Monday, July 30, 2018

This happens here, but rarely in connection with IT companies.
Express News Service reports:
Proprietors of three small-scale IT companies were arrested on Saturday in connection with the data leak of students who appeared for the class 10 and 12 state board exams this year. The serious breach of data came to light recently as data companies were openly selling the district-wise details of nearly 8 lakh students along with their address, phone numbers and other personal information, which were collected by the School Education department from the students.
A statement from the city police said three companies in the city were found involved in selling the data and arrested owners of the three companies. But the police could not tell the origin of the breach of data from the government’s database.
Read more on New Indian Express.




Why Russia (and others) have such an easy time hacking the US.
GAO – Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation, GAO-18-645T: Published: Jul 25, 2018. Publicly Released: Jul 25, 2018. “GAO has identified four major cybersecurity challenges and 10 critical actions that the federal government and other entities need to take to address them. GAO continues to designate information security as a government-wide high-risk area due to increasing cyber-based threats and the persistent nature of security vulnerabilities…”
“GAO has made over 3,000 recommendations to agencies aimed at addressing cybersecurity shortcomings in each of these action areas, including protecting cyber critical infrastructure, managing the cybersecurity workforce, and responding to cybersecurity incidents. Although many recommendations have been addressed, about 1,000 have not yet been implemented. Until these shortcomings are addressed, federal agencies’ information and systems will be increasingly susceptible to the multitude of cyber-related threats that exist…”




Russia wants to turn off your lights? When does this rise to an act of war?
Russian Hackers Meddling with U.S. Power Grid Poses Huge Threat to National Security
The newest cyber threat troubling top U.S. government officials is the prospect of Russian hackers breaking into the U.S. power grid and selectively causing blackouts across the country. According to officials at the Department of Homeland Security (DHS), members of a shadowy, state-sponsored group known as Dragonfly or Energetic Bear have been escalating hacking attacks on the U.S. energy grid, nuclear facilities and other critical U.S. infrastructure since 2014. The next inevitable step is for these hackers to “throw the switch” on control systems at power plants in order to cause blackouts.
… First, they gained access to networks of key utility vendors using simple tactics such as spear-phishing attacks and watering-hole attacks. Once they gained the right passwords and credentials, that’s when they went to work studying the ins and outs of the U.S. power grid using their newfound backdoor access.
Since these utility vendors had the ability to update software and run diagnostics, hackers who worked for a Russian state sponsored group gained a valuable back door into key elements of the national power grid. What if, for example, they decide to delete some of the grid software instead of updating it? Or what if these Russian hackers decide to alter the diagnostics testing in order to expose the system to more risk?
The real concern, say DHS officials, is that Russian hackers will eventually get to the point where they could automate hacking attacks from a distance.


(Related)
Russians Are Targeting Private Election Companies, Too — And States Aren’t Doing Much About It
The American election system is a textbook example of federalism at work. States administer elections, and the federal government doesn’t have much say in how they do it. While this decentralized system has its benefits, it also means that there’s no across-the-board standard for election system cybersecurity practices. This lack of standardization has become all the more apparent over the past two years: Hackers probed 21 state systems during the lead-up to the 2016 election and gained access to one. But the federal government and states don’t appear to have made great strides to ensure that this doesn’t happen again. To do so, they’d need to deal with not only their own cybersecurity deficits but also those of the private companies that help states administer elections.
Voting machine manufacturers and the makers of election software and electronic poll books (which are lists of eligible voters) are crucially intertwined with state election systems. All states, to some extent or another, rely on these private companies for election products. But despite the central role these companies play, state regulations of them are relatively lax.




Useful ability for my Computer Security students?
Identifying People by Metadata
Interesting research: "You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini.
Abstract: Metadata are associated to most of the information we produce in our daily interactions and communication in the digital world. Yet, surprisingly, metadata are often still categorized as non-sensitive. Indeed, in the past, researchers and practitioners have mainly focused on the problem of the identification of a user from the content of a message.
In this paper, we use Twitter as a case study to quantify the uniqueness of the association between metadata and user identity and to understand the effectiveness of potential obfuscation strategies. More specifically, we analyze atomic fields in the metadata and systematically combine them in an effort to classify new tweets as belonging to an account using different machine learning algorithms of increasing complexity. We demonstrate that through the application of a supervised learning algorithm, we are able to identify any user in a group of 10,000 with approximately 96.7% accuracy. Moreover, if we broaden the scope of our search and consider the 10 most likely candidates we increase the accuracy of the model to 99.22%. We also found that data obfuscation is hard and ineffective for this type of data: even after perturbing 60% of the training data, it is still possible to classify users with an accuracy higher than 95%. These results have strong implications in terms of the design of metadata obfuscation strategies, for example for data set release, not only for Twitter, but, more generally, for most social media platforms.




Good summary, useful graphic.
The 6 Types Of Cyber Attacks To Protect Against In 2018




Perspective. The decline and fall of American society?
The First Augur Assassination Markets Have Arrived
"Killed, not die of natural causes or accidents."
Pretty much everyone saw them coming, but it was no less disturbing when assassination markets actually began to appear on Augur, a decentralized protocol for betting on the outcomes of real-world events and that launched two weeks ago on ethereum.
The markets – which allow users to bet on the fates of prominent politicians, entrepreneurs and celebrities – in some cases explicitly specify assassination, as the quote above shows. (CoinDesk is intentionally not providing links to these markets or naming the individuals concerned.)
In addition to targeting individuals, some markets offer bets on whether mass shootings and terrorist attacks with certain minimum numbers of casualties will occur.




I keep threatening my students with an infographic project. Maybe this Quarter I’ll actually assign one.
15 Free Infographic Templates in Powerpoint
  • Infographics are a powerful tool for capturing the attention of your target audiences. In fact, businesses that publish infographics grow their traffic an average of 12% more than those that don’t.
  • The hard part, of course, is finding time and resources to create these infographics. That’s why we’ve created fifteen fully customizable infographic templates that will give you the inspiration and foundation you need to build your own infographics right in PowerPoint or Illustrator.”
  • Note – requires free registration…”


1 comment:

Candy said...

Hi,

I'm Candy from PearlMountain Limited. I'm wondering if you could write something about our DesignEvo on your site.

DesignEvo is an online logo maker for creating professional logos in seconds. Try it out:https://www.designevo.com/. Some of its key features:

* 5000+ professionally designed templates.
* Over one million icons available to search through.
* Hundreds of text fonts and shapes to choose from.
* Fully customizable features.

Besides, it also has mobile versions:https://www.designevo.com/for-mobile/.
The version for Mac:https://www.designevo.com/desktop/.

Could you please take a look and make a video for this app? If you are interested, please feel free to ask me for the coupon to get its premium logo packages for free.

Look forward to hearing from you soon.

Best Regards,

Candy