Friday, January 05, 2018

A variation on the Nigerian Prince?
Florida colleges receive extortion demands to avert attacks on campuses (UPDATED)
Stephanie Brown reports:
An extortion email apparently sent to several colleges and universities demands payment in Bitcoin, threatening to commit an attack against campus students and faculty.
We first told you Wednesday that the University of North Florida confirmed they had received an emailed extortion threat. The UNF Crime Alert said law enforcement believed the threat was “likely non-credible”, but that state and federal partners continued to investigate, in an effort to find out who was responsible.
UNF is not disclosing the contents of the email they received, but our partner Action News Jax obtained the email that was sent to Hillsborough Community College. Action News Jax also checked with the University of Florida, where a spokesperson says she believes this threat was the same as UNF received.
Read more on WOKV.
Okay, I probably know what you’re wondering. I’m curious, too, but no one’s posted a copy of the threat email, so there’s not enough information to go on. The reporting doesn’t even clearly indicate whether either of the colleges were actually hacked and data exfiltrated or what.
If anyone has more details on these threats, please let me know.
Updated: A report from TBO provides additional details that sound familiar to me. Noting that it is not yet clear how many institutions received the 1,250-word message from the threat actors, or whether it was limited to Florida, they report that:
The suspicious email is written so that it doesn’t make any reference to a specific campus or institution. It demands a payment of 1.2 bitcoin, or about $18,035 in the volatile, untraceable digital currency.
Should the recipient refuse, the sender threatens to wage a campaign of confusion, making repeated false threats of bombings and mass shootings.
“One of these threats will be legitimate. Which one will be a surprise,” the email reads. “You will be forced to evacuate the campus.”
The sender adds a dramatic twist: “Every night I will roll a single die. If a six comes up, I will instruct my compatriots to follow through on the attack and kill as many people as possible … It will be public knowledge that you failed to take this threat seriously.”

Old technology is not “proven” technology.
Russian ATM hacked with 5 keystrokes – Video
In early December, an employee of Russian website Habrahabr went to get some cash from a Sberbank ATM that incidentally had a full-size keyboard. Out of boredom, as the man recalls, he started hitting the Shift key repeatedly when, all of the sudden, the Sticky Keys feature switched on, giving him full access to the machine’s underlying Windows XP operating system.
… By pressing the Shift key five times in a row, Windows serializes keystrokes, allowing the user to press and release modifier keys. This eliminates the need to hold one key with a finger while reaching for other keys.
While it’s certainly helpful to users who have physical disabilities or to those with Emacs Pinky syndrome, Sticky Keys leaves Windows-based ATMs vulnerable to attacks – especially when customers are offered a full-size keyboard. The hack was captured on video and posted to YouTube (embedded below) for everyone’s viewing pleasure.

“What you are” is a password.
Behavioral biometrics will replace passwords by 2022 – Gartner
… Gartner analysts believe on-device AI, as opposed to cloud-based AI, will mark a paradigm shift in digital security, and will do so sooner than most people think.
… The research company outlines 10 AI solutions expected to run on 80% of smartphones in 2022 that will become an essential part of vendor roadmaps and our everyday lives. At least four of them impact security.
… “Smartphones will be an extension of the user, capable of recognizing them and predicting their next move,” reads the report. “They will understand who you are, what you want, when you want it, how you want it done and execute tasks upon your authority.”
… New-generation smartphones will collect behavioral data to more accurately profile the user, paving the way for dynamic protection and assistance in emergency situations. It will also benefit insurers. Gartner speculates that car insurers will be able to adjust insurance rates based on driving behavior.
… A device with on-board AI could automatically detect inappropriate content – such as objectionable images, videos or text – and flag it, or block it altogether.
… Probably the boldest, but also the most-likely-to-materialize prediction from the report is the idea that on-device AI will render password-based authentication obsolete

A resource for policy writers?
Handbook for Safeguarding Sensitive PII Privacy Policy Directive 047-01-007, Revision 3. Published by the DHS Privacy Office. December 4, 2017.
This Handbook provides best practices and DHS policy requirements to prevent a privacy incident involving PII/SPII during all stages of the information lifecycle: when collecting, storing, using, disseminating, or disposing of PII/SPII. This handbook explains: how to identify PII and SPII, how to protect PII and SPII in different contexts and formats, and what to do if you believe PII and/or SPII has been lost or compromised…”

How should your policy define harassment?
Crossing the Line: What Counts as Online Harassment?
Americans agree that certain behaviors constitute online harassment, but they are more divided on others – “Pew Research Center surveys have found that online harassment is a common phenomenon in the digital lives of many Americans, and that a majority of Americans feel harassment online is a major problem. Even so, there is considerable debate over what online harassment actually means in practice. In an effort to examine more deeply where people “draw the line” when it comes to online harassment, the Center conducted a survey in which respondents were presented with fictional scenarios depicting different types of escalating online interactions. The survey then asked them to indicate which specific elements of the story they considered to be harassment. Their answers indicate that Americans broadly agree that certain behaviors are beyond the pale. For instance, in various contexts most agree that online harassment occurs when people make direct personal threats against others. At the same time, the public is much more divided over whether or not other behaviors – such as sending unkind messages or publicly sharing a private conversation – constitute online harassment….”

Or not...
Read all 539 pages of the FCC’s final order repealing net neutrality
Roughly a month after the Federal Communications Commission voted to scrap the U.S. government’s net neutrality rules, the agency has released the full, final text of its repeal.
… It also gives us a lot more to read: as in 539 pages (which you can read in full below). Pai and his fellow Republican commissioners — Michael O’Rielly and Brendan Carr — also released fuller statements explaining their votes, as did their Democratic counterparts — Jessica Rosenworcel and Mignon Clyburn — who opposed the repeal.

I like this approach. No monopoly. City can upgrade to “all fiber.” Many other potential benefits.
Fort Collins, Colorado moves ahead with civic broadband after net neutrality repeal
This week, the Fort Collins City Council voted to move ahead with a ballot measure approved by 57 percent of voters in November, which allowed, but did not require, the city council to establish a telecommunications utility to provide broadband services.
Specifically, the city voted this week to approve some of the first steps needed to install civic broadband. They voted to provide a $1.8 million loan to “support first year startup costs associated with recruiting and hiring personnel, consulting, equipment, and branding to support the initiative” and to make certain changes to the city code that will allow the city to become a telecommunications provider.
… The city of Fort Collins laid out a broadband business plan on its website, which “does not call for any restrictions on access, including uploads, downloads, delivery methods, or providers (email, Skype, Netflix, etc.).” The plan also notes that the city will develop additional policies concerning net neutrality and security.
… One of the best-known municipal broadband networks in the U.S. is the one installed by the city of Chattanooga in 2010. At the time, the city garnered national attention as the only city-wide network with speeds of up to 1 gigabyte per second.

Maybe Social Media IS mind control!

No comments: