Wednesday, July 30, 2014

For the “How to Hack” guidebook my Ethical Hackers are assembling. Along with tips on detection and mitigation...
How do hackers breach institutions like Canada's NRC?
Cyberattacks like the one against the National Research Council of Canada are increasing around the world. But by knowing the steps hackers would use for a sophisticated attack, security experts try to gain the upper hand.
"Sometimes in breaches, companies call it a 'highly sophisticated cyberattack' (as the Government of Canada's chief technology officer said in a statement Tuesday) in order to make it seem like they were beaten by the best," Geoffrey Vaughan, a security consultant with Security Compass, told CTV News Channel.
"In this case, the fact they were able to observe the attack for up to a month in advance probably suggests it was a serious, sophisticated attack."
Vaughan, who is an ethical hacker, told CTVNews.ca the process is complicated, but broke it down into six steps most hackers will use for more sophisticated jobs.

(Related) We collect these in the Appendices.
Boost Your Security Posture through Membership in an Industry Information Sharing and Analysis Center (ISAC)
… On the belief that there is strength in numbers, many organizations are joining an industry-specific Industry Sharing and Analysis Center (ISAC) to confidentially share threat and mitigation information with their peers within their own industry.
According to The National Council of ISACs, “ISACs are trusted entities established by Critical Infrastructure Key Resource (CI/KR) owners and operators to provide comprehensive sector analysis, which is shared within the sector, with other sectors, and with government.


Another report management should read?
Last week the Center for a New American Security (CNAS) released a new report on cybersecurity authored by Richard Danzig titled “Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies.”
… Danzig outlines why and how cyber-vulnerabilities exist in a manner that is approachable for newcomers to the field while offering deep commentary for old hands. Highly recommended for anyone with an interest in cyber policy. The report can be found at the CNAS’s website here, and the video of the panel is embedded below. The executive summary is reproduced below the video.


You don't really invest time and money to make Netflix faster, you just make everyone else slower.
Netflix Signs Streaming Deal With AT&T
Netflix has signed yet another peering deal, this time with AT&T. The deal, which follows on from similar agreements with Comcast and Verizon, means Netflix will receive VIP treatment through the AT&T tubes. This is good news for customers in the short term, but bad news for everyone in the long term… less buffering now means the death of net neutrality later.


The world, she is a-changing!
How the Internet of Things Changes Business Models
As the Internet of Things (IoT) spreads, the implications for business model innovation are huge. Filling out well-known frameworks and streamlining established business models won’t be enough. To take advantage of new, cloud-based opportunities, today’s companies will need to fundamentally rethink their orthodoxies about value creation and value capture.
… But in a connected world, products are no longer one-and-done. Thanks to over-the-air updates, new features and functionality can be pushed to the customer on a regular basis. The ability to track products in use makes it possible to respond to customer behavior. And of course, products can now be connected with other products, leading to new analytics and new services for more effective forecasting, process optimization, and customer service experiences.
… In his classic book Competitive Strategy, Michael Porter describes three generic strategies: differentiation, cost leadership, and focus. For some industries, those basic strategies still hold true today. But in industries that are becoming connected, differentiation, cost, and focus are no longer mutually exclusive; rather, they can be mutually reinforcing in creating and capturing value. If your company is an incumbent firm that built its kingdom through a traditional product-based business model, be concerned as your competition and disruption-minded start-ups take advantage of the IoT.

(Related) Move, but move carefully!
70 Percent of IoT Devices Vulnerable to Cyberattacks: HP
A new study published by HP on Tuesday reveals that 70% of the most popular Internet of Things (IoT) devices contain serious vulnerabilities.
The company used its HP Fortify on Demand application security testing service to check ten of the most commonly used IoT devices and their cloud and mobile application components. The list includes TVs, power outlets, webcams, smart hubs, home thermostats, sprinkler controllers, home alarms, scales, garage door openers, and door locks.
According to HP's report,"Internet of Things Security: State of the Union", a total of 250 security holes have been found in the tested IoT devices — on average, 25 per device. The issues are related to privacy, insufficient authorization, lack of transport encryption, inadequate software protection, and insecure Web interfaces.
For example, the study shows that 80% of the tested devices, including their corresponding cloud and mobile apps, raised privacy concerns regarding the collection of user data such as names, email addresses, physical addresses, date of birth, financial and health information.


Something for those idle law school students? Perhaps in collaboration with my industrious geeks?
This is an exciting RFP:
The Berkeley Center for Law & Technology and Microsoft are issuing this request for proposals (RFP) to fund scholarly inquiry to examine the civil rights, human rights, security and privacy issues that arise from recent initiatives to release large datasets of government information to the public for analysis and reuse. This research may help ground public policy discussions and drive the development of a framework to avoid potential abuses of this data while encouraging greater engagement and innovation.
This RFP seeks to:
  • Gain knowledge of the impact of the online release of large amounts of data generated by citizens’ interactions with government
  • Imagine new possibilities for technical, legal, and regulatory interventions that avoid abuse
  • Begin building a body of research that addresses these issues
Read the details and criteria on Berkeley Law. The proposal application deadline is September 25th.


Microeconomics 101 The elasticity argument is true, but the “alternate goods” argument is better.
Amazon Does E-Book Math For Hachette In Arguing For $9.99 Prices
After months of speculation and squabbling, Amazon.com finally laid out its position in black and white in its dispute with Hachette Book Group. In a post on Tuesday to an Amazon Kindle forum, the Seattle company said that its “key objective” was to lower e-book prices, noting that there would be greater benefits for authors, the publisher, customers and the online retailer if prices were cut by as much as half.
… “For every copy an e-book would sell at $14.99, it would sell 1.74 copies if priced at $9.99,” the company wrote. “So, for example, if customers would buy 100,000 copies of a particular e-book at $14.99, then customers would buy 174,000 copies of that same e-book at $9.99. Total revenue at $14.99 would be $1,499,000. Total revenue at $9.99 is $1,738,000.”
Citing e-books’ high price elasticity, Amazon went on to argue that e-books aren’t simply competing with other books. Rather, they’re competing with other forms of media engagement–from games to movies to online news publications–that take up a potential reader’s time.

(Related) Competing for a large market.
Amazon to invest $2 billion in India, a day after Flipkart's $1 billion funding
A day after Flipkart announced raising $1 billion in funds, e-commerce giant Amazon on Wednesday said that it will invest an additional $2 billion in India to support its growth in the country.
"After our first year in business, the response from customers and small and medium-sized businesses in India has far surpassed our expectations," said Jeff Bezos, founder and CEO of Amazon.com.
"We see huge potential in the Indian economy and for the growth of e-commerce in India.


Another “competition” story. (Is this why Rupert Murdock wanted Time Warner?)
FCC chairman calls out Time Warner over Dodgers TV impasse
The Federal Communications is not happy with Time Warner Cable about the Dodgers TV situation.
In a blistering letter to Time Warner Cable Chief Executive Rob Marcus, FCC Chairman Tom Wheeler criticized the company for its inability to reach agreements with other area pay-TV distributors for SportsNet LA, the new Dodgers-owned channel.
"I am writing to express my strong concern about how your actions appear to have created the inability of consumers in the Los Angeles area to watch televised games of the Los Angeles Dodgers," Wheeler wrote. "The FCC will continue to monitor this dispute closely and will intervene as appropriately necessary to bring relief to consumers."


Somehow I think this is wishful thinking.
As Sanctions Pile Up, Russians’ Alarm Grows Over Putin's Tactics
Russia, facing the toughest round of Western sanctions imposed since the Ukraine crisis erupted, has adopted a nonchalant public stance, with President Vladimir V. Putin emphasizing the importance of self-reliance and a new poll released Tuesday indicating a “What, me worry?” attitude among the bulk of the population.
But beneath that calm facade, there is growing alarm in Russia that the festering turmoil in Ukraine and the new round of far more punitive sanctions — announced Tuesday by both European nations and the United States — will have an impact on Russia’s relations with the West for years to come and damage the economy to the extent that ordinary Russians feel it.


The future belongs to Twits?
Twitter Reveals Its Master Plan For Growing As Big As Facebook
… For months, Twitter has been struggling with the perhaps unreasonable expectation of investors that its growth curve resemble that of Facebook. This is a significant problem, as its acquisition of monthly active users has been slowing down, meaning it could be decades, not years, before it accrues the 1.3 billion Facebook has now.
Costolo’s solution is to tell everyone we’ve been counting wrong. The 271 million MAUs Twitter announced today (itself marking a comfortable jump of 16 million from the previous quarter’s mark) only comprise one segment of Twitter’s audience.


Because no music existed before 1960?
– is your way to be taken back to a previous year and listen to the music for that year. The music comes from YouTube, and covers the period between 1960 till 2013. Just choose your year, and the page will fill up with YouTube videos for the music for you to play.


I find this interesting. Since movie theaters are now digital, you could download and screen any movie at any time. Perhaps libraries will add theater rooms. How expensive could old movies be? Perhaps a student “Movie Club?”
– is a site where you can attend screenings others have created, or by creating and sharing your own screenings. So if you missed the latest blockbuster, only love the classics, need to organise a party or have just made your first feature, this is the place for you. Pick your film. Choose your cinema. Select your date and time. Invite your friends. If enough people book tickets, your screening happens.


High heeled roller skates. (From a discussion with my students.)
Acton RocketSkates

No comments: