Thursday, January 11, 2018

Don’t mess with Putin.
Hackers Leak Olympic Committee Emails in Response to Russia Ban
A group of hackers linked to Russia has leaked several emails apparently exchanged between officials of the International Olympic Committee (IOC) and other individuals involved with the Olympics. The leak comes in response to Russia being banned from the upcoming Pyeongchang 2018 Winter Games in South Korea.
The group, calling itself Fancy Bears and claiming to be a team of hacktivists that “stand for fair play and clean sport,” previously released confidential athlete medical records stolen from the systems of the World Anti-Doping Agency (WADA), and also targeted the International Association of Athletics Federations (IAAF). One of their most recent leaks included emails and medical records related to football (soccer) players who used illegal substances.
The first leaks from Fancy Bears came shortly after Russian athletes were banned from the 2016 Rio Olympics following reports that Russia had been operating a state-sponsored doping program.
While Fancy Bears claim to be hacktivists, researchers have found ties between the group and Fancy Bear, a sophisticated Russian cyber espionage team also known as APT28, Pawn Storm, Sednit, Sofacy, Tsar Team and Strontium.
The latest leak includes emails apparently exchanged between IOC officials and other individuals involved with the Olympics. Some of the messages discuss the recent decision to ban Russia from the upcoming Winter Games based on the findings of the IOC Disciplinary Commission.
While the hackers claim the emails they leaked prove the accusations, a majority of the messages don’t appear to contain anything critical. Furthermore, Olympics-related organizations whose systems were previously breached by the hackers claimed at the time that some of the leaked files had been doctored.




Evaluating the potential for hacking without actually hacking.
Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture




Gosh, what a clever idea!
Uber’s Secret Tool for Keeping the Cops in the Dark
In May 2015 about 10 investigators for the Quebec tax authority burst into Uber Technologies Inc.’s office in Montreal. The authorities believed Uber had violated tax laws and had a warrant to collect evidence. Managers on-site knew what to do, say people with knowledge of the event.
Like managers at Uber’s hundreds of offices abroad, they’d been trained to page a number that alerted specially trained staff at company headquarters in San Francisco. When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they’d obtained a warrant to collect. The investigators left without any evidence.




There ought to be a law…
This is still happening? It shouldn’t be. At what point should they be required to abandon using fax?
Alicia Bridges of CBC reports:
The Saskatchewan Health Authority has again faxed private medical information about a patient to a North Battleford computer shop, according to the frustrated owner of the business.
Darryl Arnold says his company fax machine received a 21-page medical report from the Shellbrook Hospital that was intended for a North Battleford-area doctor.
Read more on CBC. What’s also disturbing is that they seem to be trying to put the problem-solving on the involuntary recipient of their misdirected faxes:
Arnold said his company’s fax number is nearly identical to the one belonging to a North Battleford-area doctor’s office — it’s just one digit different.
He said he has been in contact with a health authority worker, who suggested he address the problem by changing his business fax number.
Arnold said he is willing to do that as long as the health authority compensates him for reprinting company business cards and letterhead.
But he said the health authority did not respond after he sent them the amount he wants them to pay for the number.
Arnold said the authority also suggested he try to set up his fax machine to block faxes from health authority numbers, but the company that sold him the machine has told him that’s not possible.
SHA is the source of the breach. THEY have to solve/prevent this – not the computer shop. Jeez….




For my Computer Security students.




I like the “annual inspection” idea. BUT Let’s do the math: $100 times 143,000,000 = More than the PowerBall and MegaMillions combined! It will never pass.
Bill Would Establish Cybersecurity Inspections, Impose Mandatory Penalties, and Compensate Consumers for Stolen Data
“United States Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) today introduced the Data Breach Prevention and Compensation Act to hold large credit reporting agencies (CRAs) – including Equifax – accountable for data breaches involving consumer data. The bill would give the Federal Trade Commission (FTC) more direct supervisory authority over data security at CRAs, impose mandatory penalties on CRAs to incentivize adequate protection of consumer data, and provide robust compensation to consumers for stolen data. In September 2017, Equifax announced that hackers had stolen sensitive personal information – including Social Security Numbers, birth dates, credit card numbers, driver’s license numbers, and passport numbers – of over 145 million Americans. The attack highlighted that CRAs hold vast amounts of data on millions of Americans but lack adequate safeguards against hackers. Since 2013, Equifax has disclosed at least four separate hacks in which sensitive personal data were compromised. The Data Breach Prevention and Compensation Act would establish an Office of Cybersecurity at the FTC tasked with annual inspections and supervision of cybersecurity at CRAs. It would impose mandatory, strict liability penalties for breaches of consumer data beginning with a base penalty of $100 for each consumer who had one piece of personal identifying information (PII) compromised and another $50 for each additional PII compromised per consumer. Under this legislation, Equifax would have had to pay at least a $1.5 billion penalty for their failure to protect Americans’ personal information. To ensure robust recovery for affected consumers, the bill would also require the FTC to use 50% of its penalty to compensate consumers and would increase penalties in cases of woefully inadequate cybersecurity or if a CRA fails to timely notify the FTC of a breach.”




For our Disaster Recovery discussion.
The Most Awful Transit Center in America Could Get Unimaginably Worse
… One day this autumn, an Acela pulls into Newark, N.J., and a railway spokesman escorts me onto the rear engine car, where we stand and take in the view facing backward. As we descend into one of the Hudson tunnels—there are two, both 107 years old, finished in the same year the Wright brothers built their first airplane factory—a supervisor flips on the rear headlights, illuminating the ghastly tubes.




What I have been saying for years.
Community-Owned Fiber Networks: Value Leaders in America
“By one recent estimate about 8.9 percent of Americans, or about 29 million people, lack access to wired home “broadband” service, which the U.S. Federal Communications Commission defines as an internet access connection providing speeds of at least 25 Mbps download and 3 Mbps upload. Even where home broadband is available, high prices inhibit adoption; in one national survey, 33 percent of non-subscribers cited cost of service as the primary barrier. Municipally and other community-owned networks have been proposed as a driver of competition and resulting better service and prices. We examined prices advertised by a subset of community-owned networks that use fiber-to-the-home (FTTH) technology. In late 2015 and 2016 we collected advertised prices for residential data plans offered by 40 community-owned (typically municipally-owned) FTTH networks. We then identified the least-expensive service that meets the federal definition of broadband (regardless of the exact speeds provided) and compared advertised prices to those of private competitors in the same markets. We were able to make comparisons in 27 communities and found that in 23 cases, the community-owned FTTH providers’ pricing was lower when the service costs and fees were averaged over four years. (Using a three year-average changed this fraction to 22 out of 27.) In the other 13 communities, comparisons were not possible, either because the private providers’ website terms of service deterred or prohibited data collection or because no competitor offered service that qualified as broadband. We also found that almost all community-owned FTTH networks offered prices that were clear and unchanging, whereas private ISPs typically charged initial low promotional or “teaser” rates that later sharply rose, usually after 12 months. We made the incidental finding that Comcast advertised different prices and terms for the same service in different regions. We do not have enough information to draw conclusions about the impacts of these practices. In general, our ability to study broadband pricing was constrained by the lack of standardization in internet service offerings and a shortage of available data. The FCC doesn’t collect data from ISPs on advertised prices, prices actually charged, service availability by address, consumer adoption by address, or the length of time consumers retain service.”




Perspective.
Health Care Just Became the U.S.’s Largest Employer
The Atlantic – “This moment was inevitable. It just wasn’t supposed to happen so soon. Due to the inexorable aging of the country—and equally unstoppable growth in medical spending—it was long obvious that health-care jobs would slowly take up more and more of the economy. But in the last quarter, for the first time in history, health care has surpassed manufacturing and retail, the most significant job engines of the 20th century, to become the largest source of jobs in the U.S. In 2000, there were 7 million more workers in manufacturing than in health care. At the beginning of the Great Recession, there were 2.4 million more workers in retail than health care. In 2017, health care surpassed both. There are several drivers of the health-care jobs boom. The first is something so obvious that it might actually be underrated, since it is rarely a proper news story in its own right: Americans, as a group, are getting older…”




Definitely an article to hand out in my next Statistics course!
Visualizing the Uncertainty in Data


No comments: