A pot that needs no more cracks...
The Chosun
Ilbo reports on a major prosecution in South Korea:
The Seoul Central
Prosecutors’ Office on Sunday charged two South Koreans with
cooperating with North Korean hackers in China to run illegal
websites and steal the personal information of millions of
individuals.
Investigators
discovered the personal data of 140 million South Koreans on their
computers and believe they could have shared the information with
North Korea.
Among the data
some 1000 were found to be obtained from a North Korean agent and a
hacker in 2011.
“The data were
obtained by hacking into the websites of department stores, gas
stations and online shopping malls as well as from illegal dealers,”
a prosecution spokesman said. “If this information was passed on to
North Korea, the North has a significant amount of personal
information about South Korean individuals.”
Read more on Chosun
Ilbo.
For its part, North Korea is having its
own problems with hackers. AsiaOne
reports:
International
hacker activist group Anonymous exposed some 6,000 more alleged
members of the North Korean propaganda website Uriminzokkiri
on Saturday, calling their action a warning against the Kim Jong-un
regime.
An additional 523
e-mail accounts registered with the North Korean website were found
to be those provided by South Korean portal sites, other news reports
said Sunday.
The information
disclosed by the group include the name and ID of the user, as well
as their e-mail addresses, phone numbers and dates of birth.
[...]
According to
Yonhap News, 523 of the 6,216 e-mail accounts used by members of the
website disclosed by Anonymous were those provided by local portal
sites.
On Thursday, the
group made its first announcement that it had obtained information on
about 15,000 members of the website as a result of a hacking attack
carried out by a group of about 30, which included South Koreans, and
released information on 9,001 registered members of the website.
Including those
among the 9,001 e-mail addresses, members of Anonymous revealed on
Thursday a total of 2,393 of the 15,217 people who joined the
Uriminzokkiri website used e-mail accounts provided by South Korean
portal sites.
In addition, 111
e-mail accounts provided by South Korean companies, one Seoul
National University and one each of the Chosun Ilbo and Dong-A Ilbo
accounts were used to join the website.
Read more on AsiaOne.
Big Teacher? How easily self-deception
comes... It should be obvious there are serious flaws if one
over-relies on this data.
RougeFemme writes with this story in
the New York Times about one disconcerting aspect of the ongoing move
to electronic textbooks:
"Teachers
at 9 colleges are testing technology from a Silicon Valley start-up
that lets
them know if you're skipping pages, highlighting text, taking
notes — or, of course, not opening the book at all. '"It's
Big Brother, sort of, but with a good intent,"
said Tracy Hurley, the dean of the school of business" at Texas
A&M.' 'Major publishers in higher education have already been
collecting data from millions of students who use their digital
materials. But CourseSmart goes further by individually packaging
for each professor information on all the students in a class — a
bold effort that is already beginning to affect how teachers present
material and how students respond to it, even as critics question how
well it measures learning.'"
I think they are severely
underestimating the numbers...
April 08, 2013
CRS
- Drones in Domestic Surveillance Operations
Drones
in Domestic Surveillance Operations: Fourth Amendment Implications
and Legislative Responses. Richard M. Thompson II, Legislative
Attorney. April 3, 2013
- "The prospect of drone use inside the United States raises far-reaching issues concerning the extent of government surveillance authority, the value of privacy in the digital age, and the role of Congress in reconciling these issues. Drones, or unmanned aerial vehicles (UAVs), are aircraft that can fly without an onboard human operator. An unmanned aircraft system (UAS) is the entire system, including the aircraft, digital network, and personnel on the ground. Drones can fly either by remote control or on a predetermined flight path; can be as small as an insect and as large as a traditional jet; can be produced more cheaply than traditional aircraft; and can keep operators out of harm’s way. These unmanned aircraft are most commonly known for their operations overseas in tracking down and killing suspected members of Al Qaeda and related organizations. In addition to these missions abroad, drones are being considered for use in domestic surveillance operations to protect the homeland, assist in crime fighting, disaster relief, immigration control, and environmental monitoring. Although relatively few drones are currently flown over U.S. soil, the Federal Aviation Administration (FAA) predicts that 30,000 drones will fill the nation’s skies in less than 20 years."
I know I disagree with my favorite
Ethics Professor, but I would use the data.
Are you free to use data
unintentionally disclosed to you in a data breach? Adam Bennett
reports
that the New Zealand Earthquake Commission (EQC) has gone to court to
block the use of data on 98,000 claims erroneously emailed to someone
last month:
The Earthquake
Commission has taken out a court injunction against the insurance
advocate it accidentally sent thousands of claimants’ records to
last month to block him from using the information.
A commission (EQC)
claims manager caused a massive privacy breach when she last month
accidentally sent Brian Staples of Earthquake Services Ltd a
spreadsheet containing confidential details about 98,000 claims.
Mr
Staples signed a statutory declaration saying he had deleted the
information but later told the EQC he would retrieve the information
to use as he pursued payment from the commission for quake repairs on
behalf of about 10 of his clients.
The EQC responded
by laying a complaint with police.
This afternoon it
said it had been granted an interim injunction from the High Court at
Christchurch “to prevent any further dissemination
[So, no new users, but existing users are Okay? Bob] of
confidential information by two parties from a spreadsheet sent in
error”.
“The injunction
has been served on Earthquake Services director Bryan Staples and the
blogger known as EQC Truths,” EQC chief executive Ian Simpson said
in a statement.
[...]
As someone who has recently criticized
heavy-handed techniques following breaches to hapless recipients,
this case is somewhat different. I wonder whether the data would
have been obtainable under NZ’s freedom of information laws.
But if you’re handed
valuable information that affects your clients, wouldn’t you try to
use it? And should you be able to use it? If it had been
disseminated to the press, wouldn’t they able to publish it,
thereby putting it in the public domain?
Sounds like another case of, “We
don't bother with security until it's too late”
With all the news about #OpIsrael, it
was easy to miss a breach that was reported
today involving Kirkwood Community College in
Iowa.
On March 13, they were hacked, and the
hacker had access to 125,000 records from students who had applied
online for credit courses between February 2005 and March 5, 2013.
The school is not sure whether any data were
downloaded [because they don't log activity on their computers? Bob]
at the time of this publication.
In WCF
Couriers’ coverage of the breach, vice president of student
services Kristie Fisher was quoted:
She said the
college believes that its database was adequately protected, but that
hacking has become too common.
How can you claim your database was
adequately protected when it was just hacked to the tune of 125,000
records?
“Unfortunately,
we think we just found ourselves in the middle of something that’s
happening all over the world,” she said. “In today’s world,
you can’t protect anything 100 percent when it’s online.”
OK, so then knowing that, why did you
need to have records going back to February 2005 connected online?
Are students who signed up in February 2005 at your two-year
community college still signing up for classes 8 years later?
Knowing the risk, did you really
need all that data connected?
Where is the line and when did we cross
it? Does “stingray” always require provider authorization?
Secrets
of FBI Smartphone Surveillance Tool Revealed in Court Fight
A legal fight over the government’s
use of a secret surveillance tool has provided new insight into how
the controversial tool works and the extent to which Verizon Wireless
aided federal agents in using it to track a suspect.
Court documents in a case involving
accused identity thief Daniel David Rigmaiden describe how the
wireless provider reached out remotely to reprogram an air card the
suspect was using in order to make it communicate with the
government’s surveillance tool so that he could be located.
… To make sure the air card
connected to the FBI’s simulator, Rigmaiden says that Verizon
altered his air card’s Preferred Roaming List so that it would
accept the FBI’s stingray as a legitimate cell site and not a rogue
site, and also changed a data table on the air card designating the
priority of cell sites so that the FBI’s fake site was at the top
of the list.
Rigmaiden makes the assertions in a
369-page document he filed in support of a motion to suppress
evidence gathered through the stingray. Rigmaiden collected
information about how the stingray worked from documents obtained
from the government, as well as from records obtained through FOIA
requests filed by civil liberties groups and from open-source
literature.
During a hearing
in a U.S. District Court in Arizona on March 28 to discuss the
motion, the government did not dispute Rigmaiden’s
assertions about Verizon’s activities.
Bold, but is it wise?
Jeff Kosseff writes:
A Michigan
appellate court ruled last week that state discovery rules provide
adequate safeguards for anonymous online speech. The opinion is a
significant deviation from the rulings of other state courts, which
have applied a First Amendment balancing test to determine whether to
grant discovery requests for the identities of anonymous online
speakers.
Read more about the opinion on
Covington Inside
Privacy.
“We'll take what they give us and
make it ours...” New term: apperating
system
Move
Over, Apple and Google: Apperating Systems Are Taking Over Your
Phones
… Facebook Home, in and of itself,
isn’t
that big of a deal. What it represents, however, is huge. We’re
calling
Home an apperating system, one of a new breed of software platforms
that sit between operating systems and apps. Apperating systems are
coming—in a major way.
… More so than Facebook Home, the
Kindle Fire already seems to be pushing the limits of the operating
system/apperating system relationship. The Fire ejects Google’s
digital store, Google’s browser, and Google’s email client from
Google’s own operating system, replacing them with Amazon-native
alternatives. Unlike with Facebook Home, installing core Google
services like the Google Play app store and basic Android apps
involves hacking
the device and voiding your warranty.
Perspective: I see my job to be
ensuring that my Ethical Hackers are never considered “everyday”
"Research suggests there will
be a rise in everyday hackers. A simple Google search for 'SQL
injection hack' provides 1.74 million results, including videos
with explicit instructions on how to exploit SQL injection
vulnerabilities. The
ready availability of this information makes it possible for less
technically skilled hackers to take advantage of this common flaw.
Although SQL injection flaws are easy to identify and fix, Veracode
found that 32 percent of web applications are still affected by SQL
injection vulnerabilities. As a result, as many as 30 percent of
breaches in 2013 will be from SQL injection attacks. The research
also concluded that the leading cause of security breaches and data
loss for organizations is insecure software. The report found that
70 percent of software failed to comply with enterprise security
policies on their first submission for security testing."
No comments:
Post a Comment