Friday, August 29, 2014


It has been a few years (Okay, decades) since I worked the “Russian Problem” but this seems very familiar. Think of this as a military strategy and ask yourself how significant sanctions can be.
Ukraine: Vladimir Putin's military action reveals a wider plan
Alarm is growing in Kiev and the West over Russia's role in eastern Ukraine. But what is Russian President Vladimir Putin trying to achieve? [Annexation of the Ukraine. Bob]
The indications are clear that Russia is being more confident and less discreet about the presence of its troops and equipment in eastern Ukraine.
As well as sightings of Russian tanks, and reports of Russian paratroopers not only captured by Ukraine but also killed "while carrying out their duties", statements by separatist leaders have changed too.
After months of calling for assistance from Russia, separatist leaders now say that they can "do without outside help".
All this could indicate that Russian planners felt the military situation of Russian-backed separatists was severe enough to need more direct assistance.
Equally, it could be that Russia is simply less concerned at this stage about discretion and deniability.

(Related) Is retaliation for sanctions an act of war? Perhaps JPMorgan should conduct their “routine checks” more frequently?
JPMorgan Hack Said to Span Months Via Multiple Flaws
Hackers burrowed into the databanks of JPMorgan Chase & Co. (JPM) and deftly dodged one of the world’s largest arrays of sophisticated detection systems for months.
The attack, an outline of which was provided by two people familiar with the firm’s investigation, started in June at the digital equivalent of JPMorgan’s front door, an overlooked flaw in one of the bank’s websites. From there, it quickly developed into any security team’s worst nightmare.
The hackers unleashed malicious programs that had been designed specifically to penetrate JPMorgan’s corporate network. Using these sophisticated tools, the intruders reached deep into the bank’s infrastructure, silently siphoning off gigabytes of information, including customer-account data -- uninterrupted until mid-August.
Only then did a JPMorgan team conducting a routine scan trigger an alarm. They discovered a breach, now being traced and evaluated, which investigators believe originated in Russia.
Evidence of advanced planning and the access to elaborate resources, as well as information provided by the FBI, led some members of the bank’s security team to tell outside consultants that they believed the hackers had been aided by the hidden hand of the Russ ian government, possibly as retribution for U.S.- imposed sanctions.


A case study for my Computer Security students.
Report Examines Unanswered Questions Around Target Attack
Cybersecurity startup Aorato has published a report around the data breach suffered in 2013 by Target, which investigates some of the techniques used by the attackers to gain access to the company's networks.
based on publicly available information, Aorato has reviewed the steps taken by the attackers, from the HVAC (heating, ventilation, and air conditioning) contractor breach up to the theft of sensitive information from the retailer's networks.
The report.
… Researchers highlight the fact that in such credit card-oriented attacks, cybercriminals don't invest too much in infrastructure and automation. As in the case of Target, many operations are carried out manually with the aid of various tools; the only automated tasks are performed by the piece of malware used in the attack. In this particular attack, unlike many other APT attacks, the cybercrooks had not created a command and control (C&C) infrastructure, and instead operated everything manually from within the network.


This should be part of your security budget calculation.
2014 Cost of Data Breach: Global Analysis
by Sabrina I. Pacifici on Aug 28, 2014
News release: “Throughout the world, companies are finding that data breaches have become as common as a cold but far more expensive to treat. With the exception of Germany, companies had to spend more on their investigations, notification and response when their sensitive and confidential information was lost or stolen. As revealed in the 2014 Cost of Data Breach Study: Global Analysis, sponsored by IBM, the average cost to a company was $3.5 million in US dollars and 15 percent more than what it cost last year. Will these costs continue to escalate? Are there preventive measures and controls that will make a company more resilient and effective in reducing the costs? Nine years of research about data breaches has made us smarter about solutions. Critical to controlling costs is keeping customers from leaving. The research reveals that reputation and the loss of customer loyalty does the most damage to the bottom line. In the aftermath of a breach, companies find they must spend heavily to regain their brand image and acquire new customers. Our report also shows that certain industries, such as pharmaceutical companies, financial services and healthcare, experience a high customer turnover. In the aftermath of a data breach, these companies need to be especially focused on the concerns of their customers. As a preventive measure, companies should consider having an incident response and crisis management plan in place. Efficient response to the breach and containment of the damage has been shown to reduce the cost of breach significantly. Other measures include having a CISO in charge and involving the company’s business continuity management team in dealing with the breach. In most countries, the primary root cause of the data breach is a malicious insider or criminal attack. It is also the most costly. In this year’s study, we asked companies represented in this research what worries them most about security incidents, what investments they are making in security and the existence of a security strategy.”


As long as your “Thing” only monitors your vitals, you are safe from hackers. If your pacemaker is connected to the Internet, hackers could turn you off.
Doctors and nurses need to take their Internet of Things pills
THE INTERNET OF THINGS (IoT) has the potential to reshape a number of industries, none more so than the healthcare sector.
According to the results of a recent survey we ran, questioning IT professionals on their attitudes to the IoT, healthcare is the biggest potential market for connected devices and technology. Fifty-four percent of readers said that tools like heart-rate monitors were a top benefit of the Internet of Things.
The results show a clear interest among users in how their health, and healthcare in general can be improved by the IoT. This is reflected in recent research, which has indicated that remote patient monitoring is predicted to save an average of $12,000 per patient in the US and significantly reduce hospital-acquired diseases, a figure likely to be achievable in the UK and across Europe too.


Reasonable? Doesn't leave me warm and fuzzy.
The Foreign Intelligence Surveillance Court declassified an opinion today which, although highly redacted, illuminates the way at least one Judge is interpreting his mandate to protect the First Amendment activities of Americans who the FBI seeks to investigate under USA PATRIOT Act Section 215, codified at 50 USC 1861.
Essentially, the question the judge, John D. Bates, confronts is when are international terrorism investigations involving Americans based “solely upon activities protected by the first amendment to the Constitution.” Judge Bates concludes that so long as a international terrorism investigation is premised on some unprotected activity, the FBI can nevertheless investigate law-abiding US persons.


Worthy of a quick read.
From Out-Law.com:
The pace of technological change and rise of social media “may make it inevitable” that UK privacy laws need to be revised and updated, the country’s most senior judge has said.
In a speech at the Hong Kong Foreign Correspondents’ Club (9-page / 157KB PDF), Supreme Court president Lord Neuberger said that “astonishing developments” in technology had created “enormous challenges for people involved in the law and people involved in the media”.
Read more on Out-Law.com.


Is Apple reserving the right to sell your data to their Apps only?
Kevin Rawlinson reports:
Apple has tightened its privacy rules relating to health apps ahead of next month’s product launch, which is expected to see the unveiling of an updated iPhone and could include new wearable technology.
The technology firm has told developers that their apps, which would use Apple’s “HealthKit” platform on the forthcoming products, must not sell any personal data they gather to advertisers. The move could stave off concerns users might have around privacy as Apple seeks to move into the health data business.
Read more on The Guardian.


I suppose this could work with any online document, but flagging changes to policies is a worthwhile start.
– is a free service that allows you to track changes made to online documents that affect your privacy or your personal information, like Privacy Policies, Terms and Conditions or User Agreements. Pick the websites you’re interested in, and the site will notify you when an update has been made and show you exactly what has changed.


Soon, drones will be armed to shoot down competitor's drones. At minimum, they will have cameras for real time updating of Google maps.
Google reveals the drones that will battle Amazon for control of our skies
… The hope is to one day use these drones for delivering goods to our homes. And if this all sounds familiar, it's because Amazon is doing the same with its Prime Air delivery drones, also in the development phase.


Cars can be drones too.
Terence P. Jeffrey reports:
The National Highway Traffic Safety Administration, part of the Department of Transportation, published last week an ” advanced notice of proposed rulemaking on “vehicle-to-vehicle communications.”
What NHTSA is proposing could begin a transformation in the American transportation system that makes our lives better and freer — or gives government more power over where we go and when.
Read more on CNS News.


Apparently this was not elementary.
Judge Posner Solves Sherlock Holmes Copyright Case
by Sabrina I. Pacifici on Aug 28, 2014
Rita Yoon, McDermott Will & Emery: “The original character of the famous detective Sherlock Holmes, along with his sidekick, Dr. John H. Watson, are no longer subject to copyright protection. In an opinion by Judge Richard A. Posner, the U.S. Court of Appeals for the Seventh Circuit held that copyright protection in these century-old literary characters cannot be extended simply by changing their features in later stories. When the original story expires, the characters covered by the expired copyright are “fair game” for follow-on authors. Klinger v. Conan Doyle Estate, Ltd., Case No. 14-1128 (7th Cir., Jun. 16, 2014) (Posner, J.).”


Curious. Does each lawyer add these to their Kindle or does the firm's librarian keep all the copies?
Free Federal Rules books from LII and CALI
by Sabrina I. Pacifici on Aug 28, 2014
Via Sarah Glassmeyer, Center for Computer-Assisted Legal Instruction: “The 2015 versions of the Federal Rules of Evidence, Criminal Procedure and Civil Procedure are now available. These books are powered by the Legal Information Institute at Cornell University Law School and distributed by the Center for Computer-Assisted Legal Instruction’s eLangdell Press. The books come in .epub format, which is compatible with iPads, Nooks, Android devices and basically everything but kindles. These editions of the books include:
  • The complete rules as of December 1, 2014 (for the 2015 edition).
  • All notes of the Advisory Committee following each rule.
  • Internal links to rules referenced within the rules.
  • External links to the LII website’s version of the US Code.
And yes, all totally free. You are more than welcome to download as many copies as you’d like and add to digital collections. Here are the direct links to the books:
While you are at the eLangdell Press bookstore, you may want to take a look at the growing collection of primary law (including the Federal Rules of Bankruptcy Procedure) and Appellate Procedure and legal classics available, as well as our open law school casebooks.”


For the Computer Security lab.
Netflix Releases Internally Developed Security Tools
Netflix has released two applications used by the company's security team to monitor the Web for potential threats.
… Two of the security-related applications used by Netflix's security team are Scumblr and Sketchy, which the company released on Monday as open source.
Scumblr, a Web app developed in Ruby on Rails, enables users to search the Internet for content of interest. Its built-in plugins are designed for searches on seven popular websites, including Google, Facebook and Twitter. However, new plugins can easily be created for manual or automatic searches on other sites, the company said.
… Sketchy … is capable of saving HTML, capturing screenshots and scraping text, all of which can be stored locally or in the cloud (AWS S3 bucket).
Scumblr, Sketchy and Workflowable are available on Netflix's page on GitHub.

(Ditto)
Skyfence Launches Free Cloud App Usage Visibility Tool
Cloud-based applications can be highly useful for an organization, but monitoring them could prove challenging for IT departments. According to Skyfence, enterprise IT teams can use Skyfence Cloud Discovery to monitor Software-as-a-Service (SaaS) applications and services, and determine, based on risk information generated by the tool, which of them could pose a security threat.
Skyfence Cloud Discovery, which is part of the Skyfence Cloud Gateway product suite, can be downloaded for free and used to generate an unlimited number of reports.


Well, I find it amusing.
Pinging The Whole Internet
The image included in the tweet above shows what happens when you ping “all devices on the Internet.” Or at least the devices that answered when a company called Shodan, which bills itself as the “world’s first search engine for internet-connected devices,” attempted the feat.
There are no real surprises in terms of hot-spots but it is, nonetheless, a beautiful visualization of how we are all connected to each other by this series of tubes we call the Internet.


For my students. What can you make better?
The Coolest Cooler breaks Kickstarter records
A beachside drinks and food cooler for the digital generation is now officially the most successful Kickstarter campaign of all time, raising an incredible US$10.36mil (RM32.63mil) in pledges, and the campaign is yet to close.
… What makes the Coolest Cooler so cool? After all, the concept of the cooler predates the refrigerator.
Its creator, Ryan Grepper, will point to the fact that it's a cooler for the 21st century so as well as insulating perishables from the elements, it has an integrated battery-powered blender for smoothies and cocktails, a water-resistant Bluetooth speaker, a built-in chopping board, a USB charger for keeping smartphones powered up and chunky tires for easy rolling over the sand.

No comments: