Thursday, February 13, 2014

How much do you depend on rapid responses to your customers? What if those responses slowed way, way, way down? Note: One gigabit is 894,784 pages of text so 400 gigabits is 357 million pages – and that happens every second!
John Glenday reports:
The largest computer hack ever conducted has reportedly taken place after servers across Europe were inundated with spam in a concerted effort to bring them down.
Exploiting loopholes in the Network Time Protocol, a system used to synchronise the internet, attackers were able to flood servers with around 400 gigabits of data every second.
Read more on The Drum.
[From the article:
A flaw in this system means that a computer seeking to synchronise itself must make a request to the NTP which will subsequently reply. The amount of data fired back is larger than that sent however, amplifying the effects of any attack.
Hackers are also able to fool the NTP into returning the data to a different computer.
One security analyst, Matthew Prince of Cloudfare, described the attack as ‘the start of ugly things to come’, warning that ‘Someone has a big new cannon’ to smite networks with.


Will this make South Korea more secure?
Yonhap News reports that in addition to some stiff penalties imposed by its financial regulator on credit card firms who suffered data leaks, the government continues to look at ways to strengthen the protection of private data:
In a report to the parliament, FSC chairman Shin Je-yun said the regulator plans to suspend the card firms’ operations for three months, barring them from taking applications for new plastic cards or selling financial products.
Top executives of the credit card firms will face harsher punishment as well, including dismissals,” Shin told legislators.
Following the largest-ever data leak, the government has been working to revise bills on personal information protection. One possible measure is ordering phone operators to block off lines used in illegal financial marketing activities and financial frauds, known as “voice phishing.”
[...]
Also, the financial regulator is pushing to strengthen monitoring of staff at financial companies and their contractors involved in customer data management, and bar financial firms from sharing client data with their affiliates beyond a set limit.
Read more on Yonhap News.


So many “worst practices” in one place, so few people disciplined. Really poor choice of metaphor. Can you imagine a “perfect storm” where no one notices that it is raining? Who designed a system where any individual can bypass all the security? Looks more like there was never adequate security.
David E. Sanger and Eric Schmitt report:
The director of national intelligence acknowledged Tuesday that nearly a year after the contractor Edward J. Snowden “scraped” highly classified documents from the National Security Agency’s networks, the technology was not yet fully in place to prevent another insider from stealing top-secret data on a similarly large scale.
The director, James R. Clapper Jr., testifying before the Senate Armed Services Committee, said Mr. Snowden had taken advantage of a “perfect storm” of security lapses. He also suggested that as a highly trained systems administrator working for Booz Allen Hamilton, which provides computer services to the agency, Mr. Snowden knew how to evade the protections in place.
Read more on New York Times.


Much ado about nothing? How would we define “Success?” “Gentlemen do not read other gentlemen's mail?”
FoxNews reports:
Sen. Rand Paul on Wednesday announced what he described as one of the largest class-action lawsuits in history, taking President Obama and top intelligence officials to court over National Security Agency surveillance.
“This, we believe, will be a historic lawsuit,” the Kentucky Republican said. The suit, joined by conservative advocacy group FreedomWorks, was filed in U.S. District Court in the District of Columbia.
Read more on FoxNews.


From my perspective, these “agreements” (contracts) are far more complicated than the technology they address.
Erin McCann reports:
To all the developers building applications in the cloud that need to comply with HIPAA privacy rules: You’ve just gained a big ally.
Internet behemoth Google recently announced its cloud platform will now be HIPAA-friendly and will support business associate agreements going forward.
Read more on Healthcare IT News.


Another document for my extensive e-collection.
NIST Releases Cyber Security Framework for Critical Industries
The National Institute of Standards and Technology (NIST) issued today the final version of a set of cybersecurity guidelines meant to help critical industries better protect themselves.
The Cybersecurity Framework came out of the executive order issued by President Barack Obama last year that in part directed NIST to come up with a set of voluntary cybersecurity standards for critical infrastructure companies. What NIST has developed however can be applicable to enterprises of all shapes and sizes.


For my students
How To Open Strange File Types In Windows
… Sometimes, both Windows and the user are clueless as to how to open a strange file. A Google search or an online tool like FILExt will quickly shed light on the kind of file you’re dealing with. But what’s the best way to open it?
Warning: Depending on the source, the file you are trying to open could contain malware! If you have doubts about the origin or content, check the file using your malware scanner before you proceed.

No comments: