If not government sponsored, perhaps a
tool for corporate espionage?
"Security researchers have come
across a
worm that is meant specifically to steal blueprints, design documents
and other files created with the AutoCAD software. The worm,
known as ACAD/Medre.A, is spreading through infected AutoCAD
templates and is sending tens of thousands of stolen documents to
email addresses in China. However, experts say that the worm's
infection rates are dropping at this point and it doesn't seem to be
part of a targeted attack campaign. ... [They] discovered that not
only was the worm highly customized and well-constructed, it seemed
to be targeting mostly machines in Peru [Proof
of concept testing? Bob] for some reason. ...
They found that ACAD/Medre.A was written in AutoLISP, a specialized
version of the LISP scripting language that's used in AutoCAD."
Another “Joy of Computer Security”
article... Seems they are developing “Best Criminal Practices”
as fast as we are developing Best Computer Security Practices.” ...
Cybercriminals
Getting Quicker and Craftier, Google Says
Five years ago, Google
started a “Safe Browsing” initiative to track down malicious
content across the Web. On Tuesday, the company shared some of the
insights it gleaned during the cleanup job.
It said — no surprises here — that
cybercriminals are getting faster and more creative.
The Internet has long been plagued by
“phishing” schemes in which criminals try to trick users into
clicking on malicious links that allow them to scoop up a user’s
banking credentials or send spam from their machines.
The difference now, Google says, is
that as security mechanisms for blocking sites have gotten more
effective, criminals have learned to narrow their focus on their
victims and never stay in the same place for long.
To avoid detection, cybercriminals now
switch up their location and put up new malicious sites using
free Web hosting providers and services that automatically generate
new domain names. Google said many
phishing sites now only stay online for less than an hour.
Some are switched out every 10 minutes. It said it now finds
300,000 new phishing sites a month, triple the number it encountered
three years ago.
This is not my Ethical Hackers paying
off college loans. (They already did that)
Operation
High Roller auto-targets bank funds
A global financial fraud scheme that
uses an active and passive automated transfer system to siphon money
from high balance accounts in financial institutions has been
discovered by McAfee and Guardian Analytics.
According to a joint
report released overnight, the online fraud, dubbed "Operation
High Roller," attacks banking systems worldwide and has impacted
thousands of financial institutions including credit unions, large
global banks and regional banks. The criminals have attempted to
transfer between 60 million euros (US$75.1 million) and 2 billion
euros (US$2.5 billion) to mule business accounts belonging to the
"organized crime" syndicate from at least 60 banks so far,
the study revealed.
"The advanced methods discovered
in Operation High Roller show fraudsters moving
toward cloud-based servers with multi-faceted automation
in a global fraud campaign," David Marcus, director of security
research for McAfee Labs, said
in a blog post.
We give you a list of Best Practices so
you can implement them. Sure it takes a bit more thought (rarely
more work) but it avoids articles like this...
Analysis:
eHarmony had several password security fails
An analysis of passwords stolen from
eHarmony and leaked to the Web recently reveals several problems with
the way the dating site handled password encryption and policies,
according to a security expert.
The biggest problem clearly was that
the passwords, although encrypted and obscured with a hashing
algorithm, were not "salted," which would have increased
the amount of work password crackers would need to do, writes Mike
Kelly, a security analyst at Trustwave SpiderLabs, in a blog
post today.
But there were two other less obvious
problems. First, the lowercase characters in passwords were
converted to uppercase before hashing, Kelly says
… And secondly, during resets the
passwords were changed to a five-character password using only
letters and digits
Another reason for lawyers to insist
that emails with clients must be encrypted!
Typosquatter
Used Misspelled Domains to Intercept Email, Claims $1 Million Lawsuit
A man accused of typosquatting is being
sued for $1 million by a law firm that alleges he set up a domain
that mimics the law firm’s domain name. The firm says he did so in
order to intercept email communications intended for its attorneys
and staff.
Arthur Kenzie is being
sued by Gioconda Law Group, which says that he set up email
accounts under a doppelganger domain, GiocondoLaw.com, that is
designed to catch email that is intended for the law firm’s domain,
GiocondaLaw.com, if senders mistype the address.
“Welcome to America! Here are a few
tips on how to avoid a free trip to Mexico.”
"In the wake of the U.S.
Supreme Court ruling Monday on Arizona's immigration enforcement law,
H-1B workers are being advised to keep their papers on them. About
half of all H-1B visa holders are employed in tech occupations. The
court struck down several parts of Arizona's law but nonetheless left
in place a core provision allowing police officers to check
the immigration status of people in the state at specific times.
How complicated this gets may depend on the training of the police
officer, his or her knowledge of work visas, and whether an H-1B
worker in the state has an Arizona's driver's license. An Arizona
state driver's license provides the presumption of legal residency.
Nonetheless, H-1B workers could become entangled in this law and
suffer delays and even detention while local police, especially those
officers and departments unfamiliar with immigration documentation."
“People are ignorant, governments
must “care” for them!” Fortunately, the loyalty card I use is
in the name of a certain law school professor I know.
UK:
Supermarket spies: How the Government plans to use loyalty card data
to snoop on the eating habits of 25 million shoppers
June 25, 2012 by Dissent
Martin Robinson reports:
The shopping
habits of Britain’s 25 million supermarket loyalty card holders
could be grabbed by the Government in an attempt to halt the UK’s
dangerous obesity crisis, it was claimed today.
People
who buy too much alcohol, fatty foods or sugary drinks would be
targeted with ‘tailored’ health advice under plans being
considered by the Coalition.
With more children
than ever dangerously overweight, parents could also be contacted if
their bills show they are not giving their offspring a balanced diet
from their weekly shop.
Read more on Daily
Mail
I wonder how many customers would be
willing to give up loyalty cards if this comes to pass.
(Related) “And parents are more
ignorant than their children...” Just because they are doing what
they say they're not doesn't mean they aren't doing what they say
they are.
DATA
DETOUR: Spying? No, we're tracking for a web filter, says Telstra
All those rumours about Telstra spying
on your web browsing activity have been put to rest. It turns out
Telstra wasn't spying at all - they were simply tracking what sites
you visit and then sending that data to an overseas company called
Netsweeper, which is working on an internet filtering system for the
telco. Phew! Thank goodness for that.
They would have told you, of course,
but it wasn't really important. I mean, it's not as if they were
capturing customer data, storing it and sharing it with third-party
operators, right?
… But Greens Senator Scott Ludlam
was troubled by the serious privacy implications.
He
told SC: "It is potentially problematic. Anything in the US
is subject to the Patriot Act, even if the data is anonymised, or
sent as batches.
… "We will shortly launch a
cybersafety tool that allows parents to specify the website
categories their kids can browse. To prepare for this, we are
working with a company called Netsweeper to ensure web content is
accurately characterised," Telstra
told ZDnet in a statement.
Telstra says Netsweeper has a large
database of URLs, but when customers visit new domains not in the
database, the URL is sent to Netsweeper by Telstra.
… All customer data is left out of
the information being shared with the US company, according to
Telstra.
… The service will, ultimately, be
opt-in, Telstra said.
(Related) ...and some companies have a
long tradition of “Let's try this and see if anyone notices.”
Facebook
Hides Your Email Address Leaving Only @Facebook.com Visible. Undo
This Poppycock Now
In an attempt to improve email address
privacy, Facebook has screwed up big time in what seems like a
self-serving attempt to increase usage of @facebook.com
email addresses that direct to your Facebook Messages Inbox.
Now everyone’s personal email
addresses have been hidden from their profiles, regardless of
previously selected privacy settings. Instead, your
@facebook.com
contact info is the only one visible to people with
permission to see your email addresses. This makes it harder for
friends to contact you via third-party email unless you reset your
controls.
Attention conspiracy theorists! (and
Class Action Lawyers?)
By Dissent,
June 25, 2012
Jane Yakowitz writes:
Vioxx, the
non-steroidal anti-inflammatory drug once prescribed for arthritis,
was on the market for over five years before it was withdrawn
from the market in 2004. Though a group of small-scale studies had
found a correlation between Vioxx and increased risk of heart attack,
the FDA did not have convincing evidence until it completed its own
analysis
of 1.4 million Kaiser Permanente HMO members. By the
time Vioxx was pulled, it had caused between 88,000
and 139,000 unnecessary heart attacks, and 27,000-55,000
avoidable deaths.
The Vioxx debacle
is a haunting illustration of the importance of large-scale data
research. Dr. Richard Platt, one of the FDA’s drug risk
researchers, described a series of “what if” scenarios in 2007
FDA testimony. (Barbara Evans describes the studyhere.)
If researchers had had access to 7 million longitudinal patient
record, a statistically significant relationship between Vioxx and
heart attack would have been revealed in under three years. If
researchers had had access to 100
million longitudinal patient records, the
relationship would have been discovered in just three months.
Of course, if public health researchers did post-market studies that
looked for everything all the time, many of the results that look
significant would be the product of random noise. But even if it
took six months or one year to become confident in the results from a
nation-wide health research database, tens of thousands of deaths may
have been averted.
Read more on Info/Law.
Perhaps we should collect some of these
“Bad Technology Laws” and make one of those funny Youtube videos?
"The Canadian House of Commons
may have passed the Canadian DMCA, but the constitutional concerns
with the copyright bill and its digital lock rules will likely linger
for years. Michael Geist has obtained
internal government documents that indicate that the Department
of Justice issued a legal opinion warning about the potential for
constitutional violations. The DOJ legal opinion warned of the need
to link circumvention with copyright infringement and of the
particular danger of not providing the blind with an exception. The
Canadian law misses the mark on both counts with no link to
infringement and an exception that blind groups say is 'nullified' by
strict conditions."
Towards a “Lawyer Free” world!
(Just kidding, please don't sue me...)
Perspective: Everyone is becoming more
social...
And
the Winner of the Next Social Networking Jackpot Is…
Microsoft Monday said
it would spend $1.2 billion cash in a much-anticipated acquisition of
Yammer, a sort of Twitter for businesses.
The nearly 4-year-old startup is only
the latest acquisition in a string of similar deals. Earlier this
month, Salesforce.com spent $689 million to buy Buddy Media, which
makes Facebook tools for interacting with customers. Oracle last
month bought Virtue, which helps companies coordinate social network
posts, for $300 million. And analysts expect acquisitions of
“Facebook for business” plays to continue.
So who will be next to score in the
social-meets-business lottery? Here’s a shortlist of top
contenders:
Perspective: Like all good journalism,
I assume this is completely without bias... (Sure I do)
"As newspaper budgets shrink,
state-sponsored media outlets like RT, China Daily, and Al Jazeera
have grown, hired more writers and offered more (free) coverage.
Mark Mackinnon, writing for The Globe and Mail, explains
the issue well: 'Throughout the recent crisis in Syria, and
before that in Libya and Egypt, Xinhua and RT News have thrown
unprecedented money and resources at reporting from the scene, even
as Western media scale back on their own efforts. It's not too
far-fetched to imagine a near future where it's Xinhua or RT, rather
than the Associated Press or BBC, that have
the only correspondents on the scene of an international crisis, [But
the networks will send six people to cover the local dog show! Bob]
meaning the world will only get Beijing or Moscow's version of what's
happening.' But quality coverage still
requires money, which means finding funding from somewhere. You
see the effects of this ever day: If your revenue is based mostly off
of pay-per-click banner ads, a lowest-common denominator post, like a
cheap roundup of cat pictures, is quite possibly going to pull in way
more views for less money than a nuanced, deeply reported, and
expensive dispatch from Syria. And, yeah, ads can be a bummer,
especially when they're executed poorly, and paywalls aren't great.
But when the alternatives are either fluffy, thin reporting; or
worse, blatantly biased coverage sponsored by governments, we have to
find a palatable way to fund good reporting."
Perspective: The thing about large
datasets is they are reallly large. This is 25 times larger that the
entire online storage of a multi-billion dollar manufacturing company
I consulted for a few years ago.
Bing
Maps adds 165TB of new images of Earth
Local As real (kill me a tree) books
fade, only book collectors will have them, so why not make the
display cuter?
These
Book Covers Are Custom Made to Match Your Library
Now Wine isn't a book designer, but he
does design with books. It started as a hunt for special volumes at
thrift stores and estate sales to resell on eBay. But his efforts
soon expanded into an entire outfit. Wine's Boulder-based
company, Juniper Books,
cleverly fills out shelves using both custom covers created for
classic works as well as a curated selection of existing editions.
The result brings fresh design thinking to a centuries-old industry.
Isn't it bad enough that new parents
make us look at hundreds of baby pictures? Now we must watch hours
of baby movies?
If you are away from your computer, you
cannot view the videos that are stored on it. But what if you could
remotely access those videos and stream them using your handheld
device? That is precisely what a tool called Air PlayIt offers.
Tools for the “Speachifying” class
Video Recording Teleprompter is an iOS
application sized at nearly 7 MB and meant for iOS devices with
front-facing cameras running iOS version 5.0 or later. The app lets
you record videos with the front-facing camera of your device.
Meanwhile, the screen can show you the text that you need to read in
your speech thereby serving the function of a teleprompter. You can
then watch the videos by saving them or simply uploading them to
YouTube.
No comments:
Post a Comment