What happens
in Vegas gets hacked in Vegas. Sounds big, but might not be very
significant.
Eduard Kovacs reports:
The
hackers that (sic) breached and defaced the websites of several
casinos owned by Las Vegas Sands Corp last week have
published a video to demonstrate that they’ve stolen 828 Gb of
files from the company’s systems.
The
data apparently stolen by the hacktivsts hasn’t been published
online. They’ve only made the video to show that it’s stored on
a local hard drive.
Read more on Softpedia.
[From
the article:
It’s difficult to say if the large amount of files obtained by the
Anti WMD Team contains any customer information, but it’s clear
that the attackers had unrestricted access to at least some of Las
Vegas Sands’ servers.
...and we're
a long way from done.
From the Credit Union
National Association:
Financial
institutions continue to respond to the massive data breach at
Target. According to data collected by the Consumer
Bankers Association (CBA) and the Credit
Union National Association the costs associated with the Target
data breech (sic) exceed $200 million. CBA estimates the cost of
card replacements for its members to have reached $172 million, up
from an initial
finding of $153 million, CUNA has stated the cost to credit
unions has increased to $30.6 million from an original estimate of
$25 million.
So
far, cards replaced by CBA members and credit unions account for more
than half of all affected cards. Between members of the Consumer
Bankers Association (CBA) and the Credit
Union National Association (CUNA), 21.8 million of the 40 million
compromised cards have been replaced.
"Ontogeny
recapitulates phylogeny," at least when it comes to technology.
Each new generation must re-learn how to secure their users (and the
user's data).
Dan Nakaso reports:
App
developers are increasingly targeting the more lucrative iOS market,
where more than 91 percent of the top 100 apps for Apple devices
exposed users to security breaches and other data leaks, according to
a study released Tuesday by San Francisco-based Appthority.
By
comparison, Appthority found that 83 percent of the top 100
Android-based apps exposed their users to leaks of both personal and
company information.
Read more on
SiliconBeat.
(Related) The same
problem when old technology shows up in new places.
Eduard Kovacs reports:
Security
researches from IOActive have identified a number of vulnerabilities
in Belkin WeMo home automation devices that allow people to control
their electronics from their mobile phones. More than half a million
users are said to be impacted.
According
to experts, the vulnerabilities
can be exploited not only to perform malicious firmware updates,
but also to remotely monitor and hijack the devices. Furthermore,
the security holes can be leveraged to gain access to local networks.
Once
they have access to the local network, the attackers can target
laptops, mobile phones and other devices.
[...]
IOActive
says the vulnerabilities have been reported to CERT, which in turn
has notified Belkin. However, the company “was unresponsive.”
Read more on Softpedia.
(Related) An easy way
to find those “things” on the Internet.
Shodan
Adds Visual Search Results With 'Shodan Maps'
Shodan,
the specialized search engine that lets users search for
Internet-connected devices rather than web sites, today launched
Shodan
Maps,
a new feature designed to let users see search results on a map
instead of a regular (text) listing.
Shodan,
which often reveals
basic information about a device,
such as what kind of system it is, version of software it runs, and
other options that are supported, is a powerful tool for enterprise
security
teams, researchers, and even malicous attackers.
Because surveillance is
big business, even surveiling the Internet of Things.
AT&T,
IBM in Big Data Tie-up
AT&T and IBM
announced plans Tuesday to join forces to help cities, utilities and
others use big data analytics to better manage their infrastructure.
The companies said in a
joint statement they will "combine their analytic platforms,
cloud, and security technologies with privacy in mind to gain more
insights on data collected from machines in a variety of industries."
The new project will
focus initially on helping city governments and midsize utilities
analyze vast quantities of data, including from mass transit
vehicles, utility meters, and video cameras.
Log on like a cop and
no one cares?
It has now been about
two years since I filed a complaint with the FTC to alert them to all
the data security breaches involving Experian’s credit report
database.
And while I continue to
wait to see the FTC take action against Experian
over their numerous breaches involving misuse of clients’ login
credentials, Experian has reported yet another breach of the same
type, it seems.
This time it’s
reportedly the Colorado
Bureau of Investigation whose login credentials were
compromised. The fact that the CBI had their login credentials
compromised does not inspire confidence in them, but the fact of the
matter is that it doesn’t seem to matter what clients have their
login credentials compromised. Login credentials of a client seem to
be the keys to the kingdom of Experian’s vast credit report
database.
Did someone leak just
how bad it was in order to make Vice Adm. Michael Rogers'
confirmation hearings more entertaining? (It was his job to clean
this up)
Why admit anything when
you have a handy culprit for everyone to hate?
On
February 4, the Dutch government admitted that it was not NSA that
collected 1,8 million metadata from phone calls of Dutch citizens,
but actually their own military intelligence service MIVD. They
gathered those data from foreign communications and subsequently
shared them with partner agencies like NSA.
Just
like everyone else, the Dutch interior minister was mislead by how
Glenn Greenwald erroneously interpreted the data shown in screenshots
from the NSA tool BOUNDLESSINFORMANT.
This let him misinform the Dutch public and parliament too, and only
after being faced with a lawsuit, he finally disclosed the truth.
Here’s the full story.
Read more on Top
Level Telecommunications. It’s a lengthy piece, and I’m in
no position to verify its accuracy, but it’s certainly interesting
and – if NSA wasn’t responsible for the metatadata collection in
this case – the record needs to be set straight.
Where you are now is
not protected but where you have been is. So don't commit a crime
now, do it yesterday...
Today brings a welcome
ruling in Commonwealth v. Augustine: people may have a
reasonable expectation of privacy in their historical cell location
information data and prosecutors may need a warrant based on
probable cause – and not just a 2703(d) order under ECPA – to
obtain it. The opinion
relies on Art. 14 of the Massachusetts constitution and not the
Fourth Amendment, but hey, I’ll take it.
Orin Kerr writes:
The
Massachusetts Supreme Judicial Court has issued
a new decision interpreting the Massachusetts constitution to
require a search warrant for access to a two-week span of historical
cell-site information. The court divided by a vote of 5-2. Note
that the decision did not interpret the Fourth Amendment of the
federal constitution, but rather interpreted Article 14 of the
Massachusetts Declaration of Rights. This means that the decision is
binding on Massachusetts state law enforcement, but it does not apply
to federal law enforcement (whether in Massachusetts or outside it).
The
decision appears to adopt a
mosaic theory for the state constitution, by which the time of
surveillance determines what is a state-constitution search.
Read more on WaPo
Volokh Conspiracy.
Poor Kim. It looks
like he'll have to come here to insult the MPAA.
NZ
court rules Megaupload warrant legal, dealing blow to Dotcom
A New Zealand court on Wednesday ruled that the search warrant used
in the arrest of Megaupload founder Kim Dotcom on U.S. online piracy
charges was legal, dealing a blow to the internet entrepreneur who is
fighting extradition to the United States.
… The decision will benefit U.S. prosecutors who say the
Megaupload website cost film studios and record companies more than
$500 million and generated more than $175 million in criminal
proceeds by letting users store and share copyrighted material, such
as movies and TV shows.
If Dotcom is extradited, the ensuing copyright case
could set a precedent for internet liability laws and, should he win,
could force entertainment companies to rethink online distribution
methods.
… However, the appeals court upheld an earlier
ruling that prosecutors had not been authorized to send clones of
seized electronic evidence to the United States.
The decision could pose a setback to a separate case in which Dotcom
is seeking damages from the government for its role in the raid on
the German-born, New Zealand resident's home.
At the same time, Dotcom could now find it difficult to challenge
evidence at his extradition hearing set for July. A Supreme Court
decision is pending on whether U.S. prosecutors must disclose
evidence to be used in the hearing.
… Dotcom says
Megaupload, which housed everything from family photos to Hollywood
blockbusters, was merely an online warehouse and should not be held
accountable if stored content was obtained illegally.
The U.S. Justice Department counters that Megaupload encouraged
piracy by paying users who uploaded popular content and by deleting
content that was not regularly downloaded.
A New Zealand government enquiry in 2012 found the nation's secretive
spy agency acted unlawfully by giving information on Dotcom to U.S.
authorities before the 2012 raid.
Eight will
get you 10, there's an App for that. Could this eliminate a bunch of
entry level mob jobs?
Cellphones
may accelerate NJ online gambling
Internet gambling
analysts and casino executives say the increased use of cellphones to
place bets could accelerate the growth of the nascent industry in New
Jersey.
"Mobile
applications will play an enormous piece of the puzzle in online
wagering, which is why we are so positive and see so much upside in
months ahead," said Joe Lupo, senior vice president of the
Borgata Hotel Casino & Spa, which began offering gambling Monday
over Android cellphones on 3G and 4G networks.
No comments:
Post a Comment