For what
it's worth, this is my 2800th Blog post, according to
Google.
Anyone can download
hacking tools and for any reason become a cyber-vigilante!
Individually, that's no big deal. Do something that catches the
attention of many people (worse, organized groups) and this could be
the result.
Jeb Boone reports:
Hackers
around the world are setting their sights on Venezuela’s government
web properties following violent repression against anti-government
protesters and instances of internet censorship.
Already,
hacker groups have defaced, deleted and waged DDoS (distributed
denial of service) attacks on Venezuelan government and military
sites.
Spearheaded
by South American Anons, as the hackers are known, the large-scale
attacks against gov.ve subdomains began after three people were
killed during demonstrations in Caracas last week.
Read more on MinnPost.
Interesting “process.”
One person does the hack, another drains the cash!
Skillful
Hackers Drained ATMs Using Malware-laden USB Drives
PUNTA CANA - KASPERSKY
LAB SECURITY ANALYST SUMMIT - A highly sophisticated gang of
criminals inserted infected USB sticks into ATMs and emptied out all
the cash inside, a security researcher told SecurityWeek.
The gang looted four
ATMs belonging to a single bank using a USB stick containing a DLL
exploit payload, Tillmann Werner, a researcher for CrowdStrike, told
SecurityWeek in an interview. Werner declined to specify the
targeted bank, the brand of the ATM that was compromised, or the
country where the attack occurred. Law enforcement officials have
thus far made only one arrest in this operation--the money mule who
was caught while taking the money out of a compromised ATM.
Considering how much
money is kept inside a single ATM, it's likely the gang has already
stolen millions of dollars, and the gang is still in operation. It
is also possible other banks may be targeted by this attack, Werner
warned.
(Related) Are thumb
drives treated like phones? If one justification is to find evidence
of the crime “for which, the person was arrested” does that
automatically place evidence of any other crime off limits?
Orin Kerr writes:
The
Supreme Court recently
granted cert on two cases about how the Fourth Amendment applies
to the search incident to an arrest of a cell phone found on a person
arrested. In textual terms, when is a search of a cell phone
incident to arrest constitutionally “reasonable”? In this post,
I want to lay out some of the possible Fourth Amendment rules that
the Court might consider to answer that question. I’ll start with
a basic introduction to the rationales of the search incident to
arrest exception. I’ll then offer a few possible rules the Court
might adopt to answer when a cell phone can be searched under the
exception. Next, I’ll turn to possible rules for how broadly a
search should extend under the exception if/when such searches are
allowed. In future posts, I’ll offer some thoughts on how the
Court might choose among the rules.
Read more on WaPo
Volokh Conspiracy.
How much can a breach
cost you?
Jay Weaver of the Miami
Herald has a must-read piece about what Carlos Gomez, a Wachovia
Bank customer, went through after becoming a victim of ID
theft by a bank employee, and how he’s suing Wachovia, which has
since been taken over by Wells Fargo:
Just
before dawn, insistent pounding on the front door jolted the
ex-Marine and young father out of bed. Federal agents poured into
his Kendall home, pushing his wife aside and rushing to his bedroom.
They held guns to his face before slapping him in handcuffs.
“I
kept asking, ‘What is going on?’ ” recalled Gomez, who works as
a driver for UPS. “I was scared for my life.”
Gomez,
busted in a money-laundering scheme, would spend nearly two weeks in
a federal detention center and another seven months under house
arrest.
It
took 222 days before federal prosecutors realized it was all a
terrible mistake: A rogue bank worker had stolen his identity.
Thanks
in part to Gomez’s own sleuthing, prosecutors eventually discovered
he had been wrongfully charged. The Wachovia Bank employee had
stolen $1.1 million from customers, then swiped Gomez’s identity to
create a checking account under the pilfered name to launder portions
of the embezzled proceeds.
Now,
nearly three years after the ordeal, Gomez is suing Wachovia for
“malicious prosecution.”
Read more on Bellingham
Herald.
Picture yourself in his
situation. Your bank doesn’t protect you from an insider breach
and then gives federal investigators false information about you that
gets you charged and detained? And then you have to spend your time
and money trying to clear your name because of their failures.
Wouldn’t you sue them for the misery they put you through? I sure
would.
Gomez’s
civil lawyers, Jermaine Lee and Eric Hernandez, claim in a lawsuit
filed in September in federal court that Wachovia officials were
reckless when they failed to protect Gomez’s “confidential”
account and to provide “accurate” information about him to
federal authorities.
In
a key ruling last month, U.S. District William Dimitrouleas rejected
the bank’s bid to throw out the civil case, saying Gomez had
“sufficiently alleged” that Wachovia violated its “fiduciary
duty” to him by allowing an employee and others “to misuse his
private and confidential information to launder monies.” As a
result, Gomez’s case is headed for mediation and, if still
unresolved, trial.
Good luck, Mr. Gomez.
And if any court should try to dismiss this case for lack of ability
to show harm, then we need a revolution in this country.
What you don't know
about your audience can impact your security.
Millennials have a
reputation for being the most plugged-in generation in the workplace.
Experts have even suggested “reverse mentoring” so that younger
workers can
inculcate their “tech-savvy” habits in older generations.
But a new
survey from Softchoice shows that those may actually be bad
habits when it comes to keeping data secure.
For instance, 28.5% of
twenty-somethings keep their passwords in plain sight, compared with
just 10.8% of Baby Boomers. They’re also significantly more likely
to store work passwords on a shared drive or word document that isn’t
itself password-protected, and more likely than older workers to
forget their passwords.
And it gets worse!
They’re more likely to email work documents to their personal
accounts, move documents via cloud apps that IT doesn’t know they
have, and lose devices that would give whoever found them
unrestricted access to company data. Basically, in
every way that Softchoice measured, the youngest workers were the
most likely to lose data or leave themselves open to hacking.
Somehow I doubt the
average citizen will support the tax increase this would require.
Anthony Cuthbertson
reports:
Germany
and France will carry out talks to discuss a new European
communication network that would avoid emails and online data
passing through the US. [Even if that is
the fastest route? Bob]
German
Chancellor Angela Merkel spoke of the new network in her weekly
podcast, stating her intention to propose it to French President
Francois Hollande when she meets with him on Wednesday.
Read more on
ITProPortal.
Posturing? We'd do the
same thing if we had the resources? A negotiating tactic?
Indonesia
Slams Reported Australian Spying as 'Mind-boggling'
Indonesia Monday
described as "mind-boggling" a report that Australian spies
targeted Jakarta during a trade dispute with Washington, as a new
espionage row erupted during a visit by US Secretary of State John
Kerry.
Ties between Canberra
and Jakarta have sunk to their lowest point for years in recent
months over previous allegations that Australian spies tried to tap
the phones of Indonesian President Susilo Bambang Yudhoyono and his
inner circle.
Jakarta recalled its
ambassador from Canberra and suspended cooperation in several areas,
including on the sensitive area of people-smuggling, following the
allegations.
… "I
find that a bit mind-boggling and a bit difficult how I can connect
or reconcile discussion about shrimps and how it impacts on
Australia's security," Indonesian Foreign Minister Natalegawa
told reporters at a press conference alongside
Kerry.
Do we have an
obligation to protect those to whom we grant asylum from Cyber
attacks?
Associated Press
reports:
An
Ethiopian refugee is urging British authorities to open an
investigation after experts found traces of sophisticated
surveillance software on his computer.
Tadesse
Kersmo accused the Ethiopian government of deploying the software to
spy on his Skype calls with other members of the country’s
opposition, excerpts of which later ended up on the Internet.
Read more on
AP The Big Story.
“I see in your latest
email to your cousin George that you think you have no privacy. How
can we make you feel more secure?”
New Zealand’s new
privacy commissioner gave an interview on his first day in office,
and ONE News covered it:
The
man charged with safeguarding our privacy says public faith in
government agencies needs to be rebuilt.
Privacy
Commissioner John Edwards says he wants to help rebuild public
confidence that personal information is safe.
“There
are rules, and those rules need to be respected,” he said.
Mr
Edwards’s comments come as privacy whistleblower Bronwyn Pullar
calls for more power and resources for the Privacy Commission.
Read/watch more on
TVNZ.
(Related) At least,
we'd like some indication that government agencies are aware of
events taking place around them.
Tim Cushing reports:
The
government’s overclassification
problem has turned its redaction efforts into a farce. When not
deploying questionable
exceptions to avoid returning responsive documents to FOIA
requests, government agencies are cranking out amateurishly
redacted pages that leave info exposed in one response and
covered up in the next. No wonder they fear the“mosaic”
approach to FOIA requests. If they’d just come up with some
meaningful redaction guidelines, they could avoid this. Instead,
things like the following bit of stupidity happen.
Read more on TechDirt.
Something
for the “resource folder?”
Handbook
on European data protection law
by Sabrina
I. Pacifici on February 17, 2014
“This handbook is
designed to familiarise legal practitioners who are not specialised
in the field of data protection with this area of law. It provides
an overview of the EU’s and the CoE’s applicable legal
frameworks. The rapid development of information and communication
technologies underscores the growing need for the robust protection
of personal data – a right safeguarded by both European Union (EU)
and Council of Europe (CoE) instruments. Technological advances
expand the frontiers of, for example, surveillance, communication
interception and data storage; all of these pose significant
challenges to the right to data protection. The Handbook
on European data protection law explains key jurisprudence,
summarising major rulings of both the European Court of Human Rights
(ECtHR) and the Court of Justice of the European Union (CJEU). Where
no such case law exists, it presents practical illustrations with
hypothetical scenarios. In a nutshell, this handbook aims to help
ensure that the right to data protection is upheld with vigour and
determination.”
Another “finding”
that will go nowhere. I really can't understand why China continues
to tolerate, let alone support North Korea. I can't see any
advantage.
North
Korea: UN Commission documents wide-ranging and ongoing crimes
against humanity
by Sabrina
I. Pacifici on February 17, 2014
UN
Commission on Human Rights – “A wide array of crimes against
humanity, arising from “policies established at the highest level
of State,” have been committed and continue to take place in the
Democratic People’s Republic of Korea, according to a UN report
released Monday, which also calls for urgent action by the
international community to address the human rights situation in the
country, including referral to the International Criminal Court. In
a 400-page set of linked reports and supporting documents [Report
of the commission of inquiry on humanrights
in the Democratic People’s Republic of Korea – A/HRC/25/63]
based on first-hand testimony from victims and witnesses, the UN
Commission of Inquiry on human rights in the DPRK has documented in
great detail the “unspeakable atrocities” committed in the
country. “The gravity, scale and nature of these violations reveal
a State that does not have any parallel in the contemporary world,”
the Commission — established by the Human Rights Council in March
2013 — says in a report that is unprecedented in scope. “These
crimes against humanity entail extermination, murder, enslavement,
torture, imprisonment, rape, forced abortions and other sexual
violence, persecution on political, religious, racial and gender
grounds, the forcible transfer of populations, the enforced
disappearance of persons and the inhumane act of knowingly causing
prolonged starvation,” the report says, adding that “Crimes
against humanity are ongoing in the Democratic People’s Republic of
Korea because the policies, institutions and patterns of impunity
that lie at their heart remain in place.” The second more detailed
section of the report cites evidence provided by individual victims
and witnesses, including the harrowing treatment meted out to
political prisoners, some of whom said they would catch snakes and
mice to feed malnourished babies. Others told of watching family
members being murdered in prison camps, and of defenceless inmates
being used for martial arts practice. “The fact that the
Democratic People’s Republic of Korea…has for decades pursued
policies involving crimes that shock the conscience of humanity
raises questions about the inadequacy of the response of the
international community,” the report stated. “The international
community must accept its responsibility to protect the people of the
Democratic People’s Republic of Korea from crimes against humanity,
because the Government of the DPRK has manifestly failed to do so.”
The Commission found that the DPRK “displays many
attributes of a totalitarian State.” [No
kidding? Bob]
For my
fellow geeks. Let's try to get people looking up.
ISS
observation – When can I spot the Space Station?
by Sabrina
I. Pacifici on February 17, 2014
Observation
of the International Space Station – “The International Space
Station can easily be spotted with the naked eye.
Because of its size (110m x 100m x 30m) it reflects very much
sunlight. The best time to observe the ISS is when it is night time
at your location, but the Space Station is sunlit. Such a situation
occurs often in the morning before sunrise or in the evening after
sunset. Visible passes
- You find a list of the next sighting opportunities for your
location below.
The green bars indicate the brightness of the ISS on its pass. The
list contains all visible passes of the ISS during the next ten
days. Please select a pass to get more details.” [Enter your
city location in the search box for accurate tracking of the ISS]
For some of us,
everyday is drink wine day.
February
18, 2014 is Drink Wine Day
How cruel am I? I'm
making my Math students write an essay explaining the formulas in an
elaborate Excel spreadsheet. Perhaps these tools will help.
13
Browser-Based Tools For Writers
(Related)
Something for my students other than a Math essay?
Free
Webinar - Digital Storytelling With Comics
Last month I hosted a
free webinar on digital storytelling with comics. More than 100
people attended the live session. Next week on February 25th at 7pm
I'll be conducting that webinar again. You can register
for the webinar here. If you're interested in this topic but you
cannot make the live session, please register anyway
to have the recording emailed to you. The webinar is
sponsored by Storyboard
That, but will not be limited to only using Storyboard That. You
will also see WeVideo
and Widbook
in use.
The webinar will be
based on my free ebook Digital
Storytelling Projects With Comics.
No comments:
Post a Comment