A truly great “Bad
Example.” See if you can find even more “Worst Practices” in
the article.
FBI
Memo: Hackers Breached Heating System via Backdoor
… The company used the Niagara
system not only for its own HVAC system, but also installed it for
customers, which included banking institutions and other commercial
entities, the memo noted. An IT contractor who worked for the
company told the FBI that the company had installed
its own control system directly connected to the internet with no
firewall in place to protect it.
Although the system was password
protected in general, the backdoor through the IP address apparently
required no password and allowed direct
access to the control system. “[Th]e published backdoor URL
provided the same level of access to the company’s
control system as the password-protected administrator login,”
said the memo.
The backdoor URL gave access to a
Graphical User Interface (GUI), “which provided a floor plan layout
of the office, with control fields and feedback for each office and
shop area,” according to the FBI. “All areas of the office were
clearly labeled with employee names or area names.”
Preparing for a “false
flag” attack? Or just trying to find information on how to
stabalize satellites?
"A new targeted
attack campaign with apparent Korean ties has been stealing email
and Facebook credentials and other user-profile information from
Russian telecommunications, IT, and space research organizations.
The attackers are grabbing
email user accounts and passwords from Outlook, as well as
information about the victims' email server."
[From the
DarkReading article:
Researchers didn't specify whether it's
either North or South Korea, but say that around 80 percent of the
victims in the attacks are Russian organizations.
Ali Islam, security researcher for
FireEye, says it's possible that Korea is being used as a proxy for
the attack
The other meaning of “swipe”
New
'Dexter' malware strikes point-of-sale systems
Retailer point-of-sale systems may be
at risk of malware that steals credit card data.
Israel-based security firm Seculert
has identified a strain of malware, dubbed Dexter, which it
asserts has infected hundreds of point-of-sale (POS) systems across
40 countries in the past two to three months. English-speaking
countries appear to be a prime target, with 30 percent of infections
in the U.S., 19 percent in the U.K., and 9 percent in Canada.
Perhaps now I can develop that
“Electronic Bounty Hunter” course I've been talking about.
"Japanese police are looking
for an individual who can code in C#, uses a 'Syberian Post Office'
to make anonymous posts online, and knows how to surf the web without
leaving any digital tracks — and they're willing to pay. It is the
first time that Japan's National Police Agency has offered a
monetary reward for a wanted hacker, or put so much technical
detail into one of its wanted postings. The NPA will pay up to
$36,000, the maximum allowed under its reward system. The case is an
embarrassing one for the police, in which earlier this year 4
individuals were wrongly arrested after their PCs were hacked and
used to post messages on public bulletin boards. The messages
included warnings of plans for mass killings at an elementary school
posted to a city website."
(Related) A new toolset...
SpyPhone:
Pentagon Spooks Want New Tools for Mobile ‘Exploitation’
… The DIA wants “technical
exploitation” tools that can efficiently access the data of people
the military believes to be dangerous once their spies collect it.
That’s according to a request
for information the DIA sent to industry on Wednesday. The
agency wants better gear for “triage and automation, advanced
technical exploitation of digital media, advanced areas of mobile
forensics, software reverse engineering, and hardware exploitation,
reverse engineering, and mobile applications development &
engineering.” [Reads like a list of Ethical Hacker classes Bob]
If the DIA runs across digitized information, in other words, it
wants to make rapid use of it.
In the tradition of “Double Secret
Probation” citizens are now members of the Animal House.
Attorney
General Secretly Granted Gov Ability to Develop and Store Dossiers on
Innocent Americans
December 13, 2012 by Dissent
Kim Zetter reports:
In a secret
government agreement granted without approval or debate from
lawmakers, the U.S. attorney general recently gave the National
Counterterrorism Center sweeping new powers to store dossiers on U.S.
citizens, even if they are not suspected of a crime, according to a
news report.
Earlier this year,
Attorney General Eric Holder granted the center the ability to copy
entire government databases holding information on flight records,
casino-employee lists, the names of Americans hosting
foreign-exchange students and other data, and to store it for up to
five years, [and then start a “new” dossier?
Bob] even without suspicion that someone in the database
has committed a crime, according
to the Wall Street Journal, which broke the story.
Read more on Threat
Level.
(Related) Is this simply a coincidence
or a “massive government conspiracy?”
"Hotmail
and Yahoo Mail are apparently sharing [or
have been given... Bob] a secret blacklist of
domain names such that any mention of these domains will cause a
message to be bounced back to the sender as spam. I found out about
this because — surprise! — some of my new proxy site domains
ended up on the blacklist. Hotmail and Yahoo are stonewalling, but
here's what I've dug up so far — and why you should care."
Read on for much more on how Bennett
figured out what's going on, and why it's a hard problem to solve.
(Related) Apparently, Harvard Law lets
you skips the “How a Law is Made” class in favor of the
“Expanding Executive Powers” class.
Obama
Administration Rushes “Creepy Black Box” Mandate on All New Car
Buyers
December
14, 2012 by Dissent
Press
release from the National
Center for Public Policy Research:
National
Center Adjunct Fellow Horace Cooper is condemning the decision by the
Obama Administration to bypass Congress and implement its automobile
“black box” mandate administratively.
The
Department of Transportation has announced a proposed rule to require
Event Data Recorders (EDRs) in 100% of all light vehicles sold in the
United States. EDRs are more commonly known as “black boxes,”
such as those carried by aircraft.
Last
year a similar proposal was killed by the House of Representatives
when it was included in a Senate-passed bill to fund the nation’s
transportation needs.
“Not
only will this new requirement give new resources and data to the DOT
to support more economically-damaging regulations in the future; this
mandate itself represents an unprecedented breach of privacy for
Americans. Operating more like a surveillance camera than a tool for
accident investigation, this DOT rule-making is the embodiment of
Orwellian monitoring,” Cooper explained.
“Contrary
to what is now being claimed, EDRs can and will track the comings and
goings of car owners and even their passengers,” Cooper said.
“EDRs not only provide details necessary for
accident investigation, they also track travel records, passenger
usage, cell phone use and other private data. Who you visit, what
you weigh, how often you call your mother and more is captured by
these devices. Mandating that they be installed and
accessible by the DOT is a terrible idea.”
“This
decision to bypass Congress and adopt this change administratively
demonstrates a reckless disregard for the privacy rights of the
American people,” Cooper argued. “Claiming that the data
collected will only be for the time period immediately surrounding
the crash is no protection when the system itself will be running
whenever the engine is on. In the digital era, we know that even if
the programs were simply overwriting after each start, the underlying
data remains there to be accessed. In this case, we don’t even
have that assurance.”
“It
is axiomatic that before the government can surreptitiously search a
citizen or his car, it needs approval from a judge. Pretending that
that protection goes away when the search is carried out
electronically not only threatens the liberties of all Americans, it
rejects our founders’ clear understanding of the limitations on the
government,” Cooper concluded.
New Jersey, a leader in Privacy?
Things had been going down hill since Uncle Foster was Governor, are
we seeing a reversal?...
New
Jersey Restricts Colleges’ Access to Students’ Personal Accounts,
Considers Similar Protections for Employees
December 13, 2012 by Dissent
Michael Beder writes:
New Jersey earlier
this month became the latest state to bar college and university
officials from demanding access to students’ or applicants’
personal online accounts. Gov. Chris Christie signed the
law, which takes effect immediately, on Dec. 3.
Under the new law,
which applies to public and private higher-education institutions,
schools cannot require a student or applicant to “in any way
provide access” to “a personal account or service through an
electronic communications device,” nor may schools “in any way
inquire as to whether a student or applicant” has a social-media
account.
Read more on Inside
Privacy.
Interesting. Even though they use the
financial area for their example, doesn't this suggest that Congress
is ignorant? (Yes, Bob, it sure does.)
Effective
Regulation Requires Information Richness
… We appreciate the efforts of
thousands of good, well-meaning people who are dedicating large
portions of their careers to resolving the issues, especially in
light of conflicting
political demands.
But as investors, citizens, and
taxpayers, we find the lack of progress troubling, to say the least.
… We
suggest a new way of thinking about regulatory effectiveness to help
inform honest debate, crystallize the issues, and break the
stalemate. Actually, this new
thinking is not so new. It stems directly from cybernetics,
quality
control, and information
theory, all with roots at least 60 years old.
The most important principle (with some
restatement on our part) comes from Stafford Beer in The
Heart of Enterprise: "The complexity
of the regulator must match the complexity of the regulated."
At last, someone is listening to me!
"Enthusiasm about Google's
Kansas City fiber project is overwhelming. But in the Emerald City,
the government doesn't want to wait. They have been stringing fiber
throughout the city for years, and today announced a deal with
company Gigabit Squared and the University of Washington to serve
fiber to 55,000 Seattle homes and businesses with speeds up to a
gigabit. The city will lease out the unused
fiber, but will not have ownership in the provider nor a relationship
with the end customers. [Exactly
the model I suggested 20 years ago! Bob] The
service rollout is planned to complete in 2014. It is the first
of 6 planned university area network projects currently planned by
Gigabit Squared."
The education model has
changed – keep up or become obsolete?
UK
Universities Forge Open Online Courses Alliance: FutureLearn
Consortium Will Offer Uni-Branded MOOCs Starting Next Year
… Today’s news means even more
MOOCs will be offered next year, as 12 UK universities are getting
together to form a new company that will offer the online courses —
under the brand name of FutureLearn
Ltd. The universities are: Birmingham,
Bristol,
Cardiff, East
Anglia, Exeter,
King’s
College London, Lancaster,
Leeds,
Southampton,
St Andrews
and Warwick,
along with UK distance-learning organization The
Open University (OU).
For my Data Analytics
class
Mixpanel
Launches A Site For Analytics Education, With Video Lectures From
YouTube, BranchOut, And Others
Analytics startup Mixpanel
has launched a new page on its website that co-founder Suhail Doshi
described as “TED
for analytics.”
The goal, he said, is to help companies
get a better understanding of what kind of data to collect and how to
use it. To that end, Mixpanel invites experts to its office for six
weeks or so for an “office hours” event where they deliver
lectures to customers and other friends of the company. Now Mixpanel
is sharing those videos with a larger audience.
… You can browse
the videos here.
No comments:
Post a Comment