Your
government in action! “After a typically through review by our
skilled analysts, their managers and our legal department...”
DHS
Mistakenly Releases 840-pages of Critical Infrastructure Documents
Via Mishandled FOIA Request
The
U.S. Department of Homeland Security (DHS) has released hundreds of
documents, some of which contain sensitive information and
potentially vulnerable critical infrastructure points across the
United States, in response to a recent Freedom of Information Act
(FOIA) request about a cyber-security attack.
The
Operation Aurora attack was publicized in 2010 and impacted Google
and a number of other high-profile companies. However, DHS responded
to the request by releasing more than 800 pages of documents related
to the 'Aurora' experiment conducted several years ago at the Idaho
National Laboratory, where researchers demonstrated a way to damage
a generator via a cyber-attack.
The
documents are posted on
MuckRock.com.
The information request was made May 17. On July 3, the agency
replied with the mistaken documents.
Of
the documents released by the DHS, none
were
related
to the Operation Aurora cyber attack as requested.
…
According
to information on the MuckRock site, the person who filed the FOIA
request received a "no-responsive documents" response from
the FBI in reaction to the FOIA request, while the National Security
Agency notified him that his request for information is being
processed.
The
incident the FOIA request was actually about, the Operation Aurora
cyber attack, impacted dozens of organizations, including Juniper
Networks and aerospace and defense company Northrop Grumman, and is
believed by many to have been perpetrated by hackers from China.
What
could possibly go wrong.
Verizon’s
Transparency Report for the First Half of 2014
by
Sabrina I.
Pacifici on Jul 8, 2014
“In
the first half of 2014, Verizon
received approximately 150,000 requests for customer information
from federal, state or local law enforcement in the United States.
We do not release customer information unless authorized by law, such
as a valid law enforcement demand or an appropriate request in an
emergency involving the danger of death or serious physical injury…
Verizon has teams that carefully review each demand we receive. We
do not produce information in response to all demands we receive. In
the first half of this year, we rejected as invalid approximately
three percent of the subpoenas we received and approximately four and
one-half percent of the orders and warrants we received. We might
reject a demand as legally invalid for a number of reasons, including
that a different type of legal process is needed for the type of
information requested. When we reject a demand as invalid, we do not
produce any information… In the first half of 2014, the 72,342
subpoenas we received sought information regarding 132,499
information points, such as a telephone number, used to identify a
customer. These customer identifiers are also referred to as
“selectors.” On average, each subpoena sought information about
1.8 selectors. The number of selectors is usually greater than the
number of customer accounts: if a customer had multiple telephone
numbers, for instance, it’s possible that a subpoena seeking
information about multiple selectors was actually seeking information
about just one customer. We have also determined that during the
first half of the year, approximately 75 percent of the subpoenas we
received sought information on only one selector (and thus only one
customer), and approximately 90 percent sought information regarding
three or fewer selectors (and thus three or fewer customers).”
Not
a bad summary.
The
Intersection of Cloud And Internet of Things And What It Means For
Security
Last
month, Salesforce.com and Philips announced
their plan to build an open cloud-based healthcare platform. In the
initial application, this “platform” will allow healthcare
software developers, producers of medical services, insurance
companies, and healthcare providers to monitor patients with chronic
conditions. Healthcare information utilizing digital patient-sensing
devices (internet of things) send information to the cloud to be
remotely processed and monitored, allowing healthcare providers to
prioritize care.
Another
Thing for the Internet of Things.
All
Hail the Humble Solar-Powered Trash Bin
The
solar-powered trash compactors that have appeared on the streets of
Philadelphia and other cities can go 4 times as long
as old-fashioned wire baskets before needing to be emptied, saving
municipalities millions of dollars, according to CNN. Not only that,
they send alerts when they’re full, making pickup much more
efficient. Philadelphia was able to reduce the size of its
trash-collection crews by 73% as a result.
How
negotiations work in the Internet Age?
Amazon
offers Hachette authors 100% of ebook sales
…
The online retailer and book publisher have been locked in a
negotiating battle over how much of a slice of ebook sales each
should receive. To put pressure on Hachette, Amazon
has started stocking fewer of its books, meaning customers must
wait longer for delivery, and refusing to take pre-orders on new
titles, hurting their chances in sales charts.
Now,
Amazon has sent a letter to Hachette authors, proposing a deal
whereby they would receive 100% of the sales price of their ebooks -
with not a penny going to Amazon or the publisher - until an
agreement is reached.
…
However, the publisher said it would be "suicide" to
accept the deal, and called on Amazon to "withdraw the sanctions
they have unilaterally imposed".
Amazon
replied that was "baloney" pointing out that Hachette is
part of a $10 billion conglomerate.
Clearly
creates the possibility of an “undue reliance” error. (You say
“omnipresent,” I say “ubiquitous” – either way we confuse
my students.
Complex
Operational Decision Making in Networked Systems of Humans and
Machines
by
Sabrina I.
Pacifici on Jul 8, 2014
“Over
the last two decades, computers have become omnipresent
in daily life. Their increased power and accessibility have enabled
the accumulation, organization, and analysis of massive amounts of
data. These data, in turn, have been transformed into practical
knowledge that can be applied to simple and complex decision making
alike. In many of today’s activities, decision
making is no longer an exclusively human endeavor.
In both virtual and real ways, technology has vastly extended
people’s range of movement, speed and access to massive amounts of
data. Consequently, the scope of complex decisions that human beings
are capable of making has greatly expanded. At the same time, some
of these technologies have also complicated the decision making
process. The potential for changes to complex decision making is
particularly significant now, as advances in software, memory storage
and access to large amounts of multimodal data have dramatically
increased. Increasingly, our decision making process integrates
input from human judgment, computing results and assistance, and
networks. Human beings do not have the ability to analyze the vast
quantities of computer-generated or -mediated data that are now
available. How might humans and computers team up to turn data into
reliable (and when necessary, speedy) decisions? Complex
Operational Decision Making in Networked Systems of Humans and
Machines explores the possibilities for better decision making
through collaboration between humans and computers. This study is
situated around the essence of decision making; the vast amounts of
data that have become available as the basis for complex decision
making; and the nature of collaboration that is possible between
humans and machines in the process of making complex decisions.”
A
project for Law School students? Colorado isn't there yet. (and
some of my programmers)
America’s
Laws Are the People’s Public Property
by
Sabrina I.
Pacifici on Jul 8, 2014
The
State
Decoded software provides you with a
people-friendly way to access your local, state, and federal legal
code.
- “Careful organization by article and section makes browsing a breeze.
- A site-wide search allows you to find the laws you’re looking for by topic.
- Scroll-over definitions translate legal jargon into common English.
- Downloadable legal code lets you take the law into your own hands.
- Best of all, everything on the site remains cost-and restriction-free.”
[From
the website:
The
America Decoded network is based on The State Decoded platform. This
software is freely available for developers to use and modify.
https://github.com/statedecoded/statedecoded
You
may want to start with the documentation.
http://documentation.statedecoded.com/
For
my Computer Security students. Also grab the Verification Handbook
at: http://verificationhandbook.com/
Microsoft
Issues New Advice on Defending Against Pass-the-Hash Attacks
Microsoft
on Tuesday released new guidance to help customers defend against
credential theft stemming from Pass-the-Hash (PtH) attacks.
In
a new white paper called Mitigating
Pass-the-Hash and Other Credential Theft, version 2,
Microsoft encourages IT professionals to “assume breach” to
highlight the need for the use of holistic planning strategies and
features in Microsoft Windows to become more resilient against
credential theft attacks.
Microsoft
describes Pass-the-Hash attacks as a technique in which an attacker
captures account logon credentials on one computer and then uses
those captured credentials to authenticate other computers over the
network.
This
latest 60-page
report is a follow-up to a previously released report from
Microsoft on guidance and mitigations for Pass-the-Hash attacks.
For
my Computer Security video library.
A
Real Story About Successful DDoS Mitigation
…
This
short video will help you gain insight into how a cybersecurity
professional like yourself successfully put an end to the damaging
effects of a DDoS attack.
For
my Computer Forensics students.
Amnesty
International launches video tool and website to learn its use
by
Sabrina I.
Pacifici on Jul 8, 2014
Via
Poynter
– The YouTube
Data Viewer enables you to enter in the URL of a YouTube
video and automatically extract the correct upload time and all
thumbnails associated with the video. These two elements are
essential when verifying a YouTube video, and it’s information
that’s difficult to gather from YouTube. The
upload time is critical in helping determine the origin of a video.
Finding the upload time of a YouTube video can be difficult — it’s
not clearly displayed on the video page. The
thumbnails are useful because you can plug them into a reverse image
search tool such as Google
Image
or TinEye
and see where else online these images appear. “Many
videos are scraped, and popular videos are re-uploaded to YouTube
several times on the same day,” said Koettl. “So having the
exact upload time helps to distinguish these videos from the same
day, and a reverse image search is a powerful way to find other/older
versions of the same video. The goal is to offer non-technical
users a tool and guidance to help them verify video, without
requiring an expert such as Koettl. He said now his colleagues “will
be able to do this basic research themselves by using the new tool,
so not everything has to go through me for a basic assessment.”
The same goes for journalists. The YouTube Data Viewer should join
tools such as an EXIF reader, reverse image search, Spokeo, and
Google Maps/Earth as one of the core, free verification tools in the
verification toolkit. (For a list of other tools out there, see this
section of the Handbook.)”
Because
eventually even my students will be interviewing for jobs.
Brooks
Brothers Teaches You How to Tie a Tie - Bow Ties Included
A
couple of days ago I clicked on a Brooks Brothers sales advertisement
while reading an article on Inc.
That advertisement took me to a page featuring neck ties and a set
of videos on how to tie five kinds of neck tie knots. The videos are
hosted
on Vimeo.
Why am I sharing these videos? Whether it's for an interview or a semi-formal affair at some point almost every male student will need to know how to tie a tie. These videos will be helpful when that time arrives in the life of a student.
Why am I sharing these videos? Whether it's for an interview or a semi-formal affair at some point almost every male student will need to know how to tie a tie. These videos will be helpful when that time arrives in the life of a student.
For
my students.
Microsoft
Releases Countless Free eBooks
Microsoft
has released a huge
trove of free eBooks related to its products and services.
Almost 300 free Microsoft eBooks and resources can now be found on
MSDN, with Windows 7, Windows 8, Microsoft Office, SharePoint, and
Azure amongst the products featured.
(Related)
Have I mentioned this one recently?
Publishers
Are Giving Away Bestsellers For Free
…
Publishers and authors discount eBooks for several reasons. For
example, in the case of The Da Vinci Code, Random House wanted to
prime the pump for the new release of Inferno. Publishers and
authors also run free or discounted eBooks to hook readers on a
series, or build a following for a new author.
…
In order to get the word out on these promotions, publishers and
authors feature their deals on sites like BookBub.
BookBub is unique in that it does not list every single free eBook
on the market. Instead, BookBub’s expert editorial team
selectively curates only the best eBooks to be featured in their
email and on their website.
No comments:
Post a Comment