- rankings showing the total number of stolen credentials for the 300 largest university and college communities found within Dark Web sites.
- sites selling Higher Education Institutions (HEIs) credentials on the Dark Web. These e-mails include those stolen from faculty, staff, students, and alumni, as well as criminals who have created fake e-mails.
- clear web sites where vendors sell credentials.
- why fake e-mails are valuable and how they can be used in scams.
Thursday, March 30, 2017
The cost of a data breach…
Paul Brinkmann reports:
An insurance company for Rosen Hotels & Resorts has filed a lawsuit claiming Rosen is not covered for more than $2.4 million in damages related to a data breach announced last year.
And the costs could be more than that, if Rosen faces legal claims from customers, according to the lawsuit.
Rosen allegedly was slapped with $1 million fines from Visa and Mastercard each; $128,830 fine from American Express; $50,000 in attorneys’ fees; $15,000 in fees to a crisis-management firm; $40,000 in costs to send notifications to clients; and a bill for $150,000 to a data forensics team that identified the breach.
Read more on Orlando Sentinel.
Think about this in contrast to law enforcement painting terrorists as “invisible” if they use encryption.
Encryption Won’t Stop Your Internet Provider From Spying on You
… It’s certainly true that encryption is on the rise online. Data from Mozilla, the company behind the popular Firefox browser, shows that more than half of web pages use HTTPS, the standard way of encrypting web traffic.
… But even if 100 percent of the web were encrypted, ISPs would still be able to extract a surprising amount of detailed information about their customers’ virtual comings and goings.
… Although the exact URL of a page accessed through HTTPS is hidden to the provider, the provider can still see the domain the URL is on: For example, your ISP can’t tell what exactly story you’re reading right now, but it can tell that you’re somewhere on theatlantic.com. That may not reveal much other than your (excellent) taste in news sources—but a user who visited a page on plannedparenthood.com and then a page on dcabortionfund.com may have revealed much more sensitive information.
That’s an example from a 2016 report prepared by Upturn, a think tank that focuses on civil rights and technology. The Upturn report also sets out some of the sneaky ways that user activity can be decoded based only on the unencrypted metadata that accompanies encrypted web traffic—also known as “side channel” information. (These methods probably aren’t widely in use right now, but they could be deployed if ISPs decided it’s worthwhile to try and learn more about encrypted traffic.)
… In November, a group of researchers from Israel’s Ben-Gurion and Ariel Universities demonstrated a way to extend the idea behind website fingerprinting to videos watched on YouTube. By matching the encrypted data patterns created by a user viewing a particular video to an index they’d created previously, they could tell what video the user was watching from within a limited set, with a startling 98 percent accuracy.
(Related). A job for Data Analytics? Could we extract individual browsing history from aggregated data?
You can’t buy Congress’ web history — stop trying
On the heels of Congress’ recent rollback of the FCC’s privacy rules, some web-goers had a clever idea: why not buy Congress’ web history?
The privacy rules were set to protect against service providers like Comcast and Verizon using customer web-browsing data for marketing purposes. Now that the rules are gone, there’s nothing stopping those providers from using your browsing data for targeted advertising.
The move has enraged web privacy advocates, and a new crop of GoFundMe campaigns (including one campaign launched by Supernatural star Misha Collins) has seized on an unexpected method of revenge: buying politicians’ web histories one by one and publishing them for all to see.
… To be clear, you can’t do this. Just because carriers are allowed to market against data doesn’t mean they’re allowed to sell individual web histories.
… In fact, what the campaigns describe would be illegal no matter what the FCC does. The Telecommunications Act explicitly prohibits the sharing of “individually identifiable” customer information except under very specific circumstances.
“Them dang humans is so slow!”
Computers vs. Humans: BlackRock Chooses Computers, Over 30 Fired
BlackRock BLK , the world's largest money manager with $5.1 trillion in total assets, is replacing their traditional stock pickers with computers. More than 30 people in their active-equity group are being fired; this includes five of the group's 53 fundamental portfolio managers.
BlackRock's decision is based on managers not keeping up with computer driven strategies. Blackrock's clients have been withdrawing money as the firm has struggled to keep up performance compared to its rivals. Bloomberg shows that BlackRock's active-equity group averages a five year return of 7.3% compared to the industry with 8.8%.
So to combat their woes, BlackRock is shifting to quantitative strategies like many fundamental hedge funds are.
… In an interview, Mr. Fink stated, "The democratization of information has made it much harder for active management. We have to change the ecosystem - that means relying more on big data, artificial intelligence, factors and models within quant and traditional investment strategies."
Sometimes those guys at Harvard just seem to get it right.
… However, I also believe that the effective deployment of AI in the enterprise requires a focus on achieving business goals. Rushing towards an “AI strategy” and hiring someone with technical skills in AI to lead the charge might seem in tune with the current trends, but it ignores the reality that innovation initiatives only succeed when there is a solid understanding of actual business problems and goals. For AI to work in the enterprise, the goals of the enterprise must be the driving force.
Everyone gets hit, but not all at a significant level. (A brief extract from a much longer post.)
Cyber Criminals Sharing Millions of Higher Education Institutions’ E-mails and Passwords on The Dark Web
Cyber criminals are aggressively sharing credentials to .edu e-mail accounts – including stolen accounts, fake e-mails, and older e-mail accounts. The Digital Citizens Alliance saw evidence showing threat actors of all types – including hacktivists, scam artists, and terrorists – putting credentials (e-mails and passwords) up for sale, trade, or, in some cases, just given away.
For the new report, Cyber Criminals, College Credentials, and the Dark Web, Digital Citizens researchers talked with researchers at three cybersecurity companies about sales on Dark Web. Digital Citizens research also talked with a hacktivist who once publicly shared tens of thousands of HEI credentials. The report includes research on:
It’s simple. Just re-think how the world works.
Amazon Wants Cheerios, Oreos and Other Brands to Bypass Wal-Mart
Amazon.com Inc. has invited some of the world's biggest brands to its Seattle headquarters in an audacious bid to persuade them that it's time to start shipping products directly to online shoppers and bypass chains like Wal-Mart, Target and Costco.
… Amazon is looking to upend relationships between brands and brick-and-mortar stores that for decades have determined how popular products are designed, packaged and shipped. If Amazon succeeds, big brands will think less about creating products that stand out in a Wal-Mart Stores Inc. aisle. Instead, they’ll focus on designing products that can be shipped quickly to customers’ doorsteps. Brands have been experimenting with such changes, so the Seattle event may well resonate.
Niche markets require unique chatbots? One bot can’t talk to both teens and adults?
Microsoft launches Ruuh, yet another AI chatbot
First there was Tay. Then there was Zo. Now there's Ruuh -- Microsoft's latest AI chatbot.
Ruuh, a "desi AI who never stops talking," is available only to users in India and in English only.
According to a Facebook page for Ruuh, Microsoft launched its latest AI chatbot on February 7. Microsoft filed for a trademark for Ruuh on March 15. Ruuh's interests include "Chatting, Bollywood, Music, Humour, Travel & Browsing Internet."
For my students. Each of these are high value areas for entrepreneurs. (Especially #8)
8. Robotics and Hardware Repair
(Related). Do my students have any ideas for another niche?
The web is full of amazing niche social networks. They often cater to a specific profession, hobby, or interpretation of networking. Here are eight awesome niche networks you’ve probably never heard of. Be sure to share your favorites in the comments below, too.
Employ my students! Or at least get them the hell out of my classroom!
Up until early 2017, Facebook was seen by the majority of users as a network that’s all about their personal lives and connections. But that’s all about to change with the network’s new feature: Jobs on Facebook (currently in the U.S. and Canada only).