How much do
you depend on rapid responses to your customers? What if those
responses slowed way, way, way down? Note: One gigabit is 894,784
pages of text so 400 gigabits is 357 million pages – and
that happens every second!
John Glenday reports:
The
largest computer hack ever conducted has reportedly taken place after
servers across Europe were inundated with spam in a concerted effort
to bring them down.
Exploiting
loopholes in the Network Time Protocol, a system used to synchronise
the internet, attackers were able to flood servers with around 400
gigabits of data every second.
Read more on The
Drum.
[From
the article:
A flaw in this system
means that a computer seeking to synchronise itself must make a
request to the NTP which will subsequently reply. The amount of data
fired back is larger than that sent however, amplifying the effects
of any attack.
Hackers are also able
to fool the NTP into returning the data to a different computer.
One security analyst,
Matthew Prince of Cloudfare, described the attack as ‘the
start of ugly things to come’, warning that ‘Someone
has a big new cannon’ to smite networks with.
Will this make South
Korea more secure?
Yonhap News
reports that in addition to some stiff
penalties imposed by its financial regulator on credit card firms
who suffered data leaks, the government continues to look at ways to
strengthen the protection of private data:
In
a report to the parliament, FSC chairman Shin Je-yun said the
regulator plans to suspend the card firms’ operations for three
months, barring them from taking applications for new
plastic cards or selling financial products.
“Top
executives of the credit card firms will face harsher punishment as
well, including dismissals,” Shin told legislators.
Following
the largest-ever data leak, the government has been working to revise
bills on personal information protection. One possible measure is
ordering phone operators to block off lines used in illegal financial
marketing activities and financial frauds, known as “voice
phishing.”
[...]
Also,
the financial regulator is pushing to strengthen monitoring of
staff at financial companies and their contractors involved in
customer data management, and bar financial firms from sharing client
data with their affiliates beyond a set limit.
Read more on Yonhap
News.
So many
“worst practices” in one place, so few people disciplined.
Really poor choice of metaphor. Can you imagine a “perfect storm”
where no one notices that it is raining? Who designed a system where
any individual can bypass all the security? Looks more like there
was never adequate security.
David E. Sanger and
Eric Schmitt report:
The
director of national intelligence acknowledged Tuesday that nearly a
year after the contractor Edward J. Snowden “scraped” highly
classified documents from the National Security Agency’s networks,
the technology was not yet fully in place to prevent
another insider from stealing top-secret data on a similarly large
scale.
The
director, James R. Clapper Jr., testifying before the Senate Armed
Services Committee, said Mr. Snowden had taken advantage of a
“perfect storm” of security lapses. He also suggested that as a
highly trained systems administrator working for Booz Allen Hamilton,
which provides computer services to the agency, Mr. Snowden knew
how to evade the protections in place.
Read more on New
York Times.
Much ado about nothing?
How would we define “Success?” “Gentlemen do not read other
gentlemen's mail?”
FoxNews reports:
Sen.
Rand Paul on Wednesday announced what he described as one of the
largest class-action lawsuits in history, taking President Obama and
top intelligence officials to court over National Security Agency
surveillance.
“This,
we believe, will be a historic lawsuit,” the Kentucky Republican
said. The
suit, joined by conservative advocacy group FreedomWorks, was
filed in U.S. District Court in the District of Columbia.
Read more on FoxNews.
From my perspective,
these “agreements” (contracts) are far more complicated than the
technology they address.
Erin McCann reports:
To
all the developers building applications in the cloud that need to
comply with HIPAA privacy rules: You’ve just gained a big ally.
Internet
behemoth Google recently announced its cloud platform will now be
HIPAA-friendly and will support business associate agreements going
forward.
Read more on Healthcare
IT News.
Another document for my
extensive e-collection.
NIST
Releases Cyber Security Framework for Critical Industries
The
National Institute of Standards and Technology (NIST) issued
today the final version of a set of cybersecurity guidelines
meant to help critical industries better protect themselves.
The
Cybersecurity Framework came out of the executive order issued by
President Barack Obama last year that in part directed NIST to come
up with a set of voluntary cybersecurity standards for critical
infrastructure companies. What NIST has developed however can be
applicable to enterprises of all shapes and sizes.
For
my students
How
To Open Strange File Types In Windows
… Sometimes, both
Windows and the user are clueless as to how
to open a strange file. A Google search or an online tool like
FILExt will quickly
shed light on the kind of file you’re dealing with. But what’s
the best way to open it?
Warning:
Depending on the source, the file you are trying to open could
contain malware! If you have doubts about the origin or content,
check the file using your malware
scanner before you proceed.
No comments:
Post a Comment