I see a topic for our next Computer Security
class. This was never secret. Is Reuters saying the US Government
never noticed?
Tech firms
let Russia probe software widely used by U.S. government
… In
order to sell in the Russian market, the tech companies
let a Russian defense agency scour the inner workings, or source
code, of some of their products. Russian authorities say the reviews
are necessary to detect flaws that could be exploited by hackers.
How much damage could a deliberate cyber attack
cause? Oodles!
Maersk
Reinstalled 50,000 Computers After NotPetya Attack
In
a panel
on securing a common future in cyberspace, Hagemann Snabe, former
co-CEO of SAP, said the NotPetya malware had hit a large number of
systems housed by the company.
According
to Hagemann Snabe, Maersk’s IT team had to reinstall software on
its entire infrastructure, including 45,000 PCs and 4,000 servers,
totaling 2,500 applications.
The
mammoth task took only 10 days to complete, during which
time the company manually coordinated operations. This was not easy
considering that Maersk is the largest container shipping company in
the world and it’s responsible for roughly 20 percent of world
trade. Hagemann Snabe noted that a ship carrying 10,000-20,000
containers docks into a port every 15 minutes.
Unusual for counter-intelligence to reveal their
targets and their results. What am I missing? (A message to
Vladimir Putin for example?)
Report:
Dutch spies caught Russian hackers on tape
The Netherlands' spy service broke into the
computers used by a powerful Russian hacking group and may be sitting
on evidence relating to the breach of the U.S. Democratic
National Committee, a Dutch newspaper and television show jointly
reported Friday.
Reports carried in the respected daily Volkskrant
and the current affairs show Nieuwsuur say hackers working for the
Dutch General Intelligence and Security Service penetrated the
computers used by the group, often nicknamed Cozy Bear, in mid-2014
and watched them for at least a year, even managing to catch the
hackers on camera.
… Volkskrant and Nieuwsuur said that the Dutch
spies used their access to help oust Cozy Bear from U.S. State
Department computers in late 2014. Volkskrant said American
spies were so grateful they sent the Dutch cake and flowers.
Skimming, Russian style. (Are you getting poor
gas mileage lately?)
Hacker uses
malware to steal, resell gas in major Russian fraud scheme
… According to the investigation, Denis Zayev
created a malicious program that he sold to dozens of gas station
employees to inject in the pumps’ software and cash registers. In
some schemes he was also a partner, getting a share of the money from
the stolen fuel.
The scam was simple: after the malware was
installed on the IT systems, a gas tank would be left empty on
purpose so some of the fuel that customers bought would be diverted
to the empty tank. Customers would get less fuel than they paid for,
while employees resold the fuel collected in the empty tank.
Zayev and his partners stole between 3% and 7% of
the fuel for some “hundreds of millions or rubles.” The
malicious program was undetectable and they fully covered their
tracks by showing fake data and deleting any information about the
resale operation.
Trying to keep up or catch up to technology is
always a losing game.
BocaNewsNow writes:
Several teachers in schools throughout South Palm Beach County are using “Bloomz,” a Facebook-like app to communicate in a social network style with parents. This app is not approved by the Palm Beach County School District. Teachers are not authorized to use the app.
Potentially violating Florida public records laws, Bloomz presents a “back channel” communication tool that isn’t monitored by, and can’t be accessed by, administrators, principals, school district attorneys or members of the public filing freedom of information act requests.
[…]
At issue: teachers are storing confidential student information in the app which may be used by Bloomz for marketing purposes, potentially violating FERPA, the Family Educational Rights and Privacy Act. Calendars, photos, testing schedules, lists of students completing field trip permission slips, even photos and videos are being posted online by teachers with no guarantee of privacy or confidentiality.
Read more on BocaNewsNow.
If the allegations are true, this is a good
example of the risks and pitfalls with edtech. Did the districts do
a training with teachers about permissible and impermissible tech?
Did teachers have to sign any statement of understanding about what
they can use and not use? Do teachers ever get actually disciplined
or suspended for using tech that they were not permitted to use?
Perspective. Self-driving cars are coming, no
matter what my students think.
Ford Motor Co. is acquiring two small software
firms to help build out its mobility business, a move that highlights
the need for auto companies to seed their management teams with
technology talent to keep pace in a fast-changing transportation
sector.
Ford said Thursday it is buying Autonomic Inc., a
Palo Alto, Calif., startup with 70 employees that is developing a
software backbone for Ford to provide urban transit services to
consumers and businesses.
Something for my next Computer Forensics class.
PDF
Forensic Analysis and XMP Metadata Streams
Arman Gungor – Meridian Discovery – Link
to complete posting: “Portable Document Format (PDF) forensic
analysis is a type of request we encounter often in our computer
forensics practice. The requests usually entail PDF forgery
analysis or intellectual property related investigations. In
virtually all cases, I have found that the PDF metadata contained in
metadata streams and the document information dictionary have been
instrumental. I will
provide a brief overview of these metadata sources and then provide
an example of how they can be useful during PDF forensic analysis.
PDF is an electronic file format created by Adobe Systems in the
early 1990s. It is used primarily to reliably exchange documents
independent of platform—hardware, software or operating system.
PDF is also an ISO Standard (ISO
32000-1). Due to its platform independent nature, numerous
personal and business documents such as reports, agreements and
operational documents are created and exchanged in PDF format.
Consequently, we encounter them very often during e-Discovery
processing, productions and PDF forensic analysis—especially
during fraudulent
document analysis…”
Imagine what the next 1000 years will bring!
Oxford
University admits more women than men for first time – Ucas
The University
of Oxford offered more undergraduate places to British women than
men last year for the first time in its more than 1,000-year history.
Of the total figure, female sixth-formers also
outnumbered their male peers, according to data published from Ucas,
the university and college admissions body.
A total of 1,070 18-year-old female UK applicants
to Oxford took places on undergraduate course in autumn 2017,
compared with 1,025 men of the same age.
Perspective. (But you have to explain what I’m
seeing?)
Nutella
'riots' spread across French supermarkets
A discount on Nutella has led to violent scenes in
a chain of French supermarkets, as shoppers jostled to grab a bargain
on the sweet spread.
Intermarché supermarkets offered a 70% discount
on Nutella, bringing the price down from €4.50 (£3.90) to €1.40.
But police were called when people began fighting
and pushing one another.
"They are like animals. A woman had her hair
pulled, an elderly lady took a box on her head, another had a bloody
hand," one customer told French media.
Similar scenes have been reported across France,
with some being described as "riots".
This seems off topic, but it ties into this week’s
homework in Computer Security. (Yes, I give very strange
assignments.)
Bill Gates
is funding genetic research into how to create the perfect cow
Is Scott Adams trying to explain politics in the
Trump era?
No comments:
Post a Comment