Wednesday, March 28, 2018

A relatively small breach, but another “data held ransom” incident.
For those like me who don’t automatically remember different systems: 26 lakh = 2.6 million, and 1 crore = USD $10 million.
Statesman News Service reports:
The billing data of over 26-lakh consumers with the Uttar Haryana Bijli Vitran Nigam (UHBVN), one of the two power discoms in the state, has been stolen and the hackers are demanding Rs. 1 crore in cryptocurrency, Bitcoins.
[…]
Sources said the cyber attack took place after midnight on March 21 with the hackers targeting the billing data of UHBVN consumers. With all billing information hacked, hackers used the UHBVN computer screens to flash the message demanding Rs 1 crore in Bitcoins from the Haryana government to retrieve the data.
Read more on The Statesman.


(Related)
Statistics Say Don't Pay the Ransom; but Cleanup and Recovery Remains Costly
SentinelOne's Global Ransomware Report 2018 (PDF) questioned 500 security and risk professionals (200 in the U.S., and 100 in each of France, Germany and the UK) employed in a range of verticals and different company sizes.
The result provides evidence that paying a ransom is not necessarily a solution to ransomware. Forty-five percent of U.S. companies infected with ransomware paid at least one ransom, but only 26% had their files unlocked. Furthermore, 73% of those firms that paid the ransom were targeted at least once again. Noticeably, while defending against ransomware is a security function, responding to it is a business function: 44% of companies that paid up did so without the involvement or sanction of the IT/security teams.




Something to stir up debate in my Computer Security class.
Tyler Durden writes:
The Cambridge Analytica scandal was never really about Cambridge Analytica.
As we’ve pointed out, neither Facebook nor Cambridge Analytica have been accused of doing anything explicitly illegal (though one could be forgiven for believing they had, based on the number of lawsuits and official investigations that have been announced).
Instead, the backlash to these revelations – which has been justifiably focused on Facebook – is so severe because the public has been forced to confront for the first time something that many had previously written off as an immutable certainty: That Facebook, Google and the rest of the tech behemoths store reams of personal data, essentially logging everything we do.
Read more on ZeroHedge.




Another “thing” on the “Internet of Things” that wants to spy on you.
Joe Cadillic writes:
Cities across America are installing FREE smart parking meters equipped with license plate license plate readers (LPR).
A company called Municipal Parking Service (MPS) has been installing free camera equipped parking meters in Massachusetts, Connecticut, New Jersey, Florida and Canada.
Are MPS’s parking meters really free?
The answer is yes, sort of.
Read more on MassPrivateI.




Suspicions confirmed!
FBI sought iPhone order before exhausting options: U.S. inspector general
The Federal Bureau of Investigation did not exhaust possible solutions to unlock an iPhone connected to a gunman involved in a late-2015 shooting spree before seeking a court order to compel Apple Inc to help access the device, a U.S. Justice Department internal watchdog said on Tuesday.
The conclusion may pose challenges for the Trump administration in possible future litigation to force companies to help crack into encrypted devices.
… The FBI unit chief knew that one of the vendors contacted had almost 90 percent completed a technical solution that would unlock the iPhone, the report said. The Justice Department said at the time it required Apple’s assistance because it lacked other means to access the device.
… Communication failures at the FBI caused some officials to misunderstand the status of its own efforts to open the device, and contributed to delays in seeking help from the FBI unit and the vendor that was ultimately successful, the report said.
“The lack of coordination resulted in a “belatedly-obtained technical solution” that forced the government to withdraw its court filing stating it could not access the iPhone, it added.
The FBI told the inspector general there was no delay in developing the technique that opened the iPhone and that the vendor had proactively notified officials of the cracking method.




Some pros and cons.




Social Media strikes again? I take it ROTC is out of the question. You can’t take a gun safety course or go hunting? Seems really excessive to me.
Two NJ high school students suspended for going to gun range after school
Lacey Township School District in central New Jersey suspended two high school students after Snapchat pictures showed them at a gun range outside of school hours.
Attorney Daniel Schmutter with the Association of New Jersey Rifle and Pistol Clubs said a lawsuit might be pending since the pictures were non-threatening and not alarming in any way. The two students were simply at a gun range after school hours.
Schmutter indicated in a letter to Lacey Township School District that suspending the two students for posting photos off school grounds and unrelated to school activities was a “very serious violation” of the their rights, according to Patch.com.
… Lacey Township School District follows the Safe Schools Initiative and the Zero Tolerance for Guns Act. Their own policy enforces zero-tolerance policy for any students who have weapons in their possession, on or off school grounds, according to Patch.com.
… The students could face a possible one-year suspension, according to Schmutter.




Perspective. It’s clear which side he’s on! (But some ‘worth reading’ analysis.)
Insanity Wins As Appeals Court Overturns Google's Fair Use Victory For Java APIs
Oh, CAFC. The Court of Appeals for the Federal Circuit has spent decades fucking up patent law, and now they're doing their damndest to fuck up copyright law as well. In case you'd forgotten, the big case between Oracle and Google over whether or not Google infringed on Oracle's copyrights is still going on – and it appears it will still be going on for quite a while longer, as CAFC this morning came down with a laughably stupid opinion, overturning the district court's jury verdict, which had said that Google's use of a few parts of Java's API was protected by fair use. That jury verdict was kind of silly in the first place, because the whole trial (the second one in the case) made little sense, as basically everyone outside of Oracle and the CAFC had previously understood (correctly) that APIs are simply not covered by copyright.




Perspective. “Damn the facts, full speed ahead?”
Trump hates Amazon, not Facebook
  • Trump tells people Amazon has gotten a free ride from taxpayers and cushy treatment from the U.S. Postal Service.
  • “The whole post office thing, that's very much a perception he has,” another source said. “It's been explained to him in multiple meetings that his perception is inaccurate and that the post office actually makes a ton of money from Amazon."




Not sure if we have an Apple ID. Should we get one?
Apple has shared during its education event in Chicago today that student accounts through schools will now get 200GB of iCloud storage for free.
A considerable bump from the current 5GB of free iCloud storage, Apple will be giving the 200GB allotment to every student with a managed Apple ID.
Keep in mind this won’t work like the Apple Music student discount, where any student with a .edu is eligible. The updated 200GB plans are only for students with school provided Apple IDs.




Now that’s big!
This Giant Infographic Has 140+ Facts On The Scale Of Amazon


No comments: