Wednesday, May 09, 2018
If you don’t log/measure/manage/understand what is happening on your computers, don’t suggest that you do.
The Register – Equifax reveals full horror of that monstrous cyber-heist of its servers
Equifax reveals full horror of that monstrous cyber-heist of its servers – 146 million people, 99 million addresses, 209,000 payment cards, 38,000 drivers’ licenses and 3,200 passports – “Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017. The good news: the number of individuals affected by the network intrusion hasn’t increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant’s ongoing audit of the security breach. In February, in response to questions from US Senator Elizabeth Warren (D-MA), Equifax agreed that card expiry dates and tax IDs could have been among the siphoned data, but it hadn’t yet worked out how many people were affected. Late last week, the company gave the numbers in letters to the various US congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America’s financial watchdog. As well as the – take a breath – 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers’ licenses and 3,200 passport details lifted, too…”
[From the article:
The cyber-break-in occurred because Equifax ran an unpatched and therefore insecure version of Apache Struts, something it blamed on a single employee.
At February's RSA conference in San Francisco, Derek Weeks of Sonatype claimed “thousands” of companies continued to download vulnerable versions of Struts
(Related) As it often does, the Dilbert strip sums up my opinion of Equifax’s management.
Remember, lots of paper ballots are still being used, so this is no big surprise. On the other hand, would there be evidence if electronic votes were changed? (See my Equifax comments, above.)
No Evidence Russian Hackers Changed Votes in 2016 Election: Senators
Hackers backed by the Russian government attempted to undermine confidence in the voting process in the period leading up to the 2016 presidential election, but there is no evidence that they manipulated votes or modified voter registration data, according to a brief report published on Tuesday by the Senate Intelligence Committee.
… Nearly all the targeted states observed attempts to find vulnerabilities in their systems. These scans were often aimed at the website of the Secretary of State and voter registration infrastructure, the Senate panel said in its report.
In at least six states, Russian hackers attempted to breach voting-related websites, and in a small number of cases they were able to gain unauthorized access to election infrastructure components, and even obtained the access necessary for altering or deleting voter registration data. However, it does not appear that they could have manipulated individual votes or aggregate vote totals.
Somehow, I kind of expected this. Will companies fail in the same ratio?
European regulators: We're not ready for new privacy law
Europe’s General Data Protection Regulation (GDPR) has been billed as the biggest shake-up of data privacy laws since the birth of the web.
There’s one problem: many of the regulators who will police it say they aren’t ready yet.
The pan-EU law comes into effect this month and will cover companies that collect large amounts of customer data including Facebook and Google. It won’t be overseen by a single authority but instead by a patchwork of national and regional watchdogs across the 28-nation bloc.
Seventeen of 24 authorities who responded to a Reuters survey said they did not yet have the necessary funding, or would initially lack the powers, to fulfill their GDPR duties.
May be time to brush up on an old skill.
Google adds Morse code input to Gboard
Google is adding morse code input to its mobile keyboard. It’ll be available as a beta on Android later today.
… Google’s implementation will replace the keyboard with two areas for short and long signals. There are multiple word suggestions above the keyboard just like on the normal keyboard. The company has also created a Morse poster so that you can learn Morse code more easily.
Another option for those quick “explainers.”
Lensoo Create – Create Whiteboard Videos on Your Phone or Tablet
Lensoo Create is an app for creating whiteboard videos on your phone or tablet. The app is available in an Android version and in an iOS version.
To create a video on Lensoo Create just open the app and tap the record button in the top of the screen. You can then start drawing on the white canvas in the app. Everything that you draw and type is captured in the video as is anything that you say while drawing. You can pause the recording then add a new page on which you draw while talking. When you're finished just tap the "done" button to save your work.
One of the shortcomings of Lensoo Create is that you cannot save your videos to your phone or tablet's camera roll. Instead you have to create a free Lensoo Create account to save your videos on their cloud service. Once saved you can share links to your video. Lensoo says that you can download your videos from your online account, but
been able to make that function work update: I tried it
again the next morning and I was able to download the video.
Lensoo Create could be a good choice for teachers who want to make whiteboard videos to explain how to solve math problems or anything else that is best illustrated with handwriting. As a free app, it's not a bad option. That said, it's not quite as good as the paid ShowMe or Explain Everything apps.