Everyone is moving into the Cloud...
http://www.databreaches.net/?p=18627
Financial data stealing Malware now on Amazon Web Services Cloud
June 5, 2011 by admin
Dmitry Bestuzhev of Kaspersky writes:
There were some recent comments about Amazon Cloud as a platform for successful attacks on Sony… Well, today I found that Amazon Web services (Cloud) now is being used to spread financial data stealers.
The evidence indicates that the criminals behind the attack are from Brazil and they used several previously registered accounts to launch the infection. Unfortunately after my formal complaints to Amazon, and waiting more than 12 hours, all malicious links are still on-line and active! It’s worth mentioning that more and more criminals use legitimate cloud services for malicious purposes. In most cases, they successfully abuse them.
[...]
Steal financial information from 9 Brazilian and 2 International Banks!
Steal Microsoft Live Messenger credentials.
Steal digital certificates used by eTokens in the system.
Steal information about the CPU, Volume hard drive number, PC name and so on (this information is being used by some Latin American banks during login sessions to the bank in order to authenticate customers)
Exfiltrate stolen data in two ways: via email to a cybercriminal’s Gmail account and via special php inserting data to a remote database.
Read more on Securelist.com.
via @dragosr
Does Amazon Web Services have a priority number/email address to contact to report these types of situations?
Is this a cultural failure? Would all Japanese companies ignore security basics? Somehow I doubt it.
http://www.databreaches.net/?p=18620
Pointer/reference: Chronology of recent Sony incidents
June 4, 2011 by admin
Great thanks to attrition.org for compiling a detailed chronology of recent Sony security incidents together to help us all.
[From the article:
One thing should be noted; the attacks against Sony are not coordinated, nor are they advanced. Sony has demonstrated they have not implemented what any rational administrator or security professional would consider "the absolute basics". Storing millions of customer's personal details and passwords without using any form of encryption is reckless and ridiculous. Even security books from the '80s were adamant about encrypting passwords at the very least. Several of Sony's sites have been compromised as a result of basic SQL injection attacks, nothing elaborate or complex.
It used to be that a search of the “database of criminals” would show a match only if you were a criminal. Now it shows a match if you are in the database, and my concern is that NOT being in the database will become a crime.
http://www.pogowasright.org/?p=23258
Et tu, Israel? Israel to start collecting fingerprints from all citizens
June 5, 2011 by Dissent
Atty. Jonathan J. Klinger writes:
Last Thursday marked the final approval of the biometric database regulations and the biometric database order in Israel; the regulations and order were approved by a special Knesset panel participated solely by MK Meir Sheetrit (Kadima) and Abraham Michaeli (Shas), where Sheetrit was the initial entrepreneur of the Biometric Database in his position as minister of interior.
This marks the end of a process that began two years ago when The Knesset approved the biometric bill. The discussions prior to the approval were on who shall be granted access to the citizen’s biometric database (but not to whether it’s really needed). According to the biometric law, any citizen or resident that joins the database will have to provide the ministry of interior his fingerprints and a photograph of his face which will be stored in a central database which may be accessible to the ministry of interior, the police and other security services.
Read more on +972. The writer does not appear to object to Israel’s identity card system but only to the use of this biometric database which he argues is not necessary and increases the risk of identity theft.
“Ready, Fire, Aim!” I suspect his lawyers are drooling.
Student Suspended For Posting On YouTube
"A Canadian student has been suspended from school and had the police called on him due to satirical animations that he posted to YouTube. Jack Christie, a 12th-grade student at the Donald A. Wilson Secondary School in Whitby, Ontario, Canada, created the videos in his own time, off-campus."
[From the article:
Mr. Christie created the videos on his laptop for presentations in economics and politics classes over the course of the last school year. Titled Jack Christie Talks to Children, they feature an animated representation of himself leading a pair of kids on adventures and purporting to explain various subjects, such as politics and corporate whistle-blowing.
He said his teachers had no problem with the content – one even lent his voice to an animation – and he didn’t get in trouble until he uploaded the videos to YouTube.
Are there any rules? Would this have gone differently if he was a credentialed journalist? (Would the cops have asked and waited for the credentials?)
Man Ordered At Gunpoint To Hand Over Phone For Recording Cops
"Miami Beach police did their best to destroy a citizen video that shows them shooting a man to death in a hail of bullets on Memorial Day. First, police pointed their guns at the man who shot the video, according to a Miami Herald interview with the videographer. Then they ordered the man and his girlfriend out of the car and threw them down to the ground, yelling, 'you want to be f****** paparazzi?' Then they snatched the cell phone from his hand and slammed it to the ground before stomping on it. Then they placed the smashed phone in the videographer's back pocket as he was laying down on the ground."
Eventually, this will sort itself out. But it seems there will be a high price paid before it does.
MI: Big changes for medical marijuana users
By Dissent, June 4, 2011
According to a Michigan federal court judge on Friday, medical marijuana patients have no right to privacy.
Federal Judge Hugh Brenneman Jr. ruled that Michigan medical marijuana patients have no right to privacy when it comes to a federal investigation involving marijuana. In short, medical marijuana patients should not expect the information they give to the state to receive a registration card will be kept from federal investigators.
This ruling comes despite a provision in the state’s Medical Marijuana Act which promises patients their information will be kept private.
Read more on WOOD8.
Interesting. I wonder what their strategy is? I hope it's not: “Here are some tools. Do something.”
http://www.bespacific.com/mt/archives/027424.html
June 04, 2011
GSA's Apps.gov Offers Info and Links to Free Social Media Applications for Government Agencies
Via GSA's Apps.gov: "Social media apps make it easier to create and distribute content and discuss the things we care about and help us get the job done. Social media includes various online technology tools that enable people to communicate easily and share information. Social media includes text, audio, video, images, podcasts, and other multimedia communications." This site lists, and links to, 55 free apps in categories including: Analytics and Search Tools, Blogs and microblogs, Bookmarking/Sharing, Display of Multimedia, Data, Maps, Document Sharing on Websites, Idea Generation/General Discussion, In-depth Discussion Tools, Social Networks, Video, Photo, Audio Hosting/Sharing, and Wikis.
This website is just getting started. My students might find this interesting...
Funding4Learning.com - Money For Educational Projects
Aiming to facilitate the financing of educational projects, Funding4Learning can be used by students from all over the world in order to create campaigns, promote them through social channels and collect as much money as it is needed to make everything come to fruition.
These are the three aspects that define this web service: it lets users create campaigns which can be as specific as they want, it lets them spread the word about them using channels such as Facebook and Twitter, and then it lets them collect the money which is submitted by those the project strikes a chord with.
Campaigns can be created by just anybody. All that must be done is to give them a name, set down a monetary goal and pick their exact duration. That is the information which has to be provided for campaigns to be started and run on the site. And once they go live, campaigns are both indexed for all to search, and highlighted on the homepage for a short while.
http://www.funding4learning.com/
No comments:
Post a Comment