An interesting time for the bad guys (China? North Korea? My students?) to demonstrate that they can inject their own “news” into the system.
http://news.cnet.com/8301-27080_3-20090963-245/hong-kong-stock-exchange-halts-trading-after-hack-attack/
Hong Kong stock exchange halts trading after hack attack
Hackers broke into the Hong Kong stock exchange news Web site today, forcing the exchange to suspend trading of seven companies, according to The Wall Street Journal.
The affected companies, which included HSBC, Cathay Pacific Airways and the Hong Kong Exchanges & Clearing, which runs the bourse, had all released price-sensitive information earlier in the day.
"Our current assessment that this is a result of a malicious attack by outside hacking," Charlies Li, chief executive of Hong Kong Exchanges & Clearing, told reporters.
Typical...
http://www.databreaches.net/?p=20099
Eye Safety Systems notifies customers that credit card database may have been hacked and decryption key may have been acquired
Attorneys for Eye Safety Systems have notified the New Hampshire Attorney General’s Office that they believe that a compromise of their web site, hosted by an unnamed third party vendor, may have compromised customers’ credit card transaction data.
The firm reports that although the database “used a method of encryption,” the hackers may have acquired the decryption key. [Which means the key was available online or so trivial it was “obvious” Bob] As a result, customers’ names, addresses, phone numbers, e-mail addresses, and credit card data may have been acquired in the May 2011 incident.
ESS learned of the incident on May 27 and sent out e-mail notifications to customers on May 28. They also moved their database to a dedicated server and improved security measures, including the method of encryption.
Customers were notified by postal mail on July 29 and offered free credit monitoring services. There was no indication in the notification that there had been any reports of misuse of data, and the total number of customers affected was not reported.
It only took South Korea 35 million to wake up. We have had several over 100 million and still wonder if we should do something...
http://www.pogowasright.org/?p=24000
S. Korea plans to scrap online real-name system
It appears that a massive data breach affecting 35 million South Koreans who use popular portal and social networking sites Nate and Cyworld has served as a wake-up call for the government:
The South Korea government will push ahead with plans to scrap the current real-name system for Internet users in the wake of the country’s worst online security breach, local media reported Thursday.
The Ministry of Public Administration and Security is set to report to ruling party lawmakers about comprehensive measures to protect personal information online, including abolishing the real- name registration system, Yonhap news agency said.
Read more on TMCnet.com
Well, it's kind of a “business contact”
http://www.pogowasright.org/?p=24004
LinkedIn slammed for opt-out setting which could erode user privacy
LinkedIn users are being urged to contact the company to complain after it was revealed that a change in privacy policy now allows third-party advertisers to harvest users’ profile information and pictures in their ads by default.
Blogger Steve Woodruff appears to have been the first to notice the changes to LinkedIn’s Terms of Use, which force users to manually untick a box in the Manage Social Advertising section of their privacy controls.
Paul Ducklin, Sophos head of technology in Asia Pacific, suggested that LinkedIn is making the same mistake as Facebook with its much-maligned decision to make face recognition functionality opt-out.
Read more on v3.co.uk.
Dean Wilson of The Inquirer (UK) also piles on:
It’s a clever approach to advertising, but an absolutely abyssmal approach to privacy, as Linkedin has decided to automatically opt-in all of its users without informing them of the change.
Users can opt out if they want, but the option is buried in the Settings page, a ploy similar to that used by Facebook to hide its privacy settings. The big problem here is that if users don’t know that their name and photo are being used in this way, then how can they opt out of it?
Linkedin could face legal trouble for this decision. Digital Trends reports it is likely that Linkedin broke Dutch privacy law, which requires user consent for employing user images with advertisements. It could also be brought up before the European Commission and the UK Information Commissioner’s Office (ICO).
Read more on The Inquirer.
(Related) Of course Facebook didn't “steal” them, you gave them to Facebook!
http://techcrunch.com/2011/08/10/in-the-book/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29
Facebook: We Aren’t Stealing Your Phone Numbers And Posting Them So Everyone Can See
Facebook has responded to a privacy scare meme likely deriving from a recent HackerNews thread called “Facebook has your complete phonebook” both with an official post onFacebook’s Wall and a personal message from a Facebook Messenger engineer Ben Gertzfield on HackerNews.
In its efforts to dominate all modes of human communication (yay Messenger!), Facebook has chosen to match up and de-dupe numbers both on your Facebook Friends List and your mobile Contacts to form one Contacts coherent list, that only you can see. For those of you that didn’t realize that Facebook now has the contact information of sundry aunts, bosses, dry cleaners, etc this may come as a shock.
… How did Facebook get those numbers in the first place? With your permission of course!
They are no longer actors in the “Security Theater”
http://www.wired.com/threatlevel/2011/08/airline-pilots-screening/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29
Airline Pilots Allowed to Dodge Security Screening
Federal authorities are tacitly acknowledging that, despite their best efforts, it’s impossible to keep domestic aircraft safe from all evildoers. That’s because if a pilot wants to crash a plane, the pilot can crash a plane.
With that in mind, the Transportation Security Administration began a program Tuesday allowing pilots to skirt the security-screening process. The TSA has deployed approximately 500 body scanners to airports nationwide in a bid to prevent terrorists from boarding domestic flights, but pilots don’t have to go through the controversial nude body scanners or other forms of screening. They don’t have to be patted down or go through metal detectors. Their carry-on bags are not searched.
Pilots at O’Hare International Airport are now allowed to bypass the screening process altogether and instead show authorities their credentials in a program called Known Crewmember.
… And later this year, the TSA intends to reduce screening for so-called “trusted travelers” or “elite-level” frequent fliers of American Airlines and Delta Airlines. Those passengers may not have to remove their shoes or take their computers out of their cases during the screening process.
… There are no announced plans to reduce screening for rank-and-file fliers. [i.e. They're not “SCUM” like the rest of us... Bob]
More like Egypt and Lybia every day...
UK To Shut Down Social Networks?
"In a move worthy of China's communist regime, UK PM David Cameron wants to shut down social networks whenever civil unrest rears its head in Britain's towns and cities. Speaking in the House of Commons, Cameron said, 'Everyone watching these horrific actions will be struck by how they were, organised via social media. Free flow of information can be used for good. But it can also be used for ill. So we are working with the police, the intelligence services and industry to look at whether it would be right to stop people communicating via these websites and services when we know they are plotting violence, disorder and criminality.'"
So far I haven't heard anyone blame the Rock 'n Roll music, but if social networks aren't a good enough culprit, you could also try blaming video games.
(Related)
http://techcrunch.com/2011/08/11/absolute-explosion-%E2%80%94-how-blackberry-bbm-fed-the-london-riots/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29
“Absolute Explosion” — How BlackBerry BBM Fed The London Riots
(Related) “We ain't gonna have no “Arab Spring” or “London Summer” here!”
http://news.cnet.com/8301-17852_3-20090961-71/nypd-creates-twitter-sniffing-facebook-frisking-unit/
NYPD creates Twitter-sniffing, Facebook-frisking unit
… Why pay snitches when you have some of the finest snitches of all in Facebook and Twitter? Not the companies themselves, you understand. Just the people on their sites.
That seems to be the spirit of a new unit created by the New York Police Department.
Conscious of the realities of virtual communication, the department has, so the New York Daily News tells me, decided bad deeds can be anticipated or corralled on Twitter and Facebook. So it has set up a social media unit to establish juvenile justice for all.
This is interesting and has potential for more than architectural amusement. Forensic tool?
http://techcrunch.com/2011/08/10/video-free-moving-kinect-used-to-map-room-and-objects-in-detailed-3d/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29
Video: Free-Moving Kinect Used To Map Room And Objects In Detailed 3D
For my Computer Forensics students...
A Geeks Guide to Digital Forensics – video now online
The nice folks over at Google Chicago have posted my “A Geek’s Guide to Digital Forensics” (video / presentation) on their GoogleTechTalk channel. It was posted about a week ago and has had 1,079 views…which is impressive only because the thing weighs in at nearly 56 minutes. If you suffer through the whole thing, maybe leave a comment or click that little like button.
Yeah there's an app for that, but what else is it doing?
http://www.bespacific.com/mt/archives/027996.html
August 10, 2011
Mobile App Security Study: appWatchdog Findings
"Data (in)security is rapidly gaining consumer attention in major media. In 2011 major breaches at Sony, Epsilon and others have highlighted the risk consumers face from their data being compromised. Major corporations are now recognizing the urgency to implement strong and innovative security measures to ensure the security of their customers’ data. At the same time, both Apple and Google have seen stunning growth in the past few years and now dominate the smartphone market. Companies and app developers have leveraged these platforms to provide new mobile services, often bringing them to market very quickly. But what steps have the smartphone OS providers and app developers taken to secure the data on their customers’ smartphones? At viaForensics we believe in proactive forensics – applying the power of forensic methods proactively to improve digital security. With appWatchdog we utilize forensic techniques to investigate consumer mobile apps and understand what user data is stored and could be at risk. This white paper summarizes our findings for the first 100 tests, from November 2010 through June 2011."
For all my students
http://www.makeuseof.com/tag/download-operation-cleanup-complete-malware-removal-guide/
DOWNLOAD Operation Cleanup: Complete Malware Removal Guide
Think your Windows computer might be infected? Clean it up yourself with a variety of free tools, using “Operation Cleanup: Complete Malware Removal Guide”, the latest free PDF manual from MakeUseOf.com. Written by Brian Meyer ofYourRealSecurity, this guide outlines not only how to remove a virus from your computer but also how to clean up the mess they leave behind.
DOWNLOAD Operation Cleanup: Complete Malware Removal Guide
(the download password: makeuseof)
http://www.makeuseof.com/tag/nmap-wifi-security-auditing-software-check-home-network/
Nmap – Wi-Fi Security Auditing Software to Check Your Home Network [Windows]
One of the simplest Wi-Fi security software apps you can use to keep an eye on your Wi-Fi security and network is Nmap. Nmap is actually short for “Zenmap”, which is the title of the app that you’ll see once you install it. This program is a fast and efficient way to scan your entire network. It can be used to conduct a security analysis on one device that you know is on your network, or it can scan an entire range of IP addresses to search for security vulnerabilities on any device.