘promise’ vs. ‘our current policy?’
John Ribeiro reports:
A privacy lawsuit against WhatsApp in India over its new data sharing policy has got momentum with the country’s top court seeking responses from Facebook, WhatsApp and the federal government.
The privacy policy of WhatsApp at launch in 2010 did not allow sharing of user data with any other party, and after Facebook announced its acquisition of the messaging app in 2014, it was “publicly announced and acknowledged” by WhatsApp that the privacy policy would not change, according to the petition filed by Indian users of WhatsApp.
WhatsApp sparked off a furore last year when it said it would be sharing some account information of users with Facebook and its companies, including the mobile phone numbers they verified when they registered with WhatsApp.
Read more on PC World.
If WhatsApp was feeling a tad beleaguered this week, it would be understandable.  In other WhatsApp news, they’ve been addressing accusations that they have a “backdoor” that allows government snooping, an accusation they have firmly denied.  The “backdoor” claims started with a researcher’s report.  You can read a recap of the kerfuffle on Economic Times.

Try to keep up with the terminology, Bob!
Hyperconvergence: What’s all the hype about?
One of the hottest trends in data center technology is hyperconvergence, with early adopters reaping the benefits of cost savings, enhanced data protection, increased scalability and ease of management.
So, what is hyperconvergence?  It’s a way to simplify data center operations and management by combining compute, storage and networking in a single, software-driven appliance.

It’ll never fly.  (Unless Uber is investing in it.  Are they?)  Sounds like ‘fake news’ to me.
Airbus CEO sees 'flying car' prototype ready by end of year
Airbus Group plans to test a prototype for a self-piloted flying car as a way of avoiding gridlock on city roads by the end of the year, the aerospace group's chief executive said on Monday.
Airbus last year formed a division called Urban Air Mobility that is exploring concepts such as a vehicle to transport individuals or a helicopter-style vehicle that can carry multiple riders.  The aim would be for people to book the vehicle using an app, similar to car-sharing schemes.

I have used the Venetian Arsenal as an example of ‘just in time’ manufacturing in use centuries before it became the next big thing.  Those who do not study history…
Most organizations would be happy to last for centuries, as the Venetian Republic did.  From 697 to 1797 AD, Venice’s technological acumen, geographic position, and unconventionality were interlocking advantages that allowed the Most Serene Republic to flourish.  But when change comes suddenly, it can turn strengths into weaknesses and sweep away even thousand-year success stories.
   But, like a lot of successful entities, Venice reached a point where it focused more on exploitation than exploration: Venetian traders followed existing paths to success.  Entrepreneurs chose not to move away from traditional pathways.  Established practices and preferences became more popular than exploration and speculation.  Merchants and traders played the game of incremental innovation by focusing on efficiency and optimization.
   What’s the lesson for entrepreneurs and innovators today?  The stronger the assumption that the future will function as today does, the greater the gravitational force of the status quo.  Organizations set in their ways slow down and never strive for new horizons.  They are doomed to wither.

Something for my students to think about.

As goes Target, so goes the retail industry?  Is that why Walmart is pushing itself online? 
Target Joins Long List of Retailers Killed by Online Shopping
   Same-store sales for November and December decreased 1.3%, Target said on Wednesday. Sales in Target's stores dived 3%, while sales online rose more than 30%.  Target saw sales declines in most of its product categories, led by a high-single-digit drop in electronics and entertainment.

“I’m shocked.  Shocked I tell you!”
Most Americans think Trump's tweets are a bad idea: poll
WSJ/NBC poll finds 47% of Republicans also uneasy
Americans have a clear message for Donald Trump: Stop tweeting!
A new Wall Street Journal/NBC News poll finds that a strong majority believes that the president-elect's prolific use of Twitter is a bad idea.
Some 69% of adults agreed with the statement that his use of Twitter is bad because "in an instant, messages can have unintended major implications without careful review."

No comments: