Wednesday, September 26, 2012

You don't have to do anything to be a target. And there is nothing you can do to avoid being a target.
Wells Fargo is latest bank to be hit by cyberattacks
Wells Fargo is the most recent mega-bank to be hit by a distributed denial-of-service attack. According to the Wall Street Journal, roughly 220 customers filed complaints of outages on its Web site today saying they had problems logging on.
"The amount of bandwidth that is flooding the websites is very large, much larger than in other attacks, and in a sense unprecedented," chief executive of private security firm CrowdStrike Dmitri Alperovitch told the Wall Street Journal.
Last week, similar attacks happened on J.P. Morgan Chase and Bank of America's Web sites.


Not the first “professional” organization with unprofessional levels of security.
IEEE leaks 100,000 members’ usernames and plain-text passwords (updated)
September 25, 2012 by admin
Seen on Slashdot, Radu Dragusin writes:
IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery.
Radu provides additional details about the leak and his analyses of exposed data on IEEElog.
This is not IEEE’s first breach involving members’ information. A November 2010 hack affecting 828 members was disclosed in February 2011. And in April 2011, some members who signed up for life insurance underwritten by NY Life Insurance were notified that a mailing error by Marsh U.S. Consumer exposed some of their information to other members.
Update: Oh hell…. I won’t post links, but it has been pointed out that IEEE’s log files have been mirrored in a number of places on the Internet. If you’re an IEEE member, you may want to search to see what information about you has been exposed.


Strange: This seems to be a “first” although I can't think of a good (or even a bad) reason to do it. (and I'm not sure what “force” is required...)
fermion writes with news of Windows computers being forcefully liberated:
"The campaign headquarters of Michael Grimm, a U.S. House of Representatives member from New York, were vandalized. What has not been reported everywhere is that Linux was installed on one of his computers, erasing data in the process. Is this a new attack on democracy by the open source radicals, or it is just a random occurrence?"
From the article: "'In fact, one officer said to me today they see this as a crime against the government, because I am a sitting United States congressman and they take it very seriously. [Unlike crimes against us 'second class' citizens Bob] You know, especially in light of what happened with Gabby Giffords, we're not in the world today where we can shrug things off,' Grimm said. ... [GNU/]Linux, an open-source operating system, was installed on Grimm's computers, erasing the hard drive contents, which included polling and voter identification data. But staff had backed up the hard drive contents hours beforehand. Grimm and his staffers said the vandalism — cement blocks were thrown through the office's windows — is a cover-up for the attacks on the computers."


I think I've linked to this report earlier...
Drones Subject to GPS Spoofing, Privacy ‘Abuses,’ GAO Report Warns
The Government Accountability Office is warning Congress that its push for drones to become commonplace in U.S. airspace fails to take into account concerns surrounding privacy, security and even GPS jamming and spoofing.
The GAO, Congress’ research arm, was responding to the FAA Modernization and Reform Act of 2012, signed by President Barack Obama in February, which among other things requires the Federal Aviation Administration to accelerate drone flights in U.S. airspace.
… But there’s a concerted push to expand the commercial use of drones for pipeline, utility, and farm fence inspections; vehicular traffic monitoring; real-estate and construction-site photography; relaying telecommunication signals; fishery protection and monitoring; and crop dusting, according to the report (.pdf), which was distributed to lawmakers earlier this month.
… Among other things, the report urged the Transportation Security Administration [God help us! Bob] to come up with a plan to secure operation centers for unmanned drones, recommended the government formulate privacy protections to head off “abuses” and also pointed out safety concerns that need to be addressed regarding GPS spoofing and jamming.
In a GPS jamming scenario, the UAS could potentially lose its ability to determine its location, altitude, and the direction in which it is traveling. Low-cost devices that jam GPS signals are prevalent. This problem can be mitigated by having a second or redundant navigation system onboard the UAS that is not reliant on GPS, which is the case with larger UAS typically operated by DOD and DHS.
… “Once the authentic (original) GPS signal is overpowered, the UAS is under the control of the ‘spoofer.’ This type of scenario was recently demonstrated by researchers at the University of Texas at Austin at the behest of DHS.”
The report comes three months after it was revealed that there are 64 drone bases on U.S. soil, with several private companies cleared to operate them. As for legal protections for citizens, “there is very little in American privacy law that prohibits drone surveillance within our borders,” points out Ryan Calo, the director for Privacy and Robotics at the Stanford Center for Internet and Society.
… According to the EFF:
The Seattle Police Department’s drone comes with four separate cameras, offering thermal infrared video, low light ‘dusk-dawn’ video, and a 1080p HD video camera attachment. The Miami-Dade Police Department and Texas Department of Public Safety have employed drones capable of both daytime and nighttime video cameras, and according to the Texas Department of Public Safety’s Certificate of Authorization (COA) paperwork, their drone was to be employed in support of ‘critical law enforcement operations.’
The report noted that commercial and government drone expenditures could top $89 billion over the next decade.

(Related) I think this one is new...
"In 'Living Under Drones,' investigators from Stanford and NYU Law Schools report on interviews with 130 people in Pakistan about U.S.-led drone attacks there, including 69 survivors and family members of victims. The report affirms Bureau of Investigative Journalism numbers that count '474 to 884 civilian deaths since 2004, including 176 children' while 'only about 2% of drone casualties are top militant leaders.' It also argues that the attacks violate international law and are counterproductive, stating: 'Evidence suggests that US strikes have facilitated recruitment to violent non-state armed groups, and motivated further violent attacks One major study shows that 74% of Pakistanis now consider the U.S. an enemy.'"
[From the report:
In the United States, the dominant narrative about the use of drones in Pakistan is of a surgically precise and effective tool that makes the US safer by enabling “targeted killing” of terrorists, with minimal downsides or collateral impacts.[1]
This narrative is false.

(Related)
Appeals Court Caves to TSA Over Nude Body Scanners
A federal appeals court on Tuesday said it was giving the Transportation Security Administration until the end of March to comport with an already 14-month-old order to “promptly” hold public hearings and take public comment concerning the so-called nude body scanners installed in U.S. airport security checkpoints.
The public comments and the agency’s answers to them are reviewable by a court, which opens up a new avenue for a legal challenge to the agency’s decision to deploy the scanners. Critics maintain the scanners, which use radiation to peer through clothes, are threats to Americans’ privacy and health, which the TSA denies.

(Related) “First, you have to get the mule's attention...”
ACLU sues to get U.S. agencies' license plate tracking records
The American Civil Liberties Union today sued the U.S. government to get access to information about how authorities are using automated license plate readers to track people's movements and location.
The ACLU filed Freedom of Information Act requests on July 30 with the departments of Justice, Homeland Security, and Transportation to try to find out how much officials use the technology and how much it is paying to expand the program. Agencies are required by law to respond to FOIA requests within 20 working days, but more than a month later, only one DOJ office and a few DOT agencies have responded, according to the ACLU.


Surveillance down under...
"The Age reports on creeping Australian government surveillance, beginning with the first operation launched on a baseless rumor. Six decades later the still-unaware victim read five months of transcripts with deep distress. Two decades ago few Australians would have consented to carrying a government-accessible tracking device, but phone and tablet data accessible without a warrant includes historic and real-time location data. In 2010-2011 there were 250,000 warrantless accesses by Federal agencies including ASIO, AFP, the Tax Office, Defence, Immigration, Citizenship, Health, Ageing, and Medicare. This is 18 times the rate of similar requests in the U.S."


Do we get the Feds involved because there are no state laws making this illegal?
September 25, 2012
FTC Action Halts Computer Spying by Illinois Companies
News release: "Seven rent-to-own companies and a software design firm have agreed to settle Federal Trade Commission charges that they spied on consumers using computers that consumers rented from them, capturing screenshots of confidential and personal information, logging their computer keystrokes, and in some cases taking webcam pictures of people in their homes, all without notice to, or consent from, the consumers. The software design firm collected the data that enabled rent-to-own stores to track the location of rented computers without consumers’ knowledge according to the FTC complaint. The settlements bar the companies from any further illegal spying, from activating location-tracking software without the consent of computer renters and notice to computer users, and from deceptively collecting and disclosing information about consumers."


Interesting question.
"The Dutch Supreme Court has asked the European Court of Justice to decide whether downloading copyrighted material for personal use — even from illegal sources — is legal. At the heart of the debate is whether the European Copyright Directive requires that any new legal copy of material must have originated from a copy that is itself legal. The case tests the law in the Netherlands, where copyright holders are granted a levy on blank media in exchange for the legalization of private copying."
In the Netherlands, it is already legal to download from illegal sources. But EU law might conflict and trump that.


How to get the attention of a Global company?
"Judge Flavio Peren of Mato Grosso do Sul state in Brazil has ordered the arrest of the President of Google Brazil, as well as the 24-hour shutdown of Google and Youtube for not removing videos attacking a mayoral candidate. Google is appealing, but has recently also faced ordered fines of $500K/day in Parana and the ordered arrest of another executive in Paraiba in similar cases."
Early reports indicated that the judge also ordered the arrest of the Google Brazil President, but the story when this was written is that the police haven't received any such order (and an earlier such order was overuled recently). The video is in violation of their pre-election laws.


Sometimes laws make no sense to me...
"Microsoft's Quincy data center, physical home of Bing and Hotmail, was fined $210,000 last year because the data center used too little electricity. To avoid similar penalties for 'underconsumption of electricity' this year, the data center burned through $70,000 worth of electricity in three days."


Perspective Stay healthy people!
September 25, 2012
Kaiser - Visualizing Health Policy
"The latest infographic in the Visualizing Health Policy series examines health costs in the United States, including how costs have changed, how they compare to some other countries, and how they impact American families."


Since I'm surrounded by geeks...
It is an acronym that stands for Free Art and Technology and this is where Open Source and pop culture comes together.
This channel demonstrates the future of information and how it should be presented, because these days information is taking the visual route and statistics is no longer the dull science it used to be. [I beg your pardon? Bob]
There are loads of videos on animated infographics. If you are into visual design or image facilitation, this is inspiring stuff. I like the way the channel is described – Research findings in data visualization captured, streamed, animated… beautified!


Also a geek thing...
Binreader is designed for someone who wants a portable Usenet client that runs on anything. You can run it on Mac, Windows and Linux and it does not need any installation. It is incredibly easy to use and it uses almost no system resources.


This could be amusing. Perhaps I could have my students write a script for a commercial advertising their hacking skills (Hire me or else!)

(Related) ..and then they could make the video to complete the comemrcial...


No comments: