Tuesday, January 09, 2018

Not my Centennial. Also, be careful what you say, the data accessed looks important to me!
Travis Loose reports:
The Centennial School District on Friday announced a security breach within its student information systems. District officials do not currently believe any important student information was taken, however the investigation is ongoing.
Two Centennial High School students — a junior and senior, both under 18 — are responsible for data breach, school district spokeswoman Carol Fenstermacher told Patch in an email Friday. One of the students reportedly told authorities they did it to “show that the system could be hacked,” Fenstermacher said, but police are working to determine any specific or nefarious intent.
The district’s IT staff reportedly found the access points that were hacked by the students and has secured them, Fenstermacher said. Law enforcement is determining the full extent of the breach and figuring what, if anything, was taken.
Read more on Patch.
[From the article:
Fenstermacher said the hackers were able to access the names, birthdates, addresses, schools and grade levels, phone numbers, student IDs, and demographic information of all current and former Centennial School District students.

What were they (not) thinking?
I tweeted about this breach disclosure earlier today after Zack Whittaker called everyone’s attention to it, and I am glad to see that Catalin has written the matter up:
In a data breach notification letter submitted to the Office of the Attorney General for the state of California, a makeup product vendor said it could not fully assess the impact of a recent card security breach due to a lack of backups.
[…] Beautyblender started investigating the incident after two customers complained about fraudulent transactions on credit cards used on the site.
[…] “Unfortunately, due to the lack of backups of the website that were available from the website hosting company, beautyblender has been unable to confirm the date that the malware was placed on the website.”
Their last backup was in April, 2015. Ugh.
Read more on BleepingComputer.

North Korea needs hard currency.
Monero Miner Sends Cryptocurrency to North Korean University
An application compiled just weeks ago was found to be an installer for a Monero miner designed to send the mined currency to a North Korean university, AlienVault reports.
The application’s developers, however, might not be of North Korean origins themselves, the security researchers say. They also suggest that the tool could either be only an experimental application or could attempt to trick researchers by connecting to Kim Il Sung University in Pyongyang, North Korea.

Still trust this vendor?
Hardcoded Backdoor Found on Western Digital Storage Devices
Discovered by GulfTech security researcher James Bercegay, the security flaws could be exploited to achieve remote root code execution on the affected WD My Cloud personal cloud storage units (the device is currently the best-selling NAS (network attached storage) device on Amazon).
One of the most important security issues the researcher found was an unrestricted file upload vulnerability created by the “misuse and misunderstanding of the PHP gethostbyaddr() function,” the researcher says.

Definitely an article for my Computer Security student toolkit!
Perhaps you’re an office manager tasked with setting up a new email system for your nonprofit, or maybe you’re a legal secretary for a small firm and you’ve been asked to choose an app for scanning sensitive documents: you might be wondering how you can even begin to assess a tool as “safe enough to use.” This post will help you think about how to approach the problem and select the right vendor.

Something for my researching students?
New guide helps journalists, researchers investigate misinformation, memes and trolling
“Recent scandals about the role of social media in key political events in the US, UK and other European countries over the past couple of years have underscored the need to understand the interactions between digital platforms, misleading information and propaganda, and their influence on collective life in democracies. In response to this, the Public Data Lab and First Draft collaborated last year to develop a free, open-access guide to help students, journalists and researchers investigate misleading and viral content, memes and trolling practices online. Released today, the five chapters of the guide describe a series of research protocols or “recipes” that can be used to trace trolling practices, the ways false viral news and memes circulate online, and the commercial underpinnings of problematic content. Each recipe provides an accessible overview of the key steps, methods, techniques and datasets used. The guide will be most useful to digitally savvy and social media literate students, journalists and researchers. However, the recipes range from easy formulae that can be executed without much technical knowledge other than a working understanding of tools such as BuzzSumo and the CrowdTangle browser extension, to ones that draw on more advanced computational techniques. Where possible, we try to offer the recipes in both variants…”

Tech’s Enormous Scale: Samsung Now Outspends Exxon and Shell Combined
Samsung Electronics Co. spent more money on capital expenditures last year than any other publicly traded company, offering a dramatic example of how technology and telecom firms have driven an uptick in global manufacturing investment.
The South Korean tech giant invested $44 billion to build or expand new facilities making semiconductors, displays and other products, according to S&P Global Market Intelligence estimates.

Always an amusing argument.
… Both conservatives and progressives invoke “consumer welfare” as antitrust’s core concern, but they offer divergent interpretations of this concept. Guided by the late Robert Bork’s seminal work, The Antitrust Paradox, conservatives invoke a total welfare standard that regards efficiency-enhancing mergers as presumptively legitimate, no matter how those gains are allocated between consumers and producers. For their part, progressives also focus on the consequences for consumers, but employ a broader understanding of consumer welfare that encompasses quality, innovation, and choice as well as price.
Recently, a third stance has entered the fray. Populists regard the consumer welfare standard as inadequate, because it pays no attention to the political dimension of antitrust — in particular, to the connection between economic concentration and corporate political power. Reflecting a tradition extending back a century to the thought of Louis D. Brandeis, populists believe that a multiplicity of businesses is preferable to a small number of large firms — for the health of local communities as well as economic sectors — even if consumers pay higher prices.

NYU professor Scott Galloway talks about the pervasive influence of Big Tech – both good and bad – in his new book.

For my geeks who Pi.

No comments: