Wednesday, January 11, 2017

Why assume this hack failed?  Perhaps it did exactly what it was supposed to do. 
Dan Adams reports:
Marijuana shops across the country, including seven medical dispensaries in Massachusetts, are being affected by the apparent hack of a sales and inventory system widely used in the cannabis industry.
[…] MJ Freeway, a Denver company whose “seed-to-sale” tracking software is used by hundreds of marijuana companies to comply with state regulations, said its main servers and backup system each went down Sunday morning and remained offline as of Monday afternoon.
[…] A spokeswoman for MJ Freeway said the outage, first reported by the industry publication Marijuana Business Daily, was the work of unknown hackers.
[…] Ward said encryption prevented the hackers from reading data about MJ Freeway’s retail clients, which include five nonprofits in charge of seven medical dispensaries in Massachusetts, or those shops’ patients and customers.  But the attackers did succeed in corrupting, or garbling, the data and making it unusable.  The company has not received a demand for ransom or any other communication from the alleged hackers, she added.
Read more on Boston Globe.
Okay, this is interesting.  Did the hacker(s) intend to corrupt the data or was that a byproduct of a failed attempt to access/exfiltrate encrypted data?  What was the motivation behind this attack?  To get data for extortion?  To interfere with access to marijuana?  To try to cross-match with another database for political purposes?  Something else?

Searching is Okay if required to solve a problem for the customer, sharing isn’t. 
Cory Doctorow reports:
Last October, an Apple Store in Brisbane, Australia terminated some of its employees after they were accused of searching customers’ devices for sexually explicit selfies and sharing them with colleagues, rating them on a scale of 1-10.
The employees were also accused of covertly photographing female customers and co-workers, including “upskirt” photos.
Though Apple fired the employees, it denied that they engaged in these activities.  The Australian privacy commissioner is investigating the allegations.
Read more on BoingBoing.

For my Data Management students.  Another business whose product is data.
FarmLogs raises $22 million to help farmers improve crop yield with big data
   FarmLogs uses data science and machine learning smarts to help farmers garner insights into what’s happening in their fields in order to maximize their yield, reduce waste, and increase profitability.  The platform monitors metrics such as crop health, rainfall, nitrogen levels, and more, while enabling users to record and share scouting notes with photos from specific locations in a field.  Farmers can access this data through native mobile apps for Android and iOS.
Today, FarmLogs claims its platform is used by more than a fifth of row crop farms in the U.S.

For my Computer Security students.  Be worthy of the high paying ones. 
1 million cybersecurity job openings in 2017
A Forbes story in January 2016 reported there were 1 million cybersecurity job openings in 2016.  Some things are worth repeating.  There are 1 million cybersecurity job openings in 2017, give or take.  Not much has changed over the past year.
Can armies of interns close the cybersecurity skills gap? asked a Fast Company story in September of 2016.  Not likely.  In the U.S., and internationally, there's not enough cybersecurity grads -- or computer science grads with cyber credits.  In the U.S., students can graduate from some of the top computer science programs with little to no cybersecurity courses.
For every cybersecurity grad, there's a job.  
   Then fire away with the best of these 200 most commonly asked IT security interview questions, posted as a free resource by Skyhigh Networks.  This will help narrow down to the IT workers who can think like hackers, and who possess the soft skills to combat them.

Another fun tool I can use to harass my students?
TinyTap Talk or Type - Voice Response Activities
TinyTap is a service that lets you create educational games for your students to play on their iPads, Android tablets, and in their web browsers.  For the most part the style of games that are created on TinyTap are identification activities in which students either choose an answer or type an answer to a question.  Recently, TinyTap added the option for students to speak responses to game questions.
TinyTap's Talk or Type feature lets you create activities that your students can interact with by speaking.

For the toolkit.


No comments: