A Watergate Break-In For the 21st Century
Two groups of hackers sponsored by the Russian government
broke into the computer systems of the Democratic National Committee and
accessed emails, chat logs, and a trove of detailed opposition research on
Donald Trump assembled by the party’s researchers.
The hackers were removed from the system over the weekend,
officials told The Washington Post, but not before they
were able to comb through staff members’ day-to-day communications and their
research on the presumptive Republican nominee.
One hacking group entered the system last year, and been
monitoring DNC communications since then, the Post’s Ellen Nakashima
reported. This April, the other group
gained access to the Trump files.
Yep, a record year for sure.
Verticalscope.com and all of
their domains were hacked in February of 2016. LeakedSource has obtained and added a copy of
this data to its ever-growing searchable repository of leaked data.
[…]
This data set contains nearly 45
million records from over 1100 websites and communities. Some of the larger domains include
Techsupportforum.com MobileCampsites.com Pbnation.com and Motorcycle.com. Each record
may contain an email address, a username, an IP address, one password and in
some cases a second password. We added this data set to LeakedSource on
April 27th 2016 but only analyzed it now.
Given the massive scale of this breach, it is also likely that
VerticalScope stored all of their data on interconnected or even the same servers
as there is no other way to explain a theft on such a large scale. ZDNET reporter Zack Whittaker contacted
VerticalScope on our behalf and they confirmed the breach in addition to our
verification from May.
[…]
Passwords were stored in various
encryption methods but less than 10% of the domains which account for a very
small amount of leaked records used difficult to break encryption (less than a
couple million). Most of the records
(over 40 million) were just MD5 with salting and this is insufficient.
For my Computer Security students. Remember this when it comes time to ask for a
bigger budget.
Cost of a data breach: $4M: Benefits of responding quickly:
Priceless.
The bad news is that data breaches are becoming ever more
common. The worse news is that the cost
they represent for companies is going through the roof.
Those are two conclusions from a study released Wednesday
by IBM Security and the Ponemon Institute, which found that the average cost of
a data breach has grown to $4 million. That's
a hefty jump compared with last
year's $3.79 million, and it represents an increase of almost 30 percent
since 2013.
The annual Cost of a Data Breach study
examines both direct and indirect costs to companies in dealing with a single
data breach incident.
… This year's data
uncovered a 64 percent increase in reported security incidents between 2014 and
2015. Meanwhile, the study found that
companies now lose some $158 per compromised record. In highly regulated industries like
healthcare, the damage is even worse, reaching $355 per record.
(Related) Another “must
do” for Security managers?
CISOs Risk Getting Fired Over Poor Reporting
Board members are paying attention to the cyber risk
information reported to them and many say that cybersecurity executives could
lose their jobs if they fail to provide useful, actionable information, a
recent survey from Bay Dynamics reveals.
According to the study, 89% of board members surveyed said
they are very involved in making cyber risk decisions, while 74% of them said
the cyber risk information is provided to them weekly. However, they also say that IT and security
executives should be held accountable for presenting quality reports, with 59%
of respondents saying security executives will lose their jobs as a result of
failing to provide useful, actionable information.
… Dubbed “How
Boards of Directors Really Feel about Cyber Security Reports,” the study (PDF) complements a February report
from Bay Dynamics, titled “Reporting to the Board: Where CISOs and the
Board are Missing the Mark” and meant to discover how IT and security
executives feel about their information reports presented to the board.
(Related)
IoT Devices Not Properly Secured on Enterprise Networks:
Survey
According to the research, nearly three quarters of
enterprises either don’t have efficient protection methods for their IoT
devices, or are not aware of what is being used. At the other end, only 19% of organizations
have a specialized agent that monitors the network, while 7% say they use a
different approach to securing IoT devices, the report says.
… Produced by
Webtorials and sponsored by ForeScout, the new research
shows not only that many organizations lack the proper security policies for
IoT devices in their networks, but also that a large number of professionals
working within these organizations lack the necessary awareness regarding these
devices.
(Related)
Automating attacks is cheap.
Massive DDoS attacks reach record levels as botnets make them
cheaper to launch
There were 19 distributed denial-of-service (DDoS) attacks
that exceeded 100 Gbps during the first three months of the year, almost four
times more than in the previous quarter.
For my IT Architecture class.
How Wells Fargo is Reaching the Digital Customer
Banks today are seeing their businesses disrupted
by fintech – startups offering mobile payments, loans, virtual
currencies and the like. To compete with
digital startups and meet the heightened expectations of customers who want
24/7 access, engagement and security, Wells Fargo is actively bridging the gap
between its cyber and physical operations. Jamie Moldafsky, the bank’s chief marketing
officer, spoke about the company’s digital efforts on the Knowledge@Wharton show on
Wharton Business Radio, which aired on SiriusXM channel 111.
She said the bank is changing to meet the needs of the digital
customer, such as rethinking its marketing approach from straight-out selling
to customer engagement. Wells Fargo also
is interested in using biometrics tools like retina scanning to boost the
security of customer information.
An edited transcript of the conversation appears below.
Perspective.
What Marketers Need to Know About Chat Apps
The rise of social media changed marketing. Now, before
some marketers have even fully adapted to that world, the social web is
transforming again. The rise of private
social networks and messaging apps will challenge the strategies that marketers
developed for public social networks.
If your company is still trying to figure out how to make
the most of Facebook and Twitter, consider:
·
WhatsApp
has rapidly become the biggest messaging service in the world with more
than a billion users.
·
Snapchat
is a juggernaut with the 18-24 age group, now earning more daily check-ins than
Facebook. The company founder insists it
is “not
a social network.”
·
Facebook
is the social network for most of the world, yet their major investment is in
the development of private Facebook Messenger, including bots
that would help companies scale “human” interaction through the service. More than 900
million people use Messenger now.
Other private messaging services like Viber and Kik have
attracted millions of users.
·
Of the Fortune 100 companies, 77 use Slack.
The average Slack user keeps the app running 10 hours a day, and is actively
using it for over 2 hours a day.
·
Instagram
started private DM in 2014 that focuses on the sharing of content with up to 15
people in a threaded approach.
·
Twitter
has experimented with Snapchat-style doodles and photo editing and in 2015
expanded the character limit via private direct messaging.
I would have expected the opposite when Democrats
rule. Where have they spent their fury?
Government Regulatory Prosecutions Fall to Record Low
by Sabrina
I. Pacifici on Jun 14, 2016
“The latest case-by-case data from the Justice Department
show that in April 2016 there were 76 new prosecutions for government
regulatory matters. This is the lowest
count in this program category for a single month since October 1998, the start
of TRAC’s monthly time series. Government
regulatory prosecutions have fallen 17 percent from the same period in the
previous year, and are down 30.5 percent from levels reported five years ago in
2011. The data were collected from
federal prosecutors by the Executive Office for United States Attorneys and
obtained by the Transactional Records Access Clearinghouse under the Freedom of
Information Act. For more details,
including a timeline of prosecutions and top district rankings, see the report
at: http://trac.syr.edu/tracreports/crim/426/“
Think this will be enough?
Now we go after those content sources that don’t count against you “data
limits?”
‘Net neutrality’ rules for fair internet access win in court
A federal appeals court on Tuesday upheld the government’s
“net neutrality” rules, preserving regulations that force internet providers
such as Comcast and AT&T to treat all online traffic — everything from
Netflix and cat videos to games and downloads — equally.
The 2-1 ruling is a sweeping victory for the Obama
administration and the consumer groups and internet companies that have pushed
net neutrality for years. The Federal
Communications Commission’s rules block internet service providers from
favoring their own services and disadvantaging others; blocking other sites and
apps; and creating “fast lanes” for video and other data services that pay for
the privilege.
… That sets the
stage for what Ammori and several analysts see as the next big battle. That will likely involve “zero rating” — the
practice of exempting preferred video services from customer data caps.
Comcast, for example, lets you can watch video at home
with its Stream service with no danger of bumping against your data cap (if you
have one). T-Mobile’s Binge On program
lets you watch any video you want from Netflix and many other providers without
counting it as data use.
Just because it amuses me.
55 Awesome Facts You Never Knew About Google
Something my students should play with.
Chef’s new Habitat project wants to make applications
infrastructure-independent
Chef today
launched Habitat,
a new open source project that allows developers to package their applications
and run them on a wide variety of infrastructures.
Habitat essentially wraps applications into their
own lightweight runtime environments and then allows you to run them in any
environment, ranging from bare metal servers to virtual machines, Docker
containers (and their respective container management services), and PaaS
systems like Cloud Foundry.
… If you’re
interested in giving Habitat a try, Chef offers a set of tutorials, as well as an interactive demo.
Free online university? Is it worth the cost?
Go Beyond the Basics of Big Data Analytics With Upskill U
Today at 1 p.m. ET, Sachin Katti, Assistant Professor of
Electrical Engineering and Computer Science at Stanford
University , will kick off a new learning module at Upskill U on Big Data
Analytics. In Analytics &
Virtualization 101, Katti will examine the fundamental questions as to the role
of big data and advanced analytics and explain what service providers need to
be doing as they prepare for virtualized networks. Future courses in this series will deep-dive
into big data analytics through the lens of security, customer experience
management and IoT.
(Register for Analytics & Virtualization 101.)
I’ve always wanted my students to write their own
textbook. On the other hand, there could
be an opportunity here for a rating system linked to the open source texts.
College courses without textbooks? These schools are giving
it a shot.
A community college reform group has selected a handful of
schools in Virginia and Maryland to develop degree programs using open-source
materials in place of textbooks
… Achieving the
Dream, an education advocacy groups based in Silver Spring, Md., aims to change
that by offering $9.8 million in grants to support the development of
open-source degree programs at 38 colleges in 13 states.
… Officials at
Achieving the Dream say there are enough open-source materials to replace
textbooks in all required courses for degrees in business administration,
general education, computer science and social science.
… One of the
largest providers of open-source materials is OpenStax College, a nonprofit
tied to Rice University in Houston.
