You don't have to do anything to be a
target. And there is nothing you can do to avoid being a target.
Wells
Fargo is latest bank to be hit by cyberattacks
Wells Fargo is the most recent
mega-bank to be hit by a distributed denial-of-service attack.
According to the Wall
Street Journal, roughly 220 customers filed complaints of outages
on its Web site today saying they had problems logging on.
"The amount of bandwidth that is
flooding the websites is very large, much larger than in other
attacks, and in a sense unprecedented," chief executive of
private security firm CrowdStrike Dmitri Alperovitch told the Wall
Street Journal.
Last week, similar
attacks happened on J.P. Morgan Chase and Bank of America's Web
sites.
Not the first “professional”
organization with unprofessional levels of security.
IEEE
leaks 100,000 members’ usernames and plain-text passwords (updated)
September 25, 2012 by admin
Seen on Slashdot,
Radu Dragusin writes:
IEEE suffered a
data breach which I discovered on September 18. For a few days I was
uncertain what to do with the information and the data. Yesterday I
let them know, and they fixed (at least partially) the problem. The
usernames and passwords kept in plaintext were publicly available on
their FTP server for at least one month prior to my discovery.
Radu provides additional details about
the leak and his analyses of exposed data on IEEElog.
This is not IEEE’s first breach
involving members’ information. A November
2010 hack affecting 828 members was disclosed
in February 2011. And in April 2011, some members who signed up for
life insurance underwritten by NY Life Insurance were notified that a
mailing
error by Marsh U.S. Consumer exposed some of their information to
other members.
Update: Oh hell…. I
won’t post links, but it has been pointed out that IEEE’s
log files have been mirrored in a number of places on the Internet.
If you’re an IEEE member, you may want to search to see what
information about you has been exposed.
Strange: This seems to be a “first”
although I can't think of a good (or even a bad) reason to do it.
(and I'm not sure what “force” is required...)
fermion writes with news of Windows
computers being forcefully liberated:
"The
campaign headquarters of Michael Grimm, a U.S. House of
Representatives member from New York, were vandalized. What has not
been reported everywhere is that Linux
was installed on one of his computers, erasing data in the
process. Is this a new attack on democracy by the open source
radicals, or it is just a random occurrence?"
From the article: "'In fact, one
officer said to me today they see this as a crime
against the government, because I am a sitting United
States congressman and they take it very seriously. [Unlike
crimes against us 'second class' citizens Bob] You know,
especially in light of what happened with Gabby Giffords, we're not
in the world today where we can shrug things off,' Grimm said. ...
[GNU/]Linux, an open-source operating system, was installed on
Grimm's computers, erasing the hard drive contents, which included
polling and voter identification data. But staff had backed up the
hard drive contents hours beforehand. Grimm and his staffers said
the vandalism — cement blocks were thrown through the office's
windows — is a cover-up for the attacks on the computers."
I think I've linked to this report
earlier...
Drones
Subject to GPS Spoofing, Privacy ‘Abuses,’ GAO Report Warns
The Government Accountability Office is
warning Congress that its push for drones to become commonplace in
U.S. airspace fails to take into account concerns surrounding
privacy, security and even GPS jamming and spoofing.
The GAO, Congress’ research arm, was
responding to the FAA
Modernization and Reform Act of 2012, signed by President Barack
Obama in February, which among other things requires the Federal
Aviation Administration to accelerate drone flights in U.S. airspace.
… But there’s a concerted push to
expand the commercial use of drones for pipeline, utility, and farm
fence inspections; vehicular traffic monitoring; real-estate and
construction-site photography; relaying telecommunication signals;
fishery protection and monitoring; and crop dusting, according
to the report
(.pdf), which was distributed to lawmakers earlier this month.
… Among other things, the report
urged the Transportation Security Administration [God
help us! Bob] to come up with a plan to secure operation
centers for unmanned drones, recommended the government formulate
privacy protections to head off “abuses” and also pointed out
safety concerns that need to be addressed regarding GPS spoofing and
jamming.
In a GPS jamming
scenario, the UAS could potentially lose its ability to determine its
location, altitude, and the direction in which it is traveling.
Low-cost devices that jam GPS signals are prevalent.
This problem can be mitigated by having a second or redundant
navigation system onboard the UAS that is not reliant on GPS, which
is the case with larger UAS typically operated by DOD and DHS.
… “Once the authentic (original)
GPS signal is overpowered, the UAS is under the control of the
‘spoofer.’ This type of scenario was recently demonstrated
by researchers at the University of Texas at Austin at the behest
of DHS.”
The report comes three months after it
was revealed that there are 64
drone bases on U.S. soil, with several private
companies cleared to operate them. As for legal protections for
citizens, “there
is very little in American privacy law that prohibits drone
surveillance within our borders,” points out Ryan
Calo, the director for Privacy and Robotics at the Stanford Center
for Internet and Society.
… According to the EFF:
The Seattle Police
Department’s drone comes with four separate cameras, offering
thermal infrared video, low light ‘dusk-dawn’ video, and a 1080p
HD video camera attachment. The Miami-Dade Police Department and
Texas Department of Public Safety have employed drones capable of
both daytime and nighttime video cameras, and according to the Texas
Department of Public Safety’s Certificate of Authorization (COA)
paperwork, their drone was to be employed in support of ‘critical
law enforcement operations.’
The report noted that commercial and
government drone expenditures could top $89 billion over the next
decade.
(Related) I think this one is new...
"In 'Living
Under Drones,' investigators from Stanford and NYU Law Schools
report on interviews with 130 people in Pakistan about U.S.-led drone
attacks there, including 69 survivors and family members of victims.
The report affirms Bureau of Investigative Journalism numbers that
count '474 to 884 civilian deaths since 2004, including 176 children'
while 'only
about 2% of drone casualties are top militant leaders.' It also
argues that the attacks violate international law and are
counterproductive, stating: 'Evidence suggests that US strikes have
facilitated recruitment to violent non-state armed groups, and
motivated further violent attacks One major study shows that 74%
of Pakistanis now consider the U.S. an enemy.'"
[From the report:
In the United States, the dominant
narrative about the use of drones in Pakistan is of a surgically
precise and effective tool that makes the US safer by enabling
“targeted killing” of terrorists, with minimal downsides or
collateral impacts.[1]
This narrative is
false.
(Related)
Appeals
Court Caves to TSA Over Nude Body Scanners
A federal appeals court on Tuesday said
it was giving the Transportation Security Administration until the
end of March to comport with an already 14-month-old order to
“promptly” hold public hearings and take public comment
concerning the so-called nude body scanners installed in U.S. airport
security checkpoints.
The public comments and the agency’s
answers to them are reviewable by a court, which opens up a new
avenue for a legal challenge to the agency’s decision to deploy the
scanners. Critics maintain the scanners, which use radiation to peer
through clothes, are threats to Americans’ privacy and health,
which the TSA denies.
(Related) “First, you have to get
the mule's attention...”
ACLU
sues to get U.S. agencies' license plate tracking records
The American Civil Liberties Union
today sued the U.S. government to get access to information about how
authorities are using automated license plate readers to track
people's movements and location.
The ACLU
filed Freedom of Information Act requests on July 30 with the
departments of Justice, Homeland Security, and Transportation to try
to find out how much officials use the technology and how much it is
paying to expand the program. Agencies are required by law to
respond to FOIA requests within 20 working days, but more than a
month later, only one DOJ office and a few DOT agencies have
responded, according to the ACLU.
Surveillance down under...
"The Age reports on creeping
Australian government surveillance, beginning with the first
operation launched on a baseless rumor. Six decades later the
still-unaware victim read five months of transcripts with deep
distress. Two decades ago few Australians would have consented to
carrying a government-accessible tracking device, but phone and
tablet data accessible without a warrant includes historic and
real-time location data. In 2010-2011 there were 250,000 warrantless
accesses by Federal agencies including ASIO, AFP, the Tax Office,
Defence, Immigration, Citizenship, Health, Ageing, and Medicare.
This is 18 times the rate of similar requests
in the U.S."
Do we get the Feds involved because
there are no state laws making this illegal?
September 25, 2012
FTC
Action Halts Computer Spying by Illinois Companies
News
release: "Seven rent-to-own companies and a software
design firm have agreed to settle Federal Trade Commission
charges that they spied on consumers using computers that consumers
rented from them, capturing screenshots of
confidential and personal information, logging their computer
keystrokes, and in some cases taking webcam pictures of people in
their homes, all without notice to, or consent from, the
consumers. The software design firm collected the data that enabled
rent-to-own stores to track the location of rented computers without
consumers’ knowledge according to the FTC
complaint. The settlements bar the companies from any further
illegal spying, from activating location-tracking software without
the consent of computer renters and notice to computer users, and
from deceptively collecting and disclosing information about
consumers."
Interesting question.
"The Dutch
Supreme Court has asked
the European Court of Justice to decide whether downloading
copyrighted material for personal use — even from illegal
sources — is legal. At the heart of the
debate is whether the European Copyright Directive requires that any
new legal copy of material must have originated from a copy that is
itself legal. The case tests the law in the
Netherlands, where copyright holders are granted a levy on blank
media in exchange for the legalization of private copying."
In the Netherlands, it
is already legal to download from illegal sources. But EU
law might conflict and trump that.
How to get the attention of a Global
company?
"Judge
Flavio Peren of Mato Grosso do Sul state in Brazil has ordered
the arrest of the President of Google Brazil,
as well as the 24-hour
shutdown of Google and Youtube for not removing videos attacking
a mayoral candidate. Google is appealing, but has recently also
faced ordered fines of $500K/day in Parana and the ordered arrest of
another executive in Paraiba in similar cases."
Early reports indicated that the judge
also ordered the arrest of the Google Brazil President, but the story
when this was written is that the police haven't received any such
order (and an earlier such order was overuled recently). The video
is in violation of their pre-election laws.
Sometimes laws make no sense to me...
"Microsoft's Quincy data
center, physical home of Bing and Hotmail, was fined $210,000 last
year because the data center used too little electricity. To avoid
similar penalties for 'underconsumption of
electricity' this year, the data center burned
through $70,000 worth of electricity in three days."
Perspective Stay healthy people!
September 25, 2012
Kaiser
- Visualizing Health Policy
"The latest infographic in the
Visualizing Health Policy series examines health costs in the United
States, including how costs have changed, how they compare to some
other countries, and how they impact American families."
Since I'm surrounded by geeks...
It is an acronym that stands for Free
Art and Technology and this is where Open Source and pop culture
comes together.
This channel demonstrates the future of
information and how it should be presented, because these days
information is taking the visual route and statistics
is no longer the dull science it used to be. [I beg your pardon?
Bob]
There are loads of videos on animated
infographics. If you are into visual design or image facilitation,
this is inspiring stuff. I like the way the channel is described –
Research findings in data visualization captured, streamed, animated…
beautified!
Also a geek thing...
Binreader is designed for someone who
wants a portable Usenet client that runs on anything. You can run it
on Mac, Windows and Linux and it does not need any installation. It
is incredibly easy to use and it uses almost no system resources.
This could be amusing. Perhaps I could
have my students write a script for a commercial advertising their
hacking skills (Hire me or else!)
(Related) ..and then they could make
the video to complete the comemrcial...
No comments:
Post a Comment