Best Practices As new security tools
and techniques become available, you should re-visit applications
that were “cleared” using earlier, less capable tools. I suspect
few organizations do, and therefore don't detect backdoors added by
“cutting edge” hackers.
Cryptic
Studios uncovers old hack, notifies users
A reader alerted me to a breach
notification he received from Perfect World subsidiary
Cryptic
Studios, a massively multiplayer online role-playing game
developer. You can read the
web
version of their notice.
The hack occurred in
2010 but was only first discovered now due to “increased security
analysis.”
The intruder reportedly accessed
account names, handles, and encrypted passwords, at least some of
which were apparently decrypted. The intruder also may have been
able to access date of birth, e-mail and billing addresses, and
partial credit card numbers, although Cryptic Solutions doesn’t
believe that those were accessed.
As always, if you had reused passwords
across sites, go change your passwords on the other sites.
(Related) ...and here's why we follow
Best Practices. (Yes, I'm being repetitious and redundant. That too
is a Best Practice.)
"If businesses and consumers
stuck to security basics, they could have avoided
all cases of Conficker worm infection detected on 1.7 million
systems by Microsoft researchers in the last half of 2011. According
to the latest Microsoft Security Intelligence report, all cases of
Conficker infection stemmed from just two attack methods: weak or
stolen passwords and exploiting software vulnerabilities for which
updates existed."
Everything's big in China. When they
decide to clean house, they seem to have no trouble identifying and
gathering up large volumes of 'evil doers.' But then, the first time
is easy. Now that they have been warned, they'll start using
accounts in their lawyer's names.
Cn:
1,700 arrested on stealing personal data
Wow. He Dan reports:
Police across the
country have arrested more than 1,700 people on suspicion of stealing
or misusing personal information, according to the Ministry of Public
Security.
Under the
ministry’s deployment, police in 20 provincial-level regions,
including Beijing and Shanxi, uncovered 38 operations where people’s
personal details were being illegally traded, according to a
statement posted on the ministry’s website on Tuesday night.
In the first-ever
crackdown of its kind, 611 companies that illicitly
conducted surveys were closed, and 161 unauthorized databases were
destroyed.
(Related) But if you want really big,
you have to hand it to Texas.
Texas
Error Exposed Over 13 Million Voters’ Social Security Numbers
I don’t know he is on other
issues, but Texas Attorney General Greg Abbott is one of the most
active AG’s when it comes to pursuing those who dump data or don’t
secure it properly. I can only imagine how mortified he must be by
this breach, which thankfully, could have been much worse if the data
had fallen into the wrong hands.
From the Lone Star Project:
A legal brief
filed by opponents of the Texas Voter Photo ID law reveals that
Attorney General Greg Abbott exposed millions of Texas voters’ full
Social Security numbers to possible theft and abuse.
The brief, filed
Monday, April 23, 2012 states:
Texas voters
escaped public release of their Social Security numbers only because
of the vigilance of conscientious lawyers working against the Voter
Photo ID bill. Rather than attach the files to documents circulated
to other attorneys or expose them to access by the general public,
opposing counsel immediately notified the AG’s office of the
bungled release of private data. Abbott then, at the expense of
Texas taxpayers, sent a courier to both New York and Washington, DC
to retrieve the files.
According to the Texas Secretary of
State web site, Texas had 13,269,233 registered voters in the
November 2010 election.
China again. If China steals from
everyone, why bother to hack anyone else?
VMWare
Source Code Leak Follows Alleged Hack of Chinese Defense Contractor
Source code belonging to VMWare has
leaked to the internet after apparently being stolen by a hacker who
claims to have obtained it from a Chinese firm’s network.
The source code belongs to VMWare’s
ESX virtual machine software product, a popular tool for creating and
operating virtual computing environments. The code was posted to the
Patebin web site, a repository for coders that has become a favorite
for hackers to publish purloined wares.
VMWare acknowledged the leak in a note
posted to the company’s web site.
Perhaps my “Technical University”
could team up with the PrivacyFoundation.org and build a few for
demonstration purposes? Nerf weapons anyone?
Who
Has the Right to Fly a Drone Above Your Head? Finally, There's a List
While the government's use of drones in
other countries has drawn scrutiny, there are plenty of drones flying
in American skies on behalf of the military, law enforcement,
universities, and local governments.
… Perhaps most interesting is how
many universities have applied for permits. Some may be working with
military grant money. [Magic words for cutting
through University red tape Bob]
It's a start, but one not likely to
last past November without a lot more public comment. -
The
White House threatens to veto CISPA
This may be the strongest
pro-privacy statement I’ve seen from President Obama. Let’s
hope it’s not just posturing and rhetoric: [Is
it from a politician? Are his lips moving? Bob]
The Administration
is committed to increasing public-private sharing of information
about cybersecurity threats as an essential part of comprehensive
legislation to protect the Nation’s vital information systems and
critical infrastructure. The sharing of information must be
conducted in a manner that preserves Americans’ privacy, data
confidentiality, and civil liberties and recognizes the civilian
nature of cyberspace. Cybersecurity and privacy are not mutually
exclusive. Moreover, information sharing, while an essential
component of comprehensive legislation, is not alone enough to
protect the Nation’s core critical infrastructure from cyber
threats. Accordingly, the Administration strongly opposes H.R. 3523,
the Cyber Intelligence Sharing and Protection Act, in its current
form.
[Yada,
yada, yada Bob]
The House takes up the bill Thursday
and there have been a slew of proposed amendments, the vast majority
of which do not address the main concerns privacy advocates have.
If I ran for President on an “eliminate
TSA” platform, would Obama and Romney even notice?
"With public outcry against the
TSA continuing to spread, the
TSA is defending a recent episode in which a four-year-old was patted
down while kicking and screaming at Wichita Airport in Kansas.
From the AP article: 'The grandmother of a 4-year-old girl who became
hysterical during a security screening at a Kansas airport said
Wednesday that the child was forced to undergo a pat-down after
hugging her, with security agents yelling and calling the crying girl
an uncooperative suspect.'"
Now even those who are not Computer
Security majors may listen to me.
Some years ago, this worked into my
model for organizational change. It is very difficult to change an
organization's culture, so you need to create a parallel
organization. When it works the way you want it to, you fold the
original organization and transfer everything to the new one. (If it
doesn't work, kill it and start over.)
The
A/B Test: Inside the Technology That’s Changing the Rules of
Business
… Over the past decade, the power
of
A/B testing
has become an open secret of high-stakes web development. It’s now
the standard (but seldom advertised) means through which Silicon
Valley improves its online products. Using A/B, new ideas can be
essentially focus-group tested in real time: Without being told, a
fraction of users are diverted to a slightly different version of a
given web page and their behavior compared against the mass of users
on the standard site. If the new version proves superior—gaining
more clicks, longer visits, more purchases—it will displace the
original; if the new version is inferior, it’s quietly phased out
without most users ever seeing it. A/B allows seemingly subjective
questions of design—color, layout, image selection, text—to
become incontrovertible matters of data-driven social science.
After joining the Obama campaign,
Siroker used A/B to rethink the basic elements of the campaign
website. The new-media team already knew that their greatest
challenge was turning the site’s visitors into subscribers—scoring
an email address so that a drumbeat of campaign emails might
eventually convert them into donors.
… Most shocking of all to Obama’s
team was just how poorly their instincts served them during the test.
Almost unanimously, staffers expected that a video of Obama speaking
at a rally would handily outperform any still photo. But in fact the
video fared 30.3 percent worse than even the turquoise image.
[Amazing! Politicians believing facts! Bob]
One word: Multivac
"Google could go the way of the
dodo if ultra intelligent electronic agents (UIEA) make their way
into the mainstream, according to technology prognosticator Daniel
Burrus. Siri is just the first example of how a UIEA
could end search as we know it. By leveraging the cloud and
supercomputing capabilities, Siri uses natural language search to
circumvent the entire Google process. If Burrus is right, we'll no
longer have to wade through '30,000,000 returns in .0013
milliseconds' of irrelevant search results."
Why wouldn't your local bank offer the
same service? After all, “that's where the money is.” (Willie
Sutton)
Buy
a product on Walmart.com, pay with...cash?
The retail giant
says that customers can now browse more items on its Web site, and
then opt to pay with cash by heading into a local store and dropping
off the Benjamins.
That will teach him to toy with Hasbro!
(Should you really sue your fans?)
Hasbro
Goes After Blogger In IP Theft Case
You’d never think that the world of
Nerf guns and dart shooters was so intense, but Hasbro apparently
sued a blogger for leaking information about unreleased Nerf products
he found on Chinese marketplace
Taobao
using the sweetest bait imaginable: free Nerf guns.
Urban
Taggers is a blog about “assault blasters” for “kidults.”
Essentially they cover Nerf guns and the like and are fairly popular
in the space. The lead blogger, Pocket, ran a review of an
unreleased gun. A few days later, he received a note from Hasbro
offering some guns to giveaway to his readers. Eager to share the
blaster love, he agreed and sent his address. That’s when his
troubles began.
Immediately after the emails went back
and forth, Pocket received a letter from Hasbro’s lawyers accusing
him of IP theft.
Perspective. Can you see shelves full
of Kindles? Me neither...
http://www.bespacific.com/mt/archives/030138.html
April 25, 2012
Pew
Presentation: Public libraries in the digital age
Public
libraries in the digital age by Mary Madden, Kathryn Zickuhr, Apr
25, 2012 at Chief Officers of State Library Agencies: "They
presented findings on the rise of e-reading, including reading-device
ownership and the general reading habits/preferences of Americans.
Their presentation included libraries research fact sheets:
(Related) Sci-Fi publishers are such
forward thinking people I would expect nothing less...
"'Science fiction publisher Tor
UK is dropping
digital rights management from its e-books alongside a similar
move by its U.S. partners. ... Tor UK, Tor Books and Forge are
divisions of Pan Macmillan, which said it
viewed the move as an "experiment."'
With experiments, come results. Now users can finally read their
books across multiple devices such as Amazon's Kindle, Sony Reader,
Kobo eReader and Apple's iBooks. Perhaps we will see the *increase*
of sales, because the new unrestricted format outweighs the decrease
caused by piracy?"
Useful in my “build your own website”
class...
Tools to keep in the “Oh Crap!”
folder.
I'm afraid to ask. Is this for the
“English for people who can't read” class?
Yesterday, I
Tweeted
a story from
Open
Culture that highlighted 12 animated Shakespeare stories. In my
investigation of the video source that Open Culture highlighted, I
discovered
Shakespeare
Animated. Shakespeare Animated is a YouTube channel containing
twelve playlists ten of which are animated adaptations of
Shakespeare's most famous plays. Some of the animated plays that
appear in the Shakespeare Animated playlist are
Romeo and Juliet,
Hamlet, MacBeth, and
The Taming of the Shrew. I've
embedded part one of
Romeo and Juliet below.
The
Shakespeare
Animated videos could be useful for supporting your students'
reading of Romeo and Juliet or any of the nine other plays in the
list. Because the plays are broken into segment they are well-suited
to being used one class meeting at a time. You could show the ten to
twelve minute segments
You might also like:
For my students (and my 1%)
Another
Crowdfunding Player Enters The Fray: Apps Genius Launches
GetFunded.com
… Like Kickstarter and many others,
GetFunded will be a
“crowdfunding platform for entrepreneurs who are seeking new
investments in their businesses and ideas,” according to a
statement
from App Genius.