Thursday, February 09, 2017

These failures could drive an auditor to drink.  (Okay, it’s more like a putt.) 
The 2017 W-2 Phishing Victims List continues to grow, and I’m not posting most of them as individual reports, but one news story involving Monarch Beverage Company in Indianapolis deserves special mention because as CBS reports:
While investigating this incident, the company discovered the same thing happened in April 2016.  A scammer posing as the CEO asked for the 2015 forms on April 4, 2016.  Those forms were provided by the employee.
So yes, I went back to the 2016 W-2 Phishing Victims list and added the company to that list, too, bringing the 2016 list to 146 entries.  The 2017 list stands at 30 entries as of the time of this posting, but given that this is only the beginning of February, that number will undoubtedly grow.

(Related).  Whatever process was in place to detect data moving out of secure areas was clearly a failure.  Why?  If he was allowed to take data out, was there a check to ensure he brought it back?  Did anyone care? 
NSA contractor indicted over mammoth theft of classified data
A former National Security Agency contractor was indicted on Wednesday by a federal grand jury on charges he willfully retained national defense information, in what U.S. officials have said may have been the largest heist of classified government information in history.
The indictment alleges that Harold Thomas Martin, 52, spent up to 20 years stealing highly sensitive government material from the U.S. intelligence community related to national defense, collecting a trove of secrets he hoarded at his home in Glen Burnie, Maryland.

(Related).  A very simple way to take information like customer details. 
From Multnomah County, Oregon:
January 20, 2017
On August 24, 2012, a Health Department employee began automatically forwarding all emails received in the employee’s county email account to a personal Google email account not maintained by the county.  Some of these emails included protected health information (PHI) subject to the Health Insurance Portability and Accountability Act (HIPAA) were forwarded.
Multnomah County personnel discovered the incident on Nov. 22, 2016 during a random audit.  
[ … ]
The incident was reported to HHS as impacting 1,700 patients.

A benchmark for my Ethical hacking students?
Two-thirds of Enterprises Usually Breached by White Hat Hackers
Analysis of 128 penetration tests conducted in the fourth quarter of 2016 shows that approximately two-thirds of tested companies were successfully breached.  This is despite the limited time -- in 89% of cases, less than two weeks -- available to the pentesters compared to the effectively unlimited time available to blackhat attackers.
   The report highlights the value of protecting credentials.  "The number one method of obtaining account access," it states, "starts with very simple password guessing

I’m still not convinced that this is just due to poor IT management. 
United Airlines Experiences Another Technology Glitch
United Continental Holdings Inc. said it suffered its second technology glitch in just over two weeks on Wednesday, resulting in delays to about 500 flights, or about 10% of its daily schedule.
The Chicago-based airline said that early Wednesday morning it began experiencing slowness with the system that creates flight plans.

A major Privacy initiative.
Millions of apps could soon be purged from Google Play Store
Over the last 24 hours, Google has been sending notices to developers worldwide stating its intention to “limit visibility” or remove apps from the Play Store that violate the company’s User Data policy.  For most devs, the violation seems to be a simple one: lack of a privacy policy.

A major anti-Privacy initiative?
Biometric ticketing is one of several innovations identified by the Rail Delivery Group (RDG) in its digital blueprint for Britain’s railway.
The blueprint, which has been published on the same day as the RDG annual conference, suggests that Bluetooth and biometric ticketing could eventually replace the magnetic strip tickets that have been around since the 1980s.
RDG pointed to the development of a mobile app that uses Bluetooth to automatically open ticket barrier gates.  This technology is being trialled by Chiltern Railways between Oxford Parkway and London Marylebone this year.
A further development of ticketing technology could see biometric systems, which use fingerprints and eye scanning, implemented.
Read more on Global Rail News.
“Could see?”  What if passengers don’t want to have to give up their biometric data just to take a train?  And what security and privacy would be in place?  For how long would data be stored?  With whom could it be shared?
Look, if people want to speed up processing and are happy using their fingerprints or iris scans to do so, let them – after they’re fully informed of the potential consequences down the tracks.  But just imposing this makes the rail system part of a national surveillance system, which is a horrible idea.

Perspective.  They have more drivers than cars?  
Uber Taps Zipcar to Put More Drivers on the Road
Uber Technologies Inc. is turning to rental-car firm Zipcar in its relentless drive to hook more drivers up to its ride-hailing network.
In Uber’s deal with Zipcar, a unit of Avis Budget Group Inc., drivers in Boston can rent vehicles for $12 an hour, on top of a $7 monthly rental fee, roughly in line with what Zipcar offers cars for in the city.  Based on a search of Zipcar’s website on Wednesday, vehicles ranged from $6 per hour to as much as $13 per hour, depending on vehicle type.
At the special rental rates, it could be tricky for Uber drivers to bring in much of a profit.  Rates vary, but Uber drivers say they can make $15 to $20 an hour when there is strong demand.  That doesn’t include expenses that Uber passes to drivers, such as fuel, tolls and insurance, though Zipcar’s membership covers those.

Modifying Apps for countries with users in countries with limited infrastructure?  South Korea? 
Facebook Lite hits 200M users as low-bandwidth world revenue skyrockets
Facebook’s stripped-down but speedy Lite app is growing fast and adding countries so it can keep connecting people and building the company’s business in the low-bandwidth world where revenue increased 52% this year.
Facebook Lite launched in June 2015, it rocketed to 100 million monthly users by March 2016, and now it’s doubled in size to 200 million users, Mark Zuckerberg says.  And that’s just in a limited set of countries which today expands to include Israel, Italy, United Arab Emirates, and South Korea.
   Facebook Lite is partly why the social giant has managed to boost its business in the Rest Of World region.  Average revenue per user is up 28% this year from $1.10 to $1.41.  And that pushed its Rest Of World revenue up 52% this year to $839 million per quarter.
   But rather than wait for the developing world’s network infrastructure to increase bandwidth, Facebook shrunk its app into a Lite version.

For my Forensics students.
   The art of war necessitates the importance of knowing who your ‘attacker’ is.  Being able to trace an IP address to a PC is a direct way to remove the cloak of anonymity from a computer communicating with your own.

Tools for my starving students?
Remember, there are always security issues with public WiFi, which can leave you susceptible to hackers.  Karl teaches you how to protect your personal information while enjoying free WiFi connectivity.  It’s also worth keeping in mind that you get what you pay for – so, in many instances, free WiFi can be slow and frustrating.

If you don’t already use an RSS reader, this might be worth a look.
Flipboard 4.0 completely redesigned for a more personalized experience
Flipboard, one of the most popular news aggregator apps on the market, has received a major update that brings a whole new design along with a few interesting features to the table.  The biggest change is the introduction of the “Smart Magazine”, which changes the way you organize stories and topics you’re interested in.
In an official blog post, Flipboard gave us an example of how the new feature works.  When you open up the app, simply swipe left to add your passion.  If you pick a broad topic like photography, you can then dig a little deeper and choose what kind of photography you are most interested in (for example: street photography).  After you have made your selection, simply press “Done” and Flipboard will automatically create a Smart Magazine just for you with stories relating to the topic you have chosen.
You can also create and build your own Custom Magazines by adding content from any source, person, or publication you want to follow.

The next time someone tells me they don’t like Trump/Congress/’that law’/etc. I’ll give them this.
Obtain contact info for your senators, representatives (state and federal) via text message
by on Feb 8, 2017
Via Mary Rumsey – “If your senators and reps (State & Federal) aren’t saved in your phone yet, text your zip code to 520-200-2223 (no subject line, just your zip in the message).  You’ll get a text back with everyone’s contact info.”

No comments: