Monday, May 16, 2011

Naturally, attacks ON the Cloud will also be attack FROM the Cloud.

http://www.bloomberg.com/news/2011-05-13/sony-network-said-to-have-been-invaded-by-hackers-using-amazon-com-server.html

Amazon.com Server Said to Have Been Used in Sony Attack

Amazon.com Inc. (AMZN)’s Web Services cloud- computing unit was used by hackers in last month’s attack against Sony Corp. (6758)’s online entertainment systems, according to a person with knowledge of the matter.

Hackers using an alias signed up to rent a server through Amazon’s EC2 service and launched the attack from there, said the person, who requested anonymity because the information is confidential. The account has been shut down, the person said.

The Federal Bureau of Investigation will likely subpoena Amazon as part of its investigation process, or it may try to obtain a search warrant, Hilbert said.

(Related)

http://news.cnet.com/8301-1009_3-20063084-83.html

Hiccups dog PlayStation Network restoration

The entertainment and electronics giant announced yesterday that its entire portfolio of online games, game forums, and Web sites would go back online today. After service resumed, however, users started complaining on Twitter that it wasn't active long before it was unavailable again.

"Playstation Network was back up for about 10 minutes before going down again for maintenance," Tom Cranfield tweeted. "Nice work Sony!"

Sony later announced a planned outage of its network services.

"We're expereiencing [sic] a heavy load of password resets and will be turning off the services for 30 minutes to clear the queue," the company announced on its Twitter page.

How do you say “Oops!” in Australian?

http://www.databreaches.net/?p=18273

AU: How security chief’s bank details leaked

May 16, 2011 by admin

Ben Grubb reports:

Security firm Symantec’s Australian chief has revealed how his personal credit card details were leaked by a Melbourne restaurant, which he said highlighted the need for mandatory privacy breach notification laws.

[...]

Scroggie’s credit card data was leaked via email when a Melbourne restaurant at which he was a member attempted to have its summer menu sent out to clients. But instead of attaching the menu, it sent out the client database (unencrypted) to members.

[...]

He said he deleted the initial email received – which included his and other members’ unencrypted credit card details, emails and names – because he did not want to read the menu. After being informed, he recovered it to see what details were leaked.

Once verifying the breach, Mr Scroggie telephoned the restaurant (which he would not name) to inquire about the incident. He said staff were “very, very embarrassed” by the fiasco and blamed a third party who managed their menu subscriber email database.

Read more in The Age, where Grubb and Asher Moses discuss the data breach situation in Australia, calls for mandatory breach notification, and whether estimates of what breaches cost are accurate.

Read more: http://www.theage.com.au/technology/security/how-security-chiefs-bank-details-leaked-20110516-1eopz.html#ixzz1MVknGfwG

A topic for my Computer Security students: CyberWar

http://news.yahoo.com/s/nm/20110515/tc_nm/us_korea_north_hacking;_ylt=AkdE69JrxXLgo9NFRWbdT8us0NUE;_ylu=X3oDMTFoMXV1YXMzBHBvcwMxMzIEc2VjA2FjY29yZGlvbl90ZWNobm9sb2d5BHNsawNub3J0aGtvcmVhcmU-

North Korea rejects South charge it was behind bank cyber attack

North Korea on Sunday rejected allegations by the rival South that it was behind a cyber attack that paralyzed the computer network of a South Korean bank last month and accused Seoul of inventing a conspiracy to justify physical confrontation.

The accusation that North Korean hackers were responsible for bringing down Nonghyup bank was the same type of fabrication as Seoul's assertion that Pyongyang sank one of its navy ships in March last year, a North Korean government agency said.

The computer crash at Nonghyup affected millions of customers who were unable to use the bank's credit cards and ATMs for more than a week, exposing the South's heavily wired financial system's vulnerability to organized cyber attacks.

South Korean prosecutors said the hacking was masterminded by a group of North Korean state-backed experts also responsible for previous cyber attacks on government and corporate sites in the South.

Truth in advertising? What a concept! (Another Cloud service)

http://hardware.slashdot.org/story/11/05/15/2157202/Dropbox-Accused-of-Lying-About-Security?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Dropbox Accused of Lying About Security

"Dropbox faces a possible FTC investigation because of misleading statements it has made about the privacy and security of its 25 million users' files. The cloud storage company previously claimed that it was impossible for its employees to access file contents, but in fact, as the encryption keys are in their possession, this is false. The complaint (PDF) points out that their false security claims gave Dropbox a competitive advantage over other firms offering similar services who actually did provide secure encryption."

Don’t bother us with trivial Constitutional questions…

http://torrentfreak.com/vagueness-about-pirate-domain-seizures-disturbs-us-politicians-110515/

Vagueness About ‘Pirate’ Domain Seizures Disturbs US Politicians

During the last year the U.S. Government seized more than 100 domain names it claims were promoting copyright infringement.

The actions of the authorities were met with disbelief by the sites’ owners and their millions of visitors. But those directly involved weren’t the only ones complaining.

Several legal experts believe that the domain seizures may stifle free-speech, and have further pointed out that the lack of due process could be a violation of the U.S. constitution. In this assessment they were joined by several politicians.

Two of the most outspoken politicians are U.S Senator Ron Wyden and Rep. Zoe Lofgren. In an attempt to get some much-needed answers to their questions, they asked the responsible authorities to explain how effective the seizures are and whether they are legitimate.

This week they got a response, but not the one they were looking for. Although Homeland Security’s ICE unit finally responded after three months, the politicians found the answers to be insufficient, as all the major issues were simply avoided.

“It is hard to imagine that the administration can effectively deter online copyright infringement when they refuse to answer basic questions regarding what they believe constitutes infringement,” U.S Senator Ron Wyden commented.

“Particularly troubling is their refusal to explain how linking is different from free speech

It’s not Data Mining, however…

http://www.bespacific.com/mt/archives/027274.html

May 15, 2011

Office of the Director of National Intelligence 2010 Data Mining Report

Office of the Director of National Intelligence, 2010 Data Mining Report For the Period January 1, 2010 through December 31, 2010 [via FAS, May 10, 2011]

· "The ODNI did not engage in any activities to use or develop data mining functionality in the reporting period."

[From the report:

The Catalyst program will address analytic information overload and enable IC enterprise correlation of entity information. The three primary goals for Phase A of Catalyst’s development are to:

(1) systematically derive entity information from across vast information holdings and share it using consistent standards and processes that ease the time and effort required to exploit the data upon receipt;

(2) provide a means of correlating entity data acquired from disparate sources to enable more rapid discovery and understanding of the data; and

(3) provide an enterprise-wide system that allows a user to query for a given person or organization of interest using fragmentary intelligence to discover all that the IC knows about that entity and access that portion of intelligence information for which the user is authorized to access.

Hum... Is this sufficient?

http://www.pogowasright.org/?p=22876

Federal Magistrate Adopts Prima Facie Test for Identifying Anonymous Online Speakers

May 15, 2011 by Dissent

Ryan T. Mrazik writes:

In Fodor v. Doe, 2011 WL 1629573 (D. Nev. Apr. 27, 2011), a federal magistrate judge in the District of Nevada adopted a two-part, “prima facie” test for determining whether to authorize third-party discovery seeking the identity of an anonymous online speaker. Under this test, before authorizing the third-party discovery, the court must determine that (1) the plaintiff has a real evidentiary basis to believe the anonymous defendant had engaged in the conduct complained of and (2) the plaintiff’s need to identify the speaker and proceed with his case justifies the extent of the harm to the anonymous speaker’s First Amendment rights and privacy. Applying the test in this case, the court authorized the plaintiff to serve limited third-party discovery to try to identify “Tazmanian,” the anonymous author of an allegedly defamatory blog post on Blogspot.com.

Read more about the case and decision on Digestible Law.

I have made up my mind. What need have I for facts?

http://yro.slashdot.org/story/11/05/16/0044236/The-Rise-of-Filter-Bubbles?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Rise of Filter Bubbles

"Eli Pariser gave a talk at TED which posits that tailoring algorithms are creating 'filter bubbles' around each user, restricting the information that reaches you to be — unsurprisingly — only what you want to see. While you might be happy that your preferred liberal or conservative news hits you, you'll never get to see the converse. This is because Google, Facebook, newspaper sites and even Netflix filter what hits you before you get to see it. And since they give you what you want, you never see the opposing viewpoints or step outside your comfort zone . It amounts to a claim of censorship through personalization, and now that every site does it, it's becoming a problem. Pariser calls for all sites implementing these algorithms to embed in the algorithms 'some sense of public life' and also have transparency so you can understand why your Google search might look different than someone with opposing tastes."

Hit the link below to watch a video of Pariser's talk.

http://www.youtube.com/watch?v=B8ofWFx525s&feature=player_embedded

(Related) Isn’t this a case of “Give me the facts and hold the opinion?” It had better be.

http://www.bespacific.com/mt/archives/027275.html

May 15, 2011

Pew Research Center - The Social Life of Health Information, 2011

The Social Life of Health Information, 2011 - by Susannah Fox, May 12, 2011

"The internet has changed people’s relationships with information. Our data consistently show that doctors, nurses, and other health professionals continue to be the first choice for most people with health concerns, but online resources, including advice from peers, are a significant source of health information in the U.S. As broadband and mobile access spreads, more people have the ability – and increasingly, the habit – of sharing what they are doing or thinking. In health care this translates to people tracking their workout routines, posting reviews of their medical treatments, and raising awareness about certain health conditions. These are not yet mainstream activities, but there are pockets of highly-engaged patients and caregivers who are taking an active role in tracking and sharing what they have learned."

No comments: