Thursday, December 14, 2017

Just in case you thought this had been resolved…. Would a non-cyber (old timey) bank robbery be likely to create an international incident?
Philippine Bank Accuses Bangladesh of Heist 'Cover-Up'
A Philippine bank on Tuesday accused Bangladesh's central bank of a "massive cover-up" over an $81-million cyber-heist last year, as it rejected allegations it was mostly to blame.
Unidentified hackers shifted $81 million in February last year from the Bangladesh central bank's account with the US Federal Reserve in New York to a Manila branch of the Rizal Commercial Banking Corp (RCBC).
The money was quickly withdrawn and laundered through Manila casinos.
With only a small amount of the stolen money recovered and frustration building in Dhaka, Bangladesh's Finance Minister A.M.A Muhith said over the weekend he wanted to "wipe out" RCBC.
RCBC on Tuesday said Muhith's remarks were "extremely irresponsible".
"Last year's theft of $81 million of Bangladesh's Central Bank's (BB) funds was an inside job and BB is engaging in a massive cover-up by maligning RCBC and refusing to divulge its findings," the bank said in a statement on Tuesday.
The Philippines last year imposed a record $21-million fine on RCBC after a "special examination" of the bank and its role in the audacious cyber heist.
Philippine authorities have filed money laundering charges against the RCBC branch manager.

Some vendors to monitor your employees, customers, or neighbors.
John Russell reports:
The Legal Aid Society has sued the Manhattan district attorney for refusing to divulge whether he buys information from social-media companies as a way to track civil rights protesters and conduct other “social monitoring.”
Though the district attorney’s office is the only defendant in the Article 78 Petition, the nonprofit Legal Aid Society specifically asks for information on “the extent to which the state of New York and New York City employ the services of Geofedia, Inc., Media Sonar Technologies Inc., and X1 Discover, Inc.”
Read more on Courthouse News.

The Legal Risks of Monitoring Employees Online

A simple tool for the Computer Security toolkit.
Catalin Cimpanu reports:
A team of three researchers from the University of California, San Diego (UCSD) has created a tool that can detect when user-registration-based websites suffer a data breach.
The tool, named Tripwire, works on a simple concept. Researchers say that Tripwire registers one or more accounts on websites by using a unique email address that they do not use for anything else.
Each email account and the website profile used the same password. Tripwire would check at regular intervals if someone used this password to access the email account, which would indicate the website suffered a breach and an attacker used the stolen account data to log into the associated email account.

Tripwire finds 19 data breaches during test run

In a live test, researchers said they registered accounts at over 2,300 sites. At the end of the study’s period, scientists said that attackers accessed email accounts for 19 of these sites, including one with a userbase of over 45 million.
UCSD researchers reached out to each website, but to their astonishment, none notified users of the breach.
Read more on BleepingComputer.
[From the article:
UCSC researchers published the source code for the Tripwire tool on GitHub, and they hope that companies would deploy it internally as an additional breach detection system.
The research team also presented their work on Tripwire at the ACM Internet Measurement Conference in London, this November. Their work on Tripwire is documented in a research paper titled "Tripwire: Inferring Internet Site Compromise."

A “Proof of concept” exercise?
Traffic to Major Tech Firms Rerouted to Russia
Internet traffic for some of the world’s largest tech firms was briefly rerouted to Russia earlier this week in what appeared to be a Border Gateway Protocol (BGP) attack.
OpenDNS-owned Internet monitoring service BGPmon reported the incident on Tuesday. BGPmon noticed that 80 IP prefixes for organizations such as Google, Microsoft, Apple, Facebook, NTT Communications, Twitch and Riot Games had been announced by a Russian Autonomous System (AS).
It happened twice on Tuesday and each time it only lasted for roughly three minutes. The first event took place between 04:43 and 04:46 UTC, and the second between 07:07 and 07:10 UTC.

Soon, only Russia will provide “facts.”
Report – A big year for fact-checking, but not for new U.S. fact-checkers
“All the talk about political lies and misinformation since last year’s election has been good for the fact-checking business in the United States — but it has not meant an increase in fact-checkers. In fact, the number has dropped, much as we’ve come to expect during odd-numbered years in the United States. We’re still editing and adding to our global list of fact-checkers for the annual census we’ll publish in January. Check back with us then for the final tally. But the trend line in the United States already is following a pattern we’ve seen before in the year after a presidential election: At the start of 2017, there were 51 active U.S. fact checkers, 35 of which were locally oriented and 16 of which were nationally focused. Now there are 44, of which 28 are local and 16 are mainly national. This count includes some political fact-checkers that are mainly seasonal players. These news organizations have consistently fact-checked politicians’ statements through political campaigns, but then do little if any work verifying during the electoral “offseason.” And not all the U.S. fact-checkers in our database focus exclusively — or even at all — on politics. Sites such as Gossip Cop, and Climate Feedback are in the mix, too…”

My guess is that this is much too logical to gain much support. How can you “spin” the facts if anyone can refute your claims?
POGO – Revealing the Lost World of Government Reports
POGO – “Congress is considering a simple but important step in overseeing federal agencies. A recently introduced bill would require a one-stop, easy-to-use, online location for all congressionally mandated reports. This may put an end to the world of lost and hidden government reports. Each year, Congress mandates that federal agencies report on programs, laws, and other aspects of government, big and small. Whether it’s an analysis of Medicare’s ability to provide health care to seniors, the price impact of agricultural subsidies, problems with the Navy’s aircraft carrier program, or Amtrak’s ability to keep the trains running on time, Congress wants to know. In fact, agencies complete several thousand congressionally mandated reports annually in order to keep both elected officials and the public informed. Of course, government reports are intended to shine a light on government operations and national issues, but in an odd and persistent twist, Congress, the press, and the public can’t always find the reports after they are published. Surprisingly, no government agency or congressional office currently has the job to keep track of the reports. Instead, each agency has its own system of issuing and transmitting reports. Major reports of national and political focus are closely tracked and covered in the press. However, those that are less notable, but still important, may slip between the bureaucratic cracks…”

Clearly, “useful” is in the eye of the beholder. Who else will Office share information with?
Microsoft levels up Word, Excel, and Outlook with more AI capabilities
Microsoft is adding a host of new capabilities to its Office productivity suite that are aimed at using machine learning to help people get their work done more efficiently. Outlook, Excel, and Word will all benefit, with new features rolling out to a limited set of users in the coming months and then expanding to a broader set of people later on.
Outlook’s web client will provide users with an interface that will automatically offer them responses to questions layered inside emails, while Excel has a new feature that suggests charts and pivot tables. Word will get a feature that will help users define acronyms based on information shared within their organization.
… Microsoft isn’t alone in pushing intelligent productivity capabilities, either: Google has spent time pushing its own machine learning-based features inside G Suite, including support for automatically generating charts and pivot tables. Inbox, Google’s experimental email product that’s focused on productivity, has a marquee Smart Reply feature that’s supposed to allow users to quickly respond to the content of emails they receive by clicking on one of three buttons.

The mouse goes to India to learn Cricket?
Analysis: Fox's Star to bring Disney cash and cricket in India
… Through the $75 billion deal, which a source said is expected to be announced Thursday morning, Disney would be able to distribute its programming on Star India, operator of 69 TV channels in eight languages, as well as the popular Hotstar streaming service. Disney also would gain global rights to professional cricket.

No comments: