Friday, February 01, 2013

It's just the Chairman, checking his US investments...
"The Wall Street Journal said Thursday its computers were hit by Chinese hackers, the latest U.S. media organization citing an effort to spy on its journalists covering China. The Journal made the announcement a day after The New York Times said hackers, possibly connected to China's military, had infiltrated its computers [Interesting phrase from journalists who write accurately... Bob] in response to its expose of the vast wealth amassed by a top leader's family. The Journal said in a news article that the attacks were 'for the apparent purpose of monitoring the newspaper's China coverage' and suggest that Chinese spying on U.S. media 'has become a widespread phenomenon.'"

(Related) Can we wage war without drones? (Is this what all the “digital Pearl Harbor” posturing was about?)
U.S. weighs retaliation to alleged Chinese cyberattacks
The Obama administration is considering further action after the failure of high-level talks with Chinese officials over cyberattacks against America, according to the Associated Press.
The AP reports that two former U.S. officials say the administration is currently preparing a new National Intelligence Estimate -- a governmental assessment of concerns relating to security -- in order to better understand and analyze the persistence of cyberattacks that come from China.
Once this is complete, it will apparently be possible to better address the security threat, as well as justify actions to defend both the general public and national security.


At least they weren't Chinese...
"Amazon.com, the multi-billion online retail website, experienced an outage of unknown proportions on Thursday afternoon. Rumblings of an Amazon.com outage began popping up on Twitter at about 2:40 PM ET. Multiple attempts to access the site around 3:15 PM ET on Thursday were met with the message: 'Http/1.1 Service Unavailable.' By 3:30 PM ET the site appeared to be back online for at least some users. How big of a deal is an hour-long Amazon outage? Amazon.com's latest earnings report showed that the company makes about $10.8 billion per quarter, or about $118 million per day and $4.9 million per hour."
Update: 01/31 22:25 GMT by T : "Hackers claim credit."
[From the update:
The group went on detail how it knocked the front door down (only Amazon.com's front page was offline), with a large "botnet" or network of thousands of computers working together.
… Amazon.com averages $100,000 per minute in sales according to the Seattle Times.
“The gateway page of Amazon.com was offline to some customers for approximately 49 minutes,"


Your Computer Security managers should be able to explain each of these...
Security threats have increasingly come from new directions and that isn’t looking set to change in 2013. There are new risks you should be aware of, exploits of popular applications, increasingly sophisticated phishing attacks, malware, and scams targeting our love of social networks and photo sharing, and threats associated with viewing online videos.


Honest, this is not my Ethical Hackers retaliating for the New York Times hack. I know the lawyers at the Sturm College of Law (University of Denver) are looking at Mobile Apps for a March 15th seminar, perhaps we can get them to include a few malware Apps like this one...
"A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the 'Bill Shocker' (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide. Bill Shocker downloads in the background, without arousing the mobile device owner's suspicion. The infection can then take remote control of the device, including the contact list, Internet connections and dialing and texting functions. Once the malware has turned the phone into a "zombie," the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user's bundling quota, which subjects the user to additional charges."

(Related) Some of these depend on users having Smartphones.
FTC’s $50,000 Robocall Challenge nets 744 ideas to shut down robocallers
The Federal Trade Commission today said the submission period for its Robocall Challenge had ended and it got 744 new ideas for ways to shut down the annoying automated callers.


Now there is an eye catching headline! (I can't yet confirm this, but I am dilligently viewing as many porn sites as possible...)
"The popular belief is that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report. It can be more dangerous to click on an online advertisement than an adult content site these days, according to Cisco. For example, users clicking on online ads were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said. The highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco's report (PDF). There is an overwhelming perception that people get compromised for 'going to dumb sites,' Mary Landesman, senior security researcher at Cisco, told SecurityWeek."


I forget. Are we here in Oceania at war with Eastasia or Eurasia?
"Leading privacy expert Caspar Bowden, warned European citizens not to use cloud services hosted in the U.S. over spying fears. Bowden, former privacy adviser to Microsoft Europe, explained at a panel discussion hosted at the recent Computers, Privacy and Data Protection conference in Brussels, that a section in the Foreign Intelligence Surveillance Act Amendments Act 2008 (FISAAA) permits U.S. intelligence agencies to access data owned by non-U.S. citizens on cloud storage hosed by U.S. companies, if their activity is deemed to affect U.S. foreign policy. Bowden claimed the Act allows for purely political spying of activists, protesters and political groups. Bowden also pointed out that amendments to the EU's data protection regulation proposal, introduce specific loopholes that permit FISAAA surveillance. The president of Estonia, Toomas Hendrik Ilves (at a separate panel discussion) commented that, "If it is a US company it's the FBI's jurisdiction and if you are not a US citizen then they come and look at whatever you have if it is stored on a US company server". The European Data Protection Supervisor declined to comment but an insider indicated that the authority is looking into the matter."


Pop quiz material for my students!

No comments: