Monday, April 10, 2017

With or without rules, I suspect most countries are doing this already.  Without generally accepted ‘rules of war,’ we will likely see rapid escalation.
German Minister Seeks Rules to Attack Hackers on Foreign Soil
Germany is trying to beef up its cyber defense, after the interior minister called for rules that allow nations to attack foreign hackers targeting critical infrastructure.
   “We need international rules, but also in Germany, that besides protection and defense enable the tracing and also -- if needed -- the elimination of a foreign server,” De Maiziere told ARD in an interview Sunday.

To help my Computer Security students think about “Access.”  And a point to consider for any government health care system? 
Gah. Soooo many leaks and breaches are due to default settings that over-share.  How hard is it for software to set default settings to NOT share with everyone?  C’mon, folks. 
Sue Dunlevy reports:
THE private health records of Australians can be accessed by more than half a million people under the latest bungle with the $2.2 billion electronic My Health Record.
News Corp Australia has learned that the privacy settings on the government’s computerised My Health Record, which lists every medicine a patient takes and records every medical visit and procedure, are automatically set on “universal access”.
This means every registered health practitioner in the nation — 650,000 people — can view them, not just the family GP, unless the patient specifically requested to opt out.
Read more on The Daily Telegraph.

For my gamers…
GameStop Investigating Major Credit Card Breach Of Online Customer Data
   Security hound KrebsOnSecurity heard from two unnamed sources in the financial industry that they received alerts from a credit card processor indicating that GameStop was likely hacked sometime between mid-September 2016 and the first week of February 2017.  GameStop did not deny that its systems might have been breached, telling the security blog that it has hired a professional security firm to look into the matter.
   It is believed that hackers were able to obtain credit card numbers, expiration dates, names, addresses, and card verification values (CVV2 codes), which are those three-digit (usually) numbers found on the back of credit cards.
The hackers responsible may have used special software (malware) to record and transmit CVV2 codes before they get encrypted.  Otherwise, it would be difficult to obtain that data, as web retailers are now allowed to store CVV2 codes.

This whole process needs a re-think.
Hackers Infiltrate Dallas' 156-Siren Emergency Alert System With Annoying Results
   some crafty beings took advantage of the mobile emergency alert system to warn of, of all things, a zombie apocalypse.  It's hard to call an attack like that malicious, but what it proves is that if someone did want to send out a malicious message of some sort, this non-malicious message proved that it would be possible. 
   At this time, Dallas police have not been contacted about the issue, but the FCC has been.  Engineers are working to figure out just how this breach could have occurred, but it's currently believed that the attack was a local one, and not performed outside of the area, which will hopefully make it easier to track down.

Something to watch.
Alleged Russian hacker arrested in Spain at US request
An alleged Russian hacker has been detained in Spain at the request of American authorities, an arrest that set cybersecurity circles abuzz after a Russian broadcaster raised the possibility it was linked to the U.S. presidential election.
   Such arrests aren’t unusual — American authorities typically try to nab Russian cybercrime suspects abroad because of the difficulty involved in extraditing them from Russia — but Levashov’s arrest drew immediate attention after his wife told Russia’s RT broadcaster that he was linked to America’s 2016 election hacking.
    She said that when she spoke to her husband on the phone from the police station, he told her he was told that he had created a computer virus that was “linked to Trump’s election win.” [I think they mean SPAM.  Bob]

A lesson for my Computer Security students.  How does ignoring a problem make it go away?
Wells Fargo Board Says Leaders Shrugged Off Scandal, Then Hid It
Senior Wells Fargo & Co. managers failed to heed warnings of spreading sales abuses for more than a decade, treating thousands of fired employees as rogues, and then downplayed the mounting terminations as the board began raising questions.
That’s the picture painted by a panel of independent directors in a 113-page report after six months reviewing how branch workers opened legions of accounts without customer permission.
   their findings also prompted the board to claw back an additional $28 million from former Chief Executive Officer John Stumpf for allegedly reacting too slowly.

This will become more interesting as we start using more connected devices (e.g. Smart cars.)
When old technology broke, you could fix it yourself or get a guy down the road to do it for you.  If that failed, you could find a repair shop that would get the job done for much less than going straight to the manufacturer.  With newer products, those options are disappearing.  It is now often impossible to fix our own stuff.
This change was not accidental.  Companies deliberately design products to prevent us from finding replacement parts.  They don’t even make information available to repair shops.  Manufacturers have actively undermined our right to repair what we buy, and in doing so, they’ve called into question whether we truly own our purchases at all.  Increasingly, the answer is no.
This change places a financial burden on us, restricts market freedom, and does lasting damage to the environment.  In response, a growing number of people are demanding a change.  They are insisting that our right to repair be enshrined in law.

Perspective.  Computing ain’t cheap!
Tech’s High-Stakes Arms Race: Costly Data Centers
Top three cloud-computing firms have spent $31.5 billion in 2016 on capital expenses and leases

Perspective.  This is one of many failed IT projects. 
U.S. Immigration Agency Will Lose Millions Because It Can’t Process Visas Fast Enough
Lost amid the uproar over the Trump administration’s crackdown on undocumented immigrants is a change coming to the legal immigration system that’s expected to be costly for both U.S. companies and the government itself.
   The new wrinkle is that earlier this week USCIS suspended so-called “premium processing,” a program that allowed employers to pay extra to reduce visa wait times from as long as eight months to just two weeks.
Officials have depicted the temporary stoppage as the upshot of a “significant surge” in demand for expedited service, but, in reality, it appears to reflect the agency’s own mismanagement and waste.
According to USCIS records, congressional testimony and interviews with former agency officials, USCIS has plunged most of the expedited program’s revenues from the last eight years — some $2.3 billion — into a failed effort to digitize the larger immigration system, leaving inadequate resources to staff the H-1B portion that was its cash cow.
   Pausing expedited service is likely to cause delays for tens of thousands of applicants for new visas, mainly workers at universities or research organizations, as well as foreign doctors who receive H-1Bs in exchange for working in areas that are medically underserved, according to USCIS data.
It’ll also cost USCIS up to $100 million in lost fees, agency spokeswoman Carolyn Gwathmey acknowledged.

Governing like a billionaire?
Donald Trump's travel expenses in 10 weeks cost US taxpayers as much as Barack Obama spent in two years
Donald Trump’s trips to his luxury Florida resort have already cost the US taxpayer at least $24 million (£19.2 million) - roughly as much as Barack Obama spent on travel in the first two years of his presidency.
Mr Trump has spent seven weekends at Mar-a-Lago since taking office ten weeks ago.  It is estimated that each of these trips costs at least $3 million (£2.4 million), covering the President’s extensive security detail.

For my (pale, sickly) gamers.

Something to tease my geeks with…
These Hackathon Hustlers Make Their Living From Corporate Coding Contests

For my researching student.
Open Access Innovations Are Impacting Academic Publishing
by Sabrina I. Pacifici on Apr 9, 2017
Chronicle of Higher Education: “Open-access advocates have had several successes in the past few weeks.  The Bill & Melinda Gates Foundation started its own open-access publishing platform, which the European Commission may replicate.  And librarians attending the Association of College and Research Libraries conference in March were glad to hear that the Open Access Button, a tool that helps researchers gain free access to copies of articles, will be integrated into existing interlibrary-loan arrangements.  Another initiative, called Unpaywall, is a simple browser extension, but its creators, Jason Priem and Heather Piwowar, say it could help alter the status quo of scholarly publishing…  Like the Open Access Button, Unpaywall is open-source, nonprofit, and dedicated to improving access to scholarly research.  The button, devised in 2013, has a searchable database that comes into play when a user hits a paywall.  Unpaywall, by contrast, has focused on creating a browser extension.  “We want to do just one thing really well: instantly deliver legal, open-access, full text as you browse,” says Mr. Priem, who also started the altmetrics site Impactstory with Ms. Piwowar.  When an Unpaywall user lands on the page of a research article, the software scours thousands of institutional repositories, preprint servers, and websites like PubMed Central to see if an open-access copy of the article is available.  If it is, users can click a small green tab on the side of the screen to view a PDF.  we’re able to deliver an OA copy to users more than half the time,” says Mr. Priem…”

So my students can keep learning.
An RSS reader may be old-fashioned, but it’s still the best way to tame the information that bombards us every day — and Feedly is still one of the most popular RSS readers around.  Though it has Pro and Team plans with power features, you can still do a lot with a free Feedly account.

No comments: