Strange. It
“does not” remote monitor, except it does for Target.
Target
HVAC Contractor Says It Was Breached By Hackers
… Ross
Fazio, President and Owner of Fazio Mechanical Services, said in a
statement that it does maintain a data connection with Target that
was used
exclusively for electronic billing, contract submission and project
management.
… Fazio
said his firm does
not
perform remote monitoring of or control of heating, cooling and
refrigeration systems for Target. He also said that Target
is the only customer that it provides such management for on a remote
basis,
and that no other customers have been affected by the breach.
… "The
recent discovery that the credentials stolen in the Target breach
were from an HVAC contractor shows how
much we live in a connected world
and how insider threats are the hardest to detect since outside
attackers look just like employees
when they are on the network,” Eric Chiu, president &
co-founder of HyTrust, told SecurityWeek. “In this new
'Internet-of-Things' world, heating are connected to the same
corporate networks that run other systems such as point-of-sale
applications and customer databases. [They
do not need to be. Only lazy or ignorant IT would do it that way.
Bob]
… “One
thing that isn't known about this attack: were the same credentials
for the HVAC system used on other devices in the network? If so,
that is what I would call a rookie mistake," Melancon said.
… Qualys
researchers Billy Rios and Terry McCorkle say they have found 55,000
HVAC systems connected to the Internet, most with basic security
vulnerabilities that put them at risk and provide links to numerous
other unwitting corporate networks.
Target
previously said that it has taken extra precautions such as limiting
or updating access to some of its platforms while the investigation
continues. [Again illustrating how easy it is to apply the “fix”
that would have prevented the breach, once it is pointed out by the
bad guys. It's anticipating how attacks might come at you that is
hard. Learn from the mistakes of others! That's what Best Practices
are for! Bob]
You need to
know where and how you can attack, with what weapons, and what the
probably effect will be. You do not need to know how to write the
code. Think of it as “Point and click warfare.”
Raytheon
Gets $9.8 Million Under DARPA's 'Plan X' Cyberwarfare Program
Defense
contractor Raytheon announced this week that it has been awarded a
$9.8 million contract by the Defense Advanced Research Projects
Agency (DARPA) as part of its 'Plan
X' program.
Plan
X is a five-year $110 million foundational cyberwarfare program to
develop platforms for the Department of Defense (DoD) to plan for,
conduct and assess cyberwarfare in a manner similar to kinetic
warfare. As a DARPA research program, Plan X has a goal
of creating an advanced map that details the billions of devices
connected to the Internet so that military commanders can
identify, and if necessary, disable targets.
…
Raytheon also
announced on Dec. 16 that its BBN Technologies subsidiary is working
on a program under Plan X designed to help U.S. government agencies
“plan, execute and assess cyber network operations”.
…
"Plan X is an
entirely new approach for planning and executing cyber operations,"
Dr. Jack Marin, vice president for cyber security at Raytheon BBN
said in December. "It is a comprehensive program designed to
provide easy-to-use cyber operations planning tools to users who may
not have a deep background in cyber."
Perspective
And one of those little statistical oddities that catch my attention.
Along with a bunch of
other, more headline-grabbing
numbers,
the Bureau of Labor Statistics reported
this morning that 14.4 million Americans were self-employed in
January. Of those, 9.2 million were unincorporated self-employed
workers and another 5.2 million were incorporated.
That’s interesting,
given that back in January 2000 (which is as far as the BLS tally of
the incorporated self-employed goes), the number of self-employed was
… 14.4 million. Since then there have been some modest ups and
downs, but overall no change.
A very
amusing (to me at least) summary of “education related stuff”
… A
proposal by Tennessee
Governor Bill Haslam would make two years of community college and
technical school in the state tuition-free. [I like
it! Bob]
… Meanwhile
in Kansas, the legislature was looking to block
Google Fiber and stop cities from investing in broadband. ’Til
the Internet caught wind of the plan, that is. [Good
to see that someone is watching the idiots in the legislature. Bob]
… And speaking of
the dismal state of science
education: A
fifth of Americans do not think (or aren’t sure) that the Earth
revolves around the Sun.
… The
NMC Horizon Report for Higher Education is out. On the horizon:
learning analytics
and the flipped
classroom.
No comments:
Post a Comment