Another moderate sized hack that
sneaked past me?
Hackers
steal customer info from insurance provider Nationwide
Hackers broke into insurance company
Nationwide's network in October, stealing the personal information of
more than a million customers across the country, the insurance
company recently
revealed.
The company said the compromised
information included people's names and a combination of Social
Security numbers, driver's license numbers, their date of birth, and
possibly marital status, gender, and occupation, as well as the names
and addresses of employers. Nationwide said it had
no evidence that any medical information or credit card
account data was stolen.
… Although the hack occurred on
October 3, the company didn't launch an investigation until October
16. The company learned from the investigation that information had
indeed been compromised and confirmed the identities of affected
customers on November 2. The case has now been handed over to law
enforcement.
Definately worth a read. Consider this
in connection to the recent ruling that said Banks were responsible
if their security was “unreasonable” – would that apply here?
"Check Point has revealed how a
sophisticated malware attack was used to steal
an estimated €36 million from over 30,000 customers of over 30
banks in Italy, Spain, Germany and Holland over summer this year.
The theft used malware to target the PCs and mobile devices of
banking customers. The attack also took advantage of SMS messages
used by banks as part of customers' secure login and authentication
process. The attack infected both corporate and private banking
users, performing automatic transfers that varied from €500 to
€250,000 each to accounts spread across Europe."
[From the article:
The attack worked by infecting victims’
PCs and mobiles with a modified version of the Zeus trojan. When
victims attempted online bank transactions, the process was
intercepted by the trojan.
Under the guise of upgrading the online
banking software, victims were duped into giving additional
information including their mobile phone number, infecting the mobile
device. The mobile Trojan worked on both Blackberry and Android
devices, giving attackers a wider reach.
With victims’ PCs and mobile devices
compromised, the attackers could intercept and hijack all the
victims’ banking transactions, including the key to completing the
transaction: the bank’s SMS to the customer containing the
‘transaction authentication number’ (TAN). With the account
number, password, and TAN, the attackers were able to stealthily
transfer funds out of victims’ accounts while victims were left
with the impression that their transaction had completed
successfully.
Making survillance even more
ubiquitous? Go to my website and I'll grab control of your webcam
and snap photos of you...
Add
an HTML5 Webcam to Your Site With Photobooth.js
The big web development news for 2013
is shaping up to be WebRTC,
a set of APIs being developed by Mozilla, Google and others at the
W3C that allows web developers to access device hardware — your
camera, microphone, accelerometer and so on. Even now hardly a day
goes by without a
new demo showcasing WebRTC in some way.
The latest WebRTC hotness to catch our
eye is developer
Wolfram Hempel’s Photobooth.js, a JavaScript library for
working with a device’s camera. Photobooth.js
allows users to take pictures directly on your website, for example,
to add an avatar. It also acts a bit like the OS X Photobooth app,
offering real-time adjustments for hue, saturation and brightness
(one word of warning, hue can really slow down Firefox).
Want to add a Photobooth-style camera
app to your site? Just download
Photobooth.js and add this code to your page:
1 |
myPhotobooth = new
Photobooth( document.getElementById( "container"
) );
|
That’s it.
Another version of “Behavioral”
tracking?
"Coursera announced
its 'career services' feature yesterday for students who opt in.
The company that works with elite colleges to offer free courses is
sharing more than just academic scores — showing
potential employers evidence of 'soft skills,' like how helpful
students were in class discussion forums. 'Udacity, another company
that provides free online courses, offers a similar service. ...
Udacity's founder, Sebastian Thrun, said in an interview that 350
partner companies had signed up for its job program. While Mr. Thrun
would not say how much employers pay, he characterized the fee as
"significantly less than you'd pay for a headhunter, but
significantly more than what you'd pay for access to LinkedIn,"
a popular social network for job hunters.'"
Three in Colorado...
Newly
Released Drone Records Reveal Extensive Military Flights in US
December 5, 2012 by Dissent
Jennifer Lynch writes:
Today EFF posted
several thousand pages of new drone license records and a new map
that tracks the location of drone flights across the United States.
These records,
received as a result of EFF’s
Freedom of Information Act (FOIA) lawsuit against the Federal
Aviation Administration (FAA), come from state and local law
enforcement agencies, universities and—for the first time—three
branches of the U.S. military: the Air Force, Marine Corps, and DARPA
(Defense Advanced Research Projects Agency).
Read what EFF found and see their map,
here.
(Related) Turning a Black Hawk into a
drone is as easy as adding a few electronic components and an
inflatable pilot...
"A specially equipped Black
Hawk was recently used to demonstrate
the helicopter's ability to operate on its own. In the first
such test of its type, the U.S. Army Aviation and Missile Research's
Development and Engineering Center, based at Redstone Arsenal, flew
the Black Hawk over Diablo Mountain Range in San Jose, Calif. Pilots
were aboard the aircraft for the tests, but all flight maneuvers were
conducted autonomously: obstacle field navigation, safe landing area
determination, terrain sensing, statistical processing, risk
assessment, threat avoidance, trajectory generation and autonomous
flight control were performed in real-time. 'This was the first time
terrain-aware autonomy has been achieved on a Black Hawk,' said Lt.
Col. Carl Ott, chief of the Flight Projects Office at AMRDEC's
Aeroflightdynamics Directorate and one of the test's pilots."
(Related) Drigibles make great drones,
since they can loiter for days. They will also make “death-by-drone”
much cheaper, since with their huge lift capacity they just carry a
bunch of really big rocks to drop on the bad guys...
"The dirigible airship, the
oddball aircraft of another era, is making a comeback.
California-based Aeros Corporation has created a prototype of its new
breed of variable buoyancy aircraft and expects the vehicle to be
finished before the end of 2012. With its new cargo handling
technology, minimum fuel consumption, vertical take-off and landing
features and point to point delivery, the Aeroscraft platform
promises to revolutionize airship technology. The Aeroscraft ship
uses a suite of new mechanical and aerospace technologies. It
operates off a buoyancy management system which controls and adjusts
the buoyancy of the vehicle, making it light or heavy for any stages
of ground and flight operation. Automatic flight control systems
give it equilibrium in all flight modes and allow it to adjust helium
pressurized envelopes depending on the buoyancy requirements. It
just needs one pilot and has an internal ballast control system,
which allows it to offload cargo, without using ballast. Built with
a rigid structure, the Aeroscraft can control lift at all stages with
its Vertical Takeoff and Landing (VTOL) capabilities and carry
maximum payload while in hover. What makes it different from other
cargo vehicles is that it does not need a runway or ground
infrastructure."
(Related) Speaking of “death-by-drone”
Death
by Algorithm: West Point Code Shows Which Terrorists Should Disappear
First
Paulo Shakarian has an algorithm that
might one day help dismantle al-Qaida — or at least one of its
lesser affiliates. It’s an algorithm that identifies which people
in a terror network really matter, like the mid-level players, who
connect smaller cells with the larger militant group. Remove those
people, either by drone or by capture, and it concentrates power and
authority in the hands of one man. Remove that man, and you’ve
broken the organization.
How do I stalk thee...
FTC
settles charges against Epic Marketplace over “history sniffing”
to collect data from consumers
December 5, 2012 by Dissent
From the FTC’s press release:
An online
advertising company agreed to settle Federal Trade Commission charges
that it used “history sniffing” to secretly and illegally gather
data from millions of consumers about their interest in sensitive
medical and financial issues ranging from fertility and incontinence
to debt relief and personal bankruptcy.
The FTC settlement
order bars
the company, Epic Marketplace Inc., from continuing to use history
sniffing technology, which allows online operators to “sniff”
a browser to see what sites consumers have visited in the past.
… Epic
Marketplace is a large advertising network that has a presence on
45,000 websites. Consumers who visited any of the network’s sites
received a cookie, which stored information about their online
practices including sites they visited and the ads they viewed.
… In its
privacy policy, Epic claimed that it would collect information only
about consumers’ visits to sites in its network.
… The consent
order bars Epic Marketplace, Inc., and Epic Media Group, LLC from
using history sniffing, and requires that they delete
and destroy all data collected using it. [That's a new one... Bob]
Documents on this case, including the
complaint and proposed consent order, can be found here.
(Related)
FTC
to Host Comprehensive Collection of Web Data Workshop TODAY
December 6, 2012 by Dissent
The FTC reminds everyone:
The Federal Trade
Commission will host a workshop
exploring the practices and privacy implications of comprehensive
data collection. FTC Commissioner Julie Brill will deliver the
opening remarks, and Commissioner Maureen Ohlhausen will provide
remarks after lunch. Consumer protection organizations, academics,
business and industry representatives, privacy professionals, and
others will join FTC staff to examine the technological landscape,
benefits and risks, consumer knowledge and attitude, and the future
of comprehensive data collection.
Webcast
The workshop will
be webcast live.
Submit
questions online
FTC staff will
live-tweet the day-long event using the hashtag #FTCpriv from the
agency’s @FTC
account. To submit questions for panelists online, tweet them with
the hashtag, post them to the FTC’s
Facebook page, or email them toopa@ftc.gov.
More details on the FTC’s
site.
Still room for my Computer Security
students Also for my Statistics students...
The following is a press release from HITRUST, released today:
According to the
Health Information Trust Alliance’s (HITRUST) analysis of U.S.
healthcare data breaches from 2009 to the present, the
healthcare industry has made little progress in reducing
the number of breaches with troubling statistics seen from the same
types of organizations, breaches and locations. The retrospective
analysis of breaches affecting 500 or more individuals indicates a
slight decline in the total number of breaches during the past three
years, but overall the industry’s susceptibility to certain types
of breaches has been largely unchanged since breach data became
available from the U.S. Department of Health and Human Services (HHS)
and the new HIPAA and HITECH Act regulations went into effect.
… A close look
at the HHS data reveals that since 2009 the industry has experienced
495 breaches involving 21 million records at an estimated cost of $4
billion. With the annual number of total breaches remaining fairly
consistent, hospitals and health systems is one of the few groups
that can claim some improvements in protecting health information
with the largest decline in reported breaches. This group
experienced a decline of 71 percent from 2010 to 2011 in the number
of breaches, and for the first two quarters of 2012 has only
experienced 14 breaches (compared with a total of 48 for 2011).
Health plans have also seen a steady decline in breaches since 2009
and have not had to post since the first quarter of 2012.
… The HITRUST
report – “A Look Back: U.S. Healthcare Data Breach Trends” –
is publically available for download at
HITRUSTalliance.net/breachreport
along with an infographic of the analysis.
I have not yet read their report, but
already wonder about the fact that if this is based solely on
breaches reported to HHS, the year-to-year comparisons may be valid,
but overall, they may be underestimating breaches in the entire
sector as many breaches that incorporate ID theft for Medicare fraud
do not get reported on HHS/OCR’s breach tool, and well, frankly, I
think there are a lot more insider breaches than the known numbers
might suggest. This is apart from hacking/malware breaches that they
recognize are also likely under-reported. Records breached is an
important measure when it comes to calculating costs and the total
number of patients affected, but insider breaches seem to do more
harm and perhaps, need to be viewed or weighted differently. But let
me try to read the report this weekend and then we’ll see…
I wonder how many taxpayers “Like”
the Revenue Department?
December 05, 2012
State
of North Carolina - Social Media Archive
"This free and open archive
provides access to more than 55,000 social
media records from selected North Carolina state agencies. It is
currently in beta. Social media activity from these agencies is
continually being captured and indexed, and additional agencies will
be included in the future. The content in this archive has been
captured because it was made or received pursuant to law or ordinance
in connection with the transaction of public business by an agency of
North Carolina government or its subdivisions (G.S. § 132-1). Enter
a keyword to search across the entire archive of social media sites,
or use the Advanced Search for more options."
How bad must this be if the judge is
allowing their equivalent of the NSA to be sued?
Megaupload’s
Kim Dotcom allowed to seek damages against spy agency
December 6, 2012 by Dissent
Jeremy Kirk reports:
New Zealand’s
High Court ruled Wednesday that Kim Dotcom and a Megaupload colleague
can pursue damages against police and one of the country’s spy
services for illegally intercepting their communications.
In her judgment,
Justice Helen Winkelmann also added the Government
Communications Security Bureau (GCSB) as a defendant in the case,
ordering the agency to turn over some details of the agency’s
surveillance with respect to national security concerns. Another
hearing is planned for next week.
New Zealand’s
government admitted it illegally spied on Dotcom and Bram van der
Kolk prior to a January raid on Dotcom’s mansion that coincided
with the shutdown of their Megaupload file-sharing service.
Read more on Computerworld.
Can you imagine a court here ever letting someone sue the government
this way?
(Related) True, but not exactly as
they might like us to believe. I also find it interesting that all
of these “pirate movie sites” (thanks for the list) seem to be
accessed heavily from the DU Law School. No doubt they are preparing
cases against offenders. I'll ask them during one of their Free
Movie Nights...
"The Motion Picture Association
of America (MPAA) has declared that the
Megaupload shutdown earlier this year has been a great success.
In a filing to the Office of the U.S. Trade Representative, the group
representing major movie studios says the
file hosting and sharing industry has been massively disrupted.
Yet the MPAA says there is still work to be done, identifying sites
that make available to downloaders 'unauthorized copies of
high-quality, recently-released content and in some cases, coordinate
the actual upload and download of that content.' Here's
the list of sites, including where they are hosted:
Extratorrent (Ukraine), IsoHunt (Canada), Kickass Torrents (Canada),
Rutracker (Russia), The Pirate Bay (Sweden), Torrentz (Canada), and
Kankan (China)."
The Design students use it to
manipulate photos, Criminal Justice students use it to generate
evidence...
Photoshop is one insanely powerful
program. It has so many features that it is honestly hard to wrap
your head around it. Unfortunately, it also comes with a price tag
and learning curve that reflect the load of features and options.
After all, there are entire classes dedicated to just learning the
program, and once you do, you will have to run out and drop hundreds
of dollars to have it installed on your own computer.
… So what can you do to get some of
the features of Photoshop without the price tag? You can download
Sumo Paint for Chrome. It offers many of the high-end features you
expect from Photoshop, but without the insane price tag. In fact, it
runs right in your web browser and is available from the Chrome
Webstore for the low cost of $0.
An Origami design tool! God I wish I
had a drop of artistic talent...
Fold
It Right There: New iPad App Makes Papercraft More Fun Than Ever
… Indie developer Pixle
is releasing a tool for the iPad to make designing your own
papercraft figures super easy.
The app, called Foldify, uses
a mixture of pre-build patterns and finger painting tools to allow
you to create designs while previewing them in 3-D on
the fly. Once you’re done, print them out on card
stock, cut and fold. As easy as that, more weird things for your
desk.
For my Math students
No comments:
Post a Comment