Thursday, July 19, 2012


Did these guys learn nothing from the movie Clueless?
The Consumerist resets passwords following breach
July 18, 2012 by admin
The Consumerist seems to have had a security breach. Their blog posts are light on details, though:
On July 15, they wrote:
As some Consumerist readers have noted, the site has been down twice in the past week and we promised an explanation, which follows.
We first took the site down late Wednesday afternoon, when we were alerted to a security concern. [Translation: “Our system didn't detect it.” Bob] The site was then cleaned and cleared by our security experts, and put back online within about two hours.
Last night, we detected a new problem and took the site down for another five hours in order to address that issue.
To limit security concerns, the Consumerist is now operating in a mode that does not permit commenting. We apologize for the inconvenience this may cause.
As both a precaution and as a best practice, we strongly advise that you change your password at any site where you use the same password as Consumerist. You cannot change your password at Consumerist yet due to the no-comment mode, but we will alert you when that changes.
On July 16, they provided an update:
Because of the nature of the investigation, we cannot – at this time – share further details of the specific changes. But we do want you to know of two actions we will be taking in the next few days that may affect your experience on the site:
***First, we plan to reset all existing passwords. This means that those of you who use log-in access at the Consumerist will need to choose a new password when you log into the site. We will be sending you an email summarizing the same actions described in this post.
***Second, we plan to re-open the Consumerist to comments. As noted yesterday, we turned off commenting as part of our initial response to the latest security incident.
It could take a day or two for these actions to take place but we will post another update when they do occur. In the meantime, here are some answers to questions you may have about the situation:
Q: You said in your post yesterday that I should change my password. Does this mean that my user name or password has been compromised?
A: We don’t yet know for sure, and are investigating that carefully. The password files were encrypted, but as a matter of prudence and good practice we are recommending that you change your password at any site where you use the same password as the one you use at Consumerist. We also plan to reset all existing Consumerist passwords, which will require you to choose a new password when you try to log into the site.
[,,,]
Q: Does this mean that if I visited Consumerist, my computer might have been infected?
A: We don’t know for sure, but if you are worried about a possible infection, you should use your anti-virus software to run a complete scan of your machine. If you don’t already have anti-virus protection on your computer, we strongly suggest you get some. And for additional suggestions on how to cleanse your machine, you can consult the StopBadware.org site.


Did it or didn't it? You credibility is at risk.
Hacker claims breach of 50,000 accounts from Wall Street IT recruiting firm
July 18, 2012 by admin
Jaikumar Vijayan reports:
A hacker today claimed to have broken into ITWallStreet.com, a website for IT professionals seeking jobs or working with Wall Street firms, and exposed highly detailed data belonging to tens of thousands of job applicants.
As many as 12 data files containing detailed information on job applicants were publicly posted today after apparently being accessed from an ITWallStreet database by a hacker belonging to a group called TeamGhostShell.
A Computerworld inspection of the published data showed the first and last names, mailing addresses, email addresses, usernames, hashed passwords and phone numbers of what appear to be thousands of people who have applied for IT jobs with Wall Street firms. Many of the thousands of hashed passwords appear to have already been decrypted into their clear text form.
Read more on Computerworld. As of the time of his article, Andiamo Partners, the firm that operates the web site, had neither confirmed nor denied the breach. At the time of this blog post, there is no notice or alert on their web site, either. [At least an “It has been claimed...” statement might be useful Bob]


In a world that has evolved from “He said, She said” to one where everyone can video Rodney King, it may be best to investigate before making an absolute denial...
Wearable Computer Pioneer, Dr. Steve Mann, Releases New Photo Supporting His Assault Claim Against McDonald’s


Isn't it a felony to fail to report a felony?
Legal, regulatory risks keep firms from sharing cyber threat data
A U.S. policy report to be released today says Congress should preempt certain state and federal regulations in order to allow companies the freedom to share with the government information about cyber security threats and attacks without fear of breaking data breach and other laws.
More information sharing is needed between companies and government agencies in order to help fend off attacks from hacktivists, criminals, and nation-states that target computer networks in the United States, according to the Cyber Security Task Force: Public-Private Information Sharing report written by the Homeland Security Project at the non-profit Bipartisan Policy Center.
… "From October 2011 through February 2012, over 50,000 cyber attacks on private and government networks were reported to the Department of Homeland Security (DHS), with 86 of those attacks taking place on critical infrastructure networks," the report says, citing a New York Times article. Only a small number of the incidents are reported to the Department of Homeland Security, mostly because companies are concerned about legal consequences, the report says
Read the full report (6.56MB PDF)


This should be interesting...
Justice Department Sues Telecom for Challenging National Security Letter
Last year, when a telecommunications company received an ultra-secret demand letter from the FBI seeking information about a customer or customers, the telecom took an extraordinary step — it challenged the underlying authority of the FBI’s National Security Letter, as well as the legitimacy of the gag order that came with it.
Both challenges are allowed under a federal law that governs NSLs, a power greatly expanded under the Patriot Act that allows the government to get detailed information on Americans’ finances and communications without oversight from a judge. The FBI has issued hundreds of thousands of NSLs and been reprimanded for abusing them — though almost none of the requests have been challenged by the recipients.
After the telecom challenged its NSL last year, the Justice Department took its own extraordinary measure: It sued the company, arguing in court documents that the company was violating the law by challenging its authority.
… It’s only the second time that such a serious and fundamental challenge to NSLs has arisen. The first occurred in 2004 in the case of a small ISP owner named Nicholas Merrill, who challenged an NSL seeking info on an organization that was using his network. He asserted that customer records were constitutionally protected information.
But that issue never got a chance to play out in court before the government dropped its demand for documents.


This could be handy for me, since I have a hard time remembering names.
July 18, 2012
FTC Testifies on Commercial Uses of Facial Recognition Technologies
News release: "The Federal Trade Commission today told a Senate Judiciary subcommittee that the FTC is examining the benefits to consumers, as well as privacy and security concerns regarding current and possible future commercial uses of facial recognition technologies and will make recommendations later this year on best practices for companies that use these new technologies. The recommendations will build on comments from a recent FTC workshop on facial recognition technology, and on the three core principles from the agency's March 2012 Privacy Report – privacy by design, simplified consumer choice, and transparency."


A new form of 'news by search?” Watch stories on your topics of interest no matter where they are reported? Watch the story from the closest news source? Watch the news as reported by sock puppets?
July 17, 2012
Pew - YouTube & News: A New Kind of Visual News
"News is becoming a major part of what Americans watch on YouTube. In the last 15 months, a third of the most searched terms on the video sharing site were news related. A new study by the Project for Excellence in Journalism explores the character of news on YouTube—what kinds of stories people access, who produced them, who posted them and what it means for the future of visual journalism. See a visual discussion of the findings."


Perspective
July 18, 2012
Information and Communications for Development 2012: Maximizing Mobile
"Around three-quarters of the world’s inhabitants now have access to a mobile phone and the mobile communications story is moving to a new level, which is not so much about the phone but how it is used, says a new report by the World Bank and infoDev, its technology entrepreneurship and innovation program. The number of mobile subscriptions in use worldwide, both pre-paid and post-paid, has grown from fewer than 1 billion in 2000 to over 6 billion now, of which nearly 5 billion are in developing countries. Ownership of multiple subscriptions is becoming increasingly common, suggesting that their number will soon exceed that of the human population.
"The report, Information and Communications for Development 2012: Maximizing Mobile, says more than 30 billion mobile applications, or “apps,” were downloaded in 2011 – software that extends the capabilities of phones, for instance to become mobile wallets, navigational aids or price comparison tools. This trend is also benefiting developing countries where people are increasingly using mobile phones to create new livelihoods and enhance their lifestyles, while governments are using them to improve service delivery and citizen feedback mechanisms."


My geeks are happy!
"Hardly a day goes by without a top-level research group announcing some kind of graphene-related breakthrough, but this one's a biggy: Researchers at the University of Erlangen-Nuremberg, Germany have created high-performance monolithic graphene transistors using a simple lithographic etching process. This could be the missing step that finally paves the way to post-silicon electronics. In theory, according to early demos from the likes of IBM and UCLA, graphene transistors should be capable of switching at speeds between 100GHz and a few terahertz. The problem is, graphene doesn't have a bandgap — it isn't a natural semiconductor, like silicon — and so it is proving very hard to build transistors out of the stuff. Until now! The researchers say that current performance "corresponds well with textbook predictions for the cutoff frequency of a metal-semiconductor field-effect transistor," but they also point out that very simple changes could increase performance 'by a factor of ~30.'"


Here's a challenge: try to think of a more expensive way to do this... Hint: Don't ask students.
"The White House has unveiled a proposal to create a national elite teachers corps to reward the nation's best educators in science, technology, engineering and math. In the first year, as many as 2,500 teachers in those subjects would get $20,000 stipends on top of their base salaries in exchange for a multiyear commitment to the STEM Master Teacher Corps. The Obama administration plans to expand the corps to 10,000 nationwide over the next four years, with the ultimate goal that the elite group of teachers will pass their knowledge and skills on to their colleagues to help bolster the quality of teaching nationwide."


The future or just another bandwagon? Still, the qustion of “certification”
The online education platform Coursera announced today that 12 more universities had signed on as partners, joining the 4 that were part of the startup’s launch in April. Joining the University of Pennsylvania, Princeton, University of Michigan and Stanford are Georgia Tech, Duke University, University of Washington, Caltech, Rice University, University of Edinburgh, University of Toronto, EPFL - Lausanne (Switzerland), Johns Hopkins University (School of Public Health), UCSF, University of Illinois Urbana-Champaign, and the University of Virginia.

(Related)
What It’s Like to Teach a MOOC

No comments: